diff --git a/Makefile b/Makefile index 5b42b82245c..fc363fdf198 100644 --- a/Makefile +++ b/Makefile @@ -77,6 +77,7 @@ endef define clean-function if [ -d ./$(1) ]; then \ cd ./$(1) && rm -rf build/ \ + translations/ \ .cache/ \ public/ \ modules/installation/nav-installation-guide.pdf.$(2).adoc \ @@ -88,7 +89,8 @@ define clean-function modules/retail/nav-retail-guide.pdf.$(2).adoc \ modules/architecture/nav-architecture-guide.pdf.$(2).adoc \ modules/quickstart-public-cloud/nav-quickstart-public-cloud-guide.pdf.$(2).adoc \ - modules/large-deployments/nav-large-deployments.pdf.$(2).adoc; \ + modules/large-deployments/nav-large-deployments-guide.pdf.$(2).adoc \ + modules/quickstart-sap/nav-quickstart-sap-guide.pdf.$(2).adoc; \ fi endef @@ -284,11 +286,11 @@ help: ## Prints a basic help menu about available targets .PHONY: pot pot: - $(shell $(current_dir)/make_pot.sh) + $(current_dir)/make_pot.sh .PHONY: translations translations: - $(shell $(current_dir)/use_po.sh) + $(current_dir)/use_po.sh .PHONY: clean clean: clean-en clean-es diff --git a/Makefile.es b/Makefile.es index 32ad9c89d12..753914e5b0f 100644 --- a/Makefile.es +++ b/Makefile.es @@ -28,13 +28,14 @@ pdf-tar-suma-$(LANGCODE_ES): .PHONY: prepare-antora-suma-$(LANGCODE_ES) prepare-antora-suma-$(LANGCODE_ES): -mkdir -p $(LANGDIR_ES) && \ - cp antora.yml $(LANGDIR_ES)/antora.yml && \ + cp -a antora.yml $(LANGDIR_ES)/antora.yml && \ sed "s/\.\/branding/\.\.\/\.\.\/branding/;\ s/\-\ url\:\ \./\-\ url\:\ \.\.\/\.\.\//;\ s/start_path\:\ \./\start_path\:\ translations\/$(LANGCODE_ES)/;\ s/dir:\ \.\/build\/en/dir:\ \.\.\/\.\.\/build\/$(LANGCODE_ES)/;" suma-site.yml > $(LANGDIR_ES)/suma-site.yml && \ cd $(LANGDIR_ES) && \ - if [ ! -e branding ]; then ln -s ../../branding; fi + if [ ! -e branding ]; then ln -s ../../branding; fi && \ + cp -a $(CURDIR)/modules/ROOT/pages/common_gfdl1.2_i.adoc $(CURDIR)/$(LANGDIR_ES)/modules/ROOT/pages/ .PHONY: antora-suma-$(LANGCODE_ES) antora-suma-$(LANGCODE_ES): clean-$(LANGCODE_ES) pdf-all-suma-$(LANGCODE_ES) pdf-tar-suma-$(LANGCODE_ES) @@ -47,7 +48,7 @@ obs-packages-suma-$(LANGCODE_ES): clean-$(LANGCODE_ES) pdf-all-suma-$(LANGCODE_E # Generate PDF versions of all SUMA books .PHONY: pdf-all-suma-$(LANGCODE_ES) -pdf-all-suma-$(LANGCODE_ES): prepare-antora-suma-$(LANGCODE_ES) translations pdf-install-suma-$(LANGCODE_ES) pdf-client-configuration-suma-$(LANGCODE_ES) pdf-upgrade-suma-$(LANGCODE_ES) pdf-reference-suma-$(LANGCODE_ES) pdf-administration-suma-$(LANGCODE_ES) pdf-salt-suma-$(LANGCODE_ES) pdf-retail-suma-$(LANGCODE_ES) pdf-quickstart-public-cloud-suma-$(LANGCODE_ES) pdf-large-deployment-suma-$(LANGCODE_ES) ##pdf-architecture-suma-webui-$(LANGCODE_ES) +pdf-all-suma-$(LANGCODE_ES): translations prepare-antora-suma-$(LANGCODE_ES) pdf-install-suma-$(LANGCODE_ES) pdf-client-configuration-suma-$(LANGCODE_ES) pdf-upgrade-suma-$(LANGCODE_ES) pdf-reference-suma-$(LANGCODE_ES) pdf-administration-suma-$(LANGCODE_ES) pdf-salt-suma-$(LANGCODE_ES) pdf-retail-suma-$(LANGCODE_ES) pdf-quickstart-public-cloud-suma-$(LANGCODE_ES) pdf-large-deployment-suma-$(LANGCODE_ES) ##pdf-architecture-suma-webui-$(LANGCODE_ES) .PHONY: modules/installation/nav-installation-guide.pdf.$(LANGCODE_ES).adoc modules/installation/nav-installation-guide.pdf.$(LANGCODE_ES).adoc: @@ -161,7 +162,8 @@ prepare-antora-uyuni-$(LANGCODE_ES): s/start_path\:\ \./\start_path\:\ translations\/es/;\ s/dir:\ \.\/build\/en/dir:\ \.\.\/\.\.\/build\/es/;" uyuni-site.yml > $(LANGDIR_ES)/uyuni-site.yml && \ cd $(LANGDIR_ES) && \ - if [ ! -e branding ]; then ln -s ../../branding; fi + if [ ! -e branding ]; then ln -s ../../branding; fi && \ + cp -a $(CURDIR)/modules/ROOT/pages/common_gfdl1.2_i.adoc $(CURDIR)/$(LANGDIR_ES)/modules/ROOT/pages/ .PHONY: antora-uyuni-$(LANGCODE_ES) antora-uyuni-$(LANGCODE_ES): clean-$(LANGCODE_ES) pdf-all-uyuni-$(LANGCODE_ES) pdf-tar-uyuni-$(LANGCODE_ES) @@ -173,7 +175,7 @@ obs-packages-uyuni-$(LANGCODE_ES): clean-$(LANGCODE_ES) pdf-all-uyuni-$(LANGCODE # Generate PDF versions of all UYUNI books .PHONY: pdf-all-uyuni-$(LANGCODE_ES) -pdf-all-uyuni-$(LANGCODE_ES): prepare-antora-uyuni-$(LANGCODE_ES) translations pdf-install-uyuni-$(LANGCODE_ES) pdf-client-configuration-uyuni-$(LANGCODE_ES) pdf-upgrade-uyuni-$(LANGCODE_ES) pdf-reference-uyuni-$(LANGCODE_ES) pdf-administration-uyuni-$(LANGCODE_ES) pdf-salt-uyuni-$(LANGCODE_ES) pdf-retail-uyuni-$(LANGCODE_ES) pdf-quickstart-public-cloud-uyuni-$(LANGCODE_ES) pdf-large-deployment-uyuni-$(LANGCODE_ES) ##pdf-architecture-uyuni-webui-$(LANGCODE_ES) +pdf-all-uyuni-$(LANGCODE_ES): translations prepare-antora-uyuni-$(LANGCODE_ES) pdf-install-uyuni-$(LANGCODE_ES) pdf-client-configuration-uyuni-$(LANGCODE_ES) pdf-upgrade-uyuni-$(LANGCODE_ES) pdf-reference-uyuni-$(LANGCODE_ES) pdf-administration-uyuni-$(LANGCODE_ES) pdf-salt-uyuni-$(LANGCODE_ES) pdf-retail-uyuni-$(LANGCODE_ES) pdf-quickstart-public-cloud-uyuni-$(LANGCODE_ES) pdf-large-deployment-uyuni-$(LANGCODE_ES) ##pdf-architecture-uyuni-webui-$(LANGCODE_ES) ## Generate PDF version of the UYUNI Installation Guide .PHONY: pdf-install-uyuni-$(LANGCODE_ES) diff --git a/l10n-weblate/ROOT.cfg b/l10n-weblate/ROOT.cfg new file mode 100644 index 00000000000..7264c3d6be0 --- /dev/null +++ b/l10n-weblate/ROOT.cfg @@ -0,0 +1,14 @@ +[po4a_langs] es zh_CN cs +[po4a_paths] l10n-weblate/ROOT/ROOT.pot $lang:l10n-weblate/ROOT/$lang.po + +[po4a_alias:adoc] adoc opt:"-M UTF-8 -L UTF-8" + +[options] opt:"--porefs=counter" + +[type: asciidoc] modules/ROOT/_attributes.adoc $lang:translations/$lang/modules/ROOT/_attributes.adoc +[type: asciidoc] modules/ROOT/pages/_partials/entities.adoc $lang:translations/$lang/modules/ROOT/pages/_partials/entities.adoc +#[type: asciidoc] modules/ROOT/pages/common_gfdl1.2_i.adoc $lang:translations/$lang/modules/ROOT/pages/common_gfdl1.2_i.adoc +[type: asciidoc] modules/ROOT/pages/index-uyuni.adoc $lang:translations/$lang/modules/ROOT/pages/index-uyuni.adoc +[type: asciidoc] modules/ROOT/pages/index.adoc $lang:translations/$lang/modules/ROOT/pages/index.adoc +[type: asciidoc] modules/ROOT/pages/snippets/add_channels_cli.adoc $lang:translations/$lang/modules/ROOT/pages/snippets/add_channels_cli.adoc +[type: asciidoc] modules/ROOT/nav.adoc $lang:translations/$lang/modules/ROOT/nav.adoc diff --git a/l10n-weblate/ROOT/ROOT.pot b/l10n-weblate/ROOT/ROOT.pot index 5d979dfafc8..ea99400487c 100644 --- a/l10n-weblate/ROOT/ROOT.pot +++ b/l10n-weblate/ROOT/ROOT.pot @@ -7,688 +7,30 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2020-08-23 23:30+0200\n" +"POT-Creation-Date: 2020-09-29 23:48+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" +"Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Title = -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:1 -#, no-wrap -msgid "GNU Free Documentation License" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:6 -msgid "" -"Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc. 51 Franklin " -"St, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is permitted to copy " -"and distribute verbatim copies of this license document, but changing it is " -"not allowed." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:8 -#, no-wrap -msgid "0. PREAMBLE" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:13 -msgid "" -"The purpose of this License is to make a manual, textbook, or other " -"functional and useful document \"free\" in the sense of freedom: to assure " -"everyone the effective freedom to copy and redistribute it, with or without " -"modifying it, either commercially or noncommercially. Secondarily, this " -"License preserves for the author and publisher a way to get credit for their " -"work, while not being considered responsible for modifications made by " -"others." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:16 -msgid "" -"This License is a kind of \"copyleft\", which means that derivative works of " -"the document must themselves be free in the same sense. It complements the " -"GNU General Public License, which is a copyleft license designed for free " -"software." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:20 -msgid "" -"We have designed this License in order to use it for manuals for free " -"software, because free software needs free documentation: a free program " -"should come with manuals providing the same freedoms that the software " -"does. But this License is not limited to software manuals; it can be used " -"for any textual work, regardless of subject matter or whether it is " -"published as a printed book. We recommend this License principally for " -"works whose purpose is instruction or reference." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:22 -#, no-wrap -msgid "1. APPLICABILITY AND DEFINITIONS" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:29 -msgid "" -"This License applies to any manual or other work, in any medium, that " -"contains a notice placed by the copyright holder saying it can be " -"distributed under the terms of this License. Such a notice grants a world-" -"wide, royalty-free license, unlimited in duration, to use that work under " -"the conditions stated herein. The \"Document\", below, refers to any such " -"manual or work. Any member of the public is a licensee, and is addressed as " -"\"you\". You accept the license if you copy, modify or distribute the work " -"in a way requiring permission under copyright law." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:31 -msgid "" -"A \"Modified Version\" of the Document means any work containing the " -"Document or a portion of it, either copied verbatim, or with modifications " -"and/or translated into another language." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:34 -msgid "" -"A \"Secondary Section\" is a named appendix or a front-matter section of the " -"Document that deals exclusively with the relationship of the publishers or " -"authors of the Document to the Document's overall subject (or to related " -"matters) and contains nothing that could fall directly within that overall " -"subject. (Thus, if the Document is in part a textbook of mathematics, a " -"Secondary Section may not explain any mathematics.) The relationship could " -"be a matter of historical connection with the subject or with related " -"matters, or of legal, commercial, philosophical, ethical or political " -"position regarding them." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:39 -msgid "" -"The \"Invariant Sections\" are certain Secondary Sections whose titles are " -"designated, as being those of Invariant Sections, in the notice that says " -"that the Document is released under this License. If a section does not fit " -"the above definition of Secondary then it is not allowed to be designated as " -"Invariant. The Document may contain zero Invariant Sections. If the " -"Document does not identify any Invariant Sections then there are none." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:42 -msgid "" -"The \"Cover Texts\" are certain short passages of text that are listed, as " -"Front-Cover Texts or Back-Cover Texts, in the notice that says that the " -"Document is released under this License. A Front-Cover Text may be at most " -"5 words, and a Back-Cover Text may be at most 25 words." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:47 -msgid "" -"A \"Transparent\" copy of the Document means a machine-readable copy, " -"represented in a format whose specification is available to the general " -"public, that is suitable for revising the document straightforwardly with " -"generic text editors or (for images composed of pixels) generic paint " -"programs or (for drawings) some widely available drawing editor, and that is " -"suitable for input to text formatters or for automatic translation to a " -"variety of formats suitable for input to text formatters. A copy made in an " -"otherwise Transparent file format whose markup, or absence of markup, has " -"been arranged to thwart or discourage subsequent modification by readers is " -"not Transparent. An image format is not Transparent if used for any " -"substantial amount of text. A copy that is not \"Transparent\" is called " -"\"Opaque\"." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:51 -msgid "" -"Examples of suitable formats for Transparent copies include plain ASCII " -"without markup, Texinfo input format, LaTeX input format, SGML or XML using " -"a publicly available DTD, and standard-conforming simple HTML, PostScript or " -"PDF designed for human modification. Examples of transparent image formats " -"include PNG, XCF and JPG. Opaque formats include proprietary formats that " -"can be read and edited only by proprietary word processors, SGML or XML for " -"which the DTD and/or processing tools are not generally available, and the " -"machine-generated HTML, PostScript or PDF produced by some word processors " -"for output purposes only." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:54 -msgid "" -"The \"Title Page\" means, for a printed book, the title page itself, plus " -"such following pages as are needed to hold, legibly, the material this " -"License requires to appear in the title page. For works in formats which do " -"not have any title page as such, \"Title Page\" means the text near the most " -"prominent appearance of the work's title, preceding the beginning of the " -"body of the text." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:57 -msgid "" -"A section \"Entitled XYZ\" means a named subunit of the Document whose title " -"either is precisely XYZ or contains XYZ in parentheses following text that " -"translates XYZ in another language. (Here XYZ stands for a specific section " -"name mentioned below, such as \"Acknowledgements\", \"Dedications\", " -"\"Endorsements\", or \"History\".) To \"Preserve the Title\" of such a " -"section when you modify the Document means that it remains a section " -"\"Entitled XYZ\" according to this definition." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:60 -msgid "" -"The Document may include Warranty Disclaimers next to the notice which " -"states that this License applies to the Document. These Warranty " -"Disclaimers are considered to be included by reference in this License, but " -"only as regards disclaiming warranties: any other implication that these " -"Warranty Disclaimers may have is void and has no effect on the meaning of " -"this License." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:62 -#, no-wrap -msgid "2. VERBATIM COPYING" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:69 -msgid "" -"You may copy and distribute the Document in any medium, either commercially " -"or noncommercially, provided that this License, the copyright notices, and " -"the license notice saying this License applies to the Document are " -"reproduced in all copies, and that you add no other conditions whatsoever to " -"those of this License. You may not use technical measures to obstruct or " -"control the reading or further copying of the copies you make or " -"distribute. However, you may accept compensation in exchange for copies. " -"If you distribute a large enough number of copies you must also follow the " -"conditions in section 3." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:71 -msgid "" -"You may also lend copies, under the same conditions stated above, and you " -"may publicly display copies." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:73 -#, no-wrap -msgid "3. COPYING IN QUANTITY" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:81 -msgid "" -"If you publish printed copies (or copies in media that commonly have printed " -"covers) of the Document, numbering more than 100, and the Document's license " -"notice requires Cover Texts, you must enclose the copies in covers that " -"carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the " -"front cover, and Back-Cover Texts on the back cover. Both covers must also " -"clearly and legibly identify you as the publisher of these copies. The " -"front cover must present the full title with all words of the title equally " -"prominent and visible. You may add other material on the covers in " -"addition. Copying with changes limited to the covers, as long as they " -"preserve the title of the Document and satisfy these conditions, can be " -"treated as verbatim copying in other respects." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:83 -msgid "" -"If the required texts for either cover are too voluminous to fit legibly, " -"you should put the first ones listed (as many as fit reasonably) on the " -"actual cover, and continue the rest onto adjacent pages." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:86 -msgid "" -"If you publish or distribute Opaque copies of the Document numbering more " -"than 100, you must either include a machine-readable Transparent copy along " -"with each Opaque copy, or state in or with each Opaque copy a computer-" -"network location from which the general network-using public has access to " -"download using public-standard network protocols a complete Transparent copy " -"of the Document, free of added material. If you use the latter option, you " -"must take reasonably prudent steps, when you begin distribution of Opaque " -"copies in quantity, to ensure that this Transparent copy will remain thus " -"accessible at the stated location until at least one year after the last " -"time you distribute an Opaque copy (directly or through your agents or " -"retailers) of that edition to the public." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:88 -msgid "" -"It is requested, but not required, that you contact the authors of the " -"Document well before redistributing any large number of copies, to give them " -"a chance to provide you with an updated version of the Document." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:90 -#, no-wrap -msgid "4. MODIFICATIONS" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:95 -msgid "" -"You may copy and distribute a Modified Version of the Document under the " -"conditions of sections 2 and 3 above, provided that you release the Modified " -"Version under precisely this License, with the Modified Version filling the " -"role of the Document, thus licensing distribution and modification of the " -"Modified Version to whoever possesses a copy of it. In addition, you must " -"do these things in the Modified Version:" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:98 -msgid "" -"Use in the Title Page (and on the covers, if any) a title distinct from that " -"of the Document, and from those of previous versions (which should, if there " -"were any, be listed in the History section of the Document). You may use the " -"same title as a previous version if the original publisher of that version " -"gives permission." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:99 -msgid "" -"List on the Title Page, as authors, one or more persons or entities " -"responsible for authorship of the modifications in the Modified Version, " -"together with at least five of the principal authors of the Document (all of " -"its principal authors, if it has fewer than five), unless they release you " -"from this requirement." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:100 -msgid "" -"State on the Title page the name of the publisher of the Modified Version, " -"as the publisher." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:101 -msgid "Preserve all the copyright notices of the Document." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:102 -msgid "" -"Add an appropriate copyright notice for your modifications adjacent to the " -"other copyright notices." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:103 -msgid "" -"Include, immediately after the copyright notices, a license notice giving " -"the public permission to use the Modified Version under the terms of this " -"License, in the form shown in the Addendum below." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:104 -msgid "" -"Preserve in that license notice the full lists of Invariant Sections and " -"required Cover Texts given in the Document's license notice." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:105 -msgid "Include an unaltered copy of this License." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:106 -msgid "" -"Preserve the section Entitled \"History\", Preserve its Title, and add to it " -"an item stating at least the title, year, new authors, and publisher of the " -"Modified Version as given on the Title Page. If there is no section Entitled " -"\"History\" in the Document, create one stating the title, year, authors, " -"and publisher of the Document as given on its Title Page, then add an item " -"describing the Modified Version as stated in the previous sentence." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:107 -msgid "" -"Preserve the network location, if any, given in the Document for public " -"access to a Transparent copy of the Document, and likewise the network " -"locations given in the Document for previous versions it was based on. These " -"may be placed in the \"History\" section. You may omit a network location " -"for a work that was published at least four years before the Document " -"itself, or if the original publisher of the version it refers to gives " -"permission." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:108 -msgid "" -"For any section Entitled \"Acknowledgements\" or \"Dedications\", Preserve " -"the Title of the section, and preserve in the section all the substance and " -"tone of each of the contributor acknowledgements and/or dedications given " -"therein." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:109 -msgid "" -"Preserve all the Invariant Sections of the Document, unaltered in their text " -"and in their titles. Section numbers or the equivalent are not considered " -"part of the section titles." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:110 -msgid "" -"Delete any section Entitled \"Endorsements\". Such a section may not be " -"included in the Modified Version." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:111 -msgid "" -"Do not retitle any existing section to be Entitled \"Endorsements\" or to " -"conflict in title with any Invariant Section." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:112 -msgid "Preserve any Warranty Disclaimers." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:117 -msgid "" -"If the Modified Version includes new front-matter sections or appendices " -"that qualify as Secondary Sections and contain no material copied from the " -"Document, you may at your option designate some or all of these sections as " -"invariant. To do this, add their titles to the list of Invariant Sections " -"in the Modified Version's license notice. These titles must be distinct " -"from any other section titles." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:119 -msgid "" -"You may add a section Entitled \"Endorsements\", provided it contains " -"nothing but endorsements of your Modified Version by various parties--for " -"example, statements of peer review or that the text has been approved by an " -"organization as the authoritative definition of a standard." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:123 -msgid "" -"You may add a passage of up to five words as a Front-Cover Text, and a " -"passage of up to 25 words as a Back-Cover Text, to the end of the list of " -"Cover Texts in the Modified Version. Only one passage of Front-Cover Text " -"and one of Back-Cover Text may be added by (or through arrangements made by) " -"any one entity. If the Document already includes a cover text for the same " -"cover, previously added by you or by arrangement made by the same entity you " -"are acting on behalf of, you may not add another; but you may replace the " -"old one, on explicit permission from the previous publisher that added the " -"old one." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:125 -msgid "" -"The author(s) and publisher(s) of the Document do not by this License give " -"permission to use their names for publicity for or to assert or imply " -"endorsement of any Modified Version." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:127 -#, no-wrap -msgid "5. COMBINING DOCUMENTS" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:131 -msgid "" -"You may combine the Document with other documents released under this " -"License, under the terms defined in section 4 above for modified versions, " -"provided that you include in the combination all of the Invariant Sections " -"of all of the original documents, unmodified, and list them all as Invariant " -"Sections of your combined work in its license notice, and that you preserve " -"all their Warranty Disclaimers." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:135 -msgid "" -"The combined work need only contain one copy of this License, and multiple " -"identical Invariant Sections may be replaced with a single copy. If there " -"are multiple Invariant Sections with the same name but different contents, " -"make the title of each such section unique by adding at the end of it, in " -"parentheses, the name of the original author or publisher of that section if " -"known, or else a unique number. Make the same adjustment to the section " -"titles in the list of Invariant Sections in the license notice of the " -"combined work." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:137 -msgid "" -"In the combination, you must combine any sections Entitled \"History\" in " -"the various original documents, forming one section Entitled \"History\"; " -"likewise combine any sections Entitled \"Acknowledgements\", and any " -"sections Entitled \"Dedications\". You must delete all sections Entitled " -"\"Endorsements\"." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:139 -#, no-wrap -msgid "6. COLLECTIONS OF DOCUMENTS" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:143 -msgid "" -"You may make a collection consisting of the Document and other documents " -"released under this License, and replace the individual copies of this " -"License in the various documents with a single copy that is included in the " -"collection, provided that you follow the rules of this License for verbatim " -"copying of each of the documents in all other respects." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:145 -msgid "" -"You may extract a single document from such a collection, and distribute it " -"individually under this License, provided you insert a copy of this License " -"into the extracted document, and follow this License in all other respects " -"regarding verbatim copying of that document." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:147 -#, no-wrap -msgid "7. AGGREGATION WITH INDEPENDENT WORKS" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:152 -msgid "" -"A compilation of the Document or its derivatives with other separate and " -"independent documents or works, in or on a volume of a storage or " -"distribution medium, is called an \"aggregate\" if the copyright resulting " -"from the compilation is not used to limit the legal rights of the " -"compilation's users beyond what the individual works permit. When the " -"Document is included in an aggregate, this License does not apply to the " -"other works in the aggregate which are not themselves derivative works of " -"the Document." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:155 -msgid "" -"If the Cover Text requirement of section 3 is applicable to these copies of " -"the Document, then if the Document is less than one half of the entire " -"aggregate, the Document's Cover Texts may be placed on covers that bracket " -"the Document within the aggregate, or the electronic equivalent of covers if " -"the Document is in electronic form. Otherwise they must appear on printed " -"covers that bracket the whole aggregate." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:157 -#, no-wrap -msgid "8. TRANSLATION" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:164 -msgid "" -"Translation is considered a kind of modification, so you may distribute " -"translations of the Document under the terms of section 4. Replacing " -"Invariant Sections with translations requires special permission from their " -"copyright holders, but you may include translations of some or all Invariant " -"Sections in addition to the original versions of these Invariant Sections. " -"You may include a translation of this License, and all the license notices " -"in the Document, and any Warranty Disclaimers, provided that you also " -"include the original English version of this License and the original " -"versions of those notices and disclaimers. In case of a disagreement " -"between the translation and the original version of this License or a notice " -"or disclaimer, the original version will prevail." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:166 -msgid "" -"If a section in the Document is Entitled \"Acknowledgements\", \"Dedications" -"\", or \"History\", the requirement (section 4) to Preserve its Title " -"(section 1) will typically require changing the actual title." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:168 -#, no-wrap -msgid "9. TERMINATION" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:174 -msgid "" -"You may not copy, modify, sublicense, or distribute the Document except as " -"expressly provided for under this License. Any other attempt to copy, " -"modify, sublicense or distribute the Document is void, and will " -"automatically terminate your rights under this License. However, parties " -"who have received copies, or rights, from you under this License will not " -"have their licenses terminated so long as such parties remain in full " -"compliance." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:176 -#, no-wrap -msgid "10. FUTURE REVISIONS OF THIS LICENSE" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:182 -msgid "" -"The Free Software Foundation may publish new, revised versions of the GNU " -"Free Documentation License from time to time. Such new versions will be " -"similar in spirit to the present version, but may differ in detail to " -"address new problems or concerns. See http://www.gnu.org/copyleft/." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:186 -msgid "" -"Each version of the License is given a distinguishing version number. If " -"the Document specifies that a particular numbered version of this License " -"\"or any later version\" applies to it, you have the option of following the " -"terms and conditions either of that specified version or of any later " -"version that has been published (not as a draft) by the Free Software " -"Foundation. If the Document does not specify a version number of this " -"License, you may choose any version ever published (not as a draft) by the " -"Free Software Foundation." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:188 -#, no-wrap -msgid "ADDENDUM: How to use this License for your documents" -msgstr "" - -#. type: delimited block - -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:198 -#, no-wrap -msgid "" -"Copyright (c) YEAR YOUR NAME.\n" -" Permission is granted to copy, distribute and/or modify this document\n" -" under the terms of the GNU Free Documentation License, Version 1.2\n" -" or any later version published by the Free Software Foundation;\n" -" with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.\n" -" A copy of the license is included in the section entitled{ldquo}GNU\n" -" Free Documentation License{rdquo}.\n" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:204 -msgid "" -"If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, " -"replace the {ldquo} with...Texts.{rdquo} line with this:" -msgstr "" - -#. type: delimited block - -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:208 -#, no-wrap -msgid "" -"with the Invariant Sections being LIST THEIR TITLES, with the\n" -" Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST.\n" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:212 -msgid "" -"If you have Invariant Sections without Cover Texts, or some other " -"combination of the three, merge those two alternatives to suit the situation." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:213 -msgid "" -"If your document contains nontrivial examples of program code, we recommend " -"releasing these examples in parallel under your choice of free software " -"license, such as the GNU General Public License, to permit their use in free " -"software." -msgstr "" - -#. type: Title = -#: modules/ROOT/pages/index-uyuni.adoc:1 +#: modules/ROOT/pages/index-uyuni.adoc:1 modules/ROOT/pages/index.adoc:1 #, no-wrap msgid "{productname} {productnumber} Documentation" msgstr "" #. type: Title == -#: modules/ROOT/pages/index-uyuni.adoc:4 +#: modules/ROOT/pages/index-uyuni.adoc:2 modules/ROOT/pages/index.adoc:2 #, no-wrap msgid "What is {productname}?" msgstr "" +#. [#salt.gloss] may be used to create a tooltip for a glossary term: see branding/supplemental-ui/suma/sumacom/partials/footer-scripts.hbs #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:9 +#: modules/ROOT/pages/index-uyuni.adoc:3 modules/ROOT/pages/index.adoc:3 msgid "" "{productname} is a solution for organizations that require absolute control " "over maintenance and package deployment on their servers. {productname} " @@ -699,7 +41,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:12 +#: modules/ROOT/pages/index-uyuni.adoc:4 modules/ROOT/pages/index.adoc:4 msgid "" "{productname} uses Salt to provide event-driven configuration and management " "control. The Salt-master orchestrates tens of thousands of Salt clients " @@ -707,22 +49,24 @@ msgid "" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:14 +#: modules/ROOT/pages/index-uyuni.adoc:5 msgid "" "{productname} offers seamless management of {sle}, {opensuse}, {rhel}, " -"{centos}, {oracle}, {debian} and {ubuntu} client systems, no matter if on-" -"premise, on public cloud, private cloud, hybrid cloud or even multi-cloud " +"{centos}, {oracle}, {debian} and {ubuntu} client systems, no matter if " +"on-premise, on public cloud, private cloud, hybrid cloud or even multi-cloud " "environments." msgstr "" #. type: Title == -#: modules/ROOT/pages/index-uyuni.adoc:16 +#: modules/ROOT/pages/index-uyuni.adoc:6 modules/ROOT/pages/index.adoc:12 +#: modules/ROOT/pages/index.adoc:17 #, no-wrap msgid "Available Documentation" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:19 +#: modules/ROOT/pages/index-uyuni.adoc:7 modules/ROOT/pages/index.adoc:13 +#: modules/ROOT/pages/index.adoc:18 msgid "" "The following documentation is available for {productname} version " "{productnumber}." @@ -730,19 +74,29 @@ msgstr "" #. | Architecture | xref:architecture:architecture-intro.adoc[HTML] link:../pdf/uyuni_architecture.pdf[PDF] #. type: Table -#: modules/ROOT/pages/index-uyuni.adoc:45 +#: modules/ROOT/pages/index-uyuni.adoc:8 #, no-wrap msgid "" "| Document | Format | Document | Format\n" "\n" -"| Installation Guide | xref:installation:install-overview.adoc[HTML] link:../pdf/uyuni_installation_guide.pdf[PDF] | Administration Guide | xref:administration:admin-overview.adoc[HTML] link:../pdf/uyuni_administration_guide.pdf[PDF]\n" -"| Client Configuration Guide | xref:client-configuration:client-config-overview.adoc[HTML] link:../pdf/uyuni_client-configuration_guide.pdf[PDF] | Salt Guide | xref:salt:salt-overview.adoc[HTML] link:../pdf/uyuni_salt_guide.pdf[PDF]\n" -"| Upgrade Guide | xref:upgrade:upgrade-overview.adoc[HTML] link:../pdf/uyuni_upgrade_guide.pdf[PDF] | Retail Guide | xref:retail:retail-overview.adoc[HTML] link:../pdf/uyuni_retail_guide.pdf[PDF]\n" -"| Reference Guide | xref:reference:reference-overview.adoc[HTML] link:../pdf/uyuni_reference_guide.pdf[PDF] | |\n" +"| Installation Guide | xref:installation:install-overview.adoc[HTML] " +"link:../pdf/uyuni_installation_guide.pdf[PDF] | Administration Guide | " +"xref:administration:admin-overview.adoc[HTML] " +"link:../pdf/uyuni_administration_guide.pdf[PDF]\n" +"| Client Configuration Guide | " +"xref:client-configuration:client-config-overview.adoc[HTML] " +"link:../pdf/uyuni_client-configuration_guide.pdf[PDF] | Salt Guide | " +"xref:salt:salt-overview.adoc[HTML] link:../pdf/uyuni_salt_guide.pdf[PDF]\n" +"| Upgrade Guide | xref:upgrade:upgrade-overview.adoc[HTML] " +"link:../pdf/uyuni_upgrade_guide.pdf[PDF] | Retail Guide | " +"xref:retail:retail-overview.adoc[HTML] " +"link:../pdf/uyuni_retail_guide.pdf[PDF]\n" +"| Reference Guide | xref:reference:reference-overview.adoc[HTML] " +"link:../pdf/uyuni_reference_guide.pdf[PDF] | |\n" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index.adoc:16 +#: modules/ROOT/pages/index.adoc:5 msgid "" "{productname} offers seamless management of {sle}, {opensuse}, {rhel}, " "{centos}, {oracle} and {ubuntu} client systems, no matter if on-premise, on " @@ -750,13 +104,13 @@ msgid "" msgstr "" #. type: Block title -#: modules/ROOT/pages/index.adoc:19 +#: modules/ROOT/pages/index.adoc:6 #, no-wrap msgid "Accessibility" msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:26 +#: modules/ROOT/pages/index.adoc:7 msgid "" "If you cannot use the {productname} {webui}, almost all functionality (with " "the exception of virtualization tasks) is available from the command " @@ -768,98 +122,174 @@ msgid "" msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:28 +#: modules/ROOT/pages/index.adoc:8 msgid "" -"For more information about [command]``spacecmd``, see xref:reference:" -"spacecmd-intro.adoc[]." +"For more information about [command]``spacecmd``, see " +"xref:reference:spacecmd-intro.adoc[]." msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:29 +#: modules/ROOT/pages/index.adoc:9 msgid "" -"For more information about other command line tools, see xref:reference:" -"command-line-tools.adoc[]." +"For more information about other command line tools, see " +"xref:reference:command-line-tools.adoc[]." msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:30 +#: modules/ROOT/pages/index.adoc:10 msgid "" -"For more information about the API, see https://documentation.suse.com/" -"external-tree/en-us/suma/4.1/pdf/susemanager_api_doc_color_en.pdf." +"For more information about the API, see " +"https://documentation.suse.com/external-tree/en-us/suma/4.1/pdf/susemanager_api_doc_color_en.pdf." msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:31 +#: modules/ROOT/pages/index.adoc:11 msgid "" "For the latest information about all command line tools, see the release " "notes available from https://www.suse.com/releasenotes/." msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:45 +#: modules/ROOT/pages/index.adoc:14 msgid "" "{productname} documentation is available in several locations and formats. " -"For the most up-to-date version of this documentation, see https://" -"documentation.suse.com/suma/." +"For the most up-to-date version of this documentation, see " +"https://documentation.suse.com/suma/." msgstr "" #. type: Plain text -#: modules/ROOT/pages/index.adoc:48 +#: modules/ROOT/pages/index.adoc:15 msgid "" -"Download All PDFs icon:caret-right[] icon:file-archive[link=\"../susemanager-" -"docs_en-pdf.tar.gz\"]" +"Download All PDFs icon:caret-right[] " +"icon:file-archive[link=\"../susemanager-docs_en-pdf.tar.gz\"]" msgstr "" #. | Architecture | xref:architecture:architecture-intro.adoc[HTML] link:../pdf/suse_manager_architecture.pdf[PDF] #. type: Table -#: modules/ROOT/pages/index.adoc:66 +#: modules/ROOT/pages/index.adoc:16 #, no-wrap msgid "" "| View HTML | View PDF | View HTML | View PDF\n" "\n" -"| xref:installation:install-overview.adoc[Installation Guide] | icon:file-pdf[link=\"../pdf/suse_manager_installation_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:client-configuration:client-config-overview.adoc[Client Configuration Guide] | icon:file-pdf[link=\"../pdf/suse_manager_client-configuration_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:upgrade:upgrade-overview.adoc[Upgrade Guide] | icon:file-pdf[link=\"../pdf/suse_manager_upgrade_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:reference:reference-overview.adoc[Reference Guide] | icon:file-pdf[link=\"../pdf/suse_manager_reference_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:administration:admin-overview.adoc[Administration Guide] | icon:file-pdf[link=\"../pdf/suse_manager_administration_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:salt:salt-overview.adoc[Salt Guide] | icon:file-pdf[link=\"../pdf/suse_manager_salt_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:retail:retail-overview.adoc[Retail Guide] | icon:file-pdf[link=\"../pdf/suse_manager_retail_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:quickstart-public-cloud:qs-publiccloud-overview.adoc[Quick Start Guide - Public Cloud] | icon:file-pdf[link=\"../pdf/suse_manager_quickstart-public-cloud_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:large-deployments:large-deployments-overview.adoc[Large Deployments Guide] | icon:file-pdf[link=\"../pdf/suse_manager_large-deployments_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:installation:install-overview.adoc[Installation Guide] | " +"icon:file-pdf[link=\"../pdf/suse_manager_installation_guide.pdf\", " +"window=\"_blank\" role=\"green\"]\n" +"| xref:client-configuration:client-config-overview.adoc[Client Configuration " +"Guide] | " +"icon:file-pdf[link=\"../pdf/suse_manager_client-configuration_guide.pdf\", " +"window=\"_blank\" role=\"green\"]\n" +"| xref:upgrade:upgrade-overview.adoc[Upgrade Guide] | " +"icon:file-pdf[link=\"../pdf/suse_manager_upgrade_guide.pdf\", " +"window=\"_blank\" role=\"green\"]\n" +"| xref:reference:reference-overview.adoc[Reference Guide] | " +"icon:file-pdf[link=\"../pdf/suse_manager_reference_guide.pdf\", " +"window=\"_blank\" role=\"green\"]\n" +"| xref:administration:admin-overview.adoc[Administration Guide] | " +"icon:file-pdf[link=\"../pdf/suse_manager_administration_guide.pdf\", " +"window=\"_blank\" role=\"green\"]\n" +"| xref:salt:salt-overview.adoc[Salt Guide] | " +"icon:file-pdf[link=\"../pdf/suse_manager_salt_guide.pdf\", window=\"_blank\" " +"role=\"green\"]\n" +"| xref:retail:retail-overview.adoc[Retail Guide] | " +"icon:file-pdf[link=\"../pdf/suse_manager_retail_guide.pdf\", " +"window=\"_blank\" role=\"green\"]\n" +"| xref:quickstart-public-cloud:qs-publiccloud-overview.adoc[Quick Start " +"Guide - Public Cloud] | " +"icon:file-pdf[link=\"../pdf/suse_manager_quickstart-public-cloud_guide.pdf\", " +"window=\"_blank\" role=\"green\"]\n" +"| xref:large-deployments:large-deployments-overview.adoc[Large Deployments " +"Guide] | " +"icon:file-pdf[link=\"../pdf/suse_manager_large-deployments_guide.pdf\", " +"window=\"_blank\" role=\"green\"]\n" "| |\n" "\n" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index.adoc:77 +#: modules/ROOT/pages/index.adoc:19 msgid "" -"Download All PDFs icon:caret-right[] icon:file-archive[link=\"../uyuni-" -"docs_en-pdf.tar.gz\"]" +"Download All PDFs icon:caret-right[] " +"icon:file-archive[link=\"../uyuni-docs_en-pdf.tar.gz\"]" msgstr "" #. | Architecture | xref:architecture:architecture-intro.adoc[HTML] link:../pdf/suse_manager_architecture.pdf[PDF] #. type: Table -#: modules/ROOT/pages/index.adoc:95 +#: modules/ROOT/pages/index.adoc:20 #, no-wrap msgid "" "| View HTML | View PDF | View HTML | View PDF\n" "\n" -"| xref:installation:install-overview.adoc[Installation Guide] | icon:file-pdf[link=\"../pdf/uyuni_installation_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:client-configuration:client-config-overview.adoc[Client Configuration Guide] | icon:file-pdf[link=\"../pdf/uyuni_client-configuration_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:upgrade:upgrade-overview.adoc[Upgrade Guide] | icon:file-pdf[link=\"../pdf/uyuni_upgrade_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:reference:reference-overview.adoc[Reference Guide] | icon:file-pdf[link=\"../pdf/uyuni_reference_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:administration:admin-overview.adoc[Administration Guide] | icon:file-pdf[link=\"../pdf/uyuni_administration_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:salt:salt-overview.adoc[Salt Guide] | icon:file-pdf[link=\"../pdf/uyuni_salt_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:retail:retail-overview.adoc[Retail Guide] | icon:file-pdf[link=\"../pdf/uyuni_retail_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:quickstart-public-cloud:qs-publiccloud-overview.adoc[Quick Start Guide - Public Cloud] | icon:file-pdf[link=\"../pdf/uyuni_quickstart-public-cloud_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:large-deployments:large-deployments-overview.adoc[Large Deployments Guide] | icon:file-pdf[link=\"../pdf/uyuni_large-deployments_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:installation:install-overview.adoc[Installation Guide] " +"| icon:file-pdf[link=\"../pdf/uyuni_installation_guide.pdf\", " +"window=\"_blank\" role=\"green\"]\n" +"| xref:client-configuration:client-config-overview.adoc[Client Configuration " +"Guide] | icon:file-pdf[link=\"../pdf/uyuni_client-configuration_guide.pdf\", " +"window=\"_blank\" role=\"green\"]\n" +"| xref:upgrade:upgrade-overview.adoc[Upgrade Guide] " +"| icon:file-pdf[link=\"../pdf/uyuni_upgrade_guide.pdf\", window=\"_blank\" " +"role=\"green\"]\n" +"| xref:reference:reference-overview.adoc[Reference Guide] " +"| icon:file-pdf[link=\"../pdf/uyuni_reference_guide.pdf\", window=\"_blank\" " +"role=\"green\"]\n" +"| xref:administration:admin-overview.adoc[Administration Guide] " +"| icon:file-pdf[link=\"../pdf/uyuni_administration_guide.pdf\", " +"window=\"_blank\" role=\"green\"]\n" +"| xref:salt:salt-overview.adoc[Salt Guide] " +"| icon:file-pdf[link=\"../pdf/uyuni_salt_guide.pdf\", window=\"_blank\" " +"role=\"green\"]\n" +"| xref:retail:retail-overview.adoc[Retail Guide] " +"| icon:file-pdf[link=\"../pdf/uyuni_retail_guide.pdf\", window=\"_blank\" " +"role=\"green\"]\n" +"| xref:quickstart-public-cloud:qs-publiccloud-overview.adoc[Quick Start " +"Guide - Public Cloud] | " +"icon:file-pdf[link=\"../pdf/uyuni_quickstart-public-cloud_guide.pdf\", " +"window=\"_blank\" role=\"green\"]\n" +"| xref:large-deployments:large-deployments-overview.adoc[Large Deployments " +"Guide] | icon:file-pdf[link=\"../pdf/uyuni_large-deployments_guide.pdf\", " +"window=\"_blank\" role=\"green\"]\n" "| |\n" "\n" msgstr "" +#. type: Block title +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:1 +#, no-wrap +msgid "Procedure: Adding Software Channels at the Command Prompt" +msgstr "" + +#. type: Plain text +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:2 +msgid "" +"At the command prompt on the {productname} Server, as root, use the " +"[command]``spacewalk-common-channels`` command to add the appropriate " +"channels:" +msgstr "" + +#. type: delimited block - +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:3 +#, no-wrap +msgid "" +"spacewalk-common-channels \\\n" +" \\\n" +" \\\n" +" \\\n" +"... \n" +msgstr "" + +#. type: Plain text +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:4 +msgid "Synchronize the channels:" +msgstr "" + +#. type: delimited block - +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:5 +#, no-wrap +msgid "mgr-sync refresh --refresh-channels\n" +msgstr "" + #. * xref:index-webui-branding-2019.adoc[What is SUSE Manager?] #. * xref:release-notes-version-4.0.adoc[Doc Release Notes] #. type: Plain text -#: modules/ROOT/nav.adoc:3 +#: modules/ROOT/nav.adoc:1 msgid "xref:common_gfdl1.2_i.adoc[License]" msgstr "" diff --git a/l10n/po/es/ROOT/assets/images/test.png b/l10n-weblate/ROOT/assets-cs/images/test.png similarity index 100% rename from l10n/po/es/ROOT/assets/images/test.png rename to l10n-weblate/ROOT/assets-cs/images/test.png diff --git a/l10n/po/es/architecture/assets/images/test.png b/l10n-weblate/ROOT/assets-es/images/test.png similarity index 100% rename from l10n/po/es/architecture/assets/images/test.png rename to l10n-weblate/ROOT/assets-es/images/test.png diff --git a/l10n/po/es/installation/assets/images/test.png b/l10n-weblate/ROOT/assets-zh_CN/images/test.png similarity index 100% rename from l10n/po/es/installation/assets/images/test.png rename to l10n-weblate/ROOT/assets-zh_CN/images/test.png diff --git a/l10n-weblate/ROOT/cs.po b/l10n-weblate/ROOT/cs.po index d5e7b1e9fc0..bb967cb15c9 100644 --- a/l10n-weblate/ROOT/cs.po +++ b/l10n-weblate/ROOT/cs.po @@ -6,11 +6,11 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2020-08-23 23:30+0200\n" +"POT-Creation-Date: 2020-09-29 23:48+0200\n" "PO-Revision-Date: 2020-09-30 08:48+0000\n" "Last-Translator: Aleš Kastner \n" -"Language-Team: Czech \n" +"Language-Team: Czech \n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -19,806 +19,20 @@ msgstr "" "X-Generator: Weblate 3.6.1\n" #. type: Title = -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:1 -#, no-wrap -msgid "GNU Free Documentation License" -msgstr "GNU bezplatná dokumentační licence" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:6 -msgid "" -"Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc. 51 Franklin " -"St, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is permitted to copy " -"and distribute verbatim copies of this license document, but changing it is " -"not allowed." -msgstr "" -"Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc. 51 Franklin " -"St, Fifth Floor, Boston, MA 02110-1301 USA. Každý má právo kopírovat a " -"distribuovat doslovné kopie tohoto licenčního dokumentu, ale jeho změna není " -"povolena." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:8 -#, no-wrap -msgid "0. PREAMBLE" -msgstr "0. PREAMBULE" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:13 -msgid "" -"The purpose of this License is to make a manual, textbook, or other " -"functional and useful document \"free\" in the sense of freedom: to assure " -"everyone the effective freedom to copy and redistribute it, with or without " -"modifying it, either commercially or noncommercially. Secondarily, this " -"License preserves for the author and publisher a way to get credit for their " -"work, while not being considered responsible for modifications made by " -"others." -msgstr "" -"Účelem této licence je učinit z manuálu, učebnice nebo jiného funkčního a " -"užitečného dokumentu \"bezplatný\" ve smyslu svobody: zajistit každému " -"skutečnou svobodu jeho kopírování a opětovného šíření, ať už s jeho komerční " -"úpravou nebo nekomerčně či bez jakýchkoli úprav. Tato licence sekundárně " -"zachovává pro autora a vydavatele způsob, jak získat uznání za jejich práci, " -"aniž odpovídají za úpravy provedené jinými." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:16 -msgid "" -"This License is a kind of \"copyleft\", which means that derivative works of " -"the document must themselves be free in the same sense. It complements the " -"GNU General Public License, which is a copyleft license designed for free " -"software." -msgstr "" -"Tato licence je jakýmsi \"copyleftem\", což znamená, že odvozená díla " -"dokumentu musí samy být bezplatné ve stejném smyslu. Doplňuje GNU General " -"Public License, což je \"copyleftová\" licence určená pro svobodný software." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:20 -msgid "" -"We have designed this License in order to use it for manuals for free " -"software, because free software needs free documentation: a free program " -"should come with manuals providing the same freedoms that the software " -"does. But this License is not limited to software manuals; it can be used " -"for any textual work, regardless of subject matter or whether it is " -"published as a printed book. We recommend this License principally for " -"works whose purpose is instruction or reference." -msgstr "" -"Tuto licenci jsme navrhli, abychom ji mohli používat pro manuály svobodného " -"softwaru, protože svobodný software vyžaduje bezplatnou dokumentaci: " -"bezplatný program by měl být dodáván s manuály poskytujícími stejnou svobodu " -"jako software. Tato licence se však neomezuje pouze na softwarové příručky; " -"lze ji použít pro jakoukoli textovou práci, bez ohledu na téma, nebo zda je " -"vydána jako tištěná kniha. Tuto licenci doporučujeme hlavně pro díla, " -"jejichž účelem je poučení nebo na něž se odkazuje." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:22 -#, no-wrap -msgid "1. APPLICABILITY AND DEFINITIONS" -msgstr "1. POUŽITELNOST A DEFINICE" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:29 -msgid "" -"This License applies to any manual or other work, in any medium, that " -"contains a notice placed by the copyright holder saying it can be " -"distributed under the terms of this License. Such a notice grants a world-" -"wide, royalty-free license, unlimited in duration, to use that work under " -"the conditions stated herein. The \"Document\", below, refers to any such " -"manual or work. Any member of the public is a licensee, and is addressed as " -"\"you\". You accept the license if you copy, modify or distribute the work " -"in a way requiring permission under copyright law." -msgstr "" -"Tato licence se vztahuje na jakoukoli příručku nebo jiné dílo na jakémkoli " -"médiu, které obsahuje upozornění umístěné držitelem autorských práv, které " -"říká, že může být šířeno za podmínek této licence. Takové oznámení uděluje " -"celosvětovou bezplatnou licenci s neomezenou dobou platnosti k použití " -"tohoto díla za podmínek zde uvedených. Níže uvedený „dokument“ odkazuje na " -"jakoukoli takovou příručku nebo dílo. Kdokoli z veřejnosti je držitelem " -"licence a je oslovován jako „vy“. Licenci přijímáte, pokud kopírujete, " -"upravujete nebo distribuujete dílo způsobem vyžadujícím povolení podle " -"autorského zákona." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:31 -msgid "" -"A \"Modified Version\" of the Document means any work containing the " -"Document or a portion of it, either copied verbatim, or with modifications " -"and/or translated into another language." -msgstr "" -"„Upravenou verzí“ dokumentu se rozumí jakékoli dílo obsahující dokument nebo " -"jeho část, doslovně zkopírované nebo s úpravami a/nebo přeložené do jiného " -"jazyka." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:34 -msgid "" -"A \"Secondary Section\" is a named appendix or a front-matter section of the " -"Document that deals exclusively with the relationship of the publishers or " -"authors of the Document to the Document's overall subject (or to related " -"matters) and contains nothing that could fall directly within that overall " -"subject. (Thus, if the Document is in part a textbook of mathematics, a " -"Secondary Section may not explain any mathematics.) The relationship could " -"be a matter of historical connection with the subject or with related " -"matters, or of legal, commercial, philosophical, ethical or political " -"position regarding them." -msgstr "" -"„Sekundární část“ je pojmenovaná příloha nebo přední část dokumentu, která " -"se zabývá výlučně vztahem vydavatelů nebo autorů dokumentu k celkovému " -"předmětu dokumentu (nebo k souvisejícím záležitostem) a neobsahuje nic, co " -"by mohlo přímo spadat v rámci tohoto celkového předmětu. (Pokud je tedy " -"dokument částečně učebnicí matematiky, nemusí sekundární sekce vysvětlovat " -"žádnou matematiku.) Vztah by mohl být záležitostí historického spojení s " -"tématem nebo souvisejících záležitostí, nebo právních, obchodních, " -"filozofických, etických nebo politické postavení, které se jich týká." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:39 -msgid "" -"The \"Invariant Sections\" are certain Secondary Sections whose titles are " -"designated, as being those of Invariant Sections, in the notice that says " -"that the Document is released under this License. If a section does not fit " -"the above definition of Secondary then it is not allowed to be designated as " -"Invariant. The Document may contain zero Invariant Sections. If the " -"Document does not identify any Invariant Sections then there are none." -msgstr "" -"„Invariantní sekce“ jsou určité Sekundární sekce, jejichž názvy jsou " -"označeny jako tituly Invariantních sekcí v oznámení, které uvádí, že " -"dokument je vydán na základě této licence. Pokud sekce neodpovídá výše " -"uvedené definici Sekundární, není možné ji označit jako Invariantní. " -"Dokument může obsahovat nulové neměnné sekce. Pokud dokument neidentifikuje " -"žádné neměnné sekce, pak žádné neexistují." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:42 -msgid "" -"The \"Cover Texts\" are certain short passages of text that are listed, as " -"Front-Cover Texts or Back-Cover Texts, in the notice that says that the " -"Document is released under this License. A Front-Cover Text may be at most " -"5 words, and a Back-Cover Text may be at most 25 words." -msgstr "" -"„Titulní texty“ jsou určité krátké pasáže textu, které jsou uvedeny jako " -"text na přední obálce nebo text na zadní obálce v oznámení, že dokument je " -"vydán na základě této licence. Text přední obálky může mít maximálně 5 slov " -"a text zadní obálky maximálně 25 slov." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:47 -msgid "" -"A \"Transparent\" copy of the Document means a machine-readable copy, " -"represented in a format whose specification is available to the general " -"public, that is suitable for revising the document straightforwardly with " -"generic text editors or (for images composed of pixels) generic paint " -"programs or (for drawings) some widely available drawing editor, and that is " -"suitable for input to text formatters or for automatic translation to a " -"variety of formats suitable for input to text formatters. A copy made in an " -"otherwise Transparent file format whose markup, or absence of markup, has " -"been arranged to thwart or discourage subsequent modification by readers is " -"not Transparent. An image format is not Transparent if used for any " -"substantial amount of text. A copy that is not \"Transparent\" is called " -"\"Opaque\"." -msgstr "" -"„Průhlednou“ kopií dokumentu se rozumí strojově čitelná kopie reprezentovaná " -"ve formátu, jehož specifikace je k dispozici široké veřejnosti, která je " -"vhodná pro přímou revizi dokumentu pomocí obecných textových editorů nebo (u " -"obrázků složených z pixelů) obecných barev programy nebo (pro výkresy) " -"nějaký široce dostupný editor výkresů, který je vhodný pro vstup do " -"formátovačů textu nebo pro automatický překlad do různých formátů vhodných " -"pro vstup do formátovačů textu. Kopie vytvořená v jinak transparentním " -"formátu souboru, jehož označení nebo absence označení byla uspořádána tak, " -"aby mařila nebo odrazovala od následné úpravy čtenáři, není transparentní. " -"Formát obrázku není průhledný, pokud je použit pro jakékoli podstatné " -"množství textu. Kopie, která není „průhledná“, se nazývá „neprůhledná“." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:51 -msgid "" -"Examples of suitable formats for Transparent copies include plain ASCII " -"without markup, Texinfo input format, LaTeX input format, SGML or XML using " -"a publicly available DTD, and standard-conforming simple HTML, PostScript or " -"PDF designed for human modification. Examples of transparent image formats " -"include PNG, XCF and JPG. Opaque formats include proprietary formats that " -"can be read and edited only by proprietary word processors, SGML or XML for " -"which the DTD and/or processing tools are not generally available, and the " -"machine-generated HTML, PostScript or PDF produced by some word processors " -"for output purposes only." -msgstr "" -"Mezi příklady vhodných formátů pro transparentní kopie patří prostý ASCII " -"bez značek, vstupní formát Texinfo, vstupní formát LaTeX, SGML nebo XML " -"pomocí veřejně dostupného DTD a standard vyhovující jednoduchému HTML, " -"PostScriptu nebo PDF určenému pro lidské úpravy. Mezi příklady " -"transparentních obrazových formátů patří PNG, XCF a JPG. Neprůhledné formáty " -"zahrnují proprietární formáty, které mohou číst a upravovat pouze " -"proprietární textové procesory, SGML nebo XML, pro které nejsou DTD a/nebo " -"nástroje pro zpracování obecně dostupné, a strojově generovaný HTML, " -"PostScript nebo PDF vytvořený některými textovými procesory pro pouze pro " -"účely výstupu." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:54 -msgid "" -"The \"Title Page\" means, for a printed book, the title page itself, plus " -"such following pages as are needed to hold, legibly, the material this " -"License requires to appear in the title page. For works in formats which do " -"not have any title page as such, \"Title Page\" means the text near the most " -"prominent appearance of the work's title, preceding the beginning of the " -"body of the text." -msgstr "" -"„Titulní stránka“ znamená u tištěné knihy samotnou titulní stránku plus " -"takové stránky, které jsou potřebné k čitelnému uložení materiálu, který se " -"podle této licence má objevit na titulní stránce. U děl ve formátech, které " -"nemají žádnou titulní stránku jako takovou, znamená „titulní stránka“ text " -"poblíž nejvýznamnějšího výskytu názvu díla, který předchází začátku textu." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:57 -msgid "" -"A section \"Entitled XYZ\" means a named subunit of the Document whose title " -"either is precisely XYZ or contains XYZ in parentheses following text that " -"translates XYZ in another language. (Here XYZ stands for a specific section " -"name mentioned below, such as \"Acknowledgements\", \"Dedications\", " -"\"Endorsements\", or \"History\".) To \"Preserve the Title\" of such a " -"section when you modify the Document means that it remains a section " -"\"Entitled XYZ\" according to this definition." -msgstr "" -"Oddíl „S názvem XYZ“ znamená pojmenovanou podjednotku dokumentu, jejíž název " -"je buď přesně XYZ, nebo obsahuje XYZ v závorkách za následujícím textem, " -"který překládá XYZ do jiného jazyka. (Zde XYZ znamená konkrétní název sekce " -"zmíněný níže, například „Poděkování“, „Věnování“, „Potvrzení“ nebo " -"„Historie“.) „Zachovat název“ takové části při změně dokumentu znamená, že " -"podle této definice zůstává částí „S názvem XYZ“." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:60 -msgid "" -"The Document may include Warranty Disclaimers next to the notice which " -"states that this License applies to the Document. These Warranty " -"Disclaimers are considered to be included by reference in this License, but " -"only as regards disclaiming warranties: any other implication that these " -"Warranty Disclaimers may have is void and has no effect on the meaning of " -"this License." -msgstr "" -"Dokument může obsahovat prohlášení o zřeknutí se záruky vedle oznámení, " -"které uvádí, že tato licence se vztahuje na dokument. Tato zřeknutí se " -"záruky jsou považována za vložená odkazem na tuto licenci, ale pouze pokud " -"jde o zřeknutí se záruk: jakýkoli další důsledek, který mohou tato zřeknutí " -"se záruky mít, je neplatný a nemá žádný vliv na význam této licence." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:62 -#, no-wrap -msgid "2. VERBATIM COPYING" -msgstr "2. DOSLOVNÉ KOPÍROVÁNÍ (VERBATIM)" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:69 -msgid "" -"You may copy and distribute the Document in any medium, either commercially " -"or noncommercially, provided that this License, the copyright notices, and " -"the license notice saying this License applies to the Document are " -"reproduced in all copies, and that you add no other conditions whatsoever to " -"those of this License. You may not use technical measures to obstruct or " -"control the reading or further copying of the copies you make or " -"distribute. However, you may accept compensation in exchange for copies. " -"If you distribute a large enough number of copies you must also follow the " -"conditions in section 3." -msgstr "" -"Můžete kopírovat a distribuovat dokument na jakémkoli médiu, ať už komerčně " -"nebo nekomerčně, za předpokladu, že tato licence, upozornění na autorská " -"práva a upozornění na licenci uvádějící, že tato licence se vztahuje na " -"dokument, jsou reprodukovány ve všech kopiích a že nepřidáte žádné další " -"podmínky k těm z této licence. Nesmíte používat technická opatření, která by " -"bránila nebo kontrolovala čtení nebo další kopírování kopií, které vytváříte " -"nebo distribuujete. Výměnou za kopie však můžete přijmout kompenzaci. Pokud " -"distribuujete dostatečně velký počet kopií, musíte rovněž dodržet podmínky v " -"části 3." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:71 -msgid "" -"You may also lend copies, under the same conditions stated above, and you " -"may publicly display copies." -msgstr "" -"Můžete také půjčit kopie za stejných podmínek, které jsou uvedeny výše, a " -"můžete kopie veřejně zobrazovat." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:73 -#, no-wrap -msgid "3. COPYING IN QUANTITY" -msgstr "3. HROMADNÉ KOPÍROVÁNÍ" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:81 -msgid "" -"If you publish printed copies (or copies in media that commonly have printed " -"covers) of the Document, numbering more than 100, and the Document's license " -"notice requires Cover Texts, you must enclose the copies in covers that " -"carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the " -"front cover, and Back-Cover Texts on the back cover. Both covers must also " -"clearly and legibly identify you as the publisher of these copies. The " -"front cover must present the full title with all words of the title equally " -"prominent and visible. You may add other material on the covers in " -"addition. Copying with changes limited to the covers, as long as they " -"preserve the title of the Document and satisfy these conditions, can be " -"treated as verbatim copying in other respects." -msgstr "" -"Pokud zveřejňujete tištěné kopie (nebo kopie na médiích, která mají běžně " -"tištěné obálky) Dokumentu v počtu větším než 100 a oznámení o licenci k " -"Dokumentu vyžaduje Texty na obálce, musíte kopie přiložit k obalům, které " -"jasně a čitelně obsahují všechny tyto Texty na obálce: Texty na přední " -"obálce na přední straně a Texty na zadní obálce na zadní straně. Obě strany " -"obálky Vás také musí jasně a čitelně identifikovat jako vydavatele těchto " -"kopií. Na přední straně obálky musí být celý název se všemi slovy titulu " -"stejně výraznými a dobře čitelnými. Na obal můžete přidat další materiály. " -"Kopírování se změnami omezenými na obálky, pokud zachovávají název dokumentu " -"a splňují tyto podmínky, lze považovat za doslovné kopírování i v jiných " -"ohledech." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:83 -msgid "" -"If the required texts for either cover are too voluminous to fit legibly, " -"you should put the first ones listed (as many as fit reasonably) on the " -"actual cover, and continue the rest onto adjacent pages." -msgstr "" -"Jsou-li požadované texty pro obě strany obálky příliš objemné, aby se tam " -"vešly a zůstaly čitelné, měli byste na první stranu obálky umístit začátek " -"textu (tolik, kolik se rozumně vejde) a zbytek má pokračovat na přiložených " -"stránkách." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:86 -msgid "" -"If you publish or distribute Opaque copies of the Document numbering more " -"than 100, you must either include a machine-readable Transparent copy along " -"with each Opaque copy, or state in or with each Opaque copy a computer-" -"network location from which the general network-using public has access to " -"download using public-standard network protocols a complete Transparent copy " -"of the Document, free of added material. If you use the latter option, you " -"must take reasonably prudent steps, when you begin distribution of Opaque " -"copies in quantity, to ensure that this Transparent copy will remain thus " -"accessible at the stated location until at least one year after the last " -"time you distribute an Opaque copy (directly or through your agents or " -"retailers) of that edition to the public." -msgstr "" -"Publikujete-li nebo distribuujete-li neprůhledné kopie Dokumentu číslované " -"nad 100, musíte buď ke každé neprůhledné kopii přiložit buď strojově " -"čitelnou transparentní kopii, nebo uvést v každé neprůhledné kopii nebo k ní " -"přidat umístění v počítačové síti, z nějž má běžný uživatel sítě přístup ke " -"stažení úplné transparentní kopie dokumentu pomocí veřejných standardních " -"síťových protokolů, bez přidaného materiálu. Pokud použijete druhou možnost, " -"musíte při zahájení distribuce neprůhledných kopií v přiměřené míře " -"podniknout přiměřené kroky, abyste zajistili, že tato transparentní kopie " -"zůstane takto přístupná na uvedeném místě nejméně po dobu jednoho roku od " -"poslední distribuce neprůhledné kopie (přímo nebo prostřednictvím vašich " -"agentů nebo prodejců) tohoto vydání pro veřejnost." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:88 -msgid "" -"It is requested, but not required, that you contact the authors of the " -"Document well before redistributing any large number of copies, to give them " -"a chance to provide you with an updated version of the Document." -msgstr "" -"Před redistribucí jakéhokoli velkého počtu kopií se doporučuje, ale " -"nevyžaduje, abyste se před opětovnou distribucí velkého počtu kopií obrátili " -"na autory dokumentu a dali jim možnost poskytnout vám aktualizovanou verzi " -"dokumentu." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:90 -#, no-wrap -msgid "4. MODIFICATIONS" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:95 -msgid "" -"You may copy and distribute a Modified Version of the Document under the " -"conditions of sections 2 and 3 above, provided that you release the Modified " -"Version under precisely this License, with the Modified Version filling the " -"role of the Document, thus licensing distribution and modification of the " -"Modified Version to whoever possesses a copy of it. In addition, you must " -"do these things in the Modified Version:" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:98 -msgid "" -"Use in the Title Page (and on the covers, if any) a title distinct from that " -"of the Document, and from those of previous versions (which should, if there " -"were any, be listed in the History section of the Document). You may use the " -"same title as a previous version if the original publisher of that version " -"gives permission." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:99 -msgid "" -"List on the Title Page, as authors, one or more persons or entities " -"responsible for authorship of the modifications in the Modified Version, " -"together with at least five of the principal authors of the Document (all of " -"its principal authors, if it has fewer than five), unless they release you " -"from this requirement." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:100 -msgid "" -"State on the Title page the name of the publisher of the Modified Version, " -"as the publisher." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:101 -msgid "Preserve all the copyright notices of the Document." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:102 -msgid "" -"Add an appropriate copyright notice for your modifications adjacent to the " -"other copyright notices." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:103 -msgid "" -"Include, immediately after the copyright notices, a license notice giving " -"the public permission to use the Modified Version under the terms of this " -"License, in the form shown in the Addendum below." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:104 -msgid "" -"Preserve in that license notice the full lists of Invariant Sections and " -"required Cover Texts given in the Document's license notice." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:105 -msgid "Include an unaltered copy of this License." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:106 -msgid "" -"Preserve the section Entitled \"History\", Preserve its Title, and add to it " -"an item stating at least the title, year, new authors, and publisher of the " -"Modified Version as given on the Title Page. If there is no section Entitled " -"\"History\" in the Document, create one stating the title, year, authors, " -"and publisher of the Document as given on its Title Page, then add an item " -"describing the Modified Version as stated in the previous sentence." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:107 -msgid "" -"Preserve the network location, if any, given in the Document for public " -"access to a Transparent copy of the Document, and likewise the network " -"locations given in the Document for previous versions it was based on. These " -"may be placed in the \"History\" section. You may omit a network location " -"for a work that was published at least four years before the Document " -"itself, or if the original publisher of the version it refers to gives " -"permission." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:108 -msgid "" -"For any section Entitled \"Acknowledgements\" or \"Dedications\", Preserve " -"the Title of the section, and preserve in the section all the substance and " -"tone of each of the contributor acknowledgements and/or dedications given " -"therein." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:109 -msgid "" -"Preserve all the Invariant Sections of the Document, unaltered in their text " -"and in their titles. Section numbers or the equivalent are not considered " -"part of the section titles." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:110 -msgid "" -"Delete any section Entitled \"Endorsements\". Such a section may not be " -"included in the Modified Version." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:111 -msgid "" -"Do not retitle any existing section to be Entitled \"Endorsements\" or to " -"conflict in title with any Invariant Section." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:112 -msgid "Preserve any Warranty Disclaimers." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:117 -msgid "" -"If the Modified Version includes new front-matter sections or appendices " -"that qualify as Secondary Sections and contain no material copied from the " -"Document, you may at your option designate some or all of these sections as " -"invariant. To do this, add their titles to the list of Invariant Sections " -"in the Modified Version's license notice. These titles must be distinct " -"from any other section titles." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:119 -msgid "" -"You may add a section Entitled \"Endorsements\", provided it contains " -"nothing but endorsements of your Modified Version by various parties--for " -"example, statements of peer review or that the text has been approved by an " -"organization as the authoritative definition of a standard." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:123 -msgid "" -"You may add a passage of up to five words as a Front-Cover Text, and a " -"passage of up to 25 words as a Back-Cover Text, to the end of the list of " -"Cover Texts in the Modified Version. Only one passage of Front-Cover Text " -"and one of Back-Cover Text may be added by (or through arrangements made by) " -"any one entity. If the Document already includes a cover text for the same " -"cover, previously added by you or by arrangement made by the same entity you " -"are acting on behalf of, you may not add another; but you may replace the " -"old one, on explicit permission from the previous publisher that added the " -"old one." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:125 -msgid "" -"The author(s) and publisher(s) of the Document do not by this License give " -"permission to use their names for publicity for or to assert or imply " -"endorsement of any Modified Version." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:127 -#, no-wrap -msgid "5. COMBINING DOCUMENTS" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:131 -msgid "" -"You may combine the Document with other documents released under this " -"License, under the terms defined in section 4 above for modified versions, " -"provided that you include in the combination all of the Invariant Sections " -"of all of the original documents, unmodified, and list them all as Invariant " -"Sections of your combined work in its license notice, and that you preserve " -"all their Warranty Disclaimers." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:135 -msgid "" -"The combined work need only contain one copy of this License, and multiple " -"identical Invariant Sections may be replaced with a single copy. If there " -"are multiple Invariant Sections with the same name but different contents, " -"make the title of each such section unique by adding at the end of it, in " -"parentheses, the name of the original author or publisher of that section if " -"known, or else a unique number. Make the same adjustment to the section " -"titles in the list of Invariant Sections in the license notice of the " -"combined work." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:137 -msgid "" -"In the combination, you must combine any sections Entitled \"History\" in " -"the various original documents, forming one section Entitled \"History\"; " -"likewise combine any sections Entitled \"Acknowledgements\", and any " -"sections Entitled \"Dedications\". You must delete all sections Entitled " -"\"Endorsements\"." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:139 -#, no-wrap -msgid "6. COLLECTIONS OF DOCUMENTS" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:143 -msgid "" -"You may make a collection consisting of the Document and other documents " -"released under this License, and replace the individual copies of this " -"License in the various documents with a single copy that is included in the " -"collection, provided that you follow the rules of this License for verbatim " -"copying of each of the documents in all other respects." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:145 -msgid "" -"You may extract a single document from such a collection, and distribute it " -"individually under this License, provided you insert a copy of this License " -"into the extracted document, and follow this License in all other respects " -"regarding verbatim copying of that document." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:147 -#, no-wrap -msgid "7. AGGREGATION WITH INDEPENDENT WORKS" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:152 -msgid "" -"A compilation of the Document or its derivatives with other separate and " -"independent documents or works, in or on a volume of a storage or " -"distribution medium, is called an \"aggregate\" if the copyright resulting " -"from the compilation is not used to limit the legal rights of the " -"compilation's users beyond what the individual works permit. When the " -"Document is included in an aggregate, this License does not apply to the " -"other works in the aggregate which are not themselves derivative works of " -"the Document." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:155 -msgid "" -"If the Cover Text requirement of section 3 is applicable to these copies of " -"the Document, then if the Document is less than one half of the entire " -"aggregate, the Document's Cover Texts may be placed on covers that bracket " -"the Document within the aggregate, or the electronic equivalent of covers if " -"the Document is in electronic form. Otherwise they must appear on printed " -"covers that bracket the whole aggregate." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:157 -#, no-wrap -msgid "8. TRANSLATION" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:164 -msgid "" -"Translation is considered a kind of modification, so you may distribute " -"translations of the Document under the terms of section 4. Replacing " -"Invariant Sections with translations requires special permission from their " -"copyright holders, but you may include translations of some or all Invariant " -"Sections in addition to the original versions of these Invariant Sections. " -"You may include a translation of this License, and all the license notices " -"in the Document, and any Warranty Disclaimers, provided that you also " -"include the original English version of this License and the original " -"versions of those notices and disclaimers. In case of a disagreement " -"between the translation and the original version of this License or a notice " -"or disclaimer, the original version will prevail." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:166 -msgid "" -"If a section in the Document is Entitled \"Acknowledgements\", \"Dedications" -"\", or \"History\", the requirement (section 4) to Preserve its Title " -"(section 1) will typically require changing the actual title." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:168 -#, no-wrap -msgid "9. TERMINATION" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:174 -msgid "" -"You may not copy, modify, sublicense, or distribute the Document except as " -"expressly provided for under this License. Any other attempt to copy, " -"modify, sublicense or distribute the Document is void, and will " -"automatically terminate your rights under this License. However, parties " -"who have received copies, or rights, from you under this License will not " -"have their licenses terminated so long as such parties remain in full " -"compliance." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:176 -#, no-wrap -msgid "10. FUTURE REVISIONS OF THIS LICENSE" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:182 -msgid "" -"The Free Software Foundation may publish new, revised versions of the GNU " -"Free Documentation License from time to time. Such new versions will be " -"similar in spirit to the present version, but may differ in detail to " -"address new problems or concerns. See http://www.gnu.org/copyleft/." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:186 -msgid "" -"Each version of the License is given a distinguishing version number. If " -"the Document specifies that a particular numbered version of this License " -"\"or any later version\" applies to it, you have the option of following the " -"terms and conditions either of that specified version or of any later " -"version that has been published (not as a draft) by the Free Software " -"Foundation. If the Document does not specify a version number of this " -"License, you may choose any version ever published (not as a draft) by the " -"Free Software Foundation." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:188 -#, no-wrap -msgid "ADDENDUM: How to use this License for your documents" -msgstr "" - -#. type: delimited block - -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:198 -#, no-wrap -msgid "" -"Copyright (c) YEAR YOUR NAME.\n" -" Permission is granted to copy, distribute and/or modify this document\n" -" under the terms of the GNU Free Documentation License, Version 1.2\n" -" or any later version published by the Free Software Foundation;\n" -" with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.\n" -" A copy of the license is included in the section entitled{ldquo}GNU\n" -" Free Documentation License{rdquo}.\n" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:204 -msgid "" -"If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, " -"replace the {ldquo} with...Texts.{rdquo} line with this:" -msgstr "" - -#. type: delimited block - -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:208 -#, no-wrap -msgid "" -"with the Invariant Sections being LIST THEIR TITLES, with the\n" -" Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST.\n" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:212 -msgid "" -"If you have Invariant Sections without Cover Texts, or some other " -"combination of the three, merge those two alternatives to suit the situation." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:213 -msgid "" -"If your document contains nontrivial examples of program code, we recommend " -"releasing these examples in parallel under your choice of free software " -"license, such as the GNU General Public License, to permit their use in free " -"software." -msgstr "" - -#. type: Title = -#: modules/ROOT/pages/index-uyuni.adoc:1 +#: modules/ROOT/pages/index-uyuni.adoc:1 modules/ROOT/pages/index.adoc:1 #, no-wrap msgid "{productname} {productnumber} Documentation" msgstr "" #. type: Title == -#: modules/ROOT/pages/index-uyuni.adoc:4 +#: modules/ROOT/pages/index-uyuni.adoc:2 modules/ROOT/pages/index.adoc:2 #, no-wrap msgid "What is {productname}?" msgstr "" +#. [#salt.gloss] may be used to create a tooltip for a glossary term: see branding/supplemental-ui/suma/sumacom/partials/footer-scripts.hbs #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:9 +#: modules/ROOT/pages/index-uyuni.adoc:3 modules/ROOT/pages/index.adoc:3 msgid "" "{productname} is a solution for organizations that require absolute control " "over maintenance and package deployment on their servers. {productname} " @@ -829,7 +43,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:12 +#: modules/ROOT/pages/index-uyuni.adoc:4 modules/ROOT/pages/index.adoc:4 msgid "" "{productname} uses Salt to provide event-driven configuration and management " "control. The Salt-master orchestrates tens of thousands of Salt clients " @@ -837,7 +51,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:14 +#: modules/ROOT/pages/index-uyuni.adoc:5 msgid "" "{productname} offers seamless management of {sle}, {opensuse}, {rhel}, " "{centos}, {oracle}, {debian} and {ubuntu} client systems, no matter if on-" @@ -846,13 +60,15 @@ msgid "" msgstr "" #. type: Title == -#: modules/ROOT/pages/index-uyuni.adoc:16 +#: modules/ROOT/pages/index-uyuni.adoc:6 modules/ROOT/pages/index.adoc:12 +#: modules/ROOT/pages/index.adoc:17 #, no-wrap msgid "Available Documentation" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:19 +#: modules/ROOT/pages/index-uyuni.adoc:7 modules/ROOT/pages/index.adoc:13 +#: modules/ROOT/pages/index.adoc:18 msgid "" "The following documentation is available for {productname} version " "{productnumber}." @@ -860,7 +76,7 @@ msgstr "" #. | Architecture | xref:architecture:architecture-intro.adoc[HTML] link:../pdf/uyuni_architecture.pdf[PDF] #. type: Table -#: modules/ROOT/pages/index-uyuni.adoc:45 +#: modules/ROOT/pages/index-uyuni.adoc:8 #, no-wrap msgid "" "| Document | Format | Document | Format\n" @@ -872,7 +88,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index.adoc:16 +#: modules/ROOT/pages/index.adoc:5 msgid "" "{productname} offers seamless management of {sle}, {opensuse}, {rhel}, " "{centos}, {oracle} and {ubuntu} client systems, no matter if on-premise, on " @@ -880,13 +96,13 @@ msgid "" msgstr "" #. type: Block title -#: modules/ROOT/pages/index.adoc:19 +#: modules/ROOT/pages/index.adoc:6 #, no-wrap msgid "Accessibility" msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:26 +#: modules/ROOT/pages/index.adoc:7 msgid "" "If you cannot use the {productname} {webui}, almost all functionality (with " "the exception of virtualization tasks) is available from the command " @@ -898,35 +114,35 @@ msgid "" msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:28 +#: modules/ROOT/pages/index.adoc:8 msgid "" "For more information about [command]``spacecmd``, see xref:reference:" "spacecmd-intro.adoc[]." msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:29 +#: modules/ROOT/pages/index.adoc:9 msgid "" "For more information about other command line tools, see xref:reference:" "command-line-tools.adoc[]." msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:30 +#: modules/ROOT/pages/index.adoc:10 msgid "" "For more information about the API, see https://documentation.suse.com/" "external-tree/en-us/suma/4.1/pdf/susemanager_api_doc_color_en.pdf." msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:31 +#: modules/ROOT/pages/index.adoc:11 msgid "" "For the latest information about all command line tools, see the release " "notes available from https://www.suse.com/releasenotes/." msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:45 +#: modules/ROOT/pages/index.adoc:14 msgid "" "{productname} documentation is available in several locations and formats. " "For the most up-to-date version of this documentation, see https://" @@ -934,7 +150,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index.adoc:48 +#: modules/ROOT/pages/index.adoc:15 msgid "" "Download All PDFs icon:caret-right[] icon:file-archive[link=\"../susemanager-" "docs_en-pdf.tar.gz\"]" @@ -942,7 +158,7 @@ msgstr "" #. | Architecture | xref:architecture:architecture-intro.adoc[HTML] link:../pdf/suse_manager_architecture.pdf[PDF] #. type: Table -#: modules/ROOT/pages/index.adoc:66 +#: modules/ROOT/pages/index.adoc:16 #, no-wrap msgid "" "| View HTML | View PDF | View HTML | View PDF\n" @@ -961,7 +177,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index.adoc:77 +#: modules/ROOT/pages/index.adoc:19 msgid "" "Download All PDFs icon:caret-right[] icon:file-archive[link=\"../uyuni-" "docs_en-pdf.tar.gz\"]" @@ -969,7 +185,7 @@ msgstr "" #. | Architecture | xref:architecture:architecture-intro.adoc[HTML] link:../pdf/suse_manager_architecture.pdf[PDF] #. type: Table -#: modules/ROOT/pages/index.adoc:95 +#: modules/ROOT/pages/index.adoc:20 #, no-wrap msgid "" "| View HTML | View PDF | View HTML | View PDF\n" @@ -987,9 +203,395 @@ msgid "" "\n" msgstr "" +#. type: Block title +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:1 +#, no-wrap +msgid "Procedure: Adding Software Channels at the Command Prompt" +msgstr "" + +#. type: Plain text +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:2 +msgid "" +"At the command prompt on the {productname} Server, as root, use the " +"[command]``spacewalk-common-channels`` command to add the appropriate " +"channels:" +msgstr "" + +#. type: delimited block - +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:3 +#, no-wrap +msgid "" +"spacewalk-common-channels \\\n" +" \\\n" +" \\\n" +" \\\n" +"... \n" +msgstr "" + +#. type: Plain text +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:4 +msgid "Synchronize the channels:" +msgstr "" + +#. type: delimited block - +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:5 +#, no-wrap +msgid "mgr-sync refresh --refresh-channels\n" +msgstr "" + #. * xref:index-webui-branding-2019.adoc[What is SUSE Manager?] #. * xref:release-notes-version-4.0.adoc[Doc Release Notes] #. type: Plain text -#: modules/ROOT/nav.adoc:3 +#: modules/ROOT/nav.adoc:1 msgid "xref:common_gfdl1.2_i.adoc[License]" msgstr "" + +#, no-wrap +#~ msgid "GNU Free Documentation License" +#~ msgstr "GNU bezplatná dokumentační licence" + +#~ msgid "" +#~ "Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc. 51 " +#~ "Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is " +#~ "permitted to copy and distribute verbatim copies of this license " +#~ "document, but changing it is not allowed." +#~ msgstr "" +#~ "Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc. 51 Franklin " +#~ "St, Fifth Floor, Boston, MA 02110-1301 USA. Každý má právo kopírovat a " +#~ "distribuovat doslovné kopie tohoto licenčního dokumentu, ale jeho změna " +#~ "není povolena." + +#, no-wrap +#~ msgid "0. PREAMBLE" +#~ msgstr "0. PREAMBULE" + +#~ msgid "" +#~ "The purpose of this License is to make a manual, textbook, or other " +#~ "functional and useful document \"free\" in the sense of freedom: to " +#~ "assure everyone the effective freedom to copy and redistribute it, with " +#~ "or without modifying it, either commercially or noncommercially. " +#~ "Secondarily, this License preserves for the author and publisher a way to " +#~ "get credit for their work, while not being considered responsible for " +#~ "modifications made by others." +#~ msgstr "" +#~ "Účelem této licence je učinit z manuálu, učebnice nebo jiného funkčního a " +#~ "užitečného dokumentu \"bezplatný\" ve smyslu svobody: zajistit každému " +#~ "skutečnou svobodu jeho kopírování a opětovného šíření, ať už s jeho " +#~ "komerční úpravou nebo nekomerčně či bez jakýchkoli úprav. Tato licence " +#~ "sekundárně zachovává pro autora a vydavatele způsob, jak získat uznání za " +#~ "jejich práci, aniž odpovídají za úpravy provedené jinými." + +#~ msgid "" +#~ "This License is a kind of \"copyleft\", which means that derivative works " +#~ "of the document must themselves be free in the same sense. It " +#~ "complements the GNU General Public License, which is a copyleft license " +#~ "designed for free software." +#~ msgstr "" +#~ "Tato licence je jakýmsi \"copyleftem\", což znamená, že odvozená díla " +#~ "dokumentu musí samy být bezplatné ve stejném smyslu. Doplňuje GNU General " +#~ "Public License, což je \"copyleftová\" licence určená pro svobodný " +#~ "software." + +#~ msgid "" +#~ "We have designed this License in order to use it for manuals for free " +#~ "software, because free software needs free documentation: a free program " +#~ "should come with manuals providing the same freedoms that the software " +#~ "does. But this License is not limited to software manuals; it can be " +#~ "used for any textual work, regardless of subject matter or whether it is " +#~ "published as a printed book. We recommend this License principally for " +#~ "works whose purpose is instruction or reference." +#~ msgstr "" +#~ "Tuto licenci jsme navrhli, abychom ji mohli používat pro manuály " +#~ "svobodného softwaru, protože svobodný software vyžaduje bezplatnou " +#~ "dokumentaci: bezplatný program by měl být dodáván s manuály poskytujícími " +#~ "stejnou svobodu jako software. Tato licence se však neomezuje pouze na " +#~ "softwarové příručky; lze ji použít pro jakoukoli textovou práci, bez " +#~ "ohledu na téma, nebo zda je vydána jako tištěná kniha. Tuto licenci " +#~ "doporučujeme hlavně pro díla, jejichž účelem je poučení nebo na něž se " +#~ "odkazuje." + +#, no-wrap +#~ msgid "1. APPLICABILITY AND DEFINITIONS" +#~ msgstr "1. POUŽITELNOST A DEFINICE" + +#~ msgid "" +#~ "This License applies to any manual or other work, in any medium, that " +#~ "contains a notice placed by the copyright holder saying it can be " +#~ "distributed under the terms of this License. Such a notice grants a " +#~ "world-wide, royalty-free license, unlimited in duration, to use that work " +#~ "under the conditions stated herein. The \"Document\", below, refers to " +#~ "any such manual or work. Any member of the public is a licensee, and is " +#~ "addressed as \"you\". You accept the license if you copy, modify or " +#~ "distribute the work in a way requiring permission under copyright law." +#~ msgstr "" +#~ "Tato licence se vztahuje na jakoukoli příručku nebo jiné dílo na " +#~ "jakémkoli médiu, které obsahuje upozornění umístěné držitelem autorských " +#~ "práv, které říká, že může být šířeno za podmínek této licence. Takové " +#~ "oznámení uděluje celosvětovou bezplatnou licenci s neomezenou dobou " +#~ "platnosti k použití tohoto díla za podmínek zde uvedených. Níže uvedený " +#~ "„dokument“ odkazuje na jakoukoli takovou příručku nebo dílo. Kdokoli z " +#~ "veřejnosti je držitelem licence a je oslovován jako „vy“. Licenci " +#~ "přijímáte, pokud kopírujete, upravujete nebo distribuujete dílo způsobem " +#~ "vyžadujícím povolení podle autorského zákona." + +#~ msgid "" +#~ "A \"Modified Version\" of the Document means any work containing the " +#~ "Document or a portion of it, either copied verbatim, or with " +#~ "modifications and/or translated into another language." +#~ msgstr "" +#~ "„Upravenou verzí“ dokumentu se rozumí jakékoli dílo obsahující dokument " +#~ "nebo jeho část, doslovně zkopírované nebo s úpravami a/nebo přeložené do " +#~ "jiného jazyka." + +#~ msgid "" +#~ "A \"Secondary Section\" is a named appendix or a front-matter section of " +#~ "the Document that deals exclusively with the relationship of the " +#~ "publishers or authors of the Document to the Document's overall subject " +#~ "(or to related matters) and contains nothing that could fall directly " +#~ "within that overall subject. (Thus, if the Document is in part a " +#~ "textbook of mathematics, a Secondary Section may not explain any " +#~ "mathematics.) The relationship could be a matter of historical connection " +#~ "with the subject or with related matters, or of legal, commercial, " +#~ "philosophical, ethical or political position regarding them." +#~ msgstr "" +#~ "„Sekundární část“ je pojmenovaná příloha nebo přední část dokumentu, " +#~ "která se zabývá výlučně vztahem vydavatelů nebo autorů dokumentu k " +#~ "celkovému předmětu dokumentu (nebo k souvisejícím záležitostem) a " +#~ "neobsahuje nic, co by mohlo přímo spadat v rámci tohoto celkového " +#~ "předmětu. (Pokud je tedy dokument částečně učebnicí matematiky, nemusí " +#~ "sekundární sekce vysvětlovat žádnou matematiku.) Vztah by mohl být " +#~ "záležitostí historického spojení s tématem nebo souvisejících " +#~ "záležitostí, nebo právních, obchodních, filozofických, etických nebo " +#~ "politické postavení, které se jich týká." + +#~ msgid "" +#~ "The \"Invariant Sections\" are certain Secondary Sections whose titles " +#~ "are designated, as being those of Invariant Sections, in the notice that " +#~ "says that the Document is released under this License. If a section does " +#~ "not fit the above definition of Secondary then it is not allowed to be " +#~ "designated as Invariant. The Document may contain zero Invariant " +#~ "Sections. If the Document does not identify any Invariant Sections then " +#~ "there are none." +#~ msgstr "" +#~ "„Invariantní sekce“ jsou určité Sekundární sekce, jejichž názvy jsou " +#~ "označeny jako tituly Invariantních sekcí v oznámení, které uvádí, že " +#~ "dokument je vydán na základě této licence. Pokud sekce neodpovídá výše " +#~ "uvedené definici Sekundární, není možné ji označit jako Invariantní. " +#~ "Dokument může obsahovat nulové neměnné sekce. Pokud dokument " +#~ "neidentifikuje žádné neměnné sekce, pak žádné neexistují." + +#~ msgid "" +#~ "The \"Cover Texts\" are certain short passages of text that are listed, " +#~ "as Front-Cover Texts or Back-Cover Texts, in the notice that says that " +#~ "the Document is released under this License. A Front-Cover Text may be " +#~ "at most 5 words, and a Back-Cover Text may be at most 25 words." +#~ msgstr "" +#~ "„Titulní texty“ jsou určité krátké pasáže textu, které jsou uvedeny jako " +#~ "text na přední obálce nebo text na zadní obálce v oznámení, že dokument " +#~ "je vydán na základě této licence. Text přední obálky může mít maximálně 5 " +#~ "slov a text zadní obálky maximálně 25 slov." + +#~ msgid "" +#~ "A \"Transparent\" copy of the Document means a machine-readable copy, " +#~ "represented in a format whose specification is available to the general " +#~ "public, that is suitable for revising the document straightforwardly with " +#~ "generic text editors or (for images composed of pixels) generic paint " +#~ "programs or (for drawings) some widely available drawing editor, and that " +#~ "is suitable for input to text formatters or for automatic translation to " +#~ "a variety of formats suitable for input to text formatters. A copy made " +#~ "in an otherwise Transparent file format whose markup, or absence of " +#~ "markup, has been arranged to thwart or discourage subsequent modification " +#~ "by readers is not Transparent. An image format is not Transparent if " +#~ "used for any substantial amount of text. A copy that is not \"Transparent" +#~ "\" is called \"Opaque\"." +#~ msgstr "" +#~ "„Průhlednou“ kopií dokumentu se rozumí strojově čitelná kopie " +#~ "reprezentovaná ve formátu, jehož specifikace je k dispozici široké " +#~ "veřejnosti, která je vhodná pro přímou revizi dokumentu pomocí obecných " +#~ "textových editorů nebo (u obrázků složených z pixelů) obecných barev " +#~ "programy nebo (pro výkresy) nějaký široce dostupný editor výkresů, který " +#~ "je vhodný pro vstup do formátovačů textu nebo pro automatický překlad do " +#~ "různých formátů vhodných pro vstup do formátovačů textu. Kopie vytvořená " +#~ "v jinak transparentním formátu souboru, jehož označení nebo absence " +#~ "označení byla uspořádána tak, aby mařila nebo odrazovala od následné " +#~ "úpravy čtenáři, není transparentní. Formát obrázku není průhledný, pokud " +#~ "je použit pro jakékoli podstatné množství textu. Kopie, která není " +#~ "„průhledná“, se nazývá „neprůhledná“." + +#~ msgid "" +#~ "Examples of suitable formats for Transparent copies include plain ASCII " +#~ "without markup, Texinfo input format, LaTeX input format, SGML or XML " +#~ "using a publicly available DTD, and standard-conforming simple HTML, " +#~ "PostScript or PDF designed for human modification. Examples of " +#~ "transparent image formats include PNG, XCF and JPG. Opaque formats " +#~ "include proprietary formats that can be read and edited only by " +#~ "proprietary word processors, SGML or XML for which the DTD and/or " +#~ "processing tools are not generally available, and the machine-generated " +#~ "HTML, PostScript or PDF produced by some word processors for output " +#~ "purposes only." +#~ msgstr "" +#~ "Mezi příklady vhodných formátů pro transparentní kopie patří prostý ASCII " +#~ "bez značek, vstupní formát Texinfo, vstupní formát LaTeX, SGML nebo XML " +#~ "pomocí veřejně dostupného DTD a standard vyhovující jednoduchému HTML, " +#~ "PostScriptu nebo PDF určenému pro lidské úpravy. Mezi příklady " +#~ "transparentních obrazových formátů patří PNG, XCF a JPG. Neprůhledné " +#~ "formáty zahrnují proprietární formáty, které mohou číst a upravovat pouze " +#~ "proprietární textové procesory, SGML nebo XML, pro které nejsou DTD a/" +#~ "nebo nástroje pro zpracování obecně dostupné, a strojově generovaný HTML, " +#~ "PostScript nebo PDF vytvořený některými textovými procesory pro pouze pro " +#~ "účely výstupu." + +#~ msgid "" +#~ "The \"Title Page\" means, for a printed book, the title page itself, plus " +#~ "such following pages as are needed to hold, legibly, the material this " +#~ "License requires to appear in the title page. For works in formats which " +#~ "do not have any title page as such, \"Title Page\" means the text near " +#~ "the most prominent appearance of the work's title, preceding the " +#~ "beginning of the body of the text." +#~ msgstr "" +#~ "„Titulní stránka“ znamená u tištěné knihy samotnou titulní stránku plus " +#~ "takové stránky, které jsou potřebné k čitelnému uložení materiálu, který " +#~ "se podle této licence má objevit na titulní stránce. U děl ve formátech, " +#~ "které nemají žádnou titulní stránku jako takovou, znamená „titulní " +#~ "stránka“ text poblíž nejvýznamnějšího výskytu názvu díla, který předchází " +#~ "začátku textu." + +#~ msgid "" +#~ "A section \"Entitled XYZ\" means a named subunit of the Document whose " +#~ "title either is precisely XYZ or contains XYZ in parentheses following " +#~ "text that translates XYZ in another language. (Here XYZ stands for a " +#~ "specific section name mentioned below, such as \"Acknowledgements\", " +#~ "\"Dedications\", \"Endorsements\", or \"History\".) To \"Preserve the " +#~ "Title\" of such a section when you modify the Document means that it " +#~ "remains a section \"Entitled XYZ\" according to this definition." +#~ msgstr "" +#~ "Oddíl „S názvem XYZ“ znamená pojmenovanou podjednotku dokumentu, jejíž " +#~ "název je buď přesně XYZ, nebo obsahuje XYZ v závorkách za následujícím " +#~ "textem, který překládá XYZ do jiného jazyka. (Zde XYZ znamená konkrétní " +#~ "název sekce zmíněný níže, například „Poděkování“, „Věnování“, „Potvrzení“ " +#~ "nebo „Historie“.) „Zachovat název“ takové části při změně dokumentu " +#~ "znamená, že podle této definice zůstává částí „S názvem XYZ“." + +#~ msgid "" +#~ "The Document may include Warranty Disclaimers next to the notice which " +#~ "states that this License applies to the Document. These Warranty " +#~ "Disclaimers are considered to be included by reference in this License, " +#~ "but only as regards disclaiming warranties: any other implication that " +#~ "these Warranty Disclaimers may have is void and has no effect on the " +#~ "meaning of this License." +#~ msgstr "" +#~ "Dokument může obsahovat prohlášení o zřeknutí se záruky vedle oznámení, " +#~ "které uvádí, že tato licence se vztahuje na dokument. Tato zřeknutí se " +#~ "záruky jsou považována za vložená odkazem na tuto licenci, ale pouze " +#~ "pokud jde o zřeknutí se záruk: jakýkoli další důsledek, který mohou tato " +#~ "zřeknutí se záruky mít, je neplatný a nemá žádný vliv na význam této " +#~ "licence." + +#, no-wrap +#~ msgid "2. VERBATIM COPYING" +#~ msgstr "2. DOSLOVNÉ KOPÍROVÁNÍ (VERBATIM)" + +#~ msgid "" +#~ "You may copy and distribute the Document in any medium, either " +#~ "commercially or noncommercially, provided that this License, the " +#~ "copyright notices, and the license notice saying this License applies to " +#~ "the Document are reproduced in all copies, and that you add no other " +#~ "conditions whatsoever to those of this License. You may not use " +#~ "technical measures to obstruct or control the reading or further copying " +#~ "of the copies you make or distribute. However, you may accept " +#~ "compensation in exchange for copies. If you distribute a large enough " +#~ "number of copies you must also follow the conditions in section 3." +#~ msgstr "" +#~ "Můžete kopírovat a distribuovat dokument na jakémkoli médiu, ať už " +#~ "komerčně nebo nekomerčně, za předpokladu, že tato licence, upozornění na " +#~ "autorská práva a upozornění na licenci uvádějící, že tato licence se " +#~ "vztahuje na dokument, jsou reprodukovány ve všech kopiích a že nepřidáte " +#~ "žádné další podmínky k těm z této licence. Nesmíte používat technická " +#~ "opatření, která by bránila nebo kontrolovala čtení nebo další kopírování " +#~ "kopií, které vytváříte nebo distribuujete. Výměnou za kopie však můžete " +#~ "přijmout kompenzaci. Pokud distribuujete dostatečně velký počet kopií, " +#~ "musíte rovněž dodržet podmínky v části 3." + +#~ msgid "" +#~ "You may also lend copies, under the same conditions stated above, and you " +#~ "may publicly display copies." +#~ msgstr "" +#~ "Můžete také půjčit kopie za stejných podmínek, které jsou uvedeny výše, a " +#~ "můžete kopie veřejně zobrazovat." + +#, no-wrap +#~ msgid "3. COPYING IN QUANTITY" +#~ msgstr "3. HROMADNÉ KOPÍROVÁNÍ" + +#~ msgid "" +#~ "If you publish printed copies (or copies in media that commonly have " +#~ "printed covers) of the Document, numbering more than 100, and the " +#~ "Document's license notice requires Cover Texts, you must enclose the " +#~ "copies in covers that carry, clearly and legibly, all these Cover Texts: " +#~ "Front-Cover Texts on the front cover, and Back-Cover Texts on the back " +#~ "cover. Both covers must also clearly and legibly identify you as the " +#~ "publisher of these copies. The front cover must present the full title " +#~ "with all words of the title equally prominent and visible. You may add " +#~ "other material on the covers in addition. Copying with changes limited " +#~ "to the covers, as long as they preserve the title of the Document and " +#~ "satisfy these conditions, can be treated as verbatim copying in other " +#~ "respects." +#~ msgstr "" +#~ "Pokud zveřejňujete tištěné kopie (nebo kopie na médiích, která mají běžně " +#~ "tištěné obálky) Dokumentu v počtu větším než 100 a oznámení o licenci k " +#~ "Dokumentu vyžaduje Texty na obálce, musíte kopie přiložit k obalům, které " +#~ "jasně a čitelně obsahují všechny tyto Texty na obálce: Texty na přední " +#~ "obálce na přední straně a Texty na zadní obálce na zadní straně. Obě " +#~ "strany obálky Vás také musí jasně a čitelně identifikovat jako vydavatele " +#~ "těchto kopií. Na přední straně obálky musí být celý název se všemi slovy " +#~ "titulu stejně výraznými a dobře čitelnými. Na obal můžete přidat další " +#~ "materiály. Kopírování se změnami omezenými na obálky, pokud zachovávají " +#~ "název dokumentu a splňují tyto podmínky, lze považovat za doslovné " +#~ "kopírování i v jiných ohledech." + +#~ msgid "" +#~ "If the required texts for either cover are too voluminous to fit legibly, " +#~ "you should put the first ones listed (as many as fit reasonably) on the " +#~ "actual cover, and continue the rest onto adjacent pages." +#~ msgstr "" +#~ "Jsou-li požadované texty pro obě strany obálky příliš objemné, aby se tam " +#~ "vešly a zůstaly čitelné, měli byste na první stranu obálky umístit " +#~ "začátek textu (tolik, kolik se rozumně vejde) a zbytek má pokračovat na " +#~ "přiložených stránkách." + +#~ msgid "" +#~ "If you publish or distribute Opaque copies of the Document numbering more " +#~ "than 100, you must either include a machine-readable Transparent copy " +#~ "along with each Opaque copy, or state in or with each Opaque copy a " +#~ "computer-network location from which the general network-using public has " +#~ "access to download using public-standard network protocols a complete " +#~ "Transparent copy of the Document, free of added material. If you use the " +#~ "latter option, you must take reasonably prudent steps, when you begin " +#~ "distribution of Opaque copies in quantity, to ensure that this " +#~ "Transparent copy will remain thus accessible at the stated location until " +#~ "at least one year after the last time you distribute an Opaque copy " +#~ "(directly or through your agents or retailers) of that edition to the " +#~ "public." +#~ msgstr "" +#~ "Publikujete-li nebo distribuujete-li neprůhledné kopie Dokumentu " +#~ "číslované nad 100, musíte buď ke každé neprůhledné kopii přiložit buď " +#~ "strojově čitelnou transparentní kopii, nebo uvést v každé neprůhledné " +#~ "kopii nebo k ní přidat umístění v počítačové síti, z nějž má běžný " +#~ "uživatel sítě přístup ke stažení úplné transparentní kopie dokumentu " +#~ "pomocí veřejných standardních síťových protokolů, bez přidaného " +#~ "materiálu. Pokud použijete druhou možnost, musíte při zahájení distribuce " +#~ "neprůhledných kopií v přiměřené míře podniknout přiměřené kroky, abyste " +#~ "zajistili, že tato transparentní kopie zůstane takto přístupná na " +#~ "uvedeném místě nejméně po dobu jednoho roku od poslední distribuce " +#~ "neprůhledné kopie (přímo nebo prostřednictvím vašich agentů nebo " +#~ "prodejců) tohoto vydání pro veřejnost." + +#~ msgid "" +#~ "It is requested, but not required, that you contact the authors of the " +#~ "Document well before redistributing any large number of copies, to give " +#~ "them a chance to provide you with an updated version of the Document." +#~ msgstr "" +#~ "Před redistribucí jakéhokoli velkého počtu kopií se doporučuje, ale " +#~ "nevyžaduje, abyste se před opětovnou distribucí velkého počtu kopií " +#~ "obrátili na autory dokumentu a dali jim možnost poskytnout vám " +#~ "aktualizovanou verzi dokumentu." diff --git a/l10n-weblate/ROOT/es.po b/l10n-weblate/ROOT/es.po index f7991c1b4a5..f0cca43a97f 100644 --- a/l10n-weblate/ROOT/es.po +++ b/l10n-weblate/ROOT/es.po @@ -6,11 +6,11 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2020-06-14 00:54+0200\n" +"POT-Creation-Date: 2020-09-29 23:48+0200\n" "PO-Revision-Date: 2020-08-26 12:39+0000\n" "Last-Translator: Pau Garcia Quiles \n" -"Language-Team: Spanish \n" +"Language-Team: Spanish \n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -19,987 +19,20 @@ msgstr "" "X-Generator: Weblate 3.6.1\n" #. type: Title = -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:1 -#, no-wrap -msgid "GNU Free Documentation License" -msgstr "Licencia de Documentación Libre de GNU" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:6 -msgid "" -"Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc. 51 Franklin " -"St, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is permitted to copy " -"and distribute verbatim copies of this license document, but changing it is " -"not allowed." -msgstr "" -"Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc. 59 Temple " -"Place, Suite 330, Boston, MA 02111-1307 USA. Se permite la copia y " -"distribución de copias literales de este documento de licencia, pero no se " -"permiten cambios." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:8 -#, no-wrap -msgid "0. PREAMBLE" -msgstr "0. PREÁMBULO" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:13 -msgid "" -"The purpose of this License is to make a manual, textbook, or other " -"functional and useful document \"free\" in the sense of freedom: to assure " -"everyone the effective freedom to copy and redistribute it, with or without " -"modifying it, either commercially or noncommercially. Secondarily, this " -"License preserves for the author and publisher a way to get credit for their " -"work, while not being considered responsible for modifications made by " -"others." -msgstr "" -"El propósito de esta Licencia es permitir que un manual, libro de texto, u " -"otro documento escrito sea libre en el sentido de libertad: asegurar a todo " -"el mundo la libertad efectiva de copiarlo y redistribuirlo, con o sin " -"modificaciones, de manera comercial o no. En segundo término, esta Licencia " -"proporciona al autor y al editor una manera de obtener reconocimiento por su " -"trabajo, sin que se le considere responsable de las modificaciones " -"realizadas por otros." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:16 -msgid "" -"This License is a kind of \"copyleft\", which means that derivative works of " -"the document must themselves be free in the same sense. It complements the " -"GNU General Public License, which is a copyleft license designed for free " -"software." -msgstr "" -"Esta Licencia es de tipo copyleft, lo que significa que los trabajos " -"derivados del documento deben a su vez ser libres en el mismo sentido. " -"Complementa la Licencia Pública General de GNU, que es una licencia tipo " -"copyleft diseñada para el software libre." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:20 -msgid "" -"We have designed this License in order to use it for manuals for free " -"software, because free software needs free documentation: a free program " -"should come with manuals providing the same freedoms that the software " -"does. But this License is not limited to software manuals; it can be used " -"for any textual work, regardless of subject matter or whether it is " -"published as a printed book. We recommend this License principally for " -"works whose purpose is instruction or reference." -msgstr "" -"Hemos diseñado esta Licencia para usarla en manuales de software libre, ya " -"que el software libre necesita documentación libre: un programa libre debe " -"venir con manuales que ofrezcan la mismas libertades que el software. Pero " -"esta licencia no se limita a manuales de software; puede usarse para " -"cualquier texto, sin tener en cuenta su temática o si se publica como libro " -"impreso o no. Recomendamos esta licencia principalmente para trabajos cuyo " -"fin sea instructivo o de referencia." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:22 -#, no-wrap -msgid "1. APPLICABILITY AND DEFINITIONS" -msgstr "1. APLICABILIDAD Y DEFINICIONES" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:29 -msgid "" -"This License applies to any manual or other work, in any medium, that " -"contains a notice placed by the copyright holder saying it can be " -"distributed under the terms of this License. Such a notice grants a world-" -"wide, royalty-free license, unlimited in duration, to use that work under " -"the conditions stated herein. The \"Document\", below, refers to any such " -"manual or work. Any member of the public is a licensee, and is addressed as " -"\"you\". You accept the license if you copy, modify or distribute the work " -"in a way requiring permission under copyright law." -msgstr "" -"Esta Licencia se aplica a cualquier manual u otro trabajo, en cualquier " -"soporte, que contenga una nota del propietario de los derechos de autor que " -"indique que puede ser distribuido bajo los términos de esta Licencia. Tal " -"nota garantiza en cualquier lugar del mundo, sin pago de derechos y sin " -"límite de tiempo, el uso de dicho trabajo según las condiciones aquí " -"estipuladas. En adelante la palabra Documento se referirá a cualquiera de " -"dichos manuales o trabajos. Cualquier persona es un licenciatario y será " -"referido como Usted. Usted acepta la licencia si copia. modifica o " -"distribuye el trabajo de cualquier modo que requiera permiso según la ley de " -"propiedad intelectual." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:31 -msgid "" -"A \"Modified Version\" of the Document means any work containing the " -"Document or a portion of it, either copied verbatim, or with modifications " -"and/or translated into another language." -msgstr "" -"Una \"Versión Modificada\" del Documento significa cualquier trabajo que " -"contenga el Documento o una porción del mismo, ya sea una copia literal o " -"con modificaciones y/o traducciones a otro idioma." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:34 -msgid "" -"A \"Secondary Section\" is a named appendix or a front-matter section of the " -"Document that deals exclusively with the relationship of the publishers or " -"authors of the Document to the Document's overall subject (or to related " -"matters) and contains nothing that could fall directly within that overall " -"subject. (Thus, if the Document is in part a textbook of mathematics, a " -"Secondary Section may not explain any mathematics.) The relationship could " -"be a matter of historical connection with the subject or with related " -"matters, or of legal, commercial, philosophical, ethical or political " -"position regarding them." -msgstr "" -"Una \"Sección Secundaria\" es un apéndice con título o una sección " -"preliminar del Documento que trata exclusivamente de la relación entre los " -"autores o editores y el tema general del Documento (o temas relacionados) " -"pero que no contiene nada que entre directamente en dicho tema general (por " -"ejemplo, si el Documento es en parte un texto de matemáticas, una Sección " -"Secundaria puede no explicar nada de matemáticas). La relación puede ser una " -"conexión histórica con el tema o temas relacionados, o una opinión legal, " -"comercial, filosófica, ética o política acerca de ellos." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:39 -msgid "" -"The \"Invariant Sections\" are certain Secondary Sections whose titles are " -"designated, as being those of Invariant Sections, in the notice that says " -"that the Document is released under this License. If a section does not fit " -"the above definition of Secondary then it is not allowed to be designated as " -"Invariant. The Document may contain zero Invariant Sections. If the " -"Document does not identify any Invariant Sections then there are none." -msgstr "" -"Las \"Secciones Invariantes\" son ciertas Secciones Secundarias cuyos " -"títulos son designados como Secciones Invariantes en la nota que indica que " -"el documento es liberado bajo esta Licencia. Si una sección no entra en la " -"definición de Secundaria, no puede designarse como Invariante. El documento " -"puede no tener Secciones Invariantes. Si el Documento no identifica las " -"Secciones Invariantes, es que no las tiene." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:42 -msgid "" -"The \"Cover Texts\" are certain short passages of text that are listed, as " -"Front-Cover Texts or Back-Cover Texts, in the notice that says that the " -"Document is released under this License. A Front-Cover Text may be at most " -"5 words, and a Back-Cover Text may be at most 25 words." -msgstr "" -"Los \"Textos de Cubierta\" son ciertos pasajes cortos de texto que se listan " -"como Textos de Cubierta Delantera o Textos de Cubierta Trasera en la nota " -"que indica que el documento es liberado bajo esta Licencia. Un Texto de " -"Cubierta Delantera puede tener como mucho 5 palabras, y uno de Cubierta " -"Trasera puede tener hasta 25 palabras." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:47 -msgid "" -"A \"Transparent\" copy of the Document means a machine-readable copy, " -"represented in a format whose specification is available to the general " -"public, that is suitable for revising the document straightforwardly with " -"generic text editors or (for images composed of pixels) generic paint " -"programs or (for drawings) some widely available drawing editor, and that is " -"suitable for input to text formatters or for automatic translation to a " -"variety of formats suitable for input to text formatters. A copy made in an " -"otherwise Transparent file format whose markup, or absence of markup, has " -"been arranged to thwart or discourage subsequent modification by readers is " -"not Transparent. An image format is not Transparent if used for any " -"substantial amount of text. A copy that is not \"Transparent\" is called " -"\"Opaque\"." -msgstr "" -"Una copia \"Transparente\" del Documento, significa una copia para lectura " -"en máquina, representada en un formato cuya especificación está disponible " -"al público en general, apto para que los contenidos puedan ser vistos y " -"editados directamente con editores de texto genéricos o (para imágenes " -"compuestas por puntos) con programas genéricos de manipulación de imágenes o " -"(para dibujos) con algún editor de dibujos ampliamente disponible, y que sea " -"adecuado como entrada para formateadores de texto o para su traducción " -"automática a formatos adecuados para formateadores de texto. Una copia hecha " -"en un formato definido como Transparente, pero cuyo marcaje o ausencia de él " -"haya sido diseñado para impedir o dificultar modificaciones posteriores por " -"parte de los lectores no es Transparente. Un formato de imagen no es " -"Transparente si se usa para una cantidad de texto sustancial. Una copia que " -"no es \"Transparente\" se denomina \"Opaca\"." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:51 -msgid "" -"Examples of suitable formats for Transparent copies include plain ASCII " -"without markup, Texinfo input format, LaTeX input format, SGML or XML using " -"a publicly available DTD, and standard-conforming simple HTML, PostScript or " -"PDF designed for human modification. Examples of transparent image formats " -"include PNG, XCF and JPG. Opaque formats include proprietary formats that " -"can be read and edited only by proprietary word processors, SGML or XML for " -"which the DTD and/or processing tools are not generally available, and the " -"machine-generated HTML, PostScript or PDF produced by some word processors " -"for output purposes only." -msgstr "" -"Como ejemplos de formatos adecuados para copias Transparentes están ASCII " -"puro sin marcaje, formato de entrada de Texinfo, formato de entrada de " -"LaTeX, SGML o XML usando una DTD disponible públicamente, y HTML, PostScript " -"o PDF simples, que sigan los estándares y diseñados para que los modifiquen " -"personas. Ejemplos de formatos de imagen transparentes son PNG, XCF y JPG. " -"Los formatos Opacos incluyen formatos propietarios que pueden ser leídos y " -"editados únicamente en procesadores de palabras propietarios, SGML o XML " -"para los cuáles las DTD y/o herramientas de procesamiento no estén " -"ampliamente disponibles, y HTML, PostScript o PDF generados por algunos " -"procesadores de palabras sólo como salida." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:54 -msgid "" -"The \"Title Page\" means, for a printed book, the title page itself, plus " -"such following pages as are needed to hold, legibly, the material this " -"License requires to appear in the title page. For works in formats which do " -"not have any title page as such, \"Title Page\" means the text near the most " -"prominent appearance of the work's title, preceding the beginning of the " -"body of the text." -msgstr "" -"La \"Portada\" significa, en un libro impreso, la página de título, más las " -"páginas siguientes que sean necesarias para mantener legiblemente el " -"material que esta Licencia requiere en la portada. Para trabajos en formatos " -"que no tienen página de portada como tal, \"Portada\" significa el texto " -"cercano a la aparición más prominente del título del trabajo, precediendo el " -"comienzo del cuerpo del texto." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:57 -msgid "" -"A section \"Entitled XYZ\" means a named subunit of the Document whose title " -"either is precisely XYZ or contains XYZ in parentheses following text that " -"translates XYZ in another language. (Here XYZ stands for a specific section " -"name mentioned below, such as \"Acknowledgements\", \"Dedications\", " -"\"Endorsements\", or \"History\".) To \"Preserve the Title\" of such a " -"section when you modify the Document means that it remains a section " -"\"Entitled XYZ\" according to this definition." -msgstr "" -"Una sección \"Titulada XYZ\" significa una parte del Documento cuyo título " -"es precisamente XYZ o contiene XYZ entre paréntesis, a continuación de texto " -"que traduce XYZ a otro idioma (aquí XYZ se refiere a nombres de sección " -"específicos mencionados más abajo, como \"Agradecimientos\", \"Dedicatorias\"" -", \"Aprobaciones\" o \"Historia\"). \"Conservar el Título\" de tal sección " -"cuando se modifica el Documento significa que permanece una sección \"" -"Titulada XYZ\" según esta definición." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:60 -msgid "" -"The Document may include Warranty Disclaimers next to the notice which " -"states that this License applies to the Document. These Warranty " -"Disclaimers are considered to be included by reference in this License, but " -"only as regards disclaiming warranties: any other implication that these " -"Warranty Disclaimers may have is void and has no effect on the meaning of " -"this License." -msgstr "" -"El Documento puede incluir Limitaciones de Garantía cercanas a la nota donde " -"se declara que al Documento se le aplica esta Licencia. Se considera que " -"estas Limitaciones de Garantía están incluidas, por referencia, en la " -"Licencia, pero sólo en cuanto a limitaciones de garantía: cualquier otra " -"implicación que estas Limitaciones de Garantía puedan tener es nula y no " -"tiene efecto en el significado de esta Licencia." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:62 -#, no-wrap -msgid "2. VERBATIM COPYING" -msgstr "2. COPIA LITERAL" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:69 -msgid "" -"You may copy and distribute the Document in any medium, either commercially " -"or noncommercially, provided that this License, the copyright notices, and " -"the license notice saying this License applies to the Document are " -"reproduced in all copies, and that you add no other conditions whatsoever to " -"those of this License. You may not use technical measures to obstruct or " -"control the reading or further copying of the copies you make or " -"distribute. However, you may accept compensation in exchange for copies. " -"If you distribute a large enough number of copies you must also follow the " -"conditions in section 3." -msgstr "" -"Usted puede copiar y distribuir el Documento en cualquier soporte, sea en " -"forma comercial o no, siempre y cuando esta Licencia, las notas de copyright " -"y la nota que indica que esta Licencia se aplica al Documento se reproduzcan " -"en todas las copias y que usted no añada ninguna otra condición a las " -"expuestas en esta Licencia. Usted no puede usar medidas técnicas para " -"obstruir o controlar la lectura o copia posterior de las copias que usted " -"haga o distribuya. Sin embargo, usted puede aceptar compensación a cambio de " -"las copias. Si distribuye un número suficientemente grande de copias también " -"deberá seguir las condiciones de la sección 3." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:71 -msgid "" -"You may also lend copies, under the same conditions stated above, and you " -"may publicly display copies." -msgstr "" -"Usted también puede prestar copias, bajo las mismas condiciones establecidas " -"anteriormente, y puede exhibir copias públicamente." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:73 -#, no-wrap -msgid "3. COPYING IN QUANTITY" -msgstr "3. COPIADO EN CANTIDAD" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:81 -msgid "" -"If you publish printed copies (or copies in media that commonly have printed " -"covers) of the Document, numbering more than 100, and the Document's license " -"notice requires Cover Texts, you must enclose the copies in covers that " -"carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the " -"front cover, and Back-Cover Texts on the back cover. Both covers must also " -"clearly and legibly identify you as the publisher of these copies. The " -"front cover must present the full title with all words of the title equally " -"prominent and visible. You may add other material on the covers in " -"addition. Copying with changes limited to the covers, as long as they " -"preserve the title of the Document and satisfy these conditions, can be " -"treated as verbatim copying in other respects." -msgstr "" -"Si publica copias impresas del Documento (o copias en soportes que tengan " -"normalmente cubiertas impresas) que sobrepasen las 100, y la nota de " -"licencia del Documento exige Textos de Cubierta, debe incluir las copias con " -"cubiertas que lleven en forma clara y legible todos esos Textos de Cubierta: " -"Textos de Cubierta Delantera en la cubierta delantera y Textos de Cubierta " -"Trasera en la cubierta trasera. Ambas cubiertas deben identificarlo a Usted " -"clara y legiblemente como editor de tales copias. La cubierta debe mostrar " -"el título completo con todas las palabras igualmente prominentes y visibles. " -"Además puede añadir otro material en las cubiertas. Las copias con cambios " -"limitados a las cubiertas, siempre que conserven el título del Documento y " -"satisfagan estas condiciones, pueden considerarse como copias literales." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:83 -msgid "" -"If the required texts for either cover are too voluminous to fit legibly, " -"you should put the first ones listed (as many as fit reasonably) on the " -"actual cover, and continue the rest onto adjacent pages." -msgstr "" -"Si los textos requeridos para la cubierta son muy voluminosos para que " -"ajusten legiblemente, debe colocar los primeros (tantos como sea razonable " -"colocar) en la verdadera cubierta y situar el resto en páginas adyacentes." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:86 -msgid "" -"If you publish or distribute Opaque copies of the Document numbering more " -"than 100, you must either include a machine-readable Transparent copy along " -"with each Opaque copy, or state in or with each Opaque copy a computer-" -"network location from which the general network-using public has access to " -"download using public-standard network protocols a complete Transparent copy " -"of the Document, free of added material. If you use the latter option, you " -"must take reasonably prudent steps, when you begin distribution of Opaque " -"copies in quantity, to ensure that this Transparent copy will remain thus " -"accessible at the stated location until at least one year after the last " -"time you distribute an Opaque copy (directly or through your agents or " -"retailers) of that edition to the public." -msgstr "" -"Si Usted publica o distribuye copias Opacas del Documento cuya cantidad " -"exceda las 100, debe incluir una copia Transparente, que pueda ser leída por " -"una máquina, con cada copia Opaca, o bien mostrar, en cada copia Opaca, una " -"dirección de red donde cualquier usuario de la misma tenga acceso por medio " -"de protocolos públicos y estandarizados a una copia Transparente del " -"Documento completa, sin material adicional. Si usted hace uso de la última " -"opción, deberá tomar las medidas necesarias, cuando comience la distribución " -"de las copias Opacas en cantidad, para asegurar que esta copia Transparente " -"permanecerá accesible en el sitio establecido por lo menos un año después de " -"la última vez que distribuya una copia Opaca de esa edición al público (" -"directamente o a través de sus agentes o distribuidores)." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:88 -msgid "" -"It is requested, but not required, that you contact the authors of the " -"Document well before redistributing any large number of copies, to give them " -"a chance to provide you with an updated version of the Document." -msgstr "" -"Se solicita, aunque no es requisito, que se ponga en contacto con los " -"autores del Documento antes de redistribuir gran número de copias, para " -"darles la oportunidad de que le proporcionen una versión actualizada del " -"Documento." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:90 -#, no-wrap -msgid "4. MODIFICATIONS" -msgstr "4. MODIFICACIONES" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:95 -msgid "" -"You may copy and distribute a Modified Version of the Document under the " -"conditions of sections 2 and 3 above, provided that you release the Modified " -"Version under precisely this License, with the Modified Version filling the " -"role of the Document, thus licensing distribution and modification of the " -"Modified Version to whoever possesses a copy of it. In addition, you must " -"do these things in the Modified Version:" -msgstr "" -"Puede copiar y distribuir una Versión Modificada del Documento bajo las " -"condiciones de las secciones 2 y 3 anteriores, siempre que usted libere la " -"Versión Modificada bajo esta misma Licencia, con la Versión Modificada " -"haciendo el rol del Documento, por lo tanto dando licencia de distribución y " -"modificación de la Versión Modificada a quienquiera posea una copia de la " -"misma. Además, debe hacer lo siguiente en la Versión Modificada:" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:98 -msgid "" -"Use in the Title Page (and on the covers, if any) a title distinct from that " -"of the Document, and from those of previous versions (which should, if there " -"were any, be listed in the History section of the Document). You may use the " -"same title as a previous version if the original publisher of that version " -"gives permission." -msgstr "" -"Usar en la Portada (y en las cubiertas, si hay alguna) un título distinto al " -"del Documento y de sus versiones anteriores (que deberían, si hay alguna, " -"estar listadas en la sección de Historia del Documento). Puede usar el mismo " -"título de versiones anteriores al original siempre y cuando quien las " -"publicó originalmente otorgue permiso." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:99 -msgid "" -"List on the Title Page, as authors, one or more persons or entities " -"responsible for authorship of the modifications in the Modified Version, " -"together with at least five of the principal authors of the Document (all of " -"its principal authors, if it has fewer than five), unless they release you " -"from this requirement." -msgstr "" -"Listar en la Portada, como autores, una o más personas o entidades " -"responsables de la autoría de las modificaciones de la Versión Modificada, " -"junto con por lo menos cinco de los autores principales del Documento (todos " -"sus autores principales, si hay menos de cinco), a menos que le eximan de " -"tal requisito." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:100 -msgid "" -"State on the Title page the name of the publisher of the Modified Version, " -"as the publisher." -msgstr "" -"Mostrar en la Portada como editor el nombre del editor de la Versión " -"Modificada." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:101 -msgid "Preserve all the copyright notices of the Document." -msgstr "Conservar todas las notas de copyright del Documento." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:102 -msgid "" -"Add an appropriate copyright notice for your modifications adjacent to the " -"other copyright notices." -msgstr "" -"Añadir una nota de copyright apropiada a sus modificaciones, adyacente a las " -"otras notas de copyright." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:103 -msgid "" -"Include, immediately after the copyright notices, a license notice giving " -"the public permission to use the Modified Version under the terms of this " -"License, in the form shown in the Addendum below." -msgstr "" -"Incluir, inmediatamente después de las notas de copyright, una nota de " -"licencia dando el permiso para usar la Versión Modificada bajo los términos " -"de esta Licencia, como se muestra en la Adenda al final de este documento." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:104 -msgid "" -"Preserve in that license notice the full lists of Invariant Sections and " -"required Cover Texts given in the Document's license notice." -msgstr "" -"Conservar en esa nota de licencia el listado completo de las Secciones " -"Invariantes y de los Textos de Cubierta que sean requeridos en la nota de " -"Licencia del Documento original." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:105 -msgid "Include an unaltered copy of this License." -msgstr "Incluir una copia sin modificación de esta Licencia." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:106 -msgid "" -"Preserve the section Entitled \"History\", Preserve its Title, and add to it " -"an item stating at least the title, year, new authors, and publisher of the " -"Modified Version as given on the Title Page. If there is no section Entitled " -"\"History\" in the Document, create one stating the title, year, authors, " -"and publisher of the Document as given on its Title Page, then add an item " -"describing the Modified Version as stated in the previous sentence." -msgstr "" -"Conservar la sección Titulada Historia, conservar su Título y añadirle un " -"elemento que declare al menos el título, el año, los nuevos autores y el " -"editor de la Versión Modificada, tal como figuran en la Portada. Si no hay " -"una sección Titulada Historia en el Documento, crear una estableciendo el " -"título, el año, los autores y el editor del Documento, tal como figuran en " -"su Portada, añadiendo además un elemento describiendo la Versión Modificada, " -"como se estableció en la oración anterior." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:107 -msgid "" -"Preserve the network location, if any, given in the Document for public " -"access to a Transparent copy of the Document, and likewise the network " -"locations given in the Document for previous versions it was based on. These " -"may be placed in the \"History\" section. You may omit a network location " -"for a work that was published at least four years before the Document " -"itself, or if the original publisher of the version it refers to gives " -"permission." -msgstr "" -"Conservar la dirección en red, si la hay, dada en el Documento para el " -"acceso público a una copia Transparente del mismo, así como las otras " -"direcciones de red dadas en el Documento para versiones anteriores en las " -"que estuviese basado. Pueden ubicarse en la sección Historia. Se puede " -"omitir la ubicación en red de un trabajo que haya sido publicado por lo " -"menos cuatro años antes que el Documento mismo, o si el editor original de " -"dicha versión da permiso." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:108 -msgid "" -"For any section Entitled \"Acknowledgements\" or \"Dedications\", Preserve " -"the Title of the section, and preserve in the section all the substance and " -"tone of each of the contributor acknowledgements and/or dedications given " -"therein." -msgstr "" -"En cualquier sección Titulada \"Agradecimientos\" o \"Dedicatorias\", " -"Conservar el Título de la sección y conservar en ella toda la sustancia y el " -"tono de los agradecimientos y/o dedicatorias incluidas por cada " -"contribuyente." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:109 -msgid "" -"Preserve all the Invariant Sections of the Document, unaltered in their text " -"and in their titles. Section numbers or the equivalent are not considered " -"part of the section titles." -msgstr "" -"Conservar todas las Secciones Invariantes del Documento, sin alterar su " -"texto ni sus títulos. Números de sección o el equivalente no son " -"considerados parte de los títulos de la sección." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:110 -msgid "" -"Delete any section Entitled \"Endorsements\". Such a section may not be " -"included in the Modified Version." -msgstr "" -"Borrar cualquier sección titulada Aprobaciones. Tales secciones no pueden " -"estar incluidas en las Versiones Modificadas." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:111 -msgid "" -"Do not retitle any existing section to be Entitled \"Endorsements\" or to " -"conflict in title with any Invariant Section." -msgstr "" -"No cambiar el título de ninguna sección existente a \"Aprobaciones\" ni a " -"uno que entre en conflicto con el de alguna Sección Invariante." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:112 -msgid "Preserve any Warranty Disclaimers." -msgstr "Conservar todas las Limitaciones de Garantía." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:117 -msgid "" -"If the Modified Version includes new front-matter sections or appendices " -"that qualify as Secondary Sections and contain no material copied from the " -"Document, you may at your option designate some or all of these sections as " -"invariant. To do this, add their titles to the list of Invariant Sections " -"in the Modified Version's license notice. These titles must be distinct " -"from any other section titles." -msgstr "" -"Si la Versión Modificada incluye secciones o apéndices nuevos que califiquen " -"como Secciones Secundarias y contienen material no copiado del Documento, " -"puede opcionalmente designar algunas o todas esas secciones como " -"invariantes. Para hacerlo, añada sus títulos a la lista de Secciones " -"Invariantes en la nota de licencia de la Versión Modificada. Tales títulos " -"deben ser distintos de cualquier otro título de sección." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:119 -msgid "" -"You may add a section Entitled \"Endorsements\", provided it contains " -"nothing but endorsements of your Modified Version by various parties--for " -"example, statements of peer review or that the text has been approved by an " -"organization as the authoritative definition of a standard." -msgstr "" -"Puede añadir una sección titulada Aprobaciones, siempre que contenga " -"únicamente aprobaciones de su Versión Modificada por otras fuentes --por " -"ejemplo, observaciones de peritos o que el texto ha sido aprobado por una " -"organización como la definición oficial de un estándar." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:123 -msgid "" -"You may add a passage of up to five words as a Front-Cover Text, and a " -"passage of up to 25 words as a Back-Cover Text, to the end of the list of " -"Cover Texts in the Modified Version. Only one passage of Front-Cover Text " -"and one of Back-Cover Text may be added by (or through arrangements made by) " -"any one entity. If the Document already includes a cover text for the same " -"cover, previously added by you or by arrangement made by the same entity you " -"are acting on behalf of, you may not add another; but you may replace the " -"old one, on explicit permission from the previous publisher that added the " -"old one." -msgstr "" -"Puede añadir un pasaje de hasta cinco palabras como Texto de Cubierta " -"Delantera y un pasaje de hasta 25 palabras como Texto de Cubierta Trasera en " -"la Versión Modificada. Una entidad solo puede añadir (o hacer que se añada) " -"un pasaje al Texto de Cubierta Delantera y uno al de Cubierta Trasera. Si el " -"Documento ya incluye un textos de cubiertas añadidos previamente por usted o " -"por la misma entidad que usted representa, usted no puede añadir otro; pero " -"puede reemplazar el anterior, con permiso explícito del editor que agregó el " -"texto anterior." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:125 -msgid "" -"The author(s) and publisher(s) of the Document do not by this License give " -"permission to use their names for publicity for or to assert or imply " -"endorsement of any Modified Version." -msgstr "" -"Con esta Licencia ni los autores ni los editores del Documento dan permiso " -"para usar sus nombres para publicidad ni para asegurar o implicar aprobación " -"de cualquier Versión Modificada." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:127 -#, no-wrap -msgid "5. COMBINING DOCUMENTS" -msgstr "5. COMBINACIÓN DE DOCUMENTOS" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:131 -msgid "" -"You may combine the Document with other documents released under this " -"License, under the terms defined in section 4 above for modified versions, " -"provided that you include in the combination all of the Invariant Sections " -"of all of the original documents, unmodified, and list them all as Invariant " -"Sections of your combined work in its license notice, and that you preserve " -"all their Warranty Disclaimers." -msgstr "" -"Usted puede combinar el Documento con otros documentos liberados bajo esta " -"Licencia, bajo los términos definidos en la sección 4 anterior para " -"versiones modificadas, siempre que incluya en la combinación todas las " -"Secciones Invariantes de todos los documentos originales, sin modificar, " -"listadas todas como Secciones Invariantes del trabajo combinado en su nota " -"de licencia. Así mismo debe incluir la Limitación de Garantía." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:135 -msgid "" -"The combined work need only contain one copy of this License, and multiple " -"identical Invariant Sections may be replaced with a single copy. If there " -"are multiple Invariant Sections with the same name but different contents, " -"make the title of each such section unique by adding at the end of it, in " -"parentheses, the name of the original author or publisher of that section if " -"known, or else a unique number. Make the same adjustment to the section " -"titles in the list of Invariant Sections in the license notice of the " -"combined work." -msgstr "" -"El trabajo combinado necesita contener solamente una copia de esta Licencia, " -"y puede reemplazar varias Secciones Invariantes idénticas por una sola " -"copia. Si hay varias Secciones Invariantes con el mismo nombre pero con " -"contenidos diferentes, haga el título de cada una de estas secciones único " -"añadiéndole al final del mismo, entre paréntesis, el nombre del autor o " -"editor original de esa sección, si es conocido, o si no, un número único. " -"Haga el mismo ajuste a los títulos de sección en la lista de Secciones " -"Invariantes de la nota de licencia del trabajo combinado." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:137 -msgid "" -"In the combination, you must combine any sections Entitled \"History\" in " -"the various original documents, forming one section Entitled \"History\"; " -"likewise combine any sections Entitled \"Acknowledgements\", and any " -"sections Entitled \"Dedications\". You must delete all sections Entitled " -"\"Endorsements\"." -msgstr "" -"En la combinación, debe combinar cualquier sección Titulada \"Historia\" de " -"los documentos originales, formando una sección Titulada \"Historia\"; de la " -"misma forma combine cualquier sección Titulada \"Agradecimientos\", y " -"cualquier sección Titulada \"Dedicatorias\". Debe borrar todas las secciones " -"tituladas \"Aprobaciones\"." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:139 -#, no-wrap -msgid "6. COLLECTIONS OF DOCUMENTS" -msgstr "6. COLECCIONES DE DOCUMENTOS" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:143 -msgid "" -"You may make a collection consisting of the Document and other documents " -"released under this License, and replace the individual copies of this " -"License in the various documents with a single copy that is included in the " -"collection, provided that you follow the rules of this License for verbatim " -"copying of each of the documents in all other respects." -msgstr "" -"Puede hacer una colección que conste del Documento y de otros documentos " -"liberados bajo esta Licencia, y reemplazar las copias individuales de esta " -"Licencia en todos los documentos por una sola copia que esté incluida en la " -"colección, siempre que siga las reglas de esta Licencia para cada copia " -"literal de cada uno de los documentos en cualquiera de los demás aspectos." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:145 -msgid "" -"You may extract a single document from such a collection, and distribute it " -"individually under this License, provided you insert a copy of this License " -"into the extracted document, and follow this License in all other respects " -"regarding verbatim copying of that document." -msgstr "" -"Puede extraer un solo documento de una de tales colecciones y distribuirlo " -"individualmente bajo esta Licencia, siempre que inserte una copia de esta " -"Licencia en el documento extraído, y siga esta Licencia en todos los demás " -"aspectos relativos a la copia literal de dicho documento." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:147 -#, no-wrap -msgid "7. AGGREGATION WITH INDEPENDENT WORKS" -msgstr "7. AGREGACIÓN CON TRABAJOS INDEPENDIENTES" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:152 -msgid "" -"A compilation of the Document or its derivatives with other separate and " -"independent documents or works, in or on a volume of a storage or " -"distribution medium, is called an \"aggregate\" if the copyright resulting " -"from the compilation is not used to limit the legal rights of the " -"compilation's users beyond what the individual works permit. When the " -"Document is included in an aggregate, this License does not apply to the " -"other works in the aggregate which are not themselves derivative works of " -"the Document." -msgstr "" -"Una recopilación que conste del Documento o sus derivados y de otros " -"documentos o trabajos separados e independientes, en cualquier soporte de " -"almacenamiento o distribución, se denomina un agregado si el copyright " -"resultante de la compilación no se usa para limitar los derechos de los " -"usuarios de la misma más allá de lo que los de los trabajos individuales " -"permiten. Cuando el Documento se incluye en un agregado, esta Licencia no se " -"aplica a otros trabajos del agregado que no sean en sí mismos derivados del " -"Documento." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:155 -msgid "" -"If the Cover Text requirement of section 3 is applicable to these copies of " -"the Document, then if the Document is less than one half of the entire " -"aggregate, the Document's Cover Texts may be placed on covers that bracket " -"the Document within the aggregate, or the electronic equivalent of covers if " -"the Document is in electronic form. Otherwise they must appear on printed " -"covers that bracket the whole aggregate." -msgstr "" -"Si el requisito de la sección 3 sobre el Texto de Cubierta es aplicable a " -"estas copias del Documento y el Documento es menor que la mitad del agregado " -"entero, los Textos de Cubierta del Documento pueden colocarse en cubiertas " -"que enmarquen solamente el Documento dentro del agregado, o el equivalente " -"electrónico de las cubiertas si el documento está en forma electrónica. En " -"caso contrario deben aparecer en cubiertas impresas enmarcando todo el " -"agregado." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:157 -#, no-wrap -msgid "8. TRANSLATION" -msgstr "8. TRADUCCIÓN" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:164 -msgid "" -"Translation is considered a kind of modification, so you may distribute " -"translations of the Document under the terms of section 4. Replacing " -"Invariant Sections with translations requires special permission from their " -"copyright holders, but you may include translations of some or all Invariant " -"Sections in addition to the original versions of these Invariant Sections. " -"You may include a translation of this License, and all the license notices " -"in the Document, and any Warranty Disclaimers, provided that you also " -"include the original English version of this License and the original " -"versions of those notices and disclaimers. In case of a disagreement " -"between the translation and the original version of this License or a notice " -"or disclaimer, the original version will prevail." -msgstr "" -"La Traducción es considerada como un tipo de modificación, por lo que usted " -"puede distribuir traducciones del Documento bajo los términos de la sección " -"4. El reemplazo las Secciones Invariantes con traducciones requiere permiso " -"especial de los dueños de derecho de autor, pero usted puede añadir " -"traducciones de algunas o todas las Secciones Invariantes a las versiones " -"originales de las mismas. Puede incluir una traducción de esta Licencia, de " -"todas las notas de licencia del documento, así como de las Limitaciones de " -"Garantía, siempre que incluya también la versión en Inglés de esta Licencia " -"y las versiones originales de las notas de licencia y Limitaciones de " -"Garantía. En caso de desacuerdo entre la traducción y la versión original en " -"Inglés de esta Licencia, la nota de licencia o la limitación de garantía, la " -"versión original en Inglés prevalecerá." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:166 -msgid "" -"If a section in the Document is Entitled \"Acknowledgements\", \"Dedications" -"\", or \"History\", the requirement (section 4) to Preserve its Title " -"(section 1) will typically require changing the actual title." -msgstr "" -"Si una sección del Documento está Titulada \"Agradecimientos\", \"" -"Dedicatorias\" o \"Historia\" el requisito (sección 4) de Conservar su " -"Título (Sección 1) requerirá, típicamente, cambiar su título." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:168 -#, no-wrap -msgid "9. TERMINATION" -msgstr "9. TERMINACIÓN" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:174 -msgid "" -"You may not copy, modify, sublicense, or distribute the Document except as " -"expressly provided for under this License. Any other attempt to copy, " -"modify, sublicense or distribute the Document is void, and will " -"automatically terminate your rights under this License. However, parties " -"who have received copies, or rights, from you under this License will not " -"have their licenses terminated so long as such parties remain in full " -"compliance." -msgstr "" -"Usted no puede copiar, modificar, sublicenciar o distribuir el Documento " -"salvo por lo permitido expresamente por esta Licencia. Cualquier otro " -"intento de copia, modificación, sublicenciamiento o distribución del " -"Documento es nulo, y dará por terminados automáticamente sus derechos bajo " -"esa Licencia. Sin embargo, los terceros que hayan recibido copias, o " -"derechos, de usted bajo esta Licencia no verán terminadas sus licencias, " -"siempre que permanezcan en total conformidad con ella." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:176 -#, no-wrap -msgid "10. FUTURE REVISIONS OF THIS LICENSE" -msgstr "10. REVISIONES FUTURAS DE ESTA LICENCIA" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:182 -msgid "" -"The Free Software Foundation may publish new, revised versions of the GNU " -"Free Documentation License from time to time. Such new versions will be " -"similar in spirit to the present version, but may differ in detail to " -"address new problems or concerns. See http://www.gnu.org/copyleft/." -msgstr "" -"De vez en cuando la Free Software Foundation puede publicar versiones nuevas " -"y revisadas de la Licencia de Documentación Libre GNU. Tales versiones " -"nuevas serán similares en espíritu a la presente versión, pero pueden " -"diferir en detalles para solucionar nuevos problemas o intereses. Vea " -"http://www.gnu.org/copyleft/." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:186 -msgid "" -"Each version of the License is given a distinguishing version number. If " -"the Document specifies that a particular numbered version of this License " -"\"or any later version\" applies to it, you have the option of following the " -"terms and conditions either of that specified version or of any later " -"version that has been published (not as a draft) by the Free Software " -"Foundation. If the Document does not specify a version number of this " -"License, you may choose any version ever published (not as a draft) by the " -"Free Software Foundation." -msgstr "" -"Cada versión de la Licencia tiene un número de versión que la distingue. Si " -"el Documento especifica que se aplica una versión numerada en particular de " -"esta licencia o cualquier versión posterior, usted tiene la opción de seguir " -"los términos y condiciones de la versión especificada o cualquiera posterior " -"que haya sido publicada (no como borrador) por la Free Software Foundation. " -"Si el Documento no especifica un número de versión de esta Licencia, puede " -"escoger cualquier versión que haya sido publicada (no como borrador) por la " -"Free Software Foundation." - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:188 -#, no-wrap -msgid "ADDENDUM: How to use this License for your documents" -msgstr "ADENDA: Cómo usar esta Licencia en sus documentos" - -#. type: delimited block - -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:198 -#, no-wrap -msgid "" -"Copyright (c) YEAR YOUR NAME.\n" -" Permission is granted to copy, distribute and/or modify this document\n" -" under the terms of the GNU Free Documentation License, Version 1.2\n" -" or any later version published by the Free Software Foundation;\n" -" with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.\n" -" A copy of the license is included in the section entitled{ldquo}GNU\n" -" Free Documentation License{rdquo}.\n" -msgstr "" -"Copyright (c) AÑO SU NOMBRE. \n" -" Se otorga permiso para copiar, distribuir y/o modificar este documento\n" -" bajo los términos de la Licencia de Documentación Libre de GNU, Versión " -"1.2 \n" -" o cualquier otra versión posterior publicada por la Free Software " -"Foundation; \n" -" sin Secciones Invariantes ni Textos de Cubierta Delantera ni Textos de " -"Cubierta Trasera. \n" -" Una copia de la licencia está incluida en la sección titulada {ldquo}GNU " -"\n" -" Free Documentation License{rdquo}.\n" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:204 -msgid "" -"If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, " -"replace the {ldquo} with...Texts.{rdquo} line with this:" -msgstr "" -"Si tiene Secciones Invariantes, Textos de Cubierta Delantera y Textos de " -"Cubierta Trasera, reemplace la frase {ldquo}con ... Textos.{rdquo} por esto:" - -#. type: delimited block - -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:208 -#, no-wrap -msgid "" -"with the Invariant Sections being LIST THEIR TITLES, with the\n" -" Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST.\n" -msgstr "" -"siendo las Secciones Invariantes LISTE SUS TÍTULOS, siendo los \n" -" Textos de Cubierta Delantera LISTAR, y siendo sus Textos de Cubierta " -"Trasera LISTAR.\n" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:212 -msgid "" -"If you have Invariant Sections without Cover Texts, or some other " -"combination of the three, merge those two alternatives to suit the situation." -msgstr "" -"Si tiene Secciones Invariantes sin Textos de Cubierta o cualquier otra " -"combinación de los tres, mezcle ambas alternativas para adaptarse a la " -"situación." - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:213 -msgid "" -"If your document contains nontrivial examples of program code, we recommend " -"releasing these examples in parallel under your choice of free software " -"license, such as the GNU General Public License, to permit their use in free " -"software." -msgstr "" -"Si su documento contiene ejemplos de código de programa no triviales, " -"recomendamos liberar estos ejemplos en paralelo bajo la licencia de software " -"libre que usted elija, como la Licencia Pública General de GNU (GNU General " -"Public License), para permitir su uso en software libre." - -#. type: Title = -#: modules/ROOT/pages/index-uyuni.adoc:1 +#: modules/ROOT/pages/index-uyuni.adoc:1 modules/ROOT/pages/index.adoc:1 #, no-wrap msgid "{productname} {productnumber} Documentation" msgstr "Documentación de {productname} {productnumber}" #. type: Title == -#: modules/ROOT/pages/index-uyuni.adoc:4 +#: modules/ROOT/pages/index-uyuni.adoc:2 modules/ROOT/pages/index.adoc:2 #, no-wrap msgid "What is {productname}?" msgstr "¿Qué es {productname}?" +#. [#salt.gloss] may be used to create a tooltip for a glossary term: see branding/supplemental-ui/suma/sumacom/partials/footer-scripts.hbs #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:9 +#: modules/ROOT/pages/index-uyuni.adoc:3 modules/ROOT/pages/index.adoc:3 msgid "" "{productname} is a solution for organizations that require absolute control " "over maintenance and package deployment on their servers. {productname} " @@ -1017,7 +50,7 @@ msgstr "" "requerimientos de la gestión del ciclo de vida de los sistemas." #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:12 +#: modules/ROOT/pages/index-uyuni.adoc:4 modules/ROOT/pages/index.adoc:4 msgid "" "{productname} uses Salt to provide event-driven configuration and management " "control. The Salt-master orchestrates tens of thousands of Salt clients " @@ -1028,7 +61,7 @@ msgstr "" "miles de clientes Salt (clientes {productname}) usando ejecución remota." #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:14 +#: modules/ROOT/pages/index-uyuni.adoc:5 msgid "" "{productname} offers seamless management of {sle}, {opensuse}, {rhel}, " "{centos}, {oracle}, {debian} and {ubuntu} client systems, no matter if on-" @@ -1041,13 +74,15 @@ msgstr "" "híbrida o incluso en entornos multinube." #. type: Title == -#: modules/ROOT/pages/index-uyuni.adoc:16 +#: modules/ROOT/pages/index-uyuni.adoc:6 modules/ROOT/pages/index.adoc:12 +#: modules/ROOT/pages/index.adoc:17 #, no-wrap msgid "Available Documentation" msgstr "Documentación disponible" #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:19 +#: modules/ROOT/pages/index-uyuni.adoc:7 modules/ROOT/pages/index.adoc:13 +#: modules/ROOT/pages/index.adoc:18 msgid "" "The following documentation is available for {productname} version " "{productnumber}." @@ -1057,7 +92,7 @@ msgstr "" #. | Architecture | xref:architecture:architecture-intro.adoc[HTML] link:../pdf/uyuni_architecture.pdf[PDF] #. type: Table -#: modules/ROOT/pages/index-uyuni.adoc:45 +#: modules/ROOT/pages/index-uyuni.adoc:8 #, no-wrap msgid "" "| Document | Format | Document | Format\n" @@ -1069,22 +104,13 @@ msgid "" msgstr "" "| Documento | Formato | Documento | Formato\n" "\n" -"| Manual de Instalación | xref:installation:install-overview.adoc[HTML] " -"link:../pdf/uyuni_installation_guide.pdf[PDF] | Manual de Administración | " -"xref:administration:admin-overview.adoc[HTML] link:../pdf/" -"uyuni_administration_guide.pdf[PDF]\n" -"| Manual de Configuración de Clientes | xref:client-configuration:client-" -"config-overview.adoc[HTML] link:../pdf/uyuni_client-" -"configuration_guide.pdf[PDF] | Manual de Salt | xref:salt:salt-" -"overview.adoc[HTML] link:../pdf/uyuni_salt_guide.pdf[PDF]\n" -"| Manual de Actualización | xref:upgrade:upgrade-overview.adoc[HTML] link:../" -"pdf/uyuni_upgrade_guide.pdf[PDF] | Manual de Retail | xref:retail:retail-" -"overview.adoc[HTML] link:../pdf/uyuni_retail_guide.pdf[PDF]\n" -"| Guía de Referencia | xref:reference:reference-overview.adoc[HTML] link:../" -"pdf/uyuni_reference_guide.pdf[PDF] | |\n" +"| Manual de Instalación | xref:installation:install-overview.adoc[HTML] link:../pdf/uyuni_installation_guide.pdf[PDF] | Manual de Administración | xref:administration:admin-overview.adoc[HTML] link:../pdf/uyuni_administration_guide.pdf[PDF]\n" +"| Manual de Configuración de Clientes | xref:client-configuration:client-config-overview.adoc[HTML] link:../pdf/uyuni_client-configuration_guide.pdf[PDF] | Manual de Salt | xref:salt:salt-overview.adoc[HTML] link:../pdf/uyuni_salt_guide.pdf[PDF]\n" +"| Manual de Actualización | xref:upgrade:upgrade-overview.adoc[HTML] link:../pdf/uyuni_upgrade_guide.pdf[PDF] | Manual de Retail | xref:retail:retail-overview.adoc[HTML] link:../pdf/uyuni_retail_guide.pdf[PDF]\n" +"| Guía de Referencia | xref:reference:reference-overview.adoc[HTML] link:../pdf/uyuni_reference_guide.pdf[PDF] | |\n" #. type: Plain text -#: modules/ROOT/pages/index.adoc:16 +#: modules/ROOT/pages/index.adoc:5 msgid "" "{productname} offers seamless management of {sle}, {opensuse}, {rhel}, " "{centos}, {oracle} and {ubuntu} client systems, no matter if on-premise, on " @@ -1096,13 +122,13 @@ msgstr "" "híbrida o incluso en entornos multinube." #. type: Block title -#: modules/ROOT/pages/index.adoc:19 +#: modules/ROOT/pages/index.adoc:6 #, no-wrap msgid "Accessibility" msgstr "Accesibilidad" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:26 +#: modules/ROOT/pages/index.adoc:7 msgid "" "If you cannot use the {productname} {webui}, almost all functionality (with " "the exception of virtualization tasks) is available from the command " @@ -1122,25 +148,25 @@ msgstr "" "Adicionalmente, se puede interactuar con {productname} usando la API XML-RPC." #. type: delimited block = -#: modules/ROOT/pages/index.adoc:28 +#: modules/ROOT/pages/index.adoc:8 msgid "" "For more information about [command]``spacecmd``, see xref:reference:" "spacecmd-intro.adoc[]." msgstr "" -"Para más información sobre [command]``spacecmd``, vea xref:reference" -":spacecmd-intro.adoc[]." +"Para más información sobre [command]``spacecmd``, vea xref:reference:" +"spacecmd-intro.adoc[]." #. type: delimited block = -#: modules/ROOT/pages/index.adoc:29 +#: modules/ROOT/pages/index.adoc:9 msgid "" "For more information about other command line tools, see xref:reference:" "command-line-tools.adoc[]." msgstr "" -"Para más información sobre otras herramientas de línea de comandos, vea " -"xref:reference:command-line-tools.adoc[]." +"Para más información sobre otras herramientas de línea de comandos, vea xref:" +"reference:command-line-tools.adoc[]." #. type: delimited block = -#: modules/ROOT/pages/index.adoc:30 +#: modules/ROOT/pages/index.adoc:10 msgid "" "For more information about the API, see https://documentation.suse.com/" "external-tree/en-us/suma/4.1/pdf/susemanager_api_doc_color_en.pdf." @@ -1149,7 +175,7 @@ msgstr "" "external-tree/en-us/suma/4.1/pdf/susemanager_api_doc_color_en.pdf." #. type: delimited block = -#: modules/ROOT/pages/index.adoc:31 +#: modules/ROOT/pages/index.adoc:11 msgid "" "For the latest information about all command line tools, see the release " "notes available from https://www.suse.com/releasenotes/." @@ -1159,28 +185,28 @@ msgstr "" "com/releasenotes/." #. type: delimited block = -#: modules/ROOT/pages/index.adoc:45 +#: modules/ROOT/pages/index.adoc:14 msgid "" "{productname} documentation is available in several locations and formats. " "For the most up-to-date version of this documentation, see https://" "documentation.suse.com/suma/." msgstr "" "La documentación de {productname} está disponible en varios lugares y " -"formatos. Vea la versión más actualizada de esta documentación en " -"https://documentation.suse.com/suma/." +"formatos. Vea la versión más actualizada de esta documentación en https://" +"documentation.suse.com/suma/." #. type: Plain text -#: modules/ROOT/pages/index.adoc:48 +#: modules/ROOT/pages/index.adoc:15 msgid "" "Download All PDFs icon:caret-right[] icon:file-archive[link=\"../susemanager-" "docs_en-pdf.tar.gz\"]" msgstr "" -"Descargar todos los PDFs icon:caret-right[] icon:file-archive[link" -"=\"../susemanager-docs_es-pdf.tar.gz\"]" +"Descargar todos los PDFs icon:caret-right[] icon:file-archive[link=\"../" +"susemanager-docs_es-pdf.tar.gz\"]" #. | Architecture | xref:architecture:architecture-intro.adoc[HTML] link:../pdf/suse_manager_architecture.pdf[PDF] #. type: Table -#: modules/ROOT/pages/index.adoc:66 +#: modules/ROOT/pages/index.adoc:16 #, no-wrap msgid "" "| View HTML | View PDF | View HTML | View PDF\n" @@ -1199,47 +225,30 @@ msgid "" msgstr "" "| Ver HTML | Ver PDF | Ver HTML | Ver PDF\n" "\n" -"| xref:installation:install-overview.adoc[Manual de Instalación] | icon" -":file-pdf[link=\"../pdf/suse_manager_installation_guide.pdf\", window=\"" -"_blank\" role=\"green\"]\n" -"| xref:client-configuration:client-config-overview.adoc[Manual de " -"Configuración de Clientes] | icon:file-pdf[link=\"../pdf/suse_manager_client-" -"configuration_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:upgrade:upgrade-overview.adoc[Manual de Actualización] | icon:file-" -"pdf[link=\"../pdf/suse_manager_upgrade_guide.pdf\", window=\"_blank\" role=\"" -"green\"]\n" -"| xref:reference:reference-overview.adoc[Guía de Referencia] | icon:file-" -"pdf[link=\"../pdf/suse_manager_reference_guide.pdf\", window=\"_blank\" role=" -"\"green\"]\n" -"| xref:administration:admin-overview.adoc[Manual de Administración] | icon" -":file-pdf[link=\"../pdf/suse_manager_administration_guide.pdf\", window=\"" -"_blank\" role=\"green\"]\n" -"| xref:salt:salt-overview.adoc[Manual de Salt] | icon:file-pdf[link=\"../" -"pdf/suse_manager_salt_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:retail:retail-overview.adoc[Manual de Retail] | icon:file-pdf[link=\"" -"../pdf/suse_manager_retail_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:quickstart-public-cloud:qs-publiccloud-overview.adoc[Guía de Inicio " -"Rápido - Nube Pública] | icon:file-pdf[link=\"../pdf/" -"suse_manager_quickstart-public-cloud_guide.pdf\", window=\"_blank\" role=\"" -"green\"]\n" -"| xref:large-deployments:large-deployments-overview.adoc[Guía para Grandes " -"Despliegues] | icon:file-pdf[link=\"../pdf/suse_manager_large-" -"deployments_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:installation:install-overview.adoc[Manual de Instalación] | icon:file-pdf[link=\"../pdf/suse_manager_installation_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:client-configuration:client-config-overview.adoc[Manual de Configuración de Clientes] | icon:file-pdf[link=\"../pdf/suse_manager_client-configuration_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:upgrade:upgrade-overview.adoc[Manual de Actualización] | icon:file-pdf[link=\"../pdf/suse_manager_upgrade_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:reference:reference-overview.adoc[Guía de Referencia] | icon:file-pdf[link=\"../pdf/suse_manager_reference_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:administration:admin-overview.adoc[Manual de Administración] | icon:file-pdf[link=\"../pdf/suse_manager_administration_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:salt:salt-overview.adoc[Manual de Salt] | icon:file-pdf[link=\"../pdf/suse_manager_salt_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:retail:retail-overview.adoc[Manual de Retail] | icon:file-pdf[link=\"../pdf/suse_manager_retail_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:quickstart-public-cloud:qs-publiccloud-overview.adoc[Guía de Inicio Rápido - Nube Pública] | icon:file-pdf[link=\"../pdf/suse_manager_quickstart-public-cloud_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:large-deployments:large-deployments-overview.adoc[Guía para Grandes Despliegues] | icon:file-pdf[link=\"../pdf/suse_manager_large-deployments_guide.pdf\", window=\"_blank\" role=\"green\"]\n" "| |\n" "\n" #. type: Plain text -#: modules/ROOT/pages/index.adoc:77 +#: modules/ROOT/pages/index.adoc:19 msgid "" "Download All PDFs icon:caret-right[] icon:file-archive[link=\"../uyuni-" "docs_en-pdf.tar.gz\"]" msgstr "" -"Descargar todos los PDFs icon:caret-right[] icon:file-archive[link" -"=\"../uyuni-docs_en-pdf.tar.gz\"]" +"Descargar todos los PDFs icon:caret-right[] icon:file-archive[link=\"../" +"uyuni-docs_en-pdf.tar.gz\"]" #. | Architecture | xref:architecture:architecture-intro.adoc[HTML] link:../pdf/suse_manager_architecture.pdf[PDF] #. type: Table -#: modules/ROOT/pages/index.adoc:95 +#: modules/ROOT/pages/index.adoc:20 #, no-wrap msgid "" "| View HTML | View PDF | View HTML | View PDF\n" @@ -1258,39 +267,900 @@ msgid "" msgstr "" "| Ver HTML | Ver PDF | Ver HTML | Ver PDF\n" "\n" -"| xref:installation:install-overview.adoc[Manual de Instalación]" -" | icon:file-pdf[link=\"../pdf/" -"uyuni_installation_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:client-configuration:client-config-overview.adoc[Manual de " -"Configuración de Clientes] | icon:file-pdf[link=\"../pdf/uyuni_client-" -"configuration_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:upgrade:upgrade-overview.adoc[Manual de Actualización]" -" | icon:file-pdf[link=\"../pdf/" -"uyuni_upgrade_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:reference:reference-overview.adoc[Guía de Referencia]" -" | icon:file-pdf[link=\"../pdf/" -"uyuni_reference_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:administration:admin-overview.adoc[Manual de Administración]" -" | icon:file-pdf[link=\"../pdf/" -"uyuni_administration_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:salt:salt-overview.adoc[Manual de Salt]" -" | icon:file-pdf[link=\"../pdf/" -"uyuni_salt_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:retail:retail-overview.adoc[Manual de Retail]" -" | icon:file-pdf[link=\"../pdf/" -"uyuni_retail_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:quickstart-public-cloud:qs-publiccloud-overview.adoc[Guía de Inicio " -"Rápido - Nube Pública] | icon:file-pdf[link=\"../pdf/uyuni_quickstart-" -"public-cloud_guide.pdf\", window=\"_blank\" role=\"green\"]\n" -"| xref:large-deployments:large-deployments-overview.adoc[Guía de Grandes " -"Despliegues] | icon:file-pdf[link=\"../pdf/uyuni_large-deployments_guide." -"pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:installation:install-overview.adoc[Manual de Instalación] | icon:file-pdf[link=\"../pdf/uyuni_installation_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:client-configuration:client-config-overview.adoc[Manual de Configuración de Clientes] | icon:file-pdf[link=\"../pdf/uyuni_client-configuration_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:upgrade:upgrade-overview.adoc[Manual de Actualización] | icon:file-pdf[link=\"../pdf/uyuni_upgrade_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:reference:reference-overview.adoc[Guía de Referencia] | icon:file-pdf[link=\"../pdf/uyuni_reference_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:administration:admin-overview.adoc[Manual de Administración] | icon:file-pdf[link=\"../pdf/uyuni_administration_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:salt:salt-overview.adoc[Manual de Salt] | icon:file-pdf[link=\"../pdf/uyuni_salt_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:retail:retail-overview.adoc[Manual de Retail] | icon:file-pdf[link=\"../pdf/uyuni_retail_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:quickstart-public-cloud:qs-publiccloud-overview.adoc[Guía de Inicio Rápido - Nube Pública] | icon:file-pdf[link=\"../pdf/uyuni_quickstart-public-cloud_guide.pdf\", window=\"_blank\" role=\"green\"]\n" +"| xref:large-deployments:large-deployments-overview.adoc[Guía de Grandes Despliegues] | icon:file-pdf[link=\"../pdf/uyuni_large-deployments_guide.pdf\", window=\"_blank\" role=\"green\"]\n" "| |\n" "\n" +#. type: Block title +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:1 +#, no-wrap +msgid "Procedure: Adding Software Channels at the Command Prompt" +msgstr "" + +#. type: Plain text +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:2 +msgid "" +"At the command prompt on the {productname} Server, as root, use the " +"[command]``spacewalk-common-channels`` command to add the appropriate " +"channels:" +msgstr "" + +#. type: delimited block - +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:3 +#, no-wrap +msgid "" +"spacewalk-common-channels \\\n" +" \\\n" +" \\\n" +" \\\n" +"... \n" +msgstr "" + +#. type: Plain text +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:4 +msgid "Synchronize the channels:" +msgstr "" + +#. type: delimited block - +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:5 +#, no-wrap +msgid "mgr-sync refresh --refresh-channels\n" +msgstr "" + #. * xref:index-webui-branding-2019.adoc[What is SUSE Manager?] #. * xref:release-notes-version-4.0.adoc[Doc Release Notes] #. type: Plain text -#: modules/ROOT/nav.adoc:3 +#: modules/ROOT/nav.adoc:1 msgid "xref:common_gfdl1.2_i.adoc[License]" msgstr "xref:common_gfdl1.2_i.adoc[Licencia]" + +#, no-wrap +#~ msgid "GNU Free Documentation License" +#~ msgstr "Licencia de Documentación Libre de GNU" + +#~ msgid "" +#~ "Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc. 51 " +#~ "Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is " +#~ "permitted to copy and distribute verbatim copies of this license " +#~ "document, but changing it is not allowed." +#~ msgstr "" +#~ "Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc. 59 Temple " +#~ "Place, Suite 330, Boston, MA 02111-1307 USA. Se permite la copia y " +#~ "distribución de copias literales de este documento de licencia, pero no " +#~ "se permiten cambios." + +#, no-wrap +#~ msgid "0. PREAMBLE" +#~ msgstr "0. PREÁMBULO" + +#~ msgid "" +#~ "The purpose of this License is to make a manual, textbook, or other " +#~ "functional and useful document \"free\" in the sense of freedom: to " +#~ "assure everyone the effective freedom to copy and redistribute it, with " +#~ "or without modifying it, either commercially or noncommercially. " +#~ "Secondarily, this License preserves for the author and publisher a way to " +#~ "get credit for their work, while not being considered responsible for " +#~ "modifications made by others." +#~ msgstr "" +#~ "El propósito de esta Licencia es permitir que un manual, libro de texto, " +#~ "u otro documento escrito sea libre en el sentido de libertad: asegurar a " +#~ "todo el mundo la libertad efectiva de copiarlo y redistribuirlo, con o " +#~ "sin modificaciones, de manera comercial o no. En segundo término, esta " +#~ "Licencia proporciona al autor y al editor una manera de obtener " +#~ "reconocimiento por su trabajo, sin que se le considere responsable de las " +#~ "modificaciones realizadas por otros." + +#~ msgid "" +#~ "This License is a kind of \"copyleft\", which means that derivative works " +#~ "of the document must themselves be free in the same sense. It " +#~ "complements the GNU General Public License, which is a copyleft license " +#~ "designed for free software." +#~ msgstr "" +#~ "Esta Licencia es de tipo copyleft, lo que significa que los trabajos " +#~ "derivados del documento deben a su vez ser libres en el mismo sentido. " +#~ "Complementa la Licencia Pública General de GNU, que es una licencia tipo " +#~ "copyleft diseñada para el software libre." + +#~ msgid "" +#~ "We have designed this License in order to use it for manuals for free " +#~ "software, because free software needs free documentation: a free program " +#~ "should come with manuals providing the same freedoms that the software " +#~ "does. But this License is not limited to software manuals; it can be " +#~ "used for any textual work, regardless of subject matter or whether it is " +#~ "published as a printed book. We recommend this License principally for " +#~ "works whose purpose is instruction or reference." +#~ msgstr "" +#~ "Hemos diseñado esta Licencia para usarla en manuales de software libre, " +#~ "ya que el software libre necesita documentación libre: un programa libre " +#~ "debe venir con manuales que ofrezcan la mismas libertades que el " +#~ "software. Pero esta licencia no se limita a manuales de software; puede " +#~ "usarse para cualquier texto, sin tener en cuenta su temática o si se " +#~ "publica como libro impreso o no. Recomendamos esta licencia " +#~ "principalmente para trabajos cuyo fin sea instructivo o de referencia." + +#, no-wrap +#~ msgid "1. APPLICABILITY AND DEFINITIONS" +#~ msgstr "1. APLICABILIDAD Y DEFINICIONES" + +#~ msgid "" +#~ "This License applies to any manual or other work, in any medium, that " +#~ "contains a notice placed by the copyright holder saying it can be " +#~ "distributed under the terms of this License. Such a notice grants a " +#~ "world-wide, royalty-free license, unlimited in duration, to use that work " +#~ "under the conditions stated herein. The \"Document\", below, refers to " +#~ "any such manual or work. Any member of the public is a licensee, and is " +#~ "addressed as \"you\". You accept the license if you copy, modify or " +#~ "distribute the work in a way requiring permission under copyright law." +#~ msgstr "" +#~ "Esta Licencia se aplica a cualquier manual u otro trabajo, en cualquier " +#~ "soporte, que contenga una nota del propietario de los derechos de autor " +#~ "que indique que puede ser distribuido bajo los términos de esta Licencia. " +#~ "Tal nota garantiza en cualquier lugar del mundo, sin pago de derechos y " +#~ "sin límite de tiempo, el uso de dicho trabajo según las condiciones aquí " +#~ "estipuladas. En adelante la palabra Documento se referirá a cualquiera de " +#~ "dichos manuales o trabajos. Cualquier persona es un licenciatario y será " +#~ "referido como Usted. Usted acepta la licencia si copia. modifica o " +#~ "distribuye el trabajo de cualquier modo que requiera permiso según la ley " +#~ "de propiedad intelectual." + +#~ msgid "" +#~ "A \"Modified Version\" of the Document means any work containing the " +#~ "Document or a portion of it, either copied verbatim, or with " +#~ "modifications and/or translated into another language." +#~ msgstr "" +#~ "Una \"Versión Modificada\" del Documento significa cualquier trabajo que " +#~ "contenga el Documento o una porción del mismo, ya sea una copia literal o " +#~ "con modificaciones y/o traducciones a otro idioma." + +#~ msgid "" +#~ "A \"Secondary Section\" is a named appendix or a front-matter section of " +#~ "the Document that deals exclusively with the relationship of the " +#~ "publishers or authors of the Document to the Document's overall subject " +#~ "(or to related matters) and contains nothing that could fall directly " +#~ "within that overall subject. (Thus, if the Document is in part a " +#~ "textbook of mathematics, a Secondary Section may not explain any " +#~ "mathematics.) The relationship could be a matter of historical connection " +#~ "with the subject or with related matters, or of legal, commercial, " +#~ "philosophical, ethical or political position regarding them." +#~ msgstr "" +#~ "Una \"Sección Secundaria\" es un apéndice con título o una sección " +#~ "preliminar del Documento que trata exclusivamente de la relación entre " +#~ "los autores o editores y el tema general del Documento (o temas " +#~ "relacionados) pero que no contiene nada que entre directamente en dicho " +#~ "tema general (por ejemplo, si el Documento es en parte un texto de " +#~ "matemáticas, una Sección Secundaria puede no explicar nada de " +#~ "matemáticas). La relación puede ser una conexión histórica con el tema o " +#~ "temas relacionados, o una opinión legal, comercial, filosófica, ética o " +#~ "política acerca de ellos." + +#~ msgid "" +#~ "The \"Invariant Sections\" are certain Secondary Sections whose titles " +#~ "are designated, as being those of Invariant Sections, in the notice that " +#~ "says that the Document is released under this License. If a section does " +#~ "not fit the above definition of Secondary then it is not allowed to be " +#~ "designated as Invariant. The Document may contain zero Invariant " +#~ "Sections. If the Document does not identify any Invariant Sections then " +#~ "there are none." +#~ msgstr "" +#~ "Las \"Secciones Invariantes\" son ciertas Secciones Secundarias cuyos " +#~ "títulos son designados como Secciones Invariantes en la nota que indica " +#~ "que el documento es liberado bajo esta Licencia. Si una sección no entra " +#~ "en la definición de Secundaria, no puede designarse como Invariante. El " +#~ "documento puede no tener Secciones Invariantes. Si el Documento no " +#~ "identifica las Secciones Invariantes, es que no las tiene." + +#~ msgid "" +#~ "The \"Cover Texts\" are certain short passages of text that are listed, " +#~ "as Front-Cover Texts or Back-Cover Texts, in the notice that says that " +#~ "the Document is released under this License. A Front-Cover Text may be " +#~ "at most 5 words, and a Back-Cover Text may be at most 25 words." +#~ msgstr "" +#~ "Los \"Textos de Cubierta\" son ciertos pasajes cortos de texto que se " +#~ "listan como Textos de Cubierta Delantera o Textos de Cubierta Trasera en " +#~ "la nota que indica que el documento es liberado bajo esta Licencia. Un " +#~ "Texto de Cubierta Delantera puede tener como mucho 5 palabras, y uno de " +#~ "Cubierta Trasera puede tener hasta 25 palabras." + +#~ msgid "" +#~ "A \"Transparent\" copy of the Document means a machine-readable copy, " +#~ "represented in a format whose specification is available to the general " +#~ "public, that is suitable for revising the document straightforwardly with " +#~ "generic text editors or (for images composed of pixels) generic paint " +#~ "programs or (for drawings) some widely available drawing editor, and that " +#~ "is suitable for input to text formatters or for automatic translation to " +#~ "a variety of formats suitable for input to text formatters. A copy made " +#~ "in an otherwise Transparent file format whose markup, or absence of " +#~ "markup, has been arranged to thwart or discourage subsequent modification " +#~ "by readers is not Transparent. An image format is not Transparent if " +#~ "used for any substantial amount of text. A copy that is not \"Transparent" +#~ "\" is called \"Opaque\"." +#~ msgstr "" +#~ "Una copia \"Transparente\" del Documento, significa una copia para " +#~ "lectura en máquina, representada en un formato cuya especificación está " +#~ "disponible al público en general, apto para que los contenidos puedan ser " +#~ "vistos y editados directamente con editores de texto genéricos o (para " +#~ "imágenes compuestas por puntos) con programas genéricos de manipulación " +#~ "de imágenes o (para dibujos) con algún editor de dibujos ampliamente " +#~ "disponible, y que sea adecuado como entrada para formateadores de texto o " +#~ "para su traducción automática a formatos adecuados para formateadores de " +#~ "texto. Una copia hecha en un formato definido como Transparente, pero " +#~ "cuyo marcaje o ausencia de él haya sido diseñado para impedir o " +#~ "dificultar modificaciones posteriores por parte de los lectores no es " +#~ "Transparente. Un formato de imagen no es Transparente si se usa para una " +#~ "cantidad de texto sustancial. Una copia que no es \"Transparente\" se " +#~ "denomina \"Opaca\"." + +#~ msgid "" +#~ "Examples of suitable formats for Transparent copies include plain ASCII " +#~ "without markup, Texinfo input format, LaTeX input format, SGML or XML " +#~ "using a publicly available DTD, and standard-conforming simple HTML, " +#~ "PostScript or PDF designed for human modification. Examples of " +#~ "transparent image formats include PNG, XCF and JPG. Opaque formats " +#~ "include proprietary formats that can be read and edited only by " +#~ "proprietary word processors, SGML or XML for which the DTD and/or " +#~ "processing tools are not generally available, and the machine-generated " +#~ "HTML, PostScript or PDF produced by some word processors for output " +#~ "purposes only." +#~ msgstr "" +#~ "Como ejemplos de formatos adecuados para copias Transparentes están ASCII " +#~ "puro sin marcaje, formato de entrada de Texinfo, formato de entrada de " +#~ "LaTeX, SGML o XML usando una DTD disponible públicamente, y HTML, " +#~ "PostScript o PDF simples, que sigan los estándares y diseñados para que " +#~ "los modifiquen personas. Ejemplos de formatos de imagen transparentes son " +#~ "PNG, XCF y JPG. Los formatos Opacos incluyen formatos propietarios que " +#~ "pueden ser leídos y editados únicamente en procesadores de palabras " +#~ "propietarios, SGML o XML para los cuáles las DTD y/o herramientas de " +#~ "procesamiento no estén ampliamente disponibles, y HTML, PostScript o PDF " +#~ "generados por algunos procesadores de palabras sólo como salida." + +#~ msgid "" +#~ "The \"Title Page\" means, for a printed book, the title page itself, plus " +#~ "such following pages as are needed to hold, legibly, the material this " +#~ "License requires to appear in the title page. For works in formats which " +#~ "do not have any title page as such, \"Title Page\" means the text near " +#~ "the most prominent appearance of the work's title, preceding the " +#~ "beginning of the body of the text." +#~ msgstr "" +#~ "La \"Portada\" significa, en un libro impreso, la página de título, más " +#~ "las páginas siguientes que sean necesarias para mantener legiblemente el " +#~ "material que esta Licencia requiere en la portada. Para trabajos en " +#~ "formatos que no tienen página de portada como tal, \"Portada\" significa " +#~ "el texto cercano a la aparición más prominente del título del trabajo, " +#~ "precediendo el comienzo del cuerpo del texto." + +#~ msgid "" +#~ "A section \"Entitled XYZ\" means a named subunit of the Document whose " +#~ "title either is precisely XYZ or contains XYZ in parentheses following " +#~ "text that translates XYZ in another language. (Here XYZ stands for a " +#~ "specific section name mentioned below, such as \"Acknowledgements\", " +#~ "\"Dedications\", \"Endorsements\", or \"History\".) To \"Preserve the " +#~ "Title\" of such a section when you modify the Document means that it " +#~ "remains a section \"Entitled XYZ\" according to this definition." +#~ msgstr "" +#~ "Una sección \"Titulada XYZ\" significa una parte del Documento cuyo " +#~ "título es precisamente XYZ o contiene XYZ entre paréntesis, a " +#~ "continuación de texto que traduce XYZ a otro idioma (aquí XYZ se refiere " +#~ "a nombres de sección específicos mencionados más abajo, como " +#~ "\"Agradecimientos\", \"Dedicatorias\", \"Aprobaciones\" o \"Historia\"). " +#~ "\"Conservar el Título\" de tal sección cuando se modifica el Documento " +#~ "significa que permanece una sección \"Titulada XYZ\" según esta " +#~ "definición." + +#~ msgid "" +#~ "The Document may include Warranty Disclaimers next to the notice which " +#~ "states that this License applies to the Document. These Warranty " +#~ "Disclaimers are considered to be included by reference in this License, " +#~ "but only as regards disclaiming warranties: any other implication that " +#~ "these Warranty Disclaimers may have is void and has no effect on the " +#~ "meaning of this License." +#~ msgstr "" +#~ "El Documento puede incluir Limitaciones de Garantía cercanas a la nota " +#~ "donde se declara que al Documento se le aplica esta Licencia. Se " +#~ "considera que estas Limitaciones de Garantía están incluidas, por " +#~ "referencia, en la Licencia, pero sólo en cuanto a limitaciones de " +#~ "garantía: cualquier otra implicación que estas Limitaciones de Garantía " +#~ "puedan tener es nula y no tiene efecto en el significado de esta Licencia." + +#, no-wrap +#~ msgid "2. VERBATIM COPYING" +#~ msgstr "2. COPIA LITERAL" + +#~ msgid "" +#~ "You may copy and distribute the Document in any medium, either " +#~ "commercially or noncommercially, provided that this License, the " +#~ "copyright notices, and the license notice saying this License applies to " +#~ "the Document are reproduced in all copies, and that you add no other " +#~ "conditions whatsoever to those of this License. You may not use " +#~ "technical measures to obstruct or control the reading or further copying " +#~ "of the copies you make or distribute. However, you may accept " +#~ "compensation in exchange for copies. If you distribute a large enough " +#~ "number of copies you must also follow the conditions in section 3." +#~ msgstr "" +#~ "Usted puede copiar y distribuir el Documento en cualquier soporte, sea en " +#~ "forma comercial o no, siempre y cuando esta Licencia, las notas de " +#~ "copyright y la nota que indica que esta Licencia se aplica al Documento " +#~ "se reproduzcan en todas las copias y que usted no añada ninguna otra " +#~ "condición a las expuestas en esta Licencia. Usted no puede usar medidas " +#~ "técnicas para obstruir o controlar la lectura o copia posterior de las " +#~ "copias que usted haga o distribuya. Sin embargo, usted puede aceptar " +#~ "compensación a cambio de las copias. Si distribuye un número " +#~ "suficientemente grande de copias también deberá seguir las condiciones de " +#~ "la sección 3." + +#~ msgid "" +#~ "You may also lend copies, under the same conditions stated above, and you " +#~ "may publicly display copies." +#~ msgstr "" +#~ "Usted también puede prestar copias, bajo las mismas condiciones " +#~ "establecidas anteriormente, y puede exhibir copias públicamente." + +#, no-wrap +#~ msgid "3. COPYING IN QUANTITY" +#~ msgstr "3. COPIADO EN CANTIDAD" + +#~ msgid "" +#~ "If you publish printed copies (or copies in media that commonly have " +#~ "printed covers) of the Document, numbering more than 100, and the " +#~ "Document's license notice requires Cover Texts, you must enclose the " +#~ "copies in covers that carry, clearly and legibly, all these Cover Texts: " +#~ "Front-Cover Texts on the front cover, and Back-Cover Texts on the back " +#~ "cover. Both covers must also clearly and legibly identify you as the " +#~ "publisher of these copies. The front cover must present the full title " +#~ "with all words of the title equally prominent and visible. You may add " +#~ "other material on the covers in addition. Copying with changes limited " +#~ "to the covers, as long as they preserve the title of the Document and " +#~ "satisfy these conditions, can be treated as verbatim copying in other " +#~ "respects." +#~ msgstr "" +#~ "Si publica copias impresas del Documento (o copias en soportes que tengan " +#~ "normalmente cubiertas impresas) que sobrepasen las 100, y la nota de " +#~ "licencia del Documento exige Textos de Cubierta, debe incluir las copias " +#~ "con cubiertas que lleven en forma clara y legible todos esos Textos de " +#~ "Cubierta: Textos de Cubierta Delantera en la cubierta delantera y Textos " +#~ "de Cubierta Trasera en la cubierta trasera. Ambas cubiertas deben " +#~ "identificarlo a Usted clara y legiblemente como editor de tales copias. " +#~ "La cubierta debe mostrar el título completo con todas las palabras " +#~ "igualmente prominentes y visibles. Además puede añadir otro material en " +#~ "las cubiertas. Las copias con cambios limitados a las cubiertas, siempre " +#~ "que conserven el título del Documento y satisfagan estas condiciones, " +#~ "pueden considerarse como copias literales." + +#~ msgid "" +#~ "If the required texts for either cover are too voluminous to fit legibly, " +#~ "you should put the first ones listed (as many as fit reasonably) on the " +#~ "actual cover, and continue the rest onto adjacent pages." +#~ msgstr "" +#~ "Si los textos requeridos para la cubierta son muy voluminosos para que " +#~ "ajusten legiblemente, debe colocar los primeros (tantos como sea " +#~ "razonable colocar) en la verdadera cubierta y situar el resto en páginas " +#~ "adyacentes." + +#~ msgid "" +#~ "If you publish or distribute Opaque copies of the Document numbering more " +#~ "than 100, you must either include a machine-readable Transparent copy " +#~ "along with each Opaque copy, or state in or with each Opaque copy a " +#~ "computer-network location from which the general network-using public has " +#~ "access to download using public-standard network protocols a complete " +#~ "Transparent copy of the Document, free of added material. If you use the " +#~ "latter option, you must take reasonably prudent steps, when you begin " +#~ "distribution of Opaque copies in quantity, to ensure that this " +#~ "Transparent copy will remain thus accessible at the stated location until " +#~ "at least one year after the last time you distribute an Opaque copy " +#~ "(directly or through your agents or retailers) of that edition to the " +#~ "public." +#~ msgstr "" +#~ "Si Usted publica o distribuye copias Opacas del Documento cuya cantidad " +#~ "exceda las 100, debe incluir una copia Transparente, que pueda ser leída " +#~ "por una máquina, con cada copia Opaca, o bien mostrar, en cada copia " +#~ "Opaca, una dirección de red donde cualquier usuario de la misma tenga " +#~ "acceso por medio de protocolos públicos y estandarizados a una copia " +#~ "Transparente del Documento completa, sin material adicional. Si usted " +#~ "hace uso de la última opción, deberá tomar las medidas necesarias, cuando " +#~ "comience la distribución de las copias Opacas en cantidad, para asegurar " +#~ "que esta copia Transparente permanecerá accesible en el sitio establecido " +#~ "por lo menos un año después de la última vez que distribuya una copia " +#~ "Opaca de esa edición al público (directamente o a través de sus agentes o " +#~ "distribuidores)." + +#~ msgid "" +#~ "It is requested, but not required, that you contact the authors of the " +#~ "Document well before redistributing any large number of copies, to give " +#~ "them a chance to provide you with an updated version of the Document." +#~ msgstr "" +#~ "Se solicita, aunque no es requisito, que se ponga en contacto con los " +#~ "autores del Documento antes de redistribuir gran número de copias, para " +#~ "darles la oportunidad de que le proporcionen una versión actualizada del " +#~ "Documento." + +#, no-wrap +#~ msgid "4. MODIFICATIONS" +#~ msgstr "4. MODIFICACIONES" + +#~ msgid "" +#~ "You may copy and distribute a Modified Version of the Document under the " +#~ "conditions of sections 2 and 3 above, provided that you release the " +#~ "Modified Version under precisely this License, with the Modified Version " +#~ "filling the role of the Document, thus licensing distribution and " +#~ "modification of the Modified Version to whoever possesses a copy of it. " +#~ "In addition, you must do these things in the Modified Version:" +#~ msgstr "" +#~ "Puede copiar y distribuir una Versión Modificada del Documento bajo las " +#~ "condiciones de las secciones 2 y 3 anteriores, siempre que usted libere " +#~ "la Versión Modificada bajo esta misma Licencia, con la Versión Modificada " +#~ "haciendo el rol del Documento, por lo tanto dando licencia de " +#~ "distribución y modificación de la Versión Modificada a quienquiera posea " +#~ "una copia de la misma. Además, debe hacer lo siguiente en la Versión " +#~ "Modificada:" + +#~ msgid "" +#~ "Use in the Title Page (and on the covers, if any) a title distinct from " +#~ "that of the Document, and from those of previous versions (which should, " +#~ "if there were any, be listed in the History section of the Document). You " +#~ "may use the same title as a previous version if the original publisher of " +#~ "that version gives permission." +#~ msgstr "" +#~ "Usar en la Portada (y en las cubiertas, si hay alguna) un título distinto " +#~ "al del Documento y de sus versiones anteriores (que deberían, si hay " +#~ "alguna, estar listadas en la sección de Historia del Documento). Puede " +#~ "usar el mismo título de versiones anteriores al original siempre y cuando " +#~ "quien las publicó originalmente otorgue permiso." + +#~ msgid "" +#~ "List on the Title Page, as authors, one or more persons or entities " +#~ "responsible for authorship of the modifications in the Modified Version, " +#~ "together with at least five of the principal authors of the Document (all " +#~ "of its principal authors, if it has fewer than five), unless they release " +#~ "you from this requirement." +#~ msgstr "" +#~ "Listar en la Portada, como autores, una o más personas o entidades " +#~ "responsables de la autoría de las modificaciones de la Versión " +#~ "Modificada, junto con por lo menos cinco de los autores principales del " +#~ "Documento (todos sus autores principales, si hay menos de cinco), a menos " +#~ "que le eximan de tal requisito." + +#~ msgid "" +#~ "State on the Title page the name of the publisher of the Modified " +#~ "Version, as the publisher." +#~ msgstr "" +#~ "Mostrar en la Portada como editor el nombre del editor de la Versión " +#~ "Modificada." + +#~ msgid "Preserve all the copyright notices of the Document." +#~ msgstr "Conservar todas las notas de copyright del Documento." + +#~ msgid "" +#~ "Add an appropriate copyright notice for your modifications adjacent to " +#~ "the other copyright notices." +#~ msgstr "" +#~ "Añadir una nota de copyright apropiada a sus modificaciones, adyacente a " +#~ "las otras notas de copyright." + +#~ msgid "" +#~ "Include, immediately after the copyright notices, a license notice giving " +#~ "the public permission to use the Modified Version under the terms of this " +#~ "License, in the form shown in the Addendum below." +#~ msgstr "" +#~ "Incluir, inmediatamente después de las notas de copyright, una nota de " +#~ "licencia dando el permiso para usar la Versión Modificada bajo los " +#~ "términos de esta Licencia, como se muestra en la Adenda al final de este " +#~ "documento." + +#~ msgid "" +#~ "Preserve in that license notice the full lists of Invariant Sections and " +#~ "required Cover Texts given in the Document's license notice." +#~ msgstr "" +#~ "Conservar en esa nota de licencia el listado completo de las Secciones " +#~ "Invariantes y de los Textos de Cubierta que sean requeridos en la nota de " +#~ "Licencia del Documento original." + +#~ msgid "Include an unaltered copy of this License." +#~ msgstr "Incluir una copia sin modificación de esta Licencia." + +#~ msgid "" +#~ "Preserve the section Entitled \"History\", Preserve its Title, and add to " +#~ "it an item stating at least the title, year, new authors, and publisher " +#~ "of the Modified Version as given on the Title Page. If there is no " +#~ "section Entitled \"History\" in the Document, create one stating the " +#~ "title, year, authors, and publisher of the Document as given on its Title " +#~ "Page, then add an item describing the Modified Version as stated in the " +#~ "previous sentence." +#~ msgstr "" +#~ "Conservar la sección Titulada Historia, conservar su Título y añadirle un " +#~ "elemento que declare al menos el título, el año, los nuevos autores y el " +#~ "editor de la Versión Modificada, tal como figuran en la Portada. Si no " +#~ "hay una sección Titulada Historia en el Documento, crear una " +#~ "estableciendo el título, el año, los autores y el editor del Documento, " +#~ "tal como figuran en su Portada, añadiendo además un elemento describiendo " +#~ "la Versión Modificada, como se estableció en la oración anterior." + +#~ msgid "" +#~ "Preserve the network location, if any, given in the Document for public " +#~ "access to a Transparent copy of the Document, and likewise the network " +#~ "locations given in the Document for previous versions it was based on. " +#~ "These may be placed in the \"History\" section. You may omit a network " +#~ "location for a work that was published at least four years before the " +#~ "Document itself, or if the original publisher of the version it refers to " +#~ "gives permission." +#~ msgstr "" +#~ "Conservar la dirección en red, si la hay, dada en el Documento para el " +#~ "acceso público a una copia Transparente del mismo, así como las otras " +#~ "direcciones de red dadas en el Documento para versiones anteriores en las " +#~ "que estuviese basado. Pueden ubicarse en la sección Historia. Se puede " +#~ "omitir la ubicación en red de un trabajo que haya sido publicado por lo " +#~ "menos cuatro años antes que el Documento mismo, o si el editor original " +#~ "de dicha versión da permiso." + +#~ msgid "" +#~ "For any section Entitled \"Acknowledgements\" or \"Dedications\", " +#~ "Preserve the Title of the section, and preserve in the section all the " +#~ "substance and tone of each of the contributor acknowledgements and/or " +#~ "dedications given therein." +#~ msgstr "" +#~ "En cualquier sección Titulada \"Agradecimientos\" o \"Dedicatorias\", " +#~ "Conservar el Título de la sección y conservar en ella toda la sustancia y " +#~ "el tono de los agradecimientos y/o dedicatorias incluidas por cada " +#~ "contribuyente." + +#~ msgid "" +#~ "Preserve all the Invariant Sections of the Document, unaltered in their " +#~ "text and in their titles. Section numbers or the equivalent are not " +#~ "considered part of the section titles." +#~ msgstr "" +#~ "Conservar todas las Secciones Invariantes del Documento, sin alterar su " +#~ "texto ni sus títulos. Números de sección o el equivalente no son " +#~ "considerados parte de los títulos de la sección." + +#~ msgid "" +#~ "Delete any section Entitled \"Endorsements\". Such a section may not be " +#~ "included in the Modified Version." +#~ msgstr "" +#~ "Borrar cualquier sección titulada Aprobaciones. Tales secciones no pueden " +#~ "estar incluidas en las Versiones Modificadas." + +#~ msgid "" +#~ "Do not retitle any existing section to be Entitled \"Endorsements\" or to " +#~ "conflict in title with any Invariant Section." +#~ msgstr "" +#~ "No cambiar el título de ninguna sección existente a \"Aprobaciones\" ni a " +#~ "uno que entre en conflicto con el de alguna Sección Invariante." + +#~ msgid "Preserve any Warranty Disclaimers." +#~ msgstr "Conservar todas las Limitaciones de Garantía." + +#~ msgid "" +#~ "If the Modified Version includes new front-matter sections or appendices " +#~ "that qualify as Secondary Sections and contain no material copied from " +#~ "the Document, you may at your option designate some or all of these " +#~ "sections as invariant. To do this, add their titles to the list of " +#~ "Invariant Sections in the Modified Version's license notice. These " +#~ "titles must be distinct from any other section titles." +#~ msgstr "" +#~ "Si la Versión Modificada incluye secciones o apéndices nuevos que " +#~ "califiquen como Secciones Secundarias y contienen material no copiado del " +#~ "Documento, puede opcionalmente designar algunas o todas esas secciones " +#~ "como invariantes. Para hacerlo, añada sus títulos a la lista de Secciones " +#~ "Invariantes en la nota de licencia de la Versión Modificada. Tales " +#~ "títulos deben ser distintos de cualquier otro título de sección." + +#~ msgid "" +#~ "You may add a section Entitled \"Endorsements\", provided it contains " +#~ "nothing but endorsements of your Modified Version by various parties--for " +#~ "example, statements of peer review or that the text has been approved by " +#~ "an organization as the authoritative definition of a standard." +#~ msgstr "" +#~ "Puede añadir una sección titulada Aprobaciones, siempre que contenga " +#~ "únicamente aprobaciones de su Versión Modificada por otras fuentes --por " +#~ "ejemplo, observaciones de peritos o que el texto ha sido aprobado por una " +#~ "organización como la definición oficial de un estándar." + +#~ msgid "" +#~ "You may add a passage of up to five words as a Front-Cover Text, and a " +#~ "passage of up to 25 words as a Back-Cover Text, to the end of the list of " +#~ "Cover Texts in the Modified Version. Only one passage of Front-Cover " +#~ "Text and one of Back-Cover Text may be added by (or through arrangements " +#~ "made by) any one entity. If the Document already includes a cover text " +#~ "for the same cover, previously added by you or by arrangement made by the " +#~ "same entity you are acting on behalf of, you may not add another; but you " +#~ "may replace the old one, on explicit permission from the previous " +#~ "publisher that added the old one." +#~ msgstr "" +#~ "Puede añadir un pasaje de hasta cinco palabras como Texto de Cubierta " +#~ "Delantera y un pasaje de hasta 25 palabras como Texto de Cubierta Trasera " +#~ "en la Versión Modificada. Una entidad solo puede añadir (o hacer que se " +#~ "añada) un pasaje al Texto de Cubierta Delantera y uno al de Cubierta " +#~ "Trasera. Si el Documento ya incluye un textos de cubiertas añadidos " +#~ "previamente por usted o por la misma entidad que usted representa, usted " +#~ "no puede añadir otro; pero puede reemplazar el anterior, con permiso " +#~ "explícito del editor que agregó el texto anterior." + +#~ msgid "" +#~ "The author(s) and publisher(s) of the Document do not by this License " +#~ "give permission to use their names for publicity for or to assert or " +#~ "imply endorsement of any Modified Version." +#~ msgstr "" +#~ "Con esta Licencia ni los autores ni los editores del Documento dan " +#~ "permiso para usar sus nombres para publicidad ni para asegurar o implicar " +#~ "aprobación de cualquier Versión Modificada." + +#, no-wrap +#~ msgid "5. COMBINING DOCUMENTS" +#~ msgstr "5. COMBINACIÓN DE DOCUMENTOS" + +#~ msgid "" +#~ "You may combine the Document with other documents released under this " +#~ "License, under the terms defined in section 4 above for modified " +#~ "versions, provided that you include in the combination all of the " +#~ "Invariant Sections of all of the original documents, unmodified, and list " +#~ "them all as Invariant Sections of your combined work in its license " +#~ "notice, and that you preserve all their Warranty Disclaimers." +#~ msgstr "" +#~ "Usted puede combinar el Documento con otros documentos liberados bajo " +#~ "esta Licencia, bajo los términos definidos en la sección 4 anterior para " +#~ "versiones modificadas, siempre que incluya en la combinación todas las " +#~ "Secciones Invariantes de todos los documentos originales, sin modificar, " +#~ "listadas todas como Secciones Invariantes del trabajo combinado en su " +#~ "nota de licencia. Así mismo debe incluir la Limitación de Garantía." + +#~ msgid "" +#~ "The combined work need only contain one copy of this License, and " +#~ "multiple identical Invariant Sections may be replaced with a single " +#~ "copy. If there are multiple Invariant Sections with the same name but " +#~ "different contents, make the title of each such section unique by adding " +#~ "at the end of it, in parentheses, the name of the original author or " +#~ "publisher of that section if known, or else a unique number. Make the " +#~ "same adjustment to the section titles in the list of Invariant Sections " +#~ "in the license notice of the combined work." +#~ msgstr "" +#~ "El trabajo combinado necesita contener solamente una copia de esta " +#~ "Licencia, y puede reemplazar varias Secciones Invariantes idénticas por " +#~ "una sola copia. Si hay varias Secciones Invariantes con el mismo nombre " +#~ "pero con contenidos diferentes, haga el título de cada una de estas " +#~ "secciones único añadiéndole al final del mismo, entre paréntesis, el " +#~ "nombre del autor o editor original de esa sección, si es conocido, o si " +#~ "no, un número único. Haga el mismo ajuste a los títulos de sección en la " +#~ "lista de Secciones Invariantes de la nota de licencia del trabajo " +#~ "combinado." + +#~ msgid "" +#~ "In the combination, you must combine any sections Entitled \"History\" in " +#~ "the various original documents, forming one section Entitled \"History\"; " +#~ "likewise combine any sections Entitled \"Acknowledgements\", and any " +#~ "sections Entitled \"Dedications\". You must delete all sections Entitled " +#~ "\"Endorsements\"." +#~ msgstr "" +#~ "En la combinación, debe combinar cualquier sección Titulada \"Historia\" " +#~ "de los documentos originales, formando una sección Titulada \"Historia\"; " +#~ "de la misma forma combine cualquier sección Titulada \"Agradecimientos\", " +#~ "y cualquier sección Titulada \"Dedicatorias\". Debe borrar todas las " +#~ "secciones tituladas \"Aprobaciones\"." + +#, no-wrap +#~ msgid "6. COLLECTIONS OF DOCUMENTS" +#~ msgstr "6. COLECCIONES DE DOCUMENTOS" + +#~ msgid "" +#~ "You may make a collection consisting of the Document and other documents " +#~ "released under this License, and replace the individual copies of this " +#~ "License in the various documents with a single copy that is included in " +#~ "the collection, provided that you follow the rules of this License for " +#~ "verbatim copying of each of the documents in all other respects." +#~ msgstr "" +#~ "Puede hacer una colección que conste del Documento y de otros documentos " +#~ "liberados bajo esta Licencia, y reemplazar las copias individuales de " +#~ "esta Licencia en todos los documentos por una sola copia que esté " +#~ "incluida en la colección, siempre que siga las reglas de esta Licencia " +#~ "para cada copia literal de cada uno de los documentos en cualquiera de " +#~ "los demás aspectos." + +#~ msgid "" +#~ "You may extract a single document from such a collection, and distribute " +#~ "it individually under this License, provided you insert a copy of this " +#~ "License into the extracted document, and follow this License in all other " +#~ "respects regarding verbatim copying of that document." +#~ msgstr "" +#~ "Puede extraer un solo documento de una de tales colecciones y " +#~ "distribuirlo individualmente bajo esta Licencia, siempre que inserte una " +#~ "copia de esta Licencia en el documento extraído, y siga esta Licencia en " +#~ "todos los demás aspectos relativos a la copia literal de dicho documento." + +#, no-wrap +#~ msgid "7. AGGREGATION WITH INDEPENDENT WORKS" +#~ msgstr "7. AGREGACIÓN CON TRABAJOS INDEPENDIENTES" + +#~ msgid "" +#~ "A compilation of the Document or its derivatives with other separate and " +#~ "independent documents or works, in or on a volume of a storage or " +#~ "distribution medium, is called an \"aggregate\" if the copyright " +#~ "resulting from the compilation is not used to limit the legal rights of " +#~ "the compilation's users beyond what the individual works permit. When " +#~ "the Document is included in an aggregate, this License does not apply to " +#~ "the other works in the aggregate which are not themselves derivative " +#~ "works of the Document." +#~ msgstr "" +#~ "Una recopilación que conste del Documento o sus derivados y de otros " +#~ "documentos o trabajos separados e independientes, en cualquier soporte de " +#~ "almacenamiento o distribución, se denomina un agregado si el copyright " +#~ "resultante de la compilación no se usa para limitar los derechos de los " +#~ "usuarios de la misma más allá de lo que los de los trabajos individuales " +#~ "permiten. Cuando el Documento se incluye en un agregado, esta Licencia no " +#~ "se aplica a otros trabajos del agregado que no sean en sí mismos " +#~ "derivados del Documento." + +#~ msgid "" +#~ "If the Cover Text requirement of section 3 is applicable to these copies " +#~ "of the Document, then if the Document is less than one half of the entire " +#~ "aggregate, the Document's Cover Texts may be placed on covers that " +#~ "bracket the Document within the aggregate, or the electronic equivalent " +#~ "of covers if the Document is in electronic form. Otherwise they must " +#~ "appear on printed covers that bracket the whole aggregate." +#~ msgstr "" +#~ "Si el requisito de la sección 3 sobre el Texto de Cubierta es aplicable a " +#~ "estas copias del Documento y el Documento es menor que la mitad del " +#~ "agregado entero, los Textos de Cubierta del Documento pueden colocarse en " +#~ "cubiertas que enmarquen solamente el Documento dentro del agregado, o el " +#~ "equivalente electrónico de las cubiertas si el documento está en forma " +#~ "electrónica. En caso contrario deben aparecer en cubiertas impresas " +#~ "enmarcando todo el agregado." + +#, no-wrap +#~ msgid "8. TRANSLATION" +#~ msgstr "8. TRADUCCIÓN" + +#~ msgid "" +#~ "Translation is considered a kind of modification, so you may distribute " +#~ "translations of the Document under the terms of section 4. Replacing " +#~ "Invariant Sections with translations requires special permission from " +#~ "their copyright holders, but you may include translations of some or all " +#~ "Invariant Sections in addition to the original versions of these " +#~ "Invariant Sections. You may include a translation of this License, and " +#~ "all the license notices in the Document, and any Warranty Disclaimers, " +#~ "provided that you also include the original English version of this " +#~ "License and the original versions of those notices and disclaimers. In " +#~ "case of a disagreement between the translation and the original version " +#~ "of this License or a notice or disclaimer, the original version will " +#~ "prevail." +#~ msgstr "" +#~ "La Traducción es considerada como un tipo de modificación, por lo que " +#~ "usted puede distribuir traducciones del Documento bajo los términos de la " +#~ "sección 4. El reemplazo las Secciones Invariantes con traducciones " +#~ "requiere permiso especial de los dueños de derecho de autor, pero usted " +#~ "puede añadir traducciones de algunas o todas las Secciones Invariantes a " +#~ "las versiones originales de las mismas. Puede incluir una traducción de " +#~ "esta Licencia, de todas las notas de licencia del documento, así como de " +#~ "las Limitaciones de Garantía, siempre que incluya también la versión en " +#~ "Inglés de esta Licencia y las versiones originales de las notas de " +#~ "licencia y Limitaciones de Garantía. En caso de desacuerdo entre la " +#~ "traducción y la versión original en Inglés de esta Licencia, la nota de " +#~ "licencia o la limitación de garantía, la versión original en Inglés " +#~ "prevalecerá." + +#~ msgid "" +#~ "If a section in the Document is Entitled \"Acknowledgements\", " +#~ "\"Dedications\", or \"History\", the requirement (section 4) to Preserve " +#~ "its Title (section 1) will typically require changing the actual title." +#~ msgstr "" +#~ "Si una sección del Documento está Titulada \"Agradecimientos\", " +#~ "\"Dedicatorias\" o \"Historia\" el requisito (sección 4) de Conservar su " +#~ "Título (Sección 1) requerirá, típicamente, cambiar su título." + +#, no-wrap +#~ msgid "9. TERMINATION" +#~ msgstr "9. TERMINACIÓN" + +#~ msgid "" +#~ "You may not copy, modify, sublicense, or distribute the Document except " +#~ "as expressly provided for under this License. Any other attempt to copy, " +#~ "modify, sublicense or distribute the Document is void, and will " +#~ "automatically terminate your rights under this License. However, parties " +#~ "who have received copies, or rights, from you under this License will not " +#~ "have their licenses terminated so long as such parties remain in full " +#~ "compliance." +#~ msgstr "" +#~ "Usted no puede copiar, modificar, sublicenciar o distribuir el Documento " +#~ "salvo por lo permitido expresamente por esta Licencia. Cualquier otro " +#~ "intento de copia, modificación, sublicenciamiento o distribución del " +#~ "Documento es nulo, y dará por terminados automáticamente sus derechos " +#~ "bajo esa Licencia. Sin embargo, los terceros que hayan recibido copias, o " +#~ "derechos, de usted bajo esta Licencia no verán terminadas sus licencias, " +#~ "siempre que permanezcan en total conformidad con ella." + +#, no-wrap +#~ msgid "10. FUTURE REVISIONS OF THIS LICENSE" +#~ msgstr "10. REVISIONES FUTURAS DE ESTA LICENCIA" + +#~ msgid "" +#~ "The Free Software Foundation may publish new, revised versions of the GNU " +#~ "Free Documentation License from time to time. Such new versions will be " +#~ "similar in spirit to the present version, but may differ in detail to " +#~ "address new problems or concerns. See http://www.gnu.org/copyleft/." +#~ msgstr "" +#~ "De vez en cuando la Free Software Foundation puede publicar versiones " +#~ "nuevas y revisadas de la Licencia de Documentación Libre GNU. Tales " +#~ "versiones nuevas serán similares en espíritu a la presente versión, pero " +#~ "pueden diferir en detalles para solucionar nuevos problemas o intereses. " +#~ "Vea http://www.gnu.org/copyleft/." + +#~ msgid "" +#~ "Each version of the License is given a distinguishing version number. If " +#~ "the Document specifies that a particular numbered version of this License " +#~ "\"or any later version\" applies to it, you have the option of following " +#~ "the terms and conditions either of that specified version or of any later " +#~ "version that has been published (not as a draft) by the Free Software " +#~ "Foundation. If the Document does not specify a version number of this " +#~ "License, you may choose any version ever published (not as a draft) by " +#~ "the Free Software Foundation." +#~ msgstr "" +#~ "Cada versión de la Licencia tiene un número de versión que la distingue. " +#~ "Si el Documento especifica que se aplica una versión numerada en " +#~ "particular de esta licencia o cualquier versión posterior, usted tiene la " +#~ "opción de seguir los términos y condiciones de la versión especificada o " +#~ "cualquiera posterior que haya sido publicada (no como borrador) por la " +#~ "Free Software Foundation. Si el Documento no especifica un número de " +#~ "versión de esta Licencia, puede escoger cualquier versión que haya sido " +#~ "publicada (no como borrador) por la Free Software Foundation." + +#, no-wrap +#~ msgid "ADDENDUM: How to use this License for your documents" +#~ msgstr "ADENDA: Cómo usar esta Licencia en sus documentos" + +#, no-wrap +#~ msgid "" +#~ "Copyright (c) YEAR YOUR NAME.\n" +#~ " Permission is granted to copy, distribute and/or modify this document\n" +#~ " under the terms of the GNU Free Documentation License, Version 1.2\n" +#~ " or any later version published by the Free Software Foundation;\n" +#~ " with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.\n" +#~ " A copy of the license is included in the section entitled{ldquo}GNU\n" +#~ " Free Documentation License{rdquo}.\n" +#~ msgstr "" +#~ "Copyright (c) AÑO SU NOMBRE. \n" +#~ " Se otorga permiso para copiar, distribuir y/o modificar este documento\n" +#~ " bajo los términos de la Licencia de Documentación Libre de GNU, Versión 1.2 \n" +#~ " o cualquier otra versión posterior publicada por la Free Software Foundation; \n" +#~ " sin Secciones Invariantes ni Textos de Cubierta Delantera ni Textos de Cubierta Trasera. \n" +#~ " Una copia de la licencia está incluida en la sección titulada {ldquo}GNU \n" +#~ " Free Documentation License{rdquo}.\n" + +#~ msgid "" +#~ "If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, " +#~ "replace the {ldquo} with...Texts.{rdquo} line with this:" +#~ msgstr "" +#~ "Si tiene Secciones Invariantes, Textos de Cubierta Delantera y Textos de " +#~ "Cubierta Trasera, reemplace la frase {ldquo}con ... Textos.{rdquo} por " +#~ "esto:" + +#, no-wrap +#~ msgid "" +#~ "with the Invariant Sections being LIST THEIR TITLES, with the\n" +#~ " Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST.\n" +#~ msgstr "" +#~ "siendo las Secciones Invariantes LISTE SUS TÍTULOS, siendo los \n" +#~ " Textos de Cubierta Delantera LISTAR, y siendo sus Textos de Cubierta Trasera LISTAR.\n" + +#~ msgid "" +#~ "If you have Invariant Sections without Cover Texts, or some other " +#~ "combination of the three, merge those two alternatives to suit the " +#~ "situation." +#~ msgstr "" +#~ "Si tiene Secciones Invariantes sin Textos de Cubierta o cualquier otra " +#~ "combinación de los tres, mezcle ambas alternativas para adaptarse a la " +#~ "situación." + +#~ msgid "" +#~ "If your document contains nontrivial examples of program code, we " +#~ "recommend releasing these examples in parallel under your choice of free " +#~ "software license, such as the GNU General Public License, to permit their " +#~ "use in free software." +#~ msgstr "" +#~ "Si su documento contiene ejemplos de código de programa no triviales, " +#~ "recomendamos liberar estos ejemplos en paralelo bajo la licencia de " +#~ "software libre que usted elija, como la Licencia Pública General de GNU " +#~ "(GNU General Public License), para permitir su uso en software libre." diff --git a/l10n-weblate/ROOT/zh_CN.po b/l10n-weblate/ROOT/zh_CN.po index f0b56cb34f5..a1b026cbd2d 100644 --- a/l10n-weblate/ROOT/zh_CN.po +++ b/l10n-weblate/ROOT/zh_CN.po @@ -1,694 +1,36 @@ -# SOME DESCRIPTIVE TITLE -# Copyright (C) YEAR Free Software Foundation, Inc. +# Chinese translations for PACKAGE package +# PACKAGE �������ļ������ķ��� +# Copyright (C) 2020 Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. -# FIRST AUTHOR , YEAR. +# Automatically generated, 2020. # -#, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2020-08-24 02:23+0200\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: FULL NAME \n" -"Language-Team: LANGUAGE \n" -"Language: \n" +"POT-Creation-Date: 2020-09-29 23:48+0200\n" +"PO-Revision-Date: 2020-09-29 23:48+0200\n" +"Last-Translator: Automatically generated\n" +"Language-Team: none\n" +"Language: zh_CN\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Title = -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:1 -#, no-wrap -msgid "GNU Free Documentation License" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:6 -msgid "" -"Copyright (C) 2000, 2001, 2002 Free Software Foundation, Inc. 51 Franklin " -"St, Fifth Floor, Boston, MA 02110-1301 USA. Everyone is permitted to copy " -"and distribute verbatim copies of this license document, but changing it is " -"not allowed." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:8 -#, no-wrap -msgid "0. PREAMBLE" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:13 -msgid "" -"The purpose of this License is to make a manual, textbook, or other " -"functional and useful document \"free\" in the sense of freedom: to assure " -"everyone the effective freedom to copy and redistribute it, with or without " -"modifying it, either commercially or noncommercially. Secondarily, this " -"License preserves for the author and publisher a way to get credit for their " -"work, while not being considered responsible for modifications made by " -"others." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:16 -msgid "" -"This License is a kind of \"copyleft\", which means that derivative works of " -"the document must themselves be free in the same sense. It complements the " -"GNU General Public License, which is a copyleft license designed for free " -"software." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:20 -msgid "" -"We have designed this License in order to use it for manuals for free " -"software, because free software needs free documentation: a free program " -"should come with manuals providing the same freedoms that the software " -"does. But this License is not limited to software manuals; it can be used " -"for any textual work, regardless of subject matter or whether it is " -"published as a printed book. We recommend this License principally for " -"works whose purpose is instruction or reference." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:22 -#, no-wrap -msgid "1. APPLICABILITY AND DEFINITIONS" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:29 -msgid "" -"This License applies to any manual or other work, in any medium, that " -"contains a notice placed by the copyright holder saying it can be " -"distributed under the terms of this License. Such a notice grants a world-" -"wide, royalty-free license, unlimited in duration, to use that work under " -"the conditions stated herein. The \"Document\", below, refers to any such " -"manual or work. Any member of the public is a licensee, and is addressed as " -"\"you\". You accept the license if you copy, modify or distribute the work " -"in a way requiring permission under copyright law." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:31 -msgid "" -"A \"Modified Version\" of the Document means any work containing the " -"Document or a portion of it, either copied verbatim, or with modifications " -"and/or translated into another language." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:34 -msgid "" -"A \"Secondary Section\" is a named appendix or a front-matter section of the " -"Document that deals exclusively with the relationship of the publishers or " -"authors of the Document to the Document's overall subject (or to related " -"matters) and contains nothing that could fall directly within that overall " -"subject. (Thus, if the Document is in part a textbook of mathematics, a " -"Secondary Section may not explain any mathematics.) The relationship could " -"be a matter of historical connection with the subject or with related " -"matters, or of legal, commercial, philosophical, ethical or political " -"position regarding them." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:39 -msgid "" -"The \"Invariant Sections\" are certain Secondary Sections whose titles are " -"designated, as being those of Invariant Sections, in the notice that says " -"that the Document is released under this License. If a section does not fit " -"the above definition of Secondary then it is not allowed to be designated as " -"Invariant. The Document may contain zero Invariant Sections. If the " -"Document does not identify any Invariant Sections then there are none." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:42 -msgid "" -"The \"Cover Texts\" are certain short passages of text that are listed, as " -"Front-Cover Texts or Back-Cover Texts, in the notice that says that the " -"Document is released under this License. A Front-Cover Text may be at most " -"5 words, and a Back-Cover Text may be at most 25 words." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:47 -msgid "" -"A \"Transparent\" copy of the Document means a machine-readable copy, " -"represented in a format whose specification is available to the general " -"public, that is suitable for revising the document straightforwardly with " -"generic text editors or (for images composed of pixels) generic paint " -"programs or (for drawings) some widely available drawing editor, and that is " -"suitable for input to text formatters or for automatic translation to a " -"variety of formats suitable for input to text formatters. A copy made in an " -"otherwise Transparent file format whose markup, or absence of markup, has " -"been arranged to thwart or discourage subsequent modification by readers is " -"not Transparent. An image format is not Transparent if used for any " -"substantial amount of text. A copy that is not \"Transparent\" is called " -"\"Opaque\"." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:51 -msgid "" -"Examples of suitable formats for Transparent copies include plain ASCII " -"without markup, Texinfo input format, LaTeX input format, SGML or XML using " -"a publicly available DTD, and standard-conforming simple HTML, PostScript or " -"PDF designed for human modification. Examples of transparent image formats " -"include PNG, XCF and JPG. Opaque formats include proprietary formats that " -"can be read and edited only by proprietary word processors, SGML or XML for " -"which the DTD and/or processing tools are not generally available, and the " -"machine-generated HTML, PostScript or PDF produced by some word processors " -"for output purposes only." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:54 -msgid "" -"The \"Title Page\" means, for a printed book, the title page itself, plus " -"such following pages as are needed to hold, legibly, the material this " -"License requires to appear in the title page. For works in formats which do " -"not have any title page as such, \"Title Page\" means the text near the most " -"prominent appearance of the work's title, preceding the beginning of the " -"body of the text." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:57 -msgid "" -"A section \"Entitled XYZ\" means a named subunit of the Document whose title " -"either is precisely XYZ or contains XYZ in parentheses following text that " -"translates XYZ in another language. (Here XYZ stands for a specific section " -"name mentioned below, such as \"Acknowledgements\", \"Dedications\", " -"\"Endorsements\", or \"History\".) To \"Preserve the Title\" of such a " -"section when you modify the Document means that it remains a section " -"\"Entitled XYZ\" according to this definition." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:60 -msgid "" -"The Document may include Warranty Disclaimers next to the notice which " -"states that this License applies to the Document. These Warranty " -"Disclaimers are considered to be included by reference in this License, but " -"only as regards disclaiming warranties: any other implication that these " -"Warranty Disclaimers may have is void and has no effect on the meaning of " -"this License." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:62 -#, no-wrap -msgid "2. VERBATIM COPYING" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:69 -msgid "" -"You may copy and distribute the Document in any medium, either commercially " -"or noncommercially, provided that this License, the copyright notices, and " -"the license notice saying this License applies to the Document are " -"reproduced in all copies, and that you add no other conditions whatsoever to " -"those of this License. You may not use technical measures to obstruct or " -"control the reading or further copying of the copies you make or " -"distribute. However, you may accept compensation in exchange for copies. " -"If you distribute a large enough number of copies you must also follow the " -"conditions in section 3." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:71 -msgid "" -"You may also lend copies, under the same conditions stated above, and you " -"may publicly display copies." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:73 -#, no-wrap -msgid "3. COPYING IN QUANTITY" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:81 -msgid "" -"If you publish printed copies (or copies in media that commonly have printed " -"covers) of the Document, numbering more than 100, and the Document's license " -"notice requires Cover Texts, you must enclose the copies in covers that " -"carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the " -"front cover, and Back-Cover Texts on the back cover. Both covers must also " -"clearly and legibly identify you as the publisher of these copies. The " -"front cover must present the full title with all words of the title equally " -"prominent and visible. You may add other material on the covers in " -"addition. Copying with changes limited to the covers, as long as they " -"preserve the title of the Document and satisfy these conditions, can be " -"treated as verbatim copying in other respects." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:83 -msgid "" -"If the required texts for either cover are too voluminous to fit legibly, " -"you should put the first ones listed (as many as fit reasonably) on the " -"actual cover, and continue the rest onto adjacent pages." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:86 -msgid "" -"If you publish or distribute Opaque copies of the Document numbering more " -"than 100, you must either include a machine-readable Transparent copy along " -"with each Opaque copy, or state in or with each Opaque copy a computer-" -"network location from which the general network-using public has access to " -"download using public-standard network protocols a complete Transparent copy " -"of the Document, free of added material. If you use the latter option, you " -"must take reasonably prudent steps, when you begin distribution of Opaque " -"copies in quantity, to ensure that this Transparent copy will remain thus " -"accessible at the stated location until at least one year after the last " -"time you distribute an Opaque copy (directly or through your agents or " -"retailers) of that edition to the public." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:88 -msgid "" -"It is requested, but not required, that you contact the authors of the " -"Document well before redistributing any large number of copies, to give them " -"a chance to provide you with an updated version of the Document." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:90 -#, no-wrap -msgid "4. MODIFICATIONS" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:95 -msgid "" -"You may copy and distribute a Modified Version of the Document under the " -"conditions of sections 2 and 3 above, provided that you release the Modified " -"Version under precisely this License, with the Modified Version filling the " -"role of the Document, thus licensing distribution and modification of the " -"Modified Version to whoever possesses a copy of it. In addition, you must " -"do these things in the Modified Version:" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:98 -msgid "" -"Use in the Title Page (and on the covers, if any) a title distinct from that " -"of the Document, and from those of previous versions (which should, if there " -"were any, be listed in the History section of the Document). You may use the " -"same title as a previous version if the original publisher of that version " -"gives permission." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:99 -msgid "" -"List on the Title Page, as authors, one or more persons or entities " -"responsible for authorship of the modifications in the Modified Version, " -"together with at least five of the principal authors of the Document (all of " -"its principal authors, if it has fewer than five), unless they release you " -"from this requirement." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:100 -msgid "" -"State on the Title page the name of the publisher of the Modified Version, " -"as the publisher." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:101 -msgid "Preserve all the copyright notices of the Document." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:102 -msgid "" -"Add an appropriate copyright notice for your modifications adjacent to the " -"other copyright notices." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:103 -msgid "" -"Include, immediately after the copyright notices, a license notice giving " -"the public permission to use the Modified Version under the terms of this " -"License, in the form shown in the Addendum below." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:104 -msgid "" -"Preserve in that license notice the full lists of Invariant Sections and " -"required Cover Texts given in the Document's license notice." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:105 -msgid "Include an unaltered copy of this License." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:106 -msgid "" -"Preserve the section Entitled \"History\", Preserve its Title, and add to it " -"an item stating at least the title, year, new authors, and publisher of the " -"Modified Version as given on the Title Page. If there is no section Entitled " -"\"History\" in the Document, create one stating the title, year, authors, " -"and publisher of the Document as given on its Title Page, then add an item " -"describing the Modified Version as stated in the previous sentence." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:107 -msgid "" -"Preserve the network location, if any, given in the Document for public " -"access to a Transparent copy of the Document, and likewise the network " -"locations given in the Document for previous versions it was based on. These " -"may be placed in the \"History\" section. You may omit a network location " -"for a work that was published at least four years before the Document " -"itself, or if the original publisher of the version it refers to gives " -"permission." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:108 -msgid "" -"For any section Entitled \"Acknowledgements\" or \"Dedications\", Preserve " -"the Title of the section, and preserve in the section all the substance and " -"tone of each of the contributor acknowledgements and/or dedications given " -"therein." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:109 -msgid "" -"Preserve all the Invariant Sections of the Document, unaltered in their text " -"and in their titles. Section numbers or the equivalent are not considered " -"part of the section titles." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:110 -msgid "" -"Delete any section Entitled \"Endorsements\". Such a section may not be " -"included in the Modified Version." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:111 -msgid "" -"Do not retitle any existing section to be Entitled \"Endorsements\" or to " -"conflict in title with any Invariant Section." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:112 -msgid "Preserve any Warranty Disclaimers." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:117 -msgid "" -"If the Modified Version includes new front-matter sections or appendices " -"that qualify as Secondary Sections and contain no material copied from the " -"Document, you may at your option designate some or all of these sections as " -"invariant. To do this, add their titles to the list of Invariant Sections " -"in the Modified Version's license notice. These titles must be distinct " -"from any other section titles." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:119 -msgid "" -"You may add a section Entitled \"Endorsements\", provided it contains " -"nothing but endorsements of your Modified Version by various parties--for " -"example, statements of peer review or that the text has been approved by an " -"organization as the authoritative definition of a standard." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:123 -msgid "" -"You may add a passage of up to five words as a Front-Cover Text, and a " -"passage of up to 25 words as a Back-Cover Text, to the end of the list of " -"Cover Texts in the Modified Version. Only one passage of Front-Cover Text " -"and one of Back-Cover Text may be added by (or through arrangements made by) " -"any one entity. If the Document already includes a cover text for the same " -"cover, previously added by you or by arrangement made by the same entity you " -"are acting on behalf of, you may not add another; but you may replace the " -"old one, on explicit permission from the previous publisher that added the " -"old one." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:125 -msgid "" -"The author(s) and publisher(s) of the Document do not by this License give " -"permission to use their names for publicity for or to assert or imply " -"endorsement of any Modified Version." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:127 -#, no-wrap -msgid "5. COMBINING DOCUMENTS" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:131 -msgid "" -"You may combine the Document with other documents released under this " -"License, under the terms defined in section 4 above for modified versions, " -"provided that you include in the combination all of the Invariant Sections " -"of all of the original documents, unmodified, and list them all as Invariant " -"Sections of your combined work in its license notice, and that you preserve " -"all their Warranty Disclaimers." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:135 -msgid "" -"The combined work need only contain one copy of this License, and multiple " -"identical Invariant Sections may be replaced with a single copy. If there " -"are multiple Invariant Sections with the same name but different contents, " -"make the title of each such section unique by adding at the end of it, in " -"parentheses, the name of the original author or publisher of that section if " -"known, or else a unique number. Make the same adjustment to the section " -"titles in the list of Invariant Sections in the license notice of the " -"combined work." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:137 -msgid "" -"In the combination, you must combine any sections Entitled \"History\" in " -"the various original documents, forming one section Entitled \"History\"; " -"likewise combine any sections Entitled \"Acknowledgements\", and any " -"sections Entitled \"Dedications\". You must delete all sections Entitled " -"\"Endorsements\"." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:139 -#, no-wrap -msgid "6. COLLECTIONS OF DOCUMENTS" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:143 -msgid "" -"You may make a collection consisting of the Document and other documents " -"released under this License, and replace the individual copies of this " -"License in the various documents with a single copy that is included in the " -"collection, provided that you follow the rules of this License for verbatim " -"copying of each of the documents in all other respects." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:145 -msgid "" -"You may extract a single document from such a collection, and distribute it " -"individually under this License, provided you insert a copy of this License " -"into the extracted document, and follow this License in all other respects " -"regarding verbatim copying of that document." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:147 -#, no-wrap -msgid "7. AGGREGATION WITH INDEPENDENT WORKS" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:152 -msgid "" -"A compilation of the Document or its derivatives with other separate and " -"independent documents or works, in or on a volume of a storage or " -"distribution medium, is called an \"aggregate\" if the copyright resulting " -"from the compilation is not used to limit the legal rights of the " -"compilation's users beyond what the individual works permit. When the " -"Document is included in an aggregate, this License does not apply to the " -"other works in the aggregate which are not themselves derivative works of " -"the Document." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:155 -msgid "" -"If the Cover Text requirement of section 3 is applicable to these copies of " -"the Document, then if the Document is less than one half of the entire " -"aggregate, the Document's Cover Texts may be placed on covers that bracket " -"the Document within the aggregate, or the electronic equivalent of covers if " -"the Document is in electronic form. Otherwise they must appear on printed " -"covers that bracket the whole aggregate." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:157 -#, no-wrap -msgid "8. TRANSLATION" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:164 -msgid "" -"Translation is considered a kind of modification, so you may distribute " -"translations of the Document under the terms of section 4. Replacing " -"Invariant Sections with translations requires special permission from their " -"copyright holders, but you may include translations of some or all Invariant " -"Sections in addition to the original versions of these Invariant Sections. " -"You may include a translation of this License, and all the license notices " -"in the Document, and any Warranty Disclaimers, provided that you also " -"include the original English version of this License and the original " -"versions of those notices and disclaimers. In case of a disagreement " -"between the translation and the original version of this License or a notice " -"or disclaimer, the original version will prevail." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:166 -msgid "" -"If a section in the Document is Entitled \"Acknowledgements\", \"Dedications" -"\", or \"History\", the requirement (section 4) to Preserve its Title " -"(section 1) will typically require changing the actual title." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:168 -#, no-wrap -msgid "9. TERMINATION" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:174 -msgid "" -"You may not copy, modify, sublicense, or distribute the Document except as " -"expressly provided for under this License. Any other attempt to copy, " -"modify, sublicense or distribute the Document is void, and will " -"automatically terminate your rights under this License. However, parties " -"who have received copies, or rights, from you under this License will not " -"have their licenses terminated so long as such parties remain in full " -"compliance." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:176 -#, no-wrap -msgid "10. FUTURE REVISIONS OF THIS LICENSE" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:182 -msgid "" -"The Free Software Foundation may publish new, revised versions of the GNU " -"Free Documentation License from time to time. Such new versions will be " -"similar in spirit to the present version, but may differ in detail to " -"address new problems or concerns. See http://www.gnu.org/copyleft/." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:186 -msgid "" -"Each version of the License is given a distinguishing version number. If " -"the Document specifies that a particular numbered version of this License " -"\"or any later version\" applies to it, you have the option of following the " -"terms and conditions either of that specified version or of any later " -"version that has been published (not as a draft) by the Free Software " -"Foundation. If the Document does not specify a version number of this " -"License, you may choose any version ever published (not as a draft) by the " -"Free Software Foundation." -msgstr "" - -#. type: Title == -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:188 -#, no-wrap -msgid "ADDENDUM: How to use this License for your documents" -msgstr "" - -#. type: delimited block - -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:198 -#, no-wrap -msgid "" -"Copyright (c) YEAR YOUR NAME.\n" -" Permission is granted to copy, distribute and/or modify this document\n" -" under the terms of the GNU Free Documentation License, Version 1.2\n" -" or any later version published by the Free Software Foundation;\n" -" with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.\n" -" A copy of the license is included in the section entitled{ldquo}GNU\n" -" Free Documentation License{rdquo}.\n" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:204 -msgid "" -"If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, " -"replace the {ldquo} with...Texts.{rdquo} line with this:" -msgstr "" - -#. type: delimited block - -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:208 -#, no-wrap -msgid "" -"with the Invariant Sections being LIST THEIR TITLES, with the\n" -" Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST.\n" -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:212 -msgid "" -"If you have Invariant Sections without Cover Texts, or some other " -"combination of the three, merge those two alternatives to suit the situation." -msgstr "" - -#. type: Plain text -#: modules/ROOT/pages/common_gfdl1.2_i.adoc:213 -msgid "" -"If your document contains nontrivial examples of program code, we recommend " -"releasing these examples in parallel under your choice of free software " -"license, such as the GNU General Public License, to permit their use in free " -"software." -msgstr "" - -#. type: Title = -#: modules/ROOT/pages/index-uyuni.adoc:1 +#: modules/ROOT/pages/index-uyuni.adoc:1 modules/ROOT/pages/index.adoc:1 #, no-wrap msgid "{productname} {productnumber} Documentation" msgstr "" #. type: Title == -#: modules/ROOT/pages/index-uyuni.adoc:4 +#: modules/ROOT/pages/index-uyuni.adoc:2 modules/ROOT/pages/index.adoc:2 #, no-wrap msgid "What is {productname}?" msgstr "" +#. [#salt.gloss] may be used to create a tooltip for a glossary term: see branding/supplemental-ui/suma/sumacom/partials/footer-scripts.hbs #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:9 +#: modules/ROOT/pages/index-uyuni.adoc:3 modules/ROOT/pages/index.adoc:3 msgid "" "{productname} is a solution for organizations that require absolute control " "over maintenance and package deployment on their servers. {productname} " @@ -699,7 +41,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:12 +#: modules/ROOT/pages/index-uyuni.adoc:4 modules/ROOT/pages/index.adoc:4 msgid "" "{productname} uses Salt to provide event-driven configuration and management " "control. The Salt-master orchestrates tens of thousands of Salt clients " @@ -707,7 +49,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:14 +#: modules/ROOT/pages/index-uyuni.adoc:5 msgid "" "{productname} offers seamless management of {sle}, {opensuse}, {rhel}, " "{centos}, {oracle}, {debian} and {ubuntu} client systems, no matter if on-" @@ -716,13 +58,15 @@ msgid "" msgstr "" #. type: Title == -#: modules/ROOT/pages/index-uyuni.adoc:16 +#: modules/ROOT/pages/index-uyuni.adoc:6 modules/ROOT/pages/index.adoc:12 +#: modules/ROOT/pages/index.adoc:17 #, no-wrap msgid "Available Documentation" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index-uyuni.adoc:19 +#: modules/ROOT/pages/index-uyuni.adoc:7 modules/ROOT/pages/index.adoc:13 +#: modules/ROOT/pages/index.adoc:18 msgid "" "The following documentation is available for {productname} version " "{productnumber}." @@ -730,7 +74,7 @@ msgstr "" #. | Architecture | xref:architecture:architecture-intro.adoc[HTML] link:../pdf/uyuni_architecture.pdf[PDF] #. type: Table -#: modules/ROOT/pages/index-uyuni.adoc:45 +#: modules/ROOT/pages/index-uyuni.adoc:8 #, no-wrap msgid "" "| Document | Format | Document | Format\n" @@ -742,7 +86,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index.adoc:16 +#: modules/ROOT/pages/index.adoc:5 msgid "" "{productname} offers seamless management of {sle}, {opensuse}, {rhel}, " "{centos}, {oracle} and {ubuntu} client systems, no matter if on-premise, on " @@ -750,13 +94,13 @@ msgid "" msgstr "" #. type: Block title -#: modules/ROOT/pages/index.adoc:19 +#: modules/ROOT/pages/index.adoc:6 #, no-wrap msgid "Accessibility" msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:26 +#: modules/ROOT/pages/index.adoc:7 msgid "" "If you cannot use the {productname} {webui}, almost all functionality (with " "the exception of virtualization tasks) is available from the command " @@ -768,35 +112,35 @@ msgid "" msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:28 +#: modules/ROOT/pages/index.adoc:8 msgid "" "For more information about [command]``spacecmd``, see xref:reference:" "spacecmd-intro.adoc[]." msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:29 +#: modules/ROOT/pages/index.adoc:9 msgid "" "For more information about other command line tools, see xref:reference:" "command-line-tools.adoc[]." msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:30 +#: modules/ROOT/pages/index.adoc:10 msgid "" "For more information about the API, see https://documentation.suse.com/" "external-tree/en-us/suma/4.1/pdf/susemanager_api_doc_color_en.pdf." msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:31 +#: modules/ROOT/pages/index.adoc:11 msgid "" "For the latest information about all command line tools, see the release " "notes available from https://www.suse.com/releasenotes/." msgstr "" #. type: delimited block = -#: modules/ROOT/pages/index.adoc:45 +#: modules/ROOT/pages/index.adoc:14 msgid "" "{productname} documentation is available in several locations and formats. " "For the most up-to-date version of this documentation, see https://" @@ -804,7 +148,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index.adoc:48 +#: modules/ROOT/pages/index.adoc:15 msgid "" "Download All PDFs icon:caret-right[] icon:file-archive[link=\"../susemanager-" "docs_en-pdf.tar.gz\"]" @@ -812,7 +156,7 @@ msgstr "" #. | Architecture | xref:architecture:architecture-intro.adoc[HTML] link:../pdf/suse_manager_architecture.pdf[PDF] #. type: Table -#: modules/ROOT/pages/index.adoc:66 +#: modules/ROOT/pages/index.adoc:16 #, no-wrap msgid "" "| View HTML | View PDF | View HTML | View PDF\n" @@ -831,7 +175,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/ROOT/pages/index.adoc:77 +#: modules/ROOT/pages/index.adoc:19 msgid "" "Download All PDFs icon:caret-right[] icon:file-archive[link=\"../uyuni-" "docs_en-pdf.tar.gz\"]" @@ -839,7 +183,7 @@ msgstr "" #. | Architecture | xref:architecture:architecture-intro.adoc[HTML] link:../pdf/suse_manager_architecture.pdf[PDF] #. type: Table -#: modules/ROOT/pages/index.adoc:95 +#: modules/ROOT/pages/index.adoc:20 #, no-wrap msgid "" "| View HTML | View PDF | View HTML | View PDF\n" @@ -857,9 +201,45 @@ msgid "" "\n" msgstr "" +#. type: Block title +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:1 +#, no-wrap +msgid "Procedure: Adding Software Channels at the Command Prompt" +msgstr "" + +#. type: Plain text +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:2 +msgid "" +"At the command prompt on the {productname} Server, as root, use the " +"[command]``spacewalk-common-channels`` command to add the appropriate " +"channels:" +msgstr "" + +#. type: delimited block - +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:3 +#, no-wrap +msgid "" +"spacewalk-common-channels \\\n" +" \\\n" +" \\\n" +" \\\n" +"... \n" +msgstr "" + +#. type: Plain text +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:4 +msgid "Synchronize the channels:" +msgstr "" + +#. type: delimited block - +#: modules/ROOT/pages/snippets/add_channels_cli.adoc:5 +#, no-wrap +msgid "mgr-sync refresh --refresh-channels\n" +msgstr "" + #. * xref:index-webui-branding-2019.adoc[What is SUSE Manager?] #. * xref:release-notes-version-4.0.adoc[Doc Release Notes] #. type: Plain text -#: modules/ROOT/nav.adoc:3 +#: modules/ROOT/nav.adoc:1 msgid "xref:common_gfdl1.2_i.adoc[License]" msgstr "" diff --git a/l10n-weblate/administration.cfg b/l10n-weblate/administration.cfg new file mode 100644 index 00000000000..d2efb00da5e --- /dev/null +++ b/l10n-weblate/administration.cfg @@ -0,0 +1,66 @@ +[po4a_langs] es zh_CN cs +[po4a_paths] l10n-weblate/administration/administration.pot $lang:l10n-weblate/administration/$lang.po + +[po4a_alias:adoc] adoc opt:"-M UTF-8 -L UTF-8" + +[options] opt:"--porefs=counter" + +[type: asciidoc] modules/administration/_attributes.adoc $lang:translations/$lang/modules/administration/_attributes.adoc +[type: asciidoc] modules/administration/pages/live-patching.adoc $lang:translations/$lang/modules/administration/pages/live-patching.adoc +[type: asciidoc] modules/administration/pages/master-fingerprint.adoc $lang:translations/$lang/modules/administration/pages/master-fingerprint.adoc +[type: asciidoc] modules/administration/pages/mirror-sources.adoc $lang:translations/$lang/modules/administration/pages/mirror-sources.adoc +[type: asciidoc] modules/administration/pages/tshoot-diskspace.adoc $lang:translations/$lang/modules/administration/pages/tshoot-diskspace.adoc +[type: asciidoc] modules/administration/pages/tshoot-intro.adoc $lang:translations/$lang/modules/administration/pages/tshoot-intro.adoc +[type: asciidoc] modules/administration/pages/tshoot-localcert.adoc $lang:translations/$lang/modules/administration/pages/tshoot-localcert.adoc +[type: asciidoc] modules/administration/pages/tshoot-logintimeout.adoc $lang:translations/$lang/modules/administration/pages/tshoot-logintimeout.adoc +[type: asciidoc] modules/administration/pages/tshoot-packages.adoc $lang:translations/$lang/modules/administration/pages/tshoot-packages.adoc +[type: asciidoc] modules/administration/pages/tshoot-rpctimeout.adoc $lang:translations/$lang/modules/administration/pages/tshoot-rpctimeout.adoc +[type: asciidoc] modules/administration/pages/tuning-changelogs.adoc $lang:translations/$lang/modules/administration/pages/tuning-changelogs.adoc +[type: asciidoc] modules/administration/pages/space-management.adoc $lang:translations/$lang/modules/administration/pages/space-management.adoc +[type: asciidoc] modules/administration/pages/task-schedules.adoc $lang:translations/$lang/modules/administration/pages/task-schedules.adoc +[type: asciidoc] modules/administration/pages/subscription-matching.adoc $lang:translations/$lang/modules/administration/pages/subscription-matching.adoc +[type: asciidoc] modules/administration/pages/ssl-certs-imported.adoc $lang:translations/$lang/modules/administration/pages/ssl-certs-imported.adoc +[type: asciidoc] modules/administration/pages/tshoot-notifications.adoc $lang:translations/$lang/modules/administration/pages/tshoot-notifications.adoc +[type: asciidoc] modules/administration/pages/auth-methods.adoc $lang:translations/$lang/modules/administration/pages/auth-methods.adoc +[type: asciidoc] modules/administration/pages/public-cloud-azure.adoc $lang:translations/$lang/modules/administration/pages/public-cloud-azure.adoc +[type: asciidoc] modules/administration/pages/mgr-sync.adoc $lang:translations/$lang/modules/administration/pages/mgr-sync.adoc +[type: asciidoc] modules/administration/pages/ssl-certs.adoc $lang:translations/$lang/modules/administration/pages/ssl-certs.adoc +[type: asciidoc] modules/administration/pages/tshoot-taskomatic.adoc $lang:translations/$lang/modules/administration/pages/tshoot-taskomatic.adoc +[type: asciidoc] modules/administration/pages/actions.adoc $lang:translations/$lang/modules/administration/pages/actions.adoc +[type: asciidoc] modules/administration/pages/admin-overview.adoc $lang:translations/$lang/modules/administration/pages/admin-overview.adoc +[type: asciidoc] modules/administration/pages/auditing.adoc $lang:translations/$lang/modules/administration/pages/auditing.adoc +[type: asciidoc] modules/administration/pages/auth-methods-pam.adoc $lang:translations/$lang/modules/administration/pages/auth-methods-pam.adoc +[type: asciidoc] modules/administration/pages/auth-methods-sso-example.adoc $lang:translations/$lang/modules/administration/pages/auth-methods-sso-example.adoc +[type: asciidoc] modules/administration/pages/auth-methods-sso.adoc $lang:translations/$lang/modules/administration/pages/auth-methods-sso.adoc +[type: asciidoc] modules/administration/pages/backup-restore.adoc $lang:translations/$lang/modules/administration/pages/backup-restore.adoc +[type: asciidoc] modules/administration/pages/channel-management.adoc $lang:translations/$lang/modules/administration/pages/channel-management.adoc +[type: asciidoc] modules/administration/pages/content-lifecycle-examples.adoc $lang:translations/$lang/modules/administration/pages/content-lifecycle-examples.adoc +[type: asciidoc] modules/administration/pages/content-lifecycle.adoc $lang:translations/$lang/modules/administration/pages/content-lifecycle.adoc +[type: asciidoc] modules/administration/pages/content-staging.adoc $lang:translations/$lang/modules/administration/pages/content-staging.adoc +[type: asciidoc] modules/administration/pages/crash-reporting.adoc $lang:translations/$lang/modules/administration/pages/crash-reporting.adoc +[type: asciidoc] modules/administration/pages/custom-channels.adoc $lang:translations/$lang/modules/administration/pages/custom-channels.adoc +[type: asciidoc] modules/administration/pages/disconnected-setup.adoc $lang:translations/$lang/modules/administration/pages/disconnected-setup.adoc +[type: asciidoc] modules/administration/pages/image-management.adoc $lang:translations/$lang/modules/administration/pages/image-management.adoc +[type: asciidoc] modules/administration/pages/iss.adoc $lang:translations/$lang/modules/administration/pages/iss.adoc +[type: asciidoc] modules/administration/pages/live-patching-channel-setup.adoc $lang:translations/$lang/modules/administration/pages/live-patching-channel-setup.adoc +[type: asciidoc] modules/administration/pages/live-patching-sles12.adoc $lang:translations/$lang/modules/administration/pages/live-patching-sles12.adoc +[type: asciidoc] modules/administration/pages/live-patching-sles15.adoc $lang:translations/$lang/modules/administration/pages/live-patching-sles15.adoc +[type: asciidoc] modules/administration/pages/maintenance-window-tasks.adoc $lang:translations/$lang/modules/administration/pages/maintenance-window-tasks.adoc +[type: asciidoc] modules/administration/pages/maintenance-windows.adoc $lang:translations/$lang/modules/administration/pages/maintenance-windows.adoc +[type: asciidoc] modules/administration/pages/monitoring.adoc $lang:translations/$lang/modules/administration/pages/monitoring.adoc +[type: asciidoc] modules/administration/pages/organizations.adoc $lang:translations/$lang/modules/administration/pages/organizations.adoc +[type: asciidoc] modules/administration/pages/public-cloud.adoc $lang:translations/$lang/modules/administration/pages/public-cloud.adoc +[type: asciidoc] modules/administration/pages/repo-metadata.adoc $lang:translations/$lang/modules/administration/pages/repo-metadata.adoc +[type: asciidoc] modules/administration/pages/reports.adoc $lang:translations/$lang/modules/administration/pages/reports.adoc +[type: asciidoc] modules/administration/pages/ssl-certs-selfsigned.adoc $lang:translations/$lang/modules/administration/pages/ssl-certs-selfsigned.adoc +[type: asciidoc] modules/administration/pages/tshoot-corruptrepo.adoc $lang:translations/$lang/modules/administration/pages/tshoot-corruptrepo.adoc +[type: asciidoc] modules/administration/pages/tshoot-firewalls.adoc $lang:translations/$lang/modules/administration/pages/tshoot-firewalls.adoc +[type: asciidoc] modules/administration/pages/tshoot-hostname-rename.adoc $lang:translations/$lang/modules/administration/pages/tshoot-hostname-rename.adoc +[type: asciidoc] modules/administration/pages/tshoot-inactiveclients.adoc $lang:translations/$lang/modules/administration/pages/tshoot-inactiveclients.adoc +[type: asciidoc] modules/administration/pages/tshoot-registerclones.adoc $lang:translations/$lang/modules/administration/pages/tshoot-registerclones.adoc +[type: asciidoc] modules/administration/pages/tshoot-saltboot.adoc $lang:translations/$lang/modules/administration/pages/tshoot-saltboot.adoc +[type: asciidoc] modules/administration/pages/openscap.adoc $lang:translations/$lang/modules/administration/pages/openscap.adoc +[type: asciidoc] modules/administration/pages/tshoot-osadjabberd.adoc $lang:translations/$lang/modules/administration/pages/tshoot-osadjabberd.adoc +[type: asciidoc] modules/administration/pages/tshoot-sync.adoc $lang:translations/$lang/modules/administration/pages/tshoot-sync.adoc +[type: asciidoc] modules/administration/pages/users.adoc $lang:translations/$lang/modules/administration/pages/users.adoc +[type: asciidoc] modules/administration/nav-administration-guide.adoc $lang:translations/$lang/modules/administration/nav-administration-guide.adoc diff --git a/l10n-weblate/administration/administration.pot b/l10n-weblate/administration/administration.pot index 1ec6790c081..b15bb7ffc6e 100644 --- a/l10n-weblate/administration/administration.pot +++ b/l10n-weblate/administration/administration.pot @@ -7,13663 +7,15138 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2020-08-23 23:31+0200\n" +"POT-Creation-Date: 2020-09-30 10:38+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" +"Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Title = -#: modules/administration/pages/actions.adoc:2 +#: modules/administration/pages/live-patching.adoc:1 #, no-wrap -msgid "Actions" +msgid "Live Patching with SUSE Manager" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:5 -msgid "You can manage actions on your clients in a number of different ways." +#: modules/administration/pages/live-patching.adoc:2 +msgid "" +"Performing a kernel update usually requires a system reboot. Common " +"vulnerability and exposure (CVE) patches should be applied as soon as " +"possible, but if you cannot afford the downtime, you can use Live Patching " +"to inject these important updates and skip the need to reboot." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:8 +#: modules/administration/pages/live-patching.adoc:3 msgid "" -"For Salt clients, you can schedule automated recurring actions to apply the " -"highstate to clients on a specified schedule. You can apply recurring " -"actions to individual clients, to all clients in a system group, or to an " -"entire organization." +"The procedure for setting up Live Patching is slightly different for " +"SLES{nbsp}12 and SLES{nbsp}15. Both procedures are documented in this " +"section." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:11 -msgid "" -"On both Salt and traditional clients, you can set actions to be performed in " -"a particular order by creating action chains. Action chains can be created " -"and edited ahead of time, and scheduled to run at a time that suits you." +#. type: Title = +#: modules/administration/pages/master-fingerprint.adoc:1 +#, no-wrap +msgid "Set up a Client to Master Validation Fingerprint" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:14 +#: modules/administration/pages/master-fingerprint.adoc:2 msgid "" -"You can also perform remote commands on one or more of your Salt clients. " -"Remote commands allows you to issue commands to individual Salt clients, or " -"to all clients that match a search term." +"In highly secure network configurations you may wish to ensure your Salt " +"clients are connecting a specific master. To set up validation from client " +"to master enter the master's fingerprint within the " +"[path]``/etc/salt/minion`` configuration file." msgstr "" -#. type: Title == -#: modules/administration/pages/actions.adoc:17 -#, no-wrap -msgid "Recurring Actions" +#. type: Plain text +#: modules/administration/pages/master-fingerprint.adoc:3 +msgid "See the following procedure:" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:20 +#: modules/administration/pages/master-fingerprint.adoc:4 msgid "" -"You can apply recurring actions on individual Salt clients, or to all " -"clients in an organization." +"On the master, at the command prompt, as root, use this command to find the " +"``master.pub`` fingerprint:" msgstr "" -#. type: Block title -#: modules/administration/pages/actions.adoc:23 +#. type: delimited block - +#: modules/administration/pages/master-fingerprint.adoc:5 #, no-wrap -msgid "Procedure: Creating a New Recurring Action" +msgid "salt-key -F master\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:25 +#: modules/administration/pages/master-fingerprint.adoc:6 msgid "" -"To apply a recurring action to an individual client, navigate to " -"[guimenu]``Systems``, click the client to configure schedules for, and " -"navigate to the menu:States[Recurring States] tab." +"On your client, open the [path]``/etc/salt/minion`` configuration file. " +"Uncomment the following line and enter the master's fingerprint replacing " +"the example fingerprint:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:26 -msgid "" -"To apply a recurring action to a system group, navigate to menu:" -"Systems[System Groups], select the group to configure schedules for, and " -"navigate to menu:States[Recurring States] tab." +#. type: delimited block - +#: modules/administration/pages/master-fingerprint.adoc:7 +#, no-wrap +msgid "master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:27 -msgid "Click btn:[Create]." +#: modules/administration/pages/master-fingerprint.adoc:8 +msgid "Restart the salt-minion service:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:28 -msgid "Type a name for the new schedule." +#. type: delimited block - +#: modules/administration/pages/master-fingerprint.adoc:9 +#, no-wrap +msgid "# systemctl restart salt-minion\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:29 -msgid "Choose the frequency of the recurring action:" +#: modules/administration/pages/master-fingerprint.adoc:10 +msgid "" +"For information on configuring security from a client, see " +"https://docs.saltstack.com/en/latest/ref/configuration/minion.html." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:32 -msgid "" -"[guimenu]``Hourly:`` Type the minute of each hour. For example, " -"[parameter]``15`` will run the action at fifteen minutes past every hour." +#. type: Title = +#: modules/administration/pages/mirror-sources.adoc:1 +#, no-wrap +msgid "Mirror Source Packages" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:34 +#: modules/administration/pages/mirror-sources.adoc:2 msgid "" -"[guimenu]``Daily:`` Select the time of each day. For example, " -"[parameter]``01:00`` will run the action at 0100 every day, in the timezone " -"of the {productname} Server." +"If you build your own packages locally, or if you require the source code " +"for your packages for legal reasons, it is possible to mirror the source " +"packages on {productname} Server." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:35 -msgid "" -"[guimenu]``Weekly:`` Select the day of the week and the time of the day, to " -"execute the action every week at the specified time." +#. type: delimited block = +#: modules/administration/pages/mirror-sources.adoc:3 +msgid "Mirroring source packages can consume a significant amount of disk space." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:36 -msgid "" -"[guimenu]``Monthly:`` Select the day of the month and the time of the day, " -"to execute the action every month at the specified time." +#. type: Block title +#: modules/administration/pages/mirror-sources.adoc:4 +#, no-wrap +msgid "Procedure: Mirroring Source Packages" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:38 +#: modules/administration/pages/mirror-sources.adoc:5 msgid "" -"[guimenu]``Custom Quartz format:`` For more detailed options, enter a custom " -"quartz string. For example, to run a recurring action at 0215 every " -"Saturday of every month, enter:" +"Open the [filename]``/etc/rhn/rhn.conf`` configuration file, and add this " +"line:" msgstr "" #. type: delimited block - -#: modules/administration/pages/actions.adoc:41 +#: modules/administration/pages/mirror-sources.adoc:6 #, no-wrap -msgid "0 15 2 ? * 7\n" +msgid "server.sync_source_packages = 1\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:43 -msgid "" -"OPTIONAL: Toggle the [guimenu]``Test mode`` switch on to run the schedule in " -"test mode." +#: modules/administration/pages/mirror-sources.adoc:7 +msgid "Restart the Spacewalk service to pick up the changes:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:44 -msgid "" -"Click btn:[Create Schedule] to save, and see the complete list of existing " -"schedules." +#. type: delimited block - +#: modules/administration/pages/mirror-sources.adoc:8 +#: modules/administration/pages/auth-methods-sso.adoc:42 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:15 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:57 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:74 +#, no-wrap +msgid "spacewalk-service restart\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:48 +#: modules/administration/pages/mirror-sources.adoc:9 msgid "" -"Organization Administrators can set and edit recurring actions for all " -"clients in the organization. Navigate to menu:Home[My Organization > " -"Recurring States] to see all recurring actions that apply to the entire " -"organization." +"Currently, this feature can only be enabled globally for all repositories. " +"It is not possible to select individual repositories for mirroring." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:51 -msgid "" -"{productname} Administrators can set and edit recurring actions for all " -"clients in all organizations. Navigate to menu:Admin[Organizations], select " -"the organization to manage, and navigate to the menu:States[Recurring " -"States] tab." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/actions.adoc:56 +#: modules/administration/pages/mirror-sources.adoc:10 msgid "" -"Recurring actions can only be used with Salt clients. Traditional clients " -"in your group or organization are ignored." +"When this feature has been activated, the source packages will become " +"available in the {productname} {webui} after the next repository " +"synchronization. They will be shown as sources for the binary package, and " +"can be downloaded directly from the {webui}. Source packages cannot be " +"installed on clients using the {webui}." msgstr "" -#. type: Title == -#: modules/administration/pages/actions.adoc:60 +#. type: Title = +#: modules/administration/pages/tshoot-diskspace.adoc:1 #, no-wrap -msgid "Action Chains" +msgid "Troubleshooting Disk Space" msgstr "" +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# +#. Troubleshooting format: +# +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +# +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/actions.adoc:63 +#: modules/administration/pages/tshoot-diskspace.adoc:2 msgid "" -"If you need to perform a number of sequential actions on your clients, you " -"can create an action chain to ensure the order is respected." +"Running out of disk space can have a severe impact on the {productname} " +"database and file structure which, in most cases, is not recoverable." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:68 +#: modules/administration/pages/tshoot-diskspace.adoc:3 msgid "" -"By default, most clients will execute an action as soon as the command is " -"issued. In some case, actions will take a long time, which could mean that " -"actions issued afterwards fail. For example, if you instruct a client to " -"reboot, then issue a second command, the second action could fail because " -"the reboot is still occurring. To ensure that actions occur in the correct " -"order, use action chains." +"{productname} monitors free space in specific directories, and has " +"configurable alerts. For more on space management, see " +"xref:administration:space-management.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:71 +#: modules/administration/pages/tshoot-diskspace.adoc:4 msgid "" -"You can use action chains on both traditional and Salt clients. Action " -"chains can include any number of these actions, in any order:" +"You can recover disk space by removing unused custom channels and redundant " +"database entries before you run out of space entirely." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:73 -msgid "menu:System Details[Remote Command]" +#: modules/administration/pages/tshoot-diskspace.adoc:5 +msgid "" +"For instructions on how to delete custom channels, see " +"xref:administration:channel-management.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:74 -msgid "menu:System Details[Schedule System Reboot]" +#. type: Block title +#: modules/administration/pages/tshoot-diskspace.adoc:6 +#, no-wrap +msgid "Procedure: Resolving redundant database entries" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:75 -msgid "menu:System Details[States > Highstate]" +#: modules/administration/pages/tshoot-diskspace.adoc:7 +msgid "" +"Use the [command]``spacewalk-data-fsck`` command to list any redundant " +"database entries." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:76 -msgid "menu:System Details[Software > Packages > List/Remove]" +#: modules/administration/pages/tshoot-diskspace.adoc:8 +msgid "Use the [command]``spacewalk-data-fsck --remove`` command to delete them." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:77 -msgid "menu:System Details[Software > Packages > Install]" +#. type: Title === +#: modules/administration/pages/tshoot-intro.adoc:1 +#: modules/administration/pages/image-management.adoc:127 +#: modules/administration/pages/image-management.adoc:242 +#, no-wrap +msgid "Troubleshooting" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:78 -msgid "menu:System Details[Software > Packages > Upgrade]" +#: modules/administration/pages/tshoot-intro.adoc:2 +msgid "" +"This section contains some common problems you might encounter with " +"{productname}, and solutions to resolving them." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:79 -msgid "menu:System Details[Software > Patches]" +#. type: Title = +#: modules/administration/pages/tshoot-localcert.adoc:1 +#, no-wrap +msgid "Troubleshooting Local Issuer Certificates" msgstr "" +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# +#. Troubleshooting format: +# +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +# +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/actions.adoc:80 -msgid "menu:System Details[Software > Software Channels]" +#: modules/administration/pages/tshoot-localcert.adoc:2 +msgid "" +"Some older bootstrap scripts create a link to the local certificate in the " +"wrong place. This results in zypper returning an ``Unrecognized error`` " +"about the local issuer certificate. You can ensure that the link to the " +"local issuer certificate has been created correctly by checking the " +"[path]``/etc/ssl/certs/`` directory. If you come across this problem, you " +"should consider updating your bootstrap scripts to ensure that zypper " +"operates as expected." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:81 -msgid "menu:System Details[Configuration]" +#. type: Title = +#: modules/administration/pages/tshoot-logintimeout.adoc:1 +#, no-wrap +msgid "Troubleshooting Login Timeouts" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:82 -msgid "menu:Images[Build]" +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# +#. Troubleshooting format: +# +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +# +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step +#. type: Plain text +#: modules/administration/pages/tshoot-logintimeout.adoc:2 +msgid "" +"By default, the {productname} {webui} will require users to log in again " +"after 30{nbsp}minutes. Depending on your environment, you might want to " +"adjust the login timeout value." msgstr "" -#. type: Block title -#: modules/administration/pages/actions.adoc:85 -#, no-wrap -msgid "Procedure: Creating a New Action Chain" +#. type: Plain text +#: modules/administration/pages/tshoot-logintimeout.adoc:3 +msgid "" +"To adjust the value, you will need to make the change in both " +"[path]``rhn.conf`` and [path]``web.xml``. Ensure you set the value in " +"seconds in [path]``/etc/rhn/rhn.conf``, and in minutes in " +"[path]``web.xml``. The two values must equal the same amount of time." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:88 +#: modules/administration/pages/tshoot-logintimeout.adoc:4 msgid "" -"In the {productname} {webui}, navigate to the first action you want to " -"perform in the action chain. For example, navigate to [guimenu]``System " -"Details`` for a client, and click btn:[Schedule System Reboot]." +"For example, to change the timeout value to one hour, set the value in " +"[path]``rhn.conf`` to 3600 seconds, and the value in [path]``web.xml`` to 60 " +"minutes." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:89 -msgid "Check the [guimenu]``Add to`` field and select ``new action chain``." +#. type: Block title +#: modules/administration/pages/tshoot-logintimeout.adoc:5 +#, no-wrap +msgid "Procedure: Adjusting the {webui} Login Timeout Value" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:91 -msgid "" -"Confirm the action. This will not perform the action immediately, it will " -"instead create the new action chain, and a blue bar confirming this appears " -"at the top of the screen." +#: modules/administration/pages/tshoot-logintimeout.adoc:6 +msgid "Stop services:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:92 -msgid "" -"Continue adding actions to your action chain by checking the [guimenu]``Add " -"to`` field and selecting the name of the action chain to add them to." +#. type: delimited block - +#: modules/administration/pages/tshoot-logintimeout.adoc:7 +#: modules/administration/pages/backup-restore.adoc:133 +#, no-wrap +msgid "spacewalk-service stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:93 +#: modules/administration/pages/tshoot-logintimeout.adoc:8 msgid "" -"When you have finished adding actions, navigate to menu:Schedule[Action " -"Chains] and selecting the action chain from the list." +"Open [path]``/etc/rhn/rhn.conf`` and add or edit this line to include the " +"new timeout value in seconds:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-logintimeout.adoc:9 +#, no-wrap +msgid "web.session_database_lifetime = \n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:96 -msgid "" -"Re-order actions by dragging them and dropping them into the correct " -"position. Click the blue plus sign to see the clients an action will be " -"performed on. Click btn:[Save] to save your changes." +#: modules/administration/pages/tshoot-logintimeout.adoc:10 +#: modules/administration/pages/tshoot-logintimeout.adoc:13 +msgid "Save and close the file." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:98 +#: modules/administration/pages/tshoot-logintimeout.adoc:11 msgid "" -"Schedule a time for your action chain to run, and click btn:[Save and " -"Schedule]. If you leave the page without clicking either btn:[Save] or btn:" -"[Save and Schedule] all unsaved changes will be discarded." +"Open [path]``/srv/tomcat/webapps/rhn/WEB-INF/web.xml`` and add or edit this " +"line to include the new timeout value in minutes:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/actions.adoc:102 -msgid "" -"If one action in an action chain fails, the action chain stops, and no " -"further actions are executed." +#. type: delimited block - +#: modules/administration/pages/tshoot-logintimeout.adoc:12 +#, no-wrap +msgid "Timeout_Value_in_Minutes\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:105 -msgid "" -"You can see scheduled actions from action chains by navigating to menu:" -"Schedule[Pending Actions]." +#: modules/administration/pages/tshoot-logintimeout.adoc:14 +msgid "Restart services:" msgstr "" -#. type: Title == -#: modules/administration/pages/actions.adoc:108 +#. type: delimited block - +#: modules/administration/pages/tshoot-logintimeout.adoc:15 +#: modules/administration/pages/backup-restore.adoc:149 #, no-wrap -msgid "Remote Commands" +msgid "spacewalk-service start\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:112 -msgid "" -"You can configure clients to run commands remotely. This allows you to " -"issue scripts or individual commands to a client, without having access to " -"the client directly." +#. type: Title = +#: modules/administration/pages/tshoot-packages.adoc:1 +#, no-wrap +msgid "Troubleshooting Package Inconsistencies" msgstr "" +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# +#. Troubleshooting format: +# +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +# +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/actions.adoc:116 +#: modules/administration/pages/tshoot-packages.adoc:2 msgid "" -"This feature is automatically enabled on Salt clients, and you do not need " -"to perform any further configuration. For traditional clients, the feature " -"is enabled if you have registered the client using a bootstrap script and " -"have enabled remote commands. You can use this procedure to enable it " -"manually, instead." +"When packages on a client are locked, {productname} Server may not be able " +"to correctly determine the set of applicable patches. When this occurs, " +"package updates will be available in the {webui}, but will not appear on the " +"client, and attempts to update the client will fail. Check package locks " +"and exclude lists to determine if packages are locked or excluded on the " +"client." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:119 +#: modules/administration/pages/tshoot-packages.adoc:3 msgid "" -"Before you begin, ensure your client is subscribed to the appropriate tools " -"child channel for its installed operating system. For more information " -"about subscribing to software channels, see xref:client-configuration:" -"channels.adoc[]." +"On the client, check package locks and exclude lists to determine if " +"packages are locked or excluded:" msgstr "" -#. type: Block title -#: modules/administration/pages/actions.adoc:122 -#, no-wrap -msgid "Procedure: Configuring Traditional Clients to Accept Remote Commands" +#. type: Plain text +#: modules/administration/pages/tshoot-packages.adoc:4 +msgid "" +"On an Expanded Support Platform, check [path]``/etc/yum.conf`` and search " +"for ``exclude=``." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:125 -msgid "" -"On the client, at the command prompt, use the package manager to install the " -"[systemitem]``rhncfg``, [systemitem]``rhncfg-client``, and " -"[systemitem]``rhncfg-actions`` packages, if not already installed. For " -"example:" +#: modules/administration/pages/tshoot-packages.adoc:5 +msgid "On {sle} and {opensuse}, use the [command]``zypper locks`` command." msgstr "" -#. type: delimited block - -#: modules/administration/pages/actions.adoc:128 +#. type: Title = +#: modules/administration/pages/tshoot-rpctimeout.adoc:1 #, no-wrap -msgid "zypper in rhncfg rhncfg-client rhncfg-actions\n" +msgid "Troubleshooting RPC Connection Timeouts" msgstr "" +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# +#. Troubleshooting format: +# +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +# +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/actions.adoc:130 +#: modules/administration/pages/tshoot-rpctimeout.adoc:2 msgid "" -"On the client, at the command prompt, as root, create a path in the local " -"configuration directory:" +"RPC connections can sometimes time out due to slow networks or a network " +"link going down. This results in package downloads or batch jobs hanging or " +"taking longer than expected. You can adjust the maximum time that an RPC " +"connection can take by editing the configuration file. While this will not " +"resolve networking problems, it will cause a process to fail rather than " +"hang." msgstr "" -#. type: delimited block - -#: modules/administration/pages/actions.adoc:133 +#. type: Block title +#: modules/administration/pages/tshoot-rpctimeout.adoc:3 #, no-wrap -msgid "mkdir -p /etc/sysconfig/rhn/allowed-actions/script\n" +msgid "Procedure: Resolving RPC connection timeouts" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:137 +#: modules/administration/pages/tshoot-rpctimeout.adoc:4 msgid "" -"Create an empty file called [path]``run`` in the new directory. This file " -"grants the {productname} Server permission to run remote commands:" +"On the {productname} Server, open the [filename]``/etc/rhn/rhn.conf`` file " +"and set a maximum timeout value (in seconds):" msgstr "" #. type: delimited block - -#: modules/administration/pages/actions.adoc:140 +#: modules/administration/pages/tshoot-rpctimeout.adoc:5 #, no-wrap -msgid "touch /etc/sysconfig/rhn/allowed-actions/script/run\n" +msgid "server.timeout =`number`\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:145 -msgid "" -"For Salt clients, remote commands are run from the [path]``/tmp/`` directory " -"on the client. To ensure that remote commands work accurately, do not mount " -"``/tmp`` with the [parameter]``noexec`` option." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/actions.adoc:151 +#: modules/administration/pages/tshoot-rpctimeout.adoc:6 msgid "" -"All commands run from the [guimenu]``Remote Commands`` page are executed as " -"{rootuser} on clients. Wildcards can be used to run commands across any " -"number of systems. Always take extra care to check your commands before " -"issuing them." +"On the {productname} Proxy, open the [filename]``/etc/rhn/rhn.conf`` file " +"and set a maximum timeout value (in seconds):" msgstr "" -#. type: Block title -#: modules/administration/pages/actions.adoc:155 +#. type: delimited block - +#: modules/administration/pages/tshoot-rpctimeout.adoc:7 #, no-wrap -msgid "Procedure: Running Remote Commands on Traditional Clients" +msgid "proxy.timeout =`number`\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:157 +#: modules/administration/pages/tshoot-rpctimeout.adoc:8 msgid "" -"In the {productname} {webui}, navigate to [guimenu]``Systems``, click the " -"client to run a remote command on, and navigate to the menu:Details[Remote " -"Command] tab." +"On a {sles} client that uses zypper, open the " +"[filename]``/etc/zypp/zypp.conf`` file and set a maximum timeout value (in " +"seconds):" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:159 +#. type: delimited block - +#: modules/administration/pages/tshoot-rpctimeout.adoc:9 +#, no-wrap msgid "" -"In the [guimenu]``Run as user`` field, type the user ID (UID) of the user on " -"the client that you want to run the command. Alternatively, you can specify " -"a group to run the command, using the group ID (GID) in the [guimenu]``Run " -"as group`` field." +"## Valid values: [0,3600]\n" +"## Default value: 180\n" +"download.transfer_timeout = 180\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:161 +#: modules/administration/pages/tshoot-rpctimeout.adoc:10 msgid "" -"OPTIONAL: In the [guimenu]``Timeout`` field, type a timeout period for the " -"command, in seconds. If the command is not executed within this period, it " -"will not be run." +"On a {rhel} client that uses yum, open the [filename]``/etc/yum.conf`` file " +"and set a maximum timeout value (in seconds):" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:162 -msgid "In the [guimenu]``Command label`` field, type a name for your command." +#. type: delimited block - +#: modules/administration/pages/tshoot-rpctimeout.adoc:11 +#, no-wrap +msgid "timeout =`number`\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:163 +#. type: delimited block = +#: modules/administration/pages/tshoot-rpctimeout.adoc:12 msgid "" -"In the [guimenu]``Script`` field, type the command or script to execute." +"If you limit RPC timeouts to less than `180` seconds, you risk aborting " +"perfectly normal operations." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:164 -msgid "" -"Select a date and time to execute the command, or add the remote command to " -"an action chain." +#. type: Title = +#: modules/administration/pages/tuning-changelogs.adoc:1 +#, no-wrap +msgid "Tuning Changelogs" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:165 -msgid "Click btn:[Schedule] to schedule the remote command." +#: modules/administration/pages/tuning-changelogs.adoc:2 +msgid "" +"Some packages have a long list of changelog entries. This data is " +"downloaded by default, but it is not always useful information to keep. In " +"order to limit the amount of changelog metadata which is downloaded and to " +"save disk space, you can put a limit on how many entries to keep on disk." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:167 +#: modules/administration/pages/tuning-changelogs.adoc:3 msgid "" -"For more information about action chains, see xref:reference:schedule/action-" -"chains.adoc[]." +"This configuration option is in the [filename]``/etc/rhn/rhn.conf`` " +"configuration file. The parameter defaults to [systemitem]``0``, which " +"means unlimited." msgstr "" -#. type: Block title -#: modules/administration/pages/actions.adoc:171 +#. type: delimited block - +#: modules/administration/pages/tuning-changelogs.adoc:4 #, no-wrap -msgid "Procedure: Running Remote Commands on Salt Clients" +msgid "java.max_changelog_entries = 0\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:173 -msgid "Navigate to menu:Salt[Remote Commands]." +#: modules/administration/pages/tuning-changelogs.adoc:5 +msgid "" +"If you set this parameter, it will come into effect only for new packages " +"when they are synchronized." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:174 +#: modules/administration/pages/tuning-changelogs.adoc:6 msgid "" -"In the first field, before the ``@`` symbol, type the command you want to " -"issue." +"After changing this parameter, restart services with ``spacewalk-service " +"restart``." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:176 +#: modules/administration/pages/tuning-changelogs.adoc:7 msgid "" -"In the second field, after the ``@`` symbol, type the client you want to " -"issue the command on. You can type the ``minion-id`` of an individual " -"client, or you can use wildcards to target a range of clients." +"You might like to delete and regenerate the cached data to remove older " +"data." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:177 +#. type: delimited block = +#: modules/administration/pages/tuning-changelogs.adoc:8 msgid "" -"Click btn:[Find targets] to check which clients you have targeted, and " -"confirm that you have used the correct details." +"Deleting and regenerating cached data can take a long time. Depending on " +"the number of channels you have and the amount of data to be deleted, it can " +"potentially take several hours. The task is run in the background by " +"Taskomatic, so you can continue to use {productname} while the operation " +"completes, however you should expect some performance loss." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:177 -msgid "Click btn:[Run command] to issue the command to the target clients." +#: modules/administration/pages/tuning-changelogs.adoc:9 +msgid "" +"You can delete and request a regeneration of cached data from the command " +"line:" msgstr "" -#. type: Title = -#: modules/administration/pages/admin-overview.adoc:2 +#. type: delimited block - +#: modules/administration/pages/tuning-changelogs.adoc:10 #, no-wrap -msgid "Administration Guide Overview" +msgid "spacewalk-sql -i\n" msgstr "" #. type: Plain text -#: modules/administration/pages/admin-overview.adoc:5 -#, no-wrap -msgid "**Publication Date:** {docdate}\n" +#: modules/administration/pages/tuning-changelogs.adoc:11 +msgid "Then on the SQL database prompt, enter:" msgstr "" -#. type: Plain text -#: modules/administration/pages/admin-overview.adoc:6 +#. type: delimited block - +#: modules/administration/pages/tuning-changelogs.adoc:12 +#, no-wrap msgid "" -"This book provides guidance on performing administration tasks on the " -"{productname} Server." +"DELETE FROM rhnPackageRepodata;\n" +"INSERT INTO rhnRepoRegenQueue (id, CHANNEL_LABEL, REASON, FORCE)\n" +"(SELECT sequence_nextval('rhn_repo_regen_queue_id_seq'),\n" +" C.label,\n" +" 'cached data regeneration',\n" +" 'Y'\n" +" FROM rhnChannel C);\n" +"\\q\n" msgstr "" #. type: Title = -#: modules/administration/pages/auditing.adoc:2 +#: modules/administration/pages/space-management.adoc:1 #, no-wrap -msgid "Auditing" +msgid "Managing Disk Space" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:6 +#: modules/administration/pages/space-management.adoc:2 msgid "" -"In {productname}, you can keep track of your clients through a series of " -"auditing tasks. You can check that your clients are up to date with all " -"public security patches (CVEs), perform subscription matching, and use " -"OpenSCAP to check for specification compliance." +"Running out of disk space can have a severe impact on the {productname} " +"database and file structure which, in some cases, is not recoverable." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:8 +#: modules/administration/pages/space-management.adoc:3 msgid "" -"In the {productname} {webui}, navigate to [guimenu]``Audit`` to perform " -"auditing tasks." +"{productname} monitors some directories for free disk space. You can modify " +"which directories are monitored, and the warnings that are created. All " +"settings are configured in the [path]``/etc/rhn/rhn.conf`` configuration " +"file." msgstr "" -#. This will probably need to be broken into sub-sections. --LKB 20200205 #. type: Title == -#: modules/administration/pages/auditing.adoc:14 +#: modules/administration/pages/space-management.adoc:4 #, no-wrap -msgid "CVE Audits" +msgid "Monitored Directories" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:17 -msgid "" -"A CVE (common vulnerabilities and exposures) is a fix for a publicly known " -"security vulnerability." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/auditing.adoc:21 -msgid "You must apply CVEs to your clients as soon as they become available." +#: modules/administration/pages/space-management.adoc:5 +msgid "By default, {productname} monitors these directories:" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:25 -msgid "" -"Each CVE contains an identification number, a description of the " -"vulnerability, and links to further information. CVE identification numbers " -"use the form ``CVE-YEAR-XXXX``." +#: modules/administration/pages/space-management.adoc:6 +msgid "[path]``/var/lib/pgsql``" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:27 -msgid "" -"In the {productname} {webui}, navigate to menu:Audit[CVE Audit] to see a " -"list of all clients and their current patch status." +#: modules/administration/pages/space-management.adoc:7 +msgid "[path]``/var/spacewalk``" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:30 -msgid "" -"By default, the CVE data is updated at 2300 every day. We recommend that " -"before you begin a CVE audit you refresh the data to ensure you have the " -"latest patches." +#: modules/administration/pages/space-management.adoc:8 +msgid "[path]``/var/cache``" msgstr "" -#. type: Block title -#: modules/administration/pages/auditing.adoc:33 -#, no-wrap -msgid "Procedure: Updating CVE Data" +#. type: Plain text +#: modules/administration/pages/space-management.adoc:9 +msgid "[path]``/srv``" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:35 +#: modules/administration/pages/space-management.adoc:10 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Task Schedules] and " -"select the ``cve-server-channels-default`` schedule." +"You can change which directories are monitored with the " +"[systemitem]``spacecheck_dirs`` parameter. You can specify multiple " +"directories by separating them with a space." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:36 -msgid "Click btn:[cve-server-channels-bunch]." +#: modules/administration/pages/space-management.adoc:11 +#: modules/administration/pages/space-management.adoc:16 +#: modules/administration/pages/space-management.adoc:21 +#: modules/administration/pages/actions.adoc:62 +#: modules/administration/pages/backup-restore.adoc:135 +msgid "For example:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:38 -msgid "" -"Click btn:[Single Run Schedule] to schedule the task. Allow the task to " -"complete before continuing with the CVE audit." +#. type: delimited block - +#: modules/administration/pages/space-management.adoc:12 +#, no-wrap +msgid "spacecheck_dirs = /var/lib/pgsql /var/spacewalk /var/cache /srv\n" msgstr "" -#. type: Block title -#: modules/administration/pages/auditing.adoc:41 +#. type: Title == +#: modules/administration/pages/space-management.adoc:13 #, no-wrap -msgid "Procedure: Verifying Patch Status" +msgid "Thresholds" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:43 -msgid "In the {productname} {webui}, navigate to menu:Audit[CVE Audit]." +#: modules/administration/pages/space-management.adoc:14 +msgid "" +"By default, {productname} will create a warning mail when a monitored " +"directory has less than 10% of total space available. A critical alert is " +"created when a monitored directory falls below 5% space available." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:44 +#: modules/administration/pages/space-management.adoc:15 msgid "" -"OPTIONAL: To check the patch status for a particular CVE, type the CVE " -"identifier in the [guimenu]``CVE Number`` field." +"You can change these alert thresholds with the " +"[systemitem]``spacecheck_free_alert`` and " +"[systemitem]``spacecheck_free_critical`` parameters." msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:45 +#. type: delimited block - +#: modules/administration/pages/space-management.adoc:17 +#, no-wrap msgid "" -"Select the patch statuses you want to look for, or leave all statuses " -"checked to look for all." +"spacecheck_free_alert = 10\n" +"spacecheck_free_critical = 5\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:46 -msgid "" -"Click btn:[Audit Servers] to check all systems, or click btn:[Audit Images] " -"to check all images." +#. type: Title == +#: modules/administration/pages/space-management.adoc:18 +#, no-wrap +msgid "Shut Down Services" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:48 +#: modules/administration/pages/space-management.adoc:19 msgid "" -"For more information about the patch status icons used on this page, see " -"xref:reference:audit/audit-cve-audit.adoc[]." +"By default, {productname} will shut down the spacewalk services when the " +"critical alert threshold is reached." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:53 +#: modules/administration/pages/space-management.adoc:20 msgid "" -"For each system, the [guimenu]``Next Action`` column provides information " -"about what you need to do to address vulnerabilities. If applicable, a list " -"of candidate channels or patches is also given. You can also assign systems " -"to a [guimenu]``System Set`` for further batch processing." +"You can change this behavior with the [systemitem]``spacecheck_shutdown`` " +"parameter. A value of ``true`` will enable the shut down feature. Any " +"other value will disable it." msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:58 -msgid "" -"You can use the {productname} API to verify the patch status of your " -"clients. Use the ``audit.listSystemsByPatchStatus`` API method. For more " -"information about this method, see the {productname} API Guide." +#. type: delimited block - +#: modules/administration/pages/space-management.adoc:22 +#, no-wrap +msgid "spacecheck_shutdown = true\n" msgstr "" #. type: Title == -#: modules/administration/pages/auditing.adoc:61 +#: modules/administration/pages/space-management.adoc:23 #, no-wrap -msgid "CVE Status" +msgid "Disable Space Checking" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:65 +#: modules/administration/pages/space-management.adoc:24 msgid "" -"The CVE status of clients is usually either ``affected``, ``not affected``, " -"or ``patched``. These statuses are based only on the information that is " -"available to {productname}." +"The space checking tool is enabled by default. You can disable it entirely " +"with these commands:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:67 -msgid "Within {productname}, these definitions apply:" +#. type: delimited block - +#: modules/administration/pages/space-management.adoc:25 +#, no-wrap +msgid "" +"systemctl stop spacewalk-diskcheck.timer\n" +"systemctl disable spacewalk-diskcheck.timer\n" msgstr "" -#. type: Labeled list -#: modules/administration/pages/auditing.adoc:68 +#. type: Title = +#: modules/administration/pages/task-schedules.adoc:1 #, no-wrap -msgid "System affected by a certain vulnerability" +msgid "Task Schedules" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:70 -msgid "" -"A system which has an installed package with version lower than the version " -"of the same package in a relevant patch marked for the vulnerability." +#: modules/administration/pages/task-schedules.adoc:2 +msgid "Under menu:Admin[Task Schedules] all predefined task bunches are listed." msgstr "" -#. type: Labeled list -#: modules/administration/pages/auditing.adoc:71 +#. type: Target for macro image +#: modules/administration/pages/task-schedules.adoc:3 #, no-wrap -msgid "System not affected by a certain vulnerability" +msgid "admin_task_schedules.png" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:73 +#: modules/administration/pages/task-schedules.adoc:4 msgid "" -"A system which has no installed package that is also in a relevant patch " -"marked for the vulnerability." +"Click a menu:SUSE Manager Schedules[Schedule name] to open its menu:Schedule " +"Name[Basic Schedule Details] where you can disable it or change the " +"frequency. Click btn:[Edit Schedule] to update the schedule with your " +"settings. To delete a schedule, click btn:[Delete Schedule] in the upper " +"right-hand corner." msgstr "" -#. type: Labeled list -#: modules/administration/pages/auditing.adoc:74 -#, no-wrap -msgid "System patched for a certain vulnerability" +#. type: delimited block = +#: modules/administration/pages/task-schedules.adoc:5 +msgid "" +"Only disable or delete a schedule if you are absolutely certain this is " +"necessary as they are essential for {productname} to work properly." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:76 +#: modules/administration/pages/task-schedules.adoc:6 msgid "" -"A system which has an installed package with version equal to or greater " -"than the version of the same package in a relevant patch marked for the " -"vulnerability." +"If you click a bunch name, a list of runs of that bunch type and their " +"status will be displayed. Clicking the start time links takes you back to " +"the menu:Schedule Name[Basic Schedule Details]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/task-schedules.adoc:7 +msgid "" +"For example, the following predefined task bunches are scheduled by default " +"and can be configured:" msgstr "" #. type: Labeled list -#: modules/administration/pages/auditing.adoc:77 +#: modules/administration/pages/task-schedules.adoc:8 #, no-wrap -msgid "Relevant patch" +msgid "menu:channel-repodata-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:79 -msgid "A patch known by {productname} in a relevant channel." +#: modules/administration/pages/task-schedules.adoc:9 +msgid "(Re)generates repository metadata files." msgstr "" #. type: Labeled list -#: modules/administration/pages/auditing.adoc:80 +#: modules/administration/pages/task-schedules.adoc:10 #, no-wrap -msgid "Relevant channel" +msgid "menu:cleanup-data-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:82 -msgid "" -"A channel managed by {productname}, which is either assigned to the system, " -"the original of a cloned channel which is assigned to the system, a channel " -"linked to a product which is installed on the system or a past or future " -"service pack channel for the system." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/auditing.adoc:87 +#: modules/administration/pages/task-schedules.adoc:11 msgid "" -"Because of the definitions used within {productname}, CVE audit results " -"might be incorrect in some circumstances. For example, unmanaged channels, " -"unmanaged packages, or non-compliant systems might report incorrectly." +"Cleans up stale package change log and monitoring time series data from the " +"database." msgstr "" -#. type: Title = -#: modules/administration/pages/auth-methods-pam.adoc:2 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:12 #, no-wrap -msgid "Authentication With PAM" +msgid "menu:clear-taskologs-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:7 +#: modules/administration/pages/task-schedules.adoc:13 msgid "" -"{productname} supports network-based authentication systems using pluggable " -"authentication modules (PAM). PAM is a suite of libraries that allows you " -"to integrate {productname} with a centralized authentication mechanism, " -"eliminating the need to remember multiple passwords. {productname} supports " -"LDAP, Kerberos, and other network-based authentication systems using PAM." +"Clears task engine (taskomatic) history data older than a specified number " +"of days, depending on the job type, from the database." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-pam.adoc:10 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:14 #, no-wrap -msgid "Procedure: Enabling PAM" +msgid "menu:cobbler-sync-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:15 +#: modules/administration/pages/task-schedules.adoc:15 msgid "" -"Create a PAM service file at [path]``/etc/pam.d/susemanager``. A standard " -"[path]``/etc/pam.d/susemanager`` file should look like this. It configures " -"{productname} to use the system wide PAM configuration:" +"Synchronizes distribution and profile data from {productname} to Cobbler. " +"For more information, see xref:client-configuration:cobbler.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-pam.adoc:22 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:16 #, no-wrap -msgid "" -"#%PAM-1.0\n" -"auth include common-auth\n" -"account include common-account\n" -"password include common-password\n" -"session include common-session\n" +msgid "menu:compare-configs-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:24 +#: modules/administration/pages/task-schedules.adoc:17 msgid "" -"Enforce the use of the service file by adding this line to [path]``/etc/rhn/" -"rhn.conf``:" +"Compares configuration files as stored in configuration channels with the " +"files stored on all configuration-enabled servers. To review comparisons, " +"click menu:Systems[] tab and select the system of interest. Go to " +"menu:Configuration[Compare Files]. For more information, see " +"xref:reference:systems/system-details/sd-configuration.adoc#sd-config-compare-files[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-pam.adoc:27 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:18 #, no-wrap -msgid "pam_auth_service = susemanager\n" +msgid "menu:cve-server-channels-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:30 +#: modules/administration/pages/task-schedules.adoc:19 msgid "" -"In this example, the PAM service file is called [systemitem]``susemanager``." +"Updates internal pre-computed CVE data that is used to display results on " +"the menu:Audit[CVE Audit] page. Search results in the menu:Audit[CVE Audit] " +"page are updated to the last run of this schedule). For more information, " +"see xref:reference:audit/audit-cve-audit.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:31 -msgid "Restart the {productname} services after a configuration change." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:20 +#, no-wrap +msgid "menu:daily-status-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:32 +#: modules/administration/pages/task-schedules.adoc:21 msgid "" -"In the {productname} {webui}, navigate to menu:Users[Create User] and enable " -"a new or existing user to authenticate with PAM." +"Sends daily report e-mails to relevant addresses. To learn more about how " +"to configure notifications for specific users, see " +"xref:reference:users/user-details.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:34 -msgid "" -"Check the [guimenu]``Pluggable Authentication Modules (PAM)`` checkbox. It " -"is below the password and password confirmation fields." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:22 +#, no-wrap +msgid "menu:errata-cache-default:[]" msgstr "" -#. type: delimited block = -#: modules/administration/pages/auth-methods-pam.adoc:43 +#. type: Plain text +#: modules/administration/pages/task-schedules.adoc:23 msgid "" -"Changing the password in the {productname} {webui} changes only the local " -"password on the {productname} Server. If PAM is enabled for that user, the " -"local password might not be used at all. In the above example, for " -"instance, the Kerberos password will not be changed. Use the password " -"change mechanism of your network service to change the password for these " -"users." +"Updates internal patch cache database tables, which are used to look up " +"packages that need updates for each server. Also, this sends notification " +"emails to users that might be interested in certain patches. For more " +"information about patches, see xref:reference:patches/patches-menu.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:48 -msgid "" -"To configure system-wide authentication you can use YaST. You will need to " -"install the [package]``yast2-ldap-client`` and [package]``yast2-kerberos-" -"client`` packages." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:24 +#, no-wrap +msgid "menu:errata-queue-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:52 +#: modules/administration/pages/task-schedules.adoc:25 msgid "" -"For more information about configuring PAM, the SUSE Linux Enterprise Server " -"Security Guide contains a generic example that will also work for other " -"network-based authentication methods. It also describes how to configure an " -"active directory service. For more information, see https://documentation." -"suse.com/sles/15-SP1/html/SLES-all/part-auth.html." +"Queues automatic updates (patches) for servers that are configured to " +"receive them." msgstr "" -#. type: Title = -#: modules/administration/pages/auth-methods-sso-example.adoc:2 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:26 #, no-wrap -msgid "Example SSO Implementation" +msgid "menu:kickstart-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:5 -msgid "" -"In this example, SSO is implemented by exposing three endpoints with " -"{productname}, and using Keycloak as the identity service provider (IdP)." +#: modules/administration/pages/task-schedules.adoc:27 +msgid "Cleans up stale kickstart session data." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:8 -msgid "" -"Start by setting up the {productname} Server, and the Keycloak IdP. Then " -"you can add the endpoints as clients, and create users." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:28 +#, no-wrap +msgid "menu:kickstartfile-sync-default:[]" msgstr "" -#. type: delimited block = -#: modules/administration/pages/auth-methods-sso-example.adoc:15 +#. type: Plain text +#: modules/administration/pages/task-schedules.adoc:29 msgid "" -"This example is provided for illustrative purposes only. {suse} does not " -"recommend or support third-party identity service providers, and is not " -"affiliated with Keycloak. For Keycloak support, see https://www.keycloak." -"org/." +"Generates Cobbler files corresponding to Kickstart profiles created by the " +"configuration wizard." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:19 +#. we probably no longer want to reference NCC; I do not know whether it works the same way with SCC (if at all) +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:30 #, no-wrap -msgid "Procedure: Setting Up the {productname} Server" +msgid "menu:mgr-register-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:22 +#: modules/administration/pages/task-schedules.adoc:31 msgid "" -"On the {productname} Server, open the [path]``/etc/rhn/rhn.conf`` " -"configuration file and edit these parameters. Replace ```` with the " -"fully-qualified domain name of your {productname} installation:" +"Calls the [command]``mgr-register`` command, which synchronizes client " +"registration data with NCC (new, changed or deleted clients' data are " +"forwarded)." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:27 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:32 #, no-wrap -msgid "" -"java.sso.onelogin.saml2.sp.entityid = /rhn/manager/sso/metadata\n" -"java.sso.onelogin.saml2.sp.assertion_consumer_service.url = /rhn/manager/sso/acs\n" -"java.sso.onelogin.saml2.sp.single_logout_service.url = /rhn/manager/sso/sls\n" +msgid "menu:mgr-sync-refresh-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:29 -msgid "In the configuration file, determine the three endpoints to expose:" +#: modules/administration/pages/task-schedules.adoc:33 +msgid "" +"The default time at which the start of synchronization with SUSE Customer " +"Center (SCC) takes place (``mgr-sync-refresh``)." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:34 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:34 #, no-wrap -msgid "" -"java.sso.onelogin.saml2.idp.entityid\n" -"java.sso.onelogin.saml2.idp.single_sign_on_service.url\n" -"java.sso.onelogin.saml2.idp.single_logout_service.url\n" +msgid "menu:minion-action-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:39 +#: modules/administration/pages/task-schedules.adoc:35 msgid "" -"In the IdP metadata, locate the public x509 certificate. It uses this " -"format: ``/auth/realms//protocol/saml/" -"descriptor``. In the configuration file, specify the public x509 " -"certificate of the IdP:" +"Deletes stale client action data from the file system. First it tries to " +"complete any possibly unfinished actions by looking up the corresponding " +"results; these results are stored in the Salt job cache. An unfinished " +"action can occur if the server has missed the results of the action. For " +"successfully completed actions it removes artifacts such as executed script " +"files." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:42 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:36 #, no-wrap -msgid "java.sso.onelogin.saml2.idp.x509cert\n" +msgid "menu:package-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:49 -msgid "" -"When you have prepared the {productname} Server, you can install Keycloak. " -"You can install Keycloak directly on your machine, or run it in a " -"container. In this example, we run Keycloak in a Docker container. For " -"more information about installing Keycloak, see the Keycloak documentation " -"at https://www.keycloak.org/getting-started/getting-started-docker." +#: modules/administration/pages/task-schedules.adoc:37 +msgid "Deletes stale package files from the file system." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:52 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:38 #, no-wrap -msgid "Procedure: Setting Up the Identity Service Provider" +msgid "menu:reboot-action-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:54 +#: modules/administration/pages/task-schedules.adoc:39 msgid "" -"Install Keycloak in a Docker container, according to the Keycloak " -"documentation." +"Any reboot actions pending for more than six hours are marked as failed and " +"associated data is cleaned up in the database. For more information on " +"scheduling reboot actions, see " +"xref:reference:systems/system-details/sd-provisioning.adoc#sd-power-management[]." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:40 +#, no-wrap +msgid "menu:sandbox-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:55 +#: modules/administration/pages/task-schedules.adoc:41 msgid "" -"Run the container using the ``-td`` argument to ensure the process remains " -"running:" +"Cleans up Sandbox configuration files and channels that are older than the " +"__sandbox_lifetime__ configuration parameter (3 days by default). Sandbox " +"files are those imported from systems or files under development. For more " +"information, see " +"xref:reference:systems/system-details/sd-configuration.adoc#sd-config-add-files[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:58 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:42 #, no-wrap -msgid "docker run -td --name=idp -p 8080:8080 -e KEYCLOAK_USER= -e KEYCLOAK_PASSWORD= quay.io/keycloak/keycloak:9.0.2\n" +msgid "menu:session-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:60 +#: modules/administration/pages/task-schedules.adoc:43 msgid "" -"Sign in the Keycloak {webui} as a privileged user, and create a realm using " -"these details:" +"Cleans up stale Web interface sessions, typically data that is temporarily " +"stored when a user logs in and then closes the browser before logging out." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:63 -msgid "" -"In the ``Name`` field, enter a name for the realm. For example, ``SUMA``." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:44 +#, no-wrap +msgid "menu:ssh-push-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:64 -msgid "Toggle the ``Enabled`` switch to ``On``." +#: modules/administration/pages/task-schedules.adoc:45 +msgid "" +"Prompts clients to check in with {productname} via SSH if they are " +"configured with a `SSH Push` contact method." msgstr "" -#. Probably needs more explanation here. --LKB 20200415 -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:67 -msgid "" -"In the ``Endpoints`` field, type ``SAML 2.0 Identity Provider Metadata``. " -"This endpoint is ``/auth/realms//protocol/saml/" -"descriptor`` which describes the endpoints and certificate in the " -"{productname} configuration file." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:46 +#, no-wrap +msgid "menu:token-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:72 +#: modules/administration/pages/task-schedules.adoc:47 msgid "" -"When you have Keycloak running and set up, you can add the endpoints. " -"Keycloak refers to endpoints as clients." +"Deletes expired repository tokens that are used by Salt clients to download " +"packages and metadata." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:75 +#. type: Title = +#: modules/administration/pages/subscription-matching.adoc:1 #, no-wrap -msgid "Procedure: Adding Endpoints as Clients" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:77 -msgid "In the Keycloak {webui}, create a new client using these details:" +msgid "Subscription Matching" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:80 +#: modules/administration/pages/subscription-matching.adoc:2 msgid "" -"In the ``Client ID`` field, enter the endpoint specified in the server " -"configuration file as ``java.sso.onelogin.saml2.idp.entityid``. For " -"example, ``https:///rhn/manager/sso/metadata``." +"Your {suse} products require subscriptions, which are managed by the {scc} " +"(SCC). {productname} runs a nightly report checking the subscription status " +"of all your registered clients against your SCC account. The report gives " +"you information about which clients consume which subscriptions, how many " +"subscriptions you have remaining and available to use, and which clients do " +"not have a current subscription." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:81 -msgid "In the ``Client Protocol`` field, select ``SAML``." +#: modules/administration/pages/subscription-matching.adoc:3 +msgid "Navigate to menu:Audit[Subscription Matching] to see the report." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:82 -msgid "Toggle the ``Include AuthnStatement`` switch to ``On``." +#: modules/administration/pages/subscription-matching.adoc:4 +msgid "" +"The [guimenu]``Subscriptions Report`` tab gives information about current " +"and expiring subscriptions." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:83 -msgid "Toggle the ``Sign Assertions`` switch to ``On``." +#: modules/administration/pages/subscription-matching.adoc:5 +msgid "" +"The [guimenu]``Unmatched Products Report`` tab gives a list of clients that " +"do not have a current subscription. This includes clients that could not be " +"matched, or that are not currently registered with {productname}. The " +"report includes product names and the number of systems that remain " +"unmatched." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:84 -msgid "In the ``Signature Algorithm`` field, select ``RSA_SHA1``." +#: modules/administration/pages/subscription-matching.adoc:6 +msgid "" +"The [guimenu]``Pins`` tab allows you to associate individual clients to the " +"relevant subscription. This is especially useful if the subscription " +"manager is not automatically associating clients to subscriptions " +"successfully." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:85 -msgid "In the ``SAML Signature Key Name`` field, select the key." +#: modules/administration/pages/subscription-matching.adoc:7 +msgid "" +"The [guimenu]``Messages`` tab shows any errors that occurred during the " +"matching process." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:86 -msgid "In the ``Canonicalization Method`` field, select ``Exclusive``." +#: modules/administration/pages/subscription-matching.adoc:8 +msgid "" +"You can also download the reports in .csv format, or access them from that " +"command prompt in the [path]``/var/lib/spacewalk/subscription-matcher/`` " +"directory." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:87 +#: modules/administration/pages/subscription-matching.adoc:9 msgid "" -"In the ``Fine Grain SAML Endpoint Configuration`` section, add the two " -"endpoints using these details:" +"By default, the subscription matcher runs daily, at midnight. To change " +"this, navigate to menu:Admin[Task Schedules] and click " +"``gatherer-matcher-default``. Change the schedule as required, and click " +"btn:[Update Schedule]." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:90 +#: modules/administration/pages/subscription-matching.adoc:10 msgid "" -"In both the ``Assertion Consumer Service`` fields, enter the endpoint " -"specified in the server configuration file as ``java.sso.onelogin.saml2.sp." -"assertion_consumer_service.url``. For example, ``https:///rhn/manager/" -"sso/acs``." +"Because the report can only match current clients with current " +"subscriptions, you might find that the matches change over time. The same " +"client will not always match the same subscription. This can be due to new " +"clients being registered or unregistered, or because of the addition or " +"expiration of subscriptions." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:92 +#: modules/administration/pages/subscription-matching.adoc:11 msgid "" -"In both the ``Logout Service`` fields, enter the endpoint specified in the " -"server configuration file as ``java.sso.onelogin.saml2.sp." -"single_logout_service.url``. For example, ``https:///rhn/manager/sso/" -"sls``." +"The subscription matcher will automatically attempt to reduce the number of " +"unmatched products, limited by the terms and conditions of the subscriptions " +"in your account. However, if you have incomplete hardware information, " +"unknown virtual machine host assignments, or clients running in unknown " +"public clouds, the matcher might show that you do not have enough " +"subscriptions available. Always ensure you have complete data about your " +"clients included in {productname}, to help ensure accuracy." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:96 +#. type: delimited block = +#: modules/administration/pages/subscription-matching.adoc:12 msgid "" -"When you have added the endpoints as clients, you can configure the client " -"scope, and map the users between Keycloak and {productname}." +"The subscription matcher will not always match clients and subscriptions " +"accurately. It is not intended to be a replacement for auditing." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:99 +#. type: Title == +#: modules/administration/pages/subscription-matching.adoc:13 #, no-wrap -msgid "Procedure: Configuring Client Scope and Mappers" +msgid "Pin Clients to Subscriptions" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:101 +#: modules/administration/pages/subscription-matching.adoc:14 msgid "" -"In the Keycloak {webui}, navigate to the menu:Clients[Client Scopes] tab and " -"assign ``role_list`` as the default client scope." +"If the subscription matcher is not automatically matching a particular " +"client with the correct subscription, you can manually pin them. When you " +"have created a pin, the subscription matcher favors matching a specific " +"subscription with a given system or group of systems." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:103 +#: modules/administration/pages/subscription-matching.adoc:15 msgid "" -"Navigate to the menu:Clients[Mappers] tab and add a user attribute ``Uid`` " -"mapper, using the default values. This SAML attribute is expected by " -"{productname}." +"However, the matcher will not always respect a pin. It depends on the " +"subscription being available, and whether or not the subscription can be " +"applied to the client. Additionally, pins will be ignored if they result in " +"a match that violates the terms and conditions of the subscription, or if " +"the matcher detects a more accurate match if the pin is ignored." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:105 -msgid "" -"Navigate to the menu:Users[Admin] section and create an administrative " -"user. This user does not need to match the {productname} administrative " -"user." +#: modules/administration/pages/subscription-matching.adoc:16 +msgid "To add a new pin, click btn:[Add a Pin], and select the client to pin." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:106 +#. type: delimited block = +#: modules/administration/pages/subscription-matching.adoc:17 msgid "" -"Navigate to the menu:Users[Role Mappings] tab, add a ``uid`` attribute with " -"a value that matches the username of the {productname} administrative user." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:107 -msgid "" -"Navigate to the menu:Users[Credentials] tab, and set the same password as " -"used by the {productname} administrative user." +"We do not recommend using pinning regularly, or for a large number of " +"clients. The subscription matcher tool is generally accurate enough for " +"most installations." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:107 +#. type: Title = +#: modules/administration/pages/ssl-certs-imported.adoc:1 #, no-wrap -msgid " Save your changes." +msgid "Import SSL Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:113 +#: modules/administration/pages/ssl-certs-imported.adoc:2 msgid "" -"When you have completed configuration, you can test that the installation is " -"working as expected. Restart the {productname} Server to pick up your " -"changes, and navigate to the {productname} {webui}. If your installation is " -"working correctly, you are redirected to the Keycloak SSO page, where you " -"can authenticate successfully." -msgstr "" - -#. type: Title = -#: modules/administration/pages/auth-methods-sso.adoc:2 -#, no-wrap -msgid "Authentication With Single Sign-On (SSO)" +"By default, {productname} uses a self-signed certificate. For additional " +"security, you can import a custom certificate, signed by a third party " +"certificate authority (CA)." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:5 +#: modules/administration/pages/ssl-certs-imported.adoc:3 msgid "" -"{productname} supports single sign-on (SSO) by implementing the Security " -"Assertion Markup Language (SAML){nbsp}2 protocol." +"This section covers how to use an imported SSL certificate with a new " +"{productname} installation, and how to replace existing self-signed " +"certificates with imported certificates." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:10 -msgid "" -"Single sign-on is an authentication process that allows a user to access " -"multiple applications with one set of credentials. SAML is an XML-based " -"standard for exchanging authentication and authorization data. A SAML " -"identity service provider (IdP) provides authentication and authorization " -"services to service providers (SP), such as {productname}. {productname} " -"exposes three endpoints which must be enabled for single sign-on." +#: modules/administration/pages/ssl-certs-imported.adoc:4 +msgid "Before you begin, ensure you have:" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:12 -msgid "SSO in {productname} supports:" +#: modules/administration/pages/ssl-certs-imported.adoc:5 +msgid "A certificate authority (CA) SSL public certificate" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:14 -msgid "Log in with SSO." +#: modules/administration/pages/ssl-certs-imported.adoc:6 +msgid "An SSL server key" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:15 -msgid "" -"Log out with service provider-initiated single logout (SLO), and Identity " -"service provider single logout service (SLS)." +#: modules/administration/pages/ssl-certs-imported.adoc:7 +msgid "An SSL server certificate" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:16 -msgid "Assertion and nameId encryption." +#: modules/administration/pages/ssl-certs-imported.adoc:8 +msgid "Your key and certificate files must be in PEM format." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:17 -msgid "Assertion signatures." +#: modules/administration/pages/ssl-certs-imported.adoc:9 +msgid "" +"The host name of the SSL keys and certificates must match the fully " +"qualified host name of the machine you deploy them on. You can set the host " +"names in the ``X509v3 Subject Alternative Name`` section of the " +"certificate. You can also list multiple host names if your environment " +"requires it." +msgstr "" + +#. type: Title == +#: modules/administration/pages/ssl-certs-imported.adoc:10 +#, no-wrap +msgid "Import Certificates for New Installations" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:18 +#: modules/administration/pages/ssl-certs-imported.adoc:11 msgid "" -"Message signatures with AuthNRequest, LogoutRequest, and LogoutResponses." +"By default, {productname} uses a self-signed certificate. After you have " +"completed the initial setup, you can replace the default certificate with an " +"imported certificate." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:19 -msgid "Enable an Assertion consumer service endpoint." +#. type: Block title +#: modules/administration/pages/ssl-certs-imported.adoc:12 +#, no-wrap +msgid "Procedure: Import Certificates on a New {productname} Server" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:20 -msgid "Enable a single logout service endpoint." +#: modules/administration/pages/ssl-certs-imported.adoc:13 +msgid "" +"Install the {productname} Server according to the instructions in " +"xref:installation:install-intro.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:21 -msgid "Publish the SP metadata (which can be signed)." +#: modules/administration/pages/ssl-certs-imported.adoc:14 +msgid "" +"Complete the initial setup according to " +"xref:installation:server-setup.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:23 -msgid "SSO in {productname} does not support:" +#: modules/administration/pages/ssl-certs-imported.adoc:15 +msgid "" +"At the command prompt, point the SSL environment variables to the " +"certificate file locations:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:25 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:16 +#, no-wrap msgid "" -"Product choosing and implementation for the identity service provider (IdP)." +"export CA_CERT=\n" +"export SERVER_KEY=\n" +"export SERVER_CERT=\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:26 -msgid "" -"SAML support for other products (check with the respective product " -"documentation)." +#: modules/administration/pages/ssl-certs-imported.adoc:17 +msgid "Complete {productname} setup:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:18 +#, no-wrap +msgid "yast susemanager_setup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:28 +#: modules/administration/pages/ssl-certs-imported.adoc:19 msgid "" -"For an example implementation of SSO, see xref:administration:auth-methods-" -"sso-example.adoc[]." +"When you are prompted for certificate details during setup, fill in random " +"values. The values will be overridden by the values you specified at the " +"command prompt." msgstr "" #. type: delimited block = -#: modules/administration/pages/auth-methods-sso.adoc:34 +#: modules/administration/pages/ssl-certs-imported.adoc:20 msgid "" -"If you change from the default authentication method to single sign-on, the " -"new SSO credentials apply only to the {webui}. Client tools such as ``mgr-" -"sync`` or ``spacecmd`` will continue to work with the default authentication " -"method only." +"Execute the [command]``yast susemanager_setup`` command from the same shell " +"you exported the environment variables from." msgstr "" #. type: Title == -#: modules/administration/pages/auth-methods-sso.adoc:38 +#: modules/administration/pages/ssl-certs-imported.adoc:21 #, no-wrap -msgid "Prerequisites" +msgid "Import Certificates for New Proxy Installations" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:42 +#: modules/administration/pages/ssl-certs-imported.adoc:22 msgid "" -"Before you begin, you need to have configured an external identity service " -"provider with these parameters. Check your IdP documentation for " -"instructions." +"By default, {productname} Proxy uses a self-signed certificate. After you " +"have completed the initial setup, you can replace the default certificate " +"with an imported certificate." msgstr "" -#. type: delimited block = -#: modules/administration/pages/auth-methods-sso.adoc:48 -msgid "" -"Your IdP must have a SAML:Attribute containing the username of the IdP user " -"domain, called ``uid``. The ``uid`` attribute passed in the SAML:Attribute " -"must be created in the {productname} user base before you activate single " -"sign-on." +#. type: Block title +#: modules/administration/pages/ssl-certs-imported.adoc:23 +#, no-wrap +msgid "Procedure: Import Certificates on a New {productname} Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:52 -msgid "You will need these endpoints:" +#: modules/administration/pages/ssl-certs-imported.adoc:24 +msgid "" +"Install the {productname} Proxy according to the instructions in " +"xref:installation:install-intro.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:55 +#: modules/administration/pages/ssl-certs-imported.adoc:25 msgid "" -"Assertion consumer service (or ACS): an endpoint to accept SAML messages to " -"establish a session into the Service Provider. The endpoint for ACS in " -"{productname} is: https://server.example.com/rhn/manager/sso/acs" +"Complete the initial setup according to " +"xref:installation:proxy-setup.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:57 -msgid "" -"Single logout service (or SLS): an endpoint to initiate a logout request " -"from the IdP. The endpoint for SLS in {productname} is: https://server." -"example.com/rhn/manager/sso/sls" +#: modules/administration/pages/ssl-certs-imported.adoc:26 +msgid "At the command prompt, run:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:59 -msgid "" -"Metadata: an endpoint to retrieve {productname} metadata for SAML. The " -"endpoint for metadata in {productname} is: https://server.example.com/rhn/" -"manager/sso/metadata" +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:27 +#, no-wrap +msgid "configure-proxy.sh\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:61 +#: modules/administration/pages/ssl-certs-imported.adoc:28 msgid "" -"After the authentication with the IdP using the user ``orgadmin`` is " -"successful, you will be logged in into {productname} as the ``orgadmin`` " -"user, provided that the ``orgadmin`` user exists in {productname}." +"At the ``Do you want to import existing certificates?`` prompt, type " +"kbd:[y]." msgstr "" -#. type: Title == -#: modules/administration/pages/auth-methods-sso.adoc:64 -#, no-wrap -msgid "Enable SSO" +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:29 +msgid "Follow the prompts to complete setup." msgstr "" #. type: delimited block = -#: modules/administration/pages/auth-methods-sso.adoc:70 +#: modules/administration/pages/ssl-certs-imported.adoc:30 msgid "" -"Using SSO is mutually exclusive with other types of authentication: it is " -"either enabled or disabled. SSO is disabled by default." +"Use the same certificate authority to sign all server certificates for " +"servers and proxies. Certificates signed with different CAs will not match." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso.adoc:72 +#. type: Title == +#: modules/administration/pages/ssl-certs-imported.adoc:31 #, no-wrap -msgid "Procedure: Enabling SSO" +msgid "Replace Certificates with a Third Party Certificate" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:75 -msgid "If your users do not yet exist in {productname}, create them first." +#: modules/administration/pages/ssl-certs-imported.adoc:32 +msgid "" +"You can replace active certificates on your {productname} installation with " +"a new third party certificate. To replace the certificates, you can replace " +"the installed CA certificate RPM with a new RPM containing the third party " +"certificate, and then update the database." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:76 +#: modules/administration/pages/ssl-certs-imported.adoc:33 msgid "" -"Edit [path]``/etc/rhn/rhn.conf`` and add this line at the end of the file:" +"This procedure is similar to the one described in " +"xref:administration:ssl-certs-selfsigned.adoc#ssl-certs-selfsigned-create-replace[]. " +"The difference is that we import the certificates generated by an external " +"PKI." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso.adoc:79 +#. type: Block title +#: modules/administration/pages/ssl-certs-imported.adoc:34 #, no-wrap -msgid "java.sso = true\n" +msgid "Procedure: Replacing Existing Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:83 +#: modules/administration/pages/ssl-certs-imported.adoc:35 msgid "" -"Find the parameters you want to customize in [path]``/usr/share/rhn/config-" -"defaults/rhn_java_sso.conf``. Insert the parameters you want to customize " -"into [path]``/etc/rhn/rhn.conf`` and prefix them with [literal]``java." -"sso``. For example, in [path]``/usr/share/rhn/config-defaults/rhn_java_sso." -"conf`` find:" +"On the {productname} Server, at the command prompt, move the old certificate " +"directory to a backup location:" msgstr "" #. type: delimited block - -#: modules/administration/pages/auth-methods-sso.adoc:86 +#: modules/administration/pages/ssl-certs-imported.adoc:36 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:21 #, no-wrap -msgid "onelogin.saml2.sp.assertion_consumer_service.url = https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" +msgid "mv /root/ssl-build /root/old-ssl-build\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:89 -msgid "" -"To customize it, create the corresponding option in [path]``/etc/rhn/rhn." -"conf`` by prefixing the option name with ``java.sso.``:" +#: modules/administration/pages/ssl-certs-imported.adoc:37 +msgid "Generate a CA certificate RPM from the new certificate:" msgstr "" #. type: delimited block - -#: modules/administration/pages/auth-methods-sso.adoc:92 +#: modules/administration/pages/ssl-certs-imported.adoc:38 #, no-wrap -msgid "java.sso.onelogin.saml2.sp.assertion_consumer_service.url = https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" +msgid "" +"rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\" " +"--from-ca-cert=\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:96 +#: modules/administration/pages/ssl-certs-imported.adoc:39 +msgid "Generate a new server certificate RPM:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:40 +#, no-wrap msgid "" -"To find all the occurrences you need to change, search in the file for the " -"placeholders [literal]``YOUR-PRODUCT`` and [literal]``YOUR-IDP-ENTITY``. " -"Every parameter comes with a brief explanation of what it is meant for." +"rhn-ssl-tool --gen-server --rpm-only --dir=\"/root/ssl-build\" " +"--from-server-key= --from-server-cert=\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:97 -msgid "Restart the spacewalk service to pick up the changes:" +#: modules/administration/pages/ssl-certs-imported.adoc:41 +msgid "" +"When you create the new server certificate RPM, you might get a warning that " +"server certificate request file could not be found. This file is not " +"required, and the procedure will complete correctly without it. However, if " +"you want to avoid the error, you can copy the file into the server " +"directory, and name it [path]``server.csr``:" msgstr "" #. type: delimited block - -#: modules/administration/pages/auth-methods-sso.adoc:100 +#: modules/administration/pages/ssl-certs-imported.adoc:42 #, no-wrap -msgid "spacewalk-service restart\n" +msgid "cp .csr /root/ssl-build//server.csr\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:104 +#: modules/administration/pages/ssl-certs-imported.adoc:43 msgid "" -"When you visit the {productname} URL, you will be redirected to the IdP for " -"SSO where you will be requested to authenticate. Upon successful " -"authentication, you will be redirected to the {productname} {webui}, logged " -"in as the authenticated user. If you encounter problems with logging in " -"using SSO, check the {productname} logs for more information." +"When you have created the new [path]``ssl-build`` directory, you can create " +"combined certificate RPMs and deploy them on the clients. For the " +"procedures to do this, see xref:administration:ssl-certs-selfsigned.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:44 +msgid "" +"If you are using a proxy, you will need to generate a server certificate RPM " +"for each proxy, using their host names and cnames." msgstr "" #. type: Title = -#: modules/administration/pages/auth-methods.adoc:2 +#: modules/administration/pages/tshoot-notifications.adoc:1 #, no-wrap -msgid "Authentication Methods" +msgid "Troubleshooting Notifications" msgstr "" +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# +#. Troubleshooting format: +# +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +# +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/auth-methods.adoc:5 +#: modules/administration/pages/tshoot-notifications.adoc:2 msgid "" -"{productname} supports several different authentication methods. This " -"section discusses pluggable authentication modules (PAM) and single sign-on " -"(SSO)." +"The default lifetime of notification messages is 30 days, after which " +"messages are deleted from the database, regardless of read status. To " +"change this value, add or edit this line in [path]``/etc/rhn/rhn.conf``:" msgstr "" -#. type: Title = -#: modules/administration/pages/backup-restore.adoc:2 +#. type: delimited block - +#: modules/administration/pages/tshoot-notifications.adoc:3 #, no-wrap -msgid "Backup and Restore" +msgid "java.notifications_lifetime = 30\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:8 +#: modules/administration/pages/tshoot-notifications.adoc:4 msgid "" -"Back up your {productname} installation regularly, in order to prevent data " -"loss. Because {productname} relies on a database as well as the installed " -"program and configurations, it is important to back up all components of " -"your installation. This chapter contains information on the files you need " -"to back up, and introduces the [command]``smdba`` tool to manage database " -"backups. It also contains information about restoring from your backups in " -"the case of a system failure." +"All notification types are enabled by default. To disable a notification " +"type, add or edit this line in [path]``/etc/rhn/rhn.conf``:" msgstr "" -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:9 +#. type: delimited block - +#: modules/administration/pages/tshoot-notifications.adoc:5 #, no-wrap -msgid "Backup Space Requirements" -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:14 msgid "" -"Regardless of the backup method you use, you must have available at least " -"three times the amount of space your current installation uses. Running out " -"of space can result in backups failing, so check this often." +"java.notifications_type_disabled = " +"OnboardingFailed,ChannelSyncFailed,ChannelSyncFinished\n" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:19 +#. type: Title = +#: modules/administration/pages/auth-methods.adoc:1 #, no-wrap -msgid "Backing up {productname}" +msgid "Authentication Methods" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:24 +#: modules/administration/pages/auth-methods.adoc:2 msgid "" -"The most comprehensive method for backing up your {productname} installation " -"is to back up the relevant files and directories. This can save you time in " -"administering your backup, and can be faster to reinstall and re-synchronize " -"in the case of failure. However, this method requires significant disk " -"space and could take a long time to perform the backup." +"{productname} supports several different authentication methods. This " +"section discusses pluggable authentication modules (PAM) and single sign-on " +"(SSO)." msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:30 -msgid "" -"If you want to only back up the required files and directories, use the " -"following list. To make this process simpler, and more comprehensive, we " -"recommend backing up the entire [path]``/etc`` and [path]``/root`` " -"directories, not just the ones specified here. Some files only exist if you " -"are actually using the related {susemgr} feature." +#. type: Title = +#: modules/administration/pages/public-cloud-azure.adoc:1 +#, no-wrap +msgid "{productname} with Azure" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:34 -msgid "[path]``/etc/cobbler/``" +#: modules/administration/pages/public-cloud-azure.adoc:2 +msgid "" +"You can use {productname} Server and Proxy with the Microsoft Azure public " +"cloud. This section discusses what you will need for running {productname} " +"in Azure, and how to set up your installation." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:35 -msgid "[path]``/etc/dhcp.conf``" +#. type: Title == +#: modules/administration/pages/public-cloud-azure.adoc:3 +#, no-wrap +msgid "Configure the Azure Cloud Instance" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:36 -msgid "[path]``/etc/fstab`` and any ISO mountpoints you require." +#: modules/administration/pages/public-cloud-azure.adoc:4 +msgid "" +"Use the ``SUSE Manager Server 4 BYOS`` image. The image is a pre-built " +"image created by {suse}. It is based on JeoS, and SUSE Manager is " +"pre-installed but not configured. Configuring SUSE Manager has to be done " +"manually with {yast}." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:37 -msgid "[path]``/etc/rhn/``" +#: modules/administration/pages/public-cloud-azure.adoc:5 +msgid "" +"When you create your Azure virtual machine, choose something `like d8s_v3` " +"with 8{nbsp}vCPUs and 32{nbsp}GB RAM." msgstr "" +#. * Up to 4 data disks +#. * Max IOPS 2400 +#. * Temporary storage disk of 16{nbsp}GB. +#. Data on this disk will be destroyed after the guest has been switched off. #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:38 -msgid "[path]``/etc/salt``" +#: modules/administration/pages/public-cloud-azure.adoc:6 +msgid "When you are setting up disk partitioning, we recommend:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:39 -msgid "[path]``/etc/sudoers``" +#: modules/administration/pages/public-cloud-azure.adoc:7 +msgid "30{nbsp}GB for the disk running the operating system" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:40 -msgid "[path]``/etc/sysconfig/rhn/``" +#: modules/administration/pages/public-cloud-azure.adoc:8 +msgid "Select `Standard HDD` for the storage account type" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:41 -msgid "[path]``/root/.gnupg/``" +#: modules/administration/pages/public-cloud-azure.adoc:9 +msgid "You will also require three additional data disks:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:42 -msgid "[path]``/root/.ssh``" +#: modules/administration/pages/public-cloud-azure.adoc:10 +msgid "Disk 0: 64{nbsp}GB on Premium SSD, mounted at [path]``/var/lib/pgsql``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:46 -msgid "" -"This file exists if you are using an SSH tunnel or SSH [command]``push``. " -"You will also need to have saved a copy of the ``id-susemanager`` key." +#: modules/administration/pages/public-cloud-azure.adoc:11 +msgid "Disk 1: 512{nbsp}GB on Standard SSD, mounted at [path]``/var/spacewalk``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:47 -msgid "[path]``/root/ssl-build/``" +#: modules/administration/pages/public-cloud-azure.adoc:12 +msgid "Disk 2: 128{nbsp}GB on Standard SSD, mounted at [path]``/var/cache``" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:48 -msgid "[path]``/srv/formula_metadata``" +#. type: delimited block = +#: modules/administration/pages/public-cloud-azure.adoc:13 +msgid "" +"Do not use LVM with Azure. If you need more disk space, extend a disk in " +"the Azure portal, then extend the file system with [command]``xfs_growfs``." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:49 -msgid "[path]``/srv/pillar``" +#: modules/administration/pages/public-cloud-azure.adoc:14 +msgid "Partition the disks like this:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:50 -msgid "[path]``/srv/salt``" +#: modules/administration/pages/public-cloud-azure.adoc:15 +msgid "[path]``/dev/sda``: 4 partitions containing the OS" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:51 -msgid "[path]``/srv/susemanager``" +#: modules/administration/pages/public-cloud-azure.adoc:16 +msgid "[path]``/dev/sdb``: temporary storage disk, do not use" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:52 -msgid "[path]``/srv/tftpboot/``" +#: modules/administration/pages/public-cloud-azure.adoc:17 +msgid "[path]``/dev/sdc``: contains [path]``/var/lib/pgsql``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:53 -msgid "[path]``/srv/www/cobbler``" +#: modules/administration/pages/public-cloud-azure.adoc:18 +msgid "[path]``/dev/sdd``: contains [path]``/var/spacewalk``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:54 -msgid "[path]``/srv/www/htdocs/pub/``" +#: modules/administration/pages/public-cloud-azure.adoc:19 +msgid "[path]``/dev/sde``: contains [path]``/var/cache``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:55 -msgid "[path]``/srv/www/os-images``" +#: modules/administration/pages/public-cloud-azure.adoc:20 +msgid "You can use these commands to create the disks:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:56 -msgid "[path]``/var/cache/rhn``" +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:21 +#, no-wrap +msgid "" +"for d in sdc sdd sde; do\n" +" parted --script /dev/$d mklabel gpt mkpart primary xfs 0% 100%\n" +" mkfs.xfs /dev/${d}1\n" +"done\n" +"mkdir /cachetmp\n" +"mount /dev/sde1 /cachetmp\n" +"cp -a /var/cache/* /cachetmp/\n" +"umount /cachetmp\n" +"echo \"$(blkid /dev/sdc1|awk -F \" \" '{ print $2 }') /var/lib/pgsql xfs " +"defaults,noatime 0 0\" >> /etc/fstab\n" +"echo \"$(blkid /dev/sdd1|awk -F \" \" '{ print $2 }') /var/spacewalk xfs " +"defaults,noatime 0 0\" >> /etc/fstab\n" +"echo \"$(blkid /dev/sde1|awk -F \" \" '{ print $2 }') /var/cache xfs " +"defaults,noatime 0 0\" >> /etc/fstab\n" +"mkdir -p /var/spacewalk\n" +"mount /var/spacewalk\n" +"chown -R wwwrun:root /var/spacewalk\n" +"mount /var/lib/pgsql\n" +"chown -R postgres:postgres /var/lib/pgsql\n" +"mv /var/cache /var/cache.old\n" +"mkdir /var/cache\n" +"mount /var/cache\n" +"rm -r /var/cache.old\n" msgstr "" +#. REMARK: I guess you do this in your Azure instance +#. REMARK: Where do you configure this? #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:57 -msgid "[path]``/var/cache/salt``" +#: modules/administration/pages/public-cloud-azure.adoc:22 +msgid "" +"When you are setting up networking, we recommend that you create a separate " +"private network, with the IP range `10.0.0.0/24`." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:58 -msgid "[path]``/var/lib/cobbler/``" +#: modules/administration/pages/public-cloud-azure.adoc:23 +msgid "" +"Configure the {productname} Server to use the internal IP address " +"`10.0.0.4`. Ensure it is also accessible from outside the network with a " +"fixed IP address." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:59 +#: modules/administration/pages/public-cloud-azure.adoc:24 msgid "" -"[path]``/var/lib/cobbler/templates/`` (before version 4.0 it was [path]``/" -"var/lib/rhn/kickstarts/``)" +"Configure the firewall to only allow inbound traffic on ports `22`, `80`, " +"and `443` to IP address `10.0.0.4`. In this environment, if other servers " +"are added to the network they cannot be reached from outside the network." msgstr "" +#. REMARK: Was does this mean? #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:60 -msgid "[path]``/var/lib/Kiwi``" +#: modules/administration/pages/public-cloud-azure.adoc:25 +msgid "" +"Outbound is open from the private network. This should be restricted for " +"other servers in this private network." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:61 -msgid "[path]``/var/lib/rhn/``" +#: modules/administration/pages/public-cloud-azure.adoc:26 +msgid "" +"You will need to set the DNS zones in Azure before you can configure the " +"{productname} Server. For more information on setting DNS zones, see the " +"Azure documentation." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:62 -msgid "[path]``/var/spacewalk/``" +#. type: Title == +#: modules/administration/pages/public-cloud-azure.adoc:27 +#, no-wrap +msgid "Configure {productname} Server" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:63 -msgid "" -"Plus any directories containing custom data such as scripts, Kickstart or " -"AutoYaST profiles, and custom RPMs." +#: modules/administration/pages/public-cloud-azure.adoc:28 +msgid "Ensure that your {productname} Server is registered with {scc}." msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:68 -msgid "" -"You will also need to back up your database, which you can do with the " -"[command]``smdba`` tool. For more information about the [command]``smdba`` " -"tool, see xref:administration:backup-restore.adoc[]." +#. I wonder why we do even need spacecmd +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:29 +msgid "When your server is registered, install these extra packages:" msgstr "" -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:70 +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:30 #, no-wrap -msgid "Procedure: Restore from a Manual Backup" +msgid "zypper -n in spacecmd mlocate sysstat\n" msgstr "" +#. spacecmd will be installed by default next time +#. ^ How is so? #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:73 -msgid "" -"Re-install {productname}. For more information about recovering from a " -"backup, see xref:administration:backup-restore.adoc[]." +#: modules/administration/pages/public-cloud-azure.adoc:31 +msgid "Apply the latest updates and reboot the server:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:75 +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:32 +#, no-wrap msgid "" -"Re-synchronize your {productname} repositories with the [command]``mgr-" -"sync`` tool. For more information about the [command]``mgr-sync`` tool, see " -"<>." +"zypper -n up -l\n" +"reboot\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:76 +#: modules/administration/pages/public-cloud-azure.adoc:33 +msgid "Check that all file systems are mounted and that PostgreSQL is running:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:34 +#, no-wrap msgid "" -"You can choose to re-register your product, or skip the registration and SSL " -"certificate generation sections." +"mount\n" +"service postgresql status\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:77 +#: modules/administration/pages/public-cloud-azure.adoc:35 msgid "" -"Re-install the [path]``/root/ssl-build/rhn-org-httpd-ssl-key-pair-" -"MACHINE_NAME-VER-REL.noarch.rpm`` package." +"Complete {productname} Server installation and configuration. For more " +"information, see xref:installation:server-setup.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:78 +#: modules/administration/pages/public-cloud-azure.adoc:36 msgid "" -"Schedule the re-creation of search indexes next time the [command]``rhn-" -"search`` service is started:" +"We recommend you configure the {productname} Server so that DHCP does not " +"set the host name. Check [path]``/etc/sysconfig/network/dhcp`` and ensure " +"that `DHCLIENT_SET_HOSTNAME` is set to [literal]``no``:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:81 +#: modules/administration/pages/public-cloud-azure.adoc:37 +#: modules/administration/pages/public-cloud.adoc:26 #, no-wrap -msgid "rhn-search cleanindex\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:85 -msgid "" -"This command produces only debug messages. It does not produce error " -"messages." +msgid "DHCLIENT_SET_HOSTNAME=\"no\"\n" msgstr "" +#. REMARK: hostname -i? #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:88 +#: modules/administration/pages/public-cloud-azure.adoc:38 msgid "" -"Check whether you need to restore [path]``/var/spacewalk/packages/``. If " -"[path]``/var/spacewalk/packages/`` was not in your backup, you will need to " -"restore it. If the source repository is available, you can restore [path]``/" -"var/spacewalk/packages/`` with a complete channel synchronization:" +"Add the Azure client to the [path]``/etc/hosts`` file. At the command " +"prompt, replace [literal]```` with the IP address of the server:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:91 +#: modules/administration/pages/public-cloud-azure.adoc:39 #, no-wrap -msgid "mgr-sync refresh --refresh-channels\n" +msgid "echo \" $(hostname -f) $(hostname)\" >> /etc/hosts\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:94 +#: modules/administration/pages/public-cloud-azure.adoc:40 msgid "" -"Check the progress by running [command]``tail -f /var/log/rhn/reposync/" -"````.log`` as _root_." -msgstr "" - -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:98 -#, no-wrap -msgid "Administering the Database with smdba" +"{productname} Server has a default administration user. In Azure, the " +"system administrator user is called [literal]``admin``. The `admin` user's " +"password is built with two parts. The first part can be found by using this " +"command:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:103 -msgid "" -"The [command]``smdba`` tool is used for managing a local PostgreSQL " -"database. It allows you to back up and restore your database, and manage " -"backups. It can also be used to check the status of your database, and " -"perform administration tasks, such as restarting." +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:41 +#, no-wrap +msgid "azuremetadata --instance-name\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:105 -msgid "" -"The [command]``smdba`` tool works with local PostgreSQL databases only, it " -"will not work with remotely accessed databases, or Oracle databases." +#: modules/administration/pages/public-cloud-azure.adoc:42 +msgid "The second part of the password is [literal]``-suma``" msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:110 +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:43 msgid "" -"The [command]``smdba`` tool requires [command]``sudo`` access, in order to " -"execute system changes. Ensure you have enabled [command]``sudo`` access " -"for the [username]``admin`` user before you begin, by checking the [path]``/" -"etc/sudoers`` file for this line:" +"Alternatively, you can check the " +"[path]``/var/log/susemanager_firstuser.log`` file." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:113 +# +#. REMARK: Do we want to list the details here? Or is such a general xref good enough? +# +#. For the SUSE Manager setup configuration in general, see xref:installation:server-setup.adoc[], _procedure "{productname} Setup"_. +# +#. Pay special attention to the following settings: +# +#. * In the first dialog, select [guimenu]``Set up SUSE Manager from scratch`` +#. * In the next dialog, enter a valid mail address for the administrator +#. * It is very important to remember the password given for SSL. +#. Without this password no SUSE Manager Proxy Server can be installed and no other changes can be made to the certificate. +#. For example, this certificate is eg used on all registered systems to communicate with SUSE Manager Server. +#. * In the [guimenu]``Database Settings`` dialog, it is enough to provide a password. +#. Make sure also to remember this password. +# +#. With these settings the installation can be started. +#. The installation will finish without further input. +#. type: Title = +#: modules/administration/pages/mgr-sync.adoc:1 #, no-wrap -msgid "admin ALL=(postgres) /usr/bin/smdba\n" +msgid "Using ``mgr-sync``" msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:118 -msgid "Check the runtime status of your database with:" +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:2 +msgid "" +"The ``mgr-sync`` tool is used at the command prompt. It provides functions " +"for using {productname} that are not always available in the {webui}. The " +"primary use of ``mgr-sync`` is to connect to the {scc}, retrieve product and " +"package information, and prepare channels for synchronization with the " +"{productname} Server." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:121 -#, no-wrap -msgid "smdba db-status\n" +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:3 +msgid "" +"This tool is designed for use with a {suse} support subscription. It is not " +"required for open source distributions, including {opensuse}, {centos}, and " +"{ubuntu}." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:124 -msgid "This command will return either ``online`` or ``offline``, for example:" +#: modules/administration/pages/mgr-sync.adoc:4 +msgid "" +"The available commands and arguments for ``mgr-sync`` are listed in this " +"table. Use this syntax for ``mgr-sync`` commands:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:127 +#: modules/administration/pages/mgr-sync.adoc:5 #, no-wrap -msgid "Checking database core... online\n" +msgid "mgr-sync [-h] [--version] [-v] [-s] [-d {1,2,3}] {list,add,refresh,delete}\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:130 -msgid "Starting and stopping the database can be performed with:" +#. type: Block title +#: modules/administration/pages/mgr-sync.adoc:6 +#, no-wrap +msgid "mgr-sync Commands" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:133 -#: modules/administration/pages/backup-restore.adoc:279 +#. type: Table +#: modules/administration/pages/mgr-sync.adoc:7 #, no-wrap -msgid "smdba db-start\n" +msgid "" +"| Command | Description | Example Use\n" +"| list | List channels, organization credentials, or products | ``mgr-sync " +"list channels``\n" +"| add | Add channels, organization credentials, or products | ``mgr-sync add " +"channel ``\n" +"| refresh | Refresh the local copy of products, channels, and subscriptions " +"| ``mgr-sync refresh``\n" +"| delete | Delete existing SCC organization credentials from the local " +"system | ``mgr-sync delete credentials``\n" +"| sync | Synchronize specified channel or ask for it when left blank| " +"``mgr-sync sync channel ``\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:136 -msgid "And:" +#: modules/administration/pages/mgr-sync.adoc:8 +msgid "To see the full list of options specific to a command, use this command:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:139 -#: modules/administration/pages/backup-restore.adoc:266 +#: modules/administration/pages/mgr-sync.adoc:9 #, no-wrap -msgid "smdba db-stop\n" +msgid "mgr-sync --help\n" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:144 +#. type: Block title +#: modules/administration/pages/mgr-sync.adoc:10 #, no-wrap -msgid "Database Backup with smdba" +msgid "mgr-sync Optional Arguments" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:150 +#. type: Table +#: modules/administration/pages/mgr-sync.adoc:11 +#, no-wrap msgid "" -"The [command]``smdba`` tool performs a continuous archiving backup. This " -"backup method combines a log of every change made to the database during the " -"current session, with a series of more traditional backup files. When a " -"crash occurs, the database state is first restored from the most recent " -"backup file on disk, then the log of the current session is replayed " -"exactly, to bring the database back to a current state. A continuous " -"archiving backup with [command]``smdba`` is performed with the database " -"running, so there is no need for downtime." +"| Option | Abbreviated option | Description | Example Use\n" +"| help | ``h`` | Display the command usage and options | ``mgr-sync " +"--help``\n" +"| version | N/A | Display the currently installed version of ``mgr-sync`` | " +"``mgr-sync --version``\n" +"| verbose | ``v`` | Provide verbose output | ``mgr-sync --verbose " +"refresh``\n" +"| store-credentials | ``s`` | Store credentials a local hidden file | " +"``mgr-sync --store-credentials``\n" +"| debug | ``d`` | Log additional debugging information. Requires a level of " +"1, 2, 3. 3 provides the highest amnount of debugging information | " +"``mgr-sync -d 3 refresh``\n" +"| no-sync | N/A | Use with the ``add`` command to add products or channels " +"without beginning a synchronization | ``mgr-sync --no-sync add " +"``\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:12 +msgid "Logs for ``mgr-sync`` are located in:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:154 -msgid "" -"This method of backing up is stable and generally creates consistent " -"snapshots, however it can take up a lot of storage space. Ensure you have " -"at least three times the current database size of space available for " -"backups. You can check your current database size by navigating to [path]``/" -"var/lib/pgsql/`` and running [command]``df -h``." +#: modules/administration/pages/mgr-sync.adoc:13 +msgid "[path]``/var/log/rhn/mgr-sync.log``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:159 -msgid "" -"The [command]``smdba`` tool also manages your archives, keeping only the " -"most recent backup, and the current archive of logs. The log files can only " -"be a maximum file size of 16{nbsp}MB, so a new log file will be created when " -"the files reach this size. Every time you create a new backup, previous " -"backups will be purged to release disk space. We recommend you use " -"[command]``cron`` to schedule your [command]``smdba`` backups to ensure that " -"your storage is managed effectively, and you always have a backup ready in " -"case of failure." +#: modules/administration/pages/mgr-sync.adoc:14 +msgid "[path]``/var/log/rhn/rhn_web_api.log``" msgstr "" -#. type: Title === -#: modules/administration/pages/backup-restore.adoc:162 +#. type: Title = +#: modules/administration/pages/ssl-certs.adoc:1 #, no-wrap -msgid "Performing a Manual Database Backup" +msgid "SSL Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:166 +#: modules/administration/pages/ssl-certs.adoc:2 msgid "" -"The [command]``smdba`` tool can be run directly from the command line. We " -"recommend you run a manual database backup immediately after installation, " -"or if you have made any significant changes to your configuration." +"{productname} uses SSL certificates to ensure that clients are registered to " +"the correct server." msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:172 +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:3 msgid "" -"When [command]``smdba`` is run for the first time, or if you have changed " -"the location of the backup, it will need to restart your database before " -"performing the archive. This will result in a small amount of downtime. " -"Regular database backups will not require any downtime." -msgstr "" - -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:174 -#, no-wrap -msgid "Procedure: Performing a Manual Database Backup" +"Every client that uses SSL to register to the {productname} Server checks " +"that it is connecting to the right server by validating against a server " +"certificate. This process is called an SSL handshake." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:178 +#: modules/administration/pages/ssl-certs.adoc:4 msgid "" -"Allocate permanent storage space for your backup. This example uses a " -"directory located at [path]``/var/spacewalk/``. This will become a " -"permanent target for your backup, so ensure it will remain accessible by " -"your server at all times." +"During the SSL handshake, the client will check that the hostname in the " +"server certificate matches what it expects. The client also needs to check " +"if the server certificate is trusted." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:179 -msgid "In your backup location, create a directory for the backup:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:183 -#, no-wrap -msgid "sudo -u postgres mkdir /var/spacewalk/db-backup\n" +#: modules/administration/pages/ssl-certs.adoc:5 +msgid "" +"Every {productname} Server that uses SSL requires an SSL server " +"certificate. Provide the path to the server certificate using the " +"``SERVER_CERT`` environment variable during setup, or with the " +"``--from-server-cert`` option of the [command]``rhn-ssl-tool`` command." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:187 -msgid "Or, as root:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:191 -#, no-wrap -msgid "install -d -o postgres -g postgres -m 700 /var/spacewalk/db-backup\n" +#: modules/administration/pages/ssl-certs.adoc:6 +msgid "" +"Certificate authorities (CAs) are certificates that are used to sign other " +"certificates. All certificates must be signed by a certificate authority " +"(CA) in order for them to be considered valid, and for clients to be able to " +"successfully match against them." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:194 -msgid "Ensure you have the correct permissions set on the backup location:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:198 -#, no-wrap -msgid "chown postgres:postgres /var/spacewalk/db-backup\n" +#: modules/administration/pages/ssl-certs.adoc:7 +msgid "" +"When an organization signs its own certificate, the certificate is " +"considered self-signed. A self-signed certificate is straight-forward to " +"set up, and does not cost any money, but they are considered less secure. " +"If you are using a self-signed certificate, you will have a root CA that is " +"signed with itself. When you look at the details of a root CA, you will see " +"that the subject has the same value as the issuer. Provide the path to your " +"root CA certificate using the ``CA_CERT`` environment variable during setup, " +"or with the ``--ca-cert`` option of the [command]``rhn-ssl-tool`` command." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:203 +#: modules/administration/pages/ssl-certs.adoc:8 msgid "" -"To create a backup for the first time, run the [command]``smdba backup-hot`` " -"command with the [option]``enable`` option set. This will create the backup " -"in the specified directory, and, if necessary, restart the database:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:207 -#, no-wrap -msgid "smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" +"In order for SSL authentication to work correctly, the client must trust the " +"root CA. This means that the root CA must be installed on every client." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:211 +#: modules/administration/pages/ssl-certs.adoc:9 msgid "" -"This command produces debug messages and finishes sucessfully with the " -"output:" +"The default method of SSL authentication is for {productname} to use " +"self-signed certificates. In this case, {productname} has generated all the " +"certificates, and the root CA has signed the server certificate directly." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:215 -#, no-wrap -msgid "INFO: Finished\n" +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:10 +msgid "" +"An alternative method is to use an intermediate CA. In this case, the root " +"CA signs the intermediate CA. The intermediate CA can then sign any number " +"of other intermediate CAs, and the final one signs the server certificate. " +"This is referred to as a chained certificate." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:219 +#: modules/administration/pages/ssl-certs.adoc:11 msgid "" -"Check that the backup files exist in the [path]``/var/spacewalk/db-backup`` " -"directory, to ensure that your backup has been successful." +"If you are using intermediate CAs in a chained certificate, the root CA is " +"installed on the client, and the server certificate is installed on the " +"server. During the SSL handshake, clients must be able to verify the entire " +"chain of intermediate certificates between the root CA and the server " +"certificate, so they must be able to access all the intermediate " +"certificates." msgstr "" -#. type: Title === -#: modules/administration/pages/backup-restore.adoc:223 -#, no-wrap -msgid "Scheduling Automatic Backups" +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:12 +msgid "" +"There are two main ways of achieving this. In {productname}, by default, " +"all the intermediate CAs are installed on the client. However, you could " +"also configure your services on the server to provide them to the client. " +"In this case, during the SSL handshake, the server presents the server " +"certificate as well as all the intermediate CAs." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:229 +#: modules/administration/pages/ssl-certs.adoc:13 msgid "" -"You do not need to shut down your system in order to perform a database " -"backup with [command]``smdba``. However, because it is a large operation, " -"database performance can slow down while the backup is running. We " -"recommend you schedule regular database backups for a low-traffic period, to " -"minimize disruption." +"Whichever method you choose, you must ensure that the ``CA_CERT`` " +"environment variable points to the root CA, and all intermediate CAs. It " +"should not contain the server certificate. The server certificate must be " +"defined at the ``SERVER_CERT`` environment variable." msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:234 +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:14 msgid "" -"Ensure you have at least three times the current database size of space " -"available for backups. You can check your current database size by " -"navigating to [path]``/var/lib/pgsql/`` and running [command]``df -h``." +"By default, {productname} uses a self-signed certificate. For additional " +"security, you can arrange a third party CA to sign your certificates. Third " +"party CAs perform checks to ensure that the information contained in the " +"certificate is correct. They will usually charge an annual fee for this " +"service. Using a third party CA makes certificates harder to spoof, and " +"will provide additional protection for your installation. If you have " +"certificates signed by a third party CA, you can import them to your " +"{productname} installation." msgstr "" -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:236 -#, no-wrap -msgid "Procedure: Scheduling Automatic Backups" +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:15 +msgid "" +"For more on self-signed certificates, see " +"xref:administration:ssl-certs-selfsigned.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:238 +#: modules/administration/pages/ssl-certs.adoc:16 msgid "" -"Create a directory for the backup, and set the appropriate permissions (as " -"root):" +"For more on imported certificates, see " +"xref:administration:ssl-certs-imported.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:242 +#. type: Title = +#: modules/administration/pages/tshoot-taskomatic.adoc:1 #, no-wrap -msgid "install -m 700 -o postgres -g postgres /var/spacewalk/db-backup\n" +msgid "Troubleshooting Taskomatic" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:245 +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# +#. Troubleshooting format: +# +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +# +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step +#. type: Plain text +#: modules/administration/pages/tshoot-taskomatic.adoc:2 msgid "" -"Open [path]``/etc/cron.d/db-backup-mgr``, or create it if it does not exist, " -"and add the following line to create the cron job:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:249 -#, no-wrap -msgid "0 2 * * * root /usr/bin/smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" +"Repository metadata regeneration is a relatively intensive process, so " +"Taskomatic can take several minutes to complete. Additionally, if " +"Taskomatic crashes, repository metadata regeneration can be interrupted." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:252 +#: modules/administration/pages/tshoot-taskomatic.adoc:3 msgid "" -"Check the backup directory regularly to ensure the backups are working as " -"expected." +"If Taskomatic is still running, or if the process has crashed, package " +"updates can seem available in the {webui}, but will not appear on the " +"client, and attempts to update the client will fail. In this case, the " +"[command]``zypper ref`` command will show an error like this:" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:256 +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:4 #, no-wrap -msgid "Restoring from Backup" +msgid "Valid metadata not found at specified URL\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:259 +#: modules/administration/pages/tshoot-taskomatic.adoc:5 msgid "" -"The [command]``smdba`` tool can be used to restore from backup in the case " -"of failure." +"To correct this, determine if Taskomatic is still in the process of " +"generating repository metadata, or if a crash could have occurred. Wait for " +"metadata regeneration to complete or restart Taskomatic after a crash in " +"order for client updates to be carried out correctly." msgstr "" #. type: Block title -#: modules/administration/pages/backup-restore.adoc:260 +#: modules/administration/pages/tshoot-taskomatic.adoc:6 #, no-wrap -msgid "Procedure: Restoring from Backup" +msgid "Procedure: Resolving Taskomatic Problems" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:262 -msgid "Shut down the database:" +#: modules/administration/pages/tshoot-taskomatic.adoc:7 +msgid "" +"On the {productname} Server, check the " +"[path]``/var/log/rhn/rhn_taskomatic_daemon.log`` file to determine if any " +"metadata regeneration processes are still running, or if a crash occurred." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:268 -msgid "Start the restore process and wait for it to complete:" +#: modules/administration/pages/tshoot-taskomatic.adoc:8 +msgid "Restart taskomatic:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:272 +#: modules/administration/pages/tshoot-taskomatic.adoc:9 #, no-wrap -msgid "smdba backup-restore start\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:275 -msgid "Restart the database:" +msgid "service taskomatic restart\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:282 -msgid "Check if there are differences between the RPMs and the database." +#: modules/administration/pages/tshoot-taskomatic.adoc:10 +msgid "" +"In the Taskomatic log files, you can identify the section related to " +"metadata regeneration by looking for opening and closing lines that look " +"like this:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:286 +#: modules/administration/pages/tshoot-taskomatic.adoc:11 #, no-wrap -msgid "spacewalk-data-fsck\n" +msgid "" +" ,174 [Thread-584] INFO " +"com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Generating new " +"repository metadata for channel " +"'cloned-2018-q1-sles12-sp3-updates-x86_64'(sha256) 550 packages, 140 " +"errata\n" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:291 +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:12 #, no-wrap -msgid "Archive Log Settings" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:295 -msgid "" -"Archive logging allows the database management tool [command]``smdba`` to " -"perform hot backups. In {productname} with an embedded database, archive " -"logging is enabled by default." +msgid "...\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:299 +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:13 +#, no-wrap msgid "" -"PostgreSQL maintains a limited number of archive logs. Using the default " -"configuration, approximately 64 files with a size of 16 MiB are stored." -msgstr "" - -#. FIXME: Use sle 15 channels as an example -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:302 -msgid "Creating a user and syncing the channels:" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:304 -msgid "SLES12-SP2-Pool-x86_64" +" ,704 [Thread-584] INFO " +"com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Repository metadata " +"generation for 'cloned-2018-q1-sles12-sp3-updates-x86_64' finished in 4 " +"seconds\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:305 -msgid "SLES12-SP2-Updates-x86_64" +#. type: Title = +#: modules/administration/pages/actions.adoc:1 +#, no-wrap +msgid "Actions" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:306 -msgid "SLE-Manager-Tools12-Pool-x86_64-SP2" +#: modules/administration/pages/actions.adoc:2 +msgid "You can manage actions on your clients in a number of different ways." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:307 -msgid "SLE-Manager-Tools12-Updates-x86_64-SP2" +#: modules/administration/pages/actions.adoc:3 +msgid "" +"For Salt clients, you can schedule automated recurring actions to apply the " +"highstate to clients on a specified schedule. You can apply recurring " +"actions to individual clients, to all clients in a system group, or to an " +"entire organization." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:311 +#: modules/administration/pages/actions.adoc:4 msgid "" -"PostgreSQL will generate an additional roughly 1 GB of data. So it is " -"important to think about a backup strategy and create a backups in a regular " -"way." +"On both Salt and traditional clients, you can set actions to be performed in " +"a particular order by creating action chains. Action chains can be created " +"and edited ahead of time, and scheduled to run at a time that suits you." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:313 +#: modules/administration/pages/actions.adoc:5 msgid "" -"Archive logs are stored at [path]``/var/lib/pgsql/data/pg_xlog/`` " -"(postgresql)." +"You can also perform remote commands on one or more of your Salt clients. " +"Remote commands allows you to issue commands to individual Salt clients, or " +"to all clients that match a search term." msgstr "" #. type: Title == -#: modules/administration/pages/backup-restore.adoc:317 +#: modules/administration/pages/actions.adoc:6 #, no-wrap -msgid "Retrieving an Overview of Occupied Database Space" +msgid "Recurring Actions" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:321 +#: modules/administration/pages/actions.adoc:7 msgid "" -"Database administrators may use the subcommand [command]``space-overview`` " -"to get a report about occupied table spaces, for example:" +"You can apply recurring actions on individual Salt clients, or to all " +"clients in an organization." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:324 +#. type: Block title +#: modules/administration/pages/actions.adoc:8 #, no-wrap -msgid "smdba space-overview\n" +msgid "Procedure: Creating a New Recurring Action" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:327 -#: modules/administration/pages/backup-restore.adoc:349 -msgid "outputs:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:331 -#: modules/administration/pages/backup-restore.adoc:353 -#, no-wrap +#: modules/administration/pages/actions.adoc:9 msgid "" -"SUSE Manager Database Control. Version 1.5.2\n" -"Copyright (c) 2012 by SUSE Linux Products GmbH\n" +"To apply a recurring action to an individual client, navigate to " +"[guimenu]``Systems``, click the client to configure schedules for, and " +"navigate to the menu:States[Recurring States] tab." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:337 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/actions.adoc:10 msgid "" -"Tablespace | Size (Mb) | Avail (Mb) | Use %\n" -"------------+-----------+------------+------\n" -"postgres | 7 | 49168 | 0.013\n" -"susemanager | 776 | 48399 | 1.602\n" +"To apply a recurring action to a system group, navigate to " +"menu:Systems[System Groups], select the group to configure schedules for, " +"and navigate to menu:States[Recurring States] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:343 -msgid "" -"The [command]``smdba`` command is available for PostgreSQL. For a more " -"detailed report, use the [command]``space-tables`` subcommand. It lists the " -"table and its size, for example:" +#: modules/administration/pages/actions.adoc:11 +msgid "Click btn:[Create]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:346 -#, no-wrap -msgid "smdba space-tables\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:12 +msgid "Type a name for the new schedule." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:365 -#, no-wrap -msgid "" -"Table | Size\n" -"--------------------------------------+-----------\n" -"public.all_primary_keys | 0 bytes\n" -"public.all_tab_columns | 0 bytes\n" -"public.allserverkeywordsincereboot | 0 bytes\n" -"public.dblink_pkey_results | 0 bytes\n" -"public.dual | 8192 bytes\n" -"public.evr_t | 0 bytes\n" -"public.log | 32 kB\n" -"...\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:13 +msgid "Choose the frequency of the recurring action:" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:369 -#, no-wrap -msgid "Moving the Database" +#. type: Plain text +#: modules/administration/pages/actions.adoc:14 +msgid "[guimenu]``Hourly:`` Type the minute of each hour." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:375 +#: modules/administration/pages/actions.adoc:15 msgid "" -"It is possible to move the database to another location. For example, move " -"the database if the database storage space is running low. The following " -"procedure will guide you through moving the database to a new location for " -"use by {productname}." +"For example, [parameter]``15`` will run the action at fifteen minutes past " +"every hour." msgstr "" -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:376 -#, no-wrap -msgid "Procedure: Moving the Database" +#. type: Plain text +#: modules/administration/pages/actions.adoc:16 +msgid "[guimenu]``Daily:`` Select the time of each day." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:378 +#: modules/administration/pages/actions.adoc:17 msgid "" -"The default storage location for {productname} is [path]``/var/lib/pgsql/``. " -"If you would like to move it, for example to [path]``/storage/postgres/``, " -"proceed as follows." +"For example, [parameter]``01:00`` will run the action at 0100 every day, in " +"the timezone of the {productname} Server." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:380 -msgid "Stop the running database with (as root):" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:384 -#, no-wrap -msgid "rcpostgresql stop\n" +#: modules/administration/pages/actions.adoc:18 +msgid "" +"[guimenu]``Weekly:`` Select the day of the week and the time of the day, to " +"execute the action every week at the specified time." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:387 -msgid "Shut down the running Spacewalk services with:" +#: modules/administration/pages/actions.adoc:19 +msgid "" +"[guimenu]``Monthly:`` Select the day of the month and the time of the day, " +"to execute the action every month at the specified time." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:391 -#, no-wrap -msgid "spacewalk-service stop\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:20 +msgid "" +"[guimenu]``Custom Quartz format:`` For more detailed options, enter a custom " +"quartz string." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:394 +#: modules/administration/pages/actions.adoc:21 msgid "" -"Copy the current working directory structure with [command]``cp`` using the " -"[option]``-a, --archive`` option. For example:" +"For example, to run a recurring action at 0215 every Saturday of every " +"month, enter:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:398 +#: modules/administration/pages/actions.adoc:22 #, no-wrap -msgid "cp --archive /var/lib/pgsql/ /storage/postgres/\n" +msgid "0 15 2 ? * 7\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:402 +#: modules/administration/pages/actions.adoc:23 msgid "" -"This command will copy the contents of [path]``/var/lib/pgsql/`` to [path]``/" -"storage/postgres/pgsql/``." +"OPTIONAL: Toggle the [guimenu]``Test mode`` switch on to run the schedule in " +"test mode." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:405 +#: modules/administration/pages/actions.adoc:24 msgid "" -"The contents of the [path]``/var/lib/pgsql`` directory needs to remain the " -"same, otherwise the {productname} database may malfunction. You also should " -"ensure that there is enough available disk space." +"Click btn:[Create Schedule] to save, and see the complete list of existing " +"schedules." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:408 -msgid "Mount the new database directory with:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:412 -#, no-wrap -msgid "mount /storage/postgres/pgsql\n" +#: modules/administration/pages/actions.adoc:25 +msgid "" +"Organization Administrators can set and edit recurring actions for all " +"clients in the organization. Navigate to menu:Home[My Organization > " +"Recurring States] to see all recurring actions that apply to the entire " +"organization." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:414 +#: modules/administration/pages/actions.adoc:26 msgid "" -"Make sure ownership is `postgres:postgres` and not `root:root` by changing " -"to the new directory and running the following commands:" +"{productname} Administrators can set and edit recurring actions for all " +"clients in all organizations. Navigate to menu:Admin[Organizations], select " +"the organization to manage, and navigate to the menu:States[Recurring " +"States] tab." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:419 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/actions.adoc:27 msgid "" -"cd /storage/postgres/pgsql/\n" -"ls -l\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:423 -msgid "Outputs:" +"Recurring actions can only be used with Salt clients. Traditional clients " +"in your group or organization are ignored." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:428 +#. type: Title == +#: modules/administration/pages/actions.adoc:28 #, no-wrap -msgid "" -"total 8\n" -"drwxr-x--- 4 postgres postgres 47 Jun 2 14:35 ./\n" +msgid "Action Chains" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:430 +#: modules/administration/pages/actions.adoc:29 msgid "" -"Add the new database mount location to your servers fstab by editing " -"[path]``etc/fstab``." +"If you need to perform a number of sequential actions on your clients, you " +"can create an action chain to ensure the order is respected." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:431 -msgid "Start the database with:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:435 -#, no-wrap -msgid "rcpostgresql start\n" +#: modules/administration/pages/actions.adoc:30 +msgid "" +"By default, most clients will execute an action as soon as the command is " +"issued. In some case, actions will take a long time, which could mean that " +"actions issued afterwards fail. For example, if you instruct a client to " +"reboot, then issue a second command, the second action could fail because " +"the reboot is still occurring. To ensure that actions occur in the correct " +"order, use action chains." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:438 -msgid "Start the Spacewalk services with:" +#: modules/administration/pages/actions.adoc:31 +msgid "" +"You can use action chains on both traditional and Salt clients. Action " +"chains can include any number of these actions, in any order:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:442 -#, no-wrap -msgid "spacewalk-service start\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:32 +msgid "menu:System Details[Remote Command]" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:446 -#, no-wrap -msgid "Recovering from a Crashed Root Partition" +#. type: Plain text +#: modules/administration/pages/actions.adoc:33 +msgid "menu:System Details[Schedule System Reboot]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:451 -msgid "" -"This section provides guidance on restoring your server after its root " -"partition has crashed. This section assumes you have setup your server " -"similar to the procedure explained in Installation guide with separate " -"partitions for the database and for channels mounted at [path]``/var/lib/" -"pgsql`` and [path]``/var/spacewalk/``." +#: modules/administration/pages/actions.adoc:34 +msgid "menu:System Details[States > Highstate]" msgstr "" -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:452 -#, no-wrap -msgid "Procedure: Recovering from a Crashed Root Partition" +#. type: Plain text +#: modules/administration/pages/actions.adoc:35 +msgid "menu:System Details[Software > Packages > List/Remove]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:456 -msgid "" -"Install {productname}. Do not mount the [path]``/var/spacewalk`` and " -"[path]``/var/lib/pgsql`` partitions. Wait for the installation to complete " -"before going on to the next step." +#: modules/administration/pages/actions.adoc:36 +msgid "menu:System Details[Software > Packages > Install]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:457 -msgid "Shut down the services with [command]``spacewalk-service shutdown``." +#: modules/administration/pages/actions.adoc:37 +msgid "menu:System Details[Software > Packages > Upgrade]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:458 -msgid "Shut down the database with [command]``rcpostgresql stop``." +#: modules/administration/pages/actions.adoc:38 +msgid "menu:System Details[Software > Patches]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:459 -msgid "Mount [path]``/var/spacewalk`` and [path]``/var/lib/pgsql`` partitions." +#: modules/administration/pages/actions.adoc:39 +msgid "menu:System Details[Software > Software Channels]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:460 -msgid "Restore the directories listed in <>." +#: modules/administration/pages/actions.adoc:40 +msgid "menu:System Details[Configuration]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:461 -msgid "" -"Start the Spacewalk services with [command]``spacewalk-services start``." +#: modules/administration/pages/actions.adoc:41 +msgid "menu:Images[Build]" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:462 -msgid "Start the database with [command]``rcpostgresql start``." +#. type: Block title +#: modules/administration/pages/actions.adoc:42 +#, no-wrap +msgid "Procedure: Creating a New Action Chain" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:464 +#: modules/administration/pages/actions.adoc:43 msgid "" -"{productname} should now operate normally without loss of your database or " -"synced channels." +"In the {productname} {webui}, navigate to the first action you want to " +"perform in the action chain." msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:467 -#, no-wrap -msgid "Database Connection Information" +#. type: Plain text +#: modules/administration/pages/actions.adoc:44 +msgid "" +"For example, navigate to [guimenu]``System Details`` for a client, and click " +"btn:[Schedule System Reboot]." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:470 -msgid "" -"The information for connecting to the {productname} database is located in " -"[path]``/etc/rhn/rhn.conf``:" +#: modules/administration/pages/actions.adoc:45 +msgid "Check the [guimenu]``Add to`` field and select ``new action chain``." msgstr "" -#. There are no such default, they are user-spcified, though -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:480 -#, no-wrap -msgid "" -"db_backend = postgresql\n" -"db_user = susemanager\n" -"db_password = susemanager\n" -"db_name = susemanager\n" -"db_host = localhost\n" -"db_port = 5432\n" -"db_ssl_enabled =\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:46 +msgid "Confirm the action." msgstr "" -#. type: Title = -#: modules/administration/pages/channel-management.adoc:2 -#, no-wrap -msgid "Channel Management" +#. type: Plain text +#: modules/administration/pages/actions.adoc:47 +msgid "" +"This will not perform the action immediately, it will instead create the new " +"action chain, and a blue bar confirming this appears at the top of the " +"screen." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:5 -msgid "Channels are a method of grouping software packages." +#: modules/administration/pages/actions.adoc:48 +msgid "" +"Continue adding actions to your action chain by checking the [guimenu]``Add " +"to`` field and selecting the name of the action chain to add them to." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:9 +#: modules/administration/pages/actions.adoc:49 msgid "" -"In {productname}, channels are grouped into base and child channels, with " -"base channels grouped by operating system type, version, and architecture, " -"and child channels being compatible with their related base channel. When a " -"client has been assigned to a base channel, it is only possible for that " -"system to install the related child channels. Organizing channels in this " -"way ensures that only compatible packages are installed on each system." +"When you have finished adding actions, navigate to menu:Schedule[Action " +"Chains] and selecting the action chain from the list." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:14 +#: modules/administration/pages/actions.adoc:50 msgid "" -"Software channels use repositories to provide packages. The channels mirror " -"the repositories in {productname}, and the package names and other data are " -"stored in the {productname} database. You can have any number of " -"repositories associated with a channel. The software from those " -"repositories can then be installed on clients by subscribing the client to " -"the appropriate channel." +"Re-order actions by dragging them and dropping them into the correct " +"position." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:17 +#: modules/administration/pages/actions.adoc:51 msgid "" -"Clients can only be assigned to one base channel. The client can then " -"install or update packages from the repositories associated with that base " -"channel and any of its child channels." +"Click the blue plus sign to see the clients an action will be performed on. " +"Click btn:[Save] to save your changes." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:22 +#: modules/administration/pages/actions.adoc:52 msgid "" -"{productname} provides a number of vendor channels, which provide you " -"everything you need to run {productname}. {productname} Administrators and " -"Channel Administrators have channel management authority, which gives them " -"the ability to create and manage their own custom channels. If you want to " -"use your own packages in your environment, you can create custom channels. " -"Custom channels can be used as a base channel, or you can associate them " -"with a vendor base channel." +"Schedule a time for your action chain to run, and click btn:[Save and " +"Schedule]." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:24 +#: modules/administration/pages/actions.adoc:53 msgid "" -"For more on creating custom channels, see xref:administration:custom-" -"channels.adoc[]." +"If you leave the page without clicking either btn:[Save] or btn:[Save and " +"Schedule] all unsaved changes will be discarded." msgstr "" -#. type: Title == -#: modules/administration/pages/channel-management.adoc:27 -#, no-wrap -msgid "Channel Administration" +#. type: delimited block = +#: modules/administration/pages/actions.adoc:54 +msgid "" +"If one action in an action chain fails, the action chain stops, and no " +"further actions are executed." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:32 +#: modules/administration/pages/actions.adoc:55 msgid "" -"By default, any user can subscribe channels to a system. You can implement " -"restrictions on the channel using the {webui}." +"You can see scheduled actions from action chains by navigating to " +"menu:Schedule[Pending Actions]." msgstr "" -#. type: Block title -#: modules/administration/pages/channel-management.adoc:35 +#. type: Title == +#: modules/administration/pages/actions.adoc:56 #, no-wrap -msgid "Procedure: Restricting Subscriber Access to a Channel" +msgid "Remote Commands" msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:37 +#: modules/administration/pages/actions.adoc:57 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Channel List], and " -"select the channel to edit." +"You can configure clients to run commands remotely. This allows you to " +"issue scripts or individual commands to a client, without having access to " +"the client directly." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:39 +#: modules/administration/pages/actions.adoc:58 msgid "" -"Locate the [guimenu]``Per-User Subscription Restrictions`` section and check " -"[guimenu]``Only selected users within your organization may subscribe to " -"this channel``. Click btn:[Update] to save the changes." +"This feature is automatically enabled on Salt clients, and you do not need " +"to perform any further configuration. For traditional clients, the feature " +"is enabled if you have registered the client using a bootstrap script and " +"have enabled remote commands. You can use this procedure to enable it " +"manually, instead." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:39 +#: modules/administration/pages/actions.adoc:59 msgid "" -"Navigate to the [guimenu]``Subscribers`` tab and select or deselect users as " -"required." +"Before you begin, ensure your client is subscribed to the appropriate tools " +"child channel for its installed operating system. For more information " +"about subscribing to software channels, see " +"xref:client-configuration:channels.adoc[]." msgstr "" -#. type: Title = -#: modules/administration/pages/content-lifecycle-examples.adoc:2 +#. type: Block title +#: modules/administration/pages/actions.adoc:60 #, no-wrap -msgid "Content Lifecycle Management Examples" +msgid "Procedure: Configuring Traditional Clients to Accept Remote Commands" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:6 +#: modules/administration/pages/actions.adoc:61 msgid "" -"This section contains some common examples of how you can use content " -"lifecycle management. Use these examples to build your own personalized " -"implementation." +"On the client, at the command prompt, use the package manager to install the " +"[systemitem]``rhncfg``, [systemitem]``rhncfg-client``, and " +"[systemitem]``rhncfg-actions`` packages, if not already installed." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:10 +#. type: delimited block - +#: modules/administration/pages/actions.adoc:63 #, no-wrap -msgid "Creating a Project for a Monthly Patch Cycle" +msgid "zypper in rhncfg rhncfg-client rhncfg-actions\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:13 -msgid "An example project for a monthly patch cycle consists of:" +#: modules/administration/pages/actions.adoc:64 +msgid "" +"On the client, at the command prompt, as root, create a path in the local " +"configuration directory:" msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:15 -#: modules/administration/pages/content-lifecycle-examples.adoc:23 +#. type: delimited block - +#: modules/administration/pages/actions.adoc:65 #, no-wrap -msgid "Creating a `By Date` filter" +msgid "mkdir -p /etc/sysconfig/rhn/allowed-actions/script\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:16 -msgid "Adding the filter to the project" +#: modules/administration/pages/actions.adoc:66 +msgid "Create an empty file called [path]``run`` in the new directory." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:17 -msgid "Applying the filter to a new project build" +#: modules/administration/pages/actions.adoc:67 +msgid "This file grants the {productname} Server permission to run remote commands:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:18 -msgid "Excluding a patch from the project" +#. type: delimited block - +#: modules/administration/pages/actions.adoc:68 +#, no-wrap +msgid "touch /etc/sysconfig/rhn/allowed-actions/script/run\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:19 -msgid "Including a patch in the project" +#: modules/administration/pages/actions.adoc:69 +msgid "" +"For Salt clients, remote commands are run from the [path]``/tmp/`` directory " +"on the client. To ensure that remote commands work accurately, do not mount " +"``/tmp`` with the [parameter]``noexec`` option." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:27 +#. type: delimited block = +#: modules/administration/pages/actions.adoc:70 msgid "" -"The ``By Date`` filter excludes all patches released after a specified " -"date. This filter is useful for your content lifecycle projects that follow " -"a monthly patch cycle." +"All commands run from the [guimenu]``Remote Commands`` page are executed as " +"{rootuser} on clients. Wildcards can be used to run commands across any " +"number of systems. Always take extra care to check your commands before " +"issuing them." msgstr "" #. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:29 +#: modules/administration/pages/actions.adoc:71 #, no-wrap -msgid "Procedure: Creating the ``By Date`` Filter" +msgid "Procedure: Running Remote Commands on Traditional Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:31 -#: modules/administration/pages/content-lifecycle-examples.adoc:76 -#: modules/administration/pages/content-lifecycle-examples.adoc:106 +#: modules/administration/pages/actions.adoc:72 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters] " -"and click btn:[Create Filter]." +"In the {productname} {webui}, navigate to [guimenu]``Systems``, click the " +"client to run a remote command on, and navigate to the menu:Details[Remote " +"Command] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:33 +#: modules/administration/pages/actions.adoc:73 msgid "" -"In the [guimenu]``Filter Name`` field, type a name for your filter. For " -"example, [systemitem]``Exclude patches by date``." +"In the [guimenu]``Run as user`` field, type the user ID (UID) of the user on " +"the client that you want to run the command." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:34 +#: modules/administration/pages/actions.adoc:74 msgid "" -"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Issue " -"date)``." +"Alternatively, you can specify a group to run the command, using the group " +"ID (GID) in the [guimenu]``Run as group`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:35 +#: modules/administration/pages/actions.adoc:75 msgid "" -"In the [guimenu]``Matcher`` field, [guimenu]``later or equal`` is " -"autoselected." +"OPTIONAL: In the [guimenu]``Timeout`` field, type a timeout period for the " +"command, in seconds." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:36 -msgid "Select the date and time." +#: modules/administration/pages/actions.adoc:76 +msgid "If the command is not executed within this period, it will not be run." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:37 -#: modules/administration/pages/content-lifecycle-examples.adoc:48 -#: modules/administration/pages/content-lifecycle-examples.adoc:83 -#: modules/administration/pages/content-lifecycle-examples.adoc:115 -msgid "Click btn:[Save]." +#: modules/administration/pages/actions.adoc:77 +msgid "In the [guimenu]``Command label`` field, type a name for your command." msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:41 -#, no-wrap -msgid "Adding the Filter to the Project" -msgstr "" - -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:43 -#, no-wrap -msgid "Procedure: Adding a Filter to a Project" +#. type: Plain text +#: modules/administration/pages/actions.adoc:78 +msgid "In the [guimenu]``Script`` field, type the command or script to execute." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:45 +#: modules/administration/pages/actions.adoc:79 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects] " -"and select a project from the list." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:46 -msgid "Click btn:[Attach/Detach Filters] link to see all available filters" +"Select a date and time to execute the command, or add the remote command to " +"an action chain." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:47 -msgid "Select the new [guimenu]``Exclude patches by date`` filter." -msgstr "" - -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:52 -#, no-wrap -msgid "Applying the Filter to a new Project Build" +#: modules/administration/pages/actions.adoc:80 +msgid "Click btn:[Schedule] to schedule the remote command." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:56 +#: modules/administration/pages/actions.adoc:81 msgid "" -"The new filter is added to your filter list, but it still needs to be " -"applied to the project. To apply the filter you need to build the first " -"environment." +"For more information about action chains, see " +"xref:reference:schedule/action-chains.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:57 +#: modules/administration/pages/actions.adoc:82 #, no-wrap -msgid "Procedure: Using the Filter" +msgid "Procedure: Running Remote Commands on Salt Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:59 -msgid "Click btn:[Build] to build the first environment." +#: modules/administration/pages/actions.adoc:83 +msgid "Navigate to menu:Salt[Remote Commands]." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:61 +#: modules/administration/pages/actions.adoc:84 msgid "" -"OPTIONAL: Add a message. You can use messages to help track the build " -"history." +"In the first field, before the ``@`` symbol, type the command you want to " +"issue." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:62 +#: modules/administration/pages/actions.adoc:85 msgid "" -"Check that the filter has worked correctly by using the new channels on a " -"test server." +"In the second field, after the ``@`` symbol, type the client you want to " +"issue the command on." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:64 +#: modules/administration/pages/actions.adoc:86 msgid "" -"Click btn:[Promote] to move the content to the next environment. The build " -"will take longer if you have a large number of filters, or they are very " -"complex." -msgstr "" - -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:68 -#, no-wrap -msgid "Excluding a Patch from the Project" +"You can type the ``minion-id`` of an individual client, or you can use " +"wildcards to target a range of clients." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:72 +#: modules/administration/pages/actions.adoc:87 msgid "" -"Tests may help you discover issues. When an issue is found, exclude the " -"problem patch released before the `by date` filter." -msgstr "" - -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:73 -#, no-wrap -msgid "Procedure: Excluding a Patch" +"Click btn:[Find targets] to check which clients you have targeted, and " +"confirm that you have used the correct details." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:78 -msgid "" -"In the [guimenu]``Filter Name`` field, enter a name for the filter. For " -"example, [systemitem]``Exclude openjdk patch``." +#: modules/administration/pages/actions.adoc:88 +msgid "Click btn:[Run command] to issue the command to the target clients." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:79 -#: modules/administration/pages/content-lifecycle-examples.adoc:109 -msgid "" -"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Advisory " -"Name)``." +#. type: Title = +#: modules/administration/pages/admin-overview.adoc:1 +#, no-wrap +msgid "Administration Guide Overview" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:80 -#: modules/administration/pages/content-lifecycle-examples.adoc:110 -msgid "In the [guimenu]``Matcher`` field, select [guimenu]``equals``." +#: modules/administration/pages/admin-overview.adoc:2 +#, no-wrap +msgid "**Publication Date:** {docdate}\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:82 +#: modules/administration/pages/admin-overview.adoc:3 msgid "" -"In the [guimenu]``Advisory Name`` field, type a name for the advisory. For " -"example, [systemitem]``SUSE-15-2019-1807``." +"This book provides guidance on performing administration tasks on the " +"{productname} Server." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:84 -#: modules/administration/pages/content-lifecycle-examples.adoc:177 -#: modules/administration/pages/content-lifecycle-examples.adoc:255 -msgid "Navigate to menu:Content Lifecycle[Projects] and select your project." +#. type: Title = +#: modules/administration/pages/auditing.adoc:1 +#, no-wrap +msgid "Auditing" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:85 +#: modules/administration/pages/auditing.adoc:2 msgid "" -"Click btn:[Attach/Detach Filters] link, select [guimenu]``Exclude openjdk " -"patch``, and click btn:[Save]." +"In {productname}, you can keep track of your clients through a series of " +"auditing tasks. You can check that your clients are up to date with all " +"public security patches (CVEs), perform subscription matching, and use " +"OpenSCAP to check for specification compliance." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:87 +#: modules/administration/pages/auditing.adoc:3 msgid "" -"When you rebuild the project with the btn:[Build] button, the new filter is " -"used together with the [guimenu]``by date`` filter we added before." +"In the {productname} {webui}, navigate to [guimenu]``Audit`` to perform " +"auditing tasks." msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:91 +#. This will probably need to be broken into sub-sections. --LKB 20200205 +#. type: Title == +#: modules/administration/pages/auditing.adoc:4 #, no-wrap -msgid "Including a Patch in the Project" +msgid "CVE Audits" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:97 +#: modules/administration/pages/auditing.adoc:5 msgid "" -"In this example, you have received a security alert. An important security " -"patch was released several days after the first of the month you are " -"currently working on. The name of the new patch is ``SUSE-15-2019-2071``. " -"You need to include this new patch into your environment." +"A CVE (common vulnerabilities and exposures) is a fix for a publicly known " +"security vulnerability." msgstr "" #. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:102 -msgid "" -"The [guimenu]``Allow`` filters rule overrides the exclude function of the " -"[guimenu]``Deny`` filter rule. For more information, see xref:" -"administration:content-lifecycle.adoc[]." -msgstr "" - -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:104 -#, no-wrap -msgid "Procedure: Including a Patch in a Project" +#: modules/administration/pages/auditing.adoc:6 +msgid "You must apply CVEs to your clients as soon as they become available." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:108 +#: modules/administration/pages/auditing.adoc:7 msgid "" -"In the [guimenu]``Filter Name`` field, type a name for the filter. For " -"example, [systemitem]``Include kernel security fix``." +"Each CVE contains an identification number, a description of the " +"vulnerability, and links to further information. CVE identification numbers " +"use the form ``CVE-YEAR-XXXX``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:111 +#: modules/administration/pages/auditing.adoc:8 msgid "" -"In the [guimenu]``Advisory Name`` field, type " -"[guimenu]``SUSE-15-2019-2071``, and check [guimenu]``Allow``." +"In the {productname} {webui}, navigate to menu:Audit[CVE Audit] to see a " +"list of all clients and their current patch status." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:112 -#: modules/administration/pages/content-lifecycle-examples.adoc:176 -msgid "Click btn:[Save] to store the filter." +#: modules/administration/pages/auditing.adoc:9 +msgid "" +"By default, the CVE data is updated at 2300 every day. We recommend that " +"before you begin a CVE audit you refresh the data to ensure you have the " +"latest patches." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:113 -msgid "" -"Navigate to menu:Content Lifecycle[Projects] and select your project from " -"the list." +#. type: Block title +#: modules/administration/pages/auditing.adoc:10 +#, no-wrap +msgid "Procedure: Updating CVE Data" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:114 +#: modules/administration/pages/auditing.adoc:11 msgid "" -"Click btn:[Attach/Detach Filters], and select [guimenu]``Include kernel " -"security patch``." +"In the {productname} {webui}, navigate to menu:Admin[Task Schedules] and " +"select the ``cve-server-channels-default`` schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:116 -msgid "Click btn:[Build] to rebuild the environment." +#: modules/administration/pages/auditing.adoc:12 +msgid "Click btn:[cve-server-channels-bunch]." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:120 -#, no-wrap -msgid "Update an Existing Monthly Patch Cycle" +#. type: Plain text +#: modules/administration/pages/auditing.adoc:13 +msgid "Click btn:[Single Run Schedule] to schedule the task." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:123 -msgid "" -"When a monthly patch cycle is complete, you can update the patch cycle for " -"the next month." +#: modules/administration/pages/auditing.adoc:14 +msgid "Allow the task to complete before continuing with the CVE audit." msgstr "" #. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:124 +#: modules/administration/pages/auditing.adoc:15 #, no-wrap -msgid "Procedure: Updating a Monthly Patch Cycle" +msgid "Procedure: Verifying Patch Status" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:127 -msgid "" -"In the [guimenu]``by date`` field, change the date of the filter to the next " -"month. Alternatively, create a new filter and change the assignment to the " -"project." +#: modules/administration/pages/auditing.adoc:16 +msgid "In the {productname} {webui}, navigate to menu:Audit[CVE Audit]." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:129 +#: modules/administration/pages/auditing.adoc:17 msgid "" -"Check if the exclude filter for ``SUSE-15-2019-1807`` can be detached from " -"the project. There may be a new patch available to fix this issue." +"OPTIONAL: To check the patch status for a particular CVE, type the CVE " +"identifier in the [guimenu]``CVE Number`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:131 +#: modules/administration/pages/auditing.adoc:18 msgid "" -"Detach the ``allow`` filter you added previously. The patch is included by " -"default." +"Select the patch statuses you want to look for, or leave all statuses " +"checked to look for all." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:132 +#: modules/administration/pages/auditing.adoc:19 msgid "" -"Rebuild the project to create a new environment with patches for the next " -"month." -msgstr "" - -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:136 -#, no-wrap -msgid "Enhance a Project with Live Patching" +"Click btn:[Audit Servers] to check all systems, or click btn:[Audit Images] " +"to check all images." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:139 +#: modules/administration/pages/auditing.adoc:20 msgid "" -"This section covers setting up filters to create environments for live " -"patching." +"For more information about the patch status icons used on this page, see " +"xref:reference:audit/audit-cve-audit.adoc[]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:143 +#. type: Plain text +#: modules/administration/pages/auditing.adoc:21 msgid "" -"When you are preparing to use live patching, there are some important " -"considerations" +"For each system, the [guimenu]``Next Action`` column provides information " +"about what you need to do to address vulnerabilities. If applicable, a list " +"of candidate channels or patches is also given. You can also assign systems " +"to a [guimenu]``System Set`` for further batch processing." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:146 +#. type: Plain text +#: modules/administration/pages/auditing.adoc:22 msgid "" -"Only ever use one kernel version on your systems. The live patching " -"packages are installed with a specific kernel." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:147 -msgid "Live patching updates are shipped as one patch." +"You can use the {productname} API to verify the patch status of your " +"clients. Use the ``audit.listSystemsByPatchStatus`` API method. For more " +"information about this method, see the {productname} API Guide." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:150 -msgid "" -"Each kernel patch that begins a new series of live patching kernels will " -"display the ``required reboot`` flag. These kernel patches come with live " -"patching tools. When you have installed them, you will need to reboot the " -"system at least once before the next year." +#. type: Title == +#: modules/administration/pages/auditing.adoc:23 +#, no-wrap +msgid "CVE Status" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:151 +#. type: Plain text +#: modules/administration/pages/auditing.adoc:24 msgid "" -"Only install live patch updates that match the installed kernel version." +"The CVE status of clients is usually either ``affected``, ``not affected``, " +"or ``patched``. These statuses are based only on the information that is " +"available to {productname}." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:153 -msgid "" -"Live patches are provided as stand-alone patches. You must exclude all " -"regular kernel patches with higher kernel version than the currently " -"installed one." +#. type: Plain text +#: modules/administration/pages/auditing.adoc:25 +msgid "Within {productname}, these definitions apply:" msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:158 +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:26 #, no-wrap -msgid "Exclude Packages with a Higher Kernel Version" +msgid "System affected by a certain vulnerability" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:162 +#: modules/administration/pages/auditing.adoc:27 msgid "" -"In this example you update your systems with the ``SUSE-15-2019-1244`` " -"patch. This patch contains ``kernel-default-4.12.14-150.17.1-x86_64``." +"A system which has an installed package with version lower than the version " +"of the same package in a relevant patch marked for the vulnerability." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:28 +#, no-wrap +msgid "System not affected by a certain vulnerability" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:164 +#: modules/administration/pages/auditing.adoc:29 msgid "" -"You need to exclude all patches which contain a higher version of ``kernel-" -"default``." +"A system which has no installed package that is also in a relevant patch " +"marked for the vulnerability." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:165 +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:30 #, no-wrap -msgid "Procedure: Excluding Packages with a Higher Kernel Version" +msgid "System patched for a certain vulnerability" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:167 +#: modules/administration/pages/auditing.adoc:31 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters], " -"and click btn:[Create Filter]." +"A system which has an installed package with version equal to or greater " +"than the version of the same package in a relevant patch marked for the " +"vulnerability." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:169 -msgid "" -"In the [guimenu]``Filter Name`` field, type a name for your filter. For " -"example, [systemitem]``Exclude kernel greater than 4.12.14-150.17.1``." +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:32 +#, no-wrap +msgid "Relevant patch" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:170 -msgid "" -"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Contains " -"Package)``." +#: modules/administration/pages/auditing.adoc:33 +msgid "A patch known by {productname} in a relevant channel." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:34 +#, no-wrap +msgid "Relevant channel" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:171 +#: modules/administration/pages/auditing.adoc:35 msgid "" -"In the [guimenu]``Matcher`` field, select [guimenu]``version greater than``." +"A channel managed by {productname}, which is either assigned to the system, " +"the original of a cloned channel which is assigned to the system, a channel " +"linked to a product which is installed on the system or a past or future " +"service pack channel for the system." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:172 +#. type: delimited block = +#: modules/administration/pages/auditing.adoc:36 msgid "" -"In the [guimenu]``Package Name`` field, type [systemitem]``kernel-default``." +"Because of the definitions used within {productname}, CVE audit results " +"might be incorrect in some circumstances. For example, unmanaged channels, " +"unmanaged packages, or non-compliant systems might report incorrectly." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:173 -msgid "Leave the the [guimenu]``Epoch`` field empty." +#. type: Title = +#: modules/administration/pages/auth-methods-pam.adoc:1 +#, no-wrap +msgid "Authentication With PAM" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:174 -msgid "In the [guimenu]``Version`` field, type [systemitem]``4.12.14``." +#: modules/administration/pages/auth-methods-pam.adoc:2 +msgid "" +"{productname} supports network-based authentication systems using pluggable " +"authentication modules (PAM). PAM is a suite of libraries that allows you " +"to integrate {productname} with a centralized authentication mechanism, " +"eliminating the need to remember multiple passwords. {productname} supports " +"LDAP, Kerberos, and other network-based authentication systems using PAM." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:175 -msgid "In the [guimenu]``Release`` field, type [systemitem]``150.17.1``." +#. type: Block title +#: modules/administration/pages/auth-methods-pam.adoc:3 +#, no-wrap +msgid "Procedure: Enabling PAM" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:178 -msgid "Click btn:[Attach/Detach Filters]." +#: modules/administration/pages/auth-methods-pam.adoc:4 +msgid "Create a PAM service file at [path]``/etc/pam.d/susemanager``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:179 +#: modules/administration/pages/auth-methods-pam.adoc:5 msgid "" -"Select [guimenu]``Exclude kernel greater than 4.12.14-150.17.1``, and click " -"btn:[Save]." +"A standard [path]``/etc/pam.d/susemanager`` file should look like this. It " +"configures {productname} to use the system wide PAM configuration:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:183 +#. type: delimited block - +#: modules/administration/pages/auth-methods-pam.adoc:6 +#, no-wrap msgid "" -"When you click btn:[Build], a new environment is created. The new " -"environment contains all the kernel patches up to the version you installed." +"#%PAM-1.0\n" +"auth include common-auth\n" +"account include common-account\n" +"password include common-password\n" +"session include common-session\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:186 +#: modules/administration/pages/auth-methods-pam.adoc:7 msgid "" -"All kernel patches with higher kernel versions are removed. Live patching " -"kernels will stay available as long as they are not the first in a series." +"Enforce the use of the service file by adding this line to " +"[path]``/etc/rhn/rhn.conf``:" msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:202 +#. type: delimited block - +#: modules/administration/pages/auth-methods-pam.adoc:8 #, no-wrap -msgid "Switch to a New Kernel Version for Live Patching" +msgid "pam_auth_service = susemanager\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:207 +#: modules/administration/pages/auth-methods-pam.adoc:9 +#, no-wrap msgid "" -"Live Patching for a specific kernel version is only available for one year. " -"After one year you must update the kernel on your systems. Execute these " -"environment changes:" +" In this example, the PAM service file is called " +"[systemitem]``susemanager``.\n" msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:208 +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:10 #, no-wrap -msgid "Procedure: Switch to a New Kernel Version" +msgid "Restart the {productname} services after a configuration change.\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:211 +#: modules/administration/pages/auth-methods-pam.adoc:11 +#, no-wrap msgid "" -"Decide which kernel version you will upgrade to. For example: " -"`4.12.14-150.32.1`" +"In the {productname} {webui}, navigate to menu:Users[Create User] and enable " +"a new or existing user to authenticate with PAM.\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:212 -msgid "Create a new kernel version Filter." +#: modules/administration/pages/auth-methods-pam.adoc:12 +#, no-wrap +msgid "Check the [guimenu]``Pluggable Authentication Modules (PAM)`` checkbox.\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:213 -msgid "" -"Detach the previous filter **Exclude kernel greater than 4.12.14-150.17.1** " -"and attach the new filter." +#: modules/administration/pages/auth-methods-pam.adoc:13 +#, no-wrap +msgid "It is below the password and password confirmation fields.\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:220 +#. type: delimited block = +#: modules/administration/pages/auth-methods-pam.adoc:14 msgid "" -"Click btn:[Build] to rebuild the environment. The new environment contains " -"all kernel patches up to the new kernel version you selected. Systems using " -"these channels will have the kernel update available for installation. You " -"will need to reboot systems after they have performed the upgrade. The new " -"kernel will remain valid for one year. All packages installed during the " -"year will match the current live patching kernel filter." +"Changing the password in the {productname} {webui} changes only the local " +"password on the {productname} Server. If PAM is enabled for that user, the " +"local password might not be used at all. In the above example, for " +"instance, the Kerberos password will not be changed. Use the password " +"change mechanism of your network service to change the password for these " +"users." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:223 -#, no-wrap -msgid "Appstream Filters" +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:15 +msgid "" +"To configure system-wide authentication you can use YaST. You will need to " +"install the [package]``yast2-ldap-client`` and " +"[package]``yast2-kerberos-client`` packages." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:229 +#: modules/administration/pages/auth-methods-pam.adoc:16 msgid "" -"If you are using {rhel}{nbsp}8 clients, you cannot perform package " -"operations such as installing or upgrading directly from modular " -"repositories like the {rhel} Appstream repository. You can use the " -"Appstream filter to transform modular repositories into regular " -"repositories. It does this by keeping the packages in the repository and " -"stripping away the module metadata. The resulting repository can be used in " -"{productname} in the same way as a regular repository." +"For more information about configuring PAM, the SUSE Linux Enterprise Server " +"Security Guide contains a generic example that will also work for other " +"network-based authentication methods. It also describes how to configure an " +"active directory service. For more information, see " +"https://documentation.suse.com/sles/15-SP2/html/SLES-all/part-auth.html." +msgstr "" + +#. type: Title = +#: modules/administration/pages/auth-methods-sso-example.adoc:1 +#, no-wrap +msgid "Example SSO Implementation" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:232 +#: modules/administration/pages/auth-methods-sso-example.adoc:2 msgid "" -"The AppStream filter selects a single module stream to be included in the " -"target repository. You can add multiple filters to select multiple module " -"streams." +"In this example, SSO is implemented by exposing three endpoints with " +"{productname}, and using Keycloak as the identity service provider (IdP)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:235 +#: modules/administration/pages/auth-methods-sso-example.adoc:3 msgid "" -"If you do not use an AppStream filter in your CLM project, the module " -"metadata in the modular sources remains intact, and the target repositories " -"contain the same module metadata. As long as at least one AppStream filter " -"is enabled in the CLM project, all target repositories are transformed into " -"regular repositories." +"Start by setting up the {productname} Server, and the Keycloak IdP. Then " +"you can add the endpoints as clients, and create users." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:238 +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso-example.adoc:4 msgid "" -"To use the AppStream filter, you need a CLM project with a modular " -"repository such as ``{rhel} AppStream``. Ensure that you included the " -"module you need as a source before you begin." +"This example is provided for illustrative purposes only. {suse} does not " +"recommend or support third-party identity service providers, and is not " +"affiliated with Keycloak. For Keycloak support, see " +"https://www.keycloak.org/." msgstr "" #. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:241 +#: modules/administration/pages/auth-methods-sso-example.adoc:5 #, no-wrap -msgid "Procedure: Using Appstream Filters" +msgid "Procedure: Setting Up the {productname} Server" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:244 -#: modules/administration/pages/content-lifecycle-examples.adoc:263 +#: modules/administration/pages/auth-methods-sso-example.adoc:6 msgid "" -"In the {productname} {webui}, navigate to your {rhel}{nbsp}8 CLM project. " -"Ensure that you have included the AppStream channels for your project." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:245 -#: modules/administration/pages/content-lifecycle-examples.adoc:264 -msgid "Click btn:``Create Filter`` and use these parameters:" +"On the {productname} Server, open the [path]``/etc/rhn/rhn.conf`` " +"configuration file and edit these parameters." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:247 -#: modules/administration/pages/content-lifecycle-examples.adoc:266 -msgid "In the [guimenu]``Filter Name`` field, type a name for the new filter." +#: modules/administration/pages/auth-methods-sso-example.adoc:7 +msgid "" +"Replace ```` with the fully-qualified domain name of your " +"{productname} installation:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:248 -#: modules/administration/pages/content-lifecycle-examples.adoc:267 +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso-example.adoc:8 +#, no-wrap msgid "" -"In the [guimenu]``Filter Type`` field, select [parameter]``Module (Stream)``." +"java.sso.onelogin.saml2.sp.entityid = /rhn/manager/sso/metadata\n" +"java.sso.onelogin.saml2.sp.assertion_consumer_service.url = " +"/rhn/manager/sso/acs\n" +"java.sso.onelogin.saml2.sp.single_logout_service.url = " +"/rhn/manager/sso/sls\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:250 -msgid "" -"In the [guimenu]``Module Name`` field, type a module name. For example, " -"[parameter]``postgresql``." +#: modules/administration/pages/auth-methods-sso-example.adoc:9 +msgid "In the configuration file, determine the three endpoints to expose:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:253 +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso-example.adoc:10 +#, no-wrap msgid "" -"In the [guimenu]``Stream`` field, type the name of the desired stream. For " -"example, [parameter]``10``. If you leave this field blank, the default " -"stream for the module is selected." +"java.sso.onelogin.saml2.idp.entityid\n" +"java.sso.onelogin.saml2.idp.single_sign_on_service.url\n" +"java.sso.onelogin.saml2.idp.single_logout_service.url\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:254 -msgid "Click btn:[Save] to create the new filter." +#: modules/administration/pages/auth-methods-sso-example.adoc:11 +msgid "In the IdP metadata, locate the public x509 certificate." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:256 +#: modules/administration/pages/auth-methods-sso-example.adoc:12 msgid "" -"Click btn:``Attach/Detach Filters``, select your new Appstream filter, and " -"click btn:[Save]." +"It uses this format: " +"``/auth/realms//protocol/saml/descriptor``. In the " +"configuration file, specify the public x509 certificate of the IdP:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso-example.adoc:13 +#, no-wrap +msgid "java.sso.onelogin.saml2.idp.x509cert\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:259 +#: modules/administration/pages/auth-methods-sso-example.adoc:14 msgid "" -"You can use the browse function in the ``Create/Edit Filter`` form to select " -"a module from a list of available module streams for a modular channel." +"When you have prepared the {productname} Server, you can install Keycloak. " +"You can install Keycloak directly on your machine, or run it in a " +"container. In this example, we run Keycloak in a Docker container. For " +"more information about installing Keycloak, see the Keycloak documentation " +"at https://www.keycloak.org/getting-started/getting-started-docker." msgstr "" #. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:260 +#: modules/administration/pages/auth-methods-sso-example.adoc:15 #, no-wrap -msgid "Procedure: Browsing Available Module Streams" +msgid "Procedure: Setting Up the Identity Service Provider" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:268 -msgid "Click ``Browse available modules`` to see all modular channels." +#: modules/administration/pages/auth-methods-sso-example.adoc:16 +msgid "" +"Install Keycloak in a Docker container, according to the Keycloak " +"documentation." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:269 -msgid "Select a channel to browse the modules and streams:" +#: modules/administration/pages/auth-methods-sso-example.adoc:17 +msgid "" +"Run the container using the ``-td`` argument to ensure the process remains " +"running:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:271 +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso-example.adoc:18 +#, no-wrap msgid "" -"In the [guimenu]``Module Name`` field, start typing a module name to search, " -"or select from the list." +"docker run -td --name=idp -p 8080:8080 -e KEYCLOAK_USER= -e " +"KEYCLOAK_PASSWORD= quay.io/keycloak/keycloak:9.0.2\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:272 +#: modules/administration/pages/auth-methods-sso-example.adoc:19 msgid "" -"In the [guimenu]``Stream`` field, start typing a stream name to search, or " -"select from the list." +"Sign in the Keycloak {webui} as a privileged user, and create a realm using " +"these details:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:278 -msgid "" -"Channel selection is only for browsing modules. The selected channel will " -"not be saved with the filter, and will not affect the CLM process in any way." +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:20 +msgid "In the ``Name`` field, enter a name for the realm." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:282 -msgid "" -"You can create additional AppStream filters for any other module stream to " -"be included in the target repository. Any module streams that the selected " -"stream depends on will be automatically included." +#: modules/administration/pages/auth-methods-sso-example.adoc:21 +msgid "For example, ``SUMA``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:289 +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:22 +msgid "Toggle the ``Enabled`` switch to ``On``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:23 +msgid "In the ``Endpoints`` field, type ``SAML 2.0 Identity Provider Metadata``." +msgstr "" + +#. Probably needs more explanation here. --LKB 20200415 +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:24 msgid "" -"Be careful not to specify conflicting, incompatible, or missing module " -"streams. For example, selecting two streams from the same module is invalid." +"This endpoint is " +"``/auth/realms//protocol/saml/descriptor`` which " +"describes the endpoints and certificate in the {productname} configuration " +"file." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:292 +#: modules/administration/pages/auth-methods-sso-example.adoc:25 msgid "" -"When you build your CLM project using the btn:[Build] button in the {webui}, " -"the target repository is a regular repository without any modules, that " -"contains packages from the selected module streams." +"When you have Keycloak running and set up, you can add the endpoints. " +"Keycloak refers to endpoints as clients." msgstr "" -#. type: Title = -#: modules/administration/pages/content-lifecycle.adoc:2 +#. type: Block title +#: modules/administration/pages/auth-methods-sso-example.adoc:26 #, no-wrap -msgid "Content Lifecycle Management" +msgid "Procedure: Adding Endpoints as Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:6 -msgid "" -"Content lifecycle management allows you to customize and test packages " -"before updating production clients. This is especially useful if you need " -"to apply updates during a limited maintenance window." +#: modules/administration/pages/auth-methods-sso-example.adoc:27 +msgid "In the Keycloak {webui}, create a new client using these details:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:8 +#: modules/administration/pages/auth-methods-sso-example.adoc:28 msgid "" -"Content lifecycle management allows you to select software channels as " -"sources, adjust them as required for your environment, and thoroughly test " -"them before installing onto your production clients." +"In the ``Client ID`` field, enter the endpoint specified in the server " +"configuration file as ``java.sso.onelogin.saml2.idp.entityid``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:12 -msgid "" -"While you cannot directly modify vendor channels, you can clone them and " -"then modify the clones by adding or removing packages and custom patches. " -"You can assign these cloned channels to test clients to ensure they work as " -"expected. Then, when all tests pass, you can promote them to production " -"servers." +#: modules/administration/pages/auth-methods-sso-example.adoc:29 +msgid "For example, ``https:///rhn/manager/sso/metadata``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:15 -msgid "" -"This is achieved through a series of environments that your software " -"channels can move through on their lifecycle. Most environment lifecycles " -"include at least test and production environments, but you can have as many " -"environments as you require." +#: modules/administration/pages/auth-methods-sso-example.adoc:30 +msgid "In the ``Client Protocol`` field, select ``SAML``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:18 -msgid "" -"This section covers the basic content lifecycle procedures, and the filters " -"available. For more specific examples, see xref:administration:content-" -"lifecycle-examples.adoc[]." +#: modules/administration/pages/auth-methods-sso-example.adoc:31 +msgid "Toggle the ``Include AuthnStatement`` switch to ``On``." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:21 -#, no-wrap -msgid "Create a Content Lifecycle Project" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:32 +msgid "Toggle the ``Sign Assertions`` switch to ``On``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:25 -msgid "" -"To set up a content lifecycle, you need to begin with a project. The " -"project defines the software channel sources, the filters used to find " -"packages, and the build environments." +#: modules/administration/pages/auth-methods-sso-example.adoc:33 +msgid "In the ``Signature Algorithm`` field, select ``RSA_SHA1``." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle.adoc:26 -#, no-wrap -msgid "Procedure: Creating a Content Lifecycle Project" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:34 +msgid "In the ``SAML Signature Key Name`` field, select the key." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:28 -msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " -"and click btn:[Create Project]." +#: modules/administration/pages/auth-methods-sso-example.adoc:35 +msgid "In the ``Canonicalization Method`` field, select ``Exclusive``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:30 +#: modules/administration/pages/auth-methods-sso-example.adoc:36 msgid "" -"In the [guimenu]``Label`` field, enter a label for your project. The " -"[guimenu]``Label`` field only accepts lowercase letters, numbers, periods, " -"hyphens, and underscores." +"In the ``Fine Grain SAML Endpoint Configuration`` section, add the two " +"endpoints using these details:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:31 +#: modules/administration/pages/auth-methods-sso-example.adoc:37 msgid "" -"In the [guimenu]``Name`` field, enter a descriptive name for your project." +"In both the ``Assertion Consumer Service`` fields, enter the endpoint " +"specified in the server configuration file as " +"``java.sso.onelogin.saml2.sp.assertion_consumer_service.url``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:32 +#: modules/administration/pages/auth-methods-sso-example.adoc:38 +msgid "For example, ``https:///rhn/manager/sso/acs``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:39 msgid "" -"Click the btn:[Create] button to create your project and return to the " -"project page." +"In both the ``Logout Service`` fields, enter the endpoint specified in the " +"server configuration file as " +"``java.sso.onelogin.saml2.sp.single_logout_service.url``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:33 -msgid "Click btn:[Attach/Detach Sources]." +#: modules/administration/pages/auth-methods-sso-example.adoc:40 +msgid "For example, ``https:///rhn/manager/sso/sls``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:35 +#: modules/administration/pages/auth-methods-sso-example.adoc:41 msgid "" -"In the [guimenu]``Sources`` dialog, select the source type, and select a " -"base channel for your project. The available child channels for the " -"selected base channel are displayed, including information on whether the " -"channel is mandatory or recommended." +"When you have added the endpoints as clients, you can configure the client " +"scope, and map the users between Keycloak and {productname}." +msgstr "" + +#. type: Block title +#: modules/administration/pages/auth-methods-sso-example.adoc:42 +#, no-wrap +msgid "Procedure: Configuring Client Scope and Mappers" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:37 +#: modules/administration/pages/auth-methods-sso-example.adoc:43 msgid "" -"Check the child channels you require, and click btn:[Save] to return to the " -"project page. The software channels you selected should now be showing." +"In the Keycloak {webui}, navigate to the menu:Clients[Client Scopes] tab and " +"assign ``role_list`` as the default client scope." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:40 +#: modules/administration/pages/auth-methods-sso-example.adoc:44 msgid "" -"In the [guimenu]``Filters`` dialog, select the filters you want to attach to " -"the project. To create a new filter, click btn:[Create new Filter]." +"Navigate to the menu:Clients[Mappers] tab and add a user attribute ``Uid`` " +"mapper, using the default values." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:41 -msgid "Click btn:[Add Environment]." +#: modules/administration/pages/auth-methods-sso-example.adoc:45 +msgid "This SAML attribute is expected by {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:43 +#: modules/administration/pages/auth-methods-sso-example.adoc:46 +msgid "Navigate to the menu:Users[Admin] section and create an administrative user." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:47 +msgid "This user does not need to match the {productname} administrative user." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:48 msgid "" -"In the [guimenu]``Environment Lifecycle`` dialog, give the first environment " -"a name and a description, and click btn:[Save]. The [guimenu]``Name`` field " -"only accepts lowercase letters, numbers, periods, hyphens, and underscores." +"Navigate to the menu:Users[Role Mappings] tab, add a ``uid`` attribute with " +"a value that matches the username of the {productname} administrative user." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:45 +#: modules/administration/pages/auth-methods-sso-example.adoc:49 msgid "" -"Continue creating environments until you have all the environments for your " -"lifecycle completed. You can select the order of the environments in the " -"lifecycle by selecting an environment in the [guimenu]``Insert before`` " -"field when you create it." +"Navigate to the menu:Users[Credentials] tab, and set the same password as " +"used by the {productname} administrative user." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:48 +#. type: Block title +#: modules/administration/pages/auth-methods-sso-example.adoc:50 #, no-wrap -msgid "Filter Types" +msgid " Save your changes." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:53 +#: modules/administration/pages/auth-methods-sso-example.adoc:51 msgid "" -"{productname} allows you to create various types of filters to control the " -"content used for building the project. Filters allow you to select which " -"packages will be included or excluded from the build. For example, you " -"could exclude all kernel packages, or include only specific releases of some " -"packages." +"When you have completed configuration, you can test that the installation is " +"working as expected. Restart the {productname} Server to pick up your " +"changes, and navigate to the {productname} {webui}. If your installation is " +"working correctly, you are redirected to the Keycloak SSO page, where you " +"can authenticate successfully." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:55 -msgid "The supported filters are:" +#. type: Title = +#: modules/administration/pages/auth-methods-sso.adoc:1 +#, no-wrap +msgid "Authentication With Single Sign-On (SSO)" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:57 -msgid "package filtering" +#: modules/administration/pages/auth-methods-sso.adoc:2 +msgid "" +"{productname} supports single sign-on (SSO) by implementing the Security " +"Assertion Markup Language (SAML){nbsp}2 protocol." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:58 -msgid "by name" +#: modules/administration/pages/auth-methods-sso.adoc:3 +msgid "" +"Single sign-on is an authentication process that allows a user to access " +"multiple applications with one set of credentials. SAML is an XML-based " +"standard for exchanging authentication and authorization data. A SAML " +"identity service provider (IdP) provides authentication and authorization " +"services to service providers (SP), such as {productname}. {productname} " +"exposes three endpoints which must be enabled for single sign-on." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:59 -msgid "by name, epoch, version, release, and architecture" +#: modules/administration/pages/auth-methods-sso.adoc:4 +msgid "SSO in {productname} supports:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:60 -msgid "patch filtering" +#: modules/administration/pages/auth-methods-sso.adoc:5 +msgid "Log in with SSO." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:61 -msgid "by advisory name" +#: modules/administration/pages/auth-methods-sso.adoc:6 +msgid "" +"Log out with service provider-initiated single logout (SLO), and Identity " +"service provider single logout service (SLS)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:62 -msgid "by advisory type" +#: modules/administration/pages/auth-methods-sso.adoc:7 +msgid "Assertion and nameId encryption." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:63 -msgid "by synopsis" +#: modules/administration/pages/auth-methods-sso.adoc:8 +msgid "Assertion signatures." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:64 -msgid "by keyword" +#: modules/administration/pages/auth-methods-sso.adoc:9 +msgid "Message signatures with AuthNRequest, LogoutRequest, and LogoutResponses." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:65 -msgid "by date" +#: modules/administration/pages/auth-methods-sso.adoc:10 +msgid "Enable an Assertion consumer service endpoint." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:66 -msgid "by affected package" +#: modules/administration/pages/auth-methods-sso.adoc:11 +msgid "Enable a single logout service endpoint." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:67 -msgid "module" +#: modules/administration/pages/auth-methods-sso.adoc:12 +msgid "Publish the SP metadata (which can be signed)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:68 -msgid "by stream" +#: modules/administration/pages/auth-methods-sso.adoc:13 +msgid "SSO in {productname} does not support:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:73 -msgid "Package dependencies are not resolved during content filtering." +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:14 +msgid "Product choosing and implementation for the identity service provider (IdP)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:78 +#: modules/administration/pages/auth-methods-sso.adoc:15 msgid "" -"There are multiple matchers you can use with the filter. Which ones are " -"available will depend on the filter type you choose." +"SAML support for other products (check with the respective product " +"documentation)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:80 -msgid "The available matchers are:" +#: modules/administration/pages/auth-methods-sso.adoc:16 +msgid "" +"For an example implementation of SSO, see " +"xref:administration:auth-methods-sso-example.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:82 -msgid "contains" +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso.adoc:17 +msgid "" +"If you change from the default authentication method to single sign-on, the " +"new SSO credentials apply only to the {webui}. Client tools such as " +"``mgr-sync`` or ``spacecmd`` will continue to work with the default " +"authentication method only." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:83 -msgid "matches (must take the form of a regular expression)" +#. type: Title == +#: modules/administration/pages/auth-methods-sso.adoc:18 +#, no-wrap +msgid "Prerequisites" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:84 -msgid "equals" +#: modules/administration/pages/auth-methods-sso.adoc:19 +msgid "" +"Before you begin, you need to have configured an external identity service " +"provider with these parameters. Check your IdP documentation for " +"instructions." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:85 -msgid "greater" +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso.adoc:20 +msgid "" +"Your IdP must have a SAML:Attribute containing the username of the IdP user " +"domain, called ``uid``. The ``uid`` attribute passed in the SAML:Attribute " +"must be created in the {productname} user base before you activate single " +"sign-on." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:86 -msgid "greater or equal" +#: modules/administration/pages/auth-methods-sso.adoc:21 +msgid "You will need these endpoints:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:87 -msgid "lower or equal" +#: modules/administration/pages/auth-methods-sso.adoc:22 +msgid "" +"Assertion consumer service (or ACS): an endpoint to accept SAML messages to " +"establish a session into the Service Provider." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:88 -msgid "lower" +#: modules/administration/pages/auth-methods-sso.adoc:23 +msgid "" +"The endpoint for ACS in {productname} is: " +"https://server.example.com/rhn/manager/sso/acs" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:89 -msgid "later or equal" -msgstr "" - -#. type: Title === -#: modules/administration/pages/content-lifecycle.adoc:92 -#, no-wrap -msgid "Filter ``rule`` Parameter" +#: modules/administration/pages/auth-methods-sso.adoc:24 +msgid "" +"Single logout service (or SLS): an endpoint to initiate a logout request " +"from the IdP." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:96 +#: modules/administration/pages/auth-methods-sso.adoc:25 msgid "" -"Each filter has a ``rule`` parameter that can be set to either ``Allow`` or " -"``Deny``. The filters are processed like this:" +"The endpoint for SLS in {productname} is: " +"https://server.example.com/rhn/manager/sso/sls" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:98 -msgid "" -"If a package or patch satisfies a ``Deny`` filter, it will be excluded from " -"the result." +#: modules/administration/pages/auth-methods-sso.adoc:26 +msgid "Metadata: an endpoint to retrieve {productname} metadata for SAML." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:99 +#: modules/administration/pages/auth-methods-sso.adoc:27 msgid "" -"If a package or patch satisfies an ``Allow`` filter, it will be included in " -"the result (even if it was excluded by a ``Deny`` filter)." +"The endpoint for metadata in {productname} is: " +"https://server.example.com/rhn/manager/sso/metadata" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:101 +#: modules/administration/pages/auth-methods-sso.adoc:28 msgid "" -"This behavior is useful when you want to exclude large number of packages or " -"patches using a general ``Deny`` filter and \"cherry-pick\" specific " -"packages or patches with specific ``Allow`` filters." +"After the authentication with the IdP using the user ``orgadmin`` is " +"successful, you will be logged in into {productname} as the ``orgadmin`` " +"user, provided that the ``orgadmin`` user exists in {productname}." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:105 -msgid "" -"Content filters are global in your organization and can be shared between " -"projects." +#. type: Title == +#: modules/administration/pages/auth-methods-sso.adoc:29 +#, no-wrap +msgid "Enable SSO" msgstr "" #. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:112 +#: modules/administration/pages/auth-methods-sso.adoc:30 msgid "" -"If your project already contains built sources, when you add an environment " -"it will automatically populate with the existing content. Content will be " -"drawn from the previous environment of the cycle if it had one. If there is " -"no previous environment, it will be left empty until the project sources are " -"built again." +"Using SSO is mutually exclusive with other types of authentication: it is " +"either enabled or disabled. SSO is disabled by default." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:116 +#. type: Block title +#: modules/administration/pages/auth-methods-sso.adoc:31 #, no-wrap -msgid "Build a Content Lifecycle Project" +msgid "Procedure: Enabling SSO" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:119 -msgid "" -"When you have created your project, defined environments, and attached " -"sources and filters, you can build the project for the first time." +#: modules/administration/pages/auth-methods-sso.adoc:32 +msgid "If your users do not yet exist in {productname}, create them first." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:121 -msgid "" -"Building applies filters to the attached sources and clones them to the " -"first environment in the project." +#: modules/administration/pages/auth-methods-sso.adoc:33 +msgid "Edit [path]``/etc/rhn/rhn.conf`` and add this line at the end of the file:" msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle.adoc:124 +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso.adoc:34 #, no-wrap -msgid "Procedure: Building a Content Lifecycle Project" +msgid "java.sso = true\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:127 +#: modules/administration/pages/auth-methods-sso.adoc:35 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " -"and select the project you want to build." +"Find the parameters you want to customize in " +"[path]``/usr/share/rhn/config-defaults/rhn_java_sso.conf``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:128 -msgid "Review the attached sources and filters, and click btn:[Build]." +#: modules/administration/pages/auth-methods-sso.adoc:36 +msgid "" +"Insert the parameters you want to customize into [path]``/etc/rhn/rhn.conf`` " +"and prefix them with [literal]``java.sso``. For example, in " +"[path]``/usr/share/rhn/config-defaults/rhn_java_sso.conf`` find:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:129 +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso.adoc:37 +#, no-wrap msgid "" -"Provide a version message to describe the changes or updates in this build." +"onelogin.saml2.sp.assertion_consumer_service.url = " +"https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:130 -#: modules/administration/pages/content-lifecycle.adoc:145 -msgid "" -"You can monitor build progress in the [guimenu]``Environment Lifecycle`` " -"section." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:132 +#: modules/administration/pages/auth-methods-sso.adoc:38 msgid "" -"After the build is finished, the environment version is increased by one and " -"the built sources, such as software channels, can be assigned to your " -"clients." +"To customize it, create the corresponding option in " +"[path]``/etc/rhn/rhn.conf`` by prefixing the option name with ``java.sso.``:" msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:135 +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso.adoc:39 #, no-wrap -msgid "Promote Environments" +msgid "" +"java.sso.onelogin.saml2.sp.assertion_consumer_service.url = " +"https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:138 +#: modules/administration/pages/auth-methods-sso.adoc:40 msgid "" -"When the project has been built, the built sources can be sequentially " -"promoted to the environments." -msgstr "" - -#. type: Block title -#: modules/administration/pages/content-lifecycle.adoc:141 -#, no-wrap -msgid "Procedure: Promoting Environments" +"To find all the occurrences you need to change, search in the file for the " +"placeholders [literal]``YOUR-PRODUCT`` and [literal]``YOUR-IDP-ENTITY``. " +"Every parameter comes with a brief explanation of what it is meant for." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:143 -msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " -"and select the project you want to work with." +#: modules/administration/pages/auth-methods-sso.adoc:41 +msgid "Restart the spacewalk service to pick up the changes:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:144 +#: modules/administration/pages/auth-methods-sso.adoc:43 msgid "" -"In the [guimenu]``Environment Lifecycle`` section, locate the environment to " -"promote to its successor, and click btn:[Promote]." +"When you visit the {productname} URL, you will be redirected to the IdP for " +"SSO where you will be requested to authenticate. Upon successful " +"authentication, you will be redirected to the {productname} {webui}, logged " +"in as the authenticated user. If you encounter problems with logging in " +"using SSO, check the {productname} logs for more information." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:148 +#. type: Title = +#: modules/administration/pages/backup-restore.adoc:1 #, no-wrap -msgid "Assign Clients to Environments" +msgid "Backup and Restore" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:152 +#: modules/administration/pages/backup-restore.adoc:2 msgid "" -"When you build and promote content lifecycle projects, {productname} creates " -"a tree of software channels. To add clients to the environment, assign the " -"base and child software channels to your client using menu:Software[Software " -"Channels] in the [guimenu]``System Details`` page for the client." +"Back up your {productname} installation regularly, to prevent data loss. " +"Because {productname} relies on a database as well as the installed program " +"and configurations, it is important to back up all components of your " +"installation. This chapter contains information on the files you need to " +"back up, and introduces the [command]``smdba`` tool to manage database " +"backups. It also contains information about restoring from your backups in " +"the case of a system failure." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:157 -msgid "" -"Newly added cloned channels are not assigned to clients automatically. If " -"you add or promote sources you will need to manually check and update your " -"channel assignments." +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:3 +#, no-wrap +msgid "Backup Space Requirements" msgstr "" #. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:159 +#: modules/administration/pages/backup-restore.adoc:4 msgid "" -"Automatic assignment is intended to be added to {productname} in a future " -"version." +"Regardless of the backup method you use, you must have available at least " +"three times the amount of space your current installation uses. Running out " +"of space can result in backups failing, so check this often." msgstr "" -#. type: Title = -#: modules/administration/pages/content-staging.adoc:2 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:5 #, no-wrap -msgid "Content Staging" +msgid "Backing up {productname}" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:7 +#: modules/administration/pages/backup-restore.adoc:6 msgid "" -"Staging is used by clients to download packages in advance, before they are " -"installed. This allows package installation to begin as soon as it is " -"scheduled, which can reduce the amount of time required for a maintenance " -"window." +"The most comprehensive method for backing up your {productname} installation " +"is to back up the relevant files and directories. This can save you time in " +"administering your backup, and can be faster to reinstall and re-synchronize " +"in the case of failure. However, this method requires significant disk " +"space and could take a long time to perform the backup." msgstr "" -#. type: Title == -#: modules/administration/pages/content-staging.adoc:9 -#, no-wrap -msgid "Enable Content Staging" +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:7 +msgid "" +"If you want to only back up the required files and directories, use the " +"following list. To make this process simpler, and more comprehensive, we " +"recommend backing up the entire [path]``/etc`` and [path]``/root`` " +"directories, not just the ones specified here. Some files only exist if you " +"are actually using the related {susemgr} feature." msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:14 -msgid "" -"You can manage content staging across your entire organization. In the " -"{productname} {webui}, navigate to menu:Admin[Organizations] to see a list " -"of available organizations. Click the name of an organization, and check " -"the [guimenu]``Enable Staging Contents`` box to allow clients in this " -"organization to stage package data." +#: modules/administration/pages/backup-restore.adoc:8 +msgid "[path]``/etc/cobbler/``" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-staging.adoc:18 -msgid "" -"You must be logged in as a {productname} administrator to create and manage " -"organizations." +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:9 +msgid "[path]``/etc/dhcp.conf``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:21 -msgid "" -"You can also enable staging at the command prompt by editing [path]``/etc/" -"sysconfig/rhn/up2date``, and adding or editing these lines:" +#: modules/administration/pages/backup-restore.adoc:10 +msgid "[path]``/etc/fstab`` and any ISO mountpoints you require." msgstr "" -#. type: delimited block - -#: modules/administration/pages/content-staging.adoc:25 -#, no-wrap -msgid "" -"stagingContent=1\n" -"stagingContentWindow=24\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:11 +msgid "[path]``/etc/rhn/``" msgstr "" -#. 2018-12-10, ke: /etc/sysconfig/rhn/up2date still exists. @renner confirmed some tools use it (at least, trad. client). To be renamed in the future. #. type: Plain text -#: modules/administration/pages/content-staging.adoc:36 -msgid "" -"The ``stagingContentWindow`` parameter is a time value expressed in hours " -"and determines when downloading will start. It is the number of hours " -"before the scheduled installation or update time. In this example, content " -"will be downloaded 24 hours before the installation time. The start time " -"for download depends on the selected contact method for a system. The " -"assigned contact method sets the time for when the next " -"[command]``mgr_check`` will be executed." +#: modules/administration/pages/backup-restore.adoc:12 +msgid "[path]``/etc/salt``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:39 -msgid "" -"Next time an action is scheduled, packages are automatically downloaded, but " -"not installed. At the scheduled time, the staged packages are installed." +#: modules/administration/pages/backup-restore.adoc:13 +msgid "[path]``/etc/sudoers``" msgstr "" -#. type: Title == -#: modules/administration/pages/content-staging.adoc:42 -#, no-wrap -msgid "Configure Content Staging" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:14 +msgid "[path]``/etc/sysconfig/rhn/``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:45 -msgid "There are two parameters used to configure content staging:" +#: modules/administration/pages/backup-restore.adoc:15 +msgid "[path]``/root/.gnupg/``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:48 -msgid "" -"[parameter]``salt_content_staging_advance`` is the advance time for the " -"content staging window to open, in hours. This is the number of hours " -"before installation starts, that package downloads can begin." +#: modules/administration/pages/backup-restore.adoc:16 +msgid "[path]``/root/.ssh``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:50 +#: modules/administration/pages/backup-restore.adoc:17 msgid "" -"[parameter]``salt_content_staging_window`` is the duration of the content " -"staging window, in hours. This is the amount of time clients have to stage " -"packages before installation begins." +"This file exists if you are using an SSH tunnel or SSH [command]``push``. " +"You will also need to have saved a copy of the ``id-susemanager`` key." msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:53 -msgid "" -"For example, if [parameter]``salt_content_staging_advance`` is set to six " -"hours, and [parameter]``salt_content_staging_window`` is set to two hours, " -"the staging window will open six hours before the installation time, and " -"remain open for two hours. No packages will be downloaded in the four " -"remaining hours until installation starts." +#: modules/administration/pages/backup-restore.adoc:18 +msgid "[path]``/root/ssl-build/``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:55 -msgid "" -"If you set the same value for both " -"[parameter]``salt_content_staging_advance`` and " -"[parameter]``salt_content_staging_window`` packages will be able to be " -"downloaded until installation begins." +#: modules/administration/pages/backup-restore.adoc:19 +msgid "[path]``/srv/formula_metadata``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:57 -msgid "" -"Configure the content staging parameters in [path]``/usr/share/rhn/config-" -"defaults/rhn_java.conf``." +#: modules/administration/pages/backup-restore.adoc:20 +msgid "[path]``/srv/pillar``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:59 -msgid "Default values:" +#: modules/administration/pages/backup-restore.adoc:21 +msgid "[path]``/srv/salt``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:61 -msgid "[path]``salt_content_staging_advance: 8 hours``" +#: modules/administration/pages/backup-restore.adoc:22 +msgid "[path]``/srv/susemanager``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:62 -msgid "[path]``salt_content_staging_window: 8 hours``" +#: modules/administration/pages/backup-restore.adoc:23 +msgid "[path]``/srv/tftpboot/``" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-staging.adoc:67 -msgid "Content staging must be enabled for these parameters to work correctly." +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:24 +msgid "[path]``/srv/www/cobbler``" msgstr "" -#. type: Title = -#: modules/administration/pages/custom-channels.adoc:2 -#, no-wrap -msgid "Custom Channels" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:25 +msgid "[path]``/srv/www/htdocs/pub/``" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:6 -msgid "" -"Custom channels give you the ability to create your own software packages " -"and repositories, which you can use to update your clients. They also allow " -"you to use software provided by third party vendors in your environment." +#: modules/administration/pages/backup-restore.adoc:26 +msgid "[path]``/srv/www/os-images``" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:8 -msgid "" -"You must have administrator privileges to be able to create and manage " -"custom channels." +#: modules/administration/pages/backup-restore.adoc:27 +msgid "[path]``/var/cache/rhn``" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:10 -msgid "" -"Before you create a custom channel, determine which base channel you want to " -"associate it with, and which repositories you want to use for content." +#: modules/administration/pages/backup-restore.adoc:28 +msgid "[path]``/var/cache/salt``" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:12 +#: modules/administration/pages/backup-restore.adoc:29 +msgid "[path]``/var/lib/cobbler/``" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:30 msgid "" -"This section gives more detail on how to create, administer, and delete " -"custom channels." +"[path]``/var/lib/cobbler/templates/`` (before version 4.0 it was " +"[path]``/var/lib/rhn/kickstarts/``)" msgstr "" -#. type: Title == -#: modules/administration/pages/custom-channels.adoc:15 -#, no-wrap -msgid "Creating Custom Channels and Repositories" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:31 +msgid "[path]``/var/lib/Kiwi``" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:19 -msgid "" -"If you have custom software packages that you need to install on your " -"{productname} systems, you can create a custom child channel to manage " -"them. You will need to create the channel in the {productname} {webui} and " -"create a repository for the packages, before assigning the channel to your " -"systems." +#: modules/administration/pages/backup-restore.adoc:32 +msgid "[path]``/var/lib/rhn/``" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:22 -msgid "" -"You can select a vendor channel as the base channel if you want to use " -"packages provided by a vendor. Alternatively, select ``none`` to make your " -"custom channel a base channel." +#: modules/administration/pages/backup-restore.adoc:33 +msgid "[path]``/var/spacewalk/``" msgstr "" -#. We need to create a section on importing GPG keys and change this to point there: https://github.com/SUSE/spacewalk/issues/9474 LKB 2019-09-18 #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:29 +#: modules/administration/pages/backup-restore.adoc:34 msgid "" -"Custom channels will sometimes require additional security settings. Many " -"third party vendors secure packages with GPG. If you want to use GPG-" -"protected packages in your custom channel, you will need to trust the GPG " -"key which has been used to sign the metadata. You can then check the " -"[guimenu]``Has Signed Metadata?`` check box to match the package metadata " -"against the trusted GPG keys. For more information on importing GPG keys, " -"see xref:reference:systems/autoinst-gpg-and-ssl-keys.adoc[]." +"Plus any directories containing custom data such as scripts, Kickstart or " +"AutoYaST profiles, and custom RPMs." msgstr "" #. type: delimited block = -#: modules/administration/pages/custom-channels.adoc:35 +#: modules/administration/pages/backup-restore.adoc:35 msgid "" -"Do not create child channels containing packages that are not compatible " -"with the client system." +"You will also need to back up your database, which you can do with the " +"[command]``smdba`` tool. For more information about the [command]``smdba`` " +"tool, see xref:administration:backup-restore.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/custom-channels.adoc:39 +#: modules/administration/pages/backup-restore.adoc:36 #, no-wrap -msgid "Procedure: Creating a Custom Channel" +msgid "Procedure: Restore from a Manual Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:41 -msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and click btn:[Create Channel]." +#: modules/administration/pages/backup-restore.adoc:37 +msgid "Re-install {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:43 +#: modules/administration/pages/backup-restore.adoc:38 msgid "" -"On the [guimenu]``Create Software Channel`` page, give your channel a name " -"(for example, [systemitem]``My Tools SLES 15 SP1 x86_64``) and a label (for " -"example, [systemitem]``my-tools-sles15sp1-x86_64``). Labels must not " -"contain spaces or uppercase letters." +"For more information about recovering from a backup, see " +"xref:administration:backup-restore.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:45 +#: modules/administration/pages/backup-restore.adoc:39 msgid "" -"In the [guimenu]``Parent Channel`` drop down, choose the relevant base " -"channel (for example, [systemitem]``SLE-Product-SLES15-SP1-Pool for " -"x86_64``). Ensure that you choose the compatible parent channel for your " -"packages." +"Re-synchronize your {productname} repositories with the " +"[command]``mgr-sync`` tool." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:46 +#: modules/administration/pages/backup-restore.adoc:40 msgid "" -"In the [guimenu]``Architecture`` drop down, choose the appropriate hardware " -"architecture (for example, [systemitem]``x86_64``)." +"For more information about the [command]``mgr-sync`` tool, see " +"<>." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:47 +#: modules/administration/pages/backup-restore.adoc:41 msgid "" -"Provide any additional information in the contact details, channel access " -"control, and GPG fields, as required for your environment." +"You can choose to re-register your product, or skip the registration and SSL " +"certificate generation sections." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:48 -msgid "Click btn:[Create Channel]." +#: modules/administration/pages/backup-restore.adoc:42 +msgid "" +"Re-install the " +"[path]``/root/ssl-build/rhn-org-httpd-ssl-key-pair-MACHINE_NAME-VER-REL.noarch.rpm`` " +"package." msgstr "" -#. type: delimited block = -#: modules/administration/pages/custom-channels.adoc:55 +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:43 msgid "" -"By default, the ``Enable GPG Check`` field is checked when you create a new " -"channel. If you would like to add custom packages and applications to your " -"channel, make sure you uncheck this field to be able to install unsigned " -"packages. Disabling the GPG check is a security risk if packages are from " -"an untrusted source." +"Schedule the re-creation of search indexes next time the " +"[command]``rhn-search`` service is started:" msgstr "" -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:59 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:44 #, no-wrap -msgid "Procedure: Creating a Software Repository" +msgid "rhn-search cleanindex\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:61 +#: modules/administration/pages/backup-restore.adoc:45 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > " -"Repositories], and click btn:[Create Repository]." +"This command produces only debug messages. It does not produce error " +"messages." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:62 -msgid "" -"On the [guimenu]``Create Repository`` page, give your repository a label " -"(for example, [systemitem]``my-tools-sles15sp1-x86_64-repo``)." +#: modules/administration/pages/backup-restore.adoc:46 +msgid "Check whether you need to restore [path]``/var/spacewalk/packages/``." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:64 +#: modules/administration/pages/backup-restore.adoc:47 msgid "" -"In the [guimenu]``Repository URL`` field, provide the path to the directory " -"that contains the [path]``repodata`` file (for example, " -"[systemitem]``file:///opt/mytools/``). You can use any valid addressing " -"protocol in this field." +"If [path]``/var/spacewalk/packages/`` was not in your backup, you will need " +"to restore it. If the source repository is available, you can restore " +"[path]``/var/spacewalk/packages/`` with a complete channel synchronization:" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:65 -msgid "Uncheck the [guimenu]``Has Signed Metadata?`` check box." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:48 +#, no-wrap +msgid "mgr-sync refresh --refresh-channels\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:66 +#: modules/administration/pages/backup-restore.adoc:49 msgid "" -"OPTIONAL: Complete the SSL fields if your repository requires client " -"certificate authentication." +"Check the progress by running [command]``tail -f " +"/var/log/rhn/reposync/````.log`` as _root_." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:67 -msgid "Click btn:[Create Repository]." -msgstr "" - -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:70 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:50 #, no-wrap -msgid "Procedure: Assigning the Repository to a Channel" +msgid "Administering the Database with smdba" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:72 +#: modules/administration/pages/backup-restore.adoc:51 msgid "" -"Assign your new repository to your custom channel by navigating to menu:" -"Software[Manage > Channels], clicking the name of your newly created custom " -"channel, and navigating to the [guimenu]``Repositories`` tab." +"The [command]``smdba`` tool is used for managing a local PostgreSQL " +"database. It allows you to back up and restore your database, and manage " +"backups. It can also be used to check the status of your database, and " +"perform administration tasks, such as restarting." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:73 +#: modules/administration/pages/backup-restore.adoc:52 msgid "" -"Ensure the repository you want to assign to the channel is checked, and " -"click btn:[Update Repositories]." +"The [command]``smdba`` tool works with local PostgreSQL databases only, it " +"will not work with remotely accessed databases, or Oracle databases." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:75 +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:53 msgid "" -"Navigate to the [guimenu]``Sync`` tab and click btn:[Sync Now] to " -"synchronize immediately. You can also set an automated synchronization " -"schedule on this tab." +"The [command]``smdba`` tool requires [command]``sudo`` access, to execute " +"system changes. Ensure you have enabled [command]``sudo`` access for the " +"[username]``admin`` user before you begin, by checking the " +"[path]``/etc/sudoers`` file for this line:" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:78 -msgid "" -"There are several ways to check if a channel has finished synchronizing:" +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:54 +#, no-wrap +msgid "admin ALL=(postgres) /usr/bin/smdba\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:81 -msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Setup Wizard] and " -"select the [guimenu]``Products`` tab. This dialog displays a completion bar " -"for each product when they are being synchronized." +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:55 +msgid "Check the runtime status of your database with:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:56 +#, no-wrap +msgid "smdba db-status\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:84 -msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"then click the channel associated to the repository. Navigate to the menu:" -"[Repositories > Sync] tab. The [guimenu]``Sync Status`` is shown next to " -"the repository name.." +#: modules/administration/pages/backup-restore.adoc:57 +msgid "This command will return either ``online`` or ``offline``, for example:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:58 +#, no-wrap +msgid "Checking database core... online\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:85 -msgid "Check the synchronization log file at the command prompt:" +#: modules/administration/pages/backup-restore.adoc:59 +msgid "Starting and stopping the database can be performed with:" msgstr "" #. type: delimited block - -#: modules/administration/pages/custom-channels.adoc:88 +#: modules/administration/pages/backup-restore.adoc:60 +#: modules/administration/pages/backup-restore.adoc:102 #, no-wrap -msgid "tail -f /var/log/rhn/reposync/.log\n" +msgid "smdba db-start\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:92 -msgid "" -"Each child channel will generate its own log during the synchronization " -"progress. You will need to check all the base and child channel log files " -"to be sure that the synchronization is complete." +#: modules/administration/pages/backup-restore.adoc:61 +msgid "And:" msgstr "" -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:95 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:62 +#: modules/administration/pages/backup-restore.adoc:98 #, no-wrap -msgid "Procedure: Adding Custom Channels to an Activation Key" +msgid "smdba db-stop\n" +msgstr "" + +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:63 +#, no-wrap +msgid "Database Backup with smdba" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:97 +#: modules/administration/pages/backup-restore.adoc:64 msgid "" -"In the {productname} {webui}, navigate to menu:Systems[Activation Keys], and " -"select the key you want to add the custom channel to." +"The [command]``smdba`` tool performs a continuous archiving backup. This " +"backup method combines a log of every change made to the database during the " +"current session, with a series of more traditional backup files. When a " +"crash occurs, the database state is first restored from the most recent " +"backup file on disk, then the log of the current session is replayed " +"exactly, to bring the database back to a current state. A continuous " +"archiving backup with [command]``smdba`` is performed with the database " +"running, so there is no need for downtime." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:99 +#: modules/administration/pages/backup-restore.adoc:65 msgid "" -"On the [guiemnu]``Details`` tab, in the [guimenu]``Child Channels`` listing, " -"select the channel to associate. You can select multiple channels, if you " -"need to." +"This method of backing up is stable and generally creates consistent " +"snapshots, however it can take up a lot of storage space. Ensure you have " +"at least three times the current database size of space available for " +"backups. You can check your current database size by navigating to " +"[path]``/var/lib/pgsql/`` and running [command]``df -h``." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:100 -msgid "Click btn:[Update Activation Key]." +#: modules/administration/pages/backup-restore.adoc:66 +msgid "" +"The [command]``smdba`` tool also manages your archives, keeping only the " +"most recent backup, and the current archive of logs. The log files can only " +"be a maximum file size of 16{nbsp}MB, so a new log file will be created when " +"the files reach this size. Every time you create a new backup, previous " +"backups will be purged to release disk space. We recommend you use " +"[command]``cron`` to schedule your [command]``smdba`` backups to ensure that " +"your storage is managed effectively, and you always have a backup ready in " +"case of failure." msgstr "" -#. type: Title == -#: modules/administration/pages/custom-channels.adoc:103 +#. type: Title === +#: modules/administration/pages/backup-restore.adoc:67 #, no-wrap -msgid "Add Packages and Patches to Custom Channels" +msgid "Performing a Manual Database Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:107 +#: modules/administration/pages/backup-restore.adoc:68 msgid "" -"When you create a new custom channel without cloning it from an existing " -"channel, it will not contain any packages or patches. You can add the " -"packages and patches you require using the {productname} {webui}." +"The [command]``smdba`` tool can be run directly from the command line. We " +"recommend you run a manual database backup immediately after installation, " +"or if you have made any significant changes to your configuration." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:110 +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:69 msgid "" -"Custom channels can only include packages or patches that are cloned or " -"custom, and they must match the base architecture of the channel. Patches " -"added to custom channels must apply to a package that exists in the channel." +"When [command]``smdba`` is run for the first time, or if you have changed " +"the location of the backup, it will need to restart your database before " +"performing the archive. This will result in a small amount of downtime. " +"Regular database backups will not require any downtime." msgstr "" #. type: Block title -#: modules/administration/pages/custom-channels.adoc:112 +#: modules/administration/pages/backup-restore.adoc:70 #, no-wrap -msgid "Procedure: Adding Packages to Custom Channels" +msgid "Procedure: Performing a Manual Database Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:114 -msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and go to the [guimenu]``Packages`` tab." +#: modules/administration/pages/backup-restore.adoc:71 +msgid "Allocate permanent storage space for your backup." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:115 +#: modules/administration/pages/backup-restore.adoc:72 msgid "" -"OPTIONAL: See all packages currently in the channel by navigating to the " -"[guimenu]``List/Remove`` tab." +"This example uses a directory located at [path]``/var/spacewalk/``. This " +"will become a permanent target for your backup, so ensure it will remain " +"accessible by your server at all times." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:116 -msgid "" -"Add new packages to the channel by navigating to the [guimenu]``Add`` tab." +#: modules/administration/pages/backup-restore.adoc:73 +msgid "In your backup location, create a directory for the backup:" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:117 -msgid "" -"Select the parent channel to provide packages, and click btn:[View Packages] " -"to populate the list." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:74 +#, no-wrap +msgid "sudo -u postgres mkdir /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:118 -msgid "" -"Check the packages to add to the custom channel, and click btn:[Add " -"Packages]." +#: modules/administration/pages/backup-restore.adoc:75 +msgid "Or, as root:" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:119 -msgid "" -"When you are satisfied with the selection, click btn:[Confirm Addition] to " -"add the packages to the channel." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:76 +#, no-wrap +msgid "install -d -o postgres -g postgres -m 700 /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:121 -msgid "" -"OPTIONAL: You can compare the packages in the current channel with those in " -"a different channel by navigating to menu:Software[Manage > Channels], and " -"going to the menu:Packages[Compare] tab. To make the two channels the same, " -"click the btn:[Merge Differences] button, and resolve any conflicts." +#: modules/administration/pages/backup-restore.adoc:77 +msgid "Ensure you have the correct permissions set on the backup location:" msgstr "" -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:124 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:78 #, no-wrap -msgid "Procedure: Adding Patches to a Custom Channel" +msgid "chown postgres:postgres /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:126 +#: modules/administration/pages/backup-restore.adoc:79 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and go to the [guimenu]``Patches`` tab." +"To create a backup for the first time, run the [command]``smdba backup-hot`` " +"command with the [option]``enable`` option set." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:127 +#: modules/administration/pages/backup-restore.adoc:80 msgid "" -"OPTIONAL: See all patches currently in the channel by navigating to the " -"[guimenu]``List/Remove`` tab." +"This will create the backup in the specified directory, and, if necessary, " +"restart the database:" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:128 -msgid "" -"Add new patches to the channel by navigating to the [guimenu]``Add`` tab, " -"and selecting what kind of patches you want to add." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:81 +#, no-wrap +msgid "smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:129 +#: modules/administration/pages/backup-restore.adoc:82 msgid "" -"Select the parent channel to provide patches, and click btn:[View Associated " -"Patches] to populate the list." +"This command produces debug messages and finishes sucessfully with the " +"output:" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:130 -msgid "" -"Check the patches to add to the custom channel, and click btn:[Confirm]." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:83 +#, no-wrap +msgid "INFO: Finished\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:131 +#: modules/administration/pages/backup-restore.adoc:84 msgid "" -"When you are satisfied with the selection, click btn:[Confirm] to add the " -"patches to the channel." +"Check that the backup files exist in the [path]``/var/spacewalk/db-backup`` " +"directory, to ensure that your backup has been successful." msgstr "" -#. type: Title == -#: modules/administration/pages/custom-channels.adoc:134 +#. type: Title === +#: modules/administration/pages/backup-restore.adoc:85 #, no-wrap -msgid "Manage Custom Channels" +msgid "Scheduling Automatic Backups" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:137 +#: modules/administration/pages/backup-restore.adoc:86 msgid "" -"{productname} administrators and channel administrators can alter or delete " -"any channel." +"You do not need to shut down your system to perform a database backup with " +"[command]``smdba``. However, because it is a large operation, database " +"performance can slow down while the backup is running. We recommend you " +"schedule regular database backups for a low-traffic period, to minimize " +"disruption." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:141 +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:87 msgid "" -"To grant other users rights to alter or delete a channel, navigate to menu:" -"Software[Manage > Channels] and select the channel you want to edit. " -"Navigate to the [guimenu]``Managers`` tab, and check the user to grant " -"permissions. Click btn:[Update] to save the changes." +"Ensure you have at least three times the current database size of space " +"available for backups. You can check your current database size by " +"navigating to [path]``/var/lib/pgsql/`` and running [command]``df -h``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/custom-channels.adoc:147 -msgid "" -"If you delete a channel that has been assigned to a set of clients, it will " -"trigger an immediate update of the channel state for any clients associated " -"with the deleted channel. This is to ensure that the changes are reflected " -"accurately in the repository file." +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:88 +#, no-wrap +msgid "Procedure: Scheduling Automatic Backups" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:153 +#: modules/administration/pages/backup-restore.adoc:89 msgid "" -"You cannot delete {productname} channels with the {webui}. Only custom " -"channels can be deleted." +"Create a directory for the backup, and set the appropriate permissions (as " +"root):" msgstr "" -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:156 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:90 #, no-wrap -msgid "Procedure: Deleting Custom Channels" +msgid "install -m 700 -o postgres -g postgres /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:158 +#: modules/administration/pages/backup-restore.adoc:91 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and select the channel you want to delete." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:159 -msgid "Click btn:[Delete software channel]." +"Open [path]``/etc/cron.d/db-backup-mgr``, or create it if it does not exist, " +"and add the following line to create the cron job:" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:160 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:92 +#, no-wrap msgid "" -"On the [guimenu]``Delete Channel`` page, check the details of the channel " -"you are deleting, and check the [guimenu]``Unsubscribe Systems`` checkbox to " -"remove the custom channel from any systems that might still be subscribed." +"0 2 * * * root /usr/bin/smdba backup-hot --enable=on " +"--backup-dir=/var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:161 -msgid "Click btn:[Delete Channel]." +#: modules/administration/pages/backup-restore.adoc:93 +msgid "" +"Check the backup directory regularly to ensure the backups are working as " +"expected." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:164 -msgid "" -"When channels are deleted, the packages that are part of the deleted channel " -"are not automatically removed. You will not be able to update packages that " -"have had their channel deleted." +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:94 +#, no-wrap +msgid "Restoring from Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:166 +#: modules/administration/pages/backup-restore.adoc:95 msgid "" -"You can delete packages that are not associated with a channel in the " -"{productname} {webui}. Navigate to menu:Software[Manage > Packages], check " -"the packages to remove, and click btn:[Delete Packages]." +"The [command]``smdba`` tool can be used to restore from backup in the case " +"of failure." msgstr "" -#. type: Title = -#: modules/administration/pages/disconnected-setup.adoc:2 +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:96 #, no-wrap -msgid "Disconnected Setup" +msgid "Procedure: Restoring from Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:5 -msgid "" -"When it is not possible to connect {productname} to the internet, you can " -"use it within a disconnected environment." +#: modules/administration/pages/backup-restore.adoc:97 +msgid "Shut down the database:" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:8 -msgid "" -"The repository mirroring tool (RMT) is available on {sle}{nbsp}15 and " -"later. RMT replaces the subscription management tool (SMT), which can be " -"used on older {sle} installations." +#: modules/administration/pages/backup-restore.adoc:99 +msgid "Start the restore process and wait for it to complete:" msgstr "" -#. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:12 -msgid "" -"In a disconnected {productname} setup, RMT or SMT uses an external network " -"to connect to {scc}. All software channels and repositories are " -"synchronized to a removable storage device. The storage device can then be " -"used to update the disconnected {productname} installation." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:100 +#, no-wrap +msgid "smdba backup-restore start\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:14 -msgid "" -"This setup allows your {productname} installation to remain in an offline, " -"disconnected environment." +#: modules/administration/pages/backup-restore.adoc:101 +msgid "Restart the database:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:19 -msgid "" -"Your RMT or SMT instance must be used to managed a {productname} Server " -"directly. It cannot be used to manage a second RMT or SMT instance, in a " -"cascade." +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:103 +msgid "Check if there are differences between the RPMs and the database." msgstr "" -#. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:22 -msgid "" -"For more information on RMT, see https://documentation.suse.com/sles/15-SP1/" -"html/SLES-all/book-rmt.html." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:104 +#, no-wrap +msgid "spacewalk-data-fsck\n" msgstr "" #. type: Title == -#: modules/administration/pages/disconnected-setup.adoc:24 +#: modules/administration/pages/backup-restore.adoc:105 #, no-wrap -msgid "Synchronize RMT" +msgid "Archive Log Settings" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:27 +#: modules/administration/pages/backup-restore.adoc:106 msgid "" -"You can use RMT on {sle} 15 installations to manage clients running {sle} 12 " -"or later." +"Archive logging allows the database management tool [command]``smdba`` to " +"perform hot backups. In {productname} with an embedded database, archive " +"logging is enabled by default." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:29 +#: modules/administration/pages/backup-restore.adoc:107 msgid "" -"We recommend you set up a dedicated RMT instance for each {productname} " -"installation." +"PostgreSQL maintains a limited number of archive logs. Using the default " +"configuration, approximately 64 files with a size of 16 MiB are stored." msgstr "" -#. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:30 -#, no-wrap -msgid "Procedure: Setting up RMT" +#. FIXME: Use sle 15 channels as an example +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:108 +msgid "Creating a user and syncing the channels:" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:32 -msgid "On the RMT instance, install the RMT package:" +#: modules/administration/pages/backup-restore.adoc:109 +msgid "SLES12-SP2-Pool-x86_64" msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:35 -#, no-wrap -msgid "zypper in rmt-server\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:110 +msgid "SLES12-SP2-Updates-x86_64" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:37 -msgid "Configure RMT using {yast}:" +#: modules/administration/pages/backup-restore.adoc:111 +msgid "SLE-Manager-Tools12-Pool-x86_64-SP2" msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:40 -#, no-wrap -msgid "yast2 rmt\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:112 +msgid "SLE-Manager-Tools12-Updates-x86_64-SP2" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:43 +#: modules/administration/pages/backup-restore.adoc:113 msgid "" -"Follow the prompts to complete installation. For more information on " -"setting up RMT, see https://documentation.suse.com/sles/15-SP1/html/SLES-all/" -"book-rmt.html." -msgstr "" - -#. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:44 -#, no-wrap -msgid "Procedure: Synchronizing RMT with SCC" +"PostgreSQL will generate an additional roughly 1 GB of data. So it is " +"important to think about a backup strategy and create a backups in a regular " +"way." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:46 +#: modules/administration/pages/backup-restore.adoc:114 msgid "" -"On the RMT instance, list all available products and repositories for your " -"organization:" +"Archive logs are stored at [path]``/var/lib/pgsql/data/pg_xlog/`` " +"(postgresql)." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:50 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:115 #, no-wrap -msgid "" -"rmt-cli products list --all\n" -"rmt-cli repos list --all\n" +msgid "Retrieving an Overview of Occupied Database Space" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:52 -msgid "Synchronize all available updates for your organization:" +#: modules/administration/pages/backup-restore.adoc:116 +msgid "" +"Database administrators may use the subcommand [command]``space-overview`` " +"to get a report about occupied table spaces, for example:" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:55 +#: modules/administration/pages/backup-restore.adoc:117 #, no-wrap -msgid "rmt-cli sync\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:57 -msgid "You can also configure RMT to synchronize regularly using systemd." +msgid "smdba space-overview\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:59 -msgid "Enable the products you require. For example, to enable SLES 15:" +#: modules/administration/pages/backup-restore.adoc:118 +#: modules/administration/pages/backup-restore.adoc:123 +msgid "outputs:" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:62 +#: modules/administration/pages/backup-restore.adoc:119 +#: modules/administration/pages/backup-restore.adoc:124 #, no-wrap -msgid "rmt-cli product enable sles/15/x86_64\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:65 -#: modules/administration/pages/disconnected-setup.adoc:99 msgid "" -"Export the synchronized data to your removable storage. In this example, " -"the storage medium is mounted at [path]``/mnt/usb``:" +"SUSE Manager Database Control. Version 1.5.2\n" +"Copyright (c) 2012 by SUSE Linux Products GmbH\n" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:68 +#: modules/administration/pages/backup-restore.adoc:120 #, no-wrap -msgid "rmt-cli export data /mnt/usb\n" +msgid "" +"Tablespace | Size (Mb) | Avail (Mb) | Use %\n" +"------------+-----------+------------+------\n" +"postgres | 7 | 49168 | 0.013\n" +"susemanager | 776 | 48399 | 1.602\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:70 -#: modules/administration/pages/disconnected-setup.adoc:106 -msgid "Export the enabled repositories to your removable storage:" +#: modules/administration/pages/backup-restore.adoc:121 +msgid "" +"The [command]``smdba`` command is available for PostgreSQL. For a more " +"detailed report, use the [command]``space-tables`` subcommand. It lists the " +"table and its size, for example:" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:72 -#: modules/administration/pages/disconnected-setup.adoc:108 +#: modules/administration/pages/backup-restore.adoc:122 #, no-wrap -msgid "rmt-cli export settings /mnt/usb\n" +msgid "smdba space-tables\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:78 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:125 +#, no-wrap msgid "" -"Ensure that the external storage is mounted to a directory that is writeable " -"by the RMT user. You can change RMT user settings in the `cli` section of " -"[path]``/etc/rmt.conf``." +"Table | Size\n" +"--------------------------------------+-----------\n" +"public.all_primary_keys | 0 bytes\n" +"public.all_tab_columns | 0 bytes\n" +"public.allserverkeywordsincereboot | 0 bytes\n" +"public.dblink_pkey_results | 0 bytes\n" +"public.dual | 8192 bytes\n" +"public.evr_t | 0 bytes\n" +"public.log | 32 kB\n" +"...\n" msgstr "" #. type: Title == -#: modules/administration/pages/disconnected-setup.adoc:82 +#: modules/administration/pages/backup-restore.adoc:126 #, no-wrap -msgid "Synchronize SMT" +msgid "Moving the Database" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:86 +#: modules/administration/pages/backup-restore.adoc:127 msgid "" -"SMT is included with {sle} 12, and can be used to manage clients running " -"{sle} 10 or later." +"It is possible to move the database to another location. For example, move " +"the database if the database storage space is running low. The following " +"procedure will guide you through moving the database to a new location for " +"use by {productname}." msgstr "" -#. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:88 -msgid "" -"SMT requires you to create a local mirror directory on the SMT instance in " -"order to synchronize repositories and packages." +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:128 +#, no-wrap +msgid "Procedure: Moving the Database" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:90 +#: modules/administration/pages/backup-restore.adoc:129 msgid "" -"For more details on installing and configuring SMT, see https://" -"documentation.suse.com/sles/12-SP4/html/SLES-all/book-smt.html." -msgstr "" - -#. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:91 -#, no-wrap -msgid "Procedure: Synchronizing SMT with SCC" +"The default storage location for {productname} is " +"[path]``/var/lib/pgsql/``. If you would like to move it, for example to " +"[path]``/storage/postgres/``, proceed as follows." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:93 -msgid "On the SMT instance, create a database replacement file:" +#: modules/administration/pages/backup-restore.adoc:130 +msgid "Stop the running database with (as root):" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:96 +#: modules/administration/pages/backup-restore.adoc:131 #, no-wrap -msgid "smt-sync --createdbreplacementfile /tmp/dbrepl.xml\n" +msgid "rcpostgresql stop\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:104 -#, no-wrap -msgid "" -"smt-sync --todir /mnt/usb\n" -"smt-mirror --dbreplfile /tmp/dbrepl.xml --directory /mnt/usb \\\n" -" --fromlocalsmt -L /var/log/smt/smt-mirror-export.log\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:132 +msgid "Shut down the running Spacewalk services with:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:114 +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:134 msgid "" -"Ensure that the external storage is mounted to a directory that is writeable " -"by the RMT user. You can change SMT user settings in [path]``/etc/smt." -"conf``." +"Copy the current working directory structure with [command]``cp`` using the " +"[option]``-a, --archive`` option." msgstr "" -#. type: Title == -#: modules/administration/pages/disconnected-setup.adoc:118 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:136 #, no-wrap -msgid "Synchronize a Disconnected Server" +msgid "cp --archive /var/lib/pgsql/ /storage/postgres/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:121 +#: modules/administration/pages/backup-restore.adoc:137 msgid "" -"When you have removable media loaded with your {scc} data, you can use it to " -"synchronize your disconnected server." +"This command will copy the contents of [path]``/var/lib/pgsql/`` to " +"[path]``/storage/postgres/pgsql/``." msgstr "" -#. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:122 -#, no-wrap -msgid "Procedure: Synchronizing a Disconnected Server" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:138 +msgid "" +"The contents of the [path]``/var/lib/pgsql`` directory needs to remain the " +"same, otherwise the {productname} database may malfunction. You also should " +"ensure that there is enough available disk space." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:125 -msgid "" -"Mount your removable media device to the {productname} server. In this " -"example, the mount point is [path]``/media/disk``." +#: modules/administration/pages/backup-restore.adoc:139 +msgid "Mount the new database directory with:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:140 +#, no-wrap +msgid "mount /storage/postgres/pgsql\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:126 +#: modules/administration/pages/backup-restore.adoc:141 msgid "" -"Open ``/etc/rhn/rhn.conf`` and define the mount point by adding or editing " -"this line:" +"Make sure ownership is `postgres:postgres` and not `root:root` by changing " +"to the new directory and running the following commands:" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:129 +#: modules/administration/pages/backup-restore.adoc:142 #, no-wrap -msgid "server.susemanager.fromdir = /media/disk\n" +msgid "" +"cd /storage/postgres/pgsql/\n" +"ls -l\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:132 -msgid "Restart the Tomcat service:" +#: modules/administration/pages/backup-restore.adoc:143 +msgid "Outputs:" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:135 +#: modules/administration/pages/backup-restore.adoc:144 #, no-wrap -msgid "systemctl restart tomcat\n" +msgid "" +"total 8\n" +"drwxr-x--- 4 postgres postgres 47 Jun 2 14:35 ./\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:137 -msgid "Refresh the local data:" +#: modules/administration/pages/backup-restore.adoc:145 +msgid "" +"Add the new database mount location to your servers fstab by editing " +"[path]``etc/fstab``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:146 +msgid "Start the database with:" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:140 +#: modules/administration/pages/backup-restore.adoc:147 #, no-wrap -msgid "mgr-sync refresh\n" +msgid "rcpostgresql start\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:142 -msgid "Perform a synchronization:" +#: modules/administration/pages/backup-restore.adoc:148 +msgid "Start the Spacewalk services with:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:146 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:150 #, no-wrap -msgid "" -"mgr-sync list channels\n" -"mgr-sync add channel channel-label\n" +msgid "Recovering from a Crashed Root Partition" msgstr "" -#. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:153 +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:151 msgid "" -"The removable disk that you use for synchronization must always be available " -"at the same mount point. Do not trigger a synchronization, if the storage " -"medium is not mounted. This will result in data corruption." +"This section provides guidance on restoring your server after its root " +"partition has crashed. This section assumes you have setup your server " +"similar to the procedure explained in Installation guide with separate " +"partitions for the database and for channels mounted at " +"[path]``/var/lib/pgsql`` and [path]``/var/spacewalk/``." msgstr "" -#. type: Title = -#: modules/administration/pages/image-management.adoc:2 +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:152 #, no-wrap -msgid "Image Building and Management" +msgid "Procedure: Recovering from a Crashed Root Partition" msgstr "" -#. type: Title == -#: modules/administration/pages/image-management.adoc:7 -#, no-wrap -msgid "Image Building Overview" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:153 +msgid "Install {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:11 +#: modules/administration/pages/backup-restore.adoc:154 msgid "" -"{productname} enables system administrators to build containers and OS " -"Images and push the result in image stores. The workflow looks like this:" +"Do not mount the [path]``/var/spacewalk`` and [path]``/var/lib/pgsql`` " +"partitions. Wait for the installation to complete before going on to the " +"next step." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:13 -msgid "Define an image store" +#: modules/administration/pages/backup-restore.adoc:155 +msgid "Shut down the services with [command]``spacewalk-service shutdown``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:14 -msgid "" -"Define an image profile and associate it with a source (either a git " -"repository or a directory)" +#: modules/administration/pages/backup-restore.adoc:156 +msgid "Shut down the database with [command]``rcpostgresql stop``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:15 -msgid "Build the image" +#: modules/administration/pages/backup-restore.adoc:157 +msgid "Mount [path]``/var/spacewalk`` and [path]``/var/lib/pgsql`` partitions." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:16 -msgid "Push the image to the image store" +#: modules/administration/pages/backup-restore.adoc:158 +msgid "Restore the directories listed in <>." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:18 -msgid "" -"{productname} supports two distinct build types: dockerfile, and the Kiwi " -"image system." +#: modules/administration/pages/backup-restore.adoc:159 +msgid "Start the Spacewalk services with [command]``spacewalk-services start``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:23 -msgid "" -"The Kiwi build type is used to build system, virtual, and other images. The " -"image store for the Kiwi build type is pre-defined as a file system " -"directory at [path]``/srv/www/os-images`` on the server. {productname} " -"serves the image store over HTTPS from [literal]``///os-images/" -"``. The image store location is unique and is not customizable." +#: modules/administration/pages/backup-restore.adoc:160 +msgid "Start the database with [command]``rcpostgresql start``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:25 +#: modules/administration/pages/backup-restore.adoc:161 msgid "" -"Images are always stored in [path]``/srv/www/os-image/``." +"{productname} should now operate normally without loss of your database or " +"synced channels." msgstr "" #. type: Title == -#: modules/administration/pages/image-management.adoc:29 +#: modules/administration/pages/backup-restore.adoc:162 #, no-wrap -msgid "Container Images" +msgid "Database Connection Information" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:31 +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:163 +msgid "" +"The information for connecting to the {productname} database is located in " +"[path]``/etc/rhn/rhn.conf``:" +msgstr "" + +#. There are no such default, they are user-spcified, though +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:164 #, no-wrap -msgid "image-building.png" +msgid "" +"db_backend = postgresql\n" +"db_user = susemanager\n" +"db_password = susemanager\n" +"db_name = susemanager\n" +"db_host = localhost\n" +"db_port = 5432\n" +"db_ssl_enabled =\n" msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:36 -#: modules/administration/pages/image-management.adoc:396 +#. type: Title = +#: modules/administration/pages/channel-management.adoc:1 #, no-wrap -msgid "Requirements" +msgid "Channel Management" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:41 -msgid "" -"The containers feature is available for Salt clients running {sles} 12 or " -"later. Before you begin, ensure your environment meets these requirements:" +#: modules/administration/pages/channel-management.adoc:2 +msgid "Channels are a method of grouping software packages." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:44 +#: modules/administration/pages/channel-management.adoc:3 msgid "" -"A published git repository containing a dockerfile and configuration " -"scripts. The repository can be public or private, and should be hosted on " -"GitHub, GitLab, or BitBucket." +"In {productname}, channels are grouped into base and child channels, with " +"base channels grouped by operating system type, version, and architecture, " +"and child channels being compatible with their related base channel. When a " +"client has been assigned to a base channel, it is only possible for that " +"system to install the related child channels. Organizing channels in this " +"way ensures that only compatible packages are installed on each system." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:45 -msgid "A properly configured image store, such as a Docker registry." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:51 +#: modules/administration/pages/channel-management.adoc:4 msgid "" -"If you require a private image registry you can use an open source solution " -"such as ``Portus``. For additional information on setting up Portus as a " -"registry provider, see the http://port.us.org/[Portus Documentation]." +"Software channels use repositories to provide packages. The channels mirror " +"the repositories in {productname}, and the package names and other data are " +"stored in the {productname} database. You can have any number of " +"repositories associated with a channel. The software from those " +"repositories can then be installed on clients by subscribing the client to " +"the appropriate channel." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:55 -msgid "For more information on Containers or {caasp}, see:" +#: modules/administration/pages/channel-management.adoc:5 +msgid "" +"Clients can only be assigned to one base channel. The client can then " +"install or update packages from the repositories associated with that base " +"channel and any of its child channels." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:58 +#: modules/administration/pages/channel-management.adoc:6 msgid "" -"https://documentation.suse.com/sles/15-SP1/html/SLES-all/book-sles-docker." -"html" +"{productname} provides a number of vendor channels, which provide you " +"everything you need to run {productname}. {productname} Administrators and " +"Channel Administrators have channel management authority, which gives them " +"the ability to create and manage their own custom channels. If you want to " +"use your own packages in your environment, you can create custom channels. " +"Custom channels can be used as a base channel, or you can associate them " +"with a vendor base channel." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:59 -msgid "https://documentation.suse.com/suse-caasp/4/" +#: modules/administration/pages/channel-management.adoc:7 +msgid "" +"For more on creating custom channels, see " +"xref:administration:custom-channels.adoc[]." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:63 -#: modules/administration/pages/image-management.adoc:425 +#. type: Title == +#: modules/administration/pages/channel-management.adoc:8 #, no-wrap -msgid "Create a Build Host" +msgid "Channel Administration" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:69 +#: modules/administration/pages/channel-management.adoc:9 msgid "" -"To build images with {productname}, you will need to create and configure a " -"build host. Container build hosts are Salt clients running {sle} 12 or " -"later. This section guides you through the initial configuration for a " -"build host." +"By default, any user can subscribe channels to a system. You can implement " +"restrictions on the channel using the {webui}." +msgstr "" + +#. type: Block title +#: modules/administration/pages/channel-management.adoc:10 +#, no-wrap +msgid "Procedure: Restricting Subscriber Access to a Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:71 +#: modules/administration/pages/channel-management.adoc:11 msgid "" -"From the {productname} {webui}, perform these steps to configure a build " -"host:" +"In the {productname} {webui}, navigate to menu:Software[Channel List], and " +"select the channel to edit." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:74 +#: modules/administration/pages/channel-management.adoc:12 msgid "" -"Select a Salt client to be designated as a build host from the menu:" -"Systems[Overview] page." +"Locate the [guimenu]``Per-User Subscription Restrictions`` section and check " +"[guimenu]``Only selected users within your organization may subscribe to " +"this channel``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:77 -msgid "" -"From the [guimenu]``System Details`` page of the selected client assign the " -"containers modules. Go to menu:Software[Software Channels] and enable the " -"containers module (for example, [guimenu]``SLE-Module-Containers15-Pool`` " -"and [guimenu]``SLE-Module-Containers15-Updates``). Confirm by clicking btn:" -"[Change Subscriptions]." +#: modules/administration/pages/channel-management.adoc:13 +msgid "Click btn:[Update] to save the changes." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:78 +#: modules/administration/pages/channel-management.adoc:14 msgid "" -"From the menu:System Details[Properties] page, enable ``Container Build " -"Host`` from the [guimenu]``Add-on System Types`` list and confirm by " -"clicking btn:[Update Properties]." +"Navigate to the [guimenu]``Subscribers`` tab and select or deselect users as " +"required." +msgstr "" + +#. type: Title = +#: modules/administration/pages/content-lifecycle-examples.adoc:1 +#, no-wrap +msgid "Content Lifecycle Management Examples" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:81 +#: modules/administration/pages/content-lifecycle-examples.adoc:2 msgid "" -"Install all required packages by applying ``Highstate``. From the system " -"details page select menu:States[Highstate] and click [guimenu]``Apply " -"Highstate``. Alternatively, apply Highstate from the {productname} Server " -"command line:" +"This section contains some common examples of how you can use content " +"lifecycle management. Use these examples to build your own personalized " +"implementation." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:84 -#: modules/administration/pages/image-management.adoc:462 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:3 #, no-wrap -msgid "salt '$your_client' state.highstate\n" +msgid "Creating a Project for a Monthly Patch Cycle" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:4 +msgid "An example project for a monthly patch cycle consists of:" msgstr "" #. type: Title === -#: modules/administration/pages/image-management.adoc:89 +#: modules/administration/pages/content-lifecycle-examples.adoc:5 +#: modules/administration/pages/content-lifecycle-examples.adoc:10 #, no-wrap -msgid "Create an Activation Key for Containers" +msgid "Creating a `By Date` filter" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:93 -msgid "" -"The containers built using {productname} will use channel(s) associated to " -"the activation key as repositories when building the image. This section " -"will guide you into creating an ad-hoc activation key for this purpose." +#: modules/administration/pages/content-lifecycle-examples.adoc:6 +msgid "Adding the filter to the project" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:97 -msgid "" -"To build a container, you will need an activation key that is associated " -"with a channel other than `SUSE Manager Default`." -msgstr "" - -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:99 -#: modules/administration/pages/image-management.adoc:521 -#, no-wrap -msgid "systems_create_activation_key.png" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:7 +msgid "Applying the filter to a new project build" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:102 -msgid "Select menu:Systems[Activation Keys]." +#: modules/administration/pages/content-lifecycle-examples.adoc:8 +msgid "Excluding a patch from the project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:103 -msgid "Click btn:[Create Key]." +#: modules/administration/pages/content-lifecycle-examples.adoc:9 +msgid "Including a patch in the project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:105 +#: modules/administration/pages/content-lifecycle-examples.adoc:11 msgid "" -"Enter a [guimenu]``Description`` and a [guimenu]``Key`` name. Use the drop-" -"down menu to select the [guimenu]``Base Channel`` to associate with this key." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:106 -#: modules/administration/pages/image-management.adoc:527 -msgid "Confirm with btn:[Create Activation Key]." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:108 -#: modules/administration/pages/image-management.adoc:529 -msgid "For more information, see <>." +"The ``By Date`` filter excludes all patches released after a specified " +"date. This filter is useful for your content lifecycle projects that follow " +"a monthly patch cycle." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:112 -#: modules/administration/pages/image-management.adoc:533 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:12 #, no-wrap -msgid "Create an Image Store" +msgid "Procedure: Creating the ``By Date`` Filter" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:117 +#: modules/administration/pages/content-lifecycle-examples.adoc:13 +#: modules/administration/pages/content-lifecycle-examples.adoc:38 +#: modules/administration/pages/content-lifecycle-examples.adoc:53 msgid "" -"All built images are pushed to an image store. This section contains " -"information about creating an image store." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters] " +"and click btn:[Create Filter]." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:118 -#, no-wrap -msgid "images_image_stores.png" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:14 +#: modules/administration/pages/content-lifecycle-examples.adoc:90 +msgid "In the [guimenu]``Filter Name`` field, type a name for your filter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:121 -msgid "Select menu:Images[Stores]." +#: modules/administration/pages/content-lifecycle-examples.adoc:15 +msgid "For example, [systemitem]``Exclude patches by date``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:122 -msgid "Click [guimenu]``Create`` to create a new store." +#: modules/administration/pages/content-lifecycle-examples.adoc:16 +msgid "" +"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Issue " +"date)``." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:124 -#, no-wrap -msgid "images_image_stores_create.png" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:17 +msgid "" +"In the [guimenu]``Matcher`` field, [guimenu]``later or equal`` is " +"autoselected." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:127 -msgid "Define a name for the image store in the [guimenu]``Label`` field." +#: modules/administration/pages/content-lifecycle-examples.adoc:18 +msgid "Select the date and time." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:128 -msgid "" -"Provide the path to your image registry by filling in the [guimenu]``URI`` " -"field, as a fully qualified domain name (FQDN) for the container registry " -"host (whether internal or external)." +#: modules/administration/pages/content-lifecycle-examples.adoc:19 +#: modules/administration/pages/content-lifecycle-examples.adoc:25 +#: modules/administration/pages/content-lifecycle-examples.adoc:45 +#: modules/administration/pages/content-lifecycle-examples.adoc:62 +#: modules/administration/pages/monitoring.adoc:125 +msgid "Click btn:[Save]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:132 +#. type: Title === +#: modules/administration/pages/content-lifecycle-examples.adoc:20 #, no-wrap -msgid "registry.example.com\n" +msgid "Adding the Filter to the Project" +msgstr "" + +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:21 +#, no-wrap +msgid "Procedure: Adding a Filter to a Project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:136 +#: modules/administration/pages/content-lifecycle-examples.adoc:22 msgid "" -"The Registry URI can also be used to specify an image store on a registry " -"that is already in use." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects] " +"and select a project from the list." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:140 -#, no-wrap -msgid "registry.example.com:5000/myregistry/myproject\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:23 +msgid "Click btn:[Attach/Detach Filters] link to see all available filters" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:143 -msgid "Click btn:[Create] to add the new image store." +#: modules/administration/pages/content-lifecycle-examples.adoc:24 +msgid "Select the new [guimenu]``Exclude patches by date`` filter." msgstr "" #. type: Title === -#: modules/administration/pages/image-management.adoc:147 -#: modules/administration/pages/image-management.adoc:550 +#: modules/administration/pages/content-lifecycle-examples.adoc:26 #, no-wrap -msgid "Create an Image Profile" +msgid "Applying the Filter to a new Project Build" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:152 +#: modules/administration/pages/content-lifecycle-examples.adoc:27 msgid "" -"All container images are built using an image profile, which contains the " -"building instructions. This section contains information about creating an " -"image profile with the {productname} {webui}." -msgstr "" - -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:153 -#: modules/administration/pages/image-management.adoc:555 -#, no-wrap -msgid "images_image_profiles.png" +"The new filter is added to your filter list, but it still needs to be " +"applied to the project. To apply the filter you need to build the first " +"environment." msgstr "" #. type: Block title -#: modules/administration/pages/image-management.adoc:155 -#: modules/administration/pages/image-management.adoc:557 +#: modules/administration/pages/content-lifecycle-examples.adoc:28 #, no-wrap -msgid "Procedure: Create an Image Profile" +msgid "Procedure: Using the Filter" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:157 -msgid "" -"To create an image profile select menu:Images[Profiles] and click btn:" -"[Create]." +#: modules/administration/pages/content-lifecycle-examples.adoc:29 +msgid "Click btn:[Build] to build the first environment." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:159 -#, no-wrap -msgid "images_image_create_profile.png" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:30 +msgid "OPTIONAL: Add a message." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:162 -msgid "" -"Provide a name for the image profile by filling in the [guimenu]``Label`` " -"field." +#: modules/administration/pages/content-lifecycle-examples.adoc:31 +msgid "You can use messages to help track the build history." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:167 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:32 msgid "" -"If your container image tag is in a format such as `myproject/myimage`, make " -"sure your image store registry URI contains the `/myproject` suffix." +"Check that the filter has worked correctly by using the new channels on a " +"test server." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:170 -msgid "Use a dockerfile as the `Image Type`." +#: modules/administration/pages/content-lifecycle-examples.adoc:33 +msgid "Click btn:[Promote] to move the content to the next environment." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:172 +#: modules/administration/pages/content-lifecycle-examples.adoc:34 msgid "" -"Use the drop-down menu to select your registry from the `Target Image Store` " -"field." +"The build will take longer if you have a large number of filters, or they " +"are very complex." +msgstr "" + +#. type: Title === +#: modules/administration/pages/content-lifecycle-examples.adoc:35 +#, no-wrap +msgid "Excluding a Patch from the Project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:176 +#: modules/administration/pages/content-lifecycle-examples.adoc:36 msgid "" -"In the [guimenu]``Path`` field, type a GitHub, GitLab or BitBucket " -"repository URL. The URL should be be http, https, or a token authentication " -"URL. Use one of these formats:" +"Tests may help you discover issues. When an issue is found, exclude the " +"problem patch released before the `by date` filter." msgstr "" #. type: Block title -#: modules/administration/pages/image-management.adoc:177 +#: modules/administration/pages/content-lifecycle-examples.adoc:37 #, no-wrap -msgid "GitHub Path Options" +msgid "Procedure: Excluding a Patch" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:179 -msgid "GitHub single user project repository" +#: modules/administration/pages/content-lifecycle-examples.adoc:39 +msgid "In the [guimenu]``Filter Name`` field, enter a name for the filter." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:182 -#, no-wrap -msgid "https://github.com/USER/project.git#branchname:folder\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:40 +msgid "For example, [systemitem]``Exclude openjdk patch``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:185 -msgid "GitHub organization project repository" +#: modules/administration/pages/content-lifecycle-examples.adoc:41 +#: modules/administration/pages/content-lifecycle-examples.adoc:56 +msgid "" +"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Advisory " +"Name)``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:188 -#, no-wrap -msgid "https://github.com/ORG/project.git#branchname:folder\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:42 +#: modules/administration/pages/content-lifecycle-examples.adoc:57 +msgid "In the [guimenu]``Matcher`` field, select [guimenu]``equals``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:191 -msgid "GitHub token authentication" +#: modules/administration/pages/content-lifecycle-examples.adoc:43 +msgid "In the [guimenu]``Advisory Name`` field, type a name for the advisory." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:195 -msgid "" -"If your git repository is private, modify the profile's URL to include " -"authentication. Use this URL format to authenticate with a GitHub token:" +#: modules/administration/pages/content-lifecycle-examples.adoc:44 +msgid "For example, [systemitem]``SUSE-15-2019-1807``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:199 -#, no-wrap -msgid "https://USER:@github.com/USER/project.git#master:/container/\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:46 +#: modules/administration/pages/content-lifecycle-examples.adoc:99 +#: modules/administration/pages/content-lifecycle-examples.adoc:128 +msgid "Navigate to menu:Content Lifecycle[Projects] and select your project." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:201 -#, no-wrap -msgid "GitLab Path Options" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:47 +msgid "" +"Click btn:[Attach/Detach Filters] link, select [guimenu]``Exclude openjdk " +"patch``, and click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:203 -msgid "GitLab single user project repository" +#: modules/administration/pages/content-lifecycle-examples.adoc:48 +msgid "" +"When you rebuild the project with the btn:[Build] button, the new filter is " +"used together with the [guimenu]``by date`` filter we added before." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:207 +#. type: Title === +#: modules/administration/pages/content-lifecycle-examples.adoc:49 #, no-wrap -msgid "https://gitlab.example.com/USER/project.git#master:/container/\n" +msgid "Including a Patch in the Project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:210 -msgid "GitLab groups project repository" +#: modules/administration/pages/content-lifecycle-examples.adoc:50 +msgid "" +"In this example, you have received a security alert. An important security " +"patch was released several days after the first of the month you are " +"currently working on. The name of the new patch is ``SUSE-15-2019-2071``. " +"You need to include this new patch into your environment." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:214 -#, no-wrap -msgid "https://gitlab.example.com/GROUP/project.git#master:/container/\n" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:51 +msgid "" +"The [guimenu]``Allow`` filters rule overrides the exclude function of the " +"[guimenu]``Deny`` filter rule. For more information, see " +"xref:administration:content-lifecycle.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:217 -msgid "GitLab token authentication" +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:52 +#, no-wrap +msgid "Procedure: Including a Patch in a Project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:221 -msgid "" -"If your git repository is private and not publicly accessible, you need to " -"modify the profile's git URL to include authentication. Use this URL format " -"to authenticate with a GitLab token:" +#: modules/administration/pages/content-lifecycle-examples.adoc:54 +msgid "In the [guimenu]``Filter Name`` field, type a name for the filter." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:225 -#, no-wrap -msgid "https://gitlab-ci-token:@gitlab.example.com/USER/project.git#master:/container/\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:55 +msgid "For example, [systemitem]``Include kernel security fix``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:232 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:58 msgid "" -"If you do not specify a git branch, the `master` branch will be used by " -"default. If a `folder` is not specified, the image sources (dockerfile " -"sources) are expected to be in the root directory of the GitHub or GitLab " -"checkout." +"In the [guimenu]``Advisory Name`` field, type " +"[guimenu]``SUSE-15-2019-2071``, and check [guimenu]``Allow``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:236 +#: modules/administration/pages/content-lifecycle-examples.adoc:59 +#: modules/administration/pages/content-lifecycle-examples.adoc:98 +msgid "Click btn:[Save] to store the filter." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:60 msgid "" -"Select an `Activation Key`. Activation keys ensure that images using a " -"profile are assigned to the correct channel and packages." +"Navigate to menu:Content Lifecycle[Projects] and select your project from " +"the list." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:241 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:61 msgid "" -"When you associate an activation key with an image profile you are ensuring " -"any image using the profile will use the correct software channel and any " -"packages in the channel." +"Click btn:[Attach/Detach Filters], and select [guimenu]``Include kernel " +"security patch``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:244 -msgid "Click the btn:[Create] button." +#: modules/administration/pages/content-lifecycle-examples.adoc:63 +msgid "Click btn:[Build] to rebuild the environment." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:248 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:64 #, no-wrap -msgid "Example Dockerfile Sources" +msgid "Update an Existing Monthly Patch Cycle" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:252 +#: modules/administration/pages/content-lifecycle-examples.adoc:65 msgid "" -"An Image Profile that can be reused is published at https://github.com/SUSE/" -"manager-build-profiles" +"When a monthly patch cycle is complete, you can update the patch cycle for " +"the next month." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:257 -msgid "" -"The [option]``ARG`` parameters ensure that the built image is associated " -"with the desired repository served by {productname}. The [option]``ARG`` " -"parameters also allow you to build image versions of {sles} which may differ " -"from the version of {sles} used by the build host itself." +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:66 +#, no-wrap +msgid "Procedure: Updating a Monthly Patch Cycle" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:259 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:67 msgid "" -"For example: The [command]``ARG repo`` parameter and the [command]``echo`` " -"command pointing to the repository file, creates and then injects the " -"correct path into the repository file for the desired channel version." +"In the [guimenu]``by date`` field, change the date of the filter to the next " +"month." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:261 -msgid "" -"The repository is determined by the activation key that you assigned to your " -"image profile." +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:68 +msgid "Alternatively, create a new filter and change the assignment to the project." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:268 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:69 msgid "" -"The [package]#python# and [package]#python-xml# packages must be installed " -"in the container. They are required for inspecting images, and for " -"providing the package and product list of a container to the {productname} " -"{webui}. If you do not install them, images will still build but the " -"package and product list will not available in the {webui}." +"Check if the exclude filter for ``SUSE-15-2019-1807`` can be detached from " +"the project." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:273 -#, no-wrap -msgid "" -"FROM registry.example.com/sles12sp2\n" -"MAINTAINER Tux Administrator \"tux@example.com\"\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:70 +msgid "There may be a new patch available to fix this issue." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:275 -#, no-wrap -msgid "### Begin: These lines Required for use with {productname}\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:71 +msgid "Detach the ``allow`` filter you added previously." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:278 -#, no-wrap -msgid "" -"ARG repo\n" -"ARG cert\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:72 +msgid "The patch is included by default." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:281 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:73 msgid "" -"# Add the correct certificate\n" -"RUN echo \"$cert\" > /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT.pem\n" +"Rebuild the project to create a new environment with patches for the next " +"month." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:284 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:74 #, no-wrap +msgid "Enhance a Project with Live Patching" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:75 msgid "" -"# Update certificate trust store\n" -"RUN update-ca-certificates\n" +"This section covers setting up filters to create environments for live " +"patching." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:287 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:76 msgid "" -"# Add the repository path to the image\n" -"RUN echo \"$repo\" > /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" +"When you are preparing to use live patching, there are some important " +"considerations" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:289 -#, no-wrap -msgid "### End: These lines required for use with {productname}\n" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:77 +msgid "Only ever use one kernel version on your systems." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:292 -#, no-wrap -msgid "" -"# Add the package script\n" -"ADD add_packages.sh /root/add_packages.sh\n" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:78 +msgid "The live patching packages are installed with a specific kernel." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:295 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:79 +msgid "Live patching updates are shipped as one patch." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:80 msgid "" -"# Run the package script\n" -"RUN /root/add_packages.sh\n" +"Each kernel patch that begins a new series of live patching kernels will " +"display the ``required reboot`` flag." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:298 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:81 msgid "" -"# After building remove the repository path from image\n" -"RUN rm -f /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" +"These kernel patches come with live patching tools. When you have installed " +"them, you will need to reboot the system at least once before the next year." msgstr "" -#. TODO: Replace the "custom-system-info" link -#. type: Block title -#: modules/administration/pages/image-management.adoc:301 -#, no-wrap -msgid "Using Custom Info Key-value Pairs as Docker Buildargs" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:82 +msgid "Only install live patch updates that match the installed kernel version." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:304 -msgid "" -"You can assign custom info key-value pairs to attach information to the " -"image profiles. Additionally, these key-value pairs are passed to the " -"Docker build command as `buildargs`." +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:83 +msgid "Live patches are provided as stand-alone patches." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:306 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:84 msgid "" -"For more information about the available custom info keys and creating " -"additional ones, see xref:reference:systems/custom-system-info.adoc[]." +"You must exclude all regular kernel patches with higher kernel version than " +"the currently installed one." msgstr "" #. type: Title === -#: modules/administration/pages/image-management.adoc:309 -#: modules/administration/pages/image-management.adoc:701 +#: modules/administration/pages/content-lifecycle-examples.adoc:85 #, no-wrap -msgid "Build an Image" +msgid "Exclude Packages with a Higher Kernel Version" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:314 +#: modules/administration/pages/content-lifecycle-examples.adoc:86 msgid "" -"There are two ways to build an image. You can select menu:Images[Build] " -"from the left navigation bar, or click the build icon in the menu:" -"Images[Profiles] list." +"In this example you update your systems with the ``SUSE-15-2019-1244`` " +"patch. This patch contains ``kernel-default-4.12.14-150.17.1-x86_64``." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:315 -#: modules/administration/pages/image-management.adoc:708 -#, no-wrap -msgid "images_image_build.png" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:87 +msgid "" +"You need to exclude all patches which contain a higher version of " +"``kernel-default``." msgstr "" #. type: Block title -#: modules/administration/pages/image-management.adoc:317 -#: modules/administration/pages/image-management.adoc:710 +#: modules/administration/pages/content-lifecycle-examples.adoc:88 #, no-wrap -msgid "Procedure: Building an Image" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/image-management.adoc:319 -#: modules/administration/pages/image-management.adoc:712 -msgid "Select menu:Images[Build]." +msgid "Procedure: Excluding Packages with a Higher Kernel Version" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:320 +#: modules/administration/pages/content-lifecycle-examples.adoc:89 msgid "" -"Add a different tag name if you want a version other than the default " -"``latest`` (only relevant to containers)." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters], " +"and click btn:[Create Filter]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:321 -msgid "Select [guimenu]``Build Profile`` and [guimenu]``Build Host``." +#: modules/administration/pages/content-lifecycle-examples.adoc:91 +msgid "For example, [systemitem]``Exclude kernel greater than 4.12.14-150.17.1``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:327 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:92 msgid "" -"Notice the [guimenu]``Profile Summary`` to the right of the build fields. " -"When you have selected a build profile, detailed information about the " -"selected profile will be displayed in this area." +"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Contains " +"Package)``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:330 -msgid "To schedule a build click the btn:[Build] button." -msgstr "" - -#. type: Title === -#: modules/administration/pages/image-management.adoc:334 -#, no-wrap -msgid "Import an Image" +#: modules/administration/pages/content-lifecycle-examples.adoc:93 +msgid "In the [guimenu]``Matcher`` field, select [guimenu]``version greater than``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:341 -msgid "" -"You can import and inspect arbitrary images. Select menu:Images[Image List] " -"from the left navigation bar. Complete the text boxes of the " -"[guimenu]``Import`` dialog. When it has processed, the imported image will " -"be listed on the [guimenu]``Image List`` page." +#: modules/administration/pages/content-lifecycle-examples.adoc:94 +msgid "In the [guimenu]``Package Name`` field, type [systemitem]``kernel-default``." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:342 -#, no-wrap -msgid "Procedure: Importing an Image" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:95 +msgid "Leave the the [guimenu]``Epoch`` field empty." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:344 -msgid "" -"From menu:Images[Image list] click btn:[Import] to open the " -"[guimenu]``Import Image`` dialog." +#: modules/administration/pages/content-lifecycle-examples.adoc:96 +msgid "In the [guimenu]``Version`` field, type [systemitem]``4.12.14``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:345 -msgid "In the [guimenu]``Import Image`` dialog complete these fields:" +#: modules/administration/pages/content-lifecycle-examples.adoc:97 +msgid "In the [guimenu]``Release`` field, type [systemitem]``150.17.1``." msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:347 -#, no-wrap -msgid "Image store:" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:100 +#: modules/administration/pages/content-lifecycle.adoc:20 +msgid "Click btn:[Attach/Detach Filters]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:349 -msgid "The registry from where the image will be pulled for inspection." +#: modules/administration/pages/content-lifecycle-examples.adoc:101 +msgid "" +"Select [guimenu]``Exclude kernel greater than 4.12.14-150.17.1``, and click " +"btn:[Save]." msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:350 -#, no-wrap -msgid "Image name:" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:102 +msgid "" +"When you click btn:[Build], a new environment is created. The new " +"environment contains all the kernel patches up to the version you installed." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:352 -msgid "The name of the image in the registry." +#: modules/administration/pages/content-lifecycle-examples.adoc:103 +msgid "" +"All kernel patches with higher kernel versions are removed. Live patching " +"kernels will stay available as long as they are not the first in a series." msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:353 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:104 #, no-wrap -msgid "Image version:" +msgid "Switch to a New Kernel Version for Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:355 -msgid "The version of the image in the registry." +#: modules/administration/pages/content-lifecycle-examples.adoc:105 +msgid "" +"Live Patching for a specific kernel version is only available for one year. " +"After one year you must update the kernel on your systems. Execute these " +"environment changes:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:356 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:106 #, no-wrap -msgid "Build host:" +msgid "Procedure: Switch to a New Kernel Version" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:358 -msgid "The build host that will pull and inspect the image." -msgstr "" - -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:359 -#, no-wrap -msgid "Activation key:" +#: modules/administration/pages/content-lifecycle-examples.adoc:107 +msgid "Decide which kernel version you will upgrade to." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:361 -msgid "" -"The activation key that provides the path to the software channel that the " -"image will be inspected with." +#: modules/administration/pages/content-lifecycle-examples.adoc:108 +msgid "For example: `4.12.14-150.32.1`" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:363 -msgid "For confirmation, click btn:[Import]." +#: modules/administration/pages/content-lifecycle-examples.adoc:109 +msgid "Create a new kernel version Filter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:365 +#: modules/administration/pages/content-lifecycle-examples.adoc:110 msgid "" -"The entry for the image is created in the database, and an ``Inspect Image`` " -"action on {productname} is scheduled." +"Detach the previous filter **Exclude kernel greater than 4.12.14-150.17.1** " +"and attach the new filter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:369 +#: modules/administration/pages/content-lifecycle-examples.adoc:111 msgid "" -"When it has been processed, you can find the imported image in the ``Image " -"List``. It has a different icon in the ``Build`` column, to indicate that " -"the image is imported. The status icon for the imported image can also be " -"seen on the ``Overview`` tab for the image." +"Click btn:[Build] to rebuild the environment. The new environment contains " +"all kernel patches up to the new kernel version you selected. Systems using " +"these channels will have the kernel update available for installation. You " +"will need to reboot systems after they have performed the upgrade. The new " +"kernel will remain valid for one year. All packages installed during the " +"year will match the current live patching kernel filter." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:373 -#: modules/administration/pages/image-management.adoc:755 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:112 #, no-wrap -msgid "Troubleshooting" +msgid "AppStream Filters" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:377 -msgid "These are some known problems when working with images:" +#: modules/administration/pages/content-lifecycle-examples.adoc:113 +msgid "" +"If you are using {rhel}{nbsp}8 clients, you cannot perform package " +"operations such as installing or upgrading directly from modular " +"repositories like the {rhel} AppStream repository. You can use the " +"AppStream filter to transform modular repositories into regular " +"repositories. It does this by keeping the packages in the repository and " +"stripping away the module metadata. The resulting repository can be used in " +"{productname} in the same way as a regular repository." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:379 +#: modules/administration/pages/content-lifecycle-examples.adoc:114 msgid "" -"HTTPS certificates to access the registry or the git repositories should be " -"deployed to the client by a custom state file." +"The AppStream filter selects a single module stream to be included in the " +"target repository. You can add multiple filters to select multiple module " +"streams." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:380 -msgid "SSH git access using Docker is currently unsupported." +#: modules/administration/pages/content-lifecycle-examples.adoc:115 +msgid "" +"If you do not use an AppStream filter in your CLM project, the module " +"metadata in the modular sources remains intact, and the target repositories " +"contain the same module metadata. As long as at least one AppStream filter " +"is enabled in the CLM project, all target repositories are transformed into " +"regular repositories." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:382 +#: modules/administration/pages/content-lifecycle-examples.adoc:116 msgid "" -"If the [package]#python# and [package]#python-xml# packages are not " -"installed in your images during the build process, reporting of installed " -"packages or products will fail. This will result in an ``unknown`` update " -"status." +"To use the AppStream filter, you need a CLM project with a modular " +"repository such as ``{rhel} AppStream``. Ensure that you included the " +"module you need as a source before you begin." msgstr "" -#. type: Title == -#: modules/administration/pages/image-management.adoc:386 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:117 #, no-wrap -msgid "OS Images" +msgid "Procedure: Using AppStream Filters" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:390 -msgid "" -"OS Images are built by the Kiwi image system. The output image is " -"customizable and can be PXE, QCOW2, LiveCD, or other types of images." +#: modules/administration/pages/content-lifecycle-examples.adoc:118 +#: modules/administration/pages/content-lifecycle-examples.adoc:132 +msgid "In the {productname} {webui}, navigate to your {rhel}{nbsp}8 CLM project." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:392 -msgid "" -"For more information about the Kiwi build system, see the https://doc." -"opensuse.org/projects/kiwi/doc/[Kiwi documentation]." +#: modules/administration/pages/content-lifecycle-examples.adoc:119 +#: modules/administration/pages/content-lifecycle-examples.adoc:133 +msgid "Ensure that you have included the AppStream channels for your project." msgstr "" -#. SLE15 images support is not yet released for SUMA4, will be part of SUMA4.0.4 as tech preview -#. From {sles}{nbsp}15, ``kiwi-ng`` is used instead of the legacy Kiwi. #. type: Plain text -#: modules/administration/pages/image-management.adoc:401 -msgid "" -"The Kiwi image building feature is available for Salt clients running {sles}" -"{nbsp}12 and {sles}{nbsp}11." +#: modules/administration/pages/content-lifecycle-examples.adoc:120 +#: modules/administration/pages/content-lifecycle-examples.adoc:134 +msgid "Click btn:``Create Filter`` and use these parameters:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:403 -msgid "" -"Kiwi image configuration files and configuration scripts must be accessible " -"in one of these locations:" +#: modules/administration/pages/content-lifecycle-examples.adoc:121 +#: modules/administration/pages/content-lifecycle-examples.adoc:135 +msgid "In the [guimenu]``Filter Name`` field, type a name for the new filter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:405 -msgid "Git repository" +#: modules/administration/pages/content-lifecycle-examples.adoc:122 +#: modules/administration/pages/content-lifecycle-examples.adoc:136 +msgid "" +"In the [guimenu]``Filter Type`` field, select [parameter]``Module " +"(Stream)``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:406 -msgid "HTTP hosted tarball" +#: modules/administration/pages/content-lifecycle-examples.adoc:123 +msgid "In the [guimenu]``Module Name`` field, type a module name." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:407 -msgid "Local build host directory" +#: modules/administration/pages/content-lifecycle-examples.adoc:124 +msgid "For example, [parameter]``postgresql``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:409 -msgid "" -"For an example of a complete Kiwi repository served by git, see https://" -"github.com/SUSE/manager-build-profiles/tree/master/OSImage" -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:415 -msgid "" -"You will need at least 1{nbsp}GB of RAM available for Hosts running OS " -"Images built with Kiwi. Disk space depends on the actual size of the " -"image. For more information, see the documentation of the underlying system." +#: modules/administration/pages/content-lifecycle-examples.adoc:125 +msgid "In the [guimenu]``Stream`` field, type the name of the desired stream." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:421 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:126 msgid "" -"The build host must be a Salt client. Do not install the build host as a " -"traditional client." +"For example, [parameter]``10``. If you leave this field blank, the default " +"stream for the module is selected." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:430 -msgid "" -"To build all kinds of images with {productname}, create and configure a " -"build host. OS Image build hosts are Salt clients running on {sles}{nbsp}15 " -"SP2, {sles}{nbsp}12 (SP3 or later) or {sles}{nbsp}11 SP4." +#: modules/administration/pages/content-lifecycle-examples.adoc:127 +msgid "Click btn:[Save] to create the new filter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:432 +#: modules/administration/pages/content-lifecycle-examples.adoc:129 msgid "" -"This procedure will guide you through the initial configuration for a build " -"host." +"Click btn:``Attach/Detach Filters``, select your new AppStream filter, and " +"click btn:[Save]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:436 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:130 msgid "" -"The operating system on the build host must match the operating system on " -"the targeted image." +"You can use the browse function in the ``Create/Edit Filter`` form to select " +"a module from a list of available module streams for a modular channel." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:440 -msgid "" -"For example, build {sles}{nbsp}15 based images on a build host running {sles}" -"{nbsp}15 SP2 OS version. Build {sles}{nbsp}12 based images on a build host " -"running {sles}{nbsp}12 SP4 or {sles}{nbsp}12 SP3 OS version. Build {sles}" -"{nbsp}11 based images on a build host running {sles}{nbsp}11 SP4 OS version." +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:131 +#, no-wrap +msgid "Procedure: Browsing Available Module Streams" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:444 -msgid "Configure the build host in the {productname} {webui}:" +#: modules/administration/pages/content-lifecycle-examples.adoc:137 +msgid "Click ``Browse available modules`` to see all modular channels." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:446 -msgid "" -"Select a client that will be designated as a build host from the menu:" -"Systems[Overview] page." +#: modules/administration/pages/content-lifecycle-examples.adoc:138 +msgid "Select a channel to browse the modules and streams:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:447 +#: modules/administration/pages/content-lifecycle-examples.adoc:139 msgid "" -"Navigate to the menu:System Details[Properties] tab, enable the " -"[guimenu]``Add-on System Type`` [guimenu]``OS Image Build Host``. Confirm " -"with btn:[Update Properties]." -msgstr "" - -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:448 -#, no-wrap -msgid "os-image-build-host.png" +"In the [guimenu]``Module Name`` field, start typing a module name to search, " +"or select from the list." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:451 +#: modules/administration/pages/content-lifecycle-examples.adoc:140 msgid "" -"Navigate to menu:System Details[Software > Software Channels], and enable " -"the required software channels depending on the build host version." +"In the [guimenu]``Stream`` field, start typing a stream name to search, or " +"select from the list." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:453 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:141 msgid "" -"{sles}{nbsp}11 build hosts require {productname} Client tools (``SLE-Manager-" -"Tools11-Pool`` and ``SLE-Manager-Tools11-Updates``)." +"Channel selection is only for browsing modules. The selected channel will " +"not be saved with the filter, and will not affect the CLM process in any " +"way." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:454 +#: modules/administration/pages/content-lifecycle-examples.adoc:142 msgid "" -"{sles}{nbsp}12 build hosts require {productname} Client tools (``SLE-Manager-" -"Tools12-Pool`` and ``SLE-Manager-Tools12-Updates``)." +"You can create additional AppStream filters for any other module stream to " +"be included in the target repository. Any module streams that the selected " +"stream depends on will be automatically included." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:456 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:143 msgid "" -"{sles}{nbsp}15 build hosts require {sles} modules ``SLE-Module-DevTools15-" -"SP2-Pool`` and ``SLE-Module-DevTools15-SP2-Updates``. Schedule and click " -"btn:[Confirm]." +"Be careful not to specify conflicting, incompatible, or missing module " +"streams. For example, selecting two streams from the same module is " +"invalid." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:459 +#: modules/administration/pages/content-lifecycle-examples.adoc:144 msgid "" -"Install Kiwi and all required packages by applying `Highstate`. From the " -"system details page select menu:States[Highstate] and click btn:[Apply " -"Highstate]. Alternatively, apply Highstate from the {productname} Server " -"command line:" +"When you build your CLM project using the btn:[Build] button in the {webui}, " +"the target repository is a regular repository without any modules, that " +"contains packages from the selected module streams." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:464 +#. This feature is mandatory to make RHEL/CentOS 8 modular repositories work +#. in the SUMA UI. Otherwise, even though modular repositories can be synced +#. and assigned to clients, they cannot be used for package operations +#. (install, update, etc.) from SUMA UI (An info message is shown in the UI if +#. that's the case). In that case, the package operations can only be done +#. from the client's CLI manually. +#. type: Title = +#: modules/administration/pages/content-lifecycle.adoc:1 #, no-wrap -msgid "{productname} Web Server Public Certificate RPM" +msgid "Content Lifecycle Management" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:467 +#: modules/administration/pages/content-lifecycle.adoc:2 msgid "" -"Build host provisioning copies the {productname} certificate RPM to the " -"build host. This certificate is used for accessing repositories provided by " -"{productname}." +"Content lifecycle management allows you to customize and test packages " +"before updating production clients. This is especially useful if you need " +"to apply updates during a limited maintenance window." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:470 +#: modules/administration/pages/content-lifecycle.adoc:3 msgid "" -"The certificate is packaged in RPM by the `mgr-package-rpm-certificate-" -"osimage` package script. The package script is called automatically during " -"a new {productname} installation." +"Content lifecycle management allows you to select software channels as " +"sources, adjust them as required for your environment, and thoroughly test " +"them before installing onto your production clients." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:473 +#: modules/administration/pages/content-lifecycle.adoc:4 msgid "" -"When you upgrade the `spacewalk-certs-tools` package, the upgrade scenario " -"will call the package script using the default values. However if the " -"certificate path was changed or unavailable, you will need to call the " -"package script manually using `--ca-cert-full-path ` " -"after the upgrade procedure has finished." -msgstr "" - -#. type: Block title -#: modules/administration/pages/image-management.adoc:475 -#, no-wrap -msgid "Package script call example" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:479 -#, no-wrap -msgid "/usr/sbin/mgr-package-rpm-certificate-osimage --ca-cert-full-path /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" +"While you cannot directly modify vendor channels, you can clone them and " +"then modify the clones by adding or removing packages and custom patches. " +"You can assign these cloned channels to test clients to ensure they work as " +"expected. Then, when all tests pass, you can promote them to production " +"servers." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:482 +#: modules/administration/pages/content-lifecycle.adoc:5 msgid "" -"The RPM package with the certificate is stored in a salt-accessible " -"directory such as:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:484 -#, no-wrap -msgid "/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-osimage-1.0-1.noarch.rpm\n" +"This is achieved through a series of environments that your software " +"channels can move through on their lifecycle. Most environment lifecycles " +"include at least test and production environments, but you can have as many " +"environments as you require." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:487 +#: modules/administration/pages/content-lifecycle.adoc:6 msgid "" -"The RPM package with the certificate is provided in the local build host " -"repository:" +"This section covers the basic content lifecycle procedures, and the filters " +"available. For more specific examples, see " +"xref:administration:content-lifecycle-examples.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:489 +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:7 #, no-wrap -msgid "/var/lib/Kiwi/repo\n" +msgid "Create a Content Lifecycle Project" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:494 +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:8 msgid "" -"Specify the RPM package with the {productname} SSL certificate in the build " -"source, and make sure your Kiwi configuration contains ``rhn-org-trusted-ssl-" -"cert-osimage`` as a required package in the ``bootstrap`` section." +"To set up a content lifecycle, you need to begin with a project. The " +"project defines the software channel sources, the filters used to find " +"packages, and the build environments." msgstr "" #. type: Block title -#: modules/administration/pages/image-management.adoc:495 +#: modules/administration/pages/content-lifecycle.adoc:9 #, no-wrap -msgid "config.xml" +msgid "Procedure: Creating a Content Lifecycle Project" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:504 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:10 msgid "" -"...\n" -" \n" -" ...\n" -" \n" -" \n" -"...\n" +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " +"and click btn:[Create Project]." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:510 -#, no-wrap -msgid "Create an Activation Key for OS Images" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:11 +msgid "In the [guimenu]``Label`` field, enter a label for your project." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:513 +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:12 msgid "" -"Create an activation key associated with the channel that your OS Images " -"will use as repositories when building the image." +"The [guimenu]``Label`` field only accepts lowercase letters, numbers, " +"periods, hyphens, and underscores." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:515 -msgid "Activation keys are mandatory for OS Image building." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:13 +msgid "In the [guimenu]``Name`` field, enter a descriptive name for your project." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:519 +#: modules/administration/pages/content-lifecycle.adoc:14 msgid "" -"To build OS Images, you will need an activation key that is associated with " -"a channel other than `SUSE Manager Default`." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:524 -msgid "In the {webui}, select menu:Systems[Activation Keys]." +"Click the btn:[Create] button to create your project and return to the " +"project page." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:525 -msgid "Click [guimenu]``Create Key``." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:15 +msgid "Click btn:[Attach/Detach Sources]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:526 +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:16 msgid "" -"Enter a [guimenu]``Description``, a [guimenu]``Key`` name, and use the drop-" -"down box to select a [guimenu]``Base Channel`` to associate with the key." +"In the [guimenu]``Sources`` dialog, select the source type, and select a " +"base channel for your project." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:539 +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:17 msgid "" -"OS Images can require a significant amount of storage space. Therefore, we " -"recommended that the OS Image store is located on a partition of its own or " -"on a Btrfs subvolume, separate from the root partition. By default, the " -"image store will be located at [path]``/srv/www/os-images``." +"The available child channels for the selected base channel are displayed, " +"including information on whether the channel is mandatory or recommended." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:543 +#: modules/administration/pages/content-lifecycle.adoc:18 msgid "" -"Image stores for Kiwi build type, used to build system, virtual, and other " -"images, are not supported yet." +"Check the child channels you require, and click btn:[Save] to return to the " +"project page." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:545 -msgid "" -"Images are always stored in [path]``/srv/www/os-images/`` " -"and are accessible via HTTP/HTTPS [url]``https:///os-" -"images/``." +#: modules/administration/pages/content-lifecycle.adoc:19 +msgid "The software channels you selected should now be showing." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:554 -msgid "Manage image profiles using the {webui}." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:559 +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:21 msgid "" -"To create an image profile select from menu:Images[Profiles] and click btn:" -"[Create]." -msgstr "" - -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:561 -#, no-wrap -msgid "images_image_create_profile_kiwi.png" +"In the [guimenu]``Filters`` dialog, select the filters you want to attach to " +"the project." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:564 -msgid "" -"In the [guimenu]``Label`` field, provide a name for the `Image Profile`." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:22 +msgid "To create a new filter, click btn:[Create new Filter]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:565 -msgid "Use `Kiwi` as the [guimenu]``Image Type``." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:23 +msgid "Click btn:[Add Environment]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:566 -msgid "Image store is automatically selected." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:24 +msgid "" +"In the [guimenu]``Environment Lifecycle`` dialog, give the first environment " +"a name and a description, and click btn:[Save]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:567 +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:25 msgid "" -"Enter a [guimenu]``Config URL`` to the directory containing the Kiwi " -"configuration files:" +"The [guimenu]``Name`` field only accepts lowercase letters, numbers, " +"periods, hyphens, and underscores." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:568 -msgid "git URI" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:26 +msgid "" +"Continue creating environments until you have all the environments for your " +"lifecycle completed." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:569 -msgid "HTTPS tarball" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:27 +msgid "" +"You can select the order of the environments in the lifecycle by selecting " +"an environment in the [guimenu]``Insert before`` field when you create it." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:570 -msgid "Path to build host local directory" +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:28 +#, no-wrap +msgid "Filter Types" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:572 +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:29 msgid "" -"Select an [guimenu]``Activation Key``. Activation keys ensure that images " -"using a profile are assigned to the correct channel and packages." +"{productname} allows you to create various types of filters to control the " +"content used for building the project. Filters allow you to select which " +"packages will be included or excluded from the build. For example, you " +"could exclude all kernel packages, or include only specific releases of some " +"packages." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:577 -msgid "" -"Associate an activation key with an image profile to ensure the image " -"profile uses the correct software channel, and any packages." +#: modules/administration/pages/content-lifecycle.adoc:30 +msgid "The supported filters are:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:581 -msgid "Confirm with the btn:[Create] button." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:31 +msgid "package filtering" msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:583 -#, no-wrap -msgid "Source format options" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:32 +msgid "by name" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:585 -msgid "git/HTTP(S) URL to the repository" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:33 +msgid "by name, epoch, version, release, and architecture" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:589 -msgid "" -"URL to the git repository containing the sources of the image to be built. " -"Depending on the layout of the repository the URL can be:" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:34 +msgid "patch filtering" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:592 -#, no-wrap -msgid "https://github.com/SUSE/manager-build-profiles\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:35 +msgid "by advisory name" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:597 -msgid "" -"You can specify a branch after the `#` character in the URL. In this " -"example, we use the `master` branch:" +#: modules/administration/pages/content-lifecycle.adoc:36 +msgid "by advisory type" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:600 -#, no-wrap -msgid "https://github.com/SUSE/manager-build-profiles#master\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:37 +msgid "by synopsis" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:605 -msgid "" -"You can specify a directory that contains the image sources after the `:` " -"character. In this example, we use `OSImage/POS_Image-JeOS6`:" +#: modules/administration/pages/content-lifecycle.adoc:38 +msgid "by keyword" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:608 -#, no-wrap -msgid "https://github.com/SUSE/manager-build-profiles#master:OSImage/POS_Image-JeOS6\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:39 +msgid "by date" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:611 -msgid "HTTP(S) URL to the tarball" +#: modules/administration/pages/content-lifecycle.adoc:40 +msgid "by affected package" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:614 -msgid "" -"URL to the tar archive, compressed or uncompressed, hosted on the webserver." +#: modules/administration/pages/content-lifecycle.adoc:41 +msgid "module" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:617 -#, no-wrap -msgid "https://myimagesourceserver.example.org/MyKiwiImage.tar.gz\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:42 +msgid "by stream" msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:620 -msgid "Path to the directory on the build host" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:43 +msgid "Package dependencies are not resolved during content filtering." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:624 +#: modules/administration/pages/content-lifecycle.adoc:44 msgid "" -"Enter the path to the directory with the Kiwi build system sources. This " -"directory must be present on the selected build host." +"There are multiple matchers you can use with the filter. Which ones are " +"available will depend on the filter type you choose." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:628 -#, no-wrap -msgid "/var/lib/Kiwi/MyKiwiImage\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:45 +msgid "The available matchers are:" msgstr "" -#. type: Title ==== -#: modules/administration/pages/image-management.adoc:633 -#, no-wrap -msgid "Example of Kiwi Sources" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:46 +msgid "contains" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:639 -msgid "" -"Kiwi sources consist at least of `config.xml`. Usually, `config.sh` and " -"`images.sh` are present as well. Sources can also contain files to be " -"installed in the final image under the `root` subdirectory." +#: modules/administration/pages/content-lifecycle.adoc:47 +msgid "matches (must take the form of a regular expression)" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:641 -msgid "" -"For information about the Kiwi build system, see the https://doc.opensuse." -"org/projects/kiwi/doc/[Kiwi documentation]." +#: modules/administration/pages/content-lifecycle.adoc:48 +msgid "equals" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:643 -msgid "" -"{suse} provides examples of fully functional image sources at the https://" -"github.com/SUSE/manager-build-profiles[SUSE/manager-build-profiles] public " -"GitHub repository." +#: modules/administration/pages/content-lifecycle.adoc:49 +msgid "greater" msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:644 -#, no-wrap -msgid "Example of JeOS config.xml" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:50 +msgid "greater or equal" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:649 -#, no-wrap -msgid "\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:51 +msgid "lower or equal" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:661 -#, no-wrap -msgid "" -"\n" -" \n" -" Admin User\n" -" noemail@example.com\n" -" SUSE Linux Enterprise 12 SP3 JeOS\n" -" \n" -" \n" -" 6.0.0\n" -" zypper\n" -" SLE\n" -" SLE\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:52 +msgid "lower" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:666 -#, no-wrap -msgid "" -" en_US\n" -" us.map.gz\n" -" Europe/Berlin\n" -" utc\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:53 +msgid "later or equal" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:688 +#. type: Title === +#: modules/administration/pages/content-lifecycle.adoc:54 #, no-wrap -msgid "" -" true\n" -" \n" -" \n" -" \n" -" \n" -" \n" -" \n" -" \n" -" \n" -" ...\n" -" \n" -" \n" -" ...\n" -" \n" -" \n" -" \n" +msgid "Filter ``rule`` Parameter" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:696 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:55 msgid "" -" \n" -" \n" -" \n" -" \n" -" ...\n" -" \n" -"\n" +"Each filter has a ``rule`` parameter that can be set to either ``Allow`` or " +"``Deny``. The filters are processed like this:" msgstr "" -#. ianew: admin/image-management.adoc -#. iawho: lana 2019-02-27 #. type: Plain text -#: modules/administration/pages/image-management.adoc:707 +#: modules/administration/pages/content-lifecycle.adoc:56 msgid "" -"There are two ways to build an image using the {webui}. Either select menu:" -"Images[Build], or click the build icon in the menu:Images[Profiles] list." +"If a package or patch satisfies a ``Deny`` filter, it will be excluded from " +"the result." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:713 +#: modules/administration/pages/content-lifecycle.adoc:57 msgid "" -"Add a different tag name if you want a version other than the default " -"``latest`` (applies only to containers)." +"If a package or patch satisfies an ``Allow`` filter, it will be included in " +"the result (even if it was excluded by a ``Deny`` filter)." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:714 -msgid "Select the [guimenu]``Image Profile`` and a [guimenu]``Build Host``." +#: modules/administration/pages/content-lifecycle.adoc:58 +msgid "" +"This behavior is useful when you want to exclude large number of packages or " +"patches using a general ``Deny`` filter and \"cherry-pick\" specific " +"packages or patches with specific ``Allow`` filters." msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:720 +#: modules/administration/pages/content-lifecycle.adoc:59 msgid "" -"A [guimenu]``Profile Summary`` is displayed to the right of the build " -"fields. When you have selected a build profile, detailed information about " -"the selected profile will show up in this area." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/image-management.adoc:724 -msgid "To schedule a build, click the btn:[Build] button." +"Content filters are global in your organization and can be shared between " +"projects." msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:731 +#: modules/administration/pages/content-lifecycle.adoc:60 msgid "" -"The build server cannot run any form of automounter during the image " -"building process. If applicable, ensure that you do not have your Gnome " -"session running as root. If an automounter is running, the image build will " -"finish successfully, but the checksum of the image will be different and " -"will fail later." +"If your project already contains built sources, when you add an environment " +"it will automatically populate with the existing content. Content will be " +"drawn from the previous environment of the cycle if it had one. If there is " +"no previous environment, it will be left empty until the project sources are " +"built again." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:738 -msgid "" -"After the image is successfully built, the inspection phase begins. During " -"the inspection phase {susemgr} collects information about the image:" +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:61 +#, no-wrap +msgid "Build a Content Lifecycle Project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:740 -msgid "List of packages installed in the image" +#: modules/administration/pages/content-lifecycle.adoc:62 +msgid "" +"When you have created your project, defined environments, and attached " +"sources and filters, you can build the project for the first time." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:741 -msgid "Checksum of the image" +#: modules/administration/pages/content-lifecycle.adoc:63 +msgid "" +"Building applies filters to the attached sources and clones them to the " +"first environment in the project." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:742 -msgid "Image type and other image details" +#. type: Block title +#: modules/administration/pages/content-lifecycle.adoc:64 +#, no-wrap +msgid "Procedure: Building a Content Lifecycle Project" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:748 +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:65 msgid "" -"If the built image type is `PXE`, a Salt pillar will also be generated. " -"Image pillars are stored in the `/srv/susemanager/pillar_data/images/` " -"directory and the Salt subsystem can access details about the generated " -"image. Details include where the pillar is located and provided, image " -"checksums, information needed for network boot, and more." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:750 -msgid "The generated pillar is available to all connected clients." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " +"and select the project you want to build." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:761 -msgid "" -"Building an image requires several dependent steps. When the build fails, " -"investigating Salt states results can help identify the source of the " -"failure. You can carry out these checks when the build fails:" +#: modules/administration/pages/content-lifecycle.adoc:66 +msgid "Review the attached sources and filters, and click btn:[Build]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:763 -msgid "The build host can access the build sources" +#: modules/administration/pages/content-lifecycle.adoc:67 +msgid "Provide a version message to describe the changes or updates in this build." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:764 +#: modules/administration/pages/content-lifecycle.adoc:68 +#: modules/administration/pages/content-lifecycle.adoc:75 msgid "" -"There is enough disk space for the image on both the build host and the " -"{productname} server" +"You can monitor build progress in the [guimenu]``Environment Lifecycle`` " +"section." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:765 -msgid "The activation key has the correct channels associated with it" +#: modules/administration/pages/content-lifecycle.adoc:69 +msgid "" +"After the build is finished, the environment version is increased by one and " +"the built sources, such as software channels, can be assigned to your " +"clients." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:766 -msgid "The build sources used are valid" +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:70 +#, no-wrap +msgid "Promote Environments" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:768 +#: modules/administration/pages/content-lifecycle.adoc:71 msgid "" -"The RPM package with the {productname} public certificate is up to date and " -"available at `/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-" -"osimage-1.0-1.noarch.rpm`. For more on how to refresh a public certificate " -"RPM, see <>." +"When the project has been built, the built sources can be sequentially " +"promoted to the environments." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:772 +#. type: Block title +#: modules/administration/pages/content-lifecycle.adoc:72 #, no-wrap -msgid "Limitations" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/image-management.adoc:775 -msgid "The section contains some known issues when working with images." +msgid "Procedure: Promoting Environments" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:777 +#: modules/administration/pages/content-lifecycle.adoc:73 msgid "" -"HTTPS certificates used to access the HTTP sources or git repositories " -"should be deployed to the client by a custom state file, or configured " -"manually." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " +"and select the project you want to work with." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:778 -msgid "Importing Kiwi-based images is not supported." +#: modules/administration/pages/content-lifecycle.adoc:74 +msgid "" +"In the [guimenu]``Environment Lifecycle`` section, locate the environment to " +"promote to its successor, and click btn:[Promote]." msgstr "" #. type: Title == -#: modules/administration/pages/image-management.adoc:782 +#: modules/administration/pages/content-lifecycle.adoc:76 #, no-wrap -msgid "List Image Profiles Available for Building" +msgid "Assign Clients to Environments" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:787 +#: modules/administration/pages/content-lifecycle.adoc:77 msgid "" -"To list images available for building select menu:Images[Image List]. A " -"list of all images will be displayed." +"When you build and promote content lifecycle projects, {productname} creates " +"a tree of software channels. To add clients to the environment, assign the " +"base and child software channels to your client using menu:Software[Software " +"Channels] in the [guimenu]``System Details`` page for the client." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:788 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:78 +msgid "" +"Newly added cloned channels are not assigned to clients automatically. If " +"you add or promote sources you will need to manually check and update your " +"channel assignments." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:79 +msgid "" +"Automatic assignment is intended to be added to {productname} in a future " +"version." +msgstr "" + +#. type: Title = +#: modules/administration/pages/content-staging.adoc:1 #, no-wrap -msgid "images_list_images.png" +msgid "Content Staging" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:792 +#: modules/administration/pages/content-staging.adoc:2 msgid "" -"Displayed data about images includes an image [guimenu]``Name``, its " -"[guimenu]``Version`` and the build [guimenu]``Status``. You will also see " -"the image update status with a listing of possible patch and package updates " -"that are available for the image." +"Staging is used by clients to download packages in advance, before they are " +"installed. This allows package installation to begin as soon as it is " +"scheduled, which can reduce the amount of time required for a maintenance " +"window." +msgstr "" + +#. type: Title == +#: modules/administration/pages/content-staging.adoc:3 +#, no-wrap +msgid "Enable Content Staging" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:795 +#: modules/administration/pages/content-staging.adoc:4 msgid "" -"Clicking the btn:[Details] button on an image will provide a detailed view. " -"The detailed view includes an exact list of relevant patches and a list of " -"all packages installed within the image." +"You can manage content staging across your entire organization. In the " +"{productname} {webui}, navigate to menu:Admin[Organizations] to see a list " +"of available organizations. Click the name of an organization, and check " +"the [guimenu]``Enable Staging Contents`` box to allow clients in this " +"organization to stage package data." msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:799 +#: modules/administration/pages/content-staging.adoc:5 +#: modules/administration/pages/organizations.adoc:6 msgid "" -"The patch and the package list is only available if the inspect state after " -"a build was successful." +"You must be logged in as a {productname} administrator to create and manage " +"organizations." msgstr "" -#. type: Title = -#: modules/administration/pages/iss.adoc:2 -#, no-wrap -msgid "Inter-Server Synchronization" +#. type: Plain text +#: modules/administration/pages/content-staging.adoc:6 +msgid "" +"You can also enable staging at the command prompt by editing " +"[path]``/etc/sysconfig/rhn/up2date``, and adding or editing these lines:" msgstr "" -#. type: Plain text -#: modules/administration/pages/iss.adoc:6 +#. type: delimited block - +#: modules/administration/pages/content-staging.adoc:7 +#, no-wrap msgid "" -"If you have more than one {productname} installation, you need to ensure " -"that they stay aligned on content and permissions. Inter-Server " -"Synchronization (ISS) allows you to connect two or more {productname} " -"Servers and keep them up-to-date." +"stagingContent=1\n" +"stagingContentWindow=24\n" msgstr "" +#. 2018-12-10, ke: /etc/sysconfig/rhn/up2date still exists. @renner confirmed some tools use it (at least, trad. client). To be renamed in the future. #. type: Plain text -#: modules/administration/pages/iss.adoc:9 +#: modules/administration/pages/content-staging.adoc:8 msgid "" -"To set up ISS, you need to define one {productname} Server as a master, with " -"the other as a slave. If conflicting configurations exist, the system will " -"prioritize the master configuration." +"The ``stagingContentWindow`` parameter is a time value expressed in hours " +"and determines when downloading will start. It is the number of hours " +"before the scheduled installation or update time. In this example, content " +"will be downloaded 24 hours before the installation time. The start time " +"for download depends on the selected contact method for a system. The " +"assigned contact method sets the time for when the next " +"[command]``mgr_check`` will be executed." msgstr "" -#. type: delimited block = -#: modules/administration/pages/iss.adoc:16 +#. type: Plain text +#: modules/administration/pages/content-staging.adoc:9 msgid "" -"ISS Masters are masters only because they have slaves attached to them. " -"This means that you need to set up the ISS Master first, by defining its " -"slaves. You can then set up the ISS Slaves, by attaching them to a master." +"Next time an action is scheduled, packages are automatically downloaded, but " +"not installed. At the scheduled time, the staged packages are installed." msgstr "" -#. type: Block title -#: modules/administration/pages/iss.adoc:20 +#. type: Title == +#: modules/administration/pages/content-staging.adoc:10 #, no-wrap -msgid "Procedure: Setting up an ISS Master" +msgid "Configure Content Staging" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:23 -msgid "" -"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " -"Master Setup], and click btn:[Add new slave]." +#: modules/administration/pages/content-staging.adoc:11 +msgid "There are two parameters used to configure content staging:" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:24 +#: modules/administration/pages/content-staging.adoc:12 msgid "" -"In the [guimenu]``Edit Slave Details`` dialog, provide these details for the " -"ISS Master's first slave:" +"[parameter]``salt_content_staging_advance`` is the advance time for the " +"content staging window to open, in hours." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:26 +#: modules/administration/pages/content-staging.adoc:13 msgid "" -"In the [guimenu]``Slave Fully-Qualified Domain Name`` field, enter the FQDN " -"of the ISS Slave. For example: [systemitem]``server2.example.com``." +"This is the number of hours before installation starts, that package " +"downloads can begin." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:27 +#: modules/administration/pages/content-staging.adoc:14 msgid "" -"Check the [guimenu]``Allow Slave to Sync?`` checkbox to enable the slave to " -"synchronize with the master." +"[parameter]``salt_content_staging_window`` is the duration of the content " +"staging window, in hours." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:28 +#: modules/administration/pages/content-staging.adoc:15 msgid "" -"Check the [guimenu]``Sync All Orgs to Slave?`` checkbox to synchronize all " -"organizations to this slave." +"This is the amount of time clients have to stage packages before " +"installation begins." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:29 -msgid "Click btn:[Create] to add the ISS slave." +#: modules/administration/pages/content-staging.adoc:16 +msgid "" +"For example, if [parameter]``salt_content_staging_advance`` is set to six " +"hours, and [parameter]``salt_content_staging_window`` is set to two hours, " +"the staging window will open six hours before the installation time, and " +"remain open for two hours. No packages will be downloaded in the four " +"remaining hours until installation starts." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:30 +#: modules/administration/pages/content-staging.adoc:17 msgid "" -"In the [guimenu]``Allow Export of the Selected Organizations`` section, " -"check the organizations you want to allow this slave to export to the " -"master, and click btn:[Allow Orgs]." +"If you set the same value for both " +"[parameter]``salt_content_staging_advance`` and " +"[parameter]``salt_content_staging_window`` packages will be able to be " +"downloaded until installation begins." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:34 +#: modules/administration/pages/content-staging.adoc:18 msgid "" -"Before you set up the ISS Slave, you will need to ensure you have the " -"appropriate CA certificate." +"Configure the content staging parameters in " +"[path]``/usr/share/rhn/config-defaults/rhn_java.conf``." msgstr "" -#. type: Block title -#: modules/administration/pages/iss.adoc:37 -#, no-wrap -msgid "Procedure: Copying the Master CA Certificate to an ISS Slave" +#. type: Plain text +#: modules/administration/pages/content-staging.adoc:19 +msgid "Default values:" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:39 -msgid "" -"On the ISS Master, locate the CA Certificate at ``/srv/www/htdocs/pub/RHN-" -"ORG-TRUSTED-SSL-CERT`` and create a copy that can be transferred to the " -"ISS Slave." +#: modules/administration/pages/content-staging.adoc:20 +msgid "[path]``salt_content_staging_advance: 8 hours``" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:40 -msgid "" -"On the ISS Slave, save the CA certificate file to the ``/etc/pki/trust/" -"anchors/`` directory." +#: modules/administration/pages/content-staging.adoc:21 +msgid "[path]``salt_content_staging_window: 8 hours``" msgstr "" -#. type: Plain text -#: modules/administration/pages/iss.adoc:43 -msgid "When you have copied the certificate, you can set up the ISS Slave." +#. type: delimited block = +#: modules/administration/pages/content-staging.adoc:22 +msgid "Content staging must be enabled for these parameters to work correctly." msgstr "" -#. type: Block title -#: modules/administration/pages/iss.adoc:46 +#. type: Title = +#: modules/administration/pages/crash-reporting.adoc:1 #, no-wrap -msgid "Procedure: Setting up an ISS Slave" +msgid "Crash Reporting" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:49 +#: modules/administration/pages/crash-reporting.adoc:2 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " -"Slave Setup], and click btn:[Add new master]." +"Crash reporting is used to automatically monitor and report on traditional " +"{redhat} clients that have experienced a crash." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:50 +#: modules/administration/pages/crash-reporting.adoc:3 msgid "" -"In the [guimenu]``Details for new Master`` dialog, provide these details for " -"the server to use as the ISS master:" +"Clients that have crash reporting enabled report any crashes to the " +"{productname} Server. This allows you to see what crashes have occurred, " +"manage crash reports, and add custom notes to crashes from within the " +"{productname} {webui}. You can also run reports on crashes." msgstr "" -#. type: Plain text -#: modules/administration/pages/iss.adoc:52 +#. type: delimited block = +#: modules/administration/pages/crash-reporting.adoc:4 msgid "" -"In the [guimenu]``Master Fully-Qualified Domain Name`` field, enter the FQDN " -"of the ISS Master for this slave. For example: ``server1.example.com``." +"Crash reporting works only with traditional {redhat} clients. It does not " +"work with Salt clients, or with traditional clients running any other " +"operating system." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:54 +#: modules/administration/pages/crash-reporting.adoc:5 msgid "" -"In the [guimenu]``Filename of this Master's CA Certificate`` field, enter " -"the absolute path to the CA certificate on the ISS master. This should be " -"``/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT``." +"Crash reporting requires the ``spacewalk-abrt`` package installed on the " +"client you want to monitor. To manage crash reports in the {webui}, " +"navigate to menu:Systems[Software Crashes]." +msgstr "" + +#. type: Title == +#: modules/administration/pages/crash-reporting.adoc:6 +#, no-wrap +msgid "Crash Notes" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:55 -msgid "Click btn:[Add new master] to add the ISS Slave to this master." +#: modules/administration/pages/crash-reporting.adoc:7 +msgid "" +"You can create custom notes for each crash report using the {productname} " +"{webui}. Navigate to menu:Systems[Systems List] and select the client that " +"crashed. Navigate to the menu:Software[Software Crashes] tab to see a list " +"of all current crashes for the selected client. Click the crash to see more " +"information, and navigate to the [guimenu]``Crash Notes`` tab to add or edit " +"notes." msgstr "" -#. type: Block title -#: modules/administration/pages/iss.adoc:58 +#. type: Title == +#: modules/administration/pages/crash-reporting.adoc:8 #, no-wrap -msgid "Procedure: Completing ISS Setup" +msgid "Organization Crash Configuration" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:60 +#: modules/administration/pages/crash-reporting.adoc:9 msgid "" -"At the command prompt on the ISS Slave, synchronize with the ISS Master:" +"You can manage crash reporting for your entire organization, turning the " +"feature on or off, changing whether crash files are uploaded, and setting a " +"size limit for file upload sizes. Navigate to menu:Admin[Organizations] and " +"select the organization you want to manage. Navigate to the " +"[guimenu]``Configuration`` tab and change the settings as required. Click " +"btn:[Update Organization] to save the changes." msgstr "" -#. type: delimited block - -#: modules/administration/pages/iss.adoc:63 +#. type: Title == +#: modules/administration/pages/crash-reporting.adoc:10 #, no-wrap -msgid "mgr-inter-sync\n" +msgid "Reporting" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:65 -msgid "OPTIONAL: To synchronize a single channel, use this command:" +#: modules/administration/pages/crash-reporting.adoc:11 +msgid "" +"{productname} allows you to use the following crash-related reports with the " +"spacewalk-report tool:" msgstr "" #. type: delimited block - -#: modules/administration/pages/iss.adoc:68 +#: modules/administration/pages/crash-reporting.adoc:12 #, no-wrap -msgid "mgr-inter-sync -c \n" +msgid "" +"system-crash-count\n" +"system-crash-details\n" msgstr "" -#. Need to double check this against the UI. --LKB 2020-04-08 #. type: Plain text -#: modules/administration/pages/iss.adoc:70 -msgid "" -"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " -"Configure Master-to-Slave Mappings] and select the organizations you want to " -"synchronize." +#: modules/administration/pages/crash-reporting.adoc:13 +msgid "For more information about reports, see xref:administration:reports.adoc[]." msgstr "" -#. type: Title = -#: modules/administration/pages/live-patching-channel-setup.adoc:2 +#. type: Title == +#: modules/administration/pages/crash-reporting.adoc:14 #, no-wrap -msgid "Set up Channels for Live Patching" +msgid "Managing Crash Reports with the API" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:7 +#: modules/administration/pages/crash-reporting.adoc:15 +msgid "Use these API calls to manage reported software crashes:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:16 +#, no-wrap msgid "" -"A reboot is required every time you update the full kernel package. " -"Therefore, it is important that clients using Live Patching do not have " -"newer kernels available in the channels they are assigned to. Clients using " -"live patching have updates for the running kernel in the live patching " -"channels." +"system.crash.getLastReportDate()\n" +"system.crash.getUniqueCrashCount()\n" +"system.crash.getTotalCrashCount()\n" +"system.crash.listSystemCrashes()\n" +"system.crash.listSystemCrashFiles()\n" +"system.crash.deleteCrash()\n" +"system.crash.getCrashFileUrl()\n" +"system.crash.getCrashFile()\n" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:9 -msgid "There are two ways to manage channels for live patching:" +#: modules/administration/pages/crash-reporting.adoc:17 +msgid "Use these API calls to manage notes on crashes:" msgstr "" -#. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:13 +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:18 +#, no-wrap msgid "" -"Use content lifecycle management to clone the product tree and remove kernel " -"versions newer than the running one. This procedure is explained in the " -"xref:content-lifecycle-examples.adoc#enhance-project-with-" -"livepatching[Content Livecycle Management Examples]. This is the " -"recommended solution." +"system.crash.createCrashNote()\n" +"system.crash.deleteCrashNote()\n" +"system.crash.getCrashNotesForCrash()\n" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:17 -msgid "" -"Use the `spacewalk-manage-channel-lifecycle` tool. This procedure is more " -"manual and requires command line tools as well as the {webui}. This " -"procedure is explained in this section for SLES{nbsp}15 SP1, but it also " -"works for SLE{nbsp}12 SP4 or later." +#: modules/administration/pages/crash-reporting.adoc:19 +msgid "Use these API calls to manage organization settings for crash reporting:" msgstr "" -#. type: Title == -#: modules/administration/pages/live-patching-channel-setup.adoc:18 +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:20 #, no-wrap -msgid "Use spacewalk-manage-channel-lifecycle for Live Patching" +msgid "" +"org.getCrashFileSizeLimit()\n" +"org.setCrashFileSizeLimit()\n" +"org.isCrashReportingEnabled()\n" +"org.setCrashReporting()\n" +"org.isCrashfileUploadEnabled()\n" +"org.setCrashfileUpload()\n" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:22 +#: modules/administration/pages/crash-reporting.adoc:21 msgid "" -"Cloned vendor channels should be prefixed by ``dev`` for development, " -"``testing``, or ``prod`` for production. In this procedure, you will create " -"a ``dev`` cloned channel and then promote the channel to ``testing``." +"For more information about the API, see the latest API documentation " +"available from https://documentation.suse.com/suma." msgstr "" -#. type: Block title -#: modules/administration/pages/live-patching-channel-setup.adoc:23 +#. type: Title = +#: modules/administration/pages/custom-channels.adoc:1 #, no-wrap -msgid "Procedure: Cloning Live Patching Channels" +msgid "Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:26 +#: modules/administration/pages/custom-channels.adoc:2 msgid "" -"At the command prompt on the client, as root, obtain the current package " -"channel tree:" +"Custom channels give you the ability to create your own software packages " +"and repositories, which you can use to update your clients. They also allow " +"you to use software provided by third party vendors in your environment." msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:34 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:3 msgid "" -"# spacewalk-manage-channel-lifecycle --list-channels\n" -"Spacewalk Username: admin\n" -"Spacewalk Password:\n" -"Channel tree:\n" +"You must have administrator privileges to be able to create and manage " +"custom channels." msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:41 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:4 msgid "" -" 1. sles15-{sp-vert}-pool-x86_64\n" -" \\__ sle-live-patching15-pool-x86_64-{sp-vert}\n" -" \\__ sle-live-patching15-updates-x86_64-{sp-vert}\n" -" \\__ sle-manager-tools15-pool-x86_64-{sp-vert}\n" -" \\__ sle-manager-tools15-updates-x86_64-{sp-vert}\n" -" \\__ sles15-{sp-vert}-updates-x86_64\n" +"Before you create a custom channel, determine which base channel you want to " +"associate it with, and which repositories you want to use for content." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:44 +#: modules/administration/pages/custom-channels.adoc:5 msgid "" -"Use the [command]``spacewalk-manage-channel`` command with the " -"[option]``init`` argument to automatically create a new development clone of " -"the original vendor channel:" +"This section gives more detail on how to create, administer, and delete " +"custom channels." msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:48 +#. type: Title == +#: modules/administration/pages/custom-channels.adoc:6 #, no-wrap -msgid "spacewalk-manage-channel-lifecycle --init -c sles15-{sp-vert}-pool-x86_64\n" +msgid "Creating Custom Channels and Repositories" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:51 +#: modules/administration/pages/custom-channels.adoc:7 msgid "" -"Check that [systemitem]``dev-sles15-{sp-vert}-updates-x86_64`` is available " -"in your channel list." +"If you have custom software packages that you need to install on your " +"{productname} systems, you can create a custom child channel to manage " +"them. You will need to create the channel in the {productname} {webui} and " +"create a repository for the packages, before assigning the channel to your " +"systems." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:53 +#: modules/administration/pages/custom-channels.adoc:8 msgid "" -"Check the ``dev`` cloned channel you created, and remove any kernel updates " -"that require a reboot." +"You can select a vendor channel as the base channel if you want to use " +"packages provided by a vendor. Alternatively, select ``none`` to make your " +"custom channel a base channel." +msgstr "" + +#. We need to create a section on importing GPG keys and change this to point there: https://github.com/SUSE/spacewalk/issues/9474 LKB 2019-09-18 +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:9 +msgid "" +"Custom channels will sometimes require additional security settings. Many " +"third party vendors secure packages with GPG. If you want to use " +"GPG-protected packages in your custom channel, you will need to trust the " +"GPG key which has been used to sign the metadata. You can then check the " +"[guimenu]``Has Signed Metadata?`` check box to match the package metadata " +"against the trusted GPG keys. For more information on importing GPG keys, " +"see xref:reference:systems/autoinst-gpg-and-ssl-keys.adoc[]." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/custom-channels.adoc:10 +msgid "" +"Do not create child channels containing packages that are not compatible " +"with the client system." msgstr "" #. type: Block title -#: modules/administration/pages/live-patching-channel-setup.adoc:54 +#: modules/administration/pages/custom-channels.adoc:11 #, no-wrap -msgid "Procedure: Removing Non-Live Kernel Patches from Cloned Channels" +msgid "Procedure: Creating a Custom Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:57 +#: modules/administration/pages/custom-channels.adoc:12 msgid "" -"Check the current kernel version by selecting the client from menu:" -"Systems[System List], and taking note of the version displayed in the " -"[guimenu]``Kernel`` field." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and click btn:[Create Channel]." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:59 +#: modules/administration/pages/custom-channels.adoc:13 msgid "" -"In the {productname} {webui}, select the client from menu:Systems[Overview], " -"navigate to the menu:Software[Manage > Channels] tab, and select " -"[systemitem]``dev-sles15-sp{sp-vert}-updates-x86_64``. Navigate to the " -"[guimenu]``Patches`` tab, and click btn:[List/Remove Patches]." +"On the [guimenu]``Create Software Channel`` page, give your channel a name " +"(for example, [systemitem]``My Tools SLES 15 SP1 x86_64``) and a label (for " +"example, [systemitem]``my-tools-sles15sp1-x86_64``)." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:60 -msgid "" -"In the search bar, type [systemitem]``kernel`` and identify the kernel " -"version that matches the kernel currently used by your client." +#: modules/administration/pages/custom-channels.adoc:14 +msgid "Labels must not contain spaces or uppercase letters." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:61 +#: modules/administration/pages/custom-channels.adoc:15 msgid "" -"Remove all kernel versions that are newer than the currently installed " -"kernel." +"In the [guimenu]``Parent Channel`` drop down, choose the relevant base " +"channel (for example, [systemitem]``SLE-Product-SLES15-SP1-Pool for " +"x86_64``)." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:16 +msgid "Ensure that you choose the compatible parent channel for your packages." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:64 +#: modules/administration/pages/custom-channels.adoc:17 msgid "" -"Your channel is now set up for live patching, and can be promoted to " -"``testing``. In this procedure, you will also add the live patching child " -"channels to your client, ready to be applied." +"In the [guimenu]``Architecture`` drop down, choose the appropriate hardware " +"architecture (for example, [systemitem]``x86_64``)." msgstr "" -#. type: Block title -#: modules/administration/pages/live-patching-channel-setup.adoc:65 -#, no-wrap -msgid "Procedure: Promoting Live Patching Channels" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:18 +msgid "" +"Provide any additional information in the contact details, channel access " +"control, and GPG fields, as required for your environment." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:68 +#: modules/administration/pages/custom-channels.adoc:19 +msgid "Click btn:[Create Channel]." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/custom-channels.adoc:20 msgid "" -"At the command prompt on the client, as `root`, promote and clone the `dev-" -"sles15-{sp-vert}-pool-x86_64` channel to a new ``testing`` channel:" +"By default, the ``Enable GPG Check`` field is checked when you create a new " +"channel. If you would like to add custom packages and applications to your " +"channel, make sure you uncheck this field to be able to install unsigned " +"packages. Disabling the GPG check is a security risk if packages are from " +"an untrusted source." msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:72 +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:21 #, no-wrap -msgid "# spacewalk-manage-channel-lifecycle --promote -c dev-sles15-{sp-vert}-pool-x86_64\n" +msgid "Procedure: Creating a Software Repository" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:74 +#: modules/administration/pages/custom-channels.adoc:22 msgid "" -"In the {productname} {webui}, select the client from menu:Systems[Overview], " -"and navigate to the menu:Software[Software Channels] tab." +"In the {productname} {webui}, navigate to menu:Software[Manage > " +"Repositories], and click btn:[Create Repository]." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:75 +#: modules/administration/pages/custom-channels.adoc:23 msgid "" -"Check the new [systemitem]``test-sles15-sp{sp-vert}-pool-x86_64`` custom " -"channel to change the base channel, and check both corresponding live " -"patching child channels." +"On the [guimenu]``Create Repository`` page, give your repository a label " +"(for example, [systemitem]``my-tools-sles15sp1-x86_64-repo``)." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:76 +#: modules/administration/pages/custom-channels.adoc:24 msgid "" -"Click btn:[Next], confirm that the details are correct, and click btn:" -"[Confirm] to save the changes." +"In the [guimenu]``Repository URL`` field, provide the path to the directory " +"that contains the [path]``repodata`` file (for example, " +"[systemitem]``file:///opt/mytools/``)." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:77 -msgid "" -"You can now select and view available CVE patches, and apply these important " -"kernel updates with Live Patching." +#: modules/administration/pages/custom-channels.adoc:25 +msgid "You can use any valid addressing protocol in this field." msgstr "" -#. type: Title = -#: modules/administration/pages/live-patching-sles12.adoc:2 -#, no-wrap -msgid "Live Patching on SLES{nbsp}12" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:26 +msgid "Uncheck the [guimenu]``Has Signed Metadata?`` check box." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:7 +#: modules/administration/pages/custom-channels.adoc:27 msgid "" -"On SLES{nbsp}12 systems, live patching is managed by kGraft. For in depth " -"information covering kGraft use, see https://documentation.suse.com/sles/12-" -"SP4/html/SLES-all/cha-kgraft.html." +"OPTIONAL: Complete the SSL fields if your repository requires client " +"certificate authentication." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:9 -msgid "Before you begin, ensure:" +#: modules/administration/pages/custom-channels.adoc:28 +msgid "Click btn:[Create Repository]." msgstr "" -#. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:11 -msgid "{productname} is fully updated." +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:29 +#, no-wrap +msgid "Procedure: Assigning the Repository to a Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:12 -msgid "You have one or more Salt clients running SLES{nbsp}12 (SP1 or later)." +#: modules/administration/pages/custom-channels.adoc:30 +msgid "" +"Assign your new repository to your custom channel by navigating to " +"menu:Software[Manage > Channels], clicking the name of your newly created " +"custom channel, and navigating to the [guimenu]``Repositories`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:13 -msgid "Your SLES{nbsp}12 Salt clients are registered with {productname}." +#: modules/administration/pages/custom-channels.adoc:31 +msgid "" +"Ensure the repository you want to assign to the channel is checked, and " +"click btn:[Update Repositories]." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:14 +#: modules/administration/pages/custom-channels.adoc:32 msgid "" -"You have access to the SLES{nbsp}12 channels appropriate for your " -"architecture, including the live patching child channel (or channels)." +"Navigate to the [guimenu]``Sync`` tab and click btn:[Sync Now] to " +"synchronize immediately." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:15 -msgid "The clients are fully synchronized." +#: modules/administration/pages/custom-channels.adoc:33 +msgid "You can also set an automated synchronization schedule on this tab." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:17 -msgid "" -"Assign the clients to the cloned channels prepared for live patching. For " -"more information on preparation, see xref:administration:live-patching-" -"channel-setup.adoc[]." -msgstr "" - -#. type: Block title -#: modules/administration/pages/live-patching-sles12.adoc:20 -#, no-wrap -msgid "Procedure: Setting up for Live Patching" +#: modules/administration/pages/custom-channels.adoc:34 +msgid "There are several ways to check if a channel has finished synchronizing:" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:24 +#: modules/administration/pages/custom-channels.adoc:35 msgid "" -"Select the client you want to manage with Live Patching from menu:" -"Systems[Overview], and on the system details page navigate to the menu:" -"Software[Packages > Install] tab. Search for the [systemitem]``kgraft`` " -"package, and install it." +"In the {productname} {webui}, navigate to menu:Admin[Setup Wizard] and " +"select the [guimenu]``Products`` tab." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/live-patching-sles12.adoc:25 -#, no-wrap -msgid "enable_live_patching_kgraft_install.png" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:36 +msgid "" +"This dialog displays a completion bar for each product when they are being " +"synchronized." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:27 -msgid "Apply the highstate to enable Live Patching, and reboot the client." +#: modules/administration/pages/custom-channels.adoc:37 +msgid "" +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"then click the channel associated to the repository." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:28 -msgid "Repeat for each client that you want to manage with Live Patching." +#: modules/administration/pages/custom-channels.adoc:38 +msgid "" +"Navigate to the menu:[Repositories > Sync] tab. The [guimenu]``Sync " +"Status`` is shown next to the repository name.." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:29 -msgid "" -"To check that live patching has been enabled correctly, select the client " -"from menu:Systems[System List], and ensure that [systemitem]``Live " -"Patching`` appears in the [guimenu]``Kernel`` field." +#: modules/administration/pages/custom-channels.adoc:39 +msgid "Check the synchronization log file at the command prompt:" msgstr "" -#. type: Block title -#: modules/administration/pages/live-patching-sles12.adoc:32 +#. type: delimited block - +#: modules/administration/pages/custom-channels.adoc:40 #, no-wrap -msgid "Procedure: Applying Live Patches to a Kernel" +msgid "tail -f /var/log/rhn/reposync/.log\n" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:36 +#: modules/administration/pages/custom-channels.adoc:41 msgid "" -"In the {productname} {webui}, select the client from menu:" -"Systems[Overview]. You will see a banner at the top of the screen showing " -"the number of critical and non-critical packages available for the client:" +"Each child channel will generate its own log during the synchronization " +"progress. You will need to check all the base and child channel log files " +"to be sure that the synchronization is complete." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/live-patching-sles12.adoc:37 +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:42 #, no-wrap -msgid "live_patching_criticalupdates.png" +msgid "Procedure: Adding Custom Channels to an Activation Key" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:40 -msgid "Click btn:[Critical] to see a list of the available critical patches." +#: modules/administration/pages/custom-channels.adoc:43 +msgid "" +"In the {productname} {webui}, navigate to menu:Systems[Activation Keys], and " +"select the key you want to add the custom channel to." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:42 +#: modules/administration/pages/custom-channels.adoc:44 msgid "" -"Select any patch with a synopsis reading [guimenu]``Important: Security " -"update for the Linux kernel``. Security bugs will also include their CVE " -"number, where applicable." +"On the [guiemnu]``Details`` tab, in the [guimenu]``Child Channels`` listing, " +"select the channel to associate." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:43 -msgid "" -"OPTIONAL: If you know the CVE number of a patch you want to apply, you can " -"search for it in menu:Audit[CVE Audit], and apply the patch to any clients " -"that require it." +#: modules/administration/pages/custom-channels.adoc:45 +msgid "You can select multiple channels, if you need to." msgstr "" -#. type: delimited block = -#: modules/administration/pages/live-patching-sles12.adoc:49 -msgid "" -"Not all kernel patches are Live Patches! Non-Live kernel patches are " -"represented by a `Reboot Required` icon located next to the `Security` " -"shield icon. These patches will always require a reboot." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/live-patching-sles12.adoc:58 -msgid "" -"Not all security issues can be fixed by applying a live patch. Some " -"security issues can only be fixed by applying a full kernel update and will " -"require a reboot. The assigned CVE numbers for these issues are not " -"included in live patches. A CVE audit will display this requirement." +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:46 +msgid "Click btn:[Update Activation Key]." msgstr "" -#. type: Title = -#: modules/administration/pages/live-patching-sles15.adoc:2 +#. type: Title == +#: modules/administration/pages/custom-channels.adoc:47 #, no-wrap -msgid "Live Patching on SLES{nbsp}15" +msgid "Add Packages and Patches to Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:5 +#: modules/administration/pages/custom-channels.adoc:48 msgid "" -"On SLES{nbsp}15 systems and newer, live patching is managed by the " -"[systemitem]``klp livepatch`` tool." +"When you create a new custom channel without cloning it from an existing " +"channel, it will not contain any packages or patches. You can add the " +"packages and patches you require using the {productname} {webui}." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:10 -msgid "You have one or more Salt clients running SLES{nbsp}15 (SP1 or later)." +#: modules/administration/pages/custom-channels.adoc:49 +msgid "" +"Custom channels can only include packages or patches that are cloned or " +"custom, and they must match the base architecture of the channel. Patches " +"added to custom channels must apply to a package that exists in the channel." msgstr "" -#. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:11 -msgid "Your SLES{nbsp}15 Salt clients are registered with {productname}." +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:50 +#, no-wrap +msgid "Procedure: Adding Packages to Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:12 +#: modules/administration/pages/custom-channels.adoc:51 msgid "" -"You have access to the SLES{nbsp}15 channels appropriate for your " -"architecture, including the live patching child channel (or channels)." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and go to the [guimenu]``Packages`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:22 +#: modules/administration/pages/custom-channels.adoc:52 msgid "" -"Select the client you want to manage with Live Patching from menu:" -"Systems[Overview], and navigate to the menu:Software[Packages > Install] " -"tab. Search for the [systemitem]``kernel-livepatch`` package, and install " -"it." -msgstr "" - -#. type: Target for macro image -#: modules/administration/pages/live-patching-sles15.adoc:23 -#, no-wrap -msgid "enable_live_patching_kernel_live_install.png" +"OPTIONAL: See all packages currently in the channel by navigating to the " +"[guimenu]``List/Remove`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:27 -msgid "" -"To check that live patching has been enabled correctly, select the client " -"from menu:Systems[System List], and ensure that [systemitem]``Live Patch`` " -"appears in the [guimenu]``Kernel`` field." -msgstr "" - -#. type: Title = -#: modules/administration/pages/live-patching.adoc:2 -#, no-wrap -msgid "Live Patching with SUSE Manager" +#: modules/administration/pages/custom-channels.adoc:53 +msgid "Add new packages to the channel by navigating to the [guimenu]``Add`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching.adoc:7 +#: modules/administration/pages/custom-channels.adoc:54 msgid "" -"Performing a kernel update usually requires a system reboot. Common " -"vulnerability and exposure (CVE) patches should be applied as soon as " -"possible, but if you cannot afford the downtime, you can use Live Patching " -"to inject these important updates and skip the need to reboot." +"Select the parent channel to provide packages, and click btn:[View Packages] " +"to populate the list." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching.adoc:9 +#: modules/administration/pages/custom-channels.adoc:55 msgid "" -"The procedure for setting up Live Patching is slightly different for " -"SLES{nbsp}12 and SLES{nbsp}15. Both procedures are documented in this " -"section." -msgstr "" - -#. type: Title = -#: modules/administration/pages/maintenance-window-tasks.adoc:2 -#, no-wrap -msgid "Maintenance Window Tasks" +"Check the packages to add to the custom channel, and click btn:[Add " +"Packages]." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:6 +#: modules/administration/pages/custom-channels.adoc:56 msgid "" -"If you work with scheduled maintenance windows, you might find it difficult " -"to remember all the things that you need to do before, during, and after " -"that critical downtime of the {productname} Server. {productname} Server " -"related systems such as Inter-Server Synchronization Slave Servers or " -"{productname} Proxies are also affected and have to be considered." +"When you are satisfied with the selection, click btn:[Confirm Addition] to " +"add the packages to the channel." msgstr "" -#. It's similar to zypper at the package level: #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:11 +#: modules/administration/pages/custom-channels.adoc:57 msgid "" -"{suse} recommends you always keep your {productname} infrastructure " -"updated. That includes servers, proxies, and build hosts. If you do not " -"keep the {productname} Server updated, you might not be able to update some " -"parts of your environment when you need to." +"OPTIONAL: You can compare the packages in the current channel with those in " +"a different channel by navigating to menu:Software[Manage > Channels], and " +"going to the menu:Packages[Compare] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:13 +#: modules/administration/pages/custom-channels.adoc:58 msgid "" -"This section contains a checklist for your maintenance window, with links to " -"further information on performing each of the steps." +"To make the two channels the same, click the btn:[Merge Differences] button, " +"and resolve any conflicts." msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:16 +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:59 #, no-wrap -msgid "Server" -msgstr "" - -#. ke, 2019-09-30: we'll stop spacewalk during the update -#. . Stop spacewalk services. -#. You will need to stop the spacewalk, SAP, and database services, along with any others you have running. -#. . Check if the configuration is still correct. -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:24 -msgid "Apply the latest updates. See xref:upgrade:server-intro.adoc[]." -msgstr "" - -#. We reboot during the above listed procedures. -#. . Reboot the server. -#. . Check if the configuration is still correct. -#. . Start any stopped services. -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:29 -msgid "Upgrade to the latest service pack, if required." +msgid "Procedure: Adding Patches to a Custom Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:30 +#: modules/administration/pages/custom-channels.adoc:60 msgid "" -"Run [command]``spacewalk-service status`` and check whether all required " -"services are up and running." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and go to the [guimenu]``Patches`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:32 +#: modules/administration/pages/custom-channels.adoc:61 msgid "" -"For information about database schema upgrades and PostgreSQL migrations, " -"see xref:upgrade:db-intro.adoc[]." +"OPTIONAL: See all patches currently in the channel by navigating to the " +"[guimenu]``List/Remove`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:36 +#: modules/administration/pages/custom-channels.adoc:62 msgid "" -"You can install updates using your package manager. For information on " -"using {yast}, see https://documentation.suse.com/sles/15-SP1/html/SLES-all/" -"cha-onlineupdate-you.html. For information on using zypper, see https://" -"documentation.suse.com/sles/15-SP1/html/SLES-all/cha-sw-cl.html#sec-zypper." +"Add new patches to the channel by navigating to the [guimenu]``Add`` tab, " +"and selecting what kind of patches you want to add." msgstr "" -# -# -#. Preferable, you will run such a tool within a maintenance window; for more information, see xref:administration:maintenance-window.adoc#maintenance-window[]. -#. complete procedure, also see above: -#. 1. Log in as root user to the SUSE Manager server. -#. 2. Stop the Spacewalk service: -#. spacewalk-service stop -#. 3. Apply the patch using either zypper patch or YaST Online Update. -#. 4. Upgrade the database schema: -#. spacewalk-schema-upgrade -#. 5. Start the Spacewalk service: -#. spacewalk-service start #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:54 +#: modules/administration/pages/custom-channels.adoc:63 msgid "" -"By default, several update channels are configured and enabled for the " -"{productname} Server. New and updated packages will become available " -"automatically." +"Select the parent channel to provide patches, and click btn:[View Associated " +"Patches] to populate the list." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:58 -msgid "" -"To keep {susemgr} up to date, either connect it directly to {scc} or use " -"{rmtool} (RMT). You can use RMT as a local installation source for " -"disconnected environments." +#: modules/administration/pages/custom-channels.adoc:64 +msgid "Check the patches to add to the custom channel, and click btn:[Confirm]." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:62 +#: modules/administration/pages/custom-channels.adoc:65 msgid "" -"You can check that the update channels are available on your system with " -"this command:" +"When you are satisfied with the selection, click btn:[Confirm] to add the " +"patches to the channel." msgstr "" -#. type: delimited block - -#: modules/administration/pages/maintenance-window-tasks.adoc:65 +#. type: Title == +#: modules/administration/pages/custom-channels.adoc:66 #, no-wrap -msgid "zypper lr\n" +msgid "Manage Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:68 -msgid "The output will look similar to this:" +#: modules/administration/pages/custom-channels.adoc:67 +msgid "" +"{productname} administrators and channel administrators can alter or delete " +"any channel." msgstr "" -#. type: delimited block - -#: modules/administration/pages/maintenance-window-tasks.adoc:84 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:68 msgid "" -"Name | Enabled | GPG Check | Refresh\n" -"-------------------------------------------------------+---------+-----------+--------\n" -"SLE-Module-Basesystem15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Basesystem15-SP1-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-Python2-15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Python2-15-SP1-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Product-SUSE-Manager-Server-4.0-Pool | Yes | (r ) Yes | No\n" -"SLE-Product-SUSE-Manager-Server-4.0-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-SUSE-Manager-Server-4.0-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-SUSE-Manager-Server-4.0-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-Server-Applications15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Server-Applications15-SP1-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-Web-Scripting15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Web-Scripting15-SP1-Updates | Yes | (r ) Yes | Yes\n" +"To grant other users rights to alter or delete a channel, navigate to " +"menu:Software[Manage > Channels] and select the channel you want to edit. " +"Navigate to the [guimenu]``Managers`` tab, and check the user to grant " +"permissions. Click btn:[Update] to save the changes." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:92 +#. type: delimited block = +#: modules/administration/pages/custom-channels.adoc:69 msgid "" -"{productname} releases maintenance updates (MUs) to provide newer packages. " -"Maintenance updates are indicated with a new version number. For example, " -"the major release 4.0 will be incremented to 4.0.1 when an MU is released." +"If you delete a channel that has been assigned to a set of clients, it will " +"trigger an immediate update of the channel state for any clients associated " +"with the deleted channel. This is to ensure that the changes are reflected " +"accurately in the repository file." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:95 +#: modules/administration/pages/custom-channels.adoc:70 msgid "" -"You can verify which version you are running by looking at the bottom of the " -"navigation bar in the {webui}. You can also fetch the version number with " -"the [literal]``api.getVersion()`` XMLRPC API call." +"You cannot delete {productname} channels with the {webui}. Only custom " +"channels can be deleted." msgstr "" -#. type: Title === -#: modules/administration/pages/maintenance-window-tasks.adoc:107 +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:71 #, no-wrap -msgid "Client Tools" +msgid "Procedure: Deleting Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:115 +#: modules/administration/pages/custom-channels.adoc:72 msgid "" -"When the server is updated consider to update some tools on the clients, " -"too. Updating [package]``salt-minion``, [package]``zypper``, and other " -"related management package on clients is not a strict requirement, but it is " -"a best practice in general. For example, a maintenance update on the server " -"might introduce a major new Salt version. Then minions will continue to " -"work but might experience problems later on. To avoid this always update " -"the salt-minion package when available. {suse} makes sure that " -"[package]``salt-minion`` can always be updated safely." -msgstr "" - -#. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:118 -#, no-wrap -msgid "Inter-Server Synchronization Slave Server" +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and select the channel you want to delete." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:121 -msgid "" -"If you are using an inter-server synchronization slave server, update it " -"after the {productname} Server update is complete." +#: modules/administration/pages/custom-channels.adoc:73 +msgid "Click btn:[Delete software channel]." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:123 +#: modules/administration/pages/custom-channels.adoc:74 msgid "" -"For more in inter-server synchronization, see xref:administration:iss.adoc[]." +"On the [guimenu]``Delete Channel`` page, check the details of the channel " +"you are deleting, and check the [guimenu]``Unsubscribe Systems`` checkbox to " +"remove the custom channel from any systems that might still be subscribed." msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:126 -#, no-wrap -msgid "Monitoring Server" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:75 +msgid "Click btn:[Delete Channel]." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:129 +#: modules/administration/pages/custom-channels.adoc:76 msgid "" -"If you are using a monitoring server for Prometheus, update it after the " -"{productname} Server update is complete." +"When channels are deleted, the packages that are part of the deleted channel " +"are not automatically removed. You will not be able to update packages that " +"have had their channel deleted." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:131 +#: modules/administration/pages/custom-channels.adoc:77 msgid "" -"For more information on monitoring, see xref:administration:monitoring." -"adoc[]." +"You can delete packages that are not associated with a channel in the " +"{productname} {webui}. Navigate to menu:Software[Manage > Packages], check " +"the packages to remove, and click btn:[Delete Packages]." msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:134 +#. type: Title = +#: modules/administration/pages/disconnected-setup.adoc:1 #, no-wrap -msgid "Proxy" +msgid "Disconnected Setup" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:137 +#: modules/administration/pages/disconnected-setup.adoc:2 msgid "" -"Proxies should be updated as soon as {productname} Server updates are " -"complete." +"When it is not possible to connect {productname} to the internet, you can " +"use it within a disconnected environment." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:140 +#: modules/administration/pages/disconnected-setup.adoc:3 msgid "" -"In general, running a proxy connected to a server on a different version is " -"not supported. The only exception is for the duration of updates where it " -"is expected that the server is updated first, so the proxy could run the " -"previous version temporarily." +"The repository mirroring tool (RMT) is available on {sle}{nbsp}15 and " +"later. RMT replaces the subscription management tool (SMT), which can be " +"used on older {sle} installations." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:142 +#: modules/administration/pages/disconnected-setup.adoc:4 msgid "" -"Especially if you are migrating from version 3.2 to 4.0, upgrade the server " -"first, then any proxy." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:143 -msgid "For more information, see xref:upgrade:proxy-intro.adoc[]." -msgstr "" - -#. type: Title = -#: modules/administration/pages/maintenance-windows.adoc:2 -#, no-wrap -msgid "Maintenance Windows" +"In a disconnected {productname} setup, RMT or SMT uses an external network " +"to connect to {scc}. All software channels and repositories are " +"synchronized to a removable storage device. The storage device can then be " +"used to update the disconnected {productname} installation." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:6 +#: modules/administration/pages/disconnected-setup.adoc:5 msgid "" -"The maintenance windows feature in {productname} allows you to schedule " -"actions to occur during a scheduled maintenance window period. When you " -"have created your maintenance window schedule, and applied it to a client, " -"you are prevented from executing some actions outside of the specified " -"period." +"This setup allows your {productname} installation to remain in an offline, " +"disconnected environment." msgstr "" #. type: delimited block = -#: modules/administration/pages/maintenance-windows.adoc:14 +#: modules/administration/pages/disconnected-setup.adoc:6 msgid "" -"Maintenance windows operate in a different way to system locking. System " -"locks are switched on or off as required, while maintenance windows define " -"periods of time when actions are allowed. Additionally, the allowed and " -"restricted actions differ. For more information about system locks, see " -"xref:client-configuration:system-locking.adoc[]." +"Your RMT or SMT instance must be used to managed a {productname} Server " +"directly. It cannot be used to manage a second RMT or SMT instance, in a " +"cascade." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:21 +#: modules/administration/pages/disconnected-setup.adoc:7 msgid "" -"Maintenance windows require both a calendar, and a schedule. The calendar " -"defines the date and time of your maintenance window events, including " -"recurring events, and must be in [path]``ical`` format. The schedule uses " -"the events defined in the calendar to create the maintenance windows. You " -"must create an [path]``ical`` file for upload, or link to an [path]``ical`` " -"file to create the calendar, before you can create the schedule." +"For more information on RMT, see " +"https://documentation.suse.com/sles/15-SP2/html/SLES-all/book-rmt.html." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:24 -msgid "" -"When you have created the schedule, you can assign it to clients that are " -"registered to the {productname} Server. Clients that have a maintenance " -"schedule assigned cannot run restricted actions outside of maintenance " -"windows." +#. type: Title == +#: modules/administration/pages/disconnected-setup.adoc:8 +#, no-wrap +msgid "Synchronize RMT" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:27 +#: modules/administration/pages/disconnected-setup.adoc:9 msgid "" -"Restricted actions significantly modify the client, and could potentially " -"cause the client to stop running. Some examples of restricted actions are:" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:29 -msgid "Package installation" +"You can use RMT on {sle} 15 installations to manage clients running {sle} 12 " +"or later." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:30 -msgid "Client upgrade" +#: modules/administration/pages/disconnected-setup.adoc:10 +msgid "" +"We recommend you set up a dedicated RMT instance for each {productname} " +"installation." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:31 -msgid "Service pack migration" +#. type: Block title +#: modules/administration/pages/disconnected-setup.adoc:11 +#, no-wrap +msgid "Procedure: Setting up RMT" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:32 -msgid "Highstate application (for Salt clients)" +#: modules/administration/pages/disconnected-setup.adoc:12 +msgid "On the RMT instance, install the RMT package:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:35 -msgid "" -"Unrestricted actions are minor actions that are considered safe and are " -"unlikely to cause problems on the client. Some examples of unrestricted " -"actions are:" +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:13 +#, no-wrap +msgid "zypper in rmt-server\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:37 -msgid "Package profile update" +#: modules/administration/pages/disconnected-setup.adoc:14 +msgid "Configure RMT using {yast}:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:38 -msgid "Hardware refresh" +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:15 +#, no-wrap +msgid "yast2 rmt\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:39 -msgid "Subscribing to software channels" +#: modules/administration/pages/disconnected-setup.adoc:16 +msgid "Follow the prompts to complete installation." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:43 +#: modules/administration/pages/disconnected-setup.adoc:17 msgid "" -"Before you begin, you must create an [path]``ical`` file for upload, or link " -"to an [path]``ical`` file to create the calendar. You can create " -"[path]``ical`` files in your preferred calendaring tool, such as Microsoft " -"Outlook, Google Calendar, or KOrganizer." +"For more information on setting up RMT, see " +"https://documentation.suse.com/sles/15-SP2/html/SLES-all/book-rmt.html." msgstr "" #. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:46 +#: modules/administration/pages/disconnected-setup.adoc:18 #, no-wrap -msgid "Procedure: Uploading a New Maintenance Calendar" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:48 -msgid "" -"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " -"> Calendars], and click btn:[Create]." +msgid "Procedure: Synchronizing RMT with SCC" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:49 +#: modules/administration/pages/disconnected-setup.adoc:19 msgid "" -"In the [guimenu]``Calendar Name`` section, type a name for your calendar." +"On the RMT instance, list all available products and repositories for your " +"organization:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:50 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:20 +#, no-wrap msgid "" -"Either provide a URL to your [path]``ical`` file, or upload the file " -"directly." +"rmt-cli products list --all\n" +"rmt-cli repos list --all\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:51 -msgid "Click btn:[Create Calendar] to save your calendar." +#: modules/administration/pages/disconnected-setup.adoc:21 +msgid "Synchronize all available updates for your organization:" msgstr "" -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:54 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:22 #, no-wrap -msgid "Procedure: Creating a New Schedule" +msgid "rmt-cli sync\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:56 -#: modules/administration/pages/maintenance-windows.adoc:108 -msgid "" -"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " -"> Schedules], and click btn:[Create]." +#: modules/administration/pages/disconnected-setup.adoc:23 +msgid "You can also configure RMT to synchronize regularly using systemd." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:57 -msgid "" -"In the [guimenu]``Schedule Name`` section, type a name for your schedule." +#: modules/administration/pages/disconnected-setup.adoc:24 +msgid "Enable the products you require." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:58 -msgid "" -"OPTIONAL: If your [path]``ical`` file contains events that apply to more " -"than one schedule, check [guimenu]``Multi``." +#: modules/administration/pages/disconnected-setup.adoc:25 +msgid "For example, to enable SLES 15:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:59 -#: modules/administration/pages/maintenance-windows.adoc:112 -msgid "Select the calendar to assign to this schedule." +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:26 +#, no-wrap +msgid "rmt-cli product enable sles/15/x86_64\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:60 -#: modules/administration/pages/maintenance-windows.adoc:113 -#: modules/administration/pages/maintenance-windows.adoc:118 -msgid "Click btn:[Create Schedule] to save your schedule." -msgstr "" - -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:63 -#, no-wrap -msgid "Procedure: Assigning a Schedule to a Client" +#: modules/administration/pages/disconnected-setup.adoc:27 +#: modules/administration/pages/disconnected-setup.adoc:40 +msgid "Export the synchronized data to your removable storage." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:66 -msgid "" -"In the {productname} {webui}, navigate to menu:Systems[Systems List], select " -"the client to be assigned to a schedule, locate the [guimenu]``System " -"Properties`` panel, and click btn:[Edit These Properties]. Alternatively, " -"you can assign clients through the system set manager by navigating to menu:" -"Systems[System Set Manager] and using the menu:Misc[Maintenance Windows] tab." +#: modules/administration/pages/disconnected-setup.adoc:28 +#: modules/administration/pages/disconnected-setup.adoc:41 +msgid "In this example, the storage medium is mounted at [path]``/mnt/usb``:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:67 -msgid "" -"In the [guimenu]``Edit System Details`` page, locate the " -"[guimenu]``Maintenance Schedule`` field, and select the name of the schedule " -"to be assigned." +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:29 +#, no-wrap +msgid "rmt-cli export data /mnt/usb\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:68 -msgid "Click btn:[Update Properties] to assign the maintenance schedule." +#: modules/administration/pages/disconnected-setup.adoc:30 +#: modules/administration/pages/disconnected-setup.adoc:43 +msgid "Export the enabled repositories to your removable storage:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/maintenance-windows.adoc:75 -msgid "" -"When you assign a new maintenance schedule to a client, it is possible that " -"the client might already have some restricted actions scheduled, and that " -"these might now conflict with the new maintenance schedule. If this occurs, " -"the {webui} will display an error and you will not be able to assign the " -"schedule to the client. To resolve this, check the btn:[Cancel affected " -"actions] option when you assign the schedule. This will cancel any " -"previously scheduled actions that conflict with the new maintenance schedule." +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:31 +#: modules/administration/pages/disconnected-setup.adoc:44 +#, no-wrap +msgid "rmt-cli export settings /mnt/usb\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:79 +#. type: delimited block = +#: modules/administration/pages/disconnected-setup.adoc:32 msgid "" -"When you have created your maintenance windows, you can schedule restricted " -"actions, such as package upgrades, to be performed during the maintenance " -"window." +"Ensure that the external storage is mounted to a directory that is writeable " +"by the RMT user. You can change RMT user settings in the `cli` section of " +"[path]``/etc/rmt.conf``." msgstr "" -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:82 +#. type: Title == +#: modules/administration/pages/disconnected-setup.adoc:33 #, no-wrap -msgid "Procedure: Scheduling a Package Upgrade" +msgid "Synchronize SMT" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:84 +#: modules/administration/pages/disconnected-setup.adoc:34 msgid "" -"In the {productname} {webui}, navigate to menu:Systems[System List], select " -"the client you want to upgrade, and go to the menu:Software[Packages > " -"Upgrade] tab." +"SMT is included with {sle} 12, and can be used to manage clients running " +"{sle} 10 or later." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:85 +#: modules/administration/pages/disconnected-setup.adoc:35 msgid "" -"Select the package to upgrade from the list, and click btn:[Upgrade " -"Packages]." +"SMT requires you to create a local mirror directory on the SMT instance to " +"synchronize repositories and packages." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:86 +#: modules/administration/pages/disconnected-setup.adoc:36 msgid "" -"In the [guimenu]``Maintenance Window`` field, select which maintenance " -"window the client should use to perform the upgrade." +"For more details on installing and configuring SMT, see " +"https://documentation.suse.com/sles/12-SP5/html/SLES-all/book-smt.html." +msgstr "" + +#. type: Block title +#: modules/administration/pages/disconnected-setup.adoc:37 +#, no-wrap +msgid "Procedure: Synchronizing SMT with SCC" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:87 -msgid "Click btn:[Confirm] to schedule the package upgrade." +#: modules/administration/pages/disconnected-setup.adoc:38 +msgid "On the SMT instance, create a database replacement file:" msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-windows.adoc:90 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:39 #, no-wrap -msgid "Maintenance Schedule Types" +msgid "smt-sync --createdbreplacementfile /tmp/dbrepl.xml\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:95 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:42 +#, no-wrap msgid "" -"When you create a calendar, it contains a number of events, which can be " -"either one-time events, or recurring events. Each event contains a " -"``summary`` field. If you want to create multiple maintenance schedules for " -"one calendar, you can specify events for each using the ``summary`` field." +"smt-sync --todir /mnt/usb\n" +"smt-mirror --dbreplfile /tmp/dbrepl.xml --directory /mnt/usb \\\n" +" --fromlocalsmt -L /var/log/smt/smt-mirror-export.log\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:98 +#. type: delimited block = +#: modules/administration/pages/disconnected-setup.adoc:45 msgid "" -"For example, you might like to create a schedule for production servers, and " -"a different schedule for testing servers. In this case, you would specify " -"``SUMMARY: Production Servers`` on events for the production servers, and " -"``SUMMARY: Testing Servers`` on events for the testing servers." +"Ensure that the external storage is mounted to a directory that is writeable " +"by the RMT user. You can change SMT user settings in " +"[path]``/etc/smt.conf``." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/maintenance-windows.adoc:99 +#. type: Title == +#: modules/administration/pages/disconnected-setup.adoc:46 #, no-wrap -msgid "maint_windows_multi.png" +msgid "Synchronize a Disconnected Server" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:103 +#: modules/administration/pages/disconnected-setup.adoc:47 msgid "" -"There are two types of schedule: single, or multi. If your calendar " -"contains events that apply to more than one schedule, then you must select " -"``multi``, and ensure you name the schedule according to the ``summary`` " -"field you used in the calendar file." +"When you have removable media loaded with your {scc} data, you can use it to " +"synchronize your disconnected server." msgstr "" #. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:106 +#: modules/administration/pages/disconnected-setup.adoc:48 #, no-wrap -msgid "Procedure: Creating a Multi Schedule" +msgid "Procedure: Synchronizing a Disconnected Server" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:110 -msgid "" -"In the [guimenu]``Schedule Name`` section, type the name for your schedule. " -"Ensure it matches the ``summary`` field of the calendar." +#: modules/administration/pages/disconnected-setup.adoc:49 +msgid "Mount your removable media device to the {productname} server." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:111 -#: modules/administration/pages/maintenance-windows.adoc:117 -msgid "Check the [guimenu]``Multi`` option." +#: modules/administration/pages/disconnected-setup.adoc:50 +msgid "In this example, the mount point is [path]``/media/disk``." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:114 -msgid "To create the next schedule, click btn:[Create]." +#: modules/administration/pages/disconnected-setup.adoc:51 +msgid "" +"Open ``/etc/rhn/rhn.conf`` and define the mount point by adding or editing " +"this line:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:116 -msgid "" -"In the [guimenu]``Schedule Name`` section, type the name for your second " -"schedule. Ensure it matches the ``summary`` field of the second calendar." +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:52 +#, no-wrap +msgid "server.susemanager.fromdir = /media/disk\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:119 -msgid "Repeat for each schedule you need to create." +#: modules/administration/pages/disconnected-setup.adoc:53 +msgid "Restart the Tomcat service:" msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-windows.adoc:122 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:54 #, no-wrap -msgid "Restricted and Unrestricted Actions" +msgid "systemctl restart tomcat\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:125 -msgid "" -"This sections contains a complete list of restricted and unrestricted " -"actions." +#: modules/administration/pages/disconnected-setup.adoc:55 +msgid "Refresh the local data:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:129 -msgid "" -"Restricted actions significantly modify the client, and could potentially " -"cause the client to stop running. Restricted actions can only be run during " -"a maintenance window. The restricted actions are:" +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:56 +#, no-wrap +msgid "mgr-sync refresh\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:131 +#: modules/administration/pages/disconnected-setup.adoc:57 +msgid "Perform a synchronization:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:58 +#, no-wrap msgid "" -"Package operations (for example, installing, updating, or removing packages)" +"mgr-sync list channels\n" +"mgr-sync add channel channel-label\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:132 -msgid "Patch updates" +#. type: delimited block = +#: modules/administration/pages/disconnected-setup.adoc:59 +msgid "" +"The removable disk that you use for synchronization must always be available " +"at the same mount point. Do not trigger a synchronization, if the storage " +"medium is not mounted. This will result in data corruption." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:133 -msgid "Rebooting a client" +#. type: Title = +#: modules/administration/pages/image-management.adoc:1 +#, no-wrap +msgid "Image Building and Management" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:134 -msgid "Rolling back transactions" +#. type: Title == +#: modules/administration/pages/image-management.adoc:2 +#, no-wrap +msgid "Image Building Overview" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:135 -msgid "Configuration management changing tasks" +#: modules/administration/pages/image-management.adoc:3 +msgid "" +"{productname} enables system administrators to build containers and OS " +"Images and push the result in image stores. The workflow looks like this:" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:136 -msgid "Applying a highstate (for Salt clients)" +#: modules/administration/pages/image-management.adoc:4 +msgid "Define an image store" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:137 -msgid "Autoinstallation and reinstallation" +#: modules/administration/pages/image-management.adoc:5 +msgid "" +"Define an image profile and associate it with a source (either a git " +"repository or a directory)" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:138 -msgid "Remote commands" +#: modules/administration/pages/image-management.adoc:6 +msgid "Build the image" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:139 -msgid "Service pack migrations" +#: modules/administration/pages/image-management.adoc:7 +msgid "Push the image to the image store" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:140 -msgid "Cluster operations" +#: modules/administration/pages/image-management.adoc:8 +msgid "" +"{productname} supports two distinct build types: dockerfile, and the Kiwi " +"image system." msgstr "" -#. type: delimited block = -#: modules/administration/pages/maintenance-windows.adoc:146 +#. type: Plain text +#: modules/administration/pages/image-management.adoc:9 msgid "" -"For Salt clients, it is possible to run remote commands directly at any time " -"by navigating to menu:Salt[Remote Commands]. This applies whether or not " -"the Salt client is in a maintenance window. For more information about " -"remote commands, see xref:administration:actions.adoc[]." +"The Kiwi build type is used to build system, virtual, and other images. The " +"image store for the Kiwi build type is pre-defined as a file system " +"directory at [path]``/srv/www/os-images`` on the server. {productname} " +"serves the image store over HTTPS from " +"[literal]``///os-images/``. The image store location is unique " +"and is not customizable." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:149 -msgid "" -"Unrestricted actions are minor actions that are considered safe and are " -"unlikely to cause problems on the client. If an action is not restricted it " -"is, by definition, unrestricted, and can be be run at any time." +#: modules/administration/pages/image-management.adoc:10 +msgid "Images are always stored in [path]``/srv/www/os-image/``." msgstr "" -#. type: Title = -#: modules/administration/pages/master-fingerprint.adoc:2 +#. type: Title == +#: modules/administration/pages/image-management.adoc:11 #, no-wrap -msgid "Set up a Client to Master Validation Fingerprint" +msgid "Container Images" msgstr "" -#. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:6 -msgid "" -"In highly secure network configurations you may wish to ensure your Salt " -"clients are connecting a specific master. To set up validation from client " -"to master enter the master's fingerprint within the [path]``/etc/salt/" -"minion`` configuration file." +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:12 +#, no-wrap +msgid "image-building.png" msgstr "" -#. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:8 -msgid "See the following procedure:" +#. type: Title === +#: modules/administration/pages/image-management.adoc:13 +#: modules/administration/pages/image-management.adoc:135 +#, no-wrap +msgid "Requirements" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:10 +#: modules/administration/pages/image-management.adoc:14 msgid "" -"On the master, at the command prompt, as root, use this command to find the " -"``master.pub`` fingerprint:" +"The containers feature is available for Salt clients running {sles} 12 or " +"later. Before you begin, ensure your environment meets these requirements:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/master-fingerprint.adoc:14 -#, no-wrap -msgid "salt-key -F master\n" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:15 +msgid "" +"A published git repository containing a dockerfile and configuration " +"scripts. The repository can be public or private, and should be hosted on " +"GitHub, GitLab, or BitBucket." msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:19 -msgid "" -"On your client, open the [path]``/etc/salt/minion`` configuration file. " -"Uncomment the following line and enter the master's fingerprint replacing " -"the example fingerprint:" +#: modules/administration/pages/image-management.adoc:16 +msgid "A properly configured image store, such as a Docker registry." msgstr "" -#. type: delimited block - -#: modules/administration/pages/master-fingerprint.adoc:23 -#, no-wrap -msgid "master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'\n" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:17 +msgid "" +"If you require a private image registry you can use an open source solution " +"such as ``Portus``. For additional information on setting up Portus as a " +"registry provider, see the http://port.us.org/[Portus Documentation]." msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:26 -msgid "Restart the salt-minion service:" +#: modules/administration/pages/image-management.adoc:18 +msgid "For more information on Containers or {caasp}, see:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/master-fingerprint.adoc:30 -#, no-wrap -msgid "# systemctl restart salt-minion\n" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:19 +msgid "https://documentation.suse.com/sles/15-SP2/html/SLES-all/book-sles-docker.html" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:32 -msgid "" -"For information on configuring security from a client, see https://docs." -"saltstack.com/en/latest/ref/configuration/minion.html." +#: modules/administration/pages/image-management.adoc:20 +msgid "https://documentation.suse.com/suse-caasp/4/" msgstr "" -#. type: Title = -#: modules/administration/pages/mgr-sync.adoc:2 +#. type: Title === +#: modules/administration/pages/image-management.adoc:21 +#: modules/administration/pages/image-management.adoc:144 #, no-wrap -msgid "Using ``mgr-sync``" +msgid "Create a Build Host" msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:7 +#: modules/administration/pages/image-management.adoc:22 msgid "" -"The ``mgr-sync`` tool is used at the command prompt. It provides functions " -"for using {productname} that are not always available in the {webui}. The " -"primary use of ``mgr-sync`` is to connect to the {scc}, retrieve product and " -"package information, and prepare channels for synchronization with the " -"{productname} Server." +"To build images with {productname}, you will need to create and configure a " +"build host. Container build hosts are Salt clients running {sle} 12 or " +"later. This section guides you through the initial configuration for a " +"build host." msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:10 +#: modules/administration/pages/image-management.adoc:23 msgid "" -"This tool is designed for use with a {suse} support subscription. It is not " -"required for open source distributions, including {opensuse}, {centos}, and " -"{ubuntu}." +"From the {productname} {webui}, perform these steps to configure a build " +"host:" msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:13 +#: modules/administration/pages/image-management.adoc:24 msgid "" -"The available commands and arguments for ``mgr-sync`` are listed in this " -"table. Use this syntax for ``mgr-sync`` commands:" +"Select a Salt client to be designated as a build host from the " +"menu:Systems[Overview] page." msgstr "" -#. type: delimited block - -#: modules/administration/pages/mgr-sync.adoc:16 -#, no-wrap -msgid "mgr-sync [-h] [--version] [-v] [-s] [-d {1,2,3}] {list,add,refresh,delete}\n" -msgstr "" - -#. type: Block title -#: modules/administration/pages/mgr-sync.adoc:21 -#, no-wrap -msgid "mgr-sync Commands" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:25 +msgid "" +"From the [guimenu]``System Details`` page of the selected client assign the " +"containers modules. Go to menu:Software[Software Channels] and enable the " +"containers module (for example, [guimenu]``SLE-Module-Containers15-Pool`` " +"and [guimenu]``SLE-Module-Containers15-Updates``). Confirm by clicking " +"btn:[Change Subscriptions]." msgstr "" -#. type: Table -#: modules/administration/pages/mgr-sync.adoc:29 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/image-management.adoc:26 msgid "" -"| Command | Description | Example Use\n" -"| list | List channels, organization credentials, or products | ``mgr-sync list channels``\n" -"| add | Add channels, organization credentials, or products | ``mgr-sync add channel ``\n" -"| refresh | Refresh the local copy of products, channels, and subscriptions | ``mgr-sync refresh``\n" -"| delete | Delete existing SCC organization credentials from the local system | ``mgr-sync delete credentials``\n" -"| sync | Synchronize specified channel or ask for it when left blank| ``mgr-sync sync channel ``\n" +"From the menu:System Details[Properties] page, enable ``Container Build " +"Host`` from the [guimenu]``Add-on System Types`` list and confirm by " +"clicking btn:[Update Properties]." msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:33 +#: modules/administration/pages/image-management.adoc:27 msgid "" -"To see the full list of options specific to a command, use this command:" +"Install all required packages by applying ``Highstate``. From the system " +"details page select menu:States[Highstate] and click [guimenu]``Apply " +"Highstate``. Alternatively, apply Highstate from the {productname} Server " +"command line:" msgstr "" #. type: delimited block - -#: modules/administration/pages/mgr-sync.adoc:36 +#: modules/administration/pages/image-management.adoc:28 +#: modules/administration/pages/image-management.adoc:158 #, no-wrap -msgid "mgr-sync --help\n" +msgid "salt '$your_client' state.highstate\n" msgstr "" -#. type: Block title -#: modules/administration/pages/mgr-sync.adoc:42 +#. type: Title === +#: modules/administration/pages/image-management.adoc:29 #, no-wrap -msgid "mgr-sync Optional Arguments" +msgid "Create an Activation Key for Containers" msgstr "" -#. type: Table -#: modules/administration/pages/mgr-sync.adoc:51 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/image-management.adoc:30 msgid "" -"| Option | Abbreviated option | Description | Example Use\n" -"| help | ``h`` | Display the command usage and options | ``mgr-sync --help``\n" -"| version | N/A | Display the currently installed version of ``mgr-sync`` | ``mgr-sync --version``\n" -"| verbose | ``v`` | Provide verbose output | ``mgr-sync --verbose refresh``\n" -"| store-credentials | ``s`` | Store credentials a local hidden file | ``mgr-sync --store-credentials``\n" -"| debug | ``d`` | Log additional debugging information. Requires a level of 1, 2, 3. 3 provides the highest amnount of debugging information | ``mgr-sync -d 3 refresh``\n" -"| no-sync | N/A | Use with the ``add`` command to add products or channels without beginning a synchronization | ``mgr-sync --no-sync add ``\n" +"The containers built using {productname} will use channel(s) associated to " +"the activation key as repositories when building the image. This section " +"will guide you into creating an ad-hoc activation key for this purpose." msgstr "" -#. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:57 -msgid "Logs for ``mgr-sync`` are located in:" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:31 +msgid "" +"To build a container, you will need an activation key that is associated " +"with a channel other than `SUSE Manager Default`." msgstr "" -#. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:59 -msgid "[path]``/var/log/rhn/mgr-sync.log``" +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:32 +#: modules/administration/pages/image-management.adoc:176 +#, no-wrap +msgid "systems_create_activation_key.png" msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:59 -msgid "[path]``/var/log/rhn/rhn_web_api.log``" +#: modules/administration/pages/image-management.adoc:33 +msgid "Select menu:Systems[Activation Keys]." msgstr "" -#. type: Title = -#: modules/administration/pages/mirror-sources.adoc:2 -#, no-wrap -msgid "Mirror Source Packages" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:34 +msgid "Click btn:[Create Key]." msgstr "" #. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:5 +#: modules/administration/pages/image-management.adoc:35 msgid "" -"If you build your own packages locally, or if you require the source code " -"for your packages for legal reasons, it is possible to mirror the source " -"packages on {productname} Server." +"Enter a [guimenu]``Description`` and a [guimenu]``Key`` name. Use the " +"drop-down menu to select the [guimenu]``Base Channel`` to associate with " +"this key." msgstr "" #. type: delimited block = -#: modules/administration/pages/mirror-sources.adoc:9 -msgid "" -"Mirroring source packages can consume a significant amount of disk space." +#: modules/administration/pages/image-management.adoc:36 +#: modules/administration/pages/image-management.adoc:180 +msgid "Confirm with btn:[Create Activation Key]." msgstr "" -#. type: Block title -#: modules/administration/pages/mirror-sources.adoc:11 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:37 +#: modules/administration/pages/image-management.adoc:181 +msgid "For more information, see <>." +msgstr "" + +#. type: Title === +#: modules/administration/pages/image-management.adoc:38 +#: modules/administration/pages/image-management.adoc:182 #, no-wrap -msgid "Procedure: Mirroring Source Packages" +msgid "Create an Image Store" msgstr "" #. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:13 +#: modules/administration/pages/image-management.adoc:39 msgid "" -"Open the [filename]``/etc/rhn/rhn.conf`` configuration file, and add this " -"line:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/mirror-sources.adoc:17 -#, no-wrap -msgid "server.sync_source_packages = 1\n" +"All built images are pushed to an image store. This section contains " +"information about creating an image store." msgstr "" -#. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:19 -msgid "Restart the Spacewalk service to pick up the changes:" +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:40 +#, no-wrap +msgid "images_image_stores.png" msgstr "" #. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:27 -msgid "" -"Currently, this feature can only be enabled globally for all repositories. " -"It is not possible to select individual repositories for mirroring." +#: modules/administration/pages/image-management.adoc:41 +msgid "Select menu:Images[Stores]." msgstr "" #. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:31 -msgid "" -"When this feature has been activated, the source packages will become " -"available in the {productname} {webui} after the next repository " -"synchronization. They will be shown as sources for the binary package, and " -"can be downloaded directly from the {webui}. Source packages cannot be " -"installed on clients using the {webui}." +#: modules/administration/pages/image-management.adoc:42 +msgid "Click [guimenu]``Create`` to create a new store." msgstr "" -#. type: Title = -#: modules/administration/pages/monitoring.adoc:2 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:43 #, no-wrap -msgid "Monitoring with Prometheus and Grafana" +msgid "images_image_stores_create.png" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:7 -msgid "" -"You can monitor your {productname} environment using Prometheus and " -"Grafana. {productname} Server and Proxy are able to provide self-health " -"metrics. You can also install and manage a number of Prometheus exporters " -"on Salt clients." +#: modules/administration/pages/image-management.adoc:44 +msgid "Define a name for the image store in the [guimenu]``Label`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:9 +#: modules/administration/pages/image-management.adoc:45 msgid "" -"Prometheus and Grafana packages are included in the {productname} Client " -"Tools for" +"Provide the path to your image registry by filling in the [guimenu]``URI`` " +"field, as a fully qualified domain name (FQDN) for the container registry " +"host (whether internal or external)." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:11 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:46 #, no-wrap -msgid " {sle}{nbsp}12, {sle}{nbsp}15, {rhel}{nbsp} 6, {rhel}{nbsp} 7, {rhel}{nbsp} 8 and openSUSE 15.x.\n" +msgid "registry.example.com\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:14 +#: modules/administration/pages/image-management.adoc:47 +msgid "" +"The Registry URI can also be used to specify an image store on a registry " +"that is already in use." +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:48 #, no-wrap -msgid " {sle}{nbsp}12, {sle}{nbsp}15, {centos}{nbsp} 6, {centos}{nbsp} 7, {centos}{nbsp} 8 and openSUSE 15.x.\n" +msgid "registry.example.com:5000/myregistry/myproject\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:18 -msgid "" -"You need to install Prometheus and Grafana on a machine separate from the " -"{productname} Server. We recommend you use a managed Salt client as your " -"monitoring server." +#: modules/administration/pages/image-management.adoc:49 +msgid "Click btn:[Create] to add the new image store." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:22 -msgid "" -"Prometheus fetches metrics using a pull mechanism, so the server must be " -"able to establish TCP connections to monitored clients. Clients must have " -"corresponding open ports and be reachable over the network. Alternatively, " -"you can use reverse proxies to establish a connection." +#. type: Title === +#: modules/administration/pages/image-management.adoc:50 +#: modules/administration/pages/image-management.adoc:186 +#, no-wrap +msgid "Create an Image Profile" msgstr "" -#. type: delimited block = -#: modules/administration/pages/monitoring.adoc:29 +#. type: Plain text +#: modules/administration/pages/image-management.adoc:51 msgid "" -"You must have a monitoring add-on subscription for each client you want to " -"monitor. Visit the {scc} to manage your {productname} subscriptions." +"All container images are built using an image profile, which contains the " +"building instructions. This section contains information about creating an " +"image profile with the {productname} {webui}." msgstr "" -#. type: Title == -#: modules/administration/pages/monitoring.adoc:34 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:52 +#: modules/administration/pages/image-management.adoc:188 #, no-wrap -msgid "Prometheus and Grafana" +msgid "images_image_profiles.png" msgstr "" #. type: Block title -#: modules/administration/pages/monitoring.adoc:37 +#: modules/administration/pages/image-management.adoc:53 +#: modules/administration/pages/image-management.adoc:189 #, no-wrap -msgid "Prometheus" +msgid "Procedure: Create an Image Profile" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:41 +#: modules/administration/pages/image-management.adoc:54 msgid "" -"Prometheus is an open-source monitoring tool that is used to record real-" -"time metrics in a time-series database. Metrics are pulled via HTTP, " -"enabling high performance and scalability." +"To create an image profile select menu:Images[Profiles] and click " +"btn:[Create]." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:44 -msgid "" -"Prometheus metrics are time series data, or timestamped values belonging to " -"the same group or dimension. A metric is uniquely identified by its name " -"and set of labels." +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:55 +#, no-wrap +msgid "images_image_create_profile.png" msgstr "" -#. TODO:: This should be an actual image. -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:51 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/image-management.adoc:56 msgid "" -" metric name labels timestamp value\n" -"┌────────┴───────┐ ┌───────────┴───────────┐ ┌──────┴──────┐ ┌─┴─┐\n" -"http_requests_total{status=\"200\", method=\"GET\"} @1557331801.111 42236\n" +"Provide a name for the image profile by filling in the [guimenu]``Label`` " +"field." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:54 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:57 msgid "" -"Each application or system being monitored must expose metrics in the format " -"above, either through code instrumentation or Prometheus exporters." +"If your container image tag is in a format such as `myproject/myimage`, make " +"sure your image store registry URI contains the `/myproject` suffix." msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:56 -#, no-wrap -msgid "Prometheus Exporters" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:58 +msgid "Use a dockerfile as the `Image Type`." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:61 +#: modules/administration/pages/image-management.adoc:59 msgid "" -"Exporters are libraries that help with exporting metrics from third-party " -"systems as Prometheus metrics. Exporters are useful whenever it is not " -"feasible to instrument a given application or system with Prometheus metrics " -"directly. Multiple exporters can run on a monitored host to export local " -"metrics." +"Use the drop-down menu to select your registry from the `Target Image Store` " +"field." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:64 +#: modules/administration/pages/image-management.adoc:60 msgid "" -"The Prometheus community provides a list of official exporters, and more can " -"be found as community contributions. For more information and an extensive " -"list of exporters, see https://prometheus.io/docs/instrumenting/exporters/." +"In the [guimenu]``Path`` field, type a GitHub, GitLab or BitBucket " +"repository URL. The URL should be be http, https, or a token authentication " +"URL. Use one of these formats:" msgstr "" #. type: Block title -#: modules/administration/pages/monitoring.adoc:66 +#: modules/administration/pages/image-management.adoc:61 #, no-wrap -msgid "Grafana" +msgid "GitHub Path Options" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:72 -msgid "" -"Grafana is a tool for data visualization, monitoring, and analysis. It is " -"used to create dashboards with panels representing specific metrics over a " -"set period of time. Grafana is commonly used together with Prometheus, but " -"also supports other data sources such as ElasticSearch, MySQL, PostgreSQL, " -"and Influx DB. For more information about Grafana, see https://grafana.com/" -"docs/." +#: modules/administration/pages/image-management.adoc:62 +msgid "GitHub single user project repository" msgstr "" -#. type: Title == -#: modules/administration/pages/monitoring.adoc:75 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:63 #, no-wrap -msgid "Set up the Monitoring Server" +msgid "https://github.com/USER/project.git#branchname:folder\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:78 -msgid "" -"To set up your monitoring server, you need to install Prometheus and " -"Grafana, and configure them." +#: modules/administration/pages/image-management.adoc:64 +msgid "GitHub organization project repository" msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:81 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:65 #, no-wrap -msgid "Install Prometheus" +msgid "https://github.com/ORG/project.git#branchname:folder\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:85 +#: modules/administration/pages/image-management.adoc:66 +msgid "GitHub token authentication" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:67 msgid "" -"If your monitoring server is a {productname} Salt client, you can install " -"the Prometheus package using the {productname} {webui}. Otherwise you can " -"download and install the package on your monitoring server manually." +"If your git repository is private, modify the profile's URL to include " +"authentication. Use this URL format to authenticate with a GitHub token:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:68 +#, no-wrap +msgid "https://USER:@github.com/USER/project.git#master:/container/\n" msgstr "" #. type: Block title -#: modules/administration/pages/monitoring.adoc:88 +#: modules/administration/pages/image-management.adoc:69 #, no-wrap -msgid "Procedure: Installing Prometheus Using the {webui}" +msgid "GitLab Path Options" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:90 -msgid "" -"In the {productname} {webui}, open the details page of the system where " -"Prometheus is to be installed, and navigate to the [guimenu]``Formulas`` tab." +#: modules/administration/pages/image-management.adoc:70 +msgid "GitLab single user project repository" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:91 -msgid "" -"Check the [guimenu]``Prometheus`` checkbox to enable monitoring formulas, " -"and click btn:[Save]." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:71 +#, no-wrap +msgid "https://gitlab.example.com/USER/project.git#master:/container/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:92 -msgid "Navigate to the ``Prometheus`` tab in the top menu." +#: modules/administration/pages/image-management.adoc:72 +msgid "GitLab groups project repository" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:94 -msgid "" -"In the ``{productname} Server`` section, enter valid {productname} API " -"credentials. Make sure that the credentials you have entered allow access " -"to the set of systems you want to monitor." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:73 +#, no-wrap +msgid "https://gitlab.example.com/GROUP/project.git#master:/container/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:95 -#: modules/administration/pages/monitoring.adoc:167 -msgid "Customize any other configuration options according to your needs." +#: modules/administration/pages/image-management.adoc:74 +msgid "GitLab token authentication" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:96 -#: modules/administration/pages/monitoring.adoc:168 -#: modules/administration/pages/monitoring.adoc:284 -#: modules/administration/pages/monitoring.adoc:342 -msgid "Click btn:[Save Formula]." +#: modules/administration/pages/image-management.adoc:75 +msgid "" +"If your git repository is private and not publicly accessible, you need to " +"modify the profile's git URL to include authentication. Use this URL format " +"to authenticate with a GitLab token:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:97 -#: modules/administration/pages/monitoring.adoc:169 -#: modules/administration/pages/monitoring.adoc:343 -msgid "Apply the highstate and confirm that it completes successfully." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:76 +#, no-wrap +msgid "https://gitlab-ci-token:@gitlab.example.com/USER/project.git#master:/container/\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:98 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:77 msgid "" -"Check that the Prometheus interface loads correctly. In your browser, " -"navigate to the URL of the server where Prometheus is installed, on " -"port 9090 (for example, [literal]``http://example.com:9090``)." +"If you do not specify a git branch, the `master` branch will be used by " +"default. If a `folder` is not specified, the image sources (dockerfile " +"sources) are expected to be in the root directory of the GitHub or GitLab " +"checkout." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:100 -#: modules/administration/pages/monitoring.adoc:178 -#: modules/administration/pages/monitoring.adoc:296 -#: modules/administration/pages/monitoring.adoc:344 +#: modules/administration/pages/image-management.adoc:78 msgid "" -"For more information about the monitoring formulas, see xref:salt:formula-" -"monitoring.adoc[]." +"Select an `Activation Key`. Activation keys ensure that images using a " +"profile are assigned to the correct channel and packages." msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:103 -#, no-wrap -msgid "Procedure: Manually Installing and Configuring Prometheus" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:79 +msgid "" +"When you associate an activation key with an image profile you are ensuring " +"any image using the profile will use the correct software channel and any " +"packages in the channel." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:105 -msgid "" -"On the monitoring server, install the [package]``golang-github-prometheus-" -"prometheus`` package:" +#: modules/administration/pages/image-management.adoc:80 +msgid "Click the btn:[Create] button." msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:108 +#. type: Block title +#: modules/administration/pages/image-management.adoc:81 #, no-wrap -msgid "zypper in golang-github-prometheus-prometheus\n" +msgid "Example Dockerfile Sources" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:110 -msgid "Enable the Prometheus service:" +#: modules/administration/pages/image-management.adoc:82 +msgid "" +"An Image Profile that can be reused is published at " +"https://github.com/SUSE/manager-build-profiles" msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:113 -#, no-wrap -msgid "systemctl enable --now prometheus\n" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:83 +msgid "" +"The [option]``ARG`` parameters ensure that the built image is associated " +"with the desired repository served by {productname}. The [option]``ARG`` " +"parameters also allow you to build image versions of {sles} which may differ " +"from the version of {sles} used by the build host itself." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:116 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:84 msgid "" -"Check that the Prometheus interface loads correctly. In your browser, " -"navigate to the URL of the server where Prometheus is installed, on " -"port 9090 (for example, [literal]``http://example.com:9090``)." +"For example: The [command]``ARG repo`` parameter and the [command]``echo`` " +"command pointing to the repository file, creates and then injects the " +"correct path into the repository file for the desired channel version." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:118 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:85 msgid "" -"Open the configuration file at [path]``/etc/prometheus/prometheus.yml`` and " -"add this configuration information. Replace `server.url` with your " -"{productname} server URL and adjust `username` and `password` fields to " -"match your {productname} credentials." +"The repository is determined by the activation key that you assigned to your " +"image profile." msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:134 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:86 msgid "" -"# {productname} self-health metrics\n" -"scrape_configs:\n" -"- job_name: 'mgr-server'\n" -" static_configs:\n" -" - targets:\n" -" - 'server.url:9100' # Node exporter\n" -" - 'server.url:9187' # PostgreSQL exporter\n" -" - 'server.url:5556' # JMX exporter (Tomcat)\n" -" - 'server.url:5557' # JMX exporter (Taskomatic)\n" -" - 'server.url:9800' # Taskomatic\n" -" - targets:\n" -" - 'server.url:80' # Message queue\n" -" labels:\n" -" __metrics_path__: /rhn/metrics\n" +"The [package]#python# and [package]#python-xml# packages must be installed " +"in the container. They are required for inspecting images, and for " +"providing the package and product list of a container to the {productname} " +"{webui}. If you do not install them, images will still build but the " +"package and product list will not available in the {webui}." msgstr "" #. type: delimited block - -#: modules/administration/pages/monitoring.adoc:141 +#: modules/administration/pages/image-management.adoc:87 #, no-wrap msgid "" -"# Managed systems metrics:\n" -"- job_name: 'mgr-clients'\n" -" uyuni_sd_configs:\n" -" - host: \"http://server.url\"\n" -" username: \"admin\"\n" -" password: \"admin\"\n" +"FROM registry.example.com/sles12sp2\n" +"MAINTAINER Tux Administrator \"tux@example.com\"\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:143 -msgid "Save the configuration file." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:88 +#, no-wrap +msgid "### Begin: These lines Required for use with {productname}\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:144 -msgid "Restart the Prometheus service:" +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:89 +#, no-wrap +msgid "" +"ARG repo\n" +"ARG cert\n" msgstr "" #. type: delimited block - -#: modules/administration/pages/monitoring.adoc:147 +#: modules/administration/pages/image-management.adoc:90 #, no-wrap -msgid "systemctl restart prometheus\n" +msgid "" +"# Add the correct certificate\n" +"RUN echo \"$cert\" > /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT.pem\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:150 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:91 +#, no-wrap msgid "" -"For more information about the Prometheus configuration options, see the " -"official Prometheus documentation at https://prometheus.io/docs/prometheus/" -"latest/configuration/configuration/" +"# Update certificate trust store\n" +"RUN update-ca-certificates\n" msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:153 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:92 #, no-wrap -msgid "Install Grafana" +msgid "" +"# Add the repository path to the image\n" +"RUN echo \"$repo\" > /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:157 -msgid "" -"If your monitoring server is a {productname} Salt client, you can install " -"the Grafana package using the {productname} {webui}. Otherwise you can " -"download and install the package on your monitoring server manually." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:93 +#, no-wrap +msgid "### End: These lines required for use with {productname}\n" msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:160 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:94 #, no-wrap -msgid "Procedure: Installing Grafana Using the {webui}" +msgid "" +"# Add the package script\n" +"ADD add_packages.sh /root/add_packages.sh\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:162 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:95 +#, no-wrap msgid "" -"In the {productname} {webui}, open the details page of the system where " -"Grafana is to be installed, and navigate to the [guimenu]``Formulas`` tab." +"# Run the package script\n" +"RUN /root/add_packages.sh\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:163 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:96 +#, no-wrap msgid "" -"Check the [guimenu]``Grafana`` checkbox to enable monitoring formulas, and " -"click btn:[Save]." +"# After building remove the repository path from image\n" +"RUN rm -f /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:164 -msgid "Navigate to the ``Grafana`` tab in the top menu." +#. TODO: Replace the "custom-system-info" link +#. type: Block title +#: modules/administration/pages/image-management.adoc:97 +#, no-wrap +msgid "Using Custom Info Key-value Pairs as Docker Buildargs" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:165 +#: modules/administration/pages/image-management.adoc:98 msgid "" -"In the ``Enable and configure Grafana`` section, enter the admin credentials " -"you want to use to log in Grafana." +"You can assign custom info key-value pairs to attach information to the " +"image profiles. Additionally, these key-value pairs are passed to the " +"Docker build command as `buildargs`." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:166 +#: modules/administration/pages/image-management.adoc:99 msgid "" -"On the ``Datasources`` section, make sure that the Prometheus URL field " -"points to the system where Prometheus is running." +"For more information about the available custom info keys and creating " +"additional ones, see xref:reference:systems/custom-system-info.adoc[]." +msgstr "" + +#. type: Title === +#: modules/administration/pages/image-management.adoc:100 +#: modules/administration/pages/image-management.adoc:226 +#, no-wrap +msgid "Build an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:170 +#: modules/administration/pages/image-management.adoc:101 msgid "" -"Check that the Grafana interface is loading correctly. In your browser, " -"navigate to the URL of the server where Grafana is installed, on port 3000 " -"(for example, [literal]``http://example.com:3000``)." +"There are two ways to build an image. You can select menu:Images[Build] " +"from the left navigation bar, or click the build icon in the " +"menu:Images[Profiles] list." msgstr "" -#. type: delimited block = -#: modules/administration/pages/monitoring.adoc:175 -msgid "" -"{productname} provides pre-built dashboards for server self-health, basic " -"client monitoring, and more. You can choose which dashboards to provision " -"in the formula configuration page." +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:102 +#: modules/administration/pages/image-management.adoc:228 +#, no-wrap +msgid "images_image_build.png" msgstr "" #. type: Block title -#: modules/administration/pages/monitoring.adoc:180 +#: modules/administration/pages/image-management.adoc:103 +#: modules/administration/pages/image-management.adoc:229 #, no-wrap -msgid "Procedure: Manually Installing Grafana" +msgid "Procedure: Building an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:183 -msgid "Install the [package]``grafana`` package:" +#: modules/administration/pages/image-management.adoc:104 +#: modules/administration/pages/image-management.adoc:230 +msgid "Select menu:Images[Build]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:186 -#, no-wrap -msgid "zypper in grafana\n" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:105 +msgid "" +"Add a different tag name if you want a version other than the default " +"``latest`` (only relevant to containers)." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:188 -msgid "Enable the Grafana service:" +#: modules/administration/pages/image-management.adoc:106 +msgid "Select [guimenu]``Build Profile`` and [guimenu]``Build Host``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:191 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:107 +msgid "" +"Notice the [guimenu]``Profile Summary`` to the right of the build fields. " +"When you have selected a build profile, detailed information about the " +"selected profile will be displayed in this area." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:108 +msgid "To schedule a build click the btn:[Build] button." +msgstr "" + +#. type: Title === +#: modules/administration/pages/image-management.adoc:109 #, no-wrap -msgid "systemctl enable --now grafana-server\n" +msgid "Import an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:194 +#: modules/administration/pages/image-management.adoc:110 msgid "" -"Check that the Grafana interface is loading correctly. In your browser, " -"navigate to the URL of the server where Grafana is installed, on port 3000 " -"(for example, [literal]``http://example.com:3000``)." +"You can import and inspect arbitrary images. Select menu:Images[Image List] " +"from the left navigation bar. Complete the text boxes of the " +"[guimenu]``Import`` dialog. When it has processed, the imported image will " +"be listed on the [guimenu]``Image List`` page." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/monitoring.adoc:195 +#. type: Block title +#: modules/administration/pages/image-management.adoc:111 #, no-wrap -msgid "monitoring_grafana_example.png" +msgid "Procedure: Importing an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:198 +#: modules/administration/pages/image-management.adoc:112 msgid "" -"For more information on how to manually install and configure Grafana, see " -"https://grafana.com/docs." +"From menu:Images[Image list] click btn:[Import] to open the " +"[guimenu]``Import Image`` dialog." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:200 -msgid "" -"For more information about the monitoring formulas with forms, see xref:salt:" -"formula-monitoring.adoc[]." +#: modules/administration/pages/image-management.adoc:113 +msgid "In the [guimenu]``Import Image`` dialog complete these fields:" msgstr "" -#. type: Title == -#: modules/administration/pages/monitoring.adoc:203 +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:114 #, no-wrap -msgid "Configure {productname} Monitoring" +msgid "Image store:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:206 -msgid "" -"With {productname}{nbsp}4, you can enable the server to expose Prometheus " -"self-health metrics, and also install and configure exporters on client " -"systems." +#: modules/administration/pages/image-management.adoc:115 +msgid "The registry from where the image will be pulled for inspection." msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:209 +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:116 #, no-wrap -msgid "Server Self Monitoring" +msgid "Image name:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:213 -msgid "" -"The Server self-health metrics cover hardware, operating system and " -"{productname} internals. These metrics are made available by " -"instrumentation of the Java application, combined with Prometheus exporters." +#: modules/administration/pages/image-management.adoc:117 +msgid "The name of the image in the registry." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:215 -msgid "These exporter packages are shipped with {productname} Server:" +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:118 +#, no-wrap +msgid "Image version:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:218 -#: modules/administration/pages/monitoring.adoc:229 -#: modules/administration/pages/monitoring.adoc:265 -msgid "" -"Node exporter: [systemitem]``golang-github-prometheus-node_exporter``. See " -"https://github.com/prometheus/node_exporter." +#: modules/administration/pages/image-management.adoc:119 +msgid "The version of the image in the registry." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:220 -#: modules/administration/pages/monitoring.adoc:267 -msgid "" -"PostgreSQL exporter: [systemitem]``golang-github-wrouesnel-" -"postgres_exporter``. See https://github.com/wrouesnel/postgres_exporter." +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:120 +#, no-wrap +msgid "Build host:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:222 -msgid "" -"JMX exporter: [systemitem]``prometheus-jmx_exporter``. See https://github." -"com/prometheus/jmx_exporter." +#: modules/administration/pages/image-management.adoc:121 +msgid "The build host that will pull and inspect the image." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:122 +#, no-wrap +msgid "Activation key:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:224 -#: modules/administration/pages/monitoring.adoc:269 +#: modules/administration/pages/image-management.adoc:123 msgid "" -"Apache exporter: [systemitem]``golang-github-lusitaniae-apache_exporter``. " -"See https://github.com/Lusitaniae/apache_exporter." +"The activation key that provides the path to the software channel that the " +"image will be inspected with." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:226 -msgid "These exporter packages are shipped with {productname} Proxy:" +#: modules/administration/pages/image-management.adoc:124 +msgid "For confirmation, click btn:[Import]." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:231 +#: modules/administration/pages/image-management.adoc:125 msgid "" -"Squid exporter: [systemitem]``golang-github-boynux-squid_exporter``. See " -"https://github.com/boynux/squid-exporter." +"The entry for the image is created in the database, and an ``Inspect Image`` " +"action on {productname} is scheduled." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:233 +#: modules/administration/pages/image-management.adoc:126 msgid "" -"The exporter packages are pre-installed in {productname} Server and Proxy, " -"but their respective systemd daemons are disabled by default." -msgstr "" - -#. type: Block title -#: modules/administration/pages/monitoring.adoc:236 -#, no-wrap -msgid "Procedure: Enabling Self Monitoring" +"When it has been processed, you can find the imported image in the ``Image " +"List``. It has a different icon in the ``Build`` column, to indicate that " +"the image is imported. The status icon for the imported image can also be " +"seen on the ``Overview`` tab for the image." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:239 -msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Manager Configuration > " -"Monitoring]." +#: modules/administration/pages/image-management.adoc:128 +msgid "These are some known problems when working with images:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:240 -msgid "Click btn:[Enable services]." +#: modules/administration/pages/image-management.adoc:129 +msgid "" +"HTTPS certificates to access the registry or the git repositories should be " +"deployed to the client by a custom state file." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:241 -msgid "Restart Tomcat and Taskomatic." +#: modules/administration/pages/image-management.adoc:130 +msgid "SSH git access using Docker is currently unsupported." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:242 +#: modules/administration/pages/image-management.adoc:131 msgid "" -"Navigate to the URL of your Prometheus server, on port 9090 (for example, " -"[literal]``http://example.com:9090``)" +"If the [package]#python# and [package]#python-xml# packages are not " +"installed in your images during the build process, reporting of installed " +"packages or products will fail. This will result in an ``unknown`` update " +"status." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:243 -msgid "" -"In the Prometheus UI, navigate to menu:[Status > Targets] and confirm that " -"all the endpoints on the ``mgr-server`` group are up." +#. type: Title == +#: modules/administration/pages/image-management.adoc:132 +#, no-wrap +msgid "OS Images" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:244 +#: modules/administration/pages/image-management.adoc:133 msgid "" -"If you have also installed Grafana with the {webui}, the server insights " -"will be visible on the {productname} Server dashboard." -msgstr "" - -#. type: Target for macro image -#: modules/administration/pages/monitoring.adoc:245 -#, no-wrap -msgid "monitoring_enable_services.png" +"OS Images are built by the Kiwi image system. The output image is " +"customizable and can be PXE, QCOW2, LiveCD, or other types of images." msgstr "" -#. type: delimited block = -#: modules/administration/pages/monitoring.adoc:252 +#. type: Plain text +#: modules/administration/pages/image-management.adoc:134 msgid "" -"Only server self-health monitoring can be enabled using the {webui}. " -"Metrics for a proxy are not automatically collected by Prometheus. To " -"enable self-health monitoring on a proxy, you will need to manually install " -"exporters and enable them." +"For more information about the Kiwi build system, see the " +"https://doc.opensuse.org/projects/kiwi/doc/[Kiwi documentation]." msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:256 -#, no-wrap -msgid "Monitoring Managed Systems" +#. SLE15 images support is not yet released for SUMA4, will be part of SUMA4.0.4 as tech preview +#. From {sles}{nbsp}15, ``kiwi-ng`` is used instead of the legacy Kiwi. +#. type: Plain text +#: modules/administration/pages/image-management.adoc:136 +msgid "" +"The Kiwi image building feature is available for Salt clients running " +"{sles}{nbsp}12 and {sles}{nbsp}11." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:260 +#: modules/administration/pages/image-management.adoc:137 msgid "" -"Prometheus metrics exporters can be installed and configured on Salt clients " -"using formulas. The packages are available from the {productname} client " -"tools channels, and can be enabled and configured directly in the " -"{productname} {webui}." +"Kiwi image configuration files and configuration scripts must be accessible " +"in one of these locations:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:262 -msgid "These exporters can be installed on managed systems:" +#: modules/administration/pages/image-management.adoc:138 +msgid "Git repository" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:272 -msgid "" -"When you have the exporters installed and configured, you can start using " -"Prometheus to collect metrics from monitored systems. If you have " -"configured your monitoring server with the {webui}, metrics collection will " -"happen automatically." +#: modules/administration/pages/image-management.adoc:139 +msgid "HTTP hosted tarball" msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:275 -#, no-wrap -msgid "Procedure: Configuring Prometheus Exporters on a Client" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:140 +msgid "Local build host directory" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:278 +#: modules/administration/pages/image-management.adoc:141 msgid "" -"In the {productname} {webui}, open the details page of the client to be " -"monitored, and navigate to the menu:Formulas tab." +"For an example of a complete Kiwi repository served by git, see " +"https://github.com/SUSE/manager-build-profiles/tree/master/OSImage" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:279 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:142 msgid "" -"Check the [guimenu]``Enabled`` checkbox on the ``Prometheus Exporters`` " -"formula." +"You will need at least 1{nbsp}GB of RAM available for Hosts running OS " +"Images built with Kiwi. Disk space depends on the actual size of the " +"image. For more information, see the documentation of the underlying " +"system." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:281 -msgid "Navigate to the menu:Formulas[Prometheus Exporters] tab." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:143 +msgid "" +"The build host must be a Salt client. Do not install the build host as a " +"traditional client." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:283 +#: modules/administration/pages/image-management.adoc:145 msgid "" -"Select the exporters you want to enable and customize arguments according to " -"your needs. The [guimenu]``Address`` field accepts either a port number " -"preceded by a colon (``:9100``), or a fully resolvable address " -"(``example:9100``)." +"To build all kinds of images with {productname}, create and configure a " +"build host. OS Image build hosts are Salt clients running on {sles}{nbsp}15 " +"SP2, {sles}{nbsp}12 (SP3 or later) or {sles}{nbsp}11 SP4." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:285 -msgid "Apply the highstate." +#: modules/administration/pages/image-management.adoc:146 +msgid "" +"This procedure will guide you through the initial configuration for a build " +"host." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/monitoring.adoc:286 -#, no-wrap -msgid "monitoring_configure_formula.png" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:147 +msgid "" +"The operating system on the build host must match the operating system on " +"the targeted image." msgstr "" #. type: delimited block = -#: modules/administration/pages/monitoring.adoc:291 +#: modules/administration/pages/image-management.adoc:148 msgid "" -"Monitoring formulas can also be configured for System Groups, by applying " -"the same configuration used for individual systems inside the corresponding " -"group." +"For example, build {sles}{nbsp}15 based images on a build host running " +"{sles}{nbsp}15 SP2 OS version. Build {sles}{nbsp}12 based images on a build " +"host running {sles}{nbsp}12 SP4 or {sles}{nbsp}12 SP3 OS version. Build " +"{sles}{nbsp}11 based images on a build host running {sles}{nbsp}11 SP4 OS " +"version." msgstr "" -#. type: Title == -#: modules/administration/pages/monitoring.adoc:299 -#, no-wrap -msgid "Network Boundaries" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:149 +msgid "Configure the build host in the {productname} {webui}:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:303 +#: modules/administration/pages/image-management.adoc:150 msgid "" -"Prometheus fetches metrics using a pull mechanism, so the server must be " -"able to establish TCP connections to monitored clients. By default, " -"Prometheus uses these ports:" +"Select a client that will be designated as a build host from the " +"menu:Systems[Overview] page." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:305 -msgid "Node exporter: 9100" +#: modules/administration/pages/image-management.adoc:151 +msgid "" +"Navigate to the menu:System Details[Properties] tab, enable the " +"[guimenu]``Add-on System Type`` [guimenu]``OS Image Build Host``. Confirm " +"with btn:[Update Properties]." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:306 -msgid "PostgreSQL exporter: 9187" +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:152 +#, no-wrap +msgid "os-image-build-host.png" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:307 -msgid "Apache exporter: 9117" +#: modules/administration/pages/image-management.adoc:153 +msgid "" +"Navigate to menu:System Details[Software > Software Channels], and enable " +"the required software channels depending on the build host version." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:309 +#: modules/administration/pages/image-management.adoc:154 msgid "" -"Additionally, if you are running the alert manager on a different host than " -"where you run Prometheus, you will also need to open port 9093." +"{sles}{nbsp}11 build hosts require {productname} Client tools " +"(``SLE-Manager-Tools11-Pool`` and ``SLE-Manager-Tools11-Updates``)." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:311 +#: modules/administration/pages/image-management.adoc:155 msgid "" -"For clients installed on cloud instances, you can add the required ports to " -"a security group that has access to the monitoring server." +"{sles}{nbsp}12 build hosts require {productname} Client tools " +"(``SLE-Manager-Tools12-Pool`` and ``SLE-Manager-Tools12-Updates``)." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:315 +#: modules/administration/pages/image-management.adoc:156 msgid "" -"Alternatively, you can deploy a Prometheus instance in the exporters' local " -"network, and configure federation. This allows the main monitoring server " -"to scrape the time series from the local Prometheus instance. If you use " -"this method, you only need to open the Prometheus API port, which is 9090." +"{sles}{nbsp}15 build hosts require {sles} modules " +"``SLE-Module-DevTools15-SP2-Pool`` and " +"``SLE-Module-DevTools15-SP2-Updates``. Schedule and click btn:[Confirm]." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:317 +#: modules/administration/pages/image-management.adoc:157 msgid "" -"For more information on Prometheus federation, see https://prometheus.io/" -"docs/prometheus/latest/federation/." +"Install Kiwi and all required packages by applying `Highstate`. From the " +"system details page select menu:States[Highstate] and click btn:[Apply " +"Highstate]. Alternatively, apply Highstate from the {productname} Server " +"command line:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:320 -msgid "" -"You can also proxy requests through the network boundary. Tools like " -"PushProx deploy a proxy and a client on both sides of the network barrier " -"and allow Prometheus to work across network topologies such as NAT." +#. type: Block title +#: modules/administration/pages/image-management.adoc:159 +#, no-wrap +msgid "{productname} Web Server Public Certificate RPM" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:322 +#: modules/administration/pages/image-management.adoc:160 msgid "" -"For more information on PushProx, see https://github.com/RobustPerception/" -"PushProx." +"Build host provisioning copies the {productname} certificate RPM to the " +"build host. This certificate is used for accessing repositories provided by " +"{productname}." msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:325 -#, no-wrap -msgid "Reverse Proxy Setup" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:161 +msgid "" +"The certificate is packaged in RPM by the " +"`mgr-package-rpm-certificate-osimage` package script. The package script is " +"called automatically during a new {productname} installation." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:329 +#: modules/administration/pages/image-management.adoc:162 msgid "" -"Prometheus fetches metrics using a pull mechanism, so the server must be " -"able to establish TCP connections to each exporter on the monitored " -"clients. To simplify your firewall configuration, you can use reverse proxy " -"for your exporters. This way all metrics will be exposed on a single port." +"When you upgrade the `spacewalk-certs-tools` package, the upgrade scenario " +"will call the package script using the default values. However if the " +"certificate path was changed or unavailable, you will need to call the " +"package script manually using `--ca-cert-full-path ` " +"after the upgrade procedure has finished." msgstr "" -#. Probably a diagram here. --LKB 2020-08-11 #. type: Block title -#: modules/administration/pages/monitoring.adoc:334 +#: modules/administration/pages/image-management.adoc:163 #, no-wrap -msgid "Procedure: Installing Prometheus Exporters with Reverse Proxy" +msgid "Package script call example" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:336 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:164 +#, no-wrap msgid "" -"In the {productname} {webui}, open the details page of the system to be " -"monitored, and navigate to the [guimenu]``Formulas`` tab." +"/usr/sbin/mgr-package-rpm-certificate-osimage --ca-cert-full-path " +"/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:337 +#: modules/administration/pages/image-management.adoc:165 msgid "" -"Check the [guimenu]``Prometheus Exporters`` checkbox to enable the exporters " -"formula, and click btn:[Save]." +"The RPM package with the certificate is stored in a salt-accessible " +"directory such as:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:338 -msgid "Navigate to the ``Prometheus Exporters`` tab in the top menu." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:166 +#, no-wrap +msgid "/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-osimage-1.0-1.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:340 +#: modules/administration/pages/image-management.adoc:167 msgid "" -"Check the [guimenu]``Enable reverse proxy`` option, and enter a valid " -"reverse proxy port number. For example, ``9999``." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:341 -msgid "Customize the other exporters according to your needs." +"The RPM package with the certificate is provided in the local build host " +"repository:" msgstr "" -#. type: Title = -#: modules/administration/pages/openscap.adoc:2 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:168 #, no-wrap -msgid "System Security with OpenSCAP" +msgid "/var/lib/Kiwi/repo\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:7 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:169 msgid "" -"{productname} uses OpenSCAP to audit clients. It allows you to schedule and " -"view compliance scans for any client." +"Specify the RPM package with the {productname} SSL certificate in the build " +"source, and make sure your Kiwi configuration contains " +"``rhn-org-trusted-ssl-cert-osimage`` as a required package in the " +"``bootstrap`` section." msgstr "" -#. type: delimited block = -#: modules/administration/pages/openscap.adoc:11 -msgid "OpenSCAP auditing is not available on Salt SSH clients." +#. type: Block title +#: modules/administration/pages/image-management.adoc:170 +#, no-wrap +msgid "config.xml" msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:14 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:171 +#, no-wrap msgid "" -"To use openSCAP, you will need the [systemitem]``spacewalk-oscap`` package " -"installed on the clients you want to audit." +"...\n" +" \n" +" ...\n" +" \n" +" \n" +"...\n" msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:17 +#. type: Title === +#: modules/administration/pages/image-management.adoc:172 #, no-wrap -msgid "About SCAP" +msgid "Create an Activation Key for OS Images" msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:21 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:173 msgid "" -"The Security Certification and Authorization Package (SCAP) is a " -"standardized compliance checking solution for enterprise-level Linux " -"infrastructures. It is a line of specifications maintained by the National " -"Institute of Standards and Technology (NIST) for maintaining system security " -"for enterprise systems." +"Create an activation key associated with the channel that your OS Images " +"will use as repositories when building the image." msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:25 -msgid "" -"SCAP was created to provide a standardized approach to maintaining system " -"security, and the standards that are used will therefore continually change " -"to meet the needs of the community and enterprise businesses. New " -"specifications are governed by NIST's SCAP Release cycle to provide a " -"consistent and repeatable revision work flow. For more information, see " -"http://scap.nist.gov/timeline.html." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:174 +msgid "Activation keys are mandatory for OS Image building." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:30 +#: modules/administration/pages/image-management.adoc:175 msgid "" -"{productname} uses OpenSCAP to implement the SCAP specifications. OpenSCAP " -"is an auditing tool that utilizes the Extensible Configuration Checklist " -"Description Format (XCCDF). XCCDF is a standard way of expressing checklist " -"content and defines security checklists. It also combines with other " -"specifications such as Common Platform Enumeration (CPE), Common " -"Configuration Enumeration (CCE), and Open Vulnerability and Assessment " -"Language (OVAL), to create a SCAP-expressed checklist that can be processed " -"by SCAP-validated products." +"To build OS Images, you will need an activation key that is associated with " +"a channel other than `SUSE Manager Default`." msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:34 -msgid "" -"OpenSCAP verifies the presence of patches by using content produced by the " -"{suse} Security Team. OpenSCAP checks system security configuration " -"settings and examines systems for signs of compromise by using rules based " -"on standards and specifications. For more information about the {suse} " -"Security Team, see https://www.suse.com/support/security." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:177 +msgid "In the {webui}, select menu:Systems[Activation Keys]." msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:37 -#, no-wrap -msgid "Prepare Clients for an SCAP Scan" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:178 +msgid "Click [guimenu]``Create Key``." msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:41 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:179 msgid "" -"Before you begin, you need to prepare your client systems for SCAP " -"scanning. Ensure clients have the ``openscap-content`` and ``openscap-" -"utils`` packages installed before you begin." +"Enter a [guimenu]``Description``, a [guimenu]``Key`` name, and use the " +"drop-down box to select a [guimenu]``Base Channel`` to associate with the " +"key." msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:45 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:183 msgid "" -"Use this command to determine the location of the appropriate SCAP files. " -"Take a note of these paths for performing the scan:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/openscap.adoc:48 -#, no-wrap -msgid "rpm -ql openscap-content\n" +"OS Images can require a significant amount of storage space. Therefore, we " +"recommended that the OS Image store is located on a partition of its own or " +"on a Btrfs subvolume, separate from the root partition. By default, the " +"image store will be located at [path]``/srv/www/os-images``." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:51 -msgid "The output should include these files:" +#: modules/administration/pages/image-management.adoc:184 +msgid "" +"Image stores for Kiwi build type, used to build system, virtual, and other " +"images, are not supported yet." msgstr "" -#. type: delimited block - -#: modules/administration/pages/openscap.adoc:57 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/image-management.adoc:185 msgid "" -"/usr/share/openscap/scap-oval.xml\n" -"/usr/share/openscap/scap-xccdf.xml\n" -"/usr/share/openscap/scap-yast2sec-oval.xml\n" -"/usr/share/openscap/scap-yast2sec-xccdf.xml\n" +"Images are always stored in [path]``/srv/www/os-images/`` " +"and are accessible via HTTP/HTTPS " +"[url]``https:///os-images/``." msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:61 -#, no-wrap -msgid "OpenSCAP Content Files" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:187 +msgid "Manage image profiles using the {webui}." msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:68 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:190 msgid "" -"OpenSCAP uses SCAP content files to define test rules. These content files " -"are created based on the XCCDF or OVAL standards. You can download publicly " -"available content files and customize it to your requirements. You can " -"install the ``openscap-content`` package for default content file " -"templates. Alternatively, if you are familiar with XCCDF or OVAL, you can " -"create your own content files." +"To create an image profile select from menu:Images[Profiles] and click " +"btn:[Create]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/openscap.adoc:75 -msgid "" -"We recommend you use templates to create your SCAP content files. If you " -"create and use your own custom content files, you do so at your own risk. " -"If your system becomes damaged through the use of custom content files, you " -"might not be supported by {suse}." +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:191 +#, no-wrap +msgid "images_image_create_profile_kiwi.png" msgstr "" -#. ke 2013-08-28: Do we have SCAP content providers? Such as: The United States Government -#. Configuration Baseline (USGCB) for RHEL5 Desktop or Community-provided content (openscap-content -#. package)? For more info, see -#. https://access.redhat.com/site/documentation/en-US/Red_Hat_Network_Satellite/5.5/html/User_Guide/chap-Red_Hat_Network_Satellite-User_Guide-OpenSCAP.html # -#. I think this question is still valid. Who should we contact? LKB 2020-02-06 -#. type: Plain text -#: modules/administration/pages/openscap.adoc:88 -msgid "" -"When you have created your content files, you need to transfer the file to " -"the client. You can do this in the same way as you move any other file, " -"using physical storage media, or across a network with [command]``ftp`` or " -"[command]``scp``." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:192 +msgid "In the [guimenu]``Label`` field, provide a name for the `Image Profile`." msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:92 -msgid "" -"We recommend that you create a package to distribute content files to " -"clients that you are managing with {productname}. Packages can be signed " -"and verified to ensure their integrity. For more information, see xref:" -"administration:custom-channels.adoc[]." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:193 +msgid "Use `Kiwi` as the [guimenu]``Image Type``." msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:95 -#, no-wrap -msgid "Perform an Audit Scan" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:194 +msgid "Image store is automatically selected." msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:100 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:195 msgid "" -"When you have transferred your content files, you can perform audit scans. " -"Audit scans can be triggered using the {productname} {webui}. You can also " -"use the {productname} API to schedule regular scans." +"Enter a [guimenu]``Config URL`` to the directory containing the Kiwi " +"configuration files:" msgstr "" -#. type: Block title -#: modules/administration/pages/openscap.adoc:101 -#, no-wrap -msgid "Procedure: Running an Audit Scan from the {webui}" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:196 +msgid "git URI" msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:103 -msgid "" -"In the {productname} {webui}, navigate to menu:Systems[Systems List] and " -"select the client you want to scan." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:197 +msgid "HTTPS tarball" msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:104 -msgid "" -"Navigate to the [guimenu]``Audit`` tab, and the [guimenu]``Schedule`` subtab." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:198 +msgid "Path to build host local directory" msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:106 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:199 msgid "" -"In the [guimenu]``Path to XCCDF Document`` field, enter the path to the " -"XCCDF content file on the client. For example: [path]``/usr/share/openscap/" -"scap-yast2sec-xccdf.xml``" +"Select an [guimenu]``Activation Key``. Activation keys ensure that images " +"using a profile are assigned to the correct channel and packages." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:107 -msgid "The scan will run at the client's next scheduled synchronization." +#: modules/administration/pages/image-management.adoc:200 +msgid "" +"Associate an activation key with an image profile to ensure the image " +"profile uses the correct software channel, and any packages." msgstr "" #. type: delimited block = -#: modules/administration/pages/openscap.adoc:113 -msgid "" -"The XCCDF content file is validated before it is run on the remote system. " -"If the content file includes invalid arguments, the test will fail." +#: modules/administration/pages/image-management.adoc:201 +msgid "Confirm with the btn:[Create] button." msgstr "" #. type: Block title -#: modules/administration/pages/openscap.adoc:117 +#: modules/administration/pages/image-management.adoc:202 #, no-wrap -msgid "Procedure: Running an Audit Scan from the API" +msgid "Source format options" msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:119 -msgid "" -"Before you begin, ensure that the client to be scanned has Python and XML-" -"RPC libraries installed." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:203 +msgid "git/HTTP(S) URL to the repository" msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:121 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:204 msgid "" -"Choose an existing script or create a script for scheduling a system scan " -"through ``system.scap.scheduleXccdfScan``. For example:" +"URL to the git repository containing the sources of the image to be built. " +"Depending on the layout of the repository the URL can be:" msgstr "" #. type: delimited block - -#: modules/administration/pages/openscap.adoc:129 +#: modules/administration/pages/image-management.adoc:205 #, no-wrap -msgid "" -"#!/usr/bin/python\n" -"client = xmlrpclib.Server('https://spacewalk.example.com/rpc/api')\n" -"key = client.auth.login('username', 'password')\n" -"client.system.scap.scheduleXccdfScan(key, <1000010001>,\n" -" '',\n" -" '--profile ')\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/openscap.adoc:132 -msgid "In this example:" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/openscap.adoc:133 -msgid "``<1000010001>`` is the system ID (sid)." +msgid "https://github.com/SUSE/manager-build-profiles\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:135 +#: modules/administration/pages/image-management.adoc:206 msgid "" -"```` is the path to the content file location on the " -"client. For example, [path]``/usr/local/share/scap/usgcb-sled15desktop-" -"xccdf.xml``." +"You can specify a branch after the `#` character in the URL. In this " +"example, we use the `master` branch:" msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:137 -msgid "" -"```` is an additional argument for the [command]``oscap`` " -"command. For example, use " -"``united_states_government_configuration_baseline`` (USGCB)." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:207 +#, no-wrap +msgid "https://github.com/SUSE/manager-build-profiles#master\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:138 -msgid "Run the script on the client you want to scan, from the command prompt." +#: modules/administration/pages/image-management.adoc:208 +msgid "" +"You can specify a directory that contains the image sources after the `:` " +"character. In this example, we use `OSImage/POS_Image-JeOS6`:" msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:141 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:209 #, no-wrap -msgid "Scan Results" +msgid "https://github.com/SUSE/manager-build-profiles#master:OSImage/POS_Image-JeOS6\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:147 -msgid "" -"Information about the scans you have run is in the {productname} {webui}. " -"Navigate to to menu:Audit[OpenSCAP > All Scans] for a table of results. For " -"more information about the data in this table, see xref:reference:audit/" -"openscap-all-scans.adoc[]." +#: modules/administration/pages/image-management.adoc:210 +msgid "HTTP(S) URL to the tarball" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:153 -msgid "" -"To ensure that detailed information about scans is available, you need to " -"enable it on the client. In the {productname} {webui}, navigate to menu:" -"Admin[Organizations] and click on the organization the client is a part of. " -"Navigate to the [guimenu]``Configuration`` tab, and check the " -"[guimenu]``Enable Upload of Detailed SCAP Files`` option. When enabled, " -"this generates an additional HTML file on every scan, which contains extra " -"information. The results will show an extra line similar to this:" +#: modules/administration/pages/image-management.adoc:211 +msgid "URL to the tar archive, compressed or uncompressed, hosted on the webserver." msgstr "" #. type: delimited block - -#: modules/administration/pages/openscap.adoc:156 +#: modules/administration/pages/image-management.adoc:212 #, no-wrap -msgid "Detailed Results: xccdf-report.html xccdf-results.xml scap-yast2sec-oval.xml.result.xml\n" +msgid "https://myimagesourceserver.example.org/MyKiwiImage.tar.gz\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:160 -msgid "" -"To retrieve scan information from the command line, use the " -"[command]``spacewalk-report`` command:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/openscap.adoc:165 -#, no-wrap -msgid "" -"spacewalk-report system-history-scap\n" -"spacewalk-report scap-scan\n" -"spacewalk-report scap-scan-results\n" +#: modules/administration/pages/image-management.adoc:213 +msgid "Path to the directory on the build host" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:169 +#: modules/administration/pages/image-management.adoc:214 msgid "" -"You can also use the {productname} API to view results, with the ``system." -"scap`` handler." +"Enter the path to the directory with the Kiwi build system sources. This " +"directory must be present on the selected build host." msgstr "" -#. type: Title = -#: modules/administration/pages/organizations.adoc:2 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:215 #, no-wrap -msgid "Organizations" +msgid "/var/lib/Kiwi/MyKiwiImage\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/organizations.adoc:6 -msgid "" -"Organizations are used to manage user access and permissions within " -"{productname}." +#. type: Title ==== +#: modules/administration/pages/image-management.adoc:216 +#, no-wrap +msgid "Example of Kiwi Sources" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:10 +#: modules/administration/pages/image-management.adoc:217 msgid "" -"For most environments, a single organization is enough. However, more " -"complicated environments might need several organizations. You might like " -"to have an organization for each physical location within your business, or " -"for different business functions." +"Kiwi sources consist at least of `config.xml`. Usually, `config.sh` and " +"`images.sh` are present as well. Sources can also contain files to be " +"installed in the final image under the `root` subdirectory." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:13 +#: modules/administration/pages/image-management.adoc:218 msgid "" -"When you have created your organizations, you can create and assign users to " -"your organizations. You can then assign permissions on an organization " -"level, which applies by default to every user assigned to the organization." +"For information about the Kiwi build system, see the " +"https://doc.opensuse.org/projects/kiwi/doc/[Kiwi documentation]." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:16 +#: modules/administration/pages/image-management.adoc:219 msgid "" -"You can also configure authentication methods for your new organization, " -"including PAM and single sign-on. For more information about " -"authentication, see xref:administration:auth-methods.adoc[]." +"{suse} provides examples of fully functional image sources at the " +"https://github.com/SUSE/manager-build-profiles[SUSE/manager-build-profiles] " +"public GitHub repository." msgstr "" #. type: Block title -#: modules/administration/pages/organizations.adoc:24 +#: modules/administration/pages/image-management.adoc:220 #, no-wrap -msgid "Procedure: Creating a New Organization" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/organizations.adoc:26 -msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Organizations], and " -"click btn:[Create Organization]." +msgid "Example of JeOS config.xml" msgstr "" -#. type: Plain text -#: modules/administration/pages/organizations.adoc:27 -msgid "In the [guimenu]``Create Organization`` dialog, complete these fields:" +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:221 +#, no-wrap +msgid "\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/organizations.adoc:29 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:222 +#, no-wrap msgid "" -"In the [guimenu]``Organization Name`` field, type a name for your new " -"organization. The name should be between 3 and 128 characters long." +"\n" +" \n" +" Admin User\n" +" noemail@example.com\n" +" SUSE Linux Enterprise 12 SP3 JeOS\n" +" \n" +" \n" +" 6.0.0\n" +" zypper\n" +" SLE\n" +" SLE\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/organizations.adoc:31 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:223 +#, no-wrap msgid "" -"In the [guimenu]``Desired Login`` field, type the login name you want to use " -"for the organization's administrator. This must be a new administrator " -"account, you will not be able to use an existing administrator account to " -"sign in to the new organization, including the one you are currently signed " -"in with." +" en_US\n" +" us.map.gz\n" +" Europe/Berlin\n" +" utc\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/organizations.adoc:34 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:224 +#, no-wrap msgid "" -"In the [guimenu]``Desired Password`` field, type a password for the new " -"organization's administrator. Confirm the password by typing it again in " -"the [guimenu]``Confirm Password`` field. Password strength is indicated by " -"the colored bar beneath the password fields." +" true\n" +" \n" +" \n" +" \n" +" \n" +" \n" +" \n" +" \n" +" \n" +" ...\n" +" \n" +" \n" +" ...\n" +" \n" +" \n" +" \n" msgstr "" -#. type: Plain text -#: modules/administration/pages/organizations.adoc:35 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:225 +#, no-wrap msgid "" -"In the [guimenu]``Email`` field, type an email address for the new " -"organization's administrator." +" \n" +" \n" +" \n" +" \n" +" ...\n" +" \n" +"\n" msgstr "" +#. ianew: admin/image-management.adoc +#. iawho: lana 2019-02-27 #. type: Plain text -#: modules/administration/pages/organizations.adoc:36 +#: modules/administration/pages/image-management.adoc:227 msgid "" -"In the [guimenu]``First Name`` field, select a salutation, and type a given " -"name for the new organization's administrator." +"There are two ways to build an image using the {webui}. Either select " +"menu:Images[Build], or click the build icon in the menu:Images[Profiles] " +"list." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:37 +#: modules/administration/pages/image-management.adoc:231 msgid "" -"In the [guimenu]``Last Name`` field, type a surname for the new " -"organization's administrator." +"Add a different tag name if you want a version other than the default " +"``latest`` (applies only to containers)." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:38 -msgid "Click btn:[Create Organization]." -msgstr "" - -#. type: Title == -#: modules/administration/pages/organizations.adoc:41 -#, no-wrap -msgid "Manage Organizations" +#: modules/administration/pages/image-management.adoc:232 +msgid "Select the [guimenu]``Image Profile`` and a [guimenu]``Build Host``." msgstr "" -#. type: Plain text -#: modules/administration/pages/organizations.adoc:45 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:233 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Organizations] to see a " -"list of available organizations. Click the name of an organization to " -"manage it." +"A [guimenu]``Profile Summary`` is displayed to the right of the build " +"fields. When you have selected a build profile, detailed information about " +"the selected profile will show up in this area." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:47 -msgid "" -"From the menu:Admin[Organizations] section, you can access tabs to manage " -"users, trusts, configuration, and states for your organization." +#: modules/administration/pages/image-management.adoc:234 +msgid "To schedule a build, click the btn:[Build] button." msgstr "" #. type: delimited block = -#: modules/administration/pages/organizations.adoc:52 +#: modules/administration/pages/image-management.adoc:235 msgid "" -"Organizations can only be managed by their administrators. To manage an " -"organization, ensure you are signed in as the correct administrator for the " -"organization you want to change." +"The build server cannot run any form of automounter during the image " +"building process. If applicable, ensure that you do not have your Gnome " +"session running as root. If an automounter is running, the image build will " +"finish successfully, but the checksum of the image will be different and " +"will fail later." msgstr "" -#. type: Title === -#: modules/administration/pages/organizations.adoc:56 -#, no-wrap -msgid "Organization Users" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:236 +msgid "" +"After the image is successfully built, the inspection phase begins. During " +"the inspection phase {susemgr} collects information about the image:" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:60 -msgid "" -"Navigate to the [guimenu]``Users`` tab to view the list of all users " -"associated with the organization, and their role. Clicking a username takes " -"you to the [guimenu]``Users`` menu to add, change, or delete users." +#: modules/administration/pages/image-management.adoc:237 +msgid "List of packages installed in the image" msgstr "" -#. type: Title === -#: modules/administration/pages/organizations.adoc:63 -#, no-wrap -msgid "Trusted Organizations" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:238 +msgid "Checksum of the image" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:67 +#: modules/administration/pages/image-management.adoc:239 +msgid "Image type and other image details" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:240 msgid "" -"Navigate to the [guimenu]``Trusts`` tab to add or remove trusted " -"organizations. Establishing trust between organizations allow them to share " -"content between them, and gives you the ability to migrate clients from one " -"organization to another." +"If the built image type is `PXE`, a Salt pillar will also be generated. " +"Image pillars are stored in the `/srv/susemanager/pillar_data/images/` " +"directory and the Salt subsystem can access details about the generated " +"image. Details include where the pillar is located and provided, image " +"checksums, information needed for network boot, and more." msgstr "" -#. type: Title === -#: modules/administration/pages/organizations.adoc:70 -#, no-wrap -msgid "Configure Organizations" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:241 +msgid "The generated pillar is available to all connected clients." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:74 +#: modules/administration/pages/image-management.adoc:243 msgid "" -"Navigate to the [guimenu]``Configuration`` tab to manage the configuration " -"of your organization. This includes the use of staged contents, setting up " -"crash reporting, and the use of SCAP files." +"Building an image requires several dependent steps. When the build fails, " +"investigating Salt states results can help identify the source of the " +"failure. You can carry out these checks when the build fails:" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:76 -msgid "" -"For more information about content staging, see xref:administration:content-" -"staging.adoc[]." +#: modules/administration/pages/image-management.adoc:244 +msgid "The build host can access the build sources" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:78 +#: modules/administration/pages/image-management.adoc:245 msgid "" -"For more information about OpenSCAP, see xref:reference:audit/audit-openscap-" -"overview.adoc[]." +"There is enough disk space for the image on both the build host and the " +"{productname} server" msgstr "" -#. type: Title == -#: modules/administration/pages/organizations.adoc:81 -#, no-wrap -msgid "Manage States" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:246 +msgid "The activation key has the correct channels associated with it" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:86 -msgid "" -"Navigate to the [guimenu]``States`` tab to manage Salt states for all " -"clients in your organization. States allow you to define global security " -"policies, or add a common admin user to all clients." +#: modules/administration/pages/image-management.adoc:247 +msgid "The build sources used are valid" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:88 +#: modules/administration/pages/image-management.adoc:248 msgid "" -"For more information about Salt States, see xref:salt:salt-states.adoc[]." +"The RPM package with the {productname} public certificate is up to date and " +"available at " +"`/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-osimage-1.0-1.noarch.rpm`. " +"For more on how to refresh a public certificate RPM, see " +"<>." msgstr "" #. type: Title === -#: modules/administration/pages/organizations.adoc:91 +#: modules/administration/pages/image-management.adoc:249 #, no-wrap -msgid "Manage Configuration Channels" +msgid "Limitations" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:250 +msgid "The section contains some known issues when working with images." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:96 +#: modules/administration/pages/image-management.adoc:251 msgid "" -"You can select which configuration channels should be applied across your " -"organization. Configuration channels can be created in the {productname} " -"{webui} by navigating to menu:Configuration[Channels]. Apply configuration " -"channels to your organization using the {productname} {webui}." +"HTTPS certificates used to access the HTTP sources or git repositories " +"should be deployed to the client by a custom state file, or configured " +"manually." msgstr "" -#. type: Block title -#: modules/administration/pages/organizations.adoc:97 +#. type: Plain text +#: modules/administration/pages/image-management.adoc:252 +msgid "Importing Kiwi-based images is not supported." +msgstr "" + +#. type: Title == +#: modules/administration/pages/image-management.adoc:253 #, no-wrap -msgid "Procedure: Applying Configuration Channels to an Organization" +msgid "List Image Profiles Available for Building" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:99 +#: modules/administration/pages/image-management.adoc:254 msgid "" -"In the {productname} {webui}, navigate to menu:Home[My Organization > " -"Configuration Channels]." +"To list images available for building select menu:Images[Image List]. A " +"list of all images will be displayed." msgstr "" -#. type: Plain text -#: modules/administration/pages/organizations.adoc:100 -msgid "Use the search feature to locate a channel by name." +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:255 +#, no-wrap +msgid "images_list_images.png" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:102 +#: modules/administration/pages/image-management.adoc:256 msgid "" -"Check the channel to be applied and click btn:[Save Changes]. This saves to " -"the database, but does not apply the changes to the channel." +"Displayed data about images includes an image [guimenu]``Name``, its " +"[guimenu]``Version`` and the build [guimenu]``Status``. You will also see " +"the image update status with a listing of possible patch and package updates " +"that are available for the image." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:103 +#: modules/administration/pages/image-management.adoc:257 +msgid "" +"Clicking the btn:[Details] button on an image will provide a detailed view. " +"The detailed view includes an exact list of relevant patches and a list of " +"all packages installed within the image." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:258 msgid "" -"Apply the changes by clicking btn:[Apply]. This schedules the task to apply " -"the changes to all clients within the organization." +"The patch and the package list is only available if the inspect state after " +"a build was successful." msgstr "" #. type: Title = -#: modules/administration/pages/public-cloud-azure.adoc:2 +#: modules/administration/pages/iss.adoc:1 #, no-wrap -msgid "{productname} with Azure" +msgid "Inter-Server Synchronization" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:6 +#: modules/administration/pages/iss.adoc:2 msgid "" -"You can use {productname} Server and Proxy with the Microsoft Azure public " -"cloud. This section discusses what you will need for running {productname} " -"in Azure, and how to set up your installation." +"If you have more than one {productname} installation, you need to ensure " +"that they stay aligned on content and permissions. Inter-Server " +"Synchronization (ISS) allows you to connect two or more {productname} " +"Servers and keep them up-to-date." msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud-azure.adoc:8 +#. type: Plain text +#: modules/administration/pages/iss.adoc:3 +msgid "" +"To set up ISS, you need to define one {productname} Server as a master, with " +"the other as a slave. If conflicting configurations exist, the system will " +"prioritize the master configuration." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/iss.adoc:4 +msgid "" +"ISS Masters are masters only because they have slaves attached to them. " +"This means that you need to set up the ISS Master first, by defining its " +"slaves. You can then set up the ISS Slaves, by attaching them to a master." +msgstr "" + +#. type: Block title +#: modules/administration/pages/iss.adoc:5 #, no-wrap -msgid "Configure the Azure Cloud Instance" +msgid "Procedure: Setting up an ISS Master" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:14 +#: modules/administration/pages/iss.adoc:6 msgid "" -"Use the ``SUSE Manager Server 4 BYOS`` image. The image is a pre-built " -"image created by {suse}. It is based on JeoS, and SUSE Manager is pre-" -"installed but not configured. Configuring SUSE Manager has to be done " -"manually with {yast}." +"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " +"Master Setup], and click btn:[Add new slave]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:16 +#: modules/administration/pages/iss.adoc:7 msgid "" -"When you create your Azure virtual machine, choose something `like d8s_v3` " -"with 8{nbsp}vCPUs and 32{nbsp}GB RAM." +"In the [guimenu]``Edit Slave Details`` dialog, provide these details for the " +"ISS Master's first slave:" msgstr "" -#. * Up to 4 data disks -#. * Max IOPS 2400 -#. * Temporary storage disk of 16{nbsp}GB. -#. Data on this disk will be destroyed after the guest has been switched off. #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:24 -msgid "When you are setting up disk partitioning, we recommend:" +#: modules/administration/pages/iss.adoc:8 +msgid "" +"In the [guimenu]``Slave Fully-Qualified Domain Name`` field, enter the FQDN " +"of the ISS Slave." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:26 -msgid "30{nbsp}GB for the disk running the operating system" +#: modules/administration/pages/iss.adoc:9 +msgid "For example: [systemitem]``server2.example.com``." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:27 -msgid "Select `Standard HDD` for the storage account type" +#: modules/administration/pages/iss.adoc:10 +msgid "" +"Check the [guimenu]``Allow Slave to Sync?`` checkbox to enable the slave to " +"synchronize with the master." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:29 -msgid "You will also require three additional data disks:" +#: modules/administration/pages/iss.adoc:11 +msgid "" +"Check the [guimenu]``Sync All Orgs to Slave?`` checkbox to synchronize all " +"organizations to this slave." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:31 -msgid "Disk 0: 64{nbsp}GB on Premium SSD, mounted at [path]``/var/lib/pgsql``" +#: modules/administration/pages/iss.adoc:12 +msgid "Click btn:[Create] to add the ISS slave." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:32 +#: modules/administration/pages/iss.adoc:13 msgid "" -"Disk 1: 512{nbsp}GB on Standard SSD, mounted at [path]``/var/spacewalk``" +"In the [guimenu]``Allow Export of the Selected Organizations`` section, " +"check the organizations you want to allow this slave to export to the " +"master, and click btn:[Allow Orgs]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:33 -msgid "Disk 2: 128{nbsp}GB on Standard SSD, mounted at [path]``/var/cache``" -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/public-cloud-azure.adoc:38 +#: modules/administration/pages/iss.adoc:14 msgid "" -"Do not use LVM with Azure. If you need more disk space, extend a disk in " -"the Azure portal, then extend the file system with [command]``xfs_growfs``." +"Before you set up the ISS Slave, you will need to ensure you have the " +"appropriate CA certificate." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:41 -msgid "Partition the disks like this:" +#. type: Block title +#: modules/administration/pages/iss.adoc:15 +#, no-wrap +msgid "Procedure: Copying the Master CA Certificate to an ISS Slave" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:43 -msgid "[path]``/dev/sda``: 4 partitions containing the OS" +#: modules/administration/pages/iss.adoc:16 +msgid "" +"On the ISS Master, locate the CA Certificate at " +"``/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT`` and create a copy that can " +"be transferred to the ISS Slave." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:44 -msgid "[path]``/dev/sdb``: temporary storage disk, do not use" +#: modules/administration/pages/iss.adoc:17 +msgid "" +"On the ISS Slave, save the CA certificate file to the " +"``/etc/pki/trust/anchors/`` directory." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:45 -msgid "[path]``/dev/sdc``: contains [path]``/var/lib/pgsql``" +#: modules/administration/pages/iss.adoc:18 +msgid "When you have copied the certificate, you can set up the ISS Slave." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:46 -msgid "[path]``/dev/sdd``: contains [path]``/var/spacewalk``" +#. type: Block title +#: modules/administration/pages/iss.adoc:19 +#, no-wrap +msgid "Procedure: Setting up an ISS Slave" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:47 -msgid "[path]``/dev/sde``: contains [path]``/var/cache``" +#: modules/administration/pages/iss.adoc:20 +msgid "" +"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " +"Slave Setup], and click btn:[Add new master]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:49 -msgid "You can use these commands to create the disks:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:71 -#, no-wrap +#: modules/administration/pages/iss.adoc:21 msgid "" -"for d in sdc sdd sde; do\n" -" parted --script /dev/$d mklabel gpt mkpart primary xfs 0% 100%\n" -" mkfs.xfs /dev/${d}1\n" -"done\n" -"mkdir /cachetmp\n" -"mount /dev/sde1 /cachetmp\n" -"cp -a /var/cache/* /cachetmp/\n" -"umount /cachetmp\n" -"echo \"$(blkid /dev/sdc1|awk -F \" \" '{ print $2 }') /var/lib/pgsql xfs defaults,noatime 0 0\" >> /etc/fstab\n" -"echo \"$(blkid /dev/sdd1|awk -F \" \" '{ print $2 }') /var/spacewalk xfs defaults,noatime 0 0\" >> /etc/fstab\n" -"echo \"$(blkid /dev/sde1|awk -F \" \" '{ print $2 }') /var/cache xfs defaults,noatime 0 0\" >> /etc/fstab\n" -"mkdir -p /var/spacewalk\n" -"mount /var/spacewalk\n" -"chown -R wwwrun:root /var/spacewalk\n" -"mount /var/lib/pgsql\n" -"chown -R postgres:postgres /var/lib/pgsql\n" -"mv /var/cache /var/cache.old\n" -"mkdir /var/cache\n" -"mount /var/cache\n" -"rm -r /var/cache.old\n" +"In the [guimenu]``Details for new Master`` dialog, provide these details for " +"the server to use as the ISS master:" msgstr "" -#. REMARK: I guess you do this in your Azure instance -#. REMARK: Where do you configure this? #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:77 +#: modules/administration/pages/iss.adoc:22 msgid "" -"When you are setting up networking, we recommend that you create a separate " -"private network, with the IP range `10.0.0.0/24`." +"In the [guimenu]``Master Fully-Qualified Domain Name`` field, enter the FQDN " +"of the ISS Master for this slave." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:80 -msgid "" -"Configure the {productname} Server to use the internal IP address " -"`10.0.0.4`. Ensure it is also accessible from outside the network with a " -"fixed IP address." +#: modules/administration/pages/iss.adoc:23 +msgid "For example: ``server1.example.com``." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:83 +#: modules/administration/pages/iss.adoc:24 msgid "" -"Configure the firewall to only allow inbound traffic on ports `22`, `80`, " -"and `443` to IP address `10.0.0.4`. In this environment, if other servers " -"are added to the network they cannot be reached from outside the network." +"In the [guimenu]``Filename of this Master's CA Certificate`` field, enter " +"the absolute path to the CA certificate on the ISS master." msgstr "" -#. REMARK: Was does this mean? #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:87 -msgid "" -"Outbound is open from the private network. This should be restricted for " -"other servers in this private network." +#: modules/administration/pages/iss.adoc:25 +msgid "This should be ``/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT``." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:90 -msgid "" -"You will need to set the DNS zones in Azure before you can configure the " -"{productname} Server. For more information on setting DNS zones, see the " -"Azure documentation." +#: modules/administration/pages/iss.adoc:26 +msgid "Click btn:[Add new master] to add the ISS Slave to this master." msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud-azure.adoc:93 +#. type: Block title +#: modules/administration/pages/iss.adoc:27 #, no-wrap -msgid "Configure {productname} Server" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:96 -msgid "Ensure that your {productname} Server is registered with {scc}." +msgid "Procedure: Completing ISS Setup" msgstr "" -#. I wonder why we do even need spacecmd #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:99 -msgid "When your server is registered, install these extra packages:" +#: modules/administration/pages/iss.adoc:28 +msgid "At the command prompt on the ISS Slave, synchronize with the ISS Master:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:101 +#: modules/administration/pages/iss.adoc:29 #, no-wrap -msgid "zypper -n in spacecmd mlocate sysstat\n" +msgid "mgr-inter-sync\n" msgstr "" -#. spacecmd will be installed by default next time -#. ^ How is so? #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:106 -msgid "Apply the latest updates and reboot the server:" +#: modules/administration/pages/iss.adoc:30 +msgid "OPTIONAL: To synchronize a single channel, use this command:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:109 +#: modules/administration/pages/iss.adoc:31 #, no-wrap -msgid "" -"zypper -n up -l\n" -"reboot\n" +msgid "mgr-inter-sync -c \n" msgstr "" +#. Need to double check this against the UI. --LKB 2020-04-08 #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:112 -msgid "Check that all file systems are mounted and that PostgreSQL is running:" +#: modules/administration/pages/iss.adoc:32 +msgid "" +"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " +"Configure Master-to-Slave Mappings] and select the organizations you want to " +"synchronize." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:115 +#. type: Title = +#: modules/administration/pages/live-patching-channel-setup.adoc:1 #, no-wrap -msgid "" -"mount\n" -"service postgresql status\n" +msgid "Set up Channels for Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:119 +#: modules/administration/pages/live-patching-channel-setup.adoc:2 msgid "" -"Complete {productname} Server installation and configuration. For more " -"information, see xref:installation:server-setup.adoc[]." +"A reboot is required every time you update the full kernel package. " +"Therefore, it is important that clients using Live Patching do not have " +"newer kernels available in the channels they are assigned to. Clients using " +"live patching have updates for the running kernel in the live patching " +"channels." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:122 -msgid "" -"We recommend you configure the {productname} Server so that DHCP does not " -"set the host name. Check [path]``/etc/sysconfig/network/dhcp`` and ensure " -"that `DHCLIENT_SET_HOSTNAME` is set to [literal]``no``:" +#: modules/administration/pages/live-patching-channel-setup.adoc:3 +msgid "There are two ways to manage channels for live patching:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:124 -#, no-wrap -msgid "DHCLIENT_SET_HOSTNAME=\"no\"\n" +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:4 +msgid "" +"Use content lifecycle management to clone the product tree and remove kernel " +"versions newer than the running one. This procedure is explained in the " +"xref:content-lifecycle-examples.adoc#enhance-project-with-livepatching[Content " +"Livecycle Management Examples]. This is the recommended solution." msgstr "" -#. REMARK: hostname -i? #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:129 +#: modules/administration/pages/live-patching-channel-setup.adoc:5 msgid "" -"Add the Azure client to the [path]``/etc/hosts`` file. At the command " -"prompt, replace [literal]```` with the IP address of the server:" +"Alternatively, use the `spacewalk-manage-channel-lifecycle` tool. This " +"procedure is more manual and requires command line tools as well as the " +"{webui}. This procedure is explained in this section for SLES{nbsp}15 SP1, " +"but it also works for SLE{nbsp}12 SP4 or later." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:131 +#. type: Title == +#: modules/administration/pages/live-patching-channel-setup.adoc:6 #, no-wrap -msgid "echo \" $(hostname -f) $(hostname)\" >> /etc/hosts\n" +msgid "Use spacewalk-manage-channel-lifecycle for Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:138 +#: modules/administration/pages/live-patching-channel-setup.adoc:7 msgid "" -"{productname} Server has a default administration user. In Azure, the " -"system administrator user is called [literal]``admin``. The `admin` user's " -"password is built with two parts. The first part can be found by using this " -"command:" +"Cloned vendor channels should be prefixed by ``dev`` for development, " +"``testing``, or ``prod`` for production. In this procedure, you will create " +"a ``dev`` cloned channel and then promote the channel to ``testing``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:140 +#. type: Block title +#: modules/administration/pages/live-patching-channel-setup.adoc:8 #, no-wrap -msgid "azuremetadata --instance-name\n" +msgid "Procedure: Cloning Live Patching Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:143 -msgid "The second part of the password is [literal]``-suma``" +#: modules/administration/pages/live-patching-channel-setup.adoc:9 +msgid "" +"At the command prompt on the client, as root, obtain the current package " +"channel tree:" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:145 +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:10 +#, no-wrap msgid "" -"Alternatively, you can check the [path]``/var/log/susemanager_firstuser." -"log`` file." +"# spacewalk-manage-channel-lifecycle --list-channels\n" +"Spacewalk Username: admin\n" +"Spacewalk Password:\n" +"Channel tree:\n" msgstr "" -#. type: Title = -#: modules/administration/pages/public-cloud.adoc:2 +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:11 #, no-wrap -msgid "Public Cloud" +msgid "" +" 1. sles15-{sp-vert}-pool-x86_64\n" +" \\__ sle-live-patching15-pool-x86_64-{sp-vert}\n" +" \\__ sle-live-patching15-updates-x86_64-{sp-vert}\n" +" \\__ sle-manager-tools15-pool-x86_64-{sp-vert}\n" +" \\__ sle-manager-tools15-updates-x86_64-{sp-vert}\n" +" \\__ sles15-{sp-vert}-updates-x86_64\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:7 +#: modules/administration/pages/live-patching-channel-setup.adoc:12 msgid "" -"Some public cloud environments provide images for {productname} Server and " -"Proxy. This section discusses what you will need for running {productname} " -"in a public cloud, and how to set up your installation." +"Use the [command]``spacewalk-manage-channel`` command with the " +"[option]``init`` argument to automatically create a new development clone of " +"the original vendor channel:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/public-cloud.adoc:13 -msgid "" -"Public clouds provide {productname} under a Bring Your Own Subscription " -"(BYOS) model. This means that you must register them with the {scc}. For " -"more information about registering {productname} with {scc}, see xref:" -"installation:general-requirements.adoc[]." +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:13 +#, no-wrap +msgid "spacewalk-manage-channel-lifecycle --init -c sles15-{sp-vert}-pool-x86_64\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:16 +#: modules/administration/pages/live-patching-channel-setup.adoc:14 msgid "" -"Depending on the public cloud network you are using, you can locate the " -"{productname} installation images by searching for the keywords " -"[package]``suse``, [package]``manager``, [package]``proxy``, or " -"[package]``BYOS``." +"Check that [systemitem]``dev-sles15-{sp-vert}-updates-x86_64`` is available " +"in your channel list." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:18 +#: modules/administration/pages/live-patching-channel-setup.adoc:15 msgid "" -"For ``SUSE Manager Server in Azure``, see xref:administration:public-cloud-" -"azure.adoc[]." +"Check the ``dev`` cloned channel you created, and remove any kernel updates " +"that require a reboot." msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud.adoc:21 +#. type: Block title +#: modules/administration/pages/live-patching-channel-setup.adoc:16 #, no-wrap -msgid "Instance Requirements" +msgid "Procedure: Removing Non-Live Kernel Patches from Cloned Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:24 +#: modules/administration/pages/live-patching-channel-setup.adoc:17 msgid "" -"Select a public cloud instance that meets the hardware requirements in xref:" -"installation:hardware-requirements.adoc[]." +"Check the current kernel version by selecting the client from " +"menu:Systems[System List], and taking note of the version displayed in the " +"[guimenu]``Kernel`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:26 -msgid "In addition, be aware of these considerations:" +#: modules/administration/pages/live-patching-channel-setup.adoc:18 +msgid "" +"In the {productname} {webui}, select the client from menu:Systems[Overview], " +"navigate to the menu:Software[Manage > Channels] tab, and select " +"[systemitem]``dev-sles15-sp{sp-vert}-updates-x86_64``." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:30 +#: modules/administration/pages/live-patching-channel-setup.adoc:19 msgid "" -"The {productname} setup procedure performs a forward-confirmed reverse DNS " -"lookup. This must succeed in order for the setup procedure to complete " -"successfully and for {productname} to operate as expected. Therefore, it is " -"important to perform hostname and IP configuration prior to running the " -"{productname} setup procedure." +"Navigate to the [guimenu]``Patches`` tab, and click btn:[List/Remove " +"Patches]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:34 +#: modules/administration/pages/live-patching-channel-setup.adoc:20 msgid "" -"{productname} Server and Proxy instances are expected to run in a network " -"configuration that provides you control over DNS entries, but cannot access " -"the wider internet. Within this network configuration DNS resolution must " -"be provided: `hostname -f` must return the fully-qualified domain name " -"(FQDN). DNS resolution is also important for connecting clients. DNS is " -"dependent on the cloud framework you choose, refer to the cloud service " -"provider documentation for detailed instructions." +"In the search bar, type [systemitem]``kernel`` and identify the kernel " +"version that matches the kernel currently used by your client." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:37 +#: modules/administration/pages/live-patching-channel-setup.adoc:21 msgid "" -"We recommend that you locate software repositories, the server database, and " -"the proxy squid cache on an external virtual disk. This prevents data loss " -"if the instance is unexpectedly terminated. Instructions for setting up an " -"external virtual disk are contained in this section." -msgstr "" - -#. type: Title == -#: modules/administration/pages/public-cloud.adoc:40 -#, no-wrap -msgid "Network Setup" +"Remove all kernel versions that are newer than the currently installed " +"kernel." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:44 +#: modules/administration/pages/live-patching-channel-setup.adoc:22 msgid "" -"On a public cloud service, you must run {productname} within a restricted " -"network, such as VPC private subnet with an appropriate firewall setting. " -"The instance must only be able to be accessed by machines in your specified " -"IP ranges." +"Your channel is now set up for live patching, and can be promoted to " +"``testing``. In this procedure, you will also add the live patching child " +"channels to your client, ready to be applied." msgstr "" -#. type: delimited block = -#: modules/administration/pages/public-cloud.adoc:48 -msgid "" -"A world-accessible {productname} instance violates the terms of the " -"{productname} EULA, and it will not be supported by {suse}." +#. type: Block title +#: modules/administration/pages/live-patching-channel-setup.adoc:23 +#, no-wrap +msgid "Procedure: Promoting Live Patching Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:51 +#: modules/administration/pages/live-patching-channel-setup.adoc:24 msgid "" -"To access the {productname} {webui}, allow HTTPS when you set up your " -"networking environment." +"At the command prompt on the client, as `root`, promote and clone the " +"`dev-sles15-{sp-vert}-pool-x86_64` channel to a new ``testing`` channel:" msgstr "" -#. type: Title === -#: modules/administration/pages/public-cloud.adoc:54 +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:25 #, no-wrap -msgid "Set the Hostname" +msgid "" +"# spacewalk-manage-channel-lifecycle --promote -c " +"dev-sles15-{sp-vert}-pool-x86_64\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:58 +#: modules/administration/pages/live-patching-channel-setup.adoc:26 msgid "" -"{productname} requires a stable and reliable hostname. Changing the " -"hostname at a later point can create errors." +"In the {productname} {webui}, select the client from menu:Systems[Overview], " +"and navigate to the menu:Software[Software Channels] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:61 +#: modules/administration/pages/live-patching-channel-setup.adoc:27 msgid "" -"In most public cloud environments, the method shown in this section will " -"work correctly. However, you will have to perform the same modification for " -"every client." +"Check the new [systemitem]``test-sles15-sp{sp-vert}-pool-x86_64`` custom " +"channel to change the base channel, and check both corresponding live " +"patching child channels." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:63 +#: modules/administration/pages/live-patching-channel-setup.adoc:28 msgid "" -"You might prefer to manage DNS resolution by creating a DNS entry in your " -"network environment instead." +"Click btn:[Next], confirm that the details are correct, and click " +"btn:[Confirm] to save the changes." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:67 +#: modules/administration/pages/live-patching-channel-setup.adoc:29 msgid "" -"You can also manage hostname resolution by editing the [path]``/etc/resolv." -"conf`` file. Depending on the order of your setup, if you start the " -"{productname} instance prior to setting up DNS services the file may not " -"contain the appropriate [systemitem]``search`` directive. Check that the " -"proper search directive exists in [path]``/etc/resolv.conf`` and add it if " -"it is missing." +"You can now select and view available CVE patches, and apply these important " +"kernel updates with Live Patching." msgstr "" -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:68 +#. type: Title = +#: modules/administration/pages/live-patching-sles12.adoc:1 #, no-wrap -msgid "Procedure: Setting the hostname locally" +msgid "Live Patching on SLES{nbsp}12" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:71 +#: modules/administration/pages/live-patching-sles12.adoc:2 msgid "" -"Disable hostname setup by editing the DHCP configuration file at [path]``/" -"etc/sysconfig/network/dhcp``, and adding this line:" +"On SLES{nbsp}12 systems, live patching is managed by kGraft. For in depth " +"information covering kGraft use, see " +"https://documentation.suse.com/sles/12-SP4/html/SLES-all/cha-kgraft.html." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:78 -msgid "" -"Set the hostname locally with the [command]``hostnamectl`` command. Ensure " -"you use the system name, not the FQDN. For example, if the FQDN is " -"[path]``system_name.example.com``, the system name is [path]``system_name``, " -"and the domain name is [path]``example.com``." -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:81 -#, no-wrap -msgid "# hostnamectl set-hostname system_name\n" +#: modules/administration/pages/live-patching-sles12.adoc:3 +#: modules/administration/pages/live-patching-sles15.adoc:3 +msgid "Before you begin, ensure:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:84 -msgid "" -"Create a DNS entry in your network environment for domain name resolution, " -"or force correct resolution by editing the [path]``/etc/hosts`` file. You " -"can find the IP address by checking your public cloud web console, or from " -"the command line:" +#: modules/administration/pages/live-patching-sles12.adoc:4 +#: modules/administration/pages/live-patching-sles15.adoc:4 +msgid "{productname} is fully updated." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:87 -msgid "Amazon EC2 instance:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:90 -#, no-wrap -msgid "# ec2metadata --local-ipv4\n" +#: modules/administration/pages/live-patching-sles12.adoc:5 +msgid "You have one or more Salt clients running SLES{nbsp}12 (SP1 or later)." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:92 -msgid "Google Compute Engine:" +#: modules/administration/pages/live-patching-sles12.adoc:6 +msgid "Your SLES{nbsp}12 Salt clients are registered with {productname}." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:95 -#, no-wrap -msgid "# gcemetadata --query instance --network-interfaces --ip\n" +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:7 +msgid "" +"You have access to the SLES{nbsp}12 channels appropriate for your " +"architecture, including the live patching child channel (or channels)." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:97 -msgid "Microsoft Azure:" +#: modules/administration/pages/live-patching-sles12.adoc:8 +#: modules/administration/pages/live-patching-sles15.adoc:8 +msgid "The clients are fully synchronized." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:100 -#, no-wrap -msgid "# azuremetadata --internal-ip\n" +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:9 +#: modules/administration/pages/live-patching-sles15.adoc:9 +msgid "Assign the clients to the cloned channels prepared for live patching." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:104 +#: modules/administration/pages/live-patching-sles12.adoc:10 +#: modules/administration/pages/live-patching-sles15.adoc:10 msgid "" -"In the following command, replace [literal]```` with IP address " -"you retrieve from the command line above:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:108 -#, no-wrap -msgid "# echo \" suma.cloud.net suma\" >> /etc/hosts\n" +"For more information on preparation, see " +"xref:administration:live-patching-channel-setup.adoc[]." msgstr "" -#. type: Title === -#: modules/administration/pages/public-cloud.adoc:111 +#. type: Block title +#: modules/administration/pages/live-patching-sles12.adoc:11 +#: modules/administration/pages/live-patching-sles15.adoc:11 #, no-wrap -msgid "Set up DNS Resolution" +msgid "Procedure: Setting up for Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:115 +#: modules/administration/pages/live-patching-sles12.adoc:12 msgid "" -"You will need to update the DNS records for the instance within the DNS " -"service of your network environment. Refer to the cloud service provider " -"documentation for detailed instructions:" +"Select the client you want to manage with Live Patching from " +"menu:Systems[Overview], and on the system details page navigate to the " +"menu:Software[Packages > Install] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:117 -msgid "" -"http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html[DNS setup " -"on Amazon EC2]" +#: modules/administration/pages/live-patching-sles12.adoc:13 +msgid "Search for the [systemitem]``kgraft`` package, and install it." +msgstr "" + +#. type: Target for macro image +#: modules/administration/pages/live-patching-sles12.adoc:14 +#, no-wrap +msgid "enable_live_patching_kgraft_install.png" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:118 -msgid "" -"https://cloud.google.com/compute/docs/networking[DNS setup on Google Compute " -"Engine]" +#: modules/administration/pages/live-patching-sles12.adoc:15 +#: modules/administration/pages/live-patching-sles15.adoc:15 +msgid "Apply the highstate to enable Live Patching, and reboot the client." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:119 -msgid "" -"https://azure.microsoft.com/en-us/documentation/articles/dns-operations-" -"recordsets[DNS setup on Microsoft Azure]" +#: modules/administration/pages/live-patching-sles12.adoc:16 +#: modules/administration/pages/live-patching-sles15.adoc:16 +msgid "Repeat for each client that you want to manage with Live Patching." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:122 +#: modules/administration/pages/live-patching-sles12.adoc:17 msgid "" -"If you run a {productname} Server instance, ensure the external storage is " -"attached and prepared correctly, and that DNS resolution is set up as " -"described. Start the ``susemanager_setup`` with {yast}:" +"To check that live patching has been enabled correctly, select the client " +"from menu:Systems[System List], and ensure that [systemitem]``Live " +"Patching`` appears in the [guimenu]``Kernel`` field." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:125 +#. type: Block title +#: modules/administration/pages/live-patching-sles12.adoc:18 +#: modules/administration/pages/live-patching-sles15.adoc:18 #, no-wrap -msgid "# /sbin/yast2 susemanager_setup\n" +msgid "Procedure: Applying Live Patches to a Kernel" msgstr "" -#. No need to duplicate this, since it exists within the docs suite. LKB 2019-05-29 -#. Uncommenting, as it turns out some of this content is unique. Will need a more surgical look. LKB 2019-08-02 #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:136 -msgid "" -"The {productname} setup procedure in YaST is designed as a one pass process " -"with no rollback or cleanup capability. Therefore, if the setup procedure " -"is interrupted or ends with an error, it is not recommended that you repeat " -"the setup process or attempts to manually fix the configuration. These " -"methods are likely to result in a faulty {productname} installation. If you " -"experience errors during setup, start a new instance, and begin the setup " -"procedure again on a clean system." +#: modules/administration/pages/live-patching-sles12.adoc:19 +#: modules/administration/pages/live-patching-sles15.adoc:19 +msgid "In the {productname} {webui}, select the client from menu:Systems[Overview]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:138 +#: modules/administration/pages/live-patching-sles12.adoc:20 +#: modules/administration/pages/live-patching-sles15.adoc:20 msgid "" -"If you receive a message that there is not enough space available for setup, " -"ensure that your root volume is at least 20 GB and double check that the " -"instructions in <> have been completed " -"correctly." +"You will see a banner at the top of the screen showing the number of " +"critical and non-critical packages available for the client:" msgstr "" -# -# -# -# -#. REMARK check this; will it still work for sle 15? -#. Commented out per https://github.com/SUSE/spacewalk/issues/8951 LKB 2019-08-06 -#. {productname} Server for the public cloud comes with a bootstrap data module pre-installed. -#. The bootstrap module contains optimized package lists for bootstrapping instances started from {sle} images published by {suse}. -#. If you intend to register such an instance, when you create the bootstrap repository run the [command]``mgr-create-bootstrap-repo`` script using this command, to create a bootstrap repository suitable for {sle} 12 SP1 instances. -#. ---- -#. $ mgr-create-bootstrap-repo --datamodule=mgr_pubcloud_bootstrap_data -c SLE-12-SP1-x86_64 -#. ---- -#. See xref:client-configuration:creating-a-tools-repository.adoc[] for more information on bootstrapping. -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:156 -msgid "" -"Prior to registering instances started from on demand images remove the " -"following packages from the instance to be registered:" +#. type: Target for macro image +#: modules/administration/pages/live-patching-sles12.adoc:21 +#: modules/administration/pages/live-patching-sles15.adoc:21 +#, no-wrap +msgid "live_patching_criticalupdates.png" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:157 -msgid "cloud-regionsrv-client" +#: modules/administration/pages/live-patching-sles12.adoc:22 +#: modules/administration/pages/live-patching-sles15.adoc:22 +msgid "Click btn:[Critical] to see a list of the available critical patches." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:158 -#, no-wrap -msgid "*For Amazon EC2*\n" +#: modules/administration/pages/live-patching-sles12.adoc:23 +#: modules/administration/pages/live-patching-sles15.adoc:23 +msgid "" +"Select any patch with a synopsis reading [guimenu]``Important: Security " +"update for the Linux kernel``." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:160 -msgid "regionServiceClientConfigEC2" +#: modules/administration/pages/live-patching-sles12.adoc:24 +#: modules/administration/pages/live-patching-sles15.adoc:24 +msgid "Security bugs will also include their CVE number, where applicable." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:162 -msgid "regionServiceCertsEC2" +#: modules/administration/pages/live-patching-sles12.adoc:25 +#: modules/administration/pages/live-patching-sles15.adoc:25 +msgid "" +"OPTIONAL: If you know the CVE number of a patch you want to apply, you can " +"search for it in menu:Audit[CVE Audit], and apply the patch to any clients " +"that require it." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:163 -#, no-wrap -msgid "*For Google Compute Engine*\n" +#. type: delimited block = +#: modules/administration/pages/live-patching-sles12.adoc:26 +#: modules/administration/pages/live-patching-sles15.adoc:26 +msgid "" +"Not all kernel patches are Live Patches! Non-Live kernel patches are " +"represented by a `Reboot Required` icon located next to the `Security` " +"shield icon. These patches will always require a reboot." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:165 -msgid "cloud-regionsrv-client-plugin-gce" +#. type: delimited block = +#: modules/administration/pages/live-patching-sles12.adoc:27 +#: modules/administration/pages/live-patching-sles15.adoc:27 +msgid "" +"Not all security issues can be fixed by applying a live patch. Some " +"security issues can only be fixed by applying a full kernel update and will " +"require a reboot. The assigned CVE numbers for these issues are not " +"included in live patches. A CVE audit will display this requirement." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:167 -msgid "regionServiceClientConfigGCE" +#. type: Title = +#: modules/administration/pages/live-patching-sles15.adoc:1 +#, no-wrap +msgid "Live Patching on SLES{nbsp}15" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:169 -msgid "regionServiceCertsGCE" +#: modules/administration/pages/live-patching-sles15.adoc:2 +msgid "" +"On SLES{nbsp}15 systems and newer, live patching is managed by the " +"[systemitem]``klp livepatch`` tool." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:170 -#, no-wrap -msgid "*For Microsoft Azure*\n" +#: modules/administration/pages/live-patching-sles15.adoc:5 +msgid "You have one or more Salt clients running SLES{nbsp}15 (SP1 or later)." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:172 -msgid "regionServiceClientConfigAzure" +#: modules/administration/pages/live-patching-sles15.adoc:6 +msgid "Your SLES{nbsp}15 Salt clients are registered with {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:174 -msgid "regionServiceCertsAzure" +#: modules/administration/pages/live-patching-sles15.adoc:7 +msgid "" +"You have access to the SLES{nbsp}15 channels appropriate for your " +"architecture, including the live patching child channel (or channels)." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:177 +#: modules/administration/pages/live-patching-sles15.adoc:12 msgid "" -"If these packages are not removed it is possible to create interference " -"between the repositories provided by {productname} and the repositories " -"provided by the SUSE operated update infrastructure." +"Select the client you want to manage with Live Patching from " +"menu:Systems[Overview], and navigate to the menu:Software[Packages > " +"Install] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:180 -msgid "" -"Additionally remove the line from the [path]``/etc/hosts`` file that " -"contains the *susecloud.net* reference." +#: modules/administration/pages/live-patching-sles15.adoc:13 +msgid "Search for the [systemitem]``kernel-livepatch`` package, and install it." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:181 -msgid "If you run a {productname} Proxy instance" +#. type: Target for macro image +#: modules/administration/pages/live-patching-sles15.adoc:14 +#, no-wrap +msgid "enable_live_patching_kernel_live_install.png" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:188 +#: modules/administration/pages/live-patching-sles15.adoc:17 msgid "" -"Launch the instance, optionally with external storage configured. If you " -"use external storage (recommended), prepare it according to <>. It is recommended but not required to prepare the storage " -"before configuring {productname} proxy, as the suma-storage script will " -"migrate any existing cached data to the external storage. After preparing " -"the instance, register the system with the parent SUSE Manager, which could " -"be a {productname} Server or another {productname} Proxy. See the xref:" -"installation:proxy-setup.adoc[] for details. When registered, configure " -"your {productname} Proxy instance with this script:" +"To check that live patching has been enabled correctly, select the client " +"from menu:Systems[System List], and ensure that [systemitem]``Live Patch`` " +"appears in the [guimenu]``Kernel`` field." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:191 +#. type: Title = +#: modules/administration/pages/maintenance-window-tasks.adoc:1 #, no-wrap -msgid "/usr/sbin/configure-proxy.sh\n" +msgid "Maintenance Window Tasks" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:194 +#: modules/administration/pages/maintenance-window-tasks.adoc:2 msgid "" -"When the script has completed, {productname} should be functional and " -"running. For {productname} Server, the setup process created an " -"administrator user with this user name:" +"If you work with scheduled maintenance windows, you might find it difficult " +"to remember all the things that you need to do before, during, and after " +"that critical downtime of the {productname} Server. {productname} Server " +"related systems such as Inter-Server Synchronization Slave Servers or " +"{productname} Proxies are also affected and have to be considered." msgstr "" +#. It's similar to zypper at the package level: #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:196 -msgid "User name: `admin`" -msgstr "" - -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:198 -#, no-wrap -msgid "Account credentials for admin user" -msgstr "" - -#. type: Table -#: modules/administration/pages/public-cloud.adoc:220 -#, no-wrap +#: modules/administration/pages/maintenance-window-tasks.adoc:3 msgid "" -"|\n" -" Amazon EC2\n" -"\n" -"|\n" -" Google Compute Engine\n" -"\n" -"|\n" -" Microsoft Azure\n" -"\n" -"\n" -"|\n" -"\n" -"[replaceable]``Instance-ID``\n" -"|\n" -"\n" -"[replaceable]``Instance-ID``\n" -"|\n" -"\n" -"[replaceable]``Instance-Name``**-suma**\n" +"{suse} recommends you always keep your {productname} infrastructure " +"updated. That includes servers, proxies, and build hosts. If you do not " +"keep the {productname} Server updated, you might not be able to update some " +"parts of your environment when you need to." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:223 +#: modules/administration/pages/maintenance-window-tasks.adoc:4 msgid "" -"The current value for the [replaceable]``Instance-ID`` or " -"[replaceable]``Instance-Name`` in case of the Azure Cloud, can be obtained " -"from the public cloud Web console or from within a terminal session as " -"follows:" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:224 -msgid "Obtain instance id from within Amazon EC2 instance" +"This section contains a checklist for your maintenance window, with links to " +"further information on performing each of the steps." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:228 +#. type: Title == +#: modules/administration/pages/maintenance-window-tasks.adoc:5 #, no-wrap -msgid "$ ec2metadata --instance-id\n" +msgid "Server" msgstr "" +#. ke, 2019-09-30: we'll stop spacewalk during the update +#. . Stop spacewalk services. +#. You will need to stop the spacewalk, SAP, and database services, along with any others you have running. +#. . Check if the configuration is still correct. #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:230 -msgid "Obtain instance id from within Google Compute Engine instance" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:234 -#, no-wrap -msgid "$ gcemetadata --query instance --id\n" +#: modules/administration/pages/maintenance-window-tasks.adoc:6 +msgid "Apply the latest updates." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:236 -msgid "Obtain instance name from within Microsoft Azure instance" +#: modules/administration/pages/maintenance-window-tasks.adoc:7 +msgid "See xref:upgrade:server-intro.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:240 -#, no-wrap -msgid "$ azuremetadata --instance-name\n" +#. We reboot during the above listed procedures. +#. . Reboot the server. +#. . Check if the configuration is still correct. +#. . Start any stopped services. +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:8 +msgid "Upgrade to the latest service pack, if required." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:244 +#: modules/administration/pages/maintenance-window-tasks.adoc:9 msgid "" -"After logging in through the {productname} Server {webui}, *change* the " -"default password." +"Run [command]``spacewalk-service status`` and check whether all required " +"services are up and running." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:247 +#: modules/administration/pages/maintenance-window-tasks.adoc:10 msgid "" -"{productname} Proxy does not have administration access to the {webui}. It " -"can be managed through its parent {productname} Server." +"For information about database schema upgrades and PostgreSQL migrations, " +"see xref:upgrade:db-intro.adoc[]." msgstr "" -#. type: Title === -#: modules/administration/pages/public-cloud.adoc:251 -#, no-wrap -msgid "Using Separate Storage Volume" +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:11 +msgid "" +"You can install updates using your package manager. For information on " +"using {yast}, see " +"https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-onlineupdate-you.html. " +"For information on using zypper, see " +"https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-sw-cl.html#sec-zypper." msgstr "" +#. Preferable, you will run such a tool within a maintenance window; for more information, see xref:administration:maintenance-window.adoc#maintenance-window[]. +# +#. complete procedure, also see above: +# +#. 1. Log in as root user to the SUSE Manager server. +#. 2. Stop the Spacewalk service: +#. spacewalk-service stop +#. 3. Apply the patch using either zypper patch or YaST Online Update. +#. 4. Upgrade the database schema: +#. spacewalk-schema-upgrade +#. 5. Start the Spacewalk service: +#. spacewalk-service start #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:257 +#: modules/administration/pages/maintenance-window-tasks.adoc:12 msgid "" -"We recommend that the repositories and the database for {productname} be " -"stored on a virtual storage device. This best practice will avoid data loss " -"in cases where the {productname} instance may need to be terminated. These " -"steps *must* be performed *prior* to running the YaST {productname} setup " -"procedure." +"By default, several update channels are configured and enabled for the " +"{productname} Server. New and updated packages will become available " +"automatically." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:261 +#: modules/administration/pages/maintenance-window-tasks.adoc:13 msgid "" -"Provision a disk device in the public cloud environment, refer to the cloud " -"service provider documentation for detailed instructions. The size of the " -"disk is dependent on the number of distributions and channels you intend to " -"manage with {productname}. For sizing information refer to https://www.suse." -"com/support/kb/doc.php?id=7015050[SUSE Manager sizing examples]. A rule of " -"thumb is 25 GB per distribution per channel." +"To keep {susemgr} up to date, either connect it directly to {scc} or use " +"{rmtool} (RMT). You can use RMT as a local installation source for " +"disconnected environments." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:262 +#: modules/administration/pages/maintenance-window-tasks.adoc:14 msgid "" -"Once attached the device appears as Unix device node in your instance. For " -"the following command to work this device node name is required. In many " -"cases the attached storage appears as **/dev/sdb**. In order to check which " -"disk devices exists on your system, call the following command:" +"You can check that the update channels are available on your system with " +"this command:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:266 +#: modules/administration/pages/maintenance-window-tasks.adoc:15 #, no-wrap -msgid "$ hwinfo --disk | grep -E \"Device File:\"\n" +msgid "zypper lr\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:268 -msgid "" -"With the device name at hand the process of re-linking the directories in " -"the file system {productname} uses to store data is handled by the suma-" -"storage script. In the following example we use [path]``/dev/sdb`` as the " -"device name." +#: modules/administration/pages/maintenance-window-tasks.adoc:16 +msgid "The output will look similar to this:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:272 +#: modules/administration/pages/maintenance-window-tasks.adoc:17 #, no-wrap -msgid "$ /usr/bin/suma-storage /dev/sdb\n" +msgid "" +"Name | Enabled | GPG Check " +"| Refresh\n" +"-------------------------------------------------------+---------+-----------+--------\n" +"SLE-Module-Basesystem15-SP2-Pool | Yes | (r ) Yes " +"| No\n" +"SLE-Module-Basesystem15-SP2-Updates | Yes | (r ) Yes " +"| Yes\n" +"SLE-Module-Python2-15-SP2-Pool | Yes | (r ) Yes " +"| No\n" +"SLE-Module-Python2-15-SP2-Updates | Yes | (r ) Yes " +"| Yes\n" +"SLE-Product-SUSE-Manager-Server-4.1-Pool | Yes | (r ) Yes " +"| No\n" +"SLE-Product-SUSE-Manager-Server-4.1-Updates | Yes | (r ) Yes " +"| Yes\n" +"SLE-Module-SUSE-Manager-Server-4.1-Pool | Yes | (r ) Yes " +"| No\n" +"SLE-Module-SUSE-Manager-Server-4.1-Updates | Yes | (r ) Yes " +"| Yes\n" +"SLE-Module-Server-Applications15-SP2-Pool | Yes | (r ) Yes " +"| No\n" +"SLE-Module-Server-Applications15-SP2-Updates | Yes | (r ) Yes " +"| Yes\n" +"SLE-Module-Web-Scripting15-SP2-Pool | Yes | (r ) Yes " +"| No\n" +"SLE-Module-Web-Scripting15-SP2-Updates | Yes | (r ) Yes " +"| Yes\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:18 +msgid "" +"{productname} releases maintenance updates (MUs) to provide newer packages. " +"Maintenance updates are indicated with a new version number. For example, " +"the major release 4.1 will be incremented to 4.1.1 when an MU is released." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:278 +#: modules/administration/pages/maintenance-window-tasks.adoc:19 msgid "" -"After the call all database and repository files used by SUSE Manager Server " -"are moved to the newly created xfs based storage. In case your instance is " -"a {productname} Proxy, the script will move the Squid cache, which caches " -"the software packages, to the newly created storage. The xfs partition is " -"mounted below the path [path]``/manager_storage``. ." +"You can verify which version you are running by looking at the bottom of the " +"navigation bar in the {webui}. You can also fetch the version number with " +"the [literal]``api.getVersion()`` XMLRPC API call." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:279 -msgid "Create an entry in /etc/fstab (optional)" +#. type: Title === +#: modules/administration/pages/maintenance-window-tasks.adoc:20 +#, no-wrap +msgid "Client Tools" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:282 +#: modules/administration/pages/maintenance-window-tasks.adoc:21 msgid "" -"Different cloud frameworks treat the attachment of external storage devices " -"differently at instance boot time. Please refer to the cloud environment " -"documentation for guidance about the fstab entry." +"When the server is updated consider to update some tools on the clients, " +"too. Updating [package]``salt-minion``, [package]``zypper``, and other " +"related management package on clients is not a strict requirement, but it is " +"a best practice in general. For example, a maintenance update on the server " +"might introduce a major new Salt version. Then minions will continue to " +"work but might experience problems later on. To avoid this always update " +"the salt-minion package when available. {suse} makes sure that " +"[package]``salt-minion`` can always be updated safely." +msgstr "" + +#. type: Title == +#: modules/administration/pages/maintenance-window-tasks.adoc:22 +#, no-wrap +msgid "Inter-Server Synchronization Slave Server" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:284 +#: modules/administration/pages/maintenance-window-tasks.adoc:23 msgid "" -"If your cloud framework recommends to add an fstab entry, add the following " -"line to the */etc/fstab* file." +"If you are using an inter-server synchronization slave server, update it " +"after the {productname} Server update is complete." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:288 -#, no-wrap -msgid "/dev/sdb1 /manager_storage xfs defaults,nofail 1 1\n" +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:24 +msgid "" +"For more in inter-server synchronization, see " +"xref:administration:iss.adoc[]." msgstr "" #. type: Title == -#: modules/administration/pages/public-cloud.adoc:292 +#: modules/administration/pages/maintenance-window-tasks.adoc:25 #, no-wrap -msgid "Registration of Cloned Systems" +msgid "Monitoring Server" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:298 +#: modules/administration/pages/maintenance-window-tasks.adoc:26 msgid "" -"{productname} cannot distinguish between different instances that use the " -"same system ID. If you register a second instance with the same system ID " -"as a previous instance, {productname} will overwrite the original system " -"data with the new system data. This can occur when you launch multiple " -"instances from the same image, or when an image is created from a running " -"instance. However, it is possible to clone systems and register them " -"successfully by deleting the cloned system's ID, and generating a new ID." +"If you are using a monitoring server for Prometheus, update it after the " +"{productname} Server update is complete." msgstr "" -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:300 -#, no-wrap -msgid "Procedure: Registering Cloned Systems" +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:27 +msgid "" +"For more information on monitoring, see " +"xref:administration:monitoring.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:302 -msgid "Clone the system using your preferred hypervisor's cloning mechanism." +#. type: Title == +#: modules/administration/pages/maintenance-window-tasks.adoc:28 +#, no-wrap +msgid "Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:303 +#: modules/administration/pages/maintenance-window-tasks.adoc:29 msgid "" -"On the cloned system, change the hostname and IP addresses, and check the " -"[path]``/etc/hosts`` file to ensure you have the right host entries." +"Proxies should be updated as soon as {productname} Server updates are " +"complete." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:305 +#: modules/administration/pages/maintenance-window-tasks.adoc:30 msgid "" -"On traditional clients, stop the [command]``rhnsd`` daemon with [command]``/" -"etc/init.d/rhnsd stop`` or, on newer systemd-based systems, with " -"[command]``service rhnsd stop``. Then [command]``service osad stop``." +"In general, running a proxy connected to a server on a different version is " +"not supported. The only exception is for the duration of updates where it " +"is expected that the server is updated first, so the proxy could run the " +"previous version temporarily." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:306 -msgid "For SLES 11 or {rhel} 5 or 6 clients, run these commands:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:310 -#, no-wrap +#: modules/administration/pages/maintenance-window-tasks.adoc:31 msgid "" -"# rm /var/lib/dbus/machine-id\n" -"# dbus-uuidgen --ensure\n" +"Especially if you are migrating from version 4.0 to 4.1, upgrade the server " +"first, then any proxy." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:313 -msgid "For SLES 12, SLES 15, or {rhel} 7 clients, run these commands:" +#: modules/administration/pages/maintenance-window-tasks.adoc:32 +msgid "For more information, see xref:upgrade:proxy-intro.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:319 +#. type: Title = +#: modules/administration/pages/maintenance-windows.adoc:1 #, no-wrap -msgid "" -"# rm /etc/machine-id\n" -"# rm /var/lib/dbus/machine-id\n" -"# dbus-uuidgen --ensure\n" -"# systemd-machine-id-setup\n" +msgid "Maintenance Windows" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:322 -msgid "If you are using Salt, then you will also need to run these commands:" +#: modules/administration/pages/maintenance-windows.adoc:2 +msgid "" +"The maintenance windows feature in {productname} allows you to schedule " +"actions to occur during a scheduled maintenance window period. When you " +"have created your maintenance window schedule, and applied it to a client, " +"you are prevented from executing some actions outside of the specified " +"period." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:326 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/maintenance-windows.adoc:3 msgid "" -"# service salt-minion stop\n" -"# rm -rf /var/cache/salt\n" +"Maintenance windows operate in a different way to system locking. System " +"locks are switched on or off as required, while maintenance windows define " +"periods of time when actions are allowed. Additionally, the allowed and " +"restricted actions differ. For more information about system locks, see " +"xref:client-configuration:system-locking.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:329 -msgid "If you are using a traditional client, clean up the working files with:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:332 -#, no-wrap -msgid "# rm -f /etc/sysconfig/rhn/{osad-auth.conf,systemid}\n" +#: modules/administration/pages/maintenance-windows.adoc:4 +msgid "" +"Maintenance windows require both a calendar, and a schedule. The calendar " +"defines the date and time of your maintenance window events, including " +"recurring events, and must be in [path]``ical`` format. The schedule uses " +"the events defined in the calendar to create the maintenance windows. You " +"must create an [path]``ical`` file for upload, or link to an [path]``ical`` " +"file to create the calendar, before you can create the schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:335 +#: modules/administration/pages/maintenance-windows.adoc:5 msgid "" -"The bootstrap should now run with a new system ID, rather than a duplicate." +"When you have created the schedule, you can assign it to clients that are " +"registered to the {productname} Server. Clients that have a maintenance " +"schedule assigned cannot run restricted actions outside of maintenance " +"windows." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:340 +#: modules/administration/pages/maintenance-windows.adoc:6 msgid "" -"If you are onboarding Salt client clones, then you will also need to check " -"if they have the same Salt minion ID. You will need to delete the minion ID " -"on each cloned client, using the [command]``rm`` command. Each operating " -"system type stores this file in a slightly different location, check the " -"table for the appropriate command." +"Restricted actions significantly modify the client, and could potentially " +"cause the client to stop running. Some examples of restricted actions are:" msgstr "" -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:342 -#, no-wrap -msgid "Minion ID File Location" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:7 +msgid "Package installation" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:344 -msgid "" -"Each operating system stores the minion ID file in a slightly different " -"location, check the table for the appropriate command." +#: modules/administration/pages/maintenance-windows.adoc:8 +msgid "Client upgrade" msgstr "" -#. type: Table -#: modules/administration/pages/public-cloud.adoc:364 -#, no-wrap -msgid "" -"| Operating System | Commands\n" -"| SLES 15 | [command]``rm /etc/salt/minion_id``\n" -"\n" -" [command]``rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" -"| SLES 12 | [command]``rm /etc/salt/minion_id``\n" -"\n" -" [command]``rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" -"| SLES 11 | [command]``rm /etc/salt/minion_id``\n" -"\n" -" [command]``suse_register -E``\n" -"| SLES 10 | [command]``rm -rf /etc/{zmd,zypp}``\n" -"\n" -" [command]``rm -rf /var/lib/zypp/``\n" -" Do not delete [path]``/var/lib/zypp/db/products/``\n" -"\n" -" [command]``rm -rf /var/lib/zmd/``\n" -"| {rhel} 5, 6, 7 | [command]`` rm -f /etc/NCCcredentials``\n" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:9 +msgid "Service pack migration" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:10 +msgid "Highstate application (for Salt clients)" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:367 +#: modules/administration/pages/maintenance-windows.adoc:11 msgid "" -"When you have deleted the minion ID file, re-run the bootstrap script, and " -"restart the client to see the cloned system in {productname} with the new ID." +"Unrestricted actions are minor actions that are considered safe and are " +"unlikely to cause problems on the client. Some examples of unrestricted " +"actions are:" msgstr "" -#. type: Title = -#: modules/administration/pages/repo-metadata.adoc:2 -#, no-wrap -msgid "Signing Repository Metadata" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:12 +msgid "Package profile update" msgstr "" -#. TODO:: Explain why repository metadata should/would be signed. #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:7 -msgid "" -"You will require a custom GPG key to be able to sign repository metadata." +#: modules/administration/pages/maintenance-windows.adoc:13 +msgid "Hardware refresh" msgstr "" -#. type: Block title -#: modules/administration/pages/repo-metadata.adoc:8 -#, no-wrap -msgid "Procedure: Generating a Custom GPG Key" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:14 +msgid "Subscribing to software channels" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:11 +#: modules/administration/pages/maintenance-windows.adoc:15 msgid "" -"As the root user, use the [command]``gpg`` command to generate a new key:" +"Before you begin, you must create an [path]``ical`` file for upload, or link " +"to an [path]``ical`` file to create the calendar. You can create " +"[path]``ical`` files in your preferred calendaring tool, such as Microsoft " +"Outlook, Google Calendar, or KOrganizer." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:14 +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:16 #, no-wrap -msgid "gpg --gen-key\n" +msgid "Procedure: Uploading a New Maintenance Calendar" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:18 +#: modules/administration/pages/maintenance-windows.adoc:17 msgid "" -"At the prompts, select [systemitem]``RSA`` as the key type, with a size of " -"2048 bits, and select an appropriate expiry date for your key. Check the " -"details for your new key, and type [systemitem]``y`` to confirm." +"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " +"> Calendars], and click btn:[Create]." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:21 -msgid "" -"At the prompts, enter a name and email address to be associated with your " -"key. You can also add a comment to help you identify the key, if desired. " -"When you are happy with the user identity, type [systemitem]``O`` to confirm." +#: modules/administration/pages/maintenance-windows.adoc:18 +msgid "In the [guimenu]``Calendar Name`` section, type a name for your calendar." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:22 -msgid "At the prompt, enter a passphrase to protect your key." +#: modules/administration/pages/maintenance-windows.adoc:19 +msgid "" +"Either provide a URL to your [path]``ical`` file, or upload the file " +"directly." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:24 -msgid "" -"The key should be automatically added to your keyring. You can check by " -"listing the keys in your keyring:" +#: modules/administration/pages/maintenance-windows.adoc:20 +msgid "Click btn:[Create Calendar] to save your calendar." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:27 +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:21 #, no-wrap -msgid "gpg --list-keys\n" +msgid "Procedure: Creating a New Schedule" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:30 +#: modules/administration/pages/maintenance-windows.adoc:22 +#: modules/administration/pages/maintenance-windows.adoc:45 msgid "" -"Add the password for your keyring to the [filename]``/etc/rhn/signing.conf`` " -"configuration file, by opening the file in your text editor and adding this " -"line:" +"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " +"> Schedules], and click btn:[Create]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:33 -#, no-wrap -msgid "GPGPASS=\"password\"\n" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:23 +msgid "In the [guimenu]``Schedule Name`` section, type a name for your schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:37 +#: modules/administration/pages/maintenance-windows.adoc:24 msgid "" -"You can manage metadata signing on the command line using the [command]``mgr-" -"sign-metadata-ctl`` command." +"OPTIONAL: If your [path]``ical`` file contains events that apply to more " +"than one schedule, check [guimenu]``Multi``." msgstr "" -#. type: Block title -#: modules/administration/pages/repo-metadata.adoc:39 -#, no-wrap -msgid "Procedure: Enabling Metadata Signing" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:25 +#: modules/administration/pages/maintenance-windows.adoc:49 +msgid "Select the calendar to assign to this schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:42 -msgid "" -"You will need to know the short identifier for the key to use. You can list " -"your available public keys in short format:" +#: modules/administration/pages/maintenance-windows.adoc:26 +#: modules/administration/pages/maintenance-windows.adoc:50 +#: modules/administration/pages/maintenance-windows.adoc:55 +msgid "Click btn:[Create Schedule] to save your schedule." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:50 +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:27 #, no-wrap +msgid "Procedure: Assigning a Schedule to a Client" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:28 msgid "" -"gpg --keyid-format short --list-keys\n" -"...\n" -"pub rsa2048/3E7BFE0A 2019-04-02 [SC] [expires: 2021-04-01]\n" -" A43F9EC645ED838ED3014B035CFA51BF3E7BFE0A\n" -"uid [ultimate] SUSE Manager\n" -"sub rsa2048/118DE7FF 2019-04-02 [E] [expires: 2021-04-01]\n" +"In the {productname} {webui}, navigate to menu:Systems[Systems List], select " +"the client to be assigned to a schedule, locate the [guimenu]``System " +"Properties`` panel, and click btn:[Edit These Properties]." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:53 +#: modules/administration/pages/maintenance-windows.adoc:29 msgid "" -"Enable metadata signing with the [command]``mgr-sign-metadata-ctl`` command:" +"Alternatively, you can assign clients through the system set manager by " +"navigating to menu:Systems[System Set Manager] and using the " +"menu:Misc[Maintenance Windows] tab." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:63 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:30 msgid "" -"mgr-sign-metadata-ctl enable 3E7BFE0A\n" -"OK. Found key 3E7BFE0A in keyring.\n" -"DONE. Set key 3E7BFE0A in /etc/rhn/signing.conf.\n" -"DONE. Enabled metadata signing in /etc/rhn/rhn.conf.\n" -"DONE. Exported key 4E2C3DD8 to /srv/susemanager/salt/gpg/mgr-keyring.gpg.\n" -"DONE. Exported key 4E2C3DD8 to /srv/www/htdocs/pub/mgr-gpg-pub.key.\n" -"NOTE. For the changes to become effective run:\n" -" mgr-sign-metadata-ctl regen-metadata\n" +"In the [guimenu]``Edit System Details`` page, locate the " +"[guimenu]``Maintenance Schedule`` field, and select the name of the schedule " +"to be assigned." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:65 -msgid "You can check that your configuration is correct with this command:" +#: modules/administration/pages/maintenance-windows.adoc:31 +msgid "Click btn:[Update Properties] to assign the maintenance schedule." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:68 -#, no-wrap -msgid "mgr-sign-metadata-ctl check-config\n" +#. type: delimited block = +#: modules/administration/pages/maintenance-windows.adoc:32 +msgid "" +"When you assign a new maintenance schedule to a client, it is possible that " +"the client might already have some restricted actions scheduled, and that " +"these might now conflict with the new maintenance schedule. If this occurs, " +"the {webui} will display an error and you will not be able to assign the " +"schedule to the client. To resolve this, check the btn:[Cancel affected " +"actions] option when you assign the schedule. This will cancel any " +"previously scheduled actions that conflict with the new maintenance " +"schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:70 +#: modules/administration/pages/maintenance-windows.adoc:33 msgid "" -"Restart the services and schedule metadata regeneration to pick up the " -"changes:" +"When you have created your maintenance windows, you can schedule restricted " +"actions, such as package upgrades, to be performed during the maintenance " +"window." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:73 +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:34 #, no-wrap -msgid "mgr-sign-metadata-ctl regen-metadata\n" +msgid "Procedure: Scheduling a Package Upgrade" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:77 +#: modules/administration/pages/maintenance-windows.adoc:35 msgid "" -"You can also use the [command]``mgr-sign-metadata-ctl`` command to perform " -"other tasks. Use [command]``mgr-sign-metadata-ctl --help`` to see the " -"complete list." +"In the {productname} {webui}, navigate to menu:Systems[System List], select " +"the client you want to upgrade, and go to the menu:Software[Packages > " +"Upgrade] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:81 +#: modules/administration/pages/maintenance-windows.adoc:36 msgid "" -"Repository metadata signing is a global option. When it is enabled, it is " -"enabled on all software channels on the server. This means that all clients " -"connected to the server will need to trust the new GPG key to be able to " -"install or update packages." +"Select the package to upgrade from the list, and click btn:[Upgrade " +"Packages]." msgstr "" -#. type: Block title -#: modules/administration/pages/repo-metadata.adoc:82 -#, no-wrap -msgid "Procedure: Importing GPG keys on Clients" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:37 +msgid "" +"In the [guimenu]``Maintenance Window`` field, select which maintenance " +"window the client should use to perform the upgrade." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:85 -msgid "For RPM-based client systems, use these remote commands:" +#: modules/administration/pages/maintenance-windows.adoc:38 +msgid "Click btn:[Confirm] to schedule the package upgrade." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:88 +#. type: Title == +#: modules/administration/pages/maintenance-windows.adoc:39 #, no-wrap -msgid "rpm --import http://server.example.com/pub/mgr-gpg-pub.key\n" +msgid "Maintenance Schedule Types" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:91 +#: modules/administration/pages/maintenance-windows.adoc:40 msgid "" -"For Ubuntu clients, you will need to reassign the channels, which will " -"automatically pick up the new GPG key. You can do this through the " -"{productname} {webui}, or from the command line on the server with this " -"command:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:94 -#, no-wrap -msgid "salt state.apply channels\n" +"When you create a calendar, it contains a number of events, which can be " +"either one-time events, or recurring events. Each event contains a " +"``summary`` field. If you want to create multiple maintenance schedules for " +"one calendar, you can specify events for each using the ``summary`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:95 +#: modules/administration/pages/maintenance-windows.adoc:41 msgid "" -"OPTIONAL: For Salt clients, you might prefer to use a state to manage your " -"GPG keys." +"For example, you might like to create a schedule for production servers, and " +"a different schedule for testing servers. In this case, you would specify " +"``SUMMARY: Production Servers`` on events for the production servers, and " +"``SUMMARY: Testing Servers`` on events for the testing servers." msgstr "" -#. type: Title = -#: modules/administration/pages/reports.adoc:2 +#. type: Target for macro image +#: modules/administration/pages/maintenance-windows.adoc:42 #, no-wrap -msgid "Generate Reports" +msgid "maint_windows_multi.png" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:7 +#: modules/administration/pages/maintenance-windows.adoc:43 msgid "" -"The [command]``spacewalk-report`` command is used to produce a variety of " -"reports. These reports can be helpful for taking inventory of your " -"subscribed systems, users, and organizations. Using reports is often " -"simpler than gathering information manually from the {susemgr} {webui}, " -"especially if you have many systems under management." +"There are two types of schedule: single, or multi. If your calendar " +"contains events that apply to more than one schedule, then you must select " +"``multi``, and ensure you name the schedule according to the ``summary`` " +"field you used in the calendar file." +msgstr "" + +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:44 +#, no-wrap +msgid "Procedure: Creating a Multi Schedule" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:9 -msgid "" -"To generate reports, you must have the [package]``spacewalk-reports`` " -"package installed." +#: modules/administration/pages/maintenance-windows.adoc:46 +msgid "In the [guimenu]``Schedule Name`` section, type the name for your schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:11 -msgid "" -"The [command]``spacewalk-report`` command allows you to organize and display " -"reports about content, systems, and user resources across {productname}." +#: modules/administration/pages/maintenance-windows.adoc:47 +msgid "Ensure it matches the ``summary`` field of the calendar." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:13 -msgid "You can generate reports on:" +#: modules/administration/pages/maintenance-windows.adoc:48 +#: modules/administration/pages/maintenance-windows.adoc:54 +msgid "Check the [guimenu]``Multi`` option." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:15 -msgid "System Inventory: list all the systems registered to {productname}." +#: modules/administration/pages/maintenance-windows.adoc:51 +msgid "To create the next schedule, click btn:[Create]." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:17 +#: modules/administration/pages/maintenance-windows.adoc:52 msgid "" -"Patches: list all the patches relevant to the registered systems. You can " -"sort patches by severity, as well as the systems that apply to a particular " -"patch." +"In the [guimenu]``Schedule Name`` section, type the name for your second " +"schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:18 -msgid "" -"Users: list all registered users and any systems associated with a " -"particular user." +#: modules/administration/pages/maintenance-windows.adoc:53 +msgid "Ensure it matches the ``summary`` field of the second calendar." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:20 -msgid "" -"To get the report in CSV format, run this command at the command prompt on " -"the server:" +#: modules/administration/pages/maintenance-windows.adoc:56 +msgid "Repeat for each schedule you need to create." msgstr "" -#. type: delimited block - -#: modules/administration/pages/reports.adoc:23 +#. type: Title == +#: modules/administration/pages/maintenance-windows.adoc:57 #, no-wrap -msgid "spacewalk-report \n" +msgid "Restricted and Unrestricted Actions" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:26 -msgid "This table lists the available reports:" -msgstr "" - -#. type: Block title -#: modules/administration/pages/reports.adoc:29 -#, no-wrap -msgid "[command]``spacewalk-report`` Reports" -msgstr "" - -#. type: Table -#: modules/administration/pages/reports.adoc:84 -#, no-wrap +#: modules/administration/pages/maintenance-windows.adoc:58 msgid "" -"|Report | Invoked as | Description\n" -"| Actions | [command]``actions`` | All actions.\n" -"| Activation Keys | [command]``activation-keys`` | All activation keys, and the entitlements, channels, configuration channels, system groups, and packages associated with them.\n" -"| Activation Keys: Channels | [command]``activation-keys-channels`` | All activation keys and the entities associated with each key.\n" -"| Activation Keys: Configuration | [command]``activation-keys-config`` | All activation keys and the configuration channels associated with each key.\n" -"| Activation Keys: Server Groups | [command]``activation-keys-groups`` | All activation keys and the system groups associated with each key.\n" -"| Activation Keys: Packages | [command]``activation-keys-packages`` | All activation keys and the packages each key can deploy.\n" -"| Channel Packages | [command]``channel-packages`` | All packages in a channel.\n" -"| Channel Report | [command]``channels`` | Detailed report of a given channel.\n" -"| Cloned Channel Report | [command]``cloned-channels`` | Detailed report of cloned channels.\n" -"| Configuration Files | [command]``config-files`` | All configuration file revisions for all organizations, including file contents and file information.\n" -"| Latest Configuration Files | [command]``config-files-latest`` | The most recent configuration file revisions for all organizations, including file contents and file information.\n" -"| Custom Channels | [command]``custom-channels`` | Channel metadata for all channels owned by specific organizations.\n" -"| Custom Info | [command]``custom-info`` | Client custom information.\n" -"| Patches in Channels | [command]``errata-channels`` | All patches in channels.\n" -"| Patches Details | [command]``errata-list`` | All patches that affect registered clients.\n" -"| All patches | [command]``errata-list-all`` | All patches.\n" -"| Patches for Clients | [command]``errata-systems`` | Applicable patches and any registered clients that are affected.\n" -"| Host Guests | [command]``host-guests`` | Host and guests mapping.\n" -"| Inactive Clients | [command]``inactive-systems`` | Inactive clients.\n" -"| System Inventory | [command]``inventory`` | Clients registered to the server, together with hardware and software information.\n" -"| Kickstart Scripts | [command]``kickstart-scripts`` | All kickstart scripts, with details.\n" -"| Kickstart Trees | [command]``kickstartable-trees`` | Kickstartable trees.\n" -"| All Upgradable Versions | [command]``packages-updates-all`` | All newer package versions that can be upgraded.\n" -"| Newest Upgradable Version | [command]``packages-updates-newest`` | Newest package versions that can be upgraded.\n" -"| Proxy Overview | [command]``proxies-overview`` | All proxies and the clients registered to each.\n" -"| Repositories | [command]``repositories`` | All repositories, with their associated SSL details, and any filters.\n" -"| Result of SCAP | [command]``scap-scan`` | Result of OpenSCAP ``sccdf`` evaluations.\n" -"| Result of SCAP | [command]``scap-scan-results`` | Result of OpenSCAP ``sccdf`` evaluations, in a different format.\n" -"| System Data | [command]``splice-export`` | Client data needed for splice integration.\n" -"| System Crash: Count | [command]``system-crash-count`` | The total number of client crashes.\n" -"| System Crash: Details | [command]``system-crash-details`` | Crash details for all clients.\n" -"| System Currency | [command]``system-currency`` | Number of available patches for each registered client.\n" -"| System Extra Packages | [command]``system-extra-packages`` | All packages installed on all clients that are not available from channels the client is subscribed to.\n" -"| System Groups | [command]``system-groups`` | System groups.\n" -"| Activation Keys for System Groups | [command]``system-groups-keys`` | Activation keys for system groups.\n" -"| Systems in System Groups | [command]``system-groups-systems`` | Clients in system groups.\n" -"| System Groups Users | [command]``system-groups-users`` | System groups and users that have permissions on them.\n" -"| History: System | [command]``system-history`` | Event history for each client.\n" -"| History: Channels | [command]``system-history-channels`` | Channel event history.\n" -"| History: Configuration | [command]``system-history-configuration`` | Configuration event history.\n" -"| History: Entitlements | [command]``system-history-entitlements`` | System entitlement event history.\n" -"| History: Errata | [command]``system-history-errata`` | Errata event history.\n" -"| History: Kickstart | [command]``system-history-kickstart`` | Kickstart event history.\n" -"| History: Packages | [command]``system-history-packages`` | Package event history.\n" -"| History: SCAP | [command]``system-history-scap`` | OpenSCAP event history.\n" -"| MD5 Certificates | [command]``system-md5-certificates`` | All registered clients using certificates with an MD5 checksum.\n" -"| Installed Packages | [command]``system-packages-installed`` | Packages installed on clients.\n" -"| System Profiles | [command]``system-profiles`` | All clients registered to the server, with software and system group information.\n" -"| Users | [command]``users`` | All users registered to {productname}.\n" -"| MD5 Users | [command]``users-md5`` | All users for all organizations using MD5 encrypted passwords, with their details and roles.\n" -"| Systems administered | [command]``users-systems`` | Clients that individual users can administer.\n" +"This sections contains a complete list of restricted and unrestricted " +"actions." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:88 +#: modules/administration/pages/maintenance-windows.adoc:59 msgid "" -"For more information about an individual report, run [command]``spacewalk-" -"report`` with the option [option]``--info`` or [option]``--list-fields-" -"info`` and the report name. The description and list of possible fields in " -"the report will be shown." +"Restricted actions significantly modify the client, and could potentially " +"cause the client to stop running. Restricted actions can only be run during " +"a maintenance window. The restricted actions are:" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:89 -msgid "" -"For further information on program invocation and options, see the " -"[literal]``spacewalk-report(8)`` man page as well as the [option]``--" -"help``parameter of the [command]``spacewalk-report`` command." -msgstr "" - -#. type: Title = -#: modules/administration/pages/space-management.adoc:2 -#, no-wrap -msgid "Managing Disk Space" +#: modules/administration/pages/maintenance-windows.adoc:60 +msgid "Package operations (for example, installing, updating, or removing packages)" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:5 -msgid "" -"Running out of disk space can have a severe impact on the {productname} " -"database and file structure which, in some cases, is not recoverable." +#: modules/administration/pages/maintenance-windows.adoc:61 +msgid "Patch updates" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:9 -msgid "" -"{productname} monitors some directories for free disk space. You can modify " -"which directories are monitored, and the warnings that are created. All " -"settings are configured in the [path]``/etc/rhn/rhn.conf`` configuration " -"file." -msgstr "" - -#. type: Title == -#: modules/administration/pages/space-management.adoc:12 -#, no-wrap -msgid "Monitored Directories" +#: modules/administration/pages/maintenance-windows.adoc:62 +msgid "Rebooting a client" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:15 -msgid "By default, {productname} monitors these directories:" +#: modules/administration/pages/maintenance-windows.adoc:63 +msgid "Rolling back transactions" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:17 -msgid "[path]``/var/lib/pgsql``" +#: modules/administration/pages/maintenance-windows.adoc:64 +msgid "Configuration management changing tasks" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:18 -msgid "[path]``/var/spacewalk``" +#: modules/administration/pages/maintenance-windows.adoc:65 +msgid "Applying a highstate (for Salt clients)" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:19 -msgid "[path]``/var/cache``" +#: modules/administration/pages/maintenance-windows.adoc:66 +msgid "Autoinstallation and reinstallation" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:20 -msgid "[path]``/srv``" +#: modules/administration/pages/maintenance-windows.adoc:67 +msgid "Remote commands" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:23 -msgid "" -"You can change which directories are monitored with the " -"[systemitem]``spacecheck_dirs`` parameter. You can specify multiple " -"directories by separating them with a space." +#: modules/administration/pages/maintenance-windows.adoc:68 +msgid "Service pack migrations" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:25 -#: modules/administration/pages/space-management.adoc:40 -#: modules/administration/pages/space-management.adoc:57 -msgid "For example:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/space-management.adoc:28 -#, no-wrap -msgid "spacecheck_dirs = /var/lib/pgsql /var/spacewalk /var/cache /srv\n" -msgstr "" - -#. type: Title == -#: modules/administration/pages/space-management.adoc:32 -#, no-wrap -msgid "Thresholds" +#: modules/administration/pages/maintenance-windows.adoc:69 +msgid "Cluster operations" msgstr "" -#. type: Plain text -#: modules/administration/pages/space-management.adoc:36 +#. type: delimited block = +#: modules/administration/pages/maintenance-windows.adoc:70 msgid "" -"By default, {productname} will create a warning mail when a monitored " -"directory has less than 10% of total space available. A critical alert is " -"created when a monitored directory falls below 5% space available." +"For Salt clients, it is possible to run remote commands directly at any time " +"by navigating to menu:Salt[Remote Commands]. This applies whether or not " +"the Salt client is in a maintenance window. For more information about " +"remote commands, see xref:administration:actions.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:38 -msgid "" -"You can change these alert thresholds with the " -"[systemitem]``spacecheck_free_alert`` and " -"[systemitem]``spacecheck_free_critical`` parameters." -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/space-management.adoc:44 -#, no-wrap +#: modules/administration/pages/maintenance-windows.adoc:71 msgid "" -"spacecheck_free_alert = 10\n" -"spacecheck_free_critical = 5\n" +"Unrestricted actions are minor actions that are considered safe and are " +"unlikely to cause problems on the client. If an action is not restricted it " +"is, by definition, unrestricted, and can be be run at any time." msgstr "" -#. type: Title == -#: modules/administration/pages/space-management.adoc:48 +#. type: Title = +#: modules/administration/pages/monitoring.adoc:1 #, no-wrap -msgid "Shut Down Services" +msgid "Monitoring with Prometheus and Grafana" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:51 +#: modules/administration/pages/monitoring.adoc:2 msgid "" -"By default, {productname} will shut down the spacewalk services when the " -"critical alert threshold is reached." +"You can monitor your {productname} environment using Prometheus and " +"Grafana. {productname} Server and Proxy are able to provide self-health " +"metrics. You can also install and manage a number of Prometheus exporters " +"on Salt clients." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:55 +#: modules/administration/pages/monitoring.adoc:3 msgid "" -"You can change this behavior with the [systemitem]``spacecheck_shutdown`` " -"parameter. A value of ``true`` will enable the shut down feature. Any " -"other value will disable it." +"Prometheus and Grafana packages are included in the {productname} Client " +"Tools for:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/space-management.adoc:59 -#, no-wrap -msgid "spacecheck_shutdown = true\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:4 +#: modules/administration/pages/monitoring.adoc:10 +msgid "{sle}{nbsp}12" msgstr "" -#. type: Title == -#: modules/administration/pages/space-management.adoc:62 -#, no-wrap -msgid "Disable Space Checking" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:5 +#: modules/administration/pages/monitoring.adoc:11 +msgid "{sle}{nbsp}15" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:66 -msgid "" -"The space checking tool is enabled by default. You can disable it entirely " -"with these commands:" +#: modules/administration/pages/monitoring.adoc:6 +msgid "{rhel}{nbsp} 6" msgstr "" -#. type: delimited block - -#: modules/administration/pages/space-management.adoc:70 -#, no-wrap -msgid "" -"systemctl stop spacewalk-diskcheck.timer\n" -"systemctl disable spacewalk-diskcheck.timer\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:7 +msgid "{rhel}{nbsp} 7" msgstr "" -#. type: Title = -#: modules/administration/pages/ssl-certs-imported.adoc:2 -#, no-wrap -msgid "Import SSL Certificates" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:8 +msgid "{rhel}{nbsp} 8" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:6 -msgid "" -"By default, {productname} uses a self-signed certificate. For additional " -"security, you can import a custom certificate, signed by a third party " -"certificate authority (CA)." +#: modules/administration/pages/monitoring.adoc:9 +msgid "openSUSE 15.x" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:8 -msgid "" -"This section covers how to use an imported SSL certificate with a new " -"{productname} installation, and how to replace existing self-signed " -"certificates with imported certificates." +#: modules/administration/pages/monitoring.adoc:12 +msgid "{centos}{nbsp} 6" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:10 -msgid "Before you begin, ensure you have:" +#: modules/administration/pages/monitoring.adoc:13 +msgid "{centos}{nbsp} 7" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:12 -msgid "A certificate authority (CA) SSL public certificate" +#: modules/administration/pages/monitoring.adoc:14 +msgid "{centos}{nbsp} 8" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:13 -msgid "An SSL server key" +#: modules/administration/pages/monitoring.adoc:15 +msgid "and openSUSE 15.x" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:14 -msgid "An SSL server certificate" +#: modules/administration/pages/monitoring.adoc:16 +msgid "" +"You need to install Prometheus and Grafana on a machine separate from the " +"{productname} Server. We recommend you use a managed Salt client as your " +"monitoring server." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:16 -msgid "Your key and certificate files must be in PEM format." +#: modules/administration/pages/monitoring.adoc:17 +msgid "" +"Prometheus fetches metrics using a pull mechanism, so the server must be " +"able to establish TCP connections to monitored clients. Clients must have " +"corresponding open ports and be reachable over the network. Alternatively, " +"you can use reverse proxies to establish a connection." msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:20 +#. type: delimited block = +#: modules/administration/pages/monitoring.adoc:18 msgid "" -"The host name of the SSL keys and certificates must match the fully " -"qualified host name of the machine you deploy them on. You can set the host " -"names in the ``X509v3 Subject Alternative Name`` section of the " -"certificate. You can also list multiple host names if your environment " -"requires it." +"You must have a monitoring add-on subscription for each client you want to " +"monitor. Visit the {scc} to manage your {productname} subscriptions." msgstr "" #. type: Title == -#: modules/administration/pages/ssl-certs-imported.adoc:23 +#: modules/administration/pages/monitoring.adoc:19 #, no-wrap -msgid "Import Certificates for New Installations" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:27 -msgid "" -"By default, {productname} uses a self-signed certificate. After you have " -"completed the initial setup, you can replace the default certificate with an " -"imported certificate." +msgid "Prometheus and Grafana" msgstr "" #. type: Block title -#: modules/administration/pages/ssl-certs-imported.adoc:30 +#: modules/administration/pages/monitoring.adoc:20 #, no-wrap -msgid "Procedure: Import Certificates on a New {productname} Server" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:33 -msgid "" -"Install the {productname} Server according to the instructions in xref:" -"installation:install-intro.adoc[]." +msgid "Prometheus" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:34 +#: modules/administration/pages/monitoring.adoc:21 msgid "" -"Complete the initial setup according to xref:installation:server-setup." -"adoc[]." +"Prometheus is an open-source monitoring tool that is used to record " +"real-time metrics in a time-series database. Metrics are pulled via HTTP, " +"enabling high performance and scalability." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:35 +#: modules/administration/pages/monitoring.adoc:22 msgid "" -"At the command prompt, point the SSL environment variables to the " -"certificate file locations:" +"Prometheus metrics are time series data, or timestamped values belonging to " +"the same group or dimension. A metric is uniquely identified by its name " +"and set of labels." msgstr "" +#. TODO:: This should be an actual image. #. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:40 +#: modules/administration/pages/monitoring.adoc:23 #, no-wrap msgid "" -"export CA_CERT=\n" -"export SERVER_KEY=\n" -"export SERVER_CERT=\n" +" metric name labels timestamp value\n" +"┌────────┴───────┐ ┌───────────┴───────────┐ ┌──────┴──────┐ ┌─┴─┐\n" +"http_requests_total{status=\"200\", method=\"GET\"} @1557331801.111 " +"42236\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:42 -msgid "Complete {productname} setup:" +#: modules/administration/pages/monitoring.adoc:24 +msgid "" +"Each application or system being monitored must expose metrics in the format " +"above, either through code instrumentation or Prometheus exporters." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:45 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:25 #, no-wrap -msgid "yast susemanager_setup\n" +msgid "Prometheus Exporters" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:49 +#: modules/administration/pages/monitoring.adoc:26 msgid "" -"When you are prompted for certificate details during setup, fill in random " -"values. The values will be overridden by the values you specified at the " -"command prompt." +"Exporters are libraries that help with exporting metrics from third-party " +"systems as Prometheus metrics. Exporters are useful whenever it is not " +"feasible to instrument a given application or system with Prometheus metrics " +"directly. Multiple exporters can run on a monitored host to export local " +"metrics." msgstr "" -#. type: delimited block = -#: modules/administration/pages/ssl-certs-imported.adoc:53 +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:27 msgid "" -"Execute the [command]``yast susemanager_setup`` command from the same shell " -"you exported the environment variables from." +"The Prometheus community provides a list of official exporters, and more can " +"be found as community contributions. For more information and an extensive " +"list of exporters, see https://prometheus.io/docs/instrumenting/exporters/." +msgstr "" + +#. type: Block title +#: modules/administration/pages/monitoring.adoc:28 +#, no-wrap +msgid "Grafana" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:29 +msgid "" +"Grafana is a tool for data visualization, monitoring, and analysis. It is " +"used to create dashboards with panels representing specific metrics over a " +"set period of time. Grafana is commonly used together with Prometheus, but " +"also supports other data sources such as ElasticSearch, MySQL, PostgreSQL, " +"and Influx DB. For more information about Grafana, see " +"https://grafana.com/docs/." msgstr "" #. type: Title == -#: modules/administration/pages/ssl-certs-imported.adoc:57 +#: modules/administration/pages/monitoring.adoc:30 #, no-wrap -msgid "Import Certificates for New Proxy Installations" +msgid "Set up the Monitoring Server" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:61 +#: modules/administration/pages/monitoring.adoc:31 msgid "" -"By default, {productname} Proxy uses a self-signed certificate. After you " -"have completed the initial setup, you can replace the default certificate " -"with an imported certificate." +"To set up your monitoring server, you need to install Prometheus and " +"Grafana, and configure them." +msgstr "" + +#. type: Title === +#: modules/administration/pages/monitoring.adoc:32 +#, no-wrap +msgid "Install Prometheus" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:33 +msgid "" +"If your monitoring server is a {productname} Salt client, you can install " +"the Prometheus package using the {productname} {webui}. Otherwise you can " +"download and install the package on your monitoring server manually." msgstr "" #. type: Block title -#: modules/administration/pages/ssl-certs-imported.adoc:65 +#: modules/administration/pages/monitoring.adoc:34 #, no-wrap -msgid "Procedure: Import Certificates on a New {productname} Proxy" +msgid "Procedure: Installing Prometheus Using the {webui}" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:68 +#: modules/administration/pages/monitoring.adoc:35 msgid "" -"Install the {productname} Proxy according to the instructions in xref:" -"installation:install-intro.adoc[]." +"In the {productname} {webui}, open the details page of the system where " +"Prometheus is to be installed, and navigate to the [guimenu]``Formulas`` " +"tab." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:69 +#: modules/administration/pages/monitoring.adoc:36 msgid "" -"Complete the initial setup according to xref:installation:proxy-setup.adoc[]." +"Check the [guimenu]``Prometheus`` checkbox to enable monitoring formulas, " +"and click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:70 -msgid "At the command prompt, run:" +#: modules/administration/pages/monitoring.adoc:37 +msgid "Navigate to the ``Prometheus`` tab in the top menu." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:73 -#, no-wrap -msgid "configure-proxy.sh\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:38 +msgid "" +"In the ``{productname} Server`` section, enter valid {productname} API " +"credentials." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:75 +#: modules/administration/pages/monitoring.adoc:39 msgid "" -"At the ``Do you want to import existing certificates?`` prompt, type kbd:[y]." +"Make sure that the credentials you have entered allow access to the set of " +"systems you want to monitor." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:76 -msgid "Follow the prompts to complete setup." +#: modules/administration/pages/monitoring.adoc:40 +#: modules/administration/pages/monitoring.adoc:68 +msgid "Customize any other configuration options according to your needs." msgstr "" -#. type: delimited block = -#: modules/administration/pages/ssl-certs-imported.adoc:82 -msgid "" -"Use the same certificate authority to sign all server certificates for " -"servers and proxies. Certificates signed with different CAs will not match." +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:41 +#: modules/administration/pages/monitoring.adoc:69 +#: modules/administration/pages/monitoring.adoc:129 +#: modules/administration/pages/monitoring.adoc:154 +msgid "Click btn:[Save Formula]." msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-imported.adoc:86 -#, no-wrap -msgid "Replace Certificates with a Third Party Certificate" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:42 +#: modules/administration/pages/monitoring.adoc:70 +#: modules/administration/pages/monitoring.adoc:155 +msgid "Apply the highstate and confirm that it completes successfully." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:90 +#: modules/administration/pages/monitoring.adoc:43 msgid "" -"You can replace active certificates on your {productname} installation with " -"a new third party certificate. To replace the certificates, you can replace " -"the installed CA certificate RPM with a new RPM containing the third party " -"certificate, and then update the database." +"Check that the Prometheus interface loads correctly. In your browser, " +"navigate to the URL of the server where Prometheus is installed, on " +"port 9090 (for example, [literal]``http://example.com:9090``)." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:93 +#: modules/administration/pages/monitoring.adoc:44 +#: modules/administration/pages/monitoring.adoc:73 +#: modules/administration/pages/monitoring.adoc:133 +#: modules/administration/pages/monitoring.adoc:156 msgid "" -"This procedure is similar to the one described in xref:administration:ssl-" -"certs-selfsigned.adoc#ssl-certs-selfsigned-create-replace[]. The difference " -"is that we import the certificates generated by an external PKI." +"For more information about the monitoring formulas, see " +"xref:salt:formula-monitoring.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/ssl-certs-imported.adoc:96 +#: modules/administration/pages/monitoring.adoc:45 #, no-wrap -msgid "Procedure: Replacing Existing Certificates" +msgid "Procedure: Manually Installing and Configuring Prometheus" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:99 +#: modules/administration/pages/monitoring.adoc:46 msgid "" -"On the {productname} Server, at the command prompt, move the old certificate " -"directory to a backup location:" +"On the monitoring server, install the " +"[package]``golang-github-prometheus-prometheus`` package:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:102 +#: modules/administration/pages/monitoring.adoc:47 #, no-wrap -msgid "mv /root/ssl-build /root/old-ssl-build\n" +msgid "zypper in golang-github-prometheus-prometheus\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:105 -msgid "Generate a CA certificate RPM from the new certificate:" +#: modules/administration/pages/monitoring.adoc:48 +msgid "Enable the Prometheus service:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:108 +#: modules/administration/pages/monitoring.adoc:49 #, no-wrap -msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\" --from-ca-cert=\n" +msgid "systemctl enable --now prometheus\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:111 -msgid "Generate a new server certificate RPM:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:114 -#, no-wrap -msgid "rhn-ssl-tool --gen-server --rpm-only --dir=\"/root/ssl-build\" --from-server-key= --from-server-cert=\n" +#: modules/administration/pages/monitoring.adoc:50 +msgid "Check that the Prometheus interface loads correctly." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:120 +#: modules/administration/pages/monitoring.adoc:51 msgid "" -"When you create the new server certificate RPM, you might get a warning that " -"server certificate request file could not be found. This file is not " -"required, and the procedure will complete correctly without it. However, if " -"you want to avoid the error, you can copy the file into the server " -"directory, and name it [path]``server.csr``:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:123 -#, no-wrap -msgid "cp .csr /root/ssl-build//server.csr\n" +"In your browser, navigate to the URL of the server where Prometheus is " +"installed, on port 9090 (for example, [literal]``http://example.com:9090``)." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:128 +#: modules/administration/pages/monitoring.adoc:52 msgid "" -"When you have created the new [path]``ssl-build`` directory, you can create " -"combined certificate RPMs and deploy them on the clients. For the " -"procedures to do this, see xref:administration:ssl-certs-selfsigned.adoc[]." +"Open the configuration file at [path]``/etc/prometheus/prometheus.yml`` and " +"add this configuration information." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:130 +#: modules/administration/pages/monitoring.adoc:53 msgid "" -"If you are using a proxy, you will need to generate a server certificate RPM " -"for each proxy, using their host names and cnames." +"Replace `server.url` with your {productname} server URL and adjust " +"`username` and `password` fields to match your {productname} credentials." msgstr "" -#. type: Title = -#: modules/administration/pages/ssl-certs-selfsigned.adoc:2 +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:54 #, no-wrap -msgid "Self-Signed SSL Certificates" +msgid "" +"# {productname} self-health metrics\n" +"scrape_configs:\n" +"- job_name: 'mgr-server'\n" +" static_configs:\n" +" - targets:\n" +" - 'server.url:9100' # Node exporter\n" +" - 'server.url:9187' # PostgreSQL exporter\n" +" - 'server.url:5556' # JMX exporter (Tomcat)\n" +" - 'server.url:5557' # JMX exporter (Taskomatic)\n" +" - 'server.url:9800' # Taskomatic\n" +" - targets:\n" +" - 'server.url:80' # Message queue\n" +" labels:\n" +" __metrics_path__: /rhn/metrics\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:9 +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:55 +#, no-wrap msgid "" -"By default, {productname} uses a self-signed certificate. In this case, the " -"certificate is created and signed by {productname}. This method does not " -"use an independent certificate authority to guarantee that the details of " -"the certificate are correct. Third party CAs perform checks to ensure that " -"the information contained in the certificate is correct. For more on third " -"party CAs, see xref:administration:ssl-certs-imported.adoc[]." +"# Managed systems metrics:\n" +"- job_name: 'mgr-clients'\n" +" uyuni_sd_configs:\n" +" - host: \"http://server.url\"\n" +" username: \"admin\"\n" +" password: \"admin\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:14 -msgid "" -"This section covers how to re-create your self-signed certificates on an " -"existing installation. It also covers how to create new self-signed " -"certificates and authenticate your existing clients to the new certificate, " -"using an intermediate certificate. Intermediate certificates merge the " -"intermediate and root CA certificates into one file. Ensure that the " -"intermediate certificate comes first in the combined file." +#: modules/administration/pages/monitoring.adoc:56 +msgid "Save the configuration file." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:16 -msgid "" -"The host name of the SSL keys and certificates must match the fully " -"qualified host name of the machine you deploy them on." +#: modules/administration/pages/monitoring.adoc:57 +msgid "Restart the Prometheus service:" msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-selfsigned.adoc:19 +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:58 #, no-wrap -msgid "Re-Create Existing Server Certificates" +msgid "systemctl restart prometheus\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:22 +#: modules/administration/pages/monitoring.adoc:59 msgid "" -"If your existing certificates have expired or stopped working for any " -"reason, you can generate a new server certificate from the existing CA." +"For more information about the Prometheus configuration options, see the " +"official Prometheus documentation at " +"https://prometheus.io/docs/prometheus/latest/configuration/configuration/" msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:23 +#. type: Title === +#: modules/administration/pages/monitoring.adoc:60 #, no-wrap -msgid "Procedure: Re-Creating an Existing Server Certificate" +msgid "Install Grafana" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:26 +#: modules/administration/pages/monitoring.adoc:61 msgid "" -"On the {productname} Server, at the command prompt, regenerate the server " -"certificate:" +"If your monitoring server is a {productname} Salt client, you can install " +"the Grafana package using the {productname} {webui}. Otherwise you can " +"download and install the package on your monitoring server manually." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:32 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:62 #, no-wrap -msgid "" -"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" -"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" -"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" -"--set-hostname=\"susemanager.example.com\" --set-cname=\"example.com\"\n" +msgid "Procedure: Installing Grafana Using the {webui}" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:35 -#: modules/administration/pages/ssl-certs-selfsigned.adoc:92 +#: modules/administration/pages/monitoring.adoc:63 msgid "" -"Ensure that the [systemitem]``set-cname`` parameter is the fully-qualified " -"domain name of your {productname} Server. You can use the the " -"[systemitem]``set-cname`` parameter multiple times if you require multiple " -"aliases." +"In the {productname} {webui}, open the details page of the system where " +"Grafana is to be installed, and navigate to the [guimenu]``Formulas`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:38 +#: modules/administration/pages/monitoring.adoc:64 msgid "" -"Install the RPM that contains the newly generated certificate. Check that " -"you have the latest version of the RPM before running this command. The " -"version number is incremented every time you re-create the certificates." +"Check the [guimenu]``Grafana`` checkbox to enable monitoring formulas, and " +"click btn:[Save]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:41 -#, no-wrap -msgid "rpm -Uhv /root/ssl-build/lnx0259a/rhn-org-httpd-ssl-key-pair-lnx0259a-1.0-2.noarch.rpm\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:65 +msgid "Navigate to the ``Grafana`` tab in the top menu." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:43 -#: modules/administration/pages/ssl-certs-selfsigned.adoc:180 -#: modules/administration/pages/ssl-certs-selfsigned.adoc:212 -msgid "Restart services to pick up the changes:" +#: modules/administration/pages/monitoring.adoc:66 +msgid "" +"In the ``Enable and configure Grafana`` section, enter the admin credentials " +"you want to use to log in Grafana." msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-selfsigned.adoc:51 -#, no-wrap -msgid "Create and Replace CA and Server Certificates" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:67 +msgid "" +"On the ``Datasources`` section, make sure that the Prometheus URL field " +"points to the system where Prometheus is running." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:57 +#: modules/administration/pages/monitoring.adoc:71 msgid "" -"If you need to create entirely new certificates for an existing " -"installation, you need to create a combined certificate first. Clients will " -"authenticate to the certificate with both the old and new details. Then you " -"can go ahead and remove the old details. This maintains the chain of trust." +"Check that the Grafana interface is loading correctly. In your browser, " +"navigate to the URL of the server where Grafana is installed, on port 3000 " +"(for example, [literal]``http://example.com:3000``)." msgstr "" #. type: delimited block = -#: modules/administration/pages/ssl-certs-selfsigned.adoc:63 +#: modules/administration/pages/monitoring.adoc:72 msgid "" -"Be careful with this procedure! It is possible to break the trust chain " -"between the server and clients using this procedure. If that happens, you " -"will need an administrative user to log in to every client and deploy the CA " -"directly." +"{productname} provides pre-built dashboards for server self-health, basic " +"client monitoring, and more. You can choose which dashboards to provision " +"in the formula configuration page." msgstr "" #. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:67 +#: modules/administration/pages/monitoring.adoc:74 #, no-wrap -msgid "Procedure: Creating New Certificates" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:70 -msgid "" -"On the {productname} Server, at the command prompt, move the old certificate " -"directory to a new location:" +msgid "Procedure: Manually Installing Grafana" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:75 -msgid "Generate a new CA certificate and create an RPM:" +#: modules/administration/pages/monitoring.adoc:75 +msgid "Install the [package]``grafana`` package:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:81 +#: modules/administration/pages/monitoring.adoc:76 #, no-wrap -msgid "" -"rhn-ssl-tool --gen-ca --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" -"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" -"--set-org-unit=\"ORGANIZATION UNIT\" --set-common-name=\"SUSE Manager CA Certificate\" \\\n" -"--set-email=\"name@example.com\"\n" +msgid "zypper in grafana\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:83 -msgid "Generate a new server certificate and create an RPM:" +#: modules/administration/pages/monitoring.adoc:77 +msgid "Enable the Grafana service:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:89 +#: modules/administration/pages/monitoring.adoc:78 #, no-wrap -msgid "" -"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" -"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" -"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" -"--set-hostname=\"susemanager.example.top\" --set-cname=\"example.com\"\n" +msgid "systemctl enable --now grafana-server\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:94 -msgid "" -"You will need to generate a server certificate RPM for each proxy, using " -"their host names and cnames." +#: modules/administration/pages/monitoring.adoc:79 +msgid "Check that the Grafana interface is loading correctly." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:97 +#: modules/administration/pages/monitoring.adoc:80 msgid "" -"When you have new certificates, you can create the combined RPMs to " -"authenticate the clients." +"In your browser, navigate to the URL of the server where Grafana is " +"installed, on port 3000 (for example, [literal]``http://example.com:3000``)." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:100 +#. type: Target for macro image +#: modules/administration/pages/monitoring.adoc:81 #, no-wrap -msgid "Procedure: Create Combined Certificate RPMs" +msgid "monitoring_grafana_example.png" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:102 -msgid "" -"Create a new CA file that combines the old and new certificate details, and " -"generate a new RPM:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:109 -#, no-wrap +#: modules/administration/pages/monitoring.adoc:82 msgid "" -"mkdir /root/combined-ssl-build\n" -"cp /root/old-ssl-build/RHN-ORG-TRUSTED-SSL-CERT /root/combined-ssl-build/\n" -"cat /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT >> /root/combined-ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" -"cp /root/old-ssl-build/*.rpm /root/combined-ssl-build/\n" -"rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/combined-ssl-build\"\n" +"For more information on how to manually install and configure Grafana, see " +"https://grafana.com/docs." msgstr "" -#. I would like to split up these steps, I think. LKB 2019-09-10 #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:112 -msgid "Deploy the CA certificate on the server:" +#: modules/administration/pages/monitoring.adoc:83 +msgid "" +"For more information about the monitoring formulas with forms, see " +"xref:salt:formula-monitoring.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:116 +#. type: Title == +#: modules/administration/pages/monitoring.adoc:84 #, no-wrap -msgid "" -"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/combined-ssl-build \\\n" -"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" +msgid "Configure {productname} Monitoring" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:119 +#: modules/administration/pages/monitoring.adoc:85 msgid "" -"When you have the combined RPMs, you can deploy the combined CA certificates " -"to your clients." +"With {productname}{nbsp}4 and higher, you can enable the server to expose " +"Prometheus self-health metrics, and also install and configure exporters on " +"client systems." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:122 +#. type: Title === +#: modules/administration/pages/monitoring.adoc:86 #, no-wrap -msgid "Procedure: Deploying Combined Certificates on Traditional Clients" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:125 -msgid "On the client, create a new custom channel using these details:" +msgid "Server Self Monitoring" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:127 -msgid "Name: SSL-CA-Channel" +#: modules/administration/pages/monitoring.adoc:87 +msgid "" +"The Server self-health metrics cover hardware, operating system and " +"{productname} internals. These metrics are made available by " +"instrumentation of the Java application, combined with Prometheus exporters." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:128 -msgid "Label: ssl-ca-channel" +#: modules/administration/pages/monitoring.adoc:88 +msgid "These exporter packages are shipped with {productname} Server:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:129 -msgid "Parent Channel: " +#: modules/administration/pages/monitoring.adoc:89 +#: modules/administration/pages/monitoring.adoc:98 +#: modules/administration/pages/monitoring.adoc:115 +msgid "Node exporter: [systemitem]``golang-github-prometheus-node_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:130 -msgid "Summary: SSL-CA-Channel" +#: modules/administration/pages/monitoring.adoc:90 +#: modules/administration/pages/monitoring.adoc:99 +#: modules/administration/pages/monitoring.adoc:116 +msgid "See https://github.com/prometheus/node_exporter." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:133 +#: modules/administration/pages/monitoring.adoc:91 +#: modules/administration/pages/monitoring.adoc:117 msgid "" -"For more on creating custom channels, see xref:administration:channel-" -"management.adoc[]." +"PostgreSQL exporter: " +"[systemitem]``golang-github-wrouesnel-postgres_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:134 -msgid "Upload the CA certificate RPM to the channel:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:139 -#, no-wrap -msgid "" -"rhnpush -c ssl-ca-channel --nosig \\\n" -"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" -"/root/combined-ssl-build/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm\n" +#: modules/administration/pages/monitoring.adoc:92 +#: modules/administration/pages/monitoring.adoc:118 +msgid "See https://github.com/wrouesnel/postgres_exporter." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:141 -msgid "Subscribe all clients to the new ``SSL-CA-Channel`` channel." +#: modules/administration/pages/monitoring.adoc:93 +msgid "JMX exporter: [systemitem]``prometheus-jmx_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:142 -msgid "Install the CA certificate RPM on all clients by updating the channel." -msgstr "" - -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:145 -#, no-wrap -msgid "Procedure: Deploying Combined Certificates on Salt Clients" +#: modules/administration/pages/monitoring.adoc:94 +msgid "See https://github.com/prometheus/jmx_exporter." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:148 -msgid "In the {productname} {webui}, navigate to menu:Systems[Overview]." +#: modules/administration/pages/monitoring.adoc:95 +#: modules/administration/pages/monitoring.adoc:119 +msgid "Apache exporter: [systemitem]``golang-github-lusitaniae-apache_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:149 -msgid "" -"Check all your Salt Clients to add them to the System Set Manager (SSM)." +#: modules/administration/pages/monitoring.adoc:96 +#: modules/administration/pages/monitoring.adoc:120 +msgid "See https://github.com/Lusitaniae/apache_exporter." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:150 -msgid "Navigate to menu:Systems[System Set Manager > Overview]." +#: modules/administration/pages/monitoring.adoc:97 +msgid "These exporter packages are shipped with {productname} Proxy:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:151 -msgid "" -"In the [guimenu]``States`` field, click btn:[Apply] to apply the system " -"states." +#: modules/administration/pages/monitoring.adoc:100 +msgid "Squid exporter: [systemitem]``golang-github-boynux-squid_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:152 -msgid "" -"In the [guimenu]``Highstate`` page, click btn:[Apply Highstate] to propagate " -"the changes to the clients." +#: modules/administration/pages/monitoring.adoc:101 +msgid "See https://github.com/boynux/squid-exporter." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:154 +#: modules/administration/pages/monitoring.adoc:102 msgid "" -"When you have every client trusting both the old and new certificates, you " -"can go ahead and replace the server certificate on the {productname} Server " -"and Proxies." +"The exporter packages are pre-installed in {productname} Server and Proxy, " +"but their respective systemd daemons are disabled by default." msgstr "" #. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:157 +#: modules/administration/pages/monitoring.adoc:103 #, no-wrap -msgid "Procedure: Replace Server Certificate on the Server" +msgid "Procedure: Enabling Self Monitoring" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:160 +#: modules/administration/pages/monitoring.adoc:104 msgid "" -"On the {productname} Server, at the command prompt, install the RPM from the " -"[path]``ssl-build`` directory:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:163 -#, no-wrap -msgid "rpm -Uhv ssl-build/susemanager/rhn-org-httpd-ssl-key-pair-susemanager-1.0-2.noarch.rpm\n" +"In the {productname} {webui}, navigate to menu:Admin[Manager Configuration > " +"Monitoring]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:165 -msgid "Restart services to pick the changes:" +#: modules/administration/pages/monitoring.adoc:105 +msgid "Click btn:[Enable services]." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:172 -#, no-wrap -msgid "Procedure: Replace Server Certificate on the Proxy" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:106 +msgid "Restart Tomcat and Taskomatic." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:175 +#: modules/administration/pages/monitoring.adoc:107 msgid "" -"On the {productname} Proxy, at the command prompt, install the RPM from the " -"[path]``ssl-build`` directory:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:178 -#, no-wrap -msgid "rpm -Uhv ssl-build/susemanager-proxy/rhn-org-httpd-ssl-key-pair-susemanager-proxy-1.0-2.noarch.rpm\n" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:183 -#, no-wrap -msgid "rhn-proxy restart\n" +"Navigate to the URL of your Prometheus server, on port 9090 (for example, " +"[literal]``http://example.com:9090``)" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:185 +#: modules/administration/pages/monitoring.adoc:108 msgid "" -"Test that all clients still operate as expected and can use SSL to reach the " -"{productname} Server and any proxies." +"In the Prometheus UI, navigate to menu:[Status > Targets] and confirm that " +"all the endpoints on the ``mgr-server`` group are up." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:189 +#: modules/administration/pages/monitoring.adoc:109 msgid "" -"When you have replaced the server certificates on your server and any " -"proxies, you need to update the certificate with only the new details on all " -"the clients. This is done by adding it to the client channels you set up " -"previously." +"If you have also installed Grafana with the {webui}, the server insights " +"will be visible on the {productname} Server dashboard." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:192 +#. type: Target for macro image +#: modules/administration/pages/monitoring.adoc:110 #, no-wrap -msgid "Procedure: Adding the New Certificates to the Client Channel" +msgid "monitoring_enable_services.png" msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:195 +#. type: delimited block = +#: modules/administration/pages/monitoring.adoc:111 msgid "" -"Copy the combined certificate RPM into the [path]``/root/ssl-build/`` " -"directory:" +"Only server self-health monitoring can be enabled using the {webui}. " +"Metrics for a proxy are not automatically collected by Prometheus. To " +"enable self-health monitoring on a proxy, you will need to manually install " +"exporters and enable them." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:198 +#. type: Title === +#: modules/administration/pages/monitoring.adoc:112 #, no-wrap -msgid "cp /root/combined-ssl-build/*.rpm /root/ssl-build/\n" +msgid "Monitoring Managed Systems" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:201 +#: modules/administration/pages/monitoring.adoc:113 msgid "" -"Generate a new RPM with from the new certificates. Check the release number " -"carefully to ensure you have the right certificate file:" +"Prometheus metrics exporters can be installed and configured on Salt clients " +"using formulas. The packages are available from the {productname} client " +"tools channels, and can be enabled and configured directly in the " +"{productname} {webui}." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:204 -#, no-wrap -msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\"\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:114 +msgid "These exporters can be installed on managed systems:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:206 -msgid "Install the new local certificates on the {productname} Server:" +#: modules/administration/pages/monitoring.adoc:121 +msgid "" +"When you have the exporters installed and configured, you can start using " +"Prometheus to collect metrics from monitored systems. If you have " +"configured your monitoring server with the {webui}, metrics collection will " +"happen automatically." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:210 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:122 #, no-wrap -msgid "" -"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/ssl-build \\\n" -"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" +msgid "Procedure: Configuring Prometheus Exporters on a Client" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:217 -msgid "Upload the new RPM into the channel:" +#: modules/administration/pages/monitoring.adoc:123 +msgid "" +"In the {productname} {webui}, open the details page of the client to be " +"monitored, and navigate to the menu:Formulas tab." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:222 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:124 msgid "" -"rhnpush -c ssl-ca-channel --nosig \\\n" -"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" -"/root/ssl-build/rhn-org-trusted-ssl-cert-1.0-3.noarch.rpm\n" +"Check the [guimenu]``Enabled`` checkbox on the ``Prometheus Exporters`` " +"formula." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:227 -msgid "" -"When you have the new certificate in the channel, you can use the " -"{productname} {webui} to update it on all clients and proxies, by " -"synchronizing them with the channel. Alternatively, for Salt clients, you " -"can use menu:Salt[Remote Commands], or apply the highstate." +#: modules/administration/pages/monitoring.adoc:126 +msgid "Navigate to the menu:Formulas[Prometheus Exporters] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:232 +#: modules/administration/pages/monitoring.adoc:127 msgid "" -"You will also need to update your proxies to remove the copy of the " -"certificate and the associated RPM. Your proxies must have the same " -"certificate content as the server. Check the [path]``/srv/www/htdocs/pub/`` " -"directory and ensure it contains:" +"Select the exporters you want to enable and customize arguments according to " +"your needs." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:236 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:128 msgid "" -"RHN-ORG-TRUSTED-SSL-CERT\n" -"rhn-org-trusted-ssl-cert-*.noarch.rpm\n" +"The [guimenu]``Address`` field accepts either a port number preceded by a " +"colon (``:9100``), or a fully resolvable address (``example:9100``)." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:239 -msgid "" -"To complete the process, you need to update the database with this command:" +#: modules/administration/pages/monitoring.adoc:130 +msgid "Apply the highstate." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:242 +#. type: Target for macro image +#: modules/administration/pages/monitoring.adoc:131 #, no-wrap -msgid "/usr/bin/rhn-ssl-dbstore --ca-cert=/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" +msgid "monitoring_configure_formula.png" msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:244 +#. type: delimited block = +#: modules/administration/pages/monitoring.adoc:132 msgid "" -"If you use bootstrap, remember to also update your bootstrap scripts to " -"reflect the new certificate information." +"Monitoring formulas can also be configured for System Groups, by applying " +"the same configuration used for individual systems inside the corresponding " +"group." msgstr "" -#. type: Title = -#: modules/administration/pages/ssl-certs.adoc:2 +#. type: Title == +#: modules/administration/pages/monitoring.adoc:134 #, no-wrap -msgid "SSL Certificates" +msgid "Network Boundaries" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:5 +#: modules/administration/pages/monitoring.adoc:135 msgid "" -"{productname} uses SSL certificates to ensure that clients are registered to " -"the correct server." +"Prometheus fetches metrics using a pull mechanism, so the server must be " +"able to establish TCP connections to monitored clients. By default, " +"Prometheus uses these ports:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:8 -msgid "" -"Every client that uses SSL to register to the {productname} Server checks " -"that it is connecting to the right server by validating against a server " -"certificate. This process is called an SSL handshake." +#: modules/administration/pages/monitoring.adoc:136 +msgid "Node exporter: 9100" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:11 -msgid "" -"During the SSL handshake, the client will check that the hostname in the " -"server certificate matches what it expects. The client also needs to check " -"if the server certificate is trusted." +#: modules/administration/pages/monitoring.adoc:137 +msgid "PostgreSQL exporter: 9187" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:14 -msgid "" -"Every {productname} Server that uses SSL requires an SSL server " -"certificate. Provide the path to the server certificate using the " -"``SERVER_CERT`` environment variable during setup, or with the ``--from-" -"server-cert`` option of the [command]``rhn-ssl-tool`` command." +#: modules/administration/pages/monitoring.adoc:138 +msgid "Apache exporter: 9117" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:17 +#: modules/administration/pages/monitoring.adoc:139 msgid "" -"Certificate authorities (CAs) are certificates that are used to sign other " -"certificates. All certificates must be signed by a certificate authority " -"(CA) in order for them to be considered valid, and for clients to be able to " -"successfully match against them." +"Additionally, if you are running the alert manager on a different host than " +"where you run Prometheus, you will also need to open port 9093." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:23 +#: modules/administration/pages/monitoring.adoc:140 msgid "" -"When an organization signs its own certificate, the certificate is " -"considered self-signed. A self-signed certificate is straight-forward to " -"set up, and does not cost any money, but they are considered less secure. " -"If you are using a self-signed certificate, you will have a root CA that is " -"signed with itself. When you look at the details of a root CA, you will see " -"that the subject has the same value as the issuer. Provide the path to your " -"root CA certificate using the ``CA_CERT`` environment variable during setup, " -"or with the ``--ca-cert`` option of the [command]``rhn-ssl-tool`` command." +"For clients installed on cloud instances, you can add the required ports to " +"a security group that has access to the monitoring server." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:26 +#: modules/administration/pages/monitoring.adoc:141 msgid "" -"In order for SSL authentication to work correctly, the client must trust the " -"root CA. This means that the root CA must be installed on every client." +"Alternatively, you can deploy a Prometheus instance in the exporters' local " +"network, and configure federation. This allows the main monitoring server " +"to scrape the time series from the local Prometheus instance. If you use " +"this method, you only need to open the Prometheus API port, which is 9090." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:29 +#: modules/administration/pages/monitoring.adoc:142 msgid "" -"The default method of SSL authentication is for {productname} to use self-" -"signed certificates. In this case, {productname} has generated all the " -"certificates, and the root CA has signed the server certificate directly." +"For more information on Prometheus federation, see " +"https://prometheus.io/docs/prometheus/latest/federation/." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:34 +#: modules/administration/pages/monitoring.adoc:143 msgid "" -"An alternative method is to use an intermediate CA. In this case, the root " -"CA signs the intermediate CA. The intermediate CA can then sign any number " -"of other intermediate CAs, and the final one signs the server certificate. " -"This is referred to as a chained certificate." +"You can also proxy requests through the network boundary. Tools like " +"PushProx deploy a proxy and a client on both sides of the network barrier " +"and allow Prometheus to work across network topologies such as NAT." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:37 +#: modules/administration/pages/monitoring.adoc:144 msgid "" -"If you are using intermediate CAs in a chained certificate, the root CA is " -"installed on the client, and the server certificate is installed on the " -"server. During the SSL handshake, clients must be able to verify the entire " -"chain of intermediate certificates between the root CA and the server " -"certificate, so they must be able to access all the intermediate " -"certificates." +"For more information on PushProx, see " +"https://github.com/RobustPerception/PushProx." +msgstr "" + +#. type: Title === +#: modules/administration/pages/monitoring.adoc:145 +#, no-wrap +msgid "Reverse Proxy Setup" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:42 +#: modules/administration/pages/monitoring.adoc:146 msgid "" -"There are two main ways of achieving this. In {productname}, by default, " -"all the intermediate CAs are installed on the client. However, you could " -"also configure your services on the server to provide them to the client. " -"In this case, during the SSL handshake, the server presents the server " -"certificate as well as all the intermediate CAs." +"Prometheus fetches metrics using a pull mechanism, so the server must be " +"able to establish TCP connections to each exporter on the monitored " +"clients. To simplify your firewall configuration, you can use reverse proxy " +"for your exporters to expose all metrics on a single port." +msgstr "" + +#. Probably a diagram here. --LKB 2020-08-11 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:147 +#, no-wrap +msgid "Procedure: Installing Prometheus Exporters with Reverse Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:46 +#: modules/administration/pages/monitoring.adoc:148 msgid "" -"Whichever method you choose, you must ensure that the ``CA_CERT`` " -"environment variable points to the root CA, and all intermediate CAs. It " -"should not contain the server certificate. The server certificate must be " -"defined at the ``SERVER_CERT`` environment variable." +"In the {productname} {webui}, open the details page of the system to be " +"monitored, and navigate to the [guimenu]``Formulas`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:53 +#: modules/administration/pages/monitoring.adoc:149 msgid "" -"By default, {productname} uses a self-signed certificate. For additional " -"security, you can arrange a third party CA to sign your certificates. Third " -"party CAs perform checks to ensure that the information contained in the " -"certificate is correct. They will usually charge an annual fee for this " -"service. Using a third party CA makes certificates harder to spoof, and " -"will provide additional protection for your installation. If you have " -"certificates signed by a third party CA, you can import them to your " -"{productname} installation." +"Check the [guimenu]``Prometheus Exporters`` checkbox to enable the exporters " +"formula, and click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:55 -msgid "" -"For more on self-signed certificates, see xref:administration:ssl-certs-" -"selfsigned.adoc[]." +#: modules/administration/pages/monitoring.adoc:150 +msgid "Navigate to the ``Prometheus Exporters`` tab in the top menu." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:55 +#: modules/administration/pages/monitoring.adoc:151 msgid "" -"For more on imported certificates, see xref:administration:ssl-certs-" -"imported.adoc[]." +"Check the [guimenu]``Enable reverse proxy`` option, and enter a valid " +"reverse proxy port number." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:152 +msgid "For example, ``9999``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:153 +msgid "Customize the other exporters according to your needs." msgstr "" #. type: Title = -#: modules/administration/pages/subscription-matching.adoc:2 +#: modules/administration/pages/organizations.adoc:1 #, no-wrap -msgid "Subscription Matching" +msgid "Organizations" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:7 +#: modules/administration/pages/organizations.adoc:2 msgid "" -"Your {suse} products require subscriptions, which are managed by the {scc} " -"(SCC). {productname} runs a nightly report checking the subscription status " -"of all your registered clients against your SCC account. The report gives " -"you information about which clients consume which subscriptions, how many " -"subscriptions you have remaining and available to use, and which clients do " -"not have a current subscription." +"Organizations are used to manage user access and permissions within " +"{productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:9 -msgid "Navigate to menu:Audit[Subscription Matching] to see the report." +#: modules/administration/pages/organizations.adoc:3 +msgid "" +"For most environments, a single organization is enough. However, more " +"complicated environments might need several organizations. You might like " +"to have an organization for each physical location within your business, or " +"for different business functions." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:11 +#: modules/administration/pages/organizations.adoc:4 msgid "" -"The [guimenu]``Subscriptions Report`` tab gives information about current " -"and expiring subscriptions." +"When you have created your organizations, you can create and assign users to " +"your organizations. You can then assign permissions on an organization " +"level, which applies by default to every user assigned to the organization." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:15 +#: modules/administration/pages/organizations.adoc:5 msgid "" -"The [guimenu]``Unmatched Products Report`` tab gives a list of clients that " -"do not have a current subscription. This includes clients that could not be " -"matched, or that are not currently registered with {productname}. The " -"report includes product names and the number of systems that remain " -"unmatched." +"You can also configure authentication methods for your new organization, " +"including PAM and single sign-on. For more information about " +"authentication, see xref:administration:auth-methods.adoc[]." +msgstr "" + +#. type: Block title +#: modules/administration/pages/organizations.adoc:7 +#, no-wrap +msgid "Procedure: Creating a New Organization" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:18 +#: modules/administration/pages/organizations.adoc:8 msgid "" -"The [guimenu]``Pins`` tab allows you to associate individual clients to the " -"relevant subscription. This is especially useful if the subscription " -"manager is not automatically associating clients to subscriptions " -"successfully." +"In the {productname} {webui}, navigate to menu:Admin[Organizations], and " +"click btn:[Create Organization]." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:20 -msgid "" -"The [guimenu]``Messages`` tab shows any errors that occurred during the " -"matching process." +#: modules/administration/pages/organizations.adoc:9 +msgid "In the [guimenu]``Create Organization`` dialog, complete these fields:" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:22 +#: modules/administration/pages/organizations.adoc:10 msgid "" -"You can also download the reports in .csv format, or access them from that " -"command prompt in the [path]``/var/lib/spacewalk/subscription-matcher/`` " -"directory." +"In the [guimenu]``Organization Name`` field, type a name for your new " +"organization." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:26 -msgid "" -"By default, the subscription matcher runs daily, at midnight. To change " -"this, navigate to menu:Admin[Task Schedules] and click ``gatherer-matcher-" -"default``. Change the schedule as required, and click btn:[Update Schedule]." +#: modules/administration/pages/organizations.adoc:11 +msgid "The name should be between 3 and 128 characters long." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:30 +#: modules/administration/pages/organizations.adoc:12 msgid "" -"Because the report can only match current clients with current " -"subscriptions, you might find that the matches change over time. The same " -"client will not always match the same subscription. This can be due to new " -"clients being registered or unregistered, or because of the addition or " -"expiration of subscriptions." +"In the [guimenu]``Desired Login`` field, type the login name you want to use " +"for the organization's administrator." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:34 +#: modules/administration/pages/organizations.adoc:13 msgid "" -"The subscription matcher will automatically attempt to reduce the number of " -"unmatched products, limited by the terms and conditions of the subscriptions " -"in your account. However, if you have incomplete hardware information, " -"unknown virtual machine host assignments, or clients running in unknown " -"public clouds, the matcher might show that you do not have enough " -"subscriptions available. Always ensure you have complete data about your " -"clients included in {productname}, to help ensure accuracy." +"This must be a new administrator account, you will not be able to use an " +"existing administrator account to sign in to the new organization, including " +"the one you are currently signed in with." msgstr "" -#. type: delimited block = -#: modules/administration/pages/subscription-matching.adoc:40 +#. type: Plain text +#: modules/administration/pages/organizations.adoc:14 msgid "" -"The subscription matcher will not always match clients and subscriptions " -"accurately. It is not intended to be a replacement for auditing." +"In the [guimenu]``Desired Password`` field, type a password for the new " +"organization's administrator." msgstr "" -#. type: Title == -#: modules/administration/pages/subscription-matching.adoc:44 -#, no-wrap -msgid "Pin Clients to Subscriptions" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:15 +msgid "" +"Confirm the password by typing it again in the [guimenu]``Confirm Password`` " +"field. Password strength is indicated by the colored bar beneath the " +"password fields." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:49 +#: modules/administration/pages/organizations.adoc:16 msgid "" -"If the subscription matcher is not automatically matching a particular " -"client with the correct subscription, you can manually pin them. When you " -"have created a pin, the subscription matcher favors matching a specific " -"subscription with a given system or group of systems." +"In the [guimenu]``Email`` field, type an email address for the new " +"organization's administrator." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:53 +#: modules/administration/pages/organizations.adoc:17 msgid "" -"However, the matcher will not always respect a pin. It depends on the " -"subscription being available, and whether or not the subscription can be " -"applied to the client. Additionally, pins will be ignored if they result in " -"a match that violates the terms and conditions of the subscription, or if " -"the matcher detects a more accurate match if the pin is ignored." +"In the [guimenu]``First Name`` field, select a salutation, and type a given " +"name for the new organization's administrator." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:55 -msgid "To add a new pin, click btn:[Add a Pin], and select the client to pin." +#: modules/administration/pages/organizations.adoc:18 +msgid "" +"In the [guimenu]``Last Name`` field, type a surname for the new " +"organization's administrator." msgstr "" -#. type: delimited block = -#: modules/administration/pages/subscription-matching.adoc:60 -msgid "" -"We do not recommend using pinning regularly, or for a large number of " -"clients. The subscription matcher tool is generally accurate enough for " -"most installations." +#. type: Plain text +#: modules/administration/pages/organizations.adoc:19 +msgid "Click btn:[Create Organization]." msgstr "" -#. type: Title = -#: modules/administration/pages/task-schedules.adoc:2 +#. type: Title == +#: modules/administration/pages/organizations.adoc:20 #, no-wrap -msgid "Task Schedules" +msgid "Manage Organizations" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:5 +#: modules/administration/pages/organizations.adoc:21 msgid "" -"Under menu:Admin[Task Schedules] all predefined task bunches are listed." -msgstr "" - -#. type: Target for macro image -#: modules/administration/pages/task-schedules.adoc:6 -#, no-wrap -msgid "admin_task_schedules.png" +"In the {productname} {webui}, navigate to menu:Admin[Organizations] to see a " +"list of available organizations. Click the name of an organization to " +"manage it." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:11 +#: modules/administration/pages/organizations.adoc:22 msgid "" -"Click a menu:SUSE Manager Schedules[Schedule name] to open its menu:Schedule " -"Name[Basic Schedule Details] where you can disable it or change the " -"frequency. Click btn:[Edit Schedule] to update the schedule with your " -"settings. To delete a schedule, click btn:[Delete Schedule] in the upper " -"right-hand corner." +"From the menu:Admin[Organizations] section, you can access tabs to manage " +"users, trusts, configuration, and states for your organization." msgstr "" #. type: delimited block = -#: modules/administration/pages/task-schedules.adoc:15 +#: modules/administration/pages/organizations.adoc:23 msgid "" -"Only disable or delete a schedule if you are absolutely certain this is " -"necessary as they are essential for {productname} to work properly." +"Organizations can only be managed by their administrators. To manage an " +"organization, ensure you are signed in as the correct administrator for the " +"organization you want to change." msgstr "" -#. type: Plain text -#: modules/administration/pages/task-schedules.adoc:19 -msgid "" -"If you click a bunch name, a list of runs of that bunch type and their " -"status will be displayed. Clicking the start time links takes you back to " -"the menu:Schedule Name[Basic Schedule Details]." +#. type: Title === +#: modules/administration/pages/organizations.adoc:24 +#, no-wrap +msgid "Organization Users" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:21 +#: modules/administration/pages/organizations.adoc:25 msgid "" -"For example, the following predefined task bunches are scheduled by default " -"and can be configured:" +"Navigate to the [guimenu]``Users`` tab to view the list of all users " +"associated with the organization, and their role. Clicking a username takes " +"you to the [guimenu]``Users`` menu to add, change, or delete users." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:22 +#. type: Title === +#: modules/administration/pages/organizations.adoc:26 #, no-wrap -msgid "menu:channel-repodata-default:[]" +msgid "Trusted Organizations" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:24 -msgid "(Re)generates repository metadata files." -msgstr "" - -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:26 -#, no-wrap -msgid "menu:cleanup-data-default:[]" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/task-schedules.adoc:28 +#: modules/administration/pages/organizations.adoc:27 msgid "" -"Cleans up stale package change log and monitoring time series data from the " -"database." +"Navigate to the [guimenu]``Trusts`` tab to add or remove trusted " +"organizations. Establishing trust between organizations allow them to share " +"content between them, and gives you the ability to migrate clients from one " +"organization to another." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:30 +#. type: Title === +#: modules/administration/pages/organizations.adoc:28 #, no-wrap -msgid "menu:clear-taskologs-default:[]" +msgid "Configure Organizations" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:32 +#: modules/administration/pages/organizations.adoc:29 msgid "" -"Clears task engine (taskomatic) history data older than a specified number " -"of days, depending on the job type, from the database." +"Navigate to the [guimenu]``Configuration`` tab to manage the configuration " +"of your organization. This includes the use of staged contents, setting up " +"crash reporting, and the use of SCAP files." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:34 -#, no-wrap -msgid "menu:cobbler-sync-default:[]" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:30 +msgid "" +"For more information about content staging, see " +"xref:administration:content-staging.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:37 +#: modules/administration/pages/organizations.adoc:31 msgid "" -"Synchronizes distribution and profile data from {productname} to Cobbler. " -"For more information, see xref:client-configuration:cobbler.adoc[]." +"For more information about OpenSCAP, see " +"xref:reference:audit/audit-openscap-overview.adoc[]." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:39 +#. type: Title == +#: modules/administration/pages/organizations.adoc:32 #, no-wrap -msgid "menu:compare-configs-default:[]" +msgid "Manage States" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:44 +#: modules/administration/pages/organizations.adoc:33 msgid "" -"Compares configuration files as stored in configuration channels with the " -"files stored on all configuration-enabled servers. To review comparisons, " -"click menu:Systems[] tab and select the system of interest. Go to menu:" -"Configuration[Compare Files]. For more information, see xref:reference:" -"systems/system-details/sd-configuration.adoc#sd-config-compare-files[]." +"Navigate to the [guimenu]``States`` tab to manage Salt states for all " +"clients in your organization. States allow you to define global security " +"policies, or add a common admin user to all clients." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:46 +#. type: Plain text +#: modules/administration/pages/organizations.adoc:34 +msgid "For more information about Salt States, see xref:salt:salt-states.adoc[]." +msgstr "" + +#. type: Title === +#: modules/administration/pages/organizations.adoc:35 #, no-wrap -msgid "menu:cve-server-channels-default:[]" +msgid "Manage Configuration Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:50 +#: modules/administration/pages/organizations.adoc:36 msgid "" -"Updates internal pre-computed CVE data that is used to display results on " -"the menu:Audit[CVE Audit] page. Search results in the menu:Audit[CVE Audit] " -"page are updated to the last run of this schedule). For more information, " -"see xref:reference:audit/audit-cve-audit.adoc[]." +"You can select which configuration channels should be applied across your " +"organization. Configuration channels can be created in the {productname} " +"{webui} by navigating to menu:Configuration[Channels]. Apply configuration " +"channels to your organization using the {productname} {webui}." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:52 +#. type: Block title +#: modules/administration/pages/organizations.adoc:37 #, no-wrap -msgid "menu:daily-status-default:[]" +msgid "Procedure: Applying Configuration Channels to an Organization" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:56 +#: modules/administration/pages/organizations.adoc:38 msgid "" -"Sends daily report e-mails to relevant addresses. To learn more about how " -"to configure notifications for specific users, see xref:reference:users/user-" -"details.adoc[]." +"In the {productname} {webui}, navigate to menu:Home[My Organization > " +"Configuration Channels]." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:58 -#, no-wrap -msgid "menu:errata-cache-default:[]" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:39 +msgid "Use the search feature to locate a channel by name." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:62 -msgid "" -"Updates internal patch cache database tables, which are used to look up " -"packages that need updates for each server. Also, this sends notification " -"emails to users that might be interested in certain patches. For more " -"information about patches, see xref:reference:patches/patches-menu.adoc[]." +#: modules/administration/pages/organizations.adoc:40 +msgid "Check the channel to be applied and click btn:[Save Changes]." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:64 -#, no-wrap -msgid "menu:errata-queue-default:[]" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:41 +msgid "This saves to the database, but does not apply the changes to the channel." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:66 +#: modules/administration/pages/organizations.adoc:42 +msgid "Apply the changes by clicking btn:[Apply]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/organizations.adoc:43 msgid "" -"Queues automatic updates (patches) for servers that are configured to " -"receive them." +"This schedules the task to apply the changes to all clients within the " +"organization." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:68 +#. type: Title = +#: modules/administration/pages/public-cloud.adoc:1 #, no-wrap -msgid "menu:kickstart-cleanup-default:[]" +msgid "Public Cloud" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:70 -msgid "Cleans up stale kickstart session data." +#: modules/administration/pages/public-cloud.adoc:2 +msgid "" +"Some public cloud environments provide images for {productname} Server and " +"Proxy. This section discusses what you will need for running {productname} " +"in a public cloud, and how to set up your installation." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:72 -#, no-wrap -msgid "menu:kickstartfile-sync-default:[]" +#. type: delimited block = +#: modules/administration/pages/public-cloud.adoc:3 +msgid "" +"Public clouds provide {productname} under a Bring Your Own Subscription " +"(BYOS) model. This means that you must register them with the {scc}. For " +"more information about registering {productname} with {scc}, see " +"xref:installation:general-requirements.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:74 +#: modules/administration/pages/public-cloud.adoc:4 msgid "" -"Generates Cobbler files corresponding to Kickstart profiles created by the " -"configuration wizard." -msgstr "" - -#. we probably no longer want to reference NCC; I do not know whether it works the same way with SCC (if at all) -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:77 -#, no-wrap -msgid "menu:mgr-register-default:[]" +"Depending on the public cloud network you are using, you can locate the " +"{productname} installation images by searching for the keywords " +"[package]``suse``, [package]``manager``, [package]``proxy``, or " +"[package]``BYOS``." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:79 +#: modules/administration/pages/public-cloud.adoc:5 msgid "" -"Calls the [command]``mgr-register`` command, which synchronizes client " -"registration data with NCC (new, changed or deleted clients' data are " -"forwarded)." +"For ``SUSE Manager Server in Azure``, see " +"xref:administration:public-cloud-azure.adoc[]." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:81 +#. type: Title == +#: modules/administration/pages/public-cloud.adoc:6 #, no-wrap -msgid "menu:mgr-sync-refresh-default:[]" +msgid "Instance Requirements" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:83 +#: modules/administration/pages/public-cloud.adoc:7 msgid "" -"The default time at which the start of synchronization with SUSE Customer " -"Center (SCC) takes place (``mgr-sync-refresh``)." +"Select a public cloud instance that meets the hardware requirements in " +"xref:installation:hardware-requirements.adoc[]." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:84 -#, no-wrap -msgid "menu:minion-action-cleanup-default:[]" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:8 +msgid "In addition, be aware of these considerations:" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:89 +#: modules/administration/pages/public-cloud.adoc:9 msgid "" -"Deletes stale client action data from the file system. First it tries to " -"complete any possibly unfinished actions by looking up the corresponding " -"results; these results are stored in the Salt job cache. An unfinished " -"action can occur if the server has missed the results of the action. For " -"successfully completed actions it removes artifacts such as executed script " -"files." -msgstr "" - -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:91 -#, no-wrap -msgid "menu:package-cleanup-default:[]" +"The {productname} setup procedure performs a forward-confirmed reverse DNS " +"lookup." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:93 -msgid "Deletes stale package files from the file system." +#: modules/administration/pages/public-cloud.adoc:10 +msgid "" +"This must succeed in order for the setup procedure to complete successfully " +"and for {productname} to operate as expected. Therefore, it is important to " +"perform hostname and IP configuration prior to running the {productname} " +"setup procedure." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:94 -#, no-wrap -msgid "menu:reboot-action-cleanup-default:[]" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:11 +msgid "" +"{productname} Server and Proxy instances are expected to run in a network " +"configuration that provides you control over DNS entries, but cannot access " +"the wider internet." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:97 +#: modules/administration/pages/public-cloud.adoc:12 msgid "" -"Any reboot actions pending for more than six hours are marked as failed and " -"associated data is cleaned up in the database. For more information on " -"scheduling reboot actions, see xref:reference:systems/system-details/sd-" -"provisioning.adoc#sd-power-management[]." +"Within this network configuration DNS resolution must be provided: `hostname " +"-f` must return the fully-qualified domain name (FQDN). DNS resolution is " +"also important for connecting clients. DNS is dependent on the cloud " +"framework you choose, refer to the cloud service provider documentation for " +"detailed instructions." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:99 -#, no-wrap -msgid "menu:sandbox-cleanup-default:[]" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:13 +msgid "" +"We recommend that you locate software repositories, the server database, and " +"the proxy squid cache on an external virtual disk." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:104 +#: modules/administration/pages/public-cloud.adoc:14 msgid "" -"Cleans up Sandbox configuration files and channels that are older than the " -"__sandbox_lifetime__ configuration parameter (3 days by default). Sandbox " -"files are those imported from systems or files under development. For more " -"information, see xref:reference:systems/system-details/sd-configuration." -"adoc#sd-config-add-files[]." +"This prevents data loss if the instance is unexpectedly terminated. " +"Instructions for setting up an external virtual disk are contained in this " +"section." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:106 +#. type: Title == +#: modules/administration/pages/public-cloud.adoc:15 #, no-wrap -msgid "menu:session-cleanup-default:[]" +msgid "Network Setup" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:108 +#: modules/administration/pages/public-cloud.adoc:16 msgid "" -"Cleans up stale Web interface sessions, typically data that is temporarily " -"stored when a user logs in and then closes the browser before logging out." +"On a public cloud service, you must run {productname} within a restricted " +"network, such as VPC private subnet with an appropriate firewall setting. " +"The instance must only be able to be accessed by machines in your specified " +"IP ranges." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:110 -#, no-wrap -msgid "menu:ssh-push-default:[]" +#. type: delimited block = +#: modules/administration/pages/public-cloud.adoc:17 +msgid "" +"A world-accessible {productname} instance violates the terms of the " +"{productname} EULA, and it will not be supported by {suse}." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:112 +#: modules/administration/pages/public-cloud.adoc:18 msgid "" -"Prompts clients to check in with {productname} via SSH if they are " -"configured with a `SSH Push` contact method." +"To access the {productname} {webui}, allow HTTPS when you set up your " +"networking environment." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:113 +#. type: Title === +#: modules/administration/pages/public-cloud.adoc:19 #, no-wrap -msgid "menu:token-cleanup-default:[]" +msgid "Set the Hostname" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:114 +#: modules/administration/pages/public-cloud.adoc:20 msgid "" -"Deletes expired repository tokens that are used by Salt clients to download " -"packages and metadata." +"{productname} requires a stable and reliable hostname. Changing the " +"hostname at a later point can create errors." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-corruptrepo.adoc:2 -#, no-wrap -msgid "Troubleshooting Corrupt Repositories" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:21 +msgid "" +"In most public cloud environments, the method shown in this section will " +"work correctly. However, you will have to perform the same modification for " +"every client." msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-corruptrepo.adoc:26 +#: modules/administration/pages/public-cloud.adoc:22 msgid "" -"The information in the repository metadata files can become corrupt or out " -"of date. This can create problems with updating clients. You can fix this " -"by removing the files and regenerating it. With an new repository data " -"file, updates should operate as expected." +"You might prefer to manage DNS resolution by creating a DNS entry in your " +"network environment instead." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:23 +msgid "" +"You can also manage hostname resolution by editing the " +"[path]``/etc/resolv.conf`` file. Depending on the order of your setup, if " +"you start the {productname} instance prior to setting up DNS services the " +"file may not contain the appropriate [systemitem]``search`` directive. " +"Check that the proper search directive exists in [path]``/etc/resolv.conf`` " +"and add it if it is missing." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-corruptrepo.adoc:27 +#: modules/administration/pages/public-cloud.adoc:24 #, no-wrap -msgid "Procedure: Resolving Corrupt Repository Data" +msgid "Procedure: Setting the hostname locally" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-corruptrepo.adoc:30 +#: modules/administration/pages/public-cloud.adoc:25 msgid "" -"Remove all files from [path]``/var/cache/rhn/repodata/-" -"updates-x86_64``. If you do not know the channel label, you can find it in " -"the {productname} {webui}, by navigating to menu:Software[Channels > Channel " -"Label]." +"Disable hostname setup by editing the DHCP configuration file at " +"[path]``/etc/sysconfig/network/dhcp``, and adding this line:" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-corruptrepo.adoc:31 -msgid "Regenerate the file from the command line:" +#: modules/administration/pages/public-cloud.adoc:27 +msgid "Set the hostname locally with the [command]``hostnamectl`` command." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-corruptrepo.adoc:34 -#, no-wrap -msgid "spacecmd softwarechannel_regenerateyumcache -updates-x86_64\n" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:28 +msgid "" +"Ensure you use the system name, not the FQDN. For example, if the FQDN is " +"[path]``system_name.example.com``, the system name is [path]``system_name``, " +"and the domain name is [path]``example.com``." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-diskspace.adoc:2 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:29 #, no-wrap -msgid "Troubleshooting Disk Space" +msgid "# hostnamectl set-hostname system_name\n" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:23 +#: modules/administration/pages/public-cloud.adoc:30 msgid "" -"Running out of disk space can have a severe impact on the {productname} " -"database and file structure which, in most cases, is not recoverable." +"Create a DNS entry in your network environment for domain name resolution, " +"or force correct resolution by editing the [path]``/etc/hosts`` file." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:26 +#: modules/administration/pages/public-cloud.adoc:31 msgid "" -"{productname} monitors free space in specific directories, and has " -"configurable alerts. For more on space management, see xref:administration:" -"space-management.adoc[]." +"You can find the IP address by checking your public cloud web console, or " +"from the command line:" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:28 -msgid "" -"You can recover disk space by removing unused custom channels and redundant " -"database entries before you run out of space entirely." +#: modules/administration/pages/public-cloud.adoc:32 +msgid "Amazon EC2 instance:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:33 +#, no-wrap +msgid "# ec2metadata --local-ipv4\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:30 -msgid "" -"For instructions on how to delete custom channels, see xref:administration:" -"channel-management.adoc[]." +#: modules/administration/pages/public-cloud.adoc:34 +msgid "Google Compute Engine:" msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-diskspace.adoc:31 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:35 #, no-wrap -msgid "Procedure: Resolving redundant database entries" +msgid "# gcemetadata --query instance --network-interfaces --ip\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:33 -msgid "" -"Use the [command]``spacewalk-data-fsck`` command to list any redundant " -"database entries." +#: modules/administration/pages/public-cloud.adoc:36 +msgid "Microsoft Azure:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:37 +#, no-wrap +msgid "# azuremetadata --internal-ip\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:33 +#: modules/administration/pages/public-cloud.adoc:38 msgid "" -"Use the [command]``spacewalk-data-fsck --remove`` command to delete them." +"In the following command, replace [literal]```` with IP address " +"you retrieve from the command line above:" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-hostname-rename.adoc:2 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:39 #, no-wrap -msgid "Troubleshooting Renaming {productname} Server" +msgid "# echo \" suma.cloud.net suma\" >> /etc/hosts\n" +msgstr "" + +#. type: Title === +#: modules/administration/pages/public-cloud.adoc:40 +#, no-wrap +msgid "Set up DNS Resolution" msgstr "" -# -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step -#. Showing my working. --LKB 2020-06-22 -#. Cause: Renaming the hostname -#. Consequence: Changes not picked up by db, clients and proxies -#. Fix: Use the [command]``spacewalk-hostname-rename`` script to update the settings in the PostgreSQL database and the internal structures of {productname}. -#. Result: Renaming is successfully propagated #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:33 +#: modules/administration/pages/public-cloud.adoc:41 msgid "" -"If you change the hostname of the {productname} Server locally, your " -"{productname} installation will cease to work properly. This is because the " -"changes have not been made in the database, which prevents the changes from " -"propagating out your clients and any proxies." +"You will need to update the DNS records for the instance within the DNS " +"service of your network environment. Refer to the cloud service provider " +"documentation for detailed instructions:" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:36 +#: modules/administration/pages/public-cloud.adoc:42 msgid "" -"If you need to change the hostname of the {productname} Server, you can do " -"so using the [command]``spacewalk-hostname-rename`` script. This script " -"updates the settings in the PostgreSQL database and the internal structures " -"of {productname}." +"http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html[DNS setup " +"on Amazon EC2]" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:38 +#: modules/administration/pages/public-cloud.adoc:43 msgid "" -"The [command]``spacewalk-hostname-rename`` script is part of the " -"[package]``spacewalk-utils`` package." +"https://cloud.google.com/compute/docs/networking[DNS setup on Google Compute " +"Engine]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:44 +msgid "" +"https://azure.microsoft.com/en-us/documentation/articles/dns-operations-recordsets[DNS " +"setup on Microsoft Azure]" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:40 +#: modules/administration/pages/public-cloud.adoc:45 msgid "" -"The only mandatory parameter for the script is the newly configured IP " -"address of the {productname} Server." +"If you run a {productname} Server instance, ensure the external storage is " +"attached and prepared correctly, and that DNS resolution is set up as " +"described. Start the ``susemanager_setup`` with {yast}:" msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-hostname-rename.adoc:43 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:46 #, no-wrap -msgid "Procedure: Renaming {productname} Server" +msgid "# /sbin/yast2 susemanager_setup\n" msgstr "" +#. No need to duplicate this, since it exists within the docs suite. LKB 2019-05-29 +#. Uncommenting, as it turns out some of this content is unique. Will need a more surgical look. LKB 2019-08-02 #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:47 +#: modules/administration/pages/public-cloud.adoc:47 msgid "" -"Change the network settings of the server on the system level locally and " -"remotely at the DNS server. You will also need to provide configuration " -"settings for reverse name resolution. Changing network settings is done in " -"the same way as with renaming any other system." +"The {productname} setup procedure in YaST is designed as a one pass process " +"with no rollback or cleanup capability. Therefore, if the setup procedure " +"is interrupted or ends with an error, it is not recommended that you repeat " +"the setup process or attempts to manually fix the configuration. These " +"methods are likely to result in a faulty {productname} installation. If you " +"experience errors during setup, start a new instance, and begin the setup " +"procedure again on a clean system." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:48 +#: modules/administration/pages/public-cloud.adoc:48 msgid "" -"Reboot the {productname} Server to use the new network configuration and to " -"ensure the hostname has changed." +"If you receive a message that there is not enough space available for setup, " +"ensure that your root volume is at least 20 GB and double check that the " +"instructions in <> have been completed " +"correctly." msgstr "" +#. REMARK check this; will it still work for sle 15? +#. Commented out per https://github.com/SUSE/spacewalk/issues/8951 LKB 2019-08-06 +# +#. {productname} Server for the public cloud comes with a bootstrap data module pre-installed. +#. The bootstrap module contains optimized package lists for bootstrapping instances started from {sle} images published by {suse}. +#. If you intend to register such an instance, when you create the bootstrap repository run the [command]``mgr-create-bootstrap-repo`` script using this command, to create a bootstrap repository suitable for {sle} 12 SP1 instances. +# +#. ---- +#. $ mgr-create-bootstrap-repo --datamodule=mgr_pubcloud_bootstrap_data -c SLE-12-SP1-x86_64 +#. ---- +# +# +#. See xref:client-configuration:creating-a-tools-repository.adoc[] for more information on bootstrapping. #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:50 +#: modules/administration/pages/public-cloud.adoc:49 msgid "" -"Run the script [command]``spacewalk-hostname-rename`` script with the public " -"IP address of the server. If the server is not using the new hostname, the " -"script will fail." +"Prior to registering instances started from on demand images remove the " +"following packages from the instance to be registered:" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:51 -msgid "" -"Re-configure your clients to make your environment aware of the new hostname " -"and IP address." +#: modules/administration/pages/public-cloud.adoc:50 +msgid "cloud-regionsrv-client" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:53 -msgid "" -"In the Salt minion configuration file [path]``/etc/salt/minion``, you must " -"make sure to specify the name of the new Salt master ({productname} Server):" +#: modules/administration/pages/public-cloud.adoc:51 +#, no-wrap +msgid "*For Amazon EC2*\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-hostname-rename.adoc:56 -#, no-wrap -msgid "master: \n" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:52 +msgid "regionServiceClientConfigEC2" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:61 -msgid "" -"Traditional clients have the [path]``/etc/sysconfig/rhn/up2date`` " -"configuration file that must be changed. With a re-activation key you can " -"re-register traditional clients (if there are any). For more information, " -"see xref:client-configuration:registration-cli.adoc[]." +#: modules/administration/pages/public-cloud.adoc:53 +msgid "regionServiceCertsEC2" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:63 -msgid "" -"OPTIONAL: If you use PXE boot through a {productname} Proxy, you must check " -"the configuration settings of the proxy. On the proxy, run the " -"[command]``configure-tftpsync.sh`` setup script and enter the requested " -"information. For more information, see xref:installation:proxy-setup.adoc[]." +#: modules/administration/pages/public-cloud.adoc:54 +#, no-wrap +msgid "*For Google Compute Engine*\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-intro.adoc:4 -msgid "" -"This section contains some common problems you might encounter with " -"{productname}, and solutions to resolving them." +#: modules/administration/pages/public-cloud.adoc:55 +msgid "cloud-regionsrv-client-plugin-gce" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-localcert.adoc:2 -#, no-wrap -msgid "Troubleshooting Local Issuer Certificates" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:56 +msgid "regionServiceClientConfigGCE" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-localcert.adoc:25 -msgid "" -"Some older bootstrap scripts create a link to the local certificate in the " -"wrong place. This results in zypper returning an ``Unrecognized error`` " -"about the local issuer certificate. You can ensure that the link to the " -"local issuer certificate has been created correctly by checking the [path]``/" -"etc/ssl/certs/`` directory. If you come across this problem, you should " -"consider updating your bootstrap scripts to ensure that zypper operates as " -"expected." +#: modules/administration/pages/public-cloud.adoc:57 +msgid "regionServiceCertsGCE" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-logintimeout.adoc:2 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:58 #, no-wrap -msgid "Troubleshooting Login Timeouts" +msgid "*For Microsoft Azure*\n" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:24 -msgid "" -"By default, the {productname} {webui} will require users to log in again " -"after 30{nbsp}minutes. Depending on your environment, you might want to " -"adjust the login timeout value." +#: modules/administration/pages/public-cloud.adoc:59 +msgid "regionServiceClientConfigAzure" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:28 -msgid "" -"To adjust the value, you will need to make the change in both [path]``rhn." -"conf`` and [path]``web.xml``. Ensure you set the value in seconds in " -"[path]``/etc/rhn/rhn.conf``, and in minutes in [path]``web.xml``. The two " -"values must equal the same amount of time." +#: modules/administration/pages/public-cloud.adoc:60 +msgid "regionServiceCertsAzure" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:30 +#: modules/administration/pages/public-cloud.adoc:61 msgid "" -"For example, to change the timeout value to one hour, set the value in " -"[path]``rhn.conf`` to 3600 seconds, and the value in [path]``web.xml`` to 60 " -"minutes." +"If these packages are not removed it is possible to create interference " +"between the repositories provided by {productname} and the repositories " +"provided by the SUSE operated update infrastructure." msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-logintimeout.adoc:33 -#, no-wrap -msgid "Procedure: Adjusting the {webui} Login Timeout Value" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:62 +msgid "" +"Additionally remove the line from the [path]``/etc/hosts`` file that " +"contains the *susecloud.net* reference." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:35 -msgid "Stop services:" +#: modules/administration/pages/public-cloud.adoc:63 +msgid "If you run a {productname} Proxy instance" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:40 +#: modules/administration/pages/public-cloud.adoc:64 msgid "" -"Open [path]``/etc/rhn/rhn.conf`` and add or edit this line to include the " -"new timeout value in seconds:" +"Launch the instance, optionally with external storage configured. If you " +"use external storage (recommended), prepare it according to " +"<>. It is recommended but not required to " +"prepare the storage before configuring {productname} proxy, as the " +"suma-storage script will migrate any existing cached data to the external " +"storage. After preparing the instance, register the system with the parent " +"SUSE Manager, which could be a {productname} Server or another {productname} " +"Proxy. See the xref:installation:proxy-setup.adoc[] for details. When " +"registered, configure your {productname} Proxy instance with this script:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-logintimeout.adoc:43 +#: modules/administration/pages/public-cloud.adoc:65 #, no-wrap -msgid "web.session_database_lifetime = \n" +msgid "/usr/sbin/configure-proxy.sh\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:45 -#: modules/administration/pages/tshoot-logintimeout.adoc:51 -msgid "Save and close the file." +#: modules/administration/pages/public-cloud.adoc:66 +msgid "" +"When the script has completed, {productname} should be functional and " +"running." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:46 +#: modules/administration/pages/public-cloud.adoc:67 msgid "" -"Open [path]``/srv/tomcat/webapps/rhn/WEB-INF/web.xml`` and add or edit this " -"line to include the new timeout value in minutes:" +"For {productname} Server, the setup process created an administrator user " +"with this user name:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-logintimeout.adoc:49 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:68 +msgid "User name: `admin`" +msgstr "" + +#. type: Block title +#: modules/administration/pages/public-cloud.adoc:69 +#, no-wrap +msgid "Account credentials for admin user" +msgstr "" + +#. type: Table +#: modules/administration/pages/public-cloud.adoc:70 +#, no-wrap +msgid "" +"|\n" +" Amazon EC2\n" +"\n" +"|\n" +" Google Compute Engine\n" +"\n" +"|\n" +" Microsoft Azure\n" +"\n" +"\n" +"|\n" +"\n" +"[replaceable]``Instance-ID``\n" +"|\n" +"\n" +"[replaceable]``Instance-ID``\n" +"|\n" +"\n" +"[replaceable]``Instance-Name``**-suma**\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:71 +msgid "" +"The current value for the [replaceable]``Instance-ID`` or " +"[replaceable]``Instance-Name`` in case of the Azure Cloud, can be obtained " +"from the public cloud Web console or from within a terminal session as " +"follows:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:72 +msgid "Obtain instance id from within Amazon EC2 instance" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:73 +#, no-wrap +msgid "$ ec2metadata --instance-id\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:74 +msgid "Obtain instance id from within Google Compute Engine instance" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:75 +#, no-wrap +msgid "$ gcemetadata --query instance --id\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:76 +msgid "Obtain instance name from within Microsoft Azure instance" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:77 +#, no-wrap +msgid "$ azuremetadata --instance-name\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:78 +msgid "" +"After logging in through the {productname} Server {webui}, *change* the " +"default password." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:79 +msgid "" +"{productname} Proxy does not have administration access to the {webui}. It " +"can be managed through its parent {productname} Server." +msgstr "" + +#. type: Title === +#: modules/administration/pages/public-cloud.adoc:80 +#, no-wrap +msgid "Using Separate Storage Volume" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:81 +msgid "" +"We recommend that the repositories and the database for {productname} be " +"stored on a virtual storage device. This best practice will avoid data loss " +"in cases where the {productname} instance may need to be terminated. These " +"steps *must* be performed *prior* to running the YaST {productname} setup " +"procedure." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:82 +msgid "" +"Provision a disk device in the public cloud environment, refer to the cloud " +"service provider documentation for detailed instructions. The size of the " +"disk is dependent on the number of distributions and channels you intend to " +"manage with {productname}." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:83 +msgid "" +"For sizing information refer to " +"https://www.suse.com/support/kb/doc.php?id=7015050[SUSE Manager sizing " +"examples]. A rule of thumb is 25 GB per distribution per channel." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:84 +msgid "" +"Once attached the device appears as Unix device node in your instance. For " +"the following command to work this device node name is required. In many " +"cases the attached storage appears as **/dev/sdb**. In order to check which " +"disk devices exists on your system, call the following command:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:85 +#, no-wrap +msgid "$ hwinfo --disk | grep -E \"Device File:\"\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:86 +msgid "" +"With the device name at hand the process of re-linking the directories in " +"the file system {productname} uses to store data is handled by the " +"suma-storage script. In the following example we use [path]``/dev/sdb`` as " +"the device name." +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:87 +#, no-wrap +msgid "$ /usr/bin/suma-storage /dev/sdb\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:88 +msgid "" +"After the call all database and repository files used by SUSE Manager Server " +"are moved to the newly created xfs based storage. In case your instance is " +"a {productname} Proxy, the script will move the Squid cache, which caches " +"the software packages, to the newly created storage. The xfs partition is " +"mounted below the path [path]``/manager_storage``. ." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:89 +msgid "Create an entry in /etc/fstab (optional)" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:90 +msgid "" +"Different cloud frameworks treat the attachment of external storage devices " +"differently at instance boot time. Please refer to the cloud environment " +"documentation for guidance about the fstab entry." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:91 +msgid "" +"If your cloud framework recommends to add an fstab entry, add the following " +"line to the */etc/fstab* file." +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:92 +#, no-wrap +msgid "/dev/sdb1 /manager_storage xfs defaults,nofail 1 1\n" +msgstr "" + +#. type: Title == +#: modules/administration/pages/public-cloud.adoc:93 +#, no-wrap +msgid "Registration of Cloned Systems" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:94 +msgid "" +"{productname} cannot distinguish between different instances that use the " +"same system ID. If you register a second instance with the same system ID " +"as a previous instance, {productname} will overwrite the original system " +"data with the new system data. This can occur when you launch multiple " +"instances from the same image, or when an image is created from a running " +"instance. However, it is possible to clone systems and register them " +"successfully by deleting the cloned system's ID, and generating a new ID." +msgstr "" + +#. type: Block title +#: modules/administration/pages/public-cloud.adoc:95 +#, no-wrap +msgid "Procedure: Registering Cloned Systems" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:96 +msgid "Clone the system using your preferred hypervisor's cloning mechanism." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:97 +msgid "" +"On the cloned system, change the hostname and IP addresses, and check the " +"[path]``/etc/hosts`` file to ensure you have the right host entries." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:98 +msgid "" +"On traditional clients, stop the [command]``rhnsd`` daemon with " +"[command]``/etc/init.d/rhnsd stop`` or, on newer systemd-based systems, with " +"[command]``service rhnsd stop``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:99 +msgid "Then [command]``service osad stop``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:100 +msgid "For SLES 11 or {rhel} 5 or 6 clients, run these commands:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:101 +#: modules/administration/pages/tshoot-registerclones.adoc:13 +#, no-wrap +msgid "" +"# rm /var/lib/dbus/machine-id\n" +"# dbus-uuidgen --ensure\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:102 +msgid "For SLES 12, SLES 15, or {rhel} 7 clients, run these commands:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:103 +#: modules/administration/pages/tshoot-registerclones.adoc:11 +#: modules/administration/pages/tshoot-registerclones.adoc:37 +#, no-wrap +msgid "" +"# rm /etc/machine-id\n" +"# rm /var/lib/dbus/machine-id\n" +"# dbus-uuidgen --ensure\n" +"# systemd-machine-id-setup\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:104 +msgid "If you are using Salt, then you will also need to run these commands:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:105 +#, no-wrap +msgid "" +"# service salt-minion stop\n" +"# rm -rf /var/cache/salt\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:106 +msgid "If you are using a traditional client, clean up the working files with:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:107 +#: modules/administration/pages/tshoot-registerclones.adoc:34 +#, no-wrap +msgid "# rm -f /etc/sysconfig/rhn/{osad-auth.conf,systemid}\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:108 +msgid "The bootstrap should now run with a new system ID, rather than a duplicate." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:109 +msgid "" +"If you are onboarding Salt client clones, then you will also need to check " +"if they have the same Salt minion ID. You will need to delete the minion ID " +"on each cloned client, using the [command]``rm`` command. Each operating " +"system type stores this file in a slightly different location, check the " +"table for the appropriate command." +msgstr "" + +#. type: Block title +#: modules/administration/pages/public-cloud.adoc:110 +#, no-wrap +msgid "Minion ID File Location" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:111 +msgid "" +"Each operating system stores the minion ID file in a slightly different " +"location, check the table for the appropriate command." +msgstr "" + +#. type: Table +#: modules/administration/pages/public-cloud.adoc:112 +#, no-wrap +msgid "" +"| Operating System | Commands\n" +"| SLES 15 | [command]``rm /etc/salt/minion_id``\n" +"\n" +" [command]``rm -f " +"/etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" +"| SLES 12 | [command]``rm /etc/salt/minion_id``\n" +"\n" +" [command]``rm -f " +"/etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" +"| SLES 11 | [command]``rm /etc/salt/minion_id``\n" +"\n" +" [command]``suse_register -E``\n" +"| SLES 10 | [command]``rm -rf /etc/{zmd,zypp}``\n" +"\n" +" [command]``rm -rf /var/lib/zypp/``\n" +" Do not delete [path]``/var/lib/zypp/db/products/``\n" +"\n" +" [command]``rm -rf /var/lib/zmd/``\n" +"| {rhel} 5, 6, 7 | [command]`` rm -f /etc/NCCcredentials``\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:113 +msgid "" +"When you have deleted the minion ID file, re-run the bootstrap script, and " +"restart the client to see the cloned system in {productname} with the new " +"ID." +msgstr "" + +#. type: Title = +#: modules/administration/pages/repo-metadata.adoc:1 +#, no-wrap +msgid "Signing Repository Metadata" +msgstr "" + +#. TODO:: Explain why repository metadata should/would be signed. +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:2 +msgid "You will require a custom GPG key to be able to sign repository metadata." +msgstr "" + +#. type: Block title +#: modules/administration/pages/repo-metadata.adoc:3 +#, no-wrap +msgid "Procedure: Generating a Custom GPG Key" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:4 +msgid "As the root user, use the [command]``gpg`` command to generate a new key:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:5 +#, no-wrap +msgid "gpg --gen-key\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:6 +msgid "" +"At the prompts, select [systemitem]``RSA`` as the key type, with a size of " +"2048 bits, and select an appropriate expiry date for your key." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:7 +msgid "Check the details for your new key, and type [systemitem]``y`` to confirm." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:8 +msgid "" +"At the prompts, enter a name and email address to be associated with your " +"key." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:9 +msgid "" +"You can also add a comment to help you identify the key, if desired. When " +"you are happy with the user identity, type [systemitem]``O`` to confirm." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:10 +msgid "At the prompt, enter a passphrase to protect your key." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:11 +msgid "The key should be automatically added to your keyring." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:12 +msgid "You can check by listing the keys in your keyring:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:13 +#, no-wrap +msgid "gpg --list-keys\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:14 +msgid "" +"Add the password for your keyring to the [filename]``/etc/rhn/signing.conf`` " +"configuration file, by opening the file in your text editor and adding this " +"line:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:15 +#, no-wrap +msgid "GPGPASS=\"password\"\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:16 +msgid "" +"You can manage metadata signing on the command line using the " +"[command]``mgr-sign-metadata-ctl`` command." +msgstr "" + +#. type: Block title +#: modules/administration/pages/repo-metadata.adoc:17 +#, no-wrap +msgid "Procedure: Enabling Metadata Signing" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:18 +msgid "You will need to know the short identifier for the key to use." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:19 +msgid "You can list your available public keys in short format:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:20 +#, no-wrap +msgid "" +"gpg --keyid-format short --list-keys\n" +"...\n" +"pub rsa2048/3E7BFE0A 2019-04-02 [SC] [expires: 2021-04-01]\n" +" A43F9EC645ED838ED3014B035CFA51BF3E7BFE0A\n" +"uid [ultimate] SUSE Manager\n" +"sub rsa2048/118DE7FF 2019-04-02 [E] [expires: 2021-04-01]\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:21 +msgid "Enable metadata signing with the [command]``mgr-sign-metadata-ctl`` command:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:22 +#, no-wrap +msgid "" +"mgr-sign-metadata-ctl enable 3E7BFE0A\n" +"OK. Found key 3E7BFE0A in keyring.\n" +"DONE. Set key 3E7BFE0A in /etc/rhn/signing.conf.\n" +"DONE. Enabled metadata signing in /etc/rhn/rhn.conf.\n" +"DONE. Exported key 4E2C3DD8 to /srv/susemanager/salt/gpg/mgr-keyring.gpg.\n" +"DONE. Exported key 4E2C3DD8 to /srv/www/htdocs/pub/mgr-gpg-pub.key.\n" +"NOTE. For the changes to become effective run:\n" +" mgr-sign-metadata-ctl regen-metadata\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:23 +msgid "You can check that your configuration is correct with this command:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:24 +#, no-wrap +msgid "mgr-sign-metadata-ctl check-config\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:25 +msgid "" +"Restart the services and schedule metadata regeneration to pick up the " +"changes:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:26 +#, no-wrap +msgid "mgr-sign-metadata-ctl regen-metadata\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:27 +msgid "" +"You can also use the [command]``mgr-sign-metadata-ctl`` command to perform " +"other tasks. Use [command]``mgr-sign-metadata-ctl --help`` to see the " +"complete list." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:28 +msgid "" +"Repository metadata signing is a global option. When it is enabled, it is " +"enabled on all software channels on the server. This means that all clients " +"connected to the server will need to trust the new GPG key to be able to " +"install or update packages." +msgstr "" + +#. type: Block title +#: modules/administration/pages/repo-metadata.adoc:29 +#, no-wrap +msgid "Procedure: Importing GPG keys on Clients" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:30 +msgid "For RPM-based client systems, use these remote commands:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:31 +#, no-wrap +msgid "rpm --import http://server.example.com/pub/mgr-gpg-pub.key\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:32 +msgid "" +"For Ubuntu clients, you will need to reassign the channels, which will " +"automatically pick up the new GPG key." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:33 +msgid "" +"You can do this through the {productname} {webui}, or from the command line " +"on the server with this command:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:34 +#, no-wrap +msgid "salt state.apply channels\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:35 +msgid "" +"OPTIONAL: For Salt clients, you might prefer to use a state to manage your " +"GPG keys." +msgstr "" + +#. type: Title = +#: modules/administration/pages/reports.adoc:1 +#, no-wrap +msgid "Generate Reports" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:2 +msgid "" +"The [command]``spacewalk-report`` command is used to produce a variety of " +"reports. These reports can be helpful for taking inventory of your " +"subscribed systems, users, and organizations. Using reports is often " +"simpler than gathering information manually from the {susemgr} {webui}, " +"especially if you have many systems under management." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:3 +msgid "" +"To generate reports, you must have the [package]``spacewalk-reports`` " +"package installed." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:4 +msgid "" +"The [command]``spacewalk-report`` command allows you to organize and display " +"reports about content, systems, and user resources across {productname}." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:5 +msgid "You can generate reports on:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:6 +msgid "System Inventory: list all the systems registered to {productname}." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:7 +msgid "Patches: list all the patches relevant to the registered systems." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:8 +msgid "" +"You can sort patches by severity, as well as the systems that apply to a " +"particular patch." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:9 +msgid "" +"Users: list all registered users and any systems associated with a " +"particular user." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:10 +msgid "" +"To get the report in CSV format, run this command at the command prompt on " +"the server:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/reports.adoc:11 +#, no-wrap +msgid "spacewalk-report \n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:12 +msgid "This table lists the available reports:" +msgstr "" + +#. type: Block title +#: modules/administration/pages/reports.adoc:13 +#, no-wrap +msgid "[command]``spacewalk-report`` Reports" +msgstr "" + +#. type: Table +#: modules/administration/pages/reports.adoc:14 +#, no-wrap +msgid "" +"|Report | Invoked as | Description\n" +"| Actions | [command]``actions`` | All actions.\n" +"| Activation Keys | [command]``activation-keys`` | All activation keys, and " +"the entitlements, channels, configuration channels, system groups, and " +"packages associated with them.\n" +"| Activation Keys: Channels | [command]``activation-keys-channels`` | All " +"activation keys and the entities associated with each key.\n" +"| Activation Keys: Configuration | [command]``activation-keys-config`` | All " +"activation keys and the configuration channels associated with each key.\n" +"| Activation Keys: Server Groups | [command]``activation-keys-groups`` | All " +"activation keys and the system groups associated with each key.\n" +"| Activation Keys: Packages | [command]``activation-keys-packages`` | All " +"activation keys and the packages each key can deploy.\n" +"| Channel Packages | [command]``channel-packages`` | All packages in a " +"channel.\n" +"| Channel Report | [command]``channels`` | Detailed report of a given " +"channel.\n" +"| Cloned Channel Report | [command]``cloned-channels`` | Detailed report of " +"cloned channels.\n" +"| Configuration Files | [command]``config-files`` | All configuration file " +"revisions for all organizations, including file contents and file " +"information.\n" +"| Latest Configuration Files | [command]``config-files-latest`` | The most " +"recent configuration file revisions for all organizations, including file " +"contents and file information.\n" +"| Custom Channels | [command]``custom-channels`` | Channel metadata for all " +"channels owned by specific organizations.\n" +"| Custom Info | [command]``custom-info`` | Client custom information.\n" +"| Patches in Channels | [command]``errata-channels`` | All patches in " +"channels.\n" +"| Patches Details | [command]``errata-list`` | All patches that affect " +"registered clients.\n" +"| All patches | [command]``errata-list-all`` | All patches.\n" +"| Patches for Clients | [command]``errata-systems`` | Applicable patches and " +"any registered clients that are affected.\n" +"| Host Guests | [command]``host-guests`` | Host and guests mapping.\n" +"| Inactive Clients | [command]``inactive-systems`` | Inactive clients.\n" +"| System Inventory | [command]``inventory`` | Clients registered to the " +"server, together with hardware and software information.\n" +"| Kickstart Scripts | [command]``kickstart-scripts`` | All kickstart " +"scripts, with details.\n" +"| Kickstart Trees | [command]``kickstartable-trees`` | Kickstartable " +"trees.\n" +"| All Upgradable Versions | [command]``packages-updates-all`` | All newer " +"package versions that can be upgraded.\n" +"| Newest Upgradable Version | [command]``packages-updates-newest`` | Newest " +"package versions that can be upgraded.\n" +"| Proxy Overview | [command]``proxies-overview`` | All proxies and the " +"clients registered to each.\n" +"| Repositories | [command]``repositories`` | All repositories, with their " +"associated SSL details, and any filters.\n" +"| Result of SCAP | [command]``scap-scan`` | Result of OpenSCAP ``sccdf`` " +"evaluations.\n" +"| Result of SCAP | [command]``scap-scan-results`` | Result of OpenSCAP " +"``sccdf`` evaluations, in a different format.\n" +"| System Data | [command]``splice-export`` | Client data needed for splice " +"integration.\n" +"| System Crash: Count | [command]``system-crash-count`` | The total number " +"of client crashes.\n" +"| System Crash: Details | [command]``system-crash-details`` | Crash details " +"for all clients.\n" +"| System Currency | [command]``system-currency`` | Number of available " +"patches for each registered client.\n" +"| System Extra Packages | [command]``system-extra-packages`` | All packages " +"installed on all clients that are not available from channels the client is " +"subscribed to.\n" +"| System Groups | [command]``system-groups`` | System groups.\n" +"| Activation Keys for System Groups | [command]``system-groups-keys`` | " +"Activation keys for system groups.\n" +"| Systems in System Groups | [command]``system-groups-systems`` | Clients in " +"system groups.\n" +"| System Groups Users | [command]``system-groups-users`` | System groups and " +"users that have permissions on them.\n" +"| History: System | [command]``system-history`` | Event history for each " +"client.\n" +"| History: Channels | [command]``system-history-channels`` | Channel event " +"history.\n" +"| History: Configuration | [command]``system-history-configuration`` | " +"Configuration event history.\n" +"| History: Entitlements | [command]``system-history-entitlements`` | System " +"entitlement event history.\n" +"| History: Errata | [command]``system-history-errata`` | Errata event " +"history.\n" +"| History: Kickstart | [command]``system-history-kickstart`` | Kickstart " +"event history.\n" +"| History: Packages | [command]``system-history-packages`` | Package event " +"history.\n" +"| History: SCAP | [command]``system-history-scap`` | OpenSCAP event " +"history.\n" +"| MD5 Certificates | [command]``system-md5-certificates`` | All registered " +"clients using certificates with an MD5 checksum.\n" +"| Installed Packages | [command]``system-packages-installed`` | Packages " +"installed on clients.\n" +"| System Profiles | [command]``system-profiles`` | All clients registered to " +"the server, with software and system group information.\n" +"| Users | [command]``users`` | All users registered to {productname}.\n" +"| MD5 Users | [command]``users-md5`` | All users for all organizations using " +"MD5 encrypted passwords, with their details and roles.\n" +"| Systems administered | [command]``users-systems`` | Clients that " +"individual users can administer.\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:15 +msgid "" +"For more information about an individual report, run " +"[command]``spacewalk-report`` with the option [option]``--info`` or " +"[option]``--list-fields-info`` and the report name. The description and " +"list of possible fields in the report will be shown." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:16 +msgid "" +"For further information on program invocation and options, see the " +"[literal]``spacewalk-report(8)`` man page as well as the " +"[option]``--help``parameter of the [command]``spacewalk-report`` command." +msgstr "" + +#. type: Title = +#: modules/administration/pages/ssl-certs-selfsigned.adoc:1 +#, no-wrap +msgid "Self-Signed SSL Certificates" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:2 +msgid "" +"By default, {productname} uses a self-signed certificate. In this case, the " +"certificate is created and signed by {productname}. This method does not " +"use an independent certificate authority to guarantee that the details of " +"the certificate are correct. Third party CAs perform checks to ensure that " +"the information contained in the certificate is correct. For more on third " +"party CAs, see xref:administration:ssl-certs-imported.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:3 +msgid "" +"This section covers how to re-create your self-signed certificates on an " +"existing installation. It also covers how to create new self-signed " +"certificates and authenticate your existing clients to the new certificate, " +"using an intermediate certificate. Intermediate certificates merge the " +"intermediate and root CA certificates into one file. Ensure that the " +"intermediate certificate comes first in the combined file." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:4 +msgid "" +"The host name of the SSL keys and certificates must match the fully " +"qualified host name of the machine you deploy them on." +msgstr "" + +#. type: Title == +#: modules/administration/pages/ssl-certs-selfsigned.adoc:5 +#, no-wrap +msgid "Re-Create Existing Server Certificates" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:6 +msgid "" +"If your existing certificates have expired or stopped working for any " +"reason, you can generate a new server certificate from the existing CA." +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:7 +#, no-wrap +msgid "Procedure: Re-Creating an Existing Server Certificate" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:8 +msgid "" +"On the {productname} Server, at the command prompt, regenerate the server " +"certificate:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:9 +#, no-wrap +msgid "" +"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" " +"--set-country=\"COUNTRY\" \\\n" +"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" +"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" +"--set-hostname=\"susemanager.example.com\" --set-cname=\"example.com\"\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:10 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:26 +msgid "" +"Ensure that the [systemitem]``set-cname`` parameter is the fully-qualified " +"domain name of your {productname} Server. You can use the the " +"[systemitem]``set-cname`` parameter multiple times if you require multiple " +"aliases." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:11 +msgid "Install the RPM that contains the newly generated certificate." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:12 +msgid "" +"Check that you have the latest version of the RPM before running this " +"command. The version number is incremented every time you re-create the " +"certificates." +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:13 +#, no-wrap +msgid "" +"rpm -Uhv " +"/root/ssl-build/lnx0259a/rhn-org-httpd-ssl-key-pair-lnx0259a-1.0-2.noarch.rpm\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:14 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:61 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:73 +msgid "Restart services to pick up the changes:" +msgstr "" + +#. type: Title == +#: modules/administration/pages/ssl-certs-selfsigned.adoc:16 +#, no-wrap +msgid "Create and Replace CA and Server Certificates" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:17 +msgid "" +"If you need to create entirely new certificates for an existing " +"installation, you need to create a combined certificate first. Clients will " +"authenticate to the certificate with both the old and new details. Then you " +"can go ahead and remove the old details. This maintains the chain of trust." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/ssl-certs-selfsigned.adoc:18 +msgid "" +"Be careful with this procedure! It is possible to break the trust chain " +"between the server and clients using this procedure. If that happens, you " +"will need an administrative user to log in to every client and deploy the CA " +"directly." +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:19 +#, no-wrap +msgid "Procedure: Creating New Certificates" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:20 +msgid "" +"On the {productname} Server, at the command prompt, move the old certificate " +"directory to a new location:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:22 +msgid "Generate a new CA certificate and create an RPM:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:23 +#, no-wrap +msgid "" +"rhn-ssl-tool --gen-ca --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" " +"\\\n" +"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" +"--set-org-unit=\"ORGANIZATION UNIT\" --set-common-name=\"SUSE Manager CA " +"Certificate\" \\\n" +"--set-email=\"name@example.com\"\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:24 +msgid "Generate a new server certificate and create an RPM:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:25 +#, no-wrap +msgid "" +"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" " +"--set-country=\"COUNTRY\" \\\n" +"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" +"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" +"--set-hostname=\"susemanager.example.top\" --set-cname=\"example.com\"\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:27 +msgid "" +"You will need to generate a server certificate RPM for each proxy, using " +"their host names and cnames." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:28 +msgid "" +"When you have new certificates, you can create the combined RPMs to " +"authenticate the clients." +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:29 +#, no-wrap +msgid "Procedure: Create Combined Certificate RPMs" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:30 +msgid "" +"Create a new CA file that combines the old and new certificate details, and " +"generate a new RPM:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:31 +#, no-wrap +msgid "" +"mkdir /root/combined-ssl-build\n" +"cp /root/old-ssl-build/RHN-ORG-TRUSTED-SSL-CERT /root/combined-ssl-build/\n" +"cat /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT >> " +"/root/combined-ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" +"cp /root/old-ssl-build/*.rpm /root/combined-ssl-build/\n" +"rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/combined-ssl-build\"\n" +msgstr "" + +#. I would like to split up these steps, I think. LKB 2019-09-10 +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:32 +msgid "Deploy the CA certificate on the server:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:33 +#, no-wrap +msgid "" +"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/combined-ssl-build \\\n" +"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:34 +msgid "" +"When you have the combined RPMs, you can deploy the combined CA certificates " +"to your clients." +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:35 +#, no-wrap +msgid "Procedure: Deploying Combined Certificates on Traditional Clients" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:36 +msgid "On the client, create a new custom channel using these details:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:37 +msgid "Name: SSL-CA-Channel" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:38 +msgid "Label: ssl-ca-channel" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:39 +msgid "Parent Channel: " +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:40 +msgid "Summary: SSL-CA-Channel" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:41 +msgid "" +"For more on creating custom channels, see " +"xref:administration:channel-management.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:42 +msgid "Upload the CA certificate RPM to the channel:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:43 +#, no-wrap +msgid "" +"rhnpush -c ssl-ca-channel --nosig \\\n" +"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" +"/root/combined-ssl-build/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:44 +msgid "Subscribe all clients to the new ``SSL-CA-Channel`` channel." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:45 +msgid "Install the CA certificate RPM on all clients by updating the channel." +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:46 +#, no-wrap +msgid "Procedure: Deploying Combined Certificates on Salt Clients" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:47 +msgid "In the {productname} {webui}, navigate to menu:Systems[Overview]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:48 +msgid "Check all your Salt Clients to add them to the system set manager." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:49 +msgid "Navigate to menu:Systems[System Set Manager > Overview]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:50 +msgid "" +"In the [guimenu]``States`` field, click btn:[Apply] to apply the system " +"states." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:51 +msgid "" +"In the [guimenu]``Highstate`` page, click btn:[Apply Highstate] to propagate " +"the changes to the clients." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:52 +msgid "" +"When you have every client trusting both the old and new certificates, you " +"can go ahead and replace the server certificate on the {productname} Server " +"and Proxies." +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:53 +#, no-wrap +msgid "Procedure: Replace Server Certificate on the Server" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:54 +msgid "" +"On the {productname} Server, at the command prompt, install the RPM from the " +"[path]``ssl-build`` directory:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:55 +#, no-wrap +msgid "" +"rpm -Uhv " +"ssl-build/susemanager/rhn-org-httpd-ssl-key-pair-susemanager-1.0-2.noarch.rpm\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:56 +msgid "Restart services to pick the changes:" +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:58 +#, no-wrap +msgid "Procedure: Replace Server Certificate on the Proxy" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:59 +msgid "" +"On the {productname} Proxy, at the command prompt, install the RPM from the " +"[path]``ssl-build`` directory:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:60 +#, no-wrap +msgid "" +"rpm -Uhv " +"ssl-build/susemanager-proxy/rhn-org-httpd-ssl-key-pair-susemanager-proxy-1.0-2.noarch.rpm\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:62 +#, no-wrap +msgid "rhn-proxy restart\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:63 +msgid "" +"Test that all clients still operate as expected and can use SSL to reach the " +"{productname} Server and any proxies." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:64 +msgid "" +"When you have replaced the server certificates on your server and any " +"proxies, you need to update the certificate with only the new details on all " +"the clients. This is done by adding it to the client channels you set up " +"previously." +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:65 +#, no-wrap +msgid "Procedure: Adding the New Certificates to the Client Channel" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:66 +msgid "" +"Copy the combined certificate RPM into the [path]``/root/ssl-build/`` " +"directory:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:67 +#, no-wrap +msgid "cp /root/combined-ssl-build/*.rpm /root/ssl-build/\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:68 +msgid "Generate a new RPM with from the new certificates." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:69 +msgid "" +"Check the release number carefully to ensure you have the right certificate " +"file:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:70 +#, no-wrap +msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\"\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:71 +msgid "Install the new local certificates on the {productname} Server:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:72 +#, no-wrap +msgid "" +"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/ssl-build \\\n" +"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:75 +msgid "Upload the new RPM into the channel:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:76 +#, no-wrap +msgid "" +"rhnpush -c ssl-ca-channel --nosig \\\n" +"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" +"/root/ssl-build/rhn-org-trusted-ssl-cert-1.0-3.noarch.rpm\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:77 +msgid "" +"When you have the new certificate in the channel, you can use the " +"{productname} {webui} to update it on all clients and proxies, by " +"synchronizing them with the channel. Alternatively, for Salt clients, you " +"can use menu:Salt[Remote Commands], or apply the highstate." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:78 +msgid "" +"You will also need to update your proxies to remove the copy of the " +"certificate and the associated RPM. Your proxies must have the same " +"certificate content as the server. Check the [path]``/srv/www/htdocs/pub/`` " +"directory and ensure it contains:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:79 #, no-wrap -msgid "Timeout_Value_in_Minutes\n" +msgid "" +"RHN-ORG-TRUSTED-SSL-CERT\n" +"rhn-org-trusted-ssl-cert-*.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:52 -msgid "Restart services:" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:80 +msgid "To complete the process, you need to update the database with this command:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:81 +#, no-wrap +msgid "" +"/usr/bin/rhn-ssl-dbstore " +"--ca-cert=/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:82 +msgid "" +"If you use bootstrap, remember to also update your bootstrap scripts to " +"reflect the new certificate information." msgstr "" #. type: Title = -#: modules/administration/pages/tshoot-notifications.adoc:2 +#: modules/administration/pages/tshoot-corruptrepo.adoc:1 #, no-wrap -msgid "Troubleshooting Notifications" +msgid "Troubleshooting Corrupt Repositories" +msgstr "" + +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# +#. Troubleshooting format: +# +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +# +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step +#. type: Plain text +#: modules/administration/pages/tshoot-corruptrepo.adoc:2 +msgid "" +"The information in the repository metadata files can become corrupt or out " +"of date. This can create problems with updating clients. You can fix this " +"by removing the files and regenerating it. With an new repository data " +"file, updates should operate as expected." +msgstr "" + +#. type: Block title +#: modules/administration/pages/tshoot-corruptrepo.adoc:3 +#, no-wrap +msgid "Procedure: Resolving Corrupt Repository Data" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-corruptrepo.adoc:4 +msgid "" +"Remove all files from " +"[path]``/var/cache/rhn/repodata/-updates-x86_64``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-corruptrepo.adoc:5 +msgid "" +"If you do not know the channel label, you can find it in the {productname} " +"{webui}, by navigating to menu:Software[Channels > Channel Label]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-corruptrepo.adoc:6 +msgid "Regenerate the file from the command line:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-corruptrepo.adoc:7 +#, no-wrap +msgid "spacecmd softwarechannel_regenerateyumcache -updates-x86_64\n" +msgstr "" + +#. type: Title = +#: modules/administration/pages/tshoot-firewalls.adoc:1 +#, no-wrap +msgid "Troubleshooting Firewalls" +msgstr "" + +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# +#. Troubleshooting format: +# +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +# +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step +# +# +#. Cause: User firewall is set to block outgoing traffic by dropping the packet request. During sync with SCC, SUMA waits for an answer on each URL until it times out, eventually causing the entire refresh of the product list to timeout. Applies only to third party (non-SUSE) products, as sync with SCC needs to access locations other than SCC to verify if the if the download location is valid. +# +#. Consequence: The sync to SCC fails, and the third party products are not shown in the product list. +# +#. Fix: Configure the firewall to reject requests from SUMA instead of drop (preferred), or configure a firewall on the server (if no ability to change firewall settings) +# +#. Result: Sync to SCC will either be able to reach the URLs required, or will have request rejected so that the request fails rather than times out. +#. type: Plain text +#: modules/administration/pages/tshoot-firewalls.adoc:2 +msgid "" +"If you are using a firewall that blocks outgoing traffic, it will either " +"``REJECT`` or ``DROP`` network requests. If it is set to ``DROP`` then you " +"might find that synchronizing with the {scc} times out." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-firewalls.adoc:3 +msgid "" +"This occurs because the synchronization process needs to access third-party " +"repositories that provide packages for non-{suse} clients, and not just the " +"{scc}. When the {productname} Server attempts to reach these repositories " +"to check that they are valid, the firewall drops the requests, and the " +"synchronization continues to wait for the response until it times out." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-firewalls.adoc:4 +msgid "" +"If this occurs, you will notice that the synchronization will take a long " +"time before it fails, and that your non-{suse} products are not shown in the " +"product list." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-firewalls.adoc:5 +msgid "You can fix this problem in several different ways." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-firewalls.adoc:6 +msgid "" +"The simplest method is to configure your firewall to allow access to the " +"URLs required by non-{suse} repositories. This allows the synchronization " +"process to reach the URLs and complete successfully." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-firewalls.adoc:7 +msgid "" +"If allowing external traffic is not possible, configure your firewall to " +"``REJECT`` requests from {productname} instead of ``DROP``. This rejects " +"requests to third-party URLs, so that the synchronization fails early rather " +"than times out, and the products are not shown in the list." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-firewalls.adoc:8 +msgid "" +"If you do not have configuration access to the firewall, you can consider " +"setting up a separate firewall on the {productname} Server instead." +msgstr "" + +#. type: Title = +#: modules/administration/pages/tshoot-hostname-rename.adoc:1 +#, no-wrap +msgid "Troubleshooting Renaming {productname} Server" msgstr "" +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# +#. Troubleshooting format: # +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? # +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step +#. Showing my working. --LKB 2020-06-22 # +#. Cause: Renaming the hostname +#. Consequence: Changes not picked up by db, clients and proxies +#. Fix: Use the [command]``spacewalk-hostname-rename`` script to update the settings in the PostgreSQL database and the internal structures of {productname}. +#. Result: Renaming is successfully propagated +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:2 +msgid "" +"If you change the hostname of the {productname} Server locally, your " +"{productname} installation will cease to work properly. This is because the " +"changes have not been made in the database, which prevents the changes from " +"propagating out your clients and any proxies." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:3 +msgid "" +"If you need to change the hostname of the {productname} Server, you can do " +"so using the [command]``spacewalk-hostname-rename`` script. This script " +"updates the settings in the PostgreSQL database and the internal structures " +"of {productname}." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:4 +msgid "" +"The [command]``spacewalk-hostname-rename`` script is part of the " +"[package]``spacewalk-utils`` package." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:5 +msgid "" +"The only mandatory parameter for the script is the newly configured IP " +"address of the {productname} Server." +msgstr "" + +#. type: Block title +#: modules/administration/pages/tshoot-hostname-rename.adoc:6 +#, no-wrap +msgid "Procedure: Renaming {productname} Server" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:7 +msgid "" +"Change the network settings of the server on the system level locally and " +"remotely at the DNS server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:8 +msgid "" +"You will also need to provide configuration settings for reverse name " +"resolution. Changing network settings is done in the same way as with " +"renaming any other system." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:9 +msgid "" +"Reboot the {productname} Server to use the new network configuration and to " +"ensure the hostname has changed." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:10 +msgid "Remove the old [package]``rhn-org-httpd-ssl-key-pair`` package:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-hostname-rename.adoc:11 +#, no-wrap +msgid "zypper rm package rhn-org-httpd-ssl-key-pair\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:12 +msgid "" +"Run the script [command]``spacewalk-hostname-rename`` script with the public " +"IP address of the server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:13 +msgid "If the server is not using the new hostname, the script will fail." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:14 +msgid "" +"Re-configure your clients to make your environment aware of the new hostname " +"and IP address." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:15 +msgid "" +"In the Salt minion configuration file [path]``/etc/salt/minion``, you must " +"make sure to specify the name of the new Salt master ({productname} Server):" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-hostname-rename.adoc:16 +#, no-wrap +msgid "master: \n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:17 +msgid "" +"Traditional clients have the [path]``/etc/sysconfig/rhn/up2date`` " +"configuration file that must be changed. With a re-activation key you can " +"re-register traditional clients (if there are any). For more information, " +"see xref:client-configuration:registration-cli.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:18 +msgid "" +"OPTIONAL: If you use PXE boot through a {productname} Proxy, you must check " +"the configuration settings of the proxy." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:19 +msgid "" +"On the proxy, run the [command]``configure-tftpsync.sh`` setup script and " +"enter the requested information. For more information, see " +"xref:installation:proxy-setup.adoc[]." +msgstr "" + +#. type: Title = +#: modules/administration/pages/tshoot-inactiveclients.adoc:1 +#, no-wrap +msgid "Troubleshooting Inactive clients" +msgstr "" + #. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# #. Troubleshooting format: +# #. One sentence each: #. Cause: What created the problem? #. Consequence: What does the user see when this happens? #. Fix: What can the user do to fix this problem? #. Result: What happens after the user has completed the fix? +# #. If more detailed instructions are required, put them in a "Resolving" procedure: #. .Procedure: Resolving Widget Wobbles #. . First step #. . Another step #. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-notifications.adoc:26 +#: modules/administration/pages/tshoot-inactiveclients.adoc:2 msgid "" -"The default lifetime of notification messages is 30 days, after which " -"messages are deleted from the database, regardless of read status. To " -"change this value, add or edit this line in [path]``/etc/rhn/rhn.conf``:" +"A Taskomatic job periodically pings clients to ensure they are connected. " +"Clients are considered inactive if they have not responded to a Taskomatic " +"check in for 24 hours or more. To see a list of inactive clients in the " +"{webui}, navigate to menu:Systems[System List > Inactive]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-notifications.adoc:29 -#, no-wrap -msgid "java.notifications_lifetime = 30\n" +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:3 +msgid "Clients can become inactive for a number of reasons:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:4 +msgid "The client is not entitled to any {productname} service." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:5 +msgid "If the client remains unentitled for 180 days (6 months), it is removed." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:6 +msgid "On traditional clients, the [clientitem]``rhnsd`` service has been disabled." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:7 +msgid "The client is behind a firewall that does not allow HTTPS connections." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-notifications.adoc:33 +#: modules/administration/pages/tshoot-inactiveclients.adoc:8 +msgid "The client is behind a proxy that is misconfigured." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:9 msgid "" -"All notification types are enabled by default. To disable a notification " -"type, add or edit this line in [path]``/etc/rhn/rhn.conf``:" +"The client is communicating with a different {productname} Server, or the " +"connection has been misconfigured." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-notifications.adoc:36 -#, no-wrap -msgid "java.notifications_type_disabled = OnboardingFailed,ChannelSyncFailed,ChannelSyncFinished\n" +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:10 +msgid "" +"The client is not in a network that can communicate with the " +"{productname} Server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:11 +msgid "" +"A firewall is blocking traffic between the client and the {productname} " +"Server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:12 +msgid "Taskomatic is misconfigured." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:13 +msgid "" +"For more information about client connections to the server, see " +"xref:client-configuration:contact-methods-intro.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:14 +msgid "" +"For more information about configuring ports, see " +"xref:installation:ports.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:15 +msgid "" +"For more information about troubleshooting firewalls, see " +"xref:administration:tshoot-firewalls.adoc[]." msgstr "" #. type: Title = -#: modules/administration/pages/tshoot-osadjabberd.adoc:2 +#: modules/administration/pages/tshoot-registerclones.adoc:1 #, no-wrap -msgid "Troubleshooting OSAD and jabberd" +msgid "Troubleshooting Registering Cloned Clients" msgstr "" -# -# -# #. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# #. Troubleshooting format: +# #. One sentence each: #. Cause: What created the problem? #. Consequence: What does the user see when this happens? #. Fix: What can the user do to fix this problem? #. Result: What happens after the user has completed the fix? +# #. If more detailed instructions are required, put them in a "Resolving" procedure: #. .Procedure: Resolving Widget Wobbles #. . First step #. . Another step #. . Last step -#. type: Title == -#: modules/administration/pages/tshoot-osadjabberd.adoc:24 -#, no-wrap -msgid "Open File Count Exceeded" +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:2 +msgid "" +"If you are using {productname} to manage virtual machines, you might find it " +"useful to create clones of your VMs. A clone is a VM that uses a primary " +"disk that is an exact copy of an existing disk." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:27 +#: modules/administration/pages/tshoot-registerclones.adoc:3 msgid "" -"In some cases, the maximum number of files that jabber can open is lower " -"than the number of connected OSAD clients." +"While cloning VMs can save you a lot of time, the duplicated identifying " +"information on the disk can sometimes cause problems." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:29 +#: modules/administration/pages/tshoot-registerclones.adoc:4 msgid "" -"If this occurs, OSAD clients cannot contact the SUSE Manager Server, and " -"jabberd will take an excessive amount of time to respond on port 5222." +"If you have a client that is already registered, you create a clone of that " +"client, and then try and register the clone, you probably want {productname} " +"to register them as two separate clients. However, if the machine ID in " +"both the original client and the clone is the same, {productname} will " +"register both clients as one system, and the existing client data will be " +"over-written with that of the clone." msgstr "" -#. type: delimited block = -#: modules/administration/pages/tshoot-osadjabberd.adoc:35 +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:5 msgid "" -"This fix is only required if you have more than 8192 clients connected using " -"OSAD. In this case, we recommend you consider using Salt clients instead. " -"For more information about tuning large scale installations, see xref:salt:" -"large-scale.adoc[]." +"This can be resolved by changing the machine ID of the clone, so that " +"{productname} recognizes them as two different clients." msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:39 +#. type: delimited block = +#: modules/administration/pages/tshoot-registerclones.adoc:6 msgid "" -"You can increase the number of files available to jabber by editing the " -"jabberd local configuration file. By default, the file is located at " -"[path]``/etc/systemd/system/jabberd.service.d/override.conf``." +"Each step of this procedure is performed on the cloned client. This " +"procedure does not manipulate the original client, which will still be " +"registered to {productname}." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-osadjabberd.adoc:42 +#: modules/administration/pages/tshoot-registerclones.adoc:7 #, no-wrap -msgid "Procedure: Adjusting the Maximum File Count" +msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Salt Clients" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:8 +#: modules/administration/pages/tshoot-registerclones.adoc:21 +msgid "On the cloned machine, change the hostname and IP addresses." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:45 +#: modules/administration/pages/tshoot-registerclones.adoc:9 +#: modules/administration/pages/tshoot-registerclones.adoc:22 msgid "" -"At the command prompt, as root, open the local configuration file for " -"editing:" +"Make sure [path]``/etc/hosts`` contains the changes you made and the correct " +"host entries." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:10 +msgid "" +"For distributions that support systemd: If your machines have the same " +"machine ID, delete the file on each duplicated client and re-create it:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:12 +msgid "" +"For distributions that do not support systemd: Generate a machine ID from " +"dbus:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:14 +msgid "" +"If your clients still have the same Salt client ID, delete the " +"[path]``minion_id`` file on each client (FQDN will be used when it is " +"regenerated on client restart):" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-osadjabberd.adoc:48 +#: modules/administration/pages/tshoot-registerclones.adoc:15 #, no-wrap -msgid "systemctl edit jabberd\n" +msgid "# rm /etc/salt/minion_id\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:50 -msgid "Add or edit this section:" +#: modules/administration/pages/tshoot-registerclones.adoc:16 +msgid "" +"Delete accepted keys from the onboarding page and the system profile from " +"{productname}, and restart the client with:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-osadjabberd.adoc:54 +#: modules/administration/pages/tshoot-registerclones.adoc:17 #, no-wrap +msgid "# service salt-minion restart\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:18 +msgid "Re-register the clients." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:19 msgid "" -"[Service]\n" -"LimitNOFILE=:\n" +"Each client will now have a different [path]``/etc/machine-id`` and should " +"be correctly displayed on the [guimenu]``System Overview`` page." +msgstr "" + +#. type: Block title +#: modules/administration/pages/tshoot-registerclones.adoc:20 +#, no-wrap +msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Traditional Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:58 +#: modules/administration/pages/tshoot-registerclones.adoc:23 msgid "" -"The value you choose will vary depending on your environment. For example, " -"if you have 9500 clients, increase the soft value by 100 to 9600, and the " -"hard value by 1000 to 10500:" +"Stop the [systemitem]``rhnsd`` daemon, on {rhnminrelease6} and {sle} 11 " +"with:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-osadjabberd.adoc:63 +#: modules/administration/pages/tshoot-registerclones.adoc:24 #, no-wrap -msgid "" -"[Unit]\n" -"LimitNOFILE=\n" -"LimitNOFILE=9600:10500\n" +msgid "# /etc/init.d/rhnsd stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:65 -msgid "Save the file and exit the editor." +#: modules/administration/pages/tshoot-registerclones.adoc:25 +msgid "or, on newer systemd-based systems, with:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/tshoot-osadjabberd.adoc:70 -msgid "" -"The default editor for systemctl files is vim. To save the file and exit, " -"press kbd:[Esc] to enter ``normal`` mode, type kbd:[:wq] and press kbd:" -"[Enter]." +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:26 +#, no-wrap +msgid "# service rhnsd stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:74 -msgid "" -"Ensure you also update the `max_fds` parameter in [path]``/etc/jabberd/c2s." -"xml``. For example: `10500`" +#: modules/administration/pages/tshoot-registerclones.adoc:27 +msgid "Stop [systemitem]``osad`` with:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:28 +#, no-wrap +msgid "# /etc/init.d/osad stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:79 -msgid "" -"The soft file limit is the maximum number of open files for a single " -"process. In {productname} the highest consuming process is ``c2s``, which " -"opens a connection per client. 100 additional files are added, here, to " -"accommodate for any non-connection file that ``c2s`` requires to work " -"correctly. The hard limit applies to all processes belonging to jabber, and " -"also accounts for open files from the router, ``c2s`` and ``sm`` processes." +#: modules/administration/pages/tshoot-registerclones.adoc:29 +#: modules/administration/pages/tshoot-registerclones.adoc:31 +msgid "or:" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-packages.adoc:2 +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:30 #, no-wrap -msgid "Troubleshooting Package Inconsistencies" +msgid "# service osad stop\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:32 +#, no-wrap +msgid "# rcosad stop\n" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:25 +#: modules/administration/pages/tshoot-registerclones.adoc:33 msgid "" -"When packages on a client are locked, {productname} Server may not be able " -"to correctly determine the set of applicable patches. When this occurs, " -"package updates will be available in the {webui}, but will not appear on the " -"client, and attempts to update the client will fail. Check package locks " -"and exclude lists to determine if packages are locked or excluded on the " -"client." +"Remove the [systemitem]``osad`` authentication configuration file and the " +"system ID:" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:27 -msgid "" -"On the client, check package locks and exclude lists to determine if " -"packages are locked or excluded:" +#: modules/administration/pages/tshoot-registerclones.adoc:35 +msgid "Delete the files containing the machine IDs:" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:29 -msgid "" -"On an Expanded Support Platform, check [path]``/etc/yum.conf`` and search " -"for ``exclude=``." +#: modules/administration/pages/tshoot-registerclones.adoc:36 +msgid "SLES{nbsp}12:" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:29 -msgid "On {sle} and {opensuse}, use the [command]``zypper locks`` command." +#: modules/administration/pages/tshoot-registerclones.adoc:38 +msgid "SLES{nbsp}11:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:39 +#, no-wrap +msgid "# suse_register -E\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:40 +msgid "Remove the credential files:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:41 +msgid "SLES clients:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:42 +#, no-wrap +msgid "# rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:43 +msgid "{rhel} clients:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:44 +#, no-wrap +msgid "# rm -f /etc/NCCcredentials\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:45 +msgid "Re-run the bootstrap script." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:46 +msgid "" +"You should now see the cloned system in {productname} without overriding the " +"system it was cloned from." msgstr "" #. type: Title = -#: modules/administration/pages/tshoot-registerclones.adoc:2 +#: modules/administration/pages/tshoot-saltboot.adoc:1 #, no-wrap -msgid "Troubleshooting Registering Cloned Clients" +msgid "Troubleshooting the Saltboot Formula" msgstr "" -# -# -# #. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# #. Troubleshooting format: +# #. One sentence each: #. Cause: What created the problem? #. Consequence: What does the user see when this happens? #. Fix: What can the user do to fix this problem? #. Result: What happens after the user has completed the fix? +# #. If more detailed instructions are required, put them in a "Resolving" procedure: #. .Procedure: Resolving Widget Wobbles #. . First step #. . Another step #. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:25 -msgid "" -"If you are using {productname} to manage virtual machines, you might find it " -"useful to create clones of your VMs. A clone is a VM that uses a primary " -"disk that is an exact copy of an existing disk." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:27 +#: modules/administration/pages/tshoot-saltboot.adoc:2 msgid "" -"While cloning VMs can save you a lot of time, the duplicated identifying " -"information on the disk can sometimes cause problems." +"Because of a problem in the computed partition size value, the saltboot " +"formula can sometimes fail when it is created on SLE{nbsp}11 SP3 clients, " +"with an error like this:" msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:30 +#. type: delimited block - +#: modules/administration/pages/tshoot-saltboot.adoc:3 +#, no-wrap msgid "" -"If you have a client that is already registered, you create a clone of that " -"client, and then try and register the clone, you probably want {productname} " -"to register them as two separate clients. However, if the machine ID in " -"both the original client and the clone is the same, {productname} will " -"register both clients as one system, and the existing client data will be " -"over-written with that of the clone." +" ID: disk1_partitioned\n" +" Function: saltboot.partitioned\n" +" Name: disk1\n" +" Result: false\n" +" Comment: An exception occurred in this state: Traceback (most recent " +"call last):\n" +" File \"/usr/lib/python2.6/site-packages/salt/state.py\", line 1767, in " +"call\n" +" **cdata['kwargs'])\n" +" File \"/usr/lib/python2.6/site-packages/salt/loader.py\", line 1705, in " +"wrapper\n" +" return f(*args, **kwargs)\n" +" File \"/var/cache/salt/minion/extmods/states/saltboot.py\", line 393, in " +"disk_partitioned\n" +" existing = __salt__['partition.list'](device, unit='MiB')\n" +" File \"/usr/lib/python2.6/site-packages/salt/modules/parted.py\", line " +"177, in list_\n" +" 'Problem encountered while parsing output from parted')\n" +"CommandExecutionError: Problem encountered while parsing output from " +"parted\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:32 -msgid "" -"This can be resolved by changing the machine ID of the clone, so that " -"{productname} recognizes them as two different clients." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/tshoot-registerclones.adoc:37 +#: modules/administration/pages/tshoot-saltboot.adoc:4 msgid "" -"Each step of this procedure is performed on the cloned client. This " -"procedure does not manipulate the original client, which will still be " -"registered to {productname}." +"This problem can be resolved by manually configuring the size of the " +"partition containing the operating system. When the size is set correctly, " +"formula creation will work as expected." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-registerclones.adoc:41 +#: modules/administration/pages/tshoot-saltboot.adoc:5 #, no-wrap -msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Salt Clients" +msgid "Procedure: Manually Configuring the Partition Size in the Saltboot Formula" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:45 -#: modules/administration/pages/tshoot-registerclones.adoc:79 +#: modules/administration/pages/tshoot-saltboot.adoc:6 msgid "" -"On the cloned machine, change the hostname and IP addresses. Make sure " -"[path]``/etc/hosts`` contains the changes you made and the correct host " -"entries." +"In the {productname} {webui}, navigate to menu:Systems[System Groups] and " +"select the ``Hardware Type Group`` that contains the SLE{nbsp}11 SP3 client " +"that is causing the error." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:46 +#: modules/administration/pages/tshoot-saltboot.adoc:7 msgid "" -"For distributions that support systemd: If your machines have the same " -"machine ID, delete the file on each duplicated client and re-create it:" +"In the [guimenu]``Formulas`` tab, navigate to the [guimenu]``Saltboot`` " +"subtab." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:55 +#: modules/administration/pages/tshoot-saltboot.adoc:8 msgid "" -"For distributions that do not support systemd: Generate a machine ID from " -"dbus:" +"Locate the partition that contains the operating system, and in the " +"[guimenu]``Partition Size`` field, type the appropriate size (in MiB)." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:61 -msgid "" -"If your clients still have the same Salt client ID, delete the " -"[path]``minion_id`` file on each client (FQDN will be used when it is " -"regenerated on client restart):" +#: modules/administration/pages/tshoot-saltboot.adoc:9 +msgid "Click btn:[Save Formula], and apply the highstate to save your changes." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:64 +#. type: Title = +#: modules/administration/pages/openscap.adoc:1 #, no-wrap -msgid "# rm /etc/salt/minion_id\n" +msgid "System Security with OpenSCAP" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:66 +#: modules/administration/pages/openscap.adoc:2 msgid "" -"Delete accepted keys from the onboarding page and the system profile from " -"{productname}, and restart the client with:" +"{productname} uses OpenSCAP to audit clients. It allows you to schedule and " +"view compliance scans for any client." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:69 -#, no-wrap -msgid "# service salt-minion restart\n" +#. type: delimited block = +#: modules/administration/pages/openscap.adoc:3 +msgid "OpenSCAP auditing is not available on Salt SSH clients." msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:72 +#. type: delimited block = +#: modules/administration/pages/openscap.adoc:4 msgid "" -"Re-register the clients. Each client will now have a different [path]``/etc/" -"machine-id`` and should be correctly displayed on the [guimenu]``System " -"Overview`` page." +"Scanning clients can consume a lot of memory and compute power on the client " +"being scanned. For {redhat} clients, ensure you have at least 2{nbsp}GB of " +"RAM available on each client to be scanned." msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-registerclones.adoc:75 +#. type: Title == +#: modules/administration/pages/openscap.adoc:5 #, no-wrap -msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Traditional Clients" +msgid "About SCAP" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:80 +#: modules/administration/pages/openscap.adoc:6 msgid "" -"Stop the [systemitem]``rhnsd`` daemon, on {rhnminrelease6} and {sle} 11 with:" +"The Security Certification and Authorization Package (SCAP) is a " +"standardized compliance checking solution for enterprise-level Linux " +"infrastructures. It is a line of specifications maintained by the National " +"Institute of Standards and Technology (NIST) for maintaining system security " +"for enterprise systems." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:83 -#, no-wrap -msgid "# /etc/init.d/rhnsd stop\n" +#. type: Plain text +#: modules/administration/pages/openscap.adoc:7 +msgid "" +"SCAP was created to provide a standardized approach to maintaining system " +"security, and the standards that are used will therefore continually change " +"to meet the needs of the community and enterprise businesses. New " +"specifications are governed by NIST's SCAP Release cycle to provide a " +"consistent and repeatable revision work flow. For more information, see " +"http://scap.nist.gov/timeline.html." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:86 -msgid "or, on newer systemd-based systems, with:" +#: modules/administration/pages/openscap.adoc:8 +msgid "" +"{productname} uses OpenSCAP to implement the SCAP specifications. OpenSCAP " +"is an auditing tool that utilizes the Extensible Configuration Checklist " +"Description Format (XCCDF). XCCDF is a standard way of expressing checklist " +"content and defines security checklists. It also combines with other " +"specifications such as Common Platform Enumeration (CPE), Common " +"Configuration Enumeration (CCE), and Open Vulnerability and Assessment " +"Language (OVAL), to create a SCAP-expressed checklist that can be processed " +"by SCAP-validated products." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:89 +#. type: Plain text +#: modules/administration/pages/openscap.adoc:9 +msgid "" +"OpenSCAP verifies the presence of patches by using content produced by the " +"{suse} Security Team. OpenSCAP checks system security configuration " +"settings and examines systems for signs of compromise by using rules based " +"on standards and specifications. For more information about the {suse} " +"Security Team, see https://www.suse.com/support/security." +msgstr "" + +#. type: Title == +#: modules/administration/pages/openscap.adoc:10 #, no-wrap -msgid "# service rhnsd stop\n" +msgid "Prepare Clients for an SCAP Scan" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:91 -msgid "Stop [systemitem]``osad`` with:" +#: modules/administration/pages/openscap.adoc:11 +msgid "Before you begin, you need to prepare your client systems for SCAP scanning." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/openscap.adoc:12 +msgid "" +"For scanning {sles} clients, install the ``openscap-content`` and " +"``openscap-utils`` packages before you begin. Use this command to determine " +"the location of the appropriate SCAP files. Take a note of the file paths " +"for performing the scan:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:94 +#: modules/administration/pages/openscap.adoc:13 #, no-wrap -msgid "# /etc/init.d/osad stop\n" +msgid "rpm -ql openscap-content\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:97 -#: modules/administration/pages/tshoot-registerclones.adoc:103 -msgid "or:" +#: modules/administration/pages/openscap.adoc:14 +msgid "" +"For scanning {redhat} clients, install the ``scap-security-guide`` and " +"``openscap-utils`` packages before you begin. Use this command to determine " +"the location of the appropriate SCAP files. Take a note of the file paths " +"for performing the scan:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:100 +#: modules/administration/pages/openscap.adoc:15 #, no-wrap -msgid "# service osad stop\n" +msgid "rpm -ql scap-security-guide\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:106 +#. type: Title == +#: modules/administration/pages/openscap.adoc:16 #, no-wrap -msgid "# rcosad stop\n" +msgid "OpenSCAP Content Files" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:108 +#: modules/administration/pages/openscap.adoc:17 msgid "" -"Remove the [systemitem]``osad`` authentication configuration file and the " -"system ID:" +"OpenSCAP uses SCAP content files to define test rules. These content files " +"are created based on the XCCDF or OVAL standards. You can download publicly " +"available content files and customize it to your requirements. You can " +"install the ``openscap-content`` package for default content file " +"templates. Alternatively, if you are familiar with XCCDF or OVAL, you can " +"create your own content files." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/openscap.adoc:18 +msgid "" +"We recommend you use templates to create your SCAP content files. If you " +"create and use your own custom content files, you do so at your own risk. " +"If your system becomes damaged through the use of custom content files, you " +"might not be supported by {suse}." msgstr "" +#. ke 2013-08-28: Do we have SCAP content providers? Such as: The United States Government +#. Configuration Baseline (USGCB) for RHEL5 Desktop or Community-provided content (openscap-content +#. package)? For more info, see +#. https://access.redhat.com/site/documentation/en-US/Red_Hat_Network_Satellite/5.5/html/User_Guide/chap-Red_Hat_Network_Satellite-User_Guide-OpenSCAP.html # +#. I think this question is still valid. Who should we contact? LKB 2020-02-06 #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:113 -msgid "Delete the files containing the machine IDs:" +#: modules/administration/pages/openscap.adoc:19 +msgid "" +"When you have created your content files, you need to transfer the file to " +"the client. You can do this in the same way as you move any other file, " +"using physical storage media, or across a network with [command]``ftp`` or " +"[command]``scp``." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:115 -msgid "SLES{nbsp}12:" +#: modules/administration/pages/openscap.adoc:20 +msgid "" +"We recommend that you create a package to distribute content files to " +"clients that you are managing with {productname}. Packages can be signed " +"and verified to ensure their integrity. For more information, see " +"xref:administration:custom-channels.adoc[]." +msgstr "" + +#. type: Title == +#: modules/administration/pages/openscap.adoc:21 +#, no-wrap +msgid "Perform an Audit Scan" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:123 -msgid "SLES{nbsp}11:" +#: modules/administration/pages/openscap.adoc:22 +msgid "" +"When you have transferred your content files, you can perform audit scans. " +"Audit scans can be triggered using the {productname} {webui}. You can also " +"use the {productname} API to schedule regular scans." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:126 +#. type: Block title +#: modules/administration/pages/openscap.adoc:23 #, no-wrap -msgid "# suse_register -E\n" +msgid "Procedure: Running an Audit Scan from the {webui}" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:128 -msgid "Remove the credential files:" +#: modules/administration/pages/openscap.adoc:24 +msgid "" +"In the {productname} {webui}, navigate to menu:Systems[Systems List] and " +"select the client you want to scan." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:129 -msgid "SLES clients:" +#: modules/administration/pages/openscap.adoc:25 +msgid "" +"Navigate to the [guimenu]``Audit`` tab, and the [guimenu]``Schedule`` " +"subtab." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:132 -#, no-wrap -msgid "# rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}\n" +#. type: Plain text +#: modules/administration/pages/openscap.adoc:26 +msgid "" +"In the [guimenu]``Path to XCCDF Document`` field, enter the path to the " +"XCCDF content file on the client. For example: " +"[path]``/usr/share/openscap/scap-yast2sec-xccdf.xml``" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:134 -msgid "{rhel} clients:" +#: modules/administration/pages/openscap.adoc:27 +msgid "The scan will run at the client's next scheduled synchronization." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:137 +#. type: delimited block = +#: modules/administration/pages/openscap.adoc:28 +msgid "" +"The XCCDF content file is validated before it is run on the remote system. " +"If the content file includes invalid arguments, the test will fail." +msgstr "" + +#. type: Block title +#: modules/administration/pages/openscap.adoc:29 #, no-wrap -msgid "# rm -f /etc/NCCcredentials\n" +msgid "Procedure: Running an Audit Scan from the API" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:139 +#: modules/administration/pages/openscap.adoc:30 msgid "" -"Re-run the bootstrap script. You should now see the cloned system in " -"{productname} without overriding the system it was cloned from." +"Before you begin, ensure that the client to be scanned has Python and " +"XML-RPC libraries installed." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-rpctimeout.adoc:2 -#, no-wrap -msgid "Troubleshooting RPC Connection Timeouts" +#. type: Plain text +#: modules/administration/pages/openscap.adoc:31 +msgid "" +"Choose an existing script or create a script for scheduling a system scan " +"through ``system.scap.scheduleXccdfScan``. For example:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/openscap.adoc:32 +#, no-wrap +msgid "" +"#!/usr/bin/python\n" +"client = xmlrpclib.Server('https://spacewalk.example.com/rpc/api')\n" +"key = client.auth.login('username', 'password')\n" +"client.system.scap.scheduleXccdfScan(key, <1000010001>,\n" +" '',\n" +" '--profile ')\n" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:26 -msgid "" -"RPC connections can sometimes time out due to slow networks or a network " -"link going down. This results in package downloads or batch jobs hanging or " -"taking longer than expected. You can adjust the maximum time that an RPC " -"connection can take by editing the configuration file. While this will not " -"resolve networking problems, it will cause a process to fail rather than " -"hang." +#: modules/administration/pages/openscap.adoc:33 +msgid "In this example:" msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-rpctimeout.adoc:28 -#, no-wrap -msgid "Procedure: Resolving RPC connection timeouts" +#. type: Plain text +#: modules/administration/pages/openscap.adoc:34 +msgid "``<1000010001>`` is the system ID (sid)." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:31 +#: modules/administration/pages/openscap.adoc:35 msgid "" -"On the {productname} Server, open the [filename]``/etc/rhn/rhn.conf`` file " -"and set a maximum timeout value (in seconds):" +"```` is the path to the content file location on the " +"client. For example, " +"[path]``/usr/local/share/scap/usgcb-sled15desktop-xccdf.xml``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:34 -#, no-wrap -msgid "server.timeout =`number`\n" +#. type: Plain text +#: modules/administration/pages/openscap.adoc:36 +msgid "" +"```` is an additional argument for the [command]``oscap`` " +"command. For example, use " +"``united_states_government_configuration_baseline`` (USGCB)." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:36 -msgid "" -"On the {productname} Proxy, open the [filename]``/etc/rhn/rhn.conf`` file " -"and set a maximum timeout value (in seconds):" +#: modules/administration/pages/openscap.adoc:37 +msgid "Run the script on the client you want to scan, from the command prompt." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:39 +#. type: Title == +#: modules/administration/pages/openscap.adoc:38 #, no-wrap -msgid "proxy.timeout =`number`\n" +msgid "Scan Results" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/openscap.adoc:39 +msgid "" +"Information about the scans you have run is in the {productname} {webui}. " +"Navigate to to menu:Audit[OpenSCAP > All Scans] for a table of results. For " +"more information about the data in this table, see " +"xref:reference:audit/openscap-all-scans.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:41 +#: modules/administration/pages/openscap.adoc:40 msgid "" -"On a {sles} client that uses zypper, open the [filename]``/etc/zypp/zypp." -"conf`` file and set a maximum timeout value (in seconds):" +"To ensure that detailed information about scans is available, you need to " +"enable it on the client. In the {productname} {webui}, navigate to " +"menu:Admin[Organizations] and click on the organization the client is a part " +"of. Navigate to the [guimenu]``Configuration`` tab, and check the " +"[guimenu]``Enable Upload of Detailed SCAP Files`` option. When enabled, " +"this generates an additional HTML file on every scan, which contains extra " +"information. The results will show an extra line similar to this:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:46 +#: modules/administration/pages/openscap.adoc:41 #, no-wrap msgid "" -"## Valid values: [0,3600]\n" -"## Default value: 180\n" -"download.transfer_timeout = 180\n" +"Detailed Results: xccdf-report.html xccdf-results.xml " +"scap-yast2sec-oval.xml.result.xml\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:48 +#: modules/administration/pages/openscap.adoc:42 msgid "" -"On a {rhel} client that uses yum, open the [filename]``/etc/yum.conf`` file " -"and set a maximum timeout value (in seconds):" +"To retrieve scan information from the command line, use the " +"[command]``spacewalk-report`` command:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:51 +#: modules/administration/pages/openscap.adoc:43 #, no-wrap -msgid "timeout =`number`\n" +msgid "" +"spacewalk-report system-history-scap\n" +"spacewalk-report scap-scan\n" +"spacewalk-report scap-scan-results\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/tshoot-rpctimeout.adoc:56 +#. type: Plain text +#: modules/administration/pages/openscap.adoc:44 msgid "" -"If you limit RPC timeouts to less than `180` seconds, you risk aborting " -"perfectly normal operations." +"You can also use the {productname} API to view results, with the " +"``system.scap`` handler." msgstr "" +#. Old content that has come across from the Reference Guide starts here. Pretty much all of this now exists in the right locations, but I'm leaving it here for posterity on the chance that there is yelling. --LKB 2020-08-05 +# +#. [[sm-audit-page]] +#. = Systems Audit Page +# +#. To display a system's audit page, click menu:Systems[system_name > Audit]. +#. Use this page to schedule and view compliance scans for a particular system. +#. Scans are performed by the OpenSCAP tool, which implements NIST's standard Security Content Automation Protocol (SCAP). +#. Before you scan a system, make sure that the SCAP content is prepared and all prerequisites in +#. xref:reference:audit/audit-openscap-overview.adoc#s1-openscap-suma-prerq[Prerequisites for Using OpenSCAP in {productname}] are met. +# +#. == List Scans +# +#. This subtab lists a summary of all scans completed on the system. +#. The following columns are displayed: +# +#. XCCDF Test Result:: +#. The scan test result name, which provides a link to the detailed results of the scan. +# +#. Completed:: +#. The exact time the scan finished. +# +#. Compliance:: +#. The unweighted pass/fail ratio of compliance based on the Standard used. +# +#. P:: +#. Number of checks that passed. +# +#. F:: +#. Number of checks that failed. +# +#. E:: +#. Number of errors that occurred during the scan. +# +#. U:: +#. Unknown. +# +#. N:: +#. Not applicable to the machine. +# +#. K:: +#. Not checked. +# +#. S:: +#. Not Selected. +# +#. I:: +#. Informational. +# +#. X:: +#. Fixed. +# +#. Total:: +#. Total number of checks. +# +# +#. Each entry starts with an icon indicating the results of a comparison to a previous similar scan. +#. The icons indicate the following: +# +#. * "RHN List Checked" Icon -- no difference between the compared scans. +#. * "RHN List Alert" Icon -- arbitrary differences between the compared scans. +#. * "RHN List Error" Icon -- major differences between the compared scans. Either there are more failures than the previous scan or less passes +#. * "RHN List Check In" Icon -- no comparable scan was found, therefore, no comparison was made. +# +# +#. To find out what has changed between two scans in more detail, select the ones you are interested in and click menu:Compare Selected Scans[] +#. . +#. To delete scans that are no longer relevant, select those and click on menu:Remove Selected Scans[] +#. . +#. Scan results can also be downloaded in CSV format. +# +#. == Scan Details +# +# +#. The Scan Details page contains the results of a single scan. +#. The page is divided into two sections: +# +#. Details of the XCCDF Scan:: +#. This section displays various details about the scan, including: +#. ** File System Path: the path to the XCCDF file used for the scan. +#. ** Command-line Arguments: any additional command-line arguments that were used. +#. ** Profile Identifier: the profile identifier used for the scan. +#. ** Profile Title: the title of the profile used for the scan. +#. ** Scan's Error output: any errors encountered during the scan. +# +#. XCCDF Rule Results:: +#. The rule results provide the full list of XCCDF rule identifiers, identifying tags, and the result for each of these rule checks. +#. This list can be filtered by a specific result. +# +# +#. [[sm-audit-schedule]] +#. == Schedule Audit +# +#. Use the Schedule New XCCDF Scan page to schedule new scans for specific machines. +#. Scans occur at the system's next scheduled check-in that occurs after the date and time specified. +#. The following fields can be configured: +# +#. Command-line Arguments::: +#. Optional arguments to the [command]``oscap`` command, either: +#. ** ``--profile PROFILE``: Specifies a particular profile from the XCCDF document. +#. + +#. Profiles are determined by the Profile tag in the XCCDF XML file. +#. Use the [command]``oscap`` command to see a list of profiles within a given XCCDF file, for example: +#. + +# +#. ---- +#. # oscap info /usr/local/share/scap/dist_sles12_scap-sles12-oval.xml +#. Document type: XCCDF Checklist +#. Checklist version: 1.1 +#. Status: draft +#. Generated: 2015-12-12 +#. Imported: 2016-02-15T22:09:33 +#. Resolved: false +#. Profiles: SLES12-Default +#. ---- +#. + +#. If not specified, the default profile is used. +#. Some early versions of OpenSCAP in require that you use the `--profile` option or the scan will fail. +#. ** ``--skip-valid``: Do not validate input and output files. You can use this option to bypass the file validation process if you do not have well-formed XCCDF content. +# +#. Path to XCCDF Document::: +#. This is a required field. +#. The path parameter points to the XCCDF content location on the client system. +#. For example: [path]``/usr/local/share/scap/dist_sles12_scap-sles12-oval.xml`` +#. + +# +#. WARNING: The XCCDF content is validated before it is run on the remote system. +#. Specifying invalid arguments can cause [command]``spacewalk-oscap`` to fail to validate or run. +#. Due to security concerns, the [command]``oscap xccdf eval`` command only accepts a limited set of parameters. +#. + +# +#. For information about how to schedule scans using the {webui} +#. , refer to: +#. xref:reference:audit/audit-openscap-overview.adoc#pro-os-suma-audit-scans-webui[Procedure: Scans via the Web Interface] +# #. type: Title = -#: modules/administration/pages/tshoot-saltboot.adoc:2 +#: modules/administration/pages/tshoot-osadjabberd.adoc:1 #, no-wrap -msgid "Troubleshooting the Saltboot Formula" +msgid "Troubleshooting OSAD and jabberd" msgstr "" -# -# -# #. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# #. Troubleshooting format: +# #. One sentence each: #. Cause: What created the problem? #. Consequence: What does the user see when this happens? #. Fix: What can the user do to fix this problem? #. Result: What happens after the user has completed the fix? +# #. If more detailed instructions are required, put them in a "Resolving" procedure: #. .Procedure: Resolving Widget Wobbles #. . First step #. . Another step #. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:23 +#: modules/administration/pages/tshoot-osadjabberd.adoc:2 msgid "" -"Because of a problem in the computed partition size value, the saltboot " -"formula can sometimes fail when it is created on SLE{nbsp}11 SP3 clients, " -"with an error like this:" +"In some cases, the maximum number of files that jabber can open is lower " +"than the number of connected OSAD clients." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-saltboot.adoc:39 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/tshoot-osadjabberd.adoc:3 msgid "" -" ID: disk1_partitioned\n" -" Function: saltboot.partitioned\n" -" Name: disk1\n" -" Result: false\n" -" Comment: An exception occurred in this state: Traceback (most recent call last):\n" -" File \"/usr/lib/python2.6/site-packages/salt/state.py\", line 1767, in call\n" -" **cdata['kwargs'])\n" -" File \"/usr/lib/python2.6/site-packages/salt/loader.py\", line 1705, in wrapper\n" -" return f(*args, **kwargs)\n" -" File \"/var/cache/salt/minion/extmods/states/saltboot.py\", line 393, in disk_partitioned\n" -" existing = __salt__['partition.list'](device, unit='MiB')\n" -" File \"/usr/lib/python2.6/site-packages/salt/modules/parted.py\", line 177, in list_\n" -" 'Problem encountered while parsing output from parted')\n" -"CommandExecutionError: Problem encountered while parsing output from parted\n" +"If this occurs, OSAD clients cannot contact the SUSE Manager Server, and " +"jabberd will take an excessive amount of time to respond on port 5222." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/tshoot-osadjabberd.adoc:4 +msgid "" +"This fix is only required if you have more than 8192 clients connected using " +"OSAD. In this case, we recommend you consider using Salt clients instead. " +"For more information about tuning large scale installations, see " +"xref:salt:large-scale.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:43 +#: modules/administration/pages/tshoot-osadjabberd.adoc:5 msgid "" -"This problem can be resolved by manually configuring the size of the " -"partition containing the operating system. When the size is set correctly, " -"formula creation will work as expected." +"You can increase the number of files available to jabber by editing the " +"jabberd local configuration file. By default, the file is located at " +"[path]``/etc/systemd/system/jabberd.service.d/override.conf``." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-saltboot.adoc:45 +#: modules/administration/pages/tshoot-osadjabberd.adoc:6 #, no-wrap -msgid "Procedure: Manually Configuring the Partition Size in the Saltboot Formula" +msgid "Procedure: Adjusting the Maximum File Count" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:49 +#: modules/administration/pages/tshoot-osadjabberd.adoc:7 msgid "" -"In the {productname} {webui}, navigate to menu:Systems[System Groups] and " -"select the ``Hardware Type Group`` that contains the SLE{nbsp}11 SP3 client " -"that is causing the error. In the [guimenu]``Formulas`` tab, navigate to " -"the [guimenu]``Saltboot`` subtab." +"At the command prompt, as root, open the local configuration file for " +"editing:" msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:50 -msgid "" -"Locate the partition that contains the operating system, and in the " -"[guimenu]``Partition Size`` field, type the appropriate size (in MiB)." +#. type: delimited block - +#: modules/administration/pages/tshoot-osadjabberd.adoc:8 +#, no-wrap +msgid "systemctl edit jabberd\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:50 -msgid "Click btn:[Save Formula], and apply the highstate to save your changes." +#: modules/administration/pages/tshoot-osadjabberd.adoc:9 +msgid "Add or edit this section:" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-sync.adoc:2 +#. type: delimited block - +#: modules/administration/pages/tshoot-osadjabberd.adoc:10 #, no-wrap -msgid "Troubleshooting Package Synchronization" +msgid "" +"[Service]\n" +"LimitNOFILE=:\n" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-sync.adoc:25 +#: modules/administration/pages/tshoot-osadjabberd.adoc:11 msgid "" -"{productname} does not automatically trust third party GPG keys. If package " -"synchronization fails, it could be because of an untrusted GPG key. You can " -"find out if this is the case by opening [path]``/var/log/rhn/reposync`` and " -"looking for an error like this:" +"The value you choose will vary depending on your environment. For example, " +"if you have 9500 clients, increase the soft value by 100 to 9600, and the " +"hard value by 1000 to 10500:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-sync.adoc:31 +#: modules/administration/pages/tshoot-osadjabberd.adoc:12 #, no-wrap msgid "" -"['/usr/bin/spacewalk-repo-sync', '--channel', 'sle-12-sp1-ga-desktop-\n" -"nvidia-driver-x86_64', '--type', 'yum', '--non-interactive']\n" -"ChannelException: The GPG key for this repository is not part of the keyring.\n" -"Please run spacewalk-repo-sync in interactive mode to import it.\n" +"[Unit]\n" +"LimitNOFILE=\n" +"LimitNOFILE=9600:10500\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-osadjabberd.adoc:13 +msgid "Save the file and exit the editor." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/tshoot-osadjabberd.adoc:14 +msgid "" +"The default editor for systemctl files is vim. To save the file and exit, " +"press kbd:[Esc] to enter ``normal`` mode, type kbd:[:wq] and press " +"kbd:[Enter]." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-sync.adoc:34 +#: modules/administration/pages/tshoot-osadjabberd.adoc:15 msgid "" -"To resolve the problem, you need to import the GPG key to {productname}. " -"For more on importing GPG keys, see xref:administration:repo-metadata.adoc[]." +"Ensure you also update the `max_fds` parameter in " +"[path]``/etc/jabberd/c2s.xml``. For example: `10500`" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-taskomatic.adoc:2 -#, no-wrap -msgid "Troubleshooting Taskomatic" +#. type: Plain text +#: modules/administration/pages/tshoot-osadjabberd.adoc:16 +msgid "" +"The soft file limit is the maximum number of open files for a single " +"process. In {productname} the highest consuming process is ``c2s``, which " +"opens a connection per client. 100 additional files are added, here, to " +"accommodate for any non-connection file that ``c2s`` requires to work " +"correctly. The hard limit applies to all processes belonging to jabber, and " +"also accounts for open files from the router, ``c2s`` and ``sm`` processes." msgstr "" +#. Delinking per https://github.com/SUSE/spacewalk/issues/9516 LKB 2019-09-23 +#. == jabberd Database Corruption +# +#. ``SYMPTOMS``: After _a disk is full error_ or a _disk crash event_, the [systemitem]``jabberd`` database may have become corrupted. +#. [systemitem]``jabberd`` may then fail starting Spacewalk services: +# +#. ---- +#. Starting spacewalk services... +#. Initializing jabberd processes... +#. Starting router done +#. Starting sm startproc: exit status of parent of /usr/bin/sm: 2 failed +#. Terminating jabberd processes... +#. ---- +# +#. [path]``/var/log/messages`` shows more details: +# +#. ---- +#. jabberd/sm[31445]: starting up +#. jabberd/sm[31445]: process id is 31445, written to /var/lib/jabberd/pid/sm.pid +#. jabberd/sm[31445]: loading 'db' storage module +#. jabberd/sm[31445]: db: corruption detected! close all jabberd processes and run db_recover +#. jabberd/router[31437]: shutting down +#. ---- +# +#. ``CURE``: Remove the [systemitem]``jabberd`` database and restart. +#. [systemitem]``jabberd`` will automatically re-create the database. +#. Enter at the command prompt: +# +#. ---- +#. spacewalk-service stop +#. rm -rf /var/lib/jabberd/db/* +#. spacewalk-service start +#. ---- +#. ke, 2019-08-08: not sure whether we want this here: +#. An alternative approach would be to test another database, but SUSE Manager does not deliver drivers for this: +# +#. ---- +#. rcosa-dispatcher stop +#. rcjabberd stop +#. cd /var/lib/jabberd/db +#. rm * +#. cp /usr/share/doc/packages/jabberd/db-setup.sqlite . +#. sqlite3 sqlite.db < db-setup.sqlite +#. chown jabber:jabber * +#. rcjabberd start +#. rcosa-dispatcher start +#. ---- +#. Delinking per https://github.com/SUSE/spacewalk/issues/9516 LKB 2019-09-23 +# +#. == Capturing XMPP Network Data for Debugging Purposes +# +# +#. If you are experiencing bugs regarding OSAD, it can be useful to dump network messages to help with debugging. +#. The following procedures provide information on capturing data from both the client and server side. +# +#. .Procedure: Server Side Capture +#. . Install the [package]#tcpdump# package on the server as root: +#. + +# +#. ---- +#. zypper in tcpdump +#. ---- +#. . Stop the OSA dispatcher and Jabber processes: +#. + +# +#. ---- +#. rcosa-dispatcher stop +#. rcjabberd stop +#. ---- +#. . Start data capture on port 5222: +#. + +# +#. ---- +#. tcpdump -s 0 port 5222 -w server_dump.pcap +#. ---- +#. . Open a second terminal and start the OSA dispatcher and Jabber processes: +#. + +# +#. ---- +#. rcosa-dispatcher start +#. rcjabberd start +#. ---- +#. . Operate the server and clients so the bug you formerly experienced is reproduced. +#. . When you have finished your capture re-open the first terminal and stop the data capture with kbd:[CTRL+c]. +# +#. .Procedure: Client Side Capture +#. . Install the tcpdump package on your client as root: +#. + +# +#. ---- +#. zypper in tcpdump +#. ---- +#. . Stop the OSA process: +#. + +# +#. ---- +#. rcosad stop +#. ---- +#. . Begin data capture on port 5222: +#. + # +#. ---- +#. tcpdump -s 0 port 5222 -w client_client_dump.pcap +#. ---- +#. . Open a second terminal and start the OSA process: +#. + # +#. ---- +#. rcosad start +#. ---- +#. . Operate the server and clients so the bug you formerly experienced is reproduced. +#. . When you have finished your capture re-open the first terminal and stop the data capture with kbd:[CTRL+c]. # +#. type: Title = +#: modules/administration/pages/tshoot-sync.adoc:1 +#, no-wrap +msgid "Troubleshooting Synchronization" +msgstr "" + #. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +# #. Troubleshooting format: +# #. One sentence each: #. Cause: What created the problem? #. Consequence: What does the user see when this happens? #. Fix: What can the user do to fix this problem? #. Result: What happens after the user has completed the fix? +# #. If more detailed instructions are required, put them in a "Resolving" procedure: #. .Procedure: Resolving Widget Wobbles #. . First step #. . Another step #. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:23 -msgid "" -"Repository metadata regeneration is a relatively intensive process, so " -"Taskomatic can take several minutes to complete. Additionally, if " -"Taskomatic crashes, repository metadata regeneration can be interrupted." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:26 +#: modules/administration/pages/tshoot-sync.adoc:2 msgid "" -"If Taskomatic is still running, or if the process has crashed, package " -"updates can seem available in the {webui}, but will not appear on the " -"client, and attempts to update the client will fail. In this case, the " -"[command]``zypper ref`` command will show an error like this:" +"Synchronization can fail for a number of reasons. To get more information " +"about a connection problem, run this command:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:29 -#, no-wrap -msgid "Valid metadata not found at specified URL\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:33 -msgid "" -"To correct this, determine if Taskomatic is still in the process of " -"generating repository metadata, or if a crash could have occurred. Wait for " -"metadata regeneration to complete or restart Taskomatic after a crash in " -"order for client updates to be carried out correctly." -msgstr "" - -#. type: Block title -#: modules/administration/pages/tshoot-taskomatic.adoc:36 +#: modules/administration/pages/tshoot-sync.adoc:3 #, no-wrap -msgid "Procedure: Resolving Taskomatic Problems" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:39 msgid "" -"On the {productname} Server, check the [path]``/var/log/rhn/" -"rhn_taskomatic_daemon.log`` file to determine if any metadata regeneration " -"processes are still running, or if a crash occurred." +"export URLGRABBER_DEBUG=DEBUG\n" +"spacewalk-repo-sync -c > " +"/var/log/spacewalk-repo-sync-$(date +%F-%R).log 2>&1\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:40 -msgid "Restart taskomatic:" +#: modules/administration/pages/tshoot-sync.adoc:4 +msgid "You can also check logs created by Zypper at [path]``/var/log/zypper.log``" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:43 +#. type: Labeled list +#: modules/administration/pages/tshoot-sync.adoc:5 #, no-wrap -msgid "service taskomatic restart\n" +msgid "GPG Key Mismatch" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:47 +#: modules/administration/pages/tshoot-sync.adoc:6 msgid "" -"In the Taskomatic log files, you can identify the section related to " -"metadata regeneration by looking for opening and closing lines that look " -"like this:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:50 -#, no-wrap -msgid " ,174 [Thread-584] INFO com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Generating new repository metadata for channel 'cloned-2018-q1-sles12-sp3-updates-x86_64'(sha256) 550 packages, 140 errata\n" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:52 -#, no-wrap -msgid "...\n" +"{productname} does not automatically trust third party GPG keys. If package " +"synchronization fails, it could be because of an untrusted GPG key. You can " +"find out if this is the case by opening [path]``/var/log/rhn/reposync`` and " +"looking for an error like this:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:54 -#, no-wrap -msgid " ,704 [Thread-584] INFO com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Repository metadata generation for 'cloned-2018-q1-sles12-sp3-updates-x86_64' finished in 4 seconds\n" -msgstr "" - -#. type: Title = -#: modules/administration/pages/tuning-changelogs.adoc:2 +#: modules/administration/pages/tshoot-sync.adoc:7 #, no-wrap -msgid "Tuning Changelogs" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:7 msgid "" -"Some packages have a long list of changelog entries. This data is " -"downloaded by default, but it is not always useful information to keep. In " -"order to limit the amount of changelog metadata which is downloaded and to " -"save disk space, you can put a limit on how many entries to keep on disk." +"['/usr/bin/spacewalk-repo-sync', '--channel', 'sle-12-sp1-ga-desktop-\n" +"nvidia-driver-x86_64', '--type', 'yum', '--non-interactive']\n" +"RepoMDError: Cannot access repository. Maybe repository GPG keys are not " +"imported\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:10 +#: modules/administration/pages/tshoot-sync.adoc:8 msgid "" -"This configuration option is in the [filename]``/etc/rhn/rhn.conf`` " -"configuration file. The parameter defaults to [systemitem]``0``, which " -"means unlimited." +"To resolve the problem, you need to import the GPG key to {productname}. " +"For more on importing GPG keys, see " +"xref:administration:repo-metadata.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tuning-changelogs.adoc:13 +#. type: Labeled list +#: modules/administration/pages/tshoot-sync.adoc:9 #, no-wrap -msgid "java.max_changelog_entries = 0\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:16 -msgid "" -"If you set this parameter, it will come into effect only for new packages " -"when they are synchronized." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:18 -msgid "" -"After changing this parameter, restart services with ``spacewalk-service " -"restart``." +msgid "Checksum Mismatch" msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:20 +#: modules/administration/pages/tshoot-sync.adoc:10 msgid "" -"You might like to delete and regenerate the cached data to remove older data." +"If a checksum has failed, you might see an error like this in the " +"[path]``/var/log/rhn/reposync/*.log`` log file:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/tuning-changelogs.adoc:26 +#. type: delimited block - +#: modules/administration/pages/tshoot-sync.adoc:11 +#, no-wrap msgid "" -"Deleting and regenerating cached data can take a long time. Depending on " -"the number of channels you have and the amount of data to be deleted, it can " -"potentially take several hours. The task is run in the background by " -"Taskomatic, so you can continue to use {productname} while the operation " -"completes, however you should expect some performance loss." +"Repo Sync Errors: (50, u'checksums did not match\n" +"326a904c2fbd7a0e20033c87fc84ebba6b24d937 vs\n" +"afd8c60d7908b2b0e2d95ad0b333920aea9892eb', 'Invalid information uploaded\n" +"to the server')\n" +"The package microcode_ctl-1.17-102.57.62.1.x86_64 which is referenced by\n" +"patch microcode_ctl-8413 was not found in the database. This patch has\n" +"been skipped.\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:29 +#: modules/administration/pages/tshoot-sync.adoc:12 msgid "" -"You can delete and request a regeneration of cached data from the command " -"line:" +"You can resolve this error by running the synchronization from the command " +"prompt with the [command]``-Y`` option:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tuning-changelogs.adoc:32 +#: modules/administration/pages/tshoot-sync.adoc:13 #, no-wrap -msgid "spacewalk-sql -i\n" +msgid "spacewalk-repo-sync --channel -Y\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:34 -msgid "Then on the SQL database prompt, enter:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tuning-changelogs.adoc:43 -#, no-wrap +#: modules/administration/pages/tshoot-sync.adoc:14 msgid "" -"DELETE FROM rhnPackageRepodata;\n" -"INSERT INTO rhnRepoRegenQueue (id, CHANNEL_LABEL, REASON, FORCE)\n" -"(SELECT sequence_nextval('rhn_repo_regen_queue_id_seq'),\n" -" C.label,\n" -" 'cached data regeneration',\n" -" 'Y'\n" -" FROM rhnChannel C);\n" -"\\q\n" +"This option verifies the repository data before the synchronization, rather " +"than relying on locally cached checksums." msgstr "" #. type: Title = -#: modules/administration/pages/users.adoc:2 +#: modules/administration/pages/users.adoc:1 #, no-wrap msgid "Users" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:6 +#: modules/administration/pages/users.adoc:2 msgid "" "{productname} Administrators can add new users, grant permissions, and " "deactivate or delete users. If you are managing a large number of users, " -"you can assign users to system groups to manage permissions at a group level." +"you can assign users to system groups to manage permissions at a group " +"level." msgstr "" #. type: delimited block = -#: modules/administration/pages/users.adoc:11 +#: modules/administration/pages/users.adoc:3 msgid "" "The [guimenu]``Users`` menu is only available if you are logged in with a " "{productname} administrator account." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:18 +#: modules/administration/pages/users.adoc:4 msgid "" "To manage {productname} users, navigate to menu:Users[User List > All] to " "see all users in your {productname} Server. Each user in the list shows the " @@ -13674,14 +15149,14 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:20 +#: modules/administration/pages/users.adoc:5 msgid "" "To add new users to your organization, click btn:[Create User], complete the " "details for the new user, and click btn:[Create Login]." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:24 +#: modules/administration/pages/users.adoc:6 msgid "" "You can deactivate or delete user accounts if they are no longer required. " "Deactivated user accounts can be reactivated at any time. Deleted user " @@ -13689,7 +15164,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:27 +#: modules/administration/pages/users.adoc:7 msgid "" "Users can deactivate their own accounts. However, if users have an " "administrator role, the role must be removed before the account can be " @@ -13697,7 +15172,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:31 +#: modules/administration/pages/users.adoc:8 msgid "" "Deactivated users cannot log in to the {productname} {webui} or schedule any " "actions. Actions scheduled by a user prior to their deactivation remain in " @@ -13706,7 +15181,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:34 +#: modules/administration/pages/users.adoc:9 msgid "" "Users can hold multiple administrator roles, and there can be more than one " "user holding any administrator role at any time. There must always be at " @@ -13714,41 +15189,46 @@ msgid "" msgstr "" #. type: Block title -#: modules/administration/pages/users.adoc:37 +#: modules/administration/pages/users.adoc:10 #, no-wrap msgid "User Administrator Role Permissions" msgstr "" #. type: Table -#: modules/administration/pages/users.adoc:48 +#: modules/administration/pages/users.adoc:11 #, no-wrap msgid "" "| Role Name | Description\n" "| System Group User | Standard role associated with all users.\n" -"| {productname} Administrator | Can perform all functions, including changing privileges of other users.\n" -"| Organization Administrator | Manages activation keys, configurations, channels, and system groups.\n" +"| {productname} Administrator | Can perform all functions, including " +"changing privileges of other users.\n" +"| Organization Administrator | Manages activation keys, configurations, " +"channels, and system groups.\n" "| Activation Key Administrator | Manages activation keys.\n" "| Image Administrator | Manages image profiles, builds, and stores.\n" "| Configuration Administrator | Manages system configuration.\n" -"| Channel Administrator | Manages software channels, including making channels globally subscribable, and creating new channels.\n" -"| System Group Administrator | Manages systems groups, including creating and deleting system groups, adding clients to existing groups, and managing user access to groups.\n" +"| Channel Administrator | Manages software channels, including making " +"channels globally subscribable, and creating new channels.\n" +"| System Group Administrator | Manages systems groups, including creating " +"and deleting system groups, adding clients to existing groups, and managing " +"user access to groups.\n" msgstr "" #. type: Title == -#: modules/administration/pages/users.adoc:52 +#: modules/administration/pages/users.adoc:12 #, no-wrap msgid "User Permissions and Systems" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:55 +#: modules/administration/pages/users.adoc:13 msgid "" "If you have created system groups to manage your clients, you can assign " "groups to users for them to manage." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:58 +#: modules/administration/pages/users.adoc:14 msgid "" "To assign a user to a system group, navigate to menu:Users[User List], click " "the username to edit, and go to the [guimenu]``System Groups`` tab. Check " @@ -13756,7 +15236,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:62 +#: modules/administration/pages/users.adoc:15 msgid "" "You can also select one or more default system groups for a user. When the " "user registers a new client, it is assigned to the chosen system group by " @@ -13766,7 +15246,7 @@ msgstr "" #. I really don't understand what this is. Need a sentence or two to explain it. --LKB 2020-04-29 #. type: Plain text -#: modules/administration/pages/users.adoc:67 +#: modules/administration/pages/users.adoc:16 msgid "" "To manage external groups, navigate to menu:Users[System Group " "Configuration], and go to the [guimenu]``External Authentication`` tab. " @@ -13775,36 +15255,36 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:69 +#: modules/administration/pages/users.adoc:17 msgid "" -"For more information about system groups, see xref:reference:systems/system-" -"groups.adoc[]." +"For more information about system groups, see " +"xref:reference:systems/system-groups.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:73 +#: modules/administration/pages/users.adoc:18 msgid "" -"To see the individual clients a user can administer, navigate to menu:" -"Users[User List], click the username to edit, and go to the " +"To see the individual clients a user can administer, navigate to " +"menu:Users[User List], click the username to edit, and go to the " "[guimenu]``Systems`` tab. To carry out bulk tasks, you can select clients " "from the list to add them to the system set manager." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:75 +#: modules/administration/pages/users.adoc:19 msgid "" -"For more information about the system set manager, see xref:client-" -"configuration:using-ssm.adoc[]." +"For more information about the system set manager, see " +"xref:client-configuration:system-set-manager.adoc[]." msgstr "" #. type: Title == -#: modules/administration/pages/users.adoc:78 +#: modules/administration/pages/users.adoc:20 #, no-wrap msgid "Users and Channel Permissions" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:81 +#: modules/administration/pages/users.adoc:21 msgid "" "You can assign users to software channels within your organization either as " "a subscriber that consumes content from channels, or as an administrator, " @@ -13812,7 +15292,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:84 +#: modules/administration/pages/users.adoc:22 msgid "" "To subscribe a user to a channel, navigate to menu:Users[User List], click " "the username to edit, and go to the menu:Channel Permissions[Subscription] " @@ -13820,295 +15300,401 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:87 +#: modules/administration/pages/users.adoc:23 msgid "" "To grant a user channel management permissions, navigate to menu:Users[User " "List], click the username to edit, and go to the menu:Channel " -"Permissions[Management] tab. Check the channels to assign, and click btn:" -"``Update Permissions``." +"Permissions[Management] tab. Check the channels to assign, and click " +"btn:``Update Permissions``." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:89 +#: modules/administration/pages/users.adoc:24 msgid "" "Some channels in the list might not be subscribable. This is usually " "because of the users administrator status, or the channels global settings." msgstr "" +#. type: Title == +#: modules/administration/pages/users.adoc:25 +#, no-wrap +msgid "User Language" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/users.adoc:26 +msgid "" +"When you create a new user, you can choose which language to use for the " +"{webui}. After a user has been created, you can change the language by " +"navigating to menu:Home[My Preferences]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/users.adoc:27 +msgid "" +"The default language is set in the ``rhn.conf`` configuration file. To " +"change the default language, open the [path]``/etc/rhn/rhn.conf`` file and " +"add or edit this line:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/users.adoc:28 +#, no-wrap +msgid "web.locale = \n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/users.adoc:29 +msgid "If the parameter is not set, the default language is ``en_US``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/users.adoc:30 +msgid "These languages are available in {productname}:" +msgstr "" + +#. type: Block title +#: modules/administration/pages/users.adoc:31 +#: modules/administration/pages/users.adoc:33 +#, no-wrap +msgid "Available Language Codes" +msgstr "" + +#. type: Table +#: modules/administration/pages/users.adoc:32 +#, no-wrap +msgid "" +"| Language code | Language | Dialect\n" +"| ``en_US`` | English | United States\n" +"| ``zh_CN`` | Chinese | Mainland, Simplified\n" +msgstr "" + +#. type: Table +#: modules/administration/pages/users.adoc:34 +#, no-wrap +msgid "" +"| Language code | Language | Dialect\n" +"| ``bn_IN`` | Bangla | India\n" +"| ``ca`` | Catalan |\n" +"| ``de`` | German |\n" +"| ``en_US`` | English | United States\n" +"| ``es`` | Spanish |\n" +"| ``fr`` | French |\n" +"| ``gu`` | Gujarati |\n" +"| ``hi`` | Hindi |\n" +"| ``it`` | Italian |\n" +"| ``ja`` | Japanese |\n" +"| ``ko`` | Korean |\n" +"| ``pa`` | Punjabi |\n" +"| ``pt`` | Portuguese |\n" +"| ``pt_BR`` | Portuguese | Brazil\n" +"| ``ru`` | Russian |\n" +"| ``ta`` | Tamil |\n" +"| ``zh_CN`` | Chinese | Mainland, Simplified\n" +"| ``zh_TW`` | Chinese | Taiwan, Traditional\n" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/users.adoc:35 +msgid "" +"Translations in {uyuni} are provided by the community, and could be " +"incorrect or incomplete. Where a translation is not available, the {webui} " +"will default to English (``en_US``)." +msgstr "" + #. type: Title = -#: modules/administration/nav-administration-guide.adoc:4 +#: modules/administration/nav-administration-guide.adoc:1 #, no-wrap msgid "Administration Guide: {productname} {productnumber}" msgstr "" #. Image Management #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:11 +#: modules/administration/nav-administration-guide.adoc:2 msgid "xref:admin-overview.adoc[Administration Guide Overview]" msgstr "" #. Channel Management #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:13 +#: modules/administration/nav-administration-guide.adoc:3 msgid "xref:image-management.adoc[Image Management]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:14 +#: modules/administration/nav-administration-guide.adoc:4 msgid "xref:channel-management.adoc[Channel Management]" msgstr "" #. Subscription Matching #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:16 +#: modules/administration/nav-administration-guide.adoc:5 msgid "xref:custom-channels.adoc[Custom Channels]" msgstr "" #. Live Patching #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:18 +#: modules/administration/nav-administration-guide.adoc:6 msgid "xref:subscription-matching.adoc[Subscription Matching]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:19 +#: modules/administration/nav-administration-guide.adoc:7 msgid "xref:live-patching.adoc[Live Patching]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:20 +#: modules/administration/nav-administration-guide.adoc:8 msgid "xref:live-patching-channel-setup.adoc[Channel Setup for Live Patching]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:21 +#: modules/administration/nav-administration-guide.adoc:9 msgid "xref:live-patching-sles15.adoc[Live Patching on SLES 15]" msgstr "" #. Monitoring #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:23 +#: modules/administration/nav-administration-guide.adoc:10 msgid "xref:live-patching-sles12.adoc[Live Patching on SLES 12]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:24 +#: modules/administration/nav-administration-guide.adoc:11 msgid "xref:monitoring.adoc[Monitoring]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:25 +#: modules/administration/nav-administration-guide.adoc:12 msgid "xref:organizations.adoc[Organizations]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:26 +#: modules/administration/nav-administration-guide.adoc:13 msgid "xref:content-staging.adoc[Content Staging]" msgstr "" #. Content Lifecycle #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:28 +#: modules/administration/nav-administration-guide.adoc:14 msgid "xref:disconnected-setup.adoc[Disconnected Setup]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:29 +#: modules/administration/nav-administration-guide.adoc:15 msgid "xref:content-lifecycle.adoc[Content Lifecycle Management]" msgstr "" #. Authentication Methods #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:31 -msgid "" -"xref:content-lifecycle-examples.adoc[Content Lifecycle Management Examples]" +#: modules/administration/nav-administration-guide.adoc:16 +msgid "xref:content-lifecycle-examples.adoc[Content Lifecycle Management Examples]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:32 +#: modules/administration/nav-administration-guide.adoc:17 msgid "xref:auth-methods.adoc[Authentication Methods]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:33 +#: modules/administration/nav-administration-guide.adoc:18 msgid "xref:auth-methods-sso.adoc[Authentication With SSO]" msgstr "" #. SSL Certificates #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:35 +#: modules/administration/nav-administration-guide.adoc:19 msgid "xref:auth-methods-pam.adoc[Authentication With PAM]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:36 +#: modules/administration/nav-administration-guide.adoc:20 msgid "xref:ssl-certs.adoc[SSL Certificates]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:37 +#: modules/administration/nav-administration-guide.adoc:21 msgid "xref:ssl-certs-selfsigned.adoc[Self-Signed SSL Certificates]" msgstr "" #. ISS #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:39 +#: modules/administration/nav-administration-guide.adoc:22 msgid "xref:ssl-certs-imported.adoc[Imported SSL Certificates]" msgstr "" #. Tasks, Actions, & Maintenance Windows #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:41 +#: modules/administration/nav-administration-guide.adoc:23 msgid "xref:iss.adoc[Inter-Server Synchronization]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:42 +#: modules/administration/nav-administration-guide.adoc:24 msgid "xref:actions.adoc[Actions]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:43 +#: modules/administration/nav-administration-guide.adoc:25 msgid "xref:task-schedules.adoc[Task Schedules]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:44 +#: modules/administration/nav-administration-guide.adoc:26 +msgid "xref:crash-reporting.adoc[Crash Reporting]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:27 msgid "xref:maintenance-windows.adoc[Maintenance Windows]" msgstr "" -#. Backing up +#. Users #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:46 +#: modules/administration/nav-administration-guide.adoc:28 msgid "xref:maintenance-window-tasks.adoc[Maintenance Window Tasks]" msgstr "" +#. Backing up #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:47 +#: modules/administration/nav-administration-guide.adoc:29 +msgid "xref:users.adoc[Users]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:30 msgid "xref:backup-restore.adoc[Backing Up and Restoring]" msgstr "" #. mgr-sync #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:49 +#: modules/administration/nav-administration-guide.adoc:31 msgid "xref:space-management.adoc[Managing Disk Space]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:50 +#: modules/administration/nav-administration-guide.adoc:32 msgid "xref:mgr-sync.adoc[Using mgr-sync]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:51 +#: modules/administration/nav-administration-guide.adoc:33 msgid "Security" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:52 +#: modules/administration/nav-administration-guide.adoc:34 msgid "xref:master-fingerprint.adoc[Master Fingerprint]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:53 +#: modules/administration/nav-administration-guide.adoc:35 msgid "xref:repo-metadata.adoc[Repository Metadata]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:54 +#: modules/administration/nav-administration-guide.adoc:36 msgid "xref:mirror-sources.adoc[Mirror Sources]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:55 +#: modules/administration/nav-administration-guide.adoc:37 msgid "xref:openscap.adoc[OpenSCAP]" msgstr "" #. Spacewalk Reports #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:57 +#: modules/administration/nav-administration-guide.adoc:38 msgid "xref:auditing.adoc[Auditing Packages]" msgstr "" #. Tuning #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:59 +#: modules/administration/nav-administration-guide.adoc:39 msgid "xref:reports.adoc[Generate Reports]" msgstr "" #. Troubleshooting #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:61 +#: modules/administration/nav-administration-guide.adoc:40 msgid "xref:tuning-changelogs.adoc[Tuning Changelogs]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:62 +#: modules/administration/nav-administration-guide.adoc:41 msgid "xref:tshoot-intro.adoc[Troubleshooting]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:63 +#: modules/administration/nav-administration-guide.adoc:42 msgid "xref:tshoot-corruptrepo.adoc[Troubleshooting Corrupt Repositories]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:64 +#: modules/administration/nav-administration-guide.adoc:43 msgid "xref:tshoot-diskspace.adoc[Troubleshooting Disk Space]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:65 +#: modules/administration/nav-administration-guide.adoc:44 +msgid "xref:tshoot-firewalls.adoc[Troubleshooting Firewalls]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:45 +msgid "xref:tshoot-inactiveclients.adoc[Troubleshooting Inactive Clients]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:46 msgid "xref:tshoot-localcert.adoc[Troubleshooting Local Certificates]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:66 +#: modules/administration/nav-administration-guide.adoc:47 msgid "xref:tshoot-logintimeout.adoc[Troubleshooting Login Timeout]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:67 +#: modules/administration/nav-administration-guide.adoc:48 msgid "xref:tshoot-notifications.adoc[Troubleshooting Notifications]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:68 +#: modules/administration/nav-administration-guide.adoc:49 msgid "xref:tshoot-osadjabberd.adoc[Troubleshooting OSAD and jabberd]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:69 +#: modules/administration/nav-administration-guide.adoc:50 msgid "xref:tshoot-packages.adoc[Troubleshooting Packages]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:70 -msgid "" -"xref:tshoot-registerclones.adoc[Troubleshooting Registering Cloned Clients]" +#: modules/administration/nav-administration-guide.adoc:51 +msgid "xref:tshoot-registerclones.adoc[Troubleshooting Registering Cloned Clients]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:71 +#: modules/administration/nav-administration-guide.adoc:52 msgid "xref:tshoot-hostname-rename.adoc[Troubleshooting Renaming the Server]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:72 +#: modules/administration/nav-administration-guide.adoc:53 msgid "xref:tshoot-rpctimeout.adoc[Troubleshooting RPC Timeouts]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:73 +#: modules/administration/nav-administration-guide.adoc:54 msgid "xref:tshoot-saltboot.adoc[Troubleshooting Saltboot]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:74 -msgid "xref:tshoot-sync.adoc[Troubleshooting Product Synchronization]" +#: modules/administration/nav-administration-guide.adoc:55 +msgid "xref:tshoot-sync.adoc[Troubleshooting Synchronization]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:75 +#: modules/administration/nav-administration-guide.adoc:56 msgid "xref:tshoot-taskomatic.adoc[Troubleshooting Taskomatic]" msgstr "" diff --git a/l10n/po/es/administration/assets/images/admin_list_organizations.png b/l10n-weblate/administration/assets-cs/images/admin_list_organizations.png similarity index 100% rename from l10n/po/es/administration/assets/images/admin_list_organizations.png rename to l10n-weblate/administration/assets-cs/images/admin_list_organizations.png diff --git a/l10n/po/es/administration/assets/images/admin_organization_configuration.png b/l10n-weblate/administration/assets-cs/images/admin_organization_configuration.png similarity index 100% rename from l10n/po/es/administration/assets/images/admin_organization_configuration.png rename to l10n-weblate/administration/assets-cs/images/admin_organization_configuration.png diff --git a/l10n/po/es/administration/assets/images/admin_organization_details.png b/l10n-weblate/administration/assets-cs/images/admin_organization_details.png similarity index 100% rename from l10n/po/es/administration/assets/images/admin_organization_details.png rename to l10n-weblate/administration/assets-cs/images/admin_organization_details.png diff --git a/l10n/po/es/administration/assets/images/admin_organization_states.png b/l10n-weblate/administration/assets-cs/images/admin_organization_states.png similarity index 100% rename from l10n/po/es/administration/assets/images/admin_organization_states.png rename to l10n-weblate/administration/assets-cs/images/admin_organization_states.png diff --git a/l10n/po/es/administration/assets/images/admin_organization_trusts.png b/l10n-weblate/administration/assets-cs/images/admin_organization_trusts.png similarity index 100% rename from l10n/po/es/administration/assets/images/admin_organization_trusts.png rename to l10n-weblate/administration/assets-cs/images/admin_organization_trusts.png diff --git a/l10n/po/es/administration/assets/images/admin_organization_users.png b/l10n-weblate/administration/assets-cs/images/admin_organization_users.png similarity index 100% rename from l10n/po/es/administration/assets/images/admin_organization_users.png rename to l10n-weblate/administration/assets-cs/images/admin_organization_users.png diff --git a/l10n/po/es/administration/assets/images/admin_task_schedules.png b/l10n-weblate/administration/assets-cs/images/admin_task_schedules.png similarity index 100% rename from l10n/po/es/administration/assets/images/admin_task_schedules.png rename to l10n-weblate/administration/assets-cs/images/admin_task_schedules.png diff --git a/l10n/po/es/administration/assets/images/deploy_cert_salt.png b/l10n-weblate/administration/assets-cs/images/deploy_cert_salt.png similarity index 100% rename from l10n/po/es/administration/assets/images/deploy_cert_salt.png rename to l10n-weblate/administration/assets-cs/images/deploy_cert_salt.png diff --git a/l10n/po/es/administration/assets/images/enable_live_patching_apply_highstate.png b/l10n-weblate/administration/assets-cs/images/enable_live_patching_apply_highstate.png similarity index 100% rename from l10n/po/es/administration/assets/images/enable_live_patching_apply_highstate.png rename to l10n-weblate/administration/assets-cs/images/enable_live_patching_apply_highstate.png diff --git a/l10n/po/es/administration/assets/images/enable_live_patching_channels.png b/l10n-weblate/administration/assets-cs/images/enable_live_patching_channels.png similarity index 100% rename from l10n/po/es/administration/assets/images/enable_live_patching_channels.png rename to l10n-weblate/administration/assets-cs/images/enable_live_patching_channels.png diff --git a/l10n/po/es/administration/assets/images/enable_live_patching_kernel_live_install.png b/l10n-weblate/administration/assets-cs/images/enable_live_patching_kernel_live_install.png similarity index 100% rename from l10n/po/es/administration/assets/images/enable_live_patching_kernel_live_install.png rename to l10n-weblate/administration/assets-cs/images/enable_live_patching_kernel_live_install.png diff --git a/l10n/po/es/administration/assets/images/enable_live_patching_kgraft_install.png b/l10n-weblate/administration/assets-cs/images/enable_live_patching_kgraft_install.png similarity index 100% rename from l10n/po/es/administration/assets/images/enable_live_patching_kgraft_install.png rename to l10n-weblate/administration/assets-cs/images/enable_live_patching_kgraft_install.png diff --git a/l10n/po/es/administration/assets/images/enable_live_patching_successful.png b/l10n-weblate/administration/assets-cs/images/enable_live_patching_successful.png similarity index 100% rename from l10n/po/es/administration/assets/images/enable_live_patching_successful.png rename to l10n-weblate/administration/assets-cs/images/enable_live_patching_successful.png diff --git a/l10n/po/es/administration/assets/images/image-building.png b/l10n-weblate/administration/assets-cs/images/image-building.png similarity index 100% rename from l10n/po/es/administration/assets/images/image-building.png rename to l10n-weblate/administration/assets-cs/images/image-building.png diff --git a/l10n/po/es/administration/assets/images/images_image_build.png b/l10n-weblate/administration/assets-cs/images/images_image_build.png similarity index 100% rename from l10n/po/es/administration/assets/images/images_image_build.png rename to l10n-weblate/administration/assets-cs/images/images_image_build.png diff --git a/l10n/po/es/administration/assets/images/images_image_create_profile.png b/l10n-weblate/administration/assets-cs/images/images_image_create_profile.png similarity index 100% rename from l10n/po/es/administration/assets/images/images_image_create_profile.png rename to l10n-weblate/administration/assets-cs/images/images_image_create_profile.png diff --git a/l10n/po/es/administration/assets/images/images_image_create_profile_kiwi.png b/l10n-weblate/administration/assets-cs/images/images_image_create_profile_kiwi.png similarity index 100% rename from l10n/po/es/administration/assets/images/images_image_create_profile_kiwi.png rename to l10n-weblate/administration/assets-cs/images/images_image_create_profile_kiwi.png diff --git a/l10n/po/es/administration/assets/images/images_image_profiles.png b/l10n-weblate/administration/assets-cs/images/images_image_profiles.png similarity index 100% rename from l10n/po/es/administration/assets/images/images_image_profiles.png rename to l10n-weblate/administration/assets-cs/images/images_image_profiles.png diff --git a/l10n/po/es/administration/assets/images/images_image_stores.png b/l10n-weblate/administration/assets-cs/images/images_image_stores.png similarity index 100% rename from l10n/po/es/administration/assets/images/images_image_stores.png rename to l10n-weblate/administration/assets-cs/images/images_image_stores.png diff --git a/l10n/po/es/administration/assets/images/images_image_stores_create.png b/l10n-weblate/administration/assets-cs/images/images_image_stores_create.png similarity index 100% rename from l10n/po/es/administration/assets/images/images_image_stores_create.png rename to l10n-weblate/administration/assets-cs/images/images_image_stores_create.png diff --git a/l10n/po/es/administration/assets/images/images_list_images.png b/l10n-weblate/administration/assets-cs/images/images_list_images.png similarity index 100% rename from l10n/po/es/administration/assets/images/images_list_images.png rename to l10n-weblate/administration/assets-cs/images/images_list_images.png diff --git a/l10n/po/es/administration/assets/images/live_patching_criticalupdates.png b/l10n-weblate/administration/assets-cs/images/live_patching_criticalupdates.png similarity index 100% rename from l10n/po/es/administration/assets/images/live_patching_criticalupdates.png rename to l10n-weblate/administration/assets-cs/images/live_patching_criticalupdates.png diff --git a/l10n/po/es/administration/assets/images/maint_windows_multi.png b/l10n-weblate/administration/assets-cs/images/maint_windows_multi.png similarity index 100% rename from l10n/po/es/administration/assets/images/maint_windows_multi.png rename to l10n-weblate/administration/assets-cs/images/maint_windows_multi.png diff --git a/l10n/po/es/administration/assets/images/monitoring_configure_formula.png b/l10n-weblate/administration/assets-cs/images/monitoring_configure_formula.png similarity index 100% rename from l10n/po/es/administration/assets/images/monitoring_configure_formula.png rename to l10n-weblate/administration/assets-cs/images/monitoring_configure_formula.png diff --git a/l10n/po/es/administration/assets/images/monitoring_enable_services.png b/l10n-weblate/administration/assets-cs/images/monitoring_enable_services.png similarity index 100% rename from l10n/po/es/administration/assets/images/monitoring_enable_services.png rename to l10n-weblate/administration/assets-cs/images/monitoring_enable_services.png diff --git a/l10n/po/es/administration/assets/images/monitoring_grafana_example.png b/l10n-weblate/administration/assets-cs/images/monitoring_grafana_example.png similarity index 100% rename from l10n/po/es/administration/assets/images/monitoring_grafana_example.png rename to l10n-weblate/administration/assets-cs/images/monitoring_grafana_example.png diff --git a/l10n/po/es/administration/assets/images/os-image-build-host.png b/l10n-weblate/administration/assets-cs/images/os-image-build-host.png similarity index 100% rename from l10n/po/es/administration/assets/images/os-image-build-host.png rename to l10n-weblate/administration/assets-cs/images/os-image-build-host.png diff --git a/l10n/po/es/administration/assets/images/systems_create_activation_key.png b/l10n-weblate/administration/assets-cs/images/systems_create_activation_key.png similarity index 100% rename from l10n/po/es/administration/assets/images/systems_create_activation_key.png rename to l10n-weblate/administration/assets-cs/images/systems_create_activation_key.png diff --git a/l10n/po/es/administration/assets/images/systems_virtual_host_managers_vmware.png b/l10n-weblate/administration/assets-cs/images/systems_virtual_host_managers_vmware.png similarity index 100% rename from l10n/po/es/administration/assets/images/systems_virtual_host_managers_vmware.png rename to l10n-weblate/administration/assets-cs/images/systems_virtual_host_managers_vmware.png diff --git a/l10n/po/zh_CN/administration/assets/images/admin_list_organizations.png b/l10n-weblate/administration/assets-es/images/admin_list_organizations.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/admin_list_organizations.png rename to l10n-weblate/administration/assets-es/images/admin_list_organizations.png diff --git a/l10n/po/zh_CN/administration/assets/images/admin_organization_configuration.png b/l10n-weblate/administration/assets-es/images/admin_organization_configuration.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/admin_organization_configuration.png rename to l10n-weblate/administration/assets-es/images/admin_organization_configuration.png diff --git a/l10n/po/zh_CN/administration/assets/images/admin_organization_details.png b/l10n-weblate/administration/assets-es/images/admin_organization_details.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/admin_organization_details.png rename to l10n-weblate/administration/assets-es/images/admin_organization_details.png diff --git a/l10n/po/zh_CN/administration/assets/images/admin_organization_states.png b/l10n-weblate/administration/assets-es/images/admin_organization_states.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/admin_organization_states.png rename to l10n-weblate/administration/assets-es/images/admin_organization_states.png diff --git a/l10n/po/zh_CN/administration/assets/images/admin_organization_trusts.png b/l10n-weblate/administration/assets-es/images/admin_organization_trusts.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/admin_organization_trusts.png rename to l10n-weblate/administration/assets-es/images/admin_organization_trusts.png diff --git a/l10n/po/zh_CN/administration/assets/images/admin_organization_users.png b/l10n-weblate/administration/assets-es/images/admin_organization_users.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/admin_organization_users.png rename to l10n-weblate/administration/assets-es/images/admin_organization_users.png diff --git a/l10n/po/zh_CN/administration/assets/images/admin_task_schedules.png b/l10n-weblate/administration/assets-es/images/admin_task_schedules.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/admin_task_schedules.png rename to l10n-weblate/administration/assets-es/images/admin_task_schedules.png diff --git a/l10n/po/zh_CN/administration/assets/images/deploy_cert_salt.png b/l10n-weblate/administration/assets-es/images/deploy_cert_salt.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/deploy_cert_salt.png rename to l10n-weblate/administration/assets-es/images/deploy_cert_salt.png diff --git a/l10n/po/zh_CN/administration/assets/images/enable_live_patching_apply_highstate.png b/l10n-weblate/administration/assets-es/images/enable_live_patching_apply_highstate.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/enable_live_patching_apply_highstate.png rename to l10n-weblate/administration/assets-es/images/enable_live_patching_apply_highstate.png diff --git a/l10n/po/zh_CN/administration/assets/images/enable_live_patching_channels.png b/l10n-weblate/administration/assets-es/images/enable_live_patching_channels.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/enable_live_patching_channels.png rename to l10n-weblate/administration/assets-es/images/enable_live_patching_channels.png diff --git a/l10n/po/zh_CN/administration/assets/images/enable_live_patching_kernel_live_install.png b/l10n-weblate/administration/assets-es/images/enable_live_patching_kernel_live_install.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/enable_live_patching_kernel_live_install.png rename to l10n-weblate/administration/assets-es/images/enable_live_patching_kernel_live_install.png diff --git a/l10n/po/zh_CN/administration/assets/images/enable_live_patching_kgraft_install.png b/l10n-weblate/administration/assets-es/images/enable_live_patching_kgraft_install.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/enable_live_patching_kgraft_install.png rename to l10n-weblate/administration/assets-es/images/enable_live_patching_kgraft_install.png diff --git a/l10n/po/zh_CN/administration/assets/images/enable_live_patching_successful.png b/l10n-weblate/administration/assets-es/images/enable_live_patching_successful.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/enable_live_patching_successful.png rename to l10n-weblate/administration/assets-es/images/enable_live_patching_successful.png diff --git a/l10n/po/zh_CN/administration/assets/images/image-building.png b/l10n-weblate/administration/assets-es/images/image-building.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/image-building.png rename to l10n-weblate/administration/assets-es/images/image-building.png diff --git a/l10n/po/es/reference/assets/images/images_image_build.png b/l10n-weblate/administration/assets-es/images/images_image_build.png similarity index 100% rename from l10n/po/es/reference/assets/images/images_image_build.png rename to l10n-weblate/administration/assets-es/images/images_image_build.png diff --git a/l10n/po/es/reference/assets/images/images_image_create_profile.png b/l10n-weblate/administration/assets-es/images/images_image_create_profile.png similarity index 100% rename from l10n/po/es/reference/assets/images/images_image_create_profile.png rename to l10n-weblate/administration/assets-es/images/images_image_create_profile.png diff --git a/l10n/po/zh_CN/administration/assets/images/images_image_create_profile_kiwi.png b/l10n-weblate/administration/assets-es/images/images_image_create_profile_kiwi.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/images_image_create_profile_kiwi.png rename to l10n-weblate/administration/assets-es/images/images_image_create_profile_kiwi.png diff --git a/l10n/po/zh_CN/administration/assets/images/images_image_profiles.png b/l10n-weblate/administration/assets-es/images/images_image_profiles.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/images_image_profiles.png rename to l10n-weblate/administration/assets-es/images/images_image_profiles.png diff --git a/l10n/po/es/reference/assets/images/images_image_stores.png b/l10n-weblate/administration/assets-es/images/images_image_stores.png similarity index 100% rename from l10n/po/es/reference/assets/images/images_image_stores.png rename to l10n-weblate/administration/assets-es/images/images_image_stores.png diff --git a/l10n/po/zh_CN/administration/assets/images/images_image_stores_create.png b/l10n-weblate/administration/assets-es/images/images_image_stores_create.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/images_image_stores_create.png rename to l10n-weblate/administration/assets-es/images/images_image_stores_create.png diff --git a/l10n/po/es/reference/assets/images/images_list_images.png b/l10n-weblate/administration/assets-es/images/images_list_images.png similarity index 100% rename from l10n/po/es/reference/assets/images/images_list_images.png rename to l10n-weblate/administration/assets-es/images/images_list_images.png diff --git a/l10n/po/zh_CN/administration/assets/images/live_patching_criticalupdates.png b/l10n-weblate/administration/assets-es/images/live_patching_criticalupdates.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/live_patching_criticalupdates.png rename to l10n-weblate/administration/assets-es/images/live_patching_criticalupdates.png diff --git a/l10n/po/zh_CN/administration/assets/images/maint_windows_multi.png b/l10n-weblate/administration/assets-es/images/maint_windows_multi.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/maint_windows_multi.png rename to l10n-weblate/administration/assets-es/images/maint_windows_multi.png diff --git a/l10n/po/zh_CN/administration/assets/images/monitoring_configure_formula.png b/l10n-weblate/administration/assets-es/images/monitoring_configure_formula.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/monitoring_configure_formula.png rename to l10n-weblate/administration/assets-es/images/monitoring_configure_formula.png diff --git a/l10n/po/zh_CN/administration/assets/images/monitoring_enable_services.png b/l10n-weblate/administration/assets-es/images/monitoring_enable_services.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/monitoring_enable_services.png rename to l10n-weblate/administration/assets-es/images/monitoring_enable_services.png diff --git a/l10n/po/zh_CN/administration/assets/images/monitoring_grafana_example.png b/l10n-weblate/administration/assets-es/images/monitoring_grafana_example.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/monitoring_grafana_example.png rename to l10n-weblate/administration/assets-es/images/monitoring_grafana_example.png diff --git a/l10n/po/zh_CN/administration/assets/images/os-image-build-host.png b/l10n-weblate/administration/assets-es/images/os-image-build-host.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/os-image-build-host.png rename to l10n-weblate/administration/assets-es/images/os-image-build-host.png diff --git a/l10n/po/es/client-configuration/assets/images/systems_create_activation_key.png b/l10n-weblate/administration/assets-es/images/systems_create_activation_key.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/systems_create_activation_key.png rename to l10n-weblate/administration/assets-es/images/systems_create_activation_key.png diff --git a/l10n/po/es/reference/assets/images/systems_virtual_host_managers_vmware.png b/l10n-weblate/administration/assets-es/images/systems_virtual_host_managers_vmware.png similarity index 100% rename from l10n/po/es/reference/assets/images/systems_virtual_host_managers_vmware.png rename to l10n-weblate/administration/assets-es/images/systems_virtual_host_managers_vmware.png diff --git a/l10n-weblate/administration/assets-zh_CN/images/admin_list_organizations.png b/l10n-weblate/administration/assets-zh_CN/images/admin_list_organizations.png new file mode 100644 index 00000000000..e749b367e3a Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/admin_list_organizations.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/admin_organization_configuration.png b/l10n-weblate/administration/assets-zh_CN/images/admin_organization_configuration.png new file mode 100644 index 00000000000..8b1bd2e2c10 Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/admin_organization_configuration.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/admin_organization_details.png b/l10n-weblate/administration/assets-zh_CN/images/admin_organization_details.png new file mode 100644 index 00000000000..e3147f6df62 Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/admin_organization_details.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/admin_organization_states.png b/l10n-weblate/administration/assets-zh_CN/images/admin_organization_states.png new file mode 100644 index 00000000000..31bfddcb3ff Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/admin_organization_states.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/admin_organization_trusts.png b/l10n-weblate/administration/assets-zh_CN/images/admin_organization_trusts.png new file mode 100644 index 00000000000..121886dc2bd Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/admin_organization_trusts.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/admin_organization_users.png b/l10n-weblate/administration/assets-zh_CN/images/admin_organization_users.png new file mode 100644 index 00000000000..984475bb141 Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/admin_organization_users.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/admin_task_schedules.png b/l10n-weblate/administration/assets-zh_CN/images/admin_task_schedules.png new file mode 100644 index 00000000000..eaedfda463d Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/admin_task_schedules.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/deploy_cert_salt.png b/l10n-weblate/administration/assets-zh_CN/images/deploy_cert_salt.png new file mode 100644 index 00000000000..fb3358d5ed4 Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/deploy_cert_salt.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_apply_highstate.png b/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_apply_highstate.png new file mode 100644 index 00000000000..52a39703da8 Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_apply_highstate.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_channels.png b/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_channels.png new file mode 100644 index 00000000000..f2a66cfc192 Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_channels.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_kernel_live_install.png b/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_kernel_live_install.png new file mode 100644 index 00000000000..13b3c9f497a Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_kernel_live_install.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_kgraft_install.png b/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_kgraft_install.png new file mode 100644 index 00000000000..427b6dfaf4d Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_kgraft_install.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_successful.png b/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_successful.png new file mode 100644 index 00000000000..2c011789465 Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/enable_live_patching_successful.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/image-building.png b/l10n-weblate/administration/assets-zh_CN/images/image-building.png new file mode 100644 index 00000000000..af4cfac9299 Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/image-building.png differ diff --git a/l10n/po/zh_CN/administration/assets/images/images_image_build.png b/l10n-weblate/administration/assets-zh_CN/images/images_image_build.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/images_image_build.png rename to l10n-weblate/administration/assets-zh_CN/images/images_image_build.png diff --git a/l10n/po/zh_CN/administration/assets/images/images_image_create_profile.png b/l10n-weblate/administration/assets-zh_CN/images/images_image_create_profile.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/images_image_create_profile.png rename to l10n-weblate/administration/assets-zh_CN/images/images_image_create_profile.png diff --git a/l10n-weblate/administration/assets-zh_CN/images/images_image_create_profile_kiwi.png b/l10n-weblate/administration/assets-zh_CN/images/images_image_create_profile_kiwi.png new file mode 100644 index 00000000000..65bcf8c8015 Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/images_image_create_profile_kiwi.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/images_image_profiles.png b/l10n-weblate/administration/assets-zh_CN/images/images_image_profiles.png new file mode 100644 index 00000000000..e47a5dae5fb Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/images_image_profiles.png differ diff --git a/l10n/po/zh_CN/administration/assets/images/images_image_stores.png b/l10n-weblate/administration/assets-zh_CN/images/images_image_stores.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/images_image_stores.png rename to l10n-weblate/administration/assets-zh_CN/images/images_image_stores.png diff --git a/l10n-weblate/administration/assets-zh_CN/images/images_image_stores_create.png b/l10n-weblate/administration/assets-zh_CN/images/images_image_stores_create.png new file mode 100644 index 00000000000..de2139b5988 Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/images_image_stores_create.png differ diff --git a/l10n/po/zh_CN/administration/assets/images/images_list_images.png b/l10n-weblate/administration/assets-zh_CN/images/images_list_images.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/images_list_images.png rename to l10n-weblate/administration/assets-zh_CN/images/images_list_images.png diff --git a/l10n-weblate/administration/assets-zh_CN/images/live_patching_criticalupdates.png b/l10n-weblate/administration/assets-zh_CN/images/live_patching_criticalupdates.png new file mode 100644 index 00000000000..8c0e0ac689a Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/live_patching_criticalupdates.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/maint_windows_multi.png b/l10n-weblate/administration/assets-zh_CN/images/maint_windows_multi.png new file mode 100644 index 00000000000..f22615a4b5f Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/maint_windows_multi.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/monitoring_configure_formula.png b/l10n-weblate/administration/assets-zh_CN/images/monitoring_configure_formula.png new file mode 100644 index 00000000000..57b9765aad1 Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/monitoring_configure_formula.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/monitoring_enable_services.png b/l10n-weblate/administration/assets-zh_CN/images/monitoring_enable_services.png new file mode 100644 index 00000000000..ff262dff0a4 Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/monitoring_enable_services.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/monitoring_grafana_example.png b/l10n-weblate/administration/assets-zh_CN/images/monitoring_grafana_example.png new file mode 100644 index 00000000000..cca2a18a4ba Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/monitoring_grafana_example.png differ diff --git a/l10n-weblate/administration/assets-zh_CN/images/os-image-build-host.png b/l10n-weblate/administration/assets-zh_CN/images/os-image-build-host.png new file mode 100644 index 00000000000..f22f45e400e Binary files /dev/null and b/l10n-weblate/administration/assets-zh_CN/images/os-image-build-host.png differ diff --git a/l10n/po/zh_CN/administration/assets/images/systems_create_activation_key.png b/l10n-weblate/administration/assets-zh_CN/images/systems_create_activation_key.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/systems_create_activation_key.png rename to l10n-weblate/administration/assets-zh_CN/images/systems_create_activation_key.png diff --git a/l10n/po/zh_CN/administration/assets/images/systems_virtual_host_managers_vmware.png b/l10n-weblate/administration/assets-zh_CN/images/systems_virtual_host_managers_vmware.png similarity index 100% rename from l10n/po/zh_CN/administration/assets/images/systems_virtual_host_managers_vmware.png rename to l10n-weblate/administration/assets-zh_CN/images/systems_virtual_host_managers_vmware.png diff --git a/l10n-weblate/administration/cs.po b/l10n-weblate/administration/cs.po index 1a9104456b1..812c5401ae3 100644 --- a/l10n-weblate/administration/cs.po +++ b/l10n-weblate/administration/cs.po @@ -6,11 +6,11 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2020-08-23 23:31+0200\n" +"POT-Creation-Date: 2020-09-30 10:38+0200\n" "PO-Revision-Date: 2020-09-24 15:48+0000\n" "Last-Translator: Aleš Kastner \n" -"Language-Team: Czech \n" +"Language-Team: Czech \n" "Language: cs\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -19,1446 +19,1593 @@ msgstr "" "X-Generator: Weblate 3.6.1\n" #. type: Title = -#: modules/administration/pages/actions.adoc:2 +#: modules/administration/pages/live-patching.adoc:1 #, no-wrap -msgid "Actions" +msgid "Live Patching with SUSE Manager" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:5 -msgid "You can manage actions on your clients in a number of different ways." +#: modules/administration/pages/live-patching.adoc:2 +msgid "" +"Performing a kernel update usually requires a system reboot. Common " +"vulnerability and exposure (CVE) patches should be applied as soon as " +"possible, but if you cannot afford the downtime, you can use Live Patching " +"to inject these important updates and skip the need to reboot." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:8 +#: modules/administration/pages/live-patching.adoc:3 msgid "" -"For Salt clients, you can schedule automated recurring actions to apply the " -"highstate to clients on a specified schedule. You can apply recurring " -"actions to individual clients, to all clients in a system group, or to an " -"entire organization." +"The procedure for setting up Live Patching is slightly different for " +"SLES{nbsp}12 and SLES{nbsp}15. Both procedures are documented in this " +"section." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:11 -msgid "" -"On both Salt and traditional clients, you can set actions to be performed in " -"a particular order by creating action chains. Action chains can be created " -"and edited ahead of time, and scheduled to run at a time that suits you." +#. type: Title = +#: modules/administration/pages/master-fingerprint.adoc:1 +#, no-wrap +msgid "Set up a Client to Master Validation Fingerprint" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:14 +#: modules/administration/pages/master-fingerprint.adoc:2 msgid "" -"You can also perform remote commands on one or more of your Salt clients. " -"Remote commands allows you to issue commands to individual Salt clients, or " -"to all clients that match a search term." +"In highly secure network configurations you may wish to ensure your Salt " +"clients are connecting a specific master. To set up validation from client " +"to master enter the master's fingerprint within the [path]``/etc/salt/" +"minion`` configuration file." msgstr "" -#. type: Title == -#: modules/administration/pages/actions.adoc:17 -#, no-wrap -msgid "Recurring Actions" +#. type: Plain text +#: modules/administration/pages/master-fingerprint.adoc:3 +msgid "See the following procedure:" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:20 +#: modules/administration/pages/master-fingerprint.adoc:4 msgid "" -"You can apply recurring actions on individual Salt clients, or to all " -"clients in an organization." +"On the master, at the command prompt, as root, use this command to find the " +"``master.pub`` fingerprint:" msgstr "" -#. type: Block title -#: modules/administration/pages/actions.adoc:23 +#. type: delimited block - +#: modules/administration/pages/master-fingerprint.adoc:5 #, no-wrap -msgid "Procedure: Creating a New Recurring Action" +msgid "salt-key -F master\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:25 +#: modules/administration/pages/master-fingerprint.adoc:6 msgid "" -"To apply a recurring action to an individual client, navigate to " -"[guimenu]``Systems``, click the client to configure schedules for, and " -"navigate to the menu:States[Recurring States] tab." +"On your client, open the [path]``/etc/salt/minion`` configuration file. " +"Uncomment the following line and enter the master's fingerprint replacing " +"the example fingerprint:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:26 -msgid "" -"To apply a recurring action to a system group, navigate to menu:" -"Systems[System Groups], select the group to configure schedules for, and " -"navigate to menu:States[Recurring States] tab." +#. type: delimited block - +#: modules/administration/pages/master-fingerprint.adoc:7 +#, no-wrap +msgid "master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:27 -msgid "Click btn:[Create]." +#: modules/administration/pages/master-fingerprint.adoc:8 +msgid "Restart the salt-minion service:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:28 -msgid "Type a name for the new schedule." +#. type: delimited block - +#: modules/administration/pages/master-fingerprint.adoc:9 +#, no-wrap +msgid "# systemctl restart salt-minion\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:29 -msgid "Choose the frequency of the recurring action:" +#: modules/administration/pages/master-fingerprint.adoc:10 +msgid "" +"For information on configuring security from a client, see https://docs." +"saltstack.com/en/latest/ref/configuration/minion.html." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:32 -msgid "" -"[guimenu]``Hourly:`` Type the minute of each hour. For example, " -"[parameter]``15`` will run the action at fifteen minutes past every hour." +#. type: Title = +#: modules/administration/pages/mirror-sources.adoc:1 +#, no-wrap +msgid "Mirror Source Packages" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:34 +#: modules/administration/pages/mirror-sources.adoc:2 msgid "" -"[guimenu]``Daily:`` Select the time of each day. For example, " -"[parameter]``01:00`` will run the action at 0100 every day, in the timezone " -"of the {productname} Server." +"If you build your own packages locally, or if you require the source code " +"for your packages for legal reasons, it is possible to mirror the source " +"packages on {productname} Server." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:35 +#. type: delimited block = +#: modules/administration/pages/mirror-sources.adoc:3 msgid "" -"[guimenu]``Weekly:`` Select the day of the week and the time of the day, to " -"execute the action every week at the specified time." +"Mirroring source packages can consume a significant amount of disk space." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:36 -msgid "" -"[guimenu]``Monthly:`` Select the day of the month and the time of the day, " -"to execute the action every month at the specified time." +#. type: Block title +#: modules/administration/pages/mirror-sources.adoc:4 +#, no-wrap +msgid "Procedure: Mirroring Source Packages" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:38 +#: modules/administration/pages/mirror-sources.adoc:5 msgid "" -"[guimenu]``Custom Quartz format:`` For more detailed options, enter a custom " -"quartz string. For example, to run a recurring action at 0215 every " -"Saturday of every month, enter:" +"Open the [filename]``/etc/rhn/rhn.conf`` configuration file, and add this " +"line:" msgstr "" #. type: delimited block - -#: modules/administration/pages/actions.adoc:41 +#: modules/administration/pages/mirror-sources.adoc:6 #, no-wrap -msgid "0 15 2 ? * 7\n" +msgid "server.sync_source_packages = 1\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:43 -msgid "" -"OPTIONAL: Toggle the [guimenu]``Test mode`` switch on to run the schedule in " -"test mode." +#: modules/administration/pages/mirror-sources.adoc:7 +msgid "Restart the Spacewalk service to pick up the changes:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:44 -msgid "" -"Click btn:[Create Schedule] to save, and see the complete list of existing " -"schedules." +#. type: delimited block - +#: modules/administration/pages/mirror-sources.adoc:8 +#: modules/administration/pages/auth-methods-sso.adoc:42 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:15 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:57 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:74 +#, no-wrap +msgid "spacewalk-service restart\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:48 +#: modules/administration/pages/mirror-sources.adoc:9 msgid "" -"Organization Administrators can set and edit recurring actions for all " -"clients in the organization. Navigate to menu:Home[My Organization > " -"Recurring States] to see all recurring actions that apply to the entire " -"organization." +"Currently, this feature can only be enabled globally for all repositories. " +"It is not possible to select individual repositories for mirroring." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:51 -msgid "" -"{productname} Administrators can set and edit recurring actions for all " -"clients in all organizations. Navigate to menu:Admin[Organizations], select " -"the organization to manage, and navigate to the menu:States[Recurring " -"States] tab." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/actions.adoc:56 +#: modules/administration/pages/mirror-sources.adoc:10 msgid "" -"Recurring actions can only be used with Salt clients. Traditional clients " -"in your group or organization are ignored." +"When this feature has been activated, the source packages will become " +"available in the {productname} {webui} after the next repository " +"synchronization. They will be shown as sources for the binary package, and " +"can be downloaded directly from the {webui}. Source packages cannot be " +"installed on clients using the {webui}." msgstr "" -#. type: Title == -#: modules/administration/pages/actions.adoc:60 +#. type: Title = +#: modules/administration/pages/tshoot-diskspace.adoc:1 #, no-wrap -msgid "Action Chains" +msgid "Troubleshooting Disk Space" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/actions.adoc:63 +#: modules/administration/pages/tshoot-diskspace.adoc:2 msgid "" -"If you need to perform a number of sequential actions on your clients, you " -"can create an action chain to ensure the order is respected." +"Running out of disk space can have a severe impact on the {productname} " +"database and file structure which, in most cases, is not recoverable." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:68 +#: modules/administration/pages/tshoot-diskspace.adoc:3 msgid "" -"By default, most clients will execute an action as soon as the command is " -"issued. In some case, actions will take a long time, which could mean that " -"actions issued afterwards fail. For example, if you instruct a client to " -"reboot, then issue a second command, the second action could fail because " -"the reboot is still occurring. To ensure that actions occur in the correct " -"order, use action chains." +"{productname} monitors free space in specific directories, and has " +"configurable alerts. For more on space management, see xref:administration:" +"space-management.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:71 +#: modules/administration/pages/tshoot-diskspace.adoc:4 msgid "" -"You can use action chains on both traditional and Salt clients. Action " -"chains can include any number of these actions, in any order:" +"You can recover disk space by removing unused custom channels and redundant " +"database entries before you run out of space entirely." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:73 -msgid "menu:System Details[Remote Command]" +#: modules/administration/pages/tshoot-diskspace.adoc:5 +msgid "" +"For instructions on how to delete custom channels, see xref:administration:" +"channel-management.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:74 -msgid "menu:System Details[Schedule System Reboot]" +#. type: Block title +#: modules/administration/pages/tshoot-diskspace.adoc:6 +#, no-wrap +msgid "Procedure: Resolving redundant database entries" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:75 -msgid "menu:System Details[States > Highstate]" +#: modules/administration/pages/tshoot-diskspace.adoc:7 +msgid "" +"Use the [command]``spacewalk-data-fsck`` command to list any redundant " +"database entries." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:76 -msgid "menu:System Details[Software > Packages > List/Remove]" +#: modules/administration/pages/tshoot-diskspace.adoc:8 +msgid "" +"Use the [command]``spacewalk-data-fsck --remove`` command to delete them." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:77 -msgid "menu:System Details[Software > Packages > Install]" +#. type: Title === +#: modules/administration/pages/tshoot-intro.adoc:1 +#: modules/administration/pages/image-management.adoc:127 +#: modules/administration/pages/image-management.adoc:242 +#, no-wrap +msgid "Troubleshooting" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:78 -msgid "menu:System Details[Software > Packages > Upgrade]" +#: modules/administration/pages/tshoot-intro.adoc:2 +msgid "" +"This section contains some common problems you might encounter with " +"{productname}, and solutions to resolving them." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:79 -msgid "menu:System Details[Software > Patches]" +#. type: Title = +#: modules/administration/pages/tshoot-localcert.adoc:1 +#, no-wrap +msgid "Troubleshooting Local Issuer Certificates" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/actions.adoc:80 -msgid "menu:System Details[Software > Software Channels]" -msgstr "" +#: modules/administration/pages/tshoot-localcert.adoc:2 +msgid "" +"Some older bootstrap scripts create a link to the local certificate in the " +"wrong place. This results in zypper returning an ``Unrecognized error`` " +"about the local issuer certificate. You can ensure that the link to the " +"local issuer certificate has been created correctly by checking the [path]``/" +"etc/ssl/certs/`` directory. If you come across this problem, you should " +"consider updating your bootstrap scripts to ensure that zypper operates as " +"expected." +msgstr "" + +#. type: Title = +#: modules/administration/pages/tshoot-logintimeout.adoc:1 +#, no-wrap +msgid "Troubleshooting Login Timeouts" +msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/actions.adoc:81 -msgid "menu:System Details[Configuration]" +#: modules/administration/pages/tshoot-logintimeout.adoc:2 +msgid "" +"By default, the {productname} {webui} will require users to log in again " +"after 30{nbsp}minutes. Depending on your environment, you might want to " +"adjust the login timeout value." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:82 -msgid "menu:Images[Build]" +#: modules/administration/pages/tshoot-logintimeout.adoc:3 +msgid "" +"To adjust the value, you will need to make the change in both [path]``rhn." +"conf`` and [path]``web.xml``. Ensure you set the value in seconds in " +"[path]``/etc/rhn/rhn.conf``, and in minutes in [path]``web.xml``. The two " +"values must equal the same amount of time." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-logintimeout.adoc:4 +msgid "" +"For example, to change the timeout value to one hour, set the value in " +"[path]``rhn.conf`` to 3600 seconds, and the value in [path]``web.xml`` to 60 " +"minutes." msgstr "" #. type: Block title -#: modules/administration/pages/actions.adoc:85 +#: modules/administration/pages/tshoot-logintimeout.adoc:5 #, no-wrap -msgid "Procedure: Creating a New Action Chain" +msgid "Procedure: Adjusting the {webui} Login Timeout Value" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:88 -msgid "" -"In the {productname} {webui}, navigate to the first action you want to " -"perform in the action chain. For example, navigate to [guimenu]``System " -"Details`` for a client, and click btn:[Schedule System Reboot]." +#: modules/administration/pages/tshoot-logintimeout.adoc:6 +msgid "Stop services:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:89 -msgid "Check the [guimenu]``Add to`` field and select ``new action chain``." +#. type: delimited block - +#: modules/administration/pages/tshoot-logintimeout.adoc:7 +#: modules/administration/pages/backup-restore.adoc:133 +#, no-wrap +msgid "spacewalk-service stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:91 +#: modules/administration/pages/tshoot-logintimeout.adoc:8 msgid "" -"Confirm the action. This will not perform the action immediately, it will " -"instead create the new action chain, and a blue bar confirming this appears " -"at the top of the screen." +"Open [path]``/etc/rhn/rhn.conf`` and add or edit this line to include the " +"new timeout value in seconds:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:92 -msgid "" -"Continue adding actions to your action chain by checking the [guimenu]``Add " -"to`` field and selecting the name of the action chain to add them to." +#. type: delimited block - +#: modules/administration/pages/tshoot-logintimeout.adoc:9 +#, no-wrap +msgid "web.session_database_lifetime = \n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:93 -msgid "" -"When you have finished adding actions, navigate to menu:Schedule[Action " -"Chains] and selecting the action chain from the list." +#: modules/administration/pages/tshoot-logintimeout.adoc:10 +#: modules/administration/pages/tshoot-logintimeout.adoc:13 +msgid "Save and close the file." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:96 +#: modules/administration/pages/tshoot-logintimeout.adoc:11 msgid "" -"Re-order actions by dragging them and dropping them into the correct " -"position. Click the blue plus sign to see the clients an action will be " -"performed on. Click btn:[Save] to save your changes." +"Open [path]``/srv/tomcat/webapps/rhn/WEB-INF/web.xml`` and add or edit this " +"line to include the new timeout value in minutes:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-logintimeout.adoc:12 +#, no-wrap +msgid "Timeout_Value_in_Minutes\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:98 -msgid "" -"Schedule a time for your action chain to run, and click btn:[Save and " -"Schedule]. If you leave the page without clicking either btn:[Save] or btn:" -"[Save and Schedule] all unsaved changes will be discarded." +#: modules/administration/pages/tshoot-logintimeout.adoc:14 +msgid "Restart services:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/actions.adoc:102 -msgid "" -"If one action in an action chain fails, the action chain stops, and no " -"further actions are executed." +#. type: delimited block - +#: modules/administration/pages/tshoot-logintimeout.adoc:15 +#: modules/administration/pages/backup-restore.adoc:149 +#, no-wrap +msgid "spacewalk-service start\n" +msgstr "" + +#. type: Title = +#: modules/administration/pages/tshoot-packages.adoc:1 +#, no-wrap +msgid "Troubleshooting Package Inconsistencies" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/actions.adoc:105 +#: modules/administration/pages/tshoot-packages.adoc:2 msgid "" -"You can see scheduled actions from action chains by navigating to menu:" -"Schedule[Pending Actions]." +"When packages on a client are locked, {productname} Server may not be able " +"to correctly determine the set of applicable patches. When this occurs, " +"package updates will be available in the {webui}, but will not appear on the " +"client, and attempts to update the client will fail. Check package locks " +"and exclude lists to determine if packages are locked or excluded on the " +"client." msgstr "" -#. type: Title == -#: modules/administration/pages/actions.adoc:108 -#, no-wrap -msgid "Remote Commands" +#. type: Plain text +#: modules/administration/pages/tshoot-packages.adoc:3 +msgid "" +"On the client, check package locks and exclude lists to determine if " +"packages are locked or excluded:" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:112 +#: modules/administration/pages/tshoot-packages.adoc:4 msgid "" -"You can configure clients to run commands remotely. This allows you to " -"issue scripts or individual commands to a client, without having access to " -"the client directly." +"On an Expanded Support Platform, check [path]``/etc/yum.conf`` and search " +"for ``exclude=``." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:116 -msgid "" -"This feature is automatically enabled on Salt clients, and you do not need " -"to perform any further configuration. For traditional clients, the feature " -"is enabled if you have registered the client using a bootstrap script and " -"have enabled remote commands. You can use this procedure to enable it " -"manually, instead." +#: modules/administration/pages/tshoot-packages.adoc:5 +msgid "On {sle} and {opensuse}, use the [command]``zypper locks`` command." +msgstr "" + +#. type: Title = +#: modules/administration/pages/tshoot-rpctimeout.adoc:1 +#, no-wrap +msgid "Troubleshooting RPC Connection Timeouts" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/actions.adoc:119 +#: modules/administration/pages/tshoot-rpctimeout.adoc:2 msgid "" -"Before you begin, ensure your client is subscribed to the appropriate tools " -"child channel for its installed operating system. For more information " -"about subscribing to software channels, see xref:client-configuration:" -"channels.adoc[]." +"RPC connections can sometimes time out due to slow networks or a network " +"link going down. This results in package downloads or batch jobs hanging or " +"taking longer than expected. You can adjust the maximum time that an RPC " +"connection can take by editing the configuration file. While this will not " +"resolve networking problems, it will cause a process to fail rather than " +"hang." msgstr "" #. type: Block title -#: modules/administration/pages/actions.adoc:122 +#: modules/administration/pages/tshoot-rpctimeout.adoc:3 #, no-wrap -msgid "Procedure: Configuring Traditional Clients to Accept Remote Commands" +msgid "Procedure: Resolving RPC connection timeouts" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:125 +#: modules/administration/pages/tshoot-rpctimeout.adoc:4 msgid "" -"On the client, at the command prompt, use the package manager to install the " -"[systemitem]``rhncfg``, [systemitem]``rhncfg-client``, and " -"[systemitem]``rhncfg-actions`` packages, if not already installed. For " -"example:" +"On the {productname} Server, open the [filename]``/etc/rhn/rhn.conf`` file " +"and set a maximum timeout value (in seconds):" msgstr "" #. type: delimited block - -#: modules/administration/pages/actions.adoc:128 +#: modules/administration/pages/tshoot-rpctimeout.adoc:5 #, no-wrap -msgid "zypper in rhncfg rhncfg-client rhncfg-actions\n" +msgid "server.timeout =`number`\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:130 +#: modules/administration/pages/tshoot-rpctimeout.adoc:6 msgid "" -"On the client, at the command prompt, as root, create a path in the local " -"configuration directory:" +"On the {productname} Proxy, open the [filename]``/etc/rhn/rhn.conf`` file " +"and set a maximum timeout value (in seconds):" msgstr "" #. type: delimited block - -#: modules/administration/pages/actions.adoc:133 +#: modules/administration/pages/tshoot-rpctimeout.adoc:7 #, no-wrap -msgid "mkdir -p /etc/sysconfig/rhn/allowed-actions/script\n" +msgid "proxy.timeout =`number`\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:137 +#: modules/administration/pages/tshoot-rpctimeout.adoc:8 msgid "" -"Create an empty file called [path]``run`` in the new directory. This file " -"grants the {productname} Server permission to run remote commands:" +"On a {sles} client that uses zypper, open the [filename]``/etc/zypp/zypp." +"conf`` file and set a maximum timeout value (in seconds):" msgstr "" #. type: delimited block - -#: modules/administration/pages/actions.adoc:140 +#: modules/administration/pages/tshoot-rpctimeout.adoc:9 #, no-wrap -msgid "touch /etc/sysconfig/rhn/allowed-actions/script/run\n" +msgid "" +"## Valid values: [0,3600]\n" +"## Default value: 180\n" +"download.transfer_timeout = 180\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:145 +#: modules/administration/pages/tshoot-rpctimeout.adoc:10 msgid "" -"For Salt clients, remote commands are run from the [path]``/tmp/`` directory " -"on the client. To ensure that remote commands work accurately, do not mount " -"``/tmp`` with the [parameter]``noexec`` option." +"On a {rhel} client that uses yum, open the [filename]``/etc/yum.conf`` file " +"and set a maximum timeout value (in seconds):" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-rpctimeout.adoc:11 +#, no-wrap +msgid "timeout =`number`\n" msgstr "" #. type: delimited block = -#: modules/administration/pages/actions.adoc:151 +#: modules/administration/pages/tshoot-rpctimeout.adoc:12 msgid "" -"All commands run from the [guimenu]``Remote Commands`` page are executed as " -"{rootuser} on clients. Wildcards can be used to run commands across any " -"number of systems. Always take extra care to check your commands before " -"issuing them." +"If you limit RPC timeouts to less than `180` seconds, you risk aborting " +"perfectly normal operations." msgstr "" -#. type: Block title -#: modules/administration/pages/actions.adoc:155 +#. type: Title = +#: modules/administration/pages/tuning-changelogs.adoc:1 #, no-wrap -msgid "Procedure: Running Remote Commands on Traditional Clients" +msgid "Tuning Changelogs" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:157 +#: modules/administration/pages/tuning-changelogs.adoc:2 msgid "" -"In the {productname} {webui}, navigate to [guimenu]``Systems``, click the " -"client to run a remote command on, and navigate to the menu:Details[Remote " -"Command] tab." +"Some packages have a long list of changelog entries. This data is " +"downloaded by default, but it is not always useful information to keep. In " +"order to limit the amount of changelog metadata which is downloaded and to " +"save disk space, you can put a limit on how many entries to keep on disk." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:159 +#: modules/administration/pages/tuning-changelogs.adoc:3 msgid "" -"In the [guimenu]``Run as user`` field, type the user ID (UID) of the user on " -"the client that you want to run the command. Alternatively, you can specify " -"a group to run the command, using the group ID (GID) in the [guimenu]``Run " -"as group`` field." +"This configuration option is in the [filename]``/etc/rhn/rhn.conf`` " +"configuration file. The parameter defaults to [systemitem]``0``, which " +"means unlimited." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:161 -msgid "" -"OPTIONAL: In the [guimenu]``Timeout`` field, type a timeout period for the " -"command, in seconds. If the command is not executed within this period, it " -"will not be run." +#. type: delimited block - +#: modules/administration/pages/tuning-changelogs.adoc:4 +#, no-wrap +msgid "java.max_changelog_entries = 0\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:162 -msgid "In the [guimenu]``Command label`` field, type a name for your command." +#: modules/administration/pages/tuning-changelogs.adoc:5 +msgid "" +"If you set this parameter, it will come into effect only for new packages " +"when they are synchronized." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:163 +#: modules/administration/pages/tuning-changelogs.adoc:6 msgid "" -"In the [guimenu]``Script`` field, type the command or script to execute." +"After changing this parameter, restart services with ``spacewalk-service " +"restart``." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:164 +#: modules/administration/pages/tuning-changelogs.adoc:7 msgid "" -"Select a date and time to execute the command, or add the remote command to " -"an action chain." +"You might like to delete and regenerate the cached data to remove older data." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:165 -msgid "Click btn:[Schedule] to schedule the remote command." +#. type: delimited block = +#: modules/administration/pages/tuning-changelogs.adoc:8 +msgid "" +"Deleting and regenerating cached data can take a long time. Depending on " +"the number of channels you have and the amount of data to be deleted, it can " +"potentially take several hours. The task is run in the background by " +"Taskomatic, so you can continue to use {productname} while the operation " +"completes, however you should expect some performance loss." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:167 +#: modules/administration/pages/tuning-changelogs.adoc:9 msgid "" -"For more information about action chains, see xref:reference:schedule/action-" -"chains.adoc[]." -msgstr "" +"You can delete and request a regeneration of cached data from the command " +"line:" +msgstr "" -#. type: Block title -#: modules/administration/pages/actions.adoc:171 +#. type: delimited block - +#: modules/administration/pages/tuning-changelogs.adoc:10 #, no-wrap -msgid "Procedure: Running Remote Commands on Salt Clients" +msgid "spacewalk-sql -i\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:173 -msgid "Navigate to menu:Salt[Remote Commands]." +#: modules/administration/pages/tuning-changelogs.adoc:11 +msgid "Then on the SQL database prompt, enter:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:174 +#. type: delimited block - +#: modules/administration/pages/tuning-changelogs.adoc:12 +#, no-wrap msgid "" -"In the first field, before the ``@`` symbol, type the command you want to " -"issue." +"DELETE FROM rhnPackageRepodata;\n" +"INSERT INTO rhnRepoRegenQueue (id, CHANNEL_LABEL, REASON, FORCE)\n" +"(SELECT sequence_nextval('rhn_repo_regen_queue_id_seq'),\n" +" C.label,\n" +" 'cached data regeneration',\n" +" 'Y'\n" +" FROM rhnChannel C);\n" +"\\q\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:176 -msgid "" -"In the second field, after the ``@`` symbol, type the client you want to " -"issue the command on. You can type the ``minion-id`` of an individual " -"client, or you can use wildcards to target a range of clients." +#. type: Title = +#: modules/administration/pages/space-management.adoc:1 +#, no-wrap +msgid "Managing Disk Space" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:177 +#: modules/administration/pages/space-management.adoc:2 msgid "" -"Click btn:[Find targets] to check which clients you have targeted, and " -"confirm that you have used the correct details." +"Running out of disk space can have a severe impact on the {productname} " +"database and file structure which, in some cases, is not recoverable." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:177 -msgid "Click btn:[Run command] to issue the command to the target clients." +#: modules/administration/pages/space-management.adoc:3 +msgid "" +"{productname} monitors some directories for free disk space. You can modify " +"which directories are monitored, and the warnings that are created. All " +"settings are configured in the [path]``/etc/rhn/rhn.conf`` configuration " +"file." msgstr "" -#. type: Title = -#: modules/administration/pages/admin-overview.adoc:2 +#. type: Title == +#: modules/administration/pages/space-management.adoc:4 #, no-wrap -msgid "Administration Guide Overview" +msgid "Monitored Directories" msgstr "" #. type: Plain text -#: modules/administration/pages/admin-overview.adoc:5 -#, no-wrap -msgid "**Publication Date:** {docdate}\n" +#: modules/administration/pages/space-management.adoc:5 +msgid "By default, {productname} monitors these directories:" msgstr "" #. type: Plain text -#: modules/administration/pages/admin-overview.adoc:6 -msgid "" -"This book provides guidance on performing administration tasks on the " -"{productname} Server." +#: modules/administration/pages/space-management.adoc:6 +msgid "[path]``/var/lib/pgsql``" msgstr "" -#. type: Title = -#: modules/administration/pages/auditing.adoc:2 -#, no-wrap -msgid "Auditing" +#. type: Plain text +#: modules/administration/pages/space-management.adoc:7 +msgid "[path]``/var/spacewalk``" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:6 -msgid "" -"In {productname}, you can keep track of your clients through a series of " -"auditing tasks. You can check that your clients are up to date with all " -"public security patches (CVEs), perform subscription matching, and use " -"OpenSCAP to check for specification compliance." +#: modules/administration/pages/space-management.adoc:8 +msgid "[path]``/var/cache``" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:8 -msgid "" -"In the {productname} {webui}, navigate to [guimenu]``Audit`` to perform " -"auditing tasks." +#: modules/administration/pages/space-management.adoc:9 +msgid "[path]``/srv``" msgstr "" -#. This will probably need to be broken into sub-sections. --LKB 20200205 -#. type: Title == -#: modules/administration/pages/auditing.adoc:14 -#, no-wrap -msgid "CVE Audits" +#. type: Plain text +#: modules/administration/pages/space-management.adoc:10 +msgid "" +"You can change which directories are monitored with the " +"[systemitem]``spacecheck_dirs`` parameter. You can specify multiple " +"directories by separating them with a space." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:17 -msgid "" -"A CVE (common vulnerabilities and exposures) is a fix for a publicly known " -"security vulnerability." +#: modules/administration/pages/space-management.adoc:11 +#: modules/administration/pages/space-management.adoc:16 +#: modules/administration/pages/space-management.adoc:21 +#: modules/administration/pages/actions.adoc:62 +#: modules/administration/pages/backup-restore.adoc:135 +msgid "For example:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/auditing.adoc:21 -msgid "You must apply CVEs to your clients as soon as they become available." +#. type: delimited block - +#: modules/administration/pages/space-management.adoc:12 +#, no-wrap +msgid "spacecheck_dirs = /var/lib/pgsql /var/spacewalk /var/cache /srv\n" +msgstr "" + +#. type: Title == +#: modules/administration/pages/space-management.adoc:13 +#, no-wrap +msgid "Thresholds" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:25 +#: modules/administration/pages/space-management.adoc:14 msgid "" -"Each CVE contains an identification number, a description of the " -"vulnerability, and links to further information. CVE identification numbers " -"use the form ``CVE-YEAR-XXXX``." +"By default, {productname} will create a warning mail when a monitored " +"directory has less than 10% of total space available. A critical alert is " +"created when a monitored directory falls below 5% space available." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:27 +#: modules/administration/pages/space-management.adoc:15 msgid "" -"In the {productname} {webui}, navigate to menu:Audit[CVE Audit] to see a " -"list of all clients and their current patch status." +"You can change these alert thresholds with the " +"[systemitem]``spacecheck_free_alert`` and " +"[systemitem]``spacecheck_free_critical`` parameters." msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:30 +#. type: delimited block - +#: modules/administration/pages/space-management.adoc:17 +#, no-wrap msgid "" -"By default, the CVE data is updated at 2300 every day. We recommend that " -"before you begin a CVE audit you refresh the data to ensure you have the " -"latest patches." +"spacecheck_free_alert = 10\n" +"spacecheck_free_critical = 5\n" msgstr "" -#. type: Block title -#: modules/administration/pages/auditing.adoc:33 +#. type: Title == +#: modules/administration/pages/space-management.adoc:18 #, no-wrap -msgid "Procedure: Updating CVE Data" +msgid "Shut Down Services" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:35 +#: modules/administration/pages/space-management.adoc:19 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Task Schedules] and " -"select the ``cve-server-channels-default`` schedule." +"By default, {productname} will shut down the spacewalk services when the " +"critical alert threshold is reached." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:36 -msgid "Click btn:[cve-server-channels-bunch]." +#: modules/administration/pages/space-management.adoc:20 +msgid "" +"You can change this behavior with the [systemitem]``spacecheck_shutdown`` " +"parameter. A value of ``true`` will enable the shut down feature. Any " +"other value will disable it." msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:38 -msgid "" -"Click btn:[Single Run Schedule] to schedule the task. Allow the task to " -"complete before continuing with the CVE audit." +#. type: delimited block - +#: modules/administration/pages/space-management.adoc:22 +#, no-wrap +msgid "spacecheck_shutdown = true\n" msgstr "" -#. type: Block title -#: modules/administration/pages/auditing.adoc:41 +#. type: Title == +#: modules/administration/pages/space-management.adoc:23 #, no-wrap -msgid "Procedure: Verifying Patch Status" +msgid "Disable Space Checking" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:43 -msgid "In the {productname} {webui}, navigate to menu:Audit[CVE Audit]." +#: modules/administration/pages/space-management.adoc:24 +msgid "" +"The space checking tool is enabled by default. You can disable it entirely " +"with these commands:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:44 +#. type: delimited block - +#: modules/administration/pages/space-management.adoc:25 +#, no-wrap msgid "" -"OPTIONAL: To check the patch status for a particular CVE, type the CVE " -"identifier in the [guimenu]``CVE Number`` field." +"systemctl stop spacewalk-diskcheck.timer\n" +"systemctl disable spacewalk-diskcheck.timer\n" +msgstr "" + +#. type: Title = +#: modules/administration/pages/task-schedules.adoc:1 +#, no-wrap +msgid "Task Schedules" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:45 +#: modules/administration/pages/task-schedules.adoc:2 msgid "" -"Select the patch statuses you want to look for, or leave all statuses " -"checked to look for all." +"Under menu:Admin[Task Schedules] all predefined task bunches are listed." +msgstr "" + +#. type: Target for macro image +#: modules/administration/pages/task-schedules.adoc:3 +#, no-wrap +msgid "admin_task_schedules.png" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:46 +#: modules/administration/pages/task-schedules.adoc:4 msgid "" -"Click btn:[Audit Servers] to check all systems, or click btn:[Audit Images] " -"to check all images." +"Click a menu:SUSE Manager Schedules[Schedule name] to open its menu:Schedule " +"Name[Basic Schedule Details] where you can disable it or change the " +"frequency. Click btn:[Edit Schedule] to update the schedule with your " +"settings. To delete a schedule, click btn:[Delete Schedule] in the upper " +"right-hand corner." msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:48 +#. type: delimited block = +#: modules/administration/pages/task-schedules.adoc:5 msgid "" -"For more information about the patch status icons used on this page, see " -"xref:reference:audit/audit-cve-audit.adoc[]." +"Only disable or delete a schedule if you are absolutely certain this is " +"necessary as they are essential for {productname} to work properly." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:53 +#: modules/administration/pages/task-schedules.adoc:6 msgid "" -"For each system, the [guimenu]``Next Action`` column provides information " -"about what you need to do to address vulnerabilities. If applicable, a list " -"of candidate channels or patches is also given. You can also assign systems " -"to a [guimenu]``System Set`` for further batch processing." +"If you click a bunch name, a list of runs of that bunch type and their " +"status will be displayed. Clicking the start time links takes you back to " +"the menu:Schedule Name[Basic Schedule Details]." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:58 +#: modules/administration/pages/task-schedules.adoc:7 msgid "" -"You can use the {productname} API to verify the patch status of your " -"clients. Use the ``audit.listSystemsByPatchStatus`` API method. For more " -"information about this method, see the {productname} API Guide." +"For example, the following predefined task bunches are scheduled by default " +"and can be configured:" msgstr "" -#. type: Title == -#: modules/administration/pages/auditing.adoc:61 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:8 #, no-wrap -msgid "CVE Status" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/auditing.adoc:65 -msgid "" -"The CVE status of clients is usually either ``affected``, ``not affected``, " -"or ``patched``. These statuses are based only on the information that is " -"available to {productname}." +msgid "menu:channel-repodata-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:67 -msgid "Within {productname}, these definitions apply:" +#: modules/administration/pages/task-schedules.adoc:9 +msgid "(Re)generates repository metadata files." msgstr "" #. type: Labeled list -#: modules/administration/pages/auditing.adoc:68 +#: modules/administration/pages/task-schedules.adoc:10 #, no-wrap -msgid "System affected by a certain vulnerability" +msgid "menu:cleanup-data-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:70 +#: modules/administration/pages/task-schedules.adoc:11 msgid "" -"A system which has an installed package with version lower than the version " -"of the same package in a relevant patch marked for the vulnerability." +"Cleans up stale package change log and monitoring time series data from the " +"database." msgstr "" #. type: Labeled list -#: modules/administration/pages/auditing.adoc:71 +#: modules/administration/pages/task-schedules.adoc:12 #, no-wrap -msgid "System not affected by a certain vulnerability" +msgid "menu:clear-taskologs-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:73 +#: modules/administration/pages/task-schedules.adoc:13 msgid "" -"A system which has no installed package that is also in a relevant patch " -"marked for the vulnerability." +"Clears task engine (taskomatic) history data older than a specified number " +"of days, depending on the job type, from the database." msgstr "" #. type: Labeled list -#: modules/administration/pages/auditing.adoc:74 +#: modules/administration/pages/task-schedules.adoc:14 #, no-wrap -msgid "System patched for a certain vulnerability" +msgid "menu:cobbler-sync-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:76 +#: modules/administration/pages/task-schedules.adoc:15 msgid "" -"A system which has an installed package with version equal to or greater " -"than the version of the same package in a relevant patch marked for the " -"vulnerability." +"Synchronizes distribution and profile data from {productname} to Cobbler. " +"For more information, see xref:client-configuration:cobbler.adoc[]." msgstr "" #. type: Labeled list -#: modules/administration/pages/auditing.adoc:77 +#: modules/administration/pages/task-schedules.adoc:16 #, no-wrap -msgid "Relevant patch" +msgid "menu:compare-configs-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:79 -msgid "A patch known by {productname} in a relevant channel." +#: modules/administration/pages/task-schedules.adoc:17 +msgid "" +"Compares configuration files as stored in configuration channels with the " +"files stored on all configuration-enabled servers. To review comparisons, " +"click menu:Systems[] tab and select the system of interest. Go to menu:" +"Configuration[Compare Files]. For more information, see xref:reference:" +"systems/system-details/sd-configuration.adoc#sd-config-compare-files[]." msgstr "" #. type: Labeled list -#: modules/administration/pages/auditing.adoc:80 +#: modules/administration/pages/task-schedules.adoc:18 #, no-wrap -msgid "Relevant channel" +msgid "menu:cve-server-channels-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:82 +#: modules/administration/pages/task-schedules.adoc:19 msgid "" -"A channel managed by {productname}, which is either assigned to the system, " -"the original of a cloned channel which is assigned to the system, a channel " -"linked to a product which is installed on the system or a past or future " -"service pack channel for the system." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/auditing.adoc:87 -msgid "" -"Because of the definitions used within {productname}, CVE audit results " -"might be incorrect in some circumstances. For example, unmanaged channels, " -"unmanaged packages, or non-compliant systems might report incorrectly." +"Updates internal pre-computed CVE data that is used to display results on " +"the menu:Audit[CVE Audit] page. Search results in the menu:Audit[CVE Audit] " +"page are updated to the last run of this schedule). For more information, " +"see xref:reference:audit/audit-cve-audit.adoc[]." msgstr "" -#. type: Title = -#: modules/administration/pages/auth-methods-pam.adoc:2 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:20 #, no-wrap -msgid "Authentication With PAM" +msgid "menu:daily-status-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:7 +#: modules/administration/pages/task-schedules.adoc:21 msgid "" -"{productname} supports network-based authentication systems using pluggable " -"authentication modules (PAM). PAM is a suite of libraries that allows you " -"to integrate {productname} with a centralized authentication mechanism, " -"eliminating the need to remember multiple passwords. {productname} supports " -"LDAP, Kerberos, and other network-based authentication systems using PAM." +"Sends daily report e-mails to relevant addresses. To learn more about how " +"to configure notifications for specific users, see xref:reference:users/user-" +"details.adoc[]." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-pam.adoc:10 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:22 #, no-wrap -msgid "Procedure: Enabling PAM" +msgid "menu:errata-cache-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:15 +#: modules/administration/pages/task-schedules.adoc:23 msgid "" -"Create a PAM service file at [path]``/etc/pam.d/susemanager``. A standard " -"[path]``/etc/pam.d/susemanager`` file should look like this. It configures " -"{productname} to use the system wide PAM configuration:" +"Updates internal patch cache database tables, which are used to look up " +"packages that need updates for each server. Also, this sends notification " +"emails to users that might be interested in certain patches. For more " +"information about patches, see xref:reference:patches/patches-menu.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-pam.adoc:22 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:24 #, no-wrap -msgid "" -"#%PAM-1.0\n" -"auth include common-auth\n" -"account include common-account\n" -"password include common-password\n" -"session include common-session\n" +msgid "menu:errata-queue-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:24 +#: modules/administration/pages/task-schedules.adoc:25 msgid "" -"Enforce the use of the service file by adding this line to [path]``/etc/rhn/" -"rhn.conf``:" +"Queues automatic updates (patches) for servers that are configured to " +"receive them." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-pam.adoc:27 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:26 #, no-wrap -msgid "pam_auth_service = susemanager\n" +msgid "menu:kickstart-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:30 -msgid "" -"In this example, the PAM service file is called [systemitem]``susemanager``." +#: modules/administration/pages/task-schedules.adoc:27 +msgid "Cleans up stale kickstart session data." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:31 -msgid "Restart the {productname} services after a configuration change." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:28 +#, no-wrap +msgid "menu:kickstartfile-sync-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:32 +#: modules/administration/pages/task-schedules.adoc:29 msgid "" -"In the {productname} {webui}, navigate to menu:Users[Create User] and enable " -"a new or existing user to authenticate with PAM." +"Generates Cobbler files corresponding to Kickstart profiles created by the " +"configuration wizard." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:34 -msgid "" -"Check the [guimenu]``Pluggable Authentication Modules (PAM)`` checkbox. It " -"is below the password and password confirmation fields." +#. we probably no longer want to reference NCC; I do not know whether it works the same way with SCC (if at all) +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:30 +#, no-wrap +msgid "menu:mgr-register-default:[]" msgstr "" -#. type: delimited block = -#: modules/administration/pages/auth-methods-pam.adoc:43 +#. type: Plain text +#: modules/administration/pages/task-schedules.adoc:31 msgid "" -"Changing the password in the {productname} {webui} changes only the local " -"password on the {productname} Server. If PAM is enabled for that user, the " -"local password might not be used at all. In the above example, for " -"instance, the Kerberos password will not be changed. Use the password " -"change mechanism of your network service to change the password for these " -"users." +"Calls the [command]``mgr-register`` command, which synchronizes client " +"registration data with NCC (new, changed or deleted clients' data are " +"forwarded)." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:48 -msgid "" -"To configure system-wide authentication you can use YaST. You will need to " -"install the [package]``yast2-ldap-client`` and [package]``yast2-kerberos-" -"client`` packages." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:32 +#, no-wrap +msgid "menu:mgr-sync-refresh-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:52 +#: modules/administration/pages/task-schedules.adoc:33 msgid "" -"For more information about configuring PAM, the SUSE Linux Enterprise Server " -"Security Guide contains a generic example that will also work for other " -"network-based authentication methods. It also describes how to configure an " -"active directory service. For more information, see https://documentation." -"suse.com/sles/15-SP1/html/SLES-all/part-auth.html." +"The default time at which the start of synchronization with SUSE Customer " +"Center (SCC) takes place (``mgr-sync-refresh``)." msgstr "" -#. type: Title = -#: modules/administration/pages/auth-methods-sso-example.adoc:2 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:34 #, no-wrap -msgid "Example SSO Implementation" +msgid "menu:minion-action-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:5 +#: modules/administration/pages/task-schedules.adoc:35 msgid "" -"In this example, SSO is implemented by exposing three endpoints with " -"{productname}, and using Keycloak as the identity service provider (IdP)." +"Deletes stale client action data from the file system. First it tries to " +"complete any possibly unfinished actions by looking up the corresponding " +"results; these results are stored in the Salt job cache. An unfinished " +"action can occur if the server has missed the results of the action. For " +"successfully completed actions it removes artifacts such as executed script " +"files." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:8 -msgid "" -"Start by setting up the {productname} Server, and the Keycloak IdP. Then " -"you can add the endpoints as clients, and create users." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:36 +#, no-wrap +msgid "menu:package-cleanup-default:[]" msgstr "" -#. type: delimited block = -#: modules/administration/pages/auth-methods-sso-example.adoc:15 -msgid "" -"This example is provided for illustrative purposes only. {suse} does not " -"recommend or support third-party identity service providers, and is not " -"affiliated with Keycloak. For Keycloak support, see https://www.keycloak." -"org/." +#. type: Plain text +#: modules/administration/pages/task-schedules.adoc:37 +msgid "Deletes stale package files from the file system." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:19 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:38 #, no-wrap -msgid "Procedure: Setting Up the {productname} Server" +msgid "menu:reboot-action-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:22 +#: modules/administration/pages/task-schedules.adoc:39 msgid "" -"On the {productname} Server, open the [path]``/etc/rhn/rhn.conf`` " -"configuration file and edit these parameters. Replace ```` with the " -"fully-qualified domain name of your {productname} installation:" +"Any reboot actions pending for more than six hours are marked as failed and " +"associated data is cleaned up in the database. For more information on " +"scheduling reboot actions, see xref:reference:systems/system-details/sd-" +"provisioning.adoc#sd-power-management[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:27 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:40 #, no-wrap -msgid "" -"java.sso.onelogin.saml2.sp.entityid = /rhn/manager/sso/metadata\n" -"java.sso.onelogin.saml2.sp.assertion_consumer_service.url = /rhn/manager/sso/acs\n" -"java.sso.onelogin.saml2.sp.single_logout_service.url = /rhn/manager/sso/sls\n" +msgid "menu:sandbox-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:29 -msgid "In the configuration file, determine the three endpoints to expose:" +#: modules/administration/pages/task-schedules.adoc:41 +msgid "" +"Cleans up Sandbox configuration files and channels that are older than the " +"__sandbox_lifetime__ configuration parameter (3 days by default). Sandbox " +"files are those imported from systems or files under development. For more " +"information, see xref:reference:systems/system-details/sd-configuration." +"adoc#sd-config-add-files[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:34 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:42 #, no-wrap -msgid "" -"java.sso.onelogin.saml2.idp.entityid\n" -"java.sso.onelogin.saml2.idp.single_sign_on_service.url\n" -"java.sso.onelogin.saml2.idp.single_logout_service.url\n" +msgid "menu:session-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:39 +#: modules/administration/pages/task-schedules.adoc:43 msgid "" -"In the IdP metadata, locate the public x509 certificate. It uses this " -"format: ``/auth/realms//protocol/saml/" -"descriptor``. In the configuration file, specify the public x509 " -"certificate of the IdP:" +"Cleans up stale Web interface sessions, typically data that is temporarily " +"stored when a user logs in and then closes the browser before logging out." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:42 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:44 #, no-wrap -msgid "java.sso.onelogin.saml2.idp.x509cert\n" +msgid "menu:ssh-push-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:49 +#: modules/administration/pages/task-schedules.adoc:45 msgid "" -"When you have prepared the {productname} Server, you can install Keycloak. " -"You can install Keycloak directly on your machine, or run it in a " -"container. In this example, we run Keycloak in a Docker container. For " -"more information about installing Keycloak, see the Keycloak documentation " -"at https://www.keycloak.org/getting-started/getting-started-docker." +"Prompts clients to check in with {productname} via SSH if they are " +"configured with a `SSH Push` contact method." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:52 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:46 #, no-wrap -msgid "Procedure: Setting Up the Identity Service Provider" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:54 -msgid "" -"Install Keycloak in a Docker container, according to the Keycloak " -"documentation." +msgid "menu:token-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:55 +#: modules/administration/pages/task-schedules.adoc:47 msgid "" -"Run the container using the ``-td`` argument to ensure the process remains " -"running:" +"Deletes expired repository tokens that are used by Salt clients to download " +"packages and metadata." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:58 +#. type: Title = +#: modules/administration/pages/subscription-matching.adoc:1 #, no-wrap -msgid "docker run -td --name=idp -p 8080:8080 -e KEYCLOAK_USER= -e KEYCLOAK_PASSWORD= quay.io/keycloak/keycloak:9.0.2\n" +msgid "Subscription Matching" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:60 +#: modules/administration/pages/subscription-matching.adoc:2 msgid "" -"Sign in the Keycloak {webui} as a privileged user, and create a realm using " -"these details:" +"Your {suse} products require subscriptions, which are managed by the {scc} " +"(SCC). {productname} runs a nightly report checking the subscription status " +"of all your registered clients against your SCC account. The report gives " +"you information about which clients consume which subscriptions, how many " +"subscriptions you have remaining and available to use, and which clients do " +"not have a current subscription." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:63 -msgid "" -"In the ``Name`` field, enter a name for the realm. For example, ``SUMA``." +#: modules/administration/pages/subscription-matching.adoc:3 +msgid "Navigate to menu:Audit[Subscription Matching] to see the report." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:64 -msgid "Toggle the ``Enabled`` switch to ``On``." +#: modules/administration/pages/subscription-matching.adoc:4 +msgid "" +"The [guimenu]``Subscriptions Report`` tab gives information about current " +"and expiring subscriptions." msgstr "" -#. Probably needs more explanation here. --LKB 20200415 #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:67 +#: modules/administration/pages/subscription-matching.adoc:5 msgid "" -"In the ``Endpoints`` field, type ``SAML 2.0 Identity Provider Metadata``. " -"This endpoint is ``/auth/realms//protocol/saml/" -"descriptor`` which describes the endpoints and certificate in the " -"{productname} configuration file." +"The [guimenu]``Unmatched Products Report`` tab gives a list of clients that " +"do not have a current subscription. This includes clients that could not be " +"matched, or that are not currently registered with {productname}. The " +"report includes product names and the number of systems that remain " +"unmatched." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:72 +#: modules/administration/pages/subscription-matching.adoc:6 msgid "" -"When you have Keycloak running and set up, you can add the endpoints. " -"Keycloak refers to endpoints as clients." -msgstr "" - -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:75 -#, no-wrap -msgid "Procedure: Adding Endpoints as Clients" +"The [guimenu]``Pins`` tab allows you to associate individual clients to the " +"relevant subscription. This is especially useful if the subscription " +"manager is not automatically associating clients to subscriptions " +"successfully." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:77 -msgid "In the Keycloak {webui}, create a new client using these details:" +#: modules/administration/pages/subscription-matching.adoc:7 +msgid "" +"The [guimenu]``Messages`` tab shows any errors that occurred during the " +"matching process." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:80 +#: modules/administration/pages/subscription-matching.adoc:8 msgid "" -"In the ``Client ID`` field, enter the endpoint specified in the server " -"configuration file as ``java.sso.onelogin.saml2.idp.entityid``. For " -"example, ``https:///rhn/manager/sso/metadata``." +"You can also download the reports in .csv format, or access them from that " +"command prompt in the [path]``/var/lib/spacewalk/subscription-matcher/`` " +"directory." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:81 -msgid "In the ``Client Protocol`` field, select ``SAML``." +#: modules/administration/pages/subscription-matching.adoc:9 +msgid "" +"By default, the subscription matcher runs daily, at midnight. To change " +"this, navigate to menu:Admin[Task Schedules] and click ``gatherer-matcher-" +"default``. Change the schedule as required, and click btn:[Update Schedule]." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:82 -msgid "Toggle the ``Include AuthnStatement`` switch to ``On``." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:83 -msgid "Toggle the ``Sign Assertions`` switch to ``On``." +#: modules/administration/pages/subscription-matching.adoc:10 +msgid "" +"Because the report can only match current clients with current " +"subscriptions, you might find that the matches change over time. The same " +"client will not always match the same subscription. This can be due to new " +"clients being registered or unregistered, or because of the addition or " +"expiration of subscriptions." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:84 -msgid "In the ``Signature Algorithm`` field, select ``RSA_SHA1``." +#: modules/administration/pages/subscription-matching.adoc:11 +msgid "" +"The subscription matcher will automatically attempt to reduce the number of " +"unmatched products, limited by the terms and conditions of the subscriptions " +"in your account. However, if you have incomplete hardware information, " +"unknown virtual machine host assignments, or clients running in unknown " +"public clouds, the matcher might show that you do not have enough " +"subscriptions available. Always ensure you have complete data about your " +"clients included in {productname}, to help ensure accuracy." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:85 -msgid "In the ``SAML Signature Key Name`` field, select the key." +#. type: delimited block = +#: modules/administration/pages/subscription-matching.adoc:12 +msgid "" +"The subscription matcher will not always match clients and subscriptions " +"accurately. It is not intended to be a replacement for auditing." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:86 -msgid "In the ``Canonicalization Method`` field, select ``Exclusive``." +#. type: Title == +#: modules/administration/pages/subscription-matching.adoc:13 +#, no-wrap +msgid "Pin Clients to Subscriptions" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:87 +#: modules/administration/pages/subscription-matching.adoc:14 msgid "" -"In the ``Fine Grain SAML Endpoint Configuration`` section, add the two " -"endpoints using these details:" +"If the subscription matcher is not automatically matching a particular " +"client with the correct subscription, you can manually pin them. When you " +"have created a pin, the subscription matcher favors matching a specific " +"subscription with a given system or group of systems." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:90 +#: modules/administration/pages/subscription-matching.adoc:15 msgid "" -"In both the ``Assertion Consumer Service`` fields, enter the endpoint " -"specified in the server configuration file as ``java.sso.onelogin.saml2.sp." -"assertion_consumer_service.url``. For example, ``https:///rhn/manager/" -"sso/acs``." +"However, the matcher will not always respect a pin. It depends on the " +"subscription being available, and whether or not the subscription can be " +"applied to the client. Additionally, pins will be ignored if they result in " +"a match that violates the terms and conditions of the subscription, or if " +"the matcher detects a more accurate match if the pin is ignored." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:92 -msgid "" -"In both the ``Logout Service`` fields, enter the endpoint specified in the " -"server configuration file as ``java.sso.onelogin.saml2.sp." -"single_logout_service.url``. For example, ``https:///rhn/manager/sso/" -"sls``." +#: modules/administration/pages/subscription-matching.adoc:16 +msgid "To add a new pin, click btn:[Add a Pin], and select the client to pin." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:96 +#. type: delimited block = +#: modules/administration/pages/subscription-matching.adoc:17 msgid "" -"When you have added the endpoints as clients, you can configure the client " -"scope, and map the users between Keycloak and {productname}." +"We do not recommend using pinning regularly, or for a large number of " +"clients. The subscription matcher tool is generally accurate enough for " +"most installations." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:99 +#. type: Title = +#: modules/administration/pages/ssl-certs-imported.adoc:1 #, no-wrap -msgid "Procedure: Configuring Client Scope and Mappers" +msgid "Import SSL Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:101 +#: modules/administration/pages/ssl-certs-imported.adoc:2 msgid "" -"In the Keycloak {webui}, navigate to the menu:Clients[Client Scopes] tab and " -"assign ``role_list`` as the default client scope." +"By default, {productname} uses a self-signed certificate. For additional " +"security, you can import a custom certificate, signed by a third party " +"certificate authority (CA)." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:103 +#: modules/administration/pages/ssl-certs-imported.adoc:3 msgid "" -"Navigate to the menu:Clients[Mappers] tab and add a user attribute ``Uid`` " -"mapper, using the default values. This SAML attribute is expected by " -"{productname}." +"This section covers how to use an imported SSL certificate with a new " +"{productname} installation, and how to replace existing self-signed " +"certificates with imported certificates." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:105 -msgid "" -"Navigate to the menu:Users[Admin] section and create an administrative " -"user. This user does not need to match the {productname} administrative " -"user." +#: modules/administration/pages/ssl-certs-imported.adoc:4 +msgid "Before you begin, ensure you have:" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:106 -msgid "" -"Navigate to the menu:Users[Role Mappings] tab, add a ``uid`` attribute with " -"a value that matches the username of the {productname} administrative user." +#: modules/administration/pages/ssl-certs-imported.adoc:5 +msgid "A certificate authority (CA) SSL public certificate" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:107 -msgid "" -"Navigate to the menu:Users[Credentials] tab, and set the same password as " -"used by the {productname} administrative user." +#: modules/administration/pages/ssl-certs-imported.adoc:6 +msgid "An SSL server key" msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:107 -#, no-wrap -msgid " Save your changes." +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:7 +msgid "An SSL server certificate" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:8 +msgid "Your key and certificate files must be in PEM format." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:113 +#: modules/administration/pages/ssl-certs-imported.adoc:9 msgid "" -"When you have completed configuration, you can test that the installation is " -"working as expected. Restart the {productname} Server to pick up your " -"changes, and navigate to the {productname} {webui}. If your installation is " -"working correctly, you are redirected to the Keycloak SSO page, where you " -"can authenticate successfully." +"The host name of the SSL keys and certificates must match the fully " +"qualified host name of the machine you deploy them on. You can set the host " +"names in the ``X509v3 Subject Alternative Name`` section of the " +"certificate. You can also list multiple host names if your environment " +"requires it." msgstr "" -#. type: Title = -#: modules/administration/pages/auth-methods-sso.adoc:2 +#. type: Title == +#: modules/administration/pages/ssl-certs-imported.adoc:10 #, no-wrap -msgid "Authentication With Single Sign-On (SSO)" +msgid "Import Certificates for New Installations" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:5 +#: modules/administration/pages/ssl-certs-imported.adoc:11 msgid "" -"{productname} supports single sign-on (SSO) by implementing the Security " -"Assertion Markup Language (SAML){nbsp}2 protocol." +"By default, {productname} uses a self-signed certificate. After you have " +"completed the initial setup, you can replace the default certificate with an " +"imported certificate." +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-imported.adoc:12 +#, no-wrap +msgid "Procedure: Import Certificates on a New {productname} Server" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:10 +#: modules/administration/pages/ssl-certs-imported.adoc:13 msgid "" -"Single sign-on is an authentication process that allows a user to access " -"multiple applications with one set of credentials. SAML is an XML-based " -"standard for exchanging authentication and authorization data. A SAML " -"identity service provider (IdP) provides authentication and authorization " -"services to service providers (SP), such as {productname}. {productname} " -"exposes three endpoints which must be enabled for single sign-on." +"Install the {productname} Server according to the instructions in xref:" +"installation:install-intro.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:12 -msgid "SSO in {productname} supports:" +#: modules/administration/pages/ssl-certs-imported.adoc:14 +msgid "" +"Complete the initial setup according to xref:installation:server-setup." +"adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:14 -msgid "Log in with SSO." +#: modules/administration/pages/ssl-certs-imported.adoc:15 +msgid "" +"At the command prompt, point the SSL environment variables to the " +"certificate file locations:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:15 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:16 +#, no-wrap msgid "" -"Log out with service provider-initiated single logout (SLO), and Identity " -"service provider single logout service (SLS)." +"export CA_CERT=\n" +"export SERVER_KEY=\n" +"export SERVER_CERT=\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:16 -msgid "Assertion and nameId encryption." +#: modules/administration/pages/ssl-certs-imported.adoc:17 +msgid "Complete {productname} setup:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:17 -msgid "Assertion signatures." +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:18 +#, no-wrap +msgid "yast susemanager_setup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:18 +#: modules/administration/pages/ssl-certs-imported.adoc:19 msgid "" -"Message signatures with AuthNRequest, LogoutRequest, and LogoutResponses." +"When you are prompted for certificate details during setup, fill in random " +"values. The values will be overridden by the values you specified at the " +"command prompt." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:19 -msgid "Enable an Assertion consumer service endpoint." +#. type: delimited block = +#: modules/administration/pages/ssl-certs-imported.adoc:20 +msgid "" +"Execute the [command]``yast susemanager_setup`` command from the same shell " +"you exported the environment variables from." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:20 -msgid "Enable a single logout service endpoint." +#. type: Title == +#: modules/administration/pages/ssl-certs-imported.adoc:21 +#, no-wrap +msgid "Import Certificates for New Proxy Installations" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:21 -msgid "Publish the SP metadata (which can be signed)." +#: modules/administration/pages/ssl-certs-imported.adoc:22 +msgid "" +"By default, {productname} Proxy uses a self-signed certificate. After you " +"have completed the initial setup, you can replace the default certificate " +"with an imported certificate." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:23 -msgid "SSO in {productname} does not support:" +#. type: Block title +#: modules/administration/pages/ssl-certs-imported.adoc:23 +#, no-wrap +msgid "Procedure: Import Certificates on a New {productname} Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:25 +#: modules/administration/pages/ssl-certs-imported.adoc:24 msgid "" -"Product choosing and implementation for the identity service provider (IdP)." +"Install the {productname} Proxy according to the instructions in xref:" +"installation:install-intro.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:26 +#: modules/administration/pages/ssl-certs-imported.adoc:25 msgid "" -"SAML support for other products (check with the respective product " -"documentation)." +"Complete the initial setup according to xref:installation:proxy-setup.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:28 -msgid "" -"For an example implementation of SSO, see xref:administration:auth-methods-" -"sso-example.adoc[]." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/auth-methods-sso.adoc:34 -msgid "" -"If you change from the default authentication method to single sign-on, the " -"new SSO credentials apply only to the {webui}. Client tools such as ``mgr-" -"sync`` or ``spacecmd`` will continue to work with the default authentication " -"method only." +#: modules/administration/pages/ssl-certs-imported.adoc:26 +msgid "At the command prompt, run:" msgstr "" -#. type: Title == -#: modules/administration/pages/auth-methods-sso.adoc:38 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:27 #, no-wrap -msgid "Prerequisites" +msgid "configure-proxy.sh\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:42 +#: modules/administration/pages/ssl-certs-imported.adoc:28 msgid "" -"Before you begin, you need to have configured an external identity service " -"provider with these parameters. Check your IdP documentation for " -"instructions." +"At the ``Do you want to import existing certificates?`` prompt, type kbd:[y]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:29 +msgid "Follow the prompts to complete setup." msgstr "" #. type: delimited block = -#: modules/administration/pages/auth-methods-sso.adoc:48 +#: modules/administration/pages/ssl-certs-imported.adoc:30 msgid "" -"Your IdP must have a SAML:Attribute containing the username of the IdP user " -"domain, called ``uid``. The ``uid`` attribute passed in the SAML:Attribute " -"must be created in the {productname} user base before you activate single " -"sign-on." +"Use the same certificate authority to sign all server certificates for " +"servers and proxies. Certificates signed with different CAs will not match." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:52 -msgid "You will need these endpoints:" +#. type: Title == +#: modules/administration/pages/ssl-certs-imported.adoc:31 +#, no-wrap +msgid "Replace Certificates with a Third Party Certificate" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:55 +#: modules/administration/pages/ssl-certs-imported.adoc:32 msgid "" -"Assertion consumer service (or ACS): an endpoint to accept SAML messages to " -"establish a session into the Service Provider. The endpoint for ACS in " -"{productname} is: https://server.example.com/rhn/manager/sso/acs" +"You can replace active certificates on your {productname} installation with " +"a new third party certificate. To replace the certificates, you can replace " +"the installed CA certificate RPM with a new RPM containing the third party " +"certificate, and then update the database." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:57 +#: modules/administration/pages/ssl-certs-imported.adoc:33 msgid "" -"Single logout service (or SLS): an endpoint to initiate a logout request " -"from the IdP. The endpoint for SLS in {productname} is: https://server." -"example.com/rhn/manager/sso/sls" +"This procedure is similar to the one described in xref:administration:ssl-" +"certs-selfsigned.adoc#ssl-certs-selfsigned-create-replace[]. The difference " +"is that we import the certificates generated by an external PKI." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:59 -msgid "" -"Metadata: an endpoint to retrieve {productname} metadata for SAML. The " -"endpoint for metadata in {productname} is: https://server.example.com/rhn/" -"manager/sso/metadata" +#. type: Block title +#: modules/administration/pages/ssl-certs-imported.adoc:34 +#, no-wrap +msgid "Procedure: Replacing Existing Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:61 +#: modules/administration/pages/ssl-certs-imported.adoc:35 msgid "" -"After the authentication with the IdP using the user ``orgadmin`` is " -"successful, you will be logged in into {productname} as the ``orgadmin`` " -"user, provided that the ``orgadmin`` user exists in {productname}." +"On the {productname} Server, at the command prompt, move the old certificate " +"directory to a backup location:" msgstr "" -#. type: Title == -#: modules/administration/pages/auth-methods-sso.adoc:64 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:36 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:21 #, no-wrap -msgid "Enable SSO" +msgid "mv /root/ssl-build /root/old-ssl-build\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/auth-methods-sso.adoc:70 -msgid "" -"Using SSO is mutually exclusive with other types of authentication: it is " -"either enabled or disabled. SSO is disabled by default." +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:37 +msgid "Generate a CA certificate RPM from the new certificate:" msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso.adoc:72 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:38 #, no-wrap -msgid "Procedure: Enabling SSO" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:75 -msgid "If your users do not yet exist in {productname}, create them first." +msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\" --from-ca-cert=\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:76 -msgid "" -"Edit [path]``/etc/rhn/rhn.conf`` and add this line at the end of the file:" +#: modules/administration/pages/ssl-certs-imported.adoc:39 +msgid "Generate a new server certificate RPM:" msgstr "" #. type: delimited block - -#: modules/administration/pages/auth-methods-sso.adoc:79 +#: modules/administration/pages/ssl-certs-imported.adoc:40 #, no-wrap -msgid "java.sso = true\n" +msgid "rhn-ssl-tool --gen-server --rpm-only --dir=\"/root/ssl-build\" --from-server-key= --from-server-cert=\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:83 +#: modules/administration/pages/ssl-certs-imported.adoc:41 msgid "" -"Find the parameters you want to customize in [path]``/usr/share/rhn/config-" -"defaults/rhn_java_sso.conf``. Insert the parameters you want to customize " -"into [path]``/etc/rhn/rhn.conf`` and prefix them with [literal]``java." -"sso``. For example, in [path]``/usr/share/rhn/config-defaults/rhn_java_sso." -"conf`` find:" +"When you create the new server certificate RPM, you might get a warning that " +"server certificate request file could not be found. This file is not " +"required, and the procedure will complete correctly without it. However, if " +"you want to avoid the error, you can copy the file into the server " +"directory, and name it [path]``server.csr``:" msgstr "" #. type: delimited block - -#: modules/administration/pages/auth-methods-sso.adoc:86 +#: modules/administration/pages/ssl-certs-imported.adoc:42 #, no-wrap -msgid "onelogin.saml2.sp.assertion_consumer_service.url = https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" +msgid "cp .csr /root/ssl-build//server.csr\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:89 +#: modules/administration/pages/ssl-certs-imported.adoc:43 msgid "" -"To customize it, create the corresponding option in [path]``/etc/rhn/rhn." -"conf`` by prefixing the option name with ``java.sso.``:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso.adoc:92 -#, no-wrap -msgid "java.sso.onelogin.saml2.sp.assertion_consumer_service.url = https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" +"When you have created the new [path]``ssl-build`` directory, you can create " +"combined certificate RPMs and deploy them on the clients. For the " +"procedures to do this, see xref:administration:ssl-certs-selfsigned.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:96 +#: modules/administration/pages/ssl-certs-imported.adoc:44 msgid "" -"To find all the occurrences you need to change, search in the file for the " -"placeholders [literal]``YOUR-PRODUCT`` and [literal]``YOUR-IDP-ENTITY``. " -"Every parameter comes with a brief explanation of what it is meant for." +"If you are using a proxy, you will need to generate a server certificate RPM " +"for each proxy, using their host names and cnames." +msgstr "" + +#. type: Title = +#: modules/administration/pages/tshoot-notifications.adoc:1 +#, no-wrap +msgid "Troubleshooting Notifications" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:97 -msgid "Restart the spacewalk service to pick up the changes:" +#: modules/administration/pages/tshoot-notifications.adoc:2 +msgid "" +"The default lifetime of notification messages is 30 days, after which " +"messages are deleted from the database, regardless of read status. To " +"change this value, add or edit this line in [path]``/etc/rhn/rhn.conf``:" msgstr "" #. type: delimited block - -#: modules/administration/pages/auth-methods-sso.adoc:100 +#: modules/administration/pages/tshoot-notifications.adoc:3 #, no-wrap -msgid "spacewalk-service restart\n" +msgid "java.notifications_lifetime = 30\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:104 +#: modules/administration/pages/tshoot-notifications.adoc:4 msgid "" -"When you visit the {productname} URL, you will be redirected to the IdP for " -"SSO where you will be requested to authenticate. Upon successful " -"authentication, you will be redirected to the {productname} {webui}, logged " -"in as the authenticated user. If you encounter problems with logging in " -"using SSO, check the {productname} logs for more information." +"All notification types are enabled by default. To disable a notification " +"type, add or edit this line in [path]``/etc/rhn/rhn.conf``:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-notifications.adoc:5 +#, no-wrap +msgid "java.notifications_type_disabled = OnboardingFailed,ChannelSyncFailed,ChannelSyncFinished\n" msgstr "" #. type: Title = -#: modules/administration/pages/auth-methods.adoc:2 +#: modules/administration/pages/auth-methods.adoc:1 #, no-wrap msgid "Authentication Methods" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods.adoc:5 +#: modules/administration/pages/auth-methods.adoc:2 msgid "" "{productname} supports several different authentication methods. This " "section discusses pluggable authentication modules (PAM) and single sign-on " @@ -1466,10894 +1613,11804 @@ msgid "" msgstr "" #. type: Title = -#: modules/administration/pages/backup-restore.adoc:2 +#: modules/administration/pages/public-cloud-azure.adoc:1 #, no-wrap -msgid "Backup and Restore" +msgid "{productname} with Azure" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:8 -msgid "" -"Back up your {productname} installation regularly, in order to prevent data " -"loss. Because {productname} relies on a database as well as the installed " -"program and configurations, it is important to back up all components of " -"your installation. This chapter contains information on the files you need " -"to back up, and introduces the [command]``smdba`` tool to manage database " -"backups. It also contains information about restoring from your backups in " -"the case of a system failure." -msgstr "" - -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:9 -#, no-wrap -msgid "Backup Space Requirements" -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:14 +#: modules/administration/pages/public-cloud-azure.adoc:2 msgid "" -"Regardless of the backup method you use, you must have available at least " -"three times the amount of space your current installation uses. Running out " -"of space can result in backups failing, so check this often." +"You can use {productname} Server and Proxy with the Microsoft Azure public " +"cloud. This section discusses what you will need for running {productname} " +"in Azure, and how to set up your installation." msgstr "" #. type: Title == -#: modules/administration/pages/backup-restore.adoc:19 +#: modules/administration/pages/public-cloud-azure.adoc:3 #, no-wrap -msgid "Backing up {productname}" +msgid "Configure the Azure Cloud Instance" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:24 +#: modules/administration/pages/public-cloud-azure.adoc:4 msgid "" -"The most comprehensive method for backing up your {productname} installation " -"is to back up the relevant files and directories. This can save you time in " -"administering your backup, and can be faster to reinstall and re-synchronize " -"in the case of failure. However, this method requires significant disk " -"space and could take a long time to perform the backup." +"Use the ``SUSE Manager Server 4 BYOS`` image. The image is a pre-built " +"image created by {suse}. It is based on JeoS, and SUSE Manager is pre-" +"installed but not configured. Configuring SUSE Manager has to be done " +"manually with {yast}." msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:30 +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:5 msgid "" -"If you want to only back up the required files and directories, use the " -"following list. To make this process simpler, and more comprehensive, we " -"recommend backing up the entire [path]``/etc`` and [path]``/root`` " -"directories, not just the ones specified here. Some files only exist if you " -"are actually using the related {susemgr} feature." +"When you create your Azure virtual machine, choose something `like d8s_v3` " +"with 8{nbsp}vCPUs and 32{nbsp}GB RAM." msgstr "" +#. * Up to 4 data disks +#. * Max IOPS 2400 +#. * Temporary storage disk of 16{nbsp}GB. +#. Data on this disk will be destroyed after the guest has been switched off. #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:34 -msgid "[path]``/etc/cobbler/``" +#: modules/administration/pages/public-cloud-azure.adoc:6 +msgid "When you are setting up disk partitioning, we recommend:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:35 -msgid "[path]``/etc/dhcp.conf``" +#: modules/administration/pages/public-cloud-azure.adoc:7 +msgid "30{nbsp}GB for the disk running the operating system" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:36 -msgid "[path]``/etc/fstab`` and any ISO mountpoints you require." +#: modules/administration/pages/public-cloud-azure.adoc:8 +msgid "Select `Standard HDD` for the storage account type" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:37 -msgid "[path]``/etc/rhn/``" +#: modules/administration/pages/public-cloud-azure.adoc:9 +msgid "You will also require three additional data disks:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:38 -msgid "[path]``/etc/salt``" +#: modules/administration/pages/public-cloud-azure.adoc:10 +msgid "Disk 0: 64{nbsp}GB on Premium SSD, mounted at [path]``/var/lib/pgsql``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:39 -msgid "[path]``/etc/sudoers``" +#: modules/administration/pages/public-cloud-azure.adoc:11 +msgid "" +"Disk 1: 512{nbsp}GB on Standard SSD, mounted at [path]``/var/spacewalk``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:40 -msgid "[path]``/etc/sysconfig/rhn/``" +#: modules/administration/pages/public-cloud-azure.adoc:12 +msgid "Disk 2: 128{nbsp}GB on Standard SSD, mounted at [path]``/var/cache``" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:41 -msgid "[path]``/root/.gnupg/``" +#. type: delimited block = +#: modules/administration/pages/public-cloud-azure.adoc:13 +msgid "" +"Do not use LVM with Azure. If you need more disk space, extend a disk in " +"the Azure portal, then extend the file system with [command]``xfs_growfs``." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:42 -msgid "[path]``/root/.ssh``" +#: modules/administration/pages/public-cloud-azure.adoc:14 +msgid "Partition the disks like this:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:46 -msgid "" -"This file exists if you are using an SSH tunnel or SSH [command]``push``. " -"You will also need to have saved a copy of the ``id-susemanager`` key." +#: modules/administration/pages/public-cloud-azure.adoc:15 +msgid "[path]``/dev/sda``: 4 partitions containing the OS" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:47 -msgid "[path]``/root/ssl-build/``" +#: modules/administration/pages/public-cloud-azure.adoc:16 +msgid "[path]``/dev/sdb``: temporary storage disk, do not use" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:48 -msgid "[path]``/srv/formula_metadata``" +#: modules/administration/pages/public-cloud-azure.adoc:17 +msgid "[path]``/dev/sdc``: contains [path]``/var/lib/pgsql``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:49 -msgid "[path]``/srv/pillar``" +#: modules/administration/pages/public-cloud-azure.adoc:18 +msgid "[path]``/dev/sdd``: contains [path]``/var/spacewalk``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:50 -msgid "[path]``/srv/salt``" +#: modules/administration/pages/public-cloud-azure.adoc:19 +msgid "[path]``/dev/sde``: contains [path]``/var/cache``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:51 -msgid "[path]``/srv/susemanager``" +#: modules/administration/pages/public-cloud-azure.adoc:20 +msgid "You can use these commands to create the disks:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:52 -msgid "[path]``/srv/tftpboot/``" +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:21 +#, no-wrap +msgid "" +"for d in sdc sdd sde; do\n" +" parted --script /dev/$d mklabel gpt mkpart primary xfs 0% 100%\n" +" mkfs.xfs /dev/${d}1\n" +"done\n" +"mkdir /cachetmp\n" +"mount /dev/sde1 /cachetmp\n" +"cp -a /var/cache/* /cachetmp/\n" +"umount /cachetmp\n" +"echo \"$(blkid /dev/sdc1|awk -F \" \" '{ print $2 }') /var/lib/pgsql xfs defaults,noatime 0 0\" >> /etc/fstab\n" +"echo \"$(blkid /dev/sdd1|awk -F \" \" '{ print $2 }') /var/spacewalk xfs defaults,noatime 0 0\" >> /etc/fstab\n" +"echo \"$(blkid /dev/sde1|awk -F \" \" '{ print $2 }') /var/cache xfs defaults,noatime 0 0\" >> /etc/fstab\n" +"mkdir -p /var/spacewalk\n" +"mount /var/spacewalk\n" +"chown -R wwwrun:root /var/spacewalk\n" +"mount /var/lib/pgsql\n" +"chown -R postgres:postgres /var/lib/pgsql\n" +"mv /var/cache /var/cache.old\n" +"mkdir /var/cache\n" +"mount /var/cache\n" +"rm -r /var/cache.old\n" msgstr "" +#. REMARK: I guess you do this in your Azure instance +#. REMARK: Where do you configure this? #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:53 -msgid "[path]``/srv/www/cobbler``" +#: modules/administration/pages/public-cloud-azure.adoc:22 +msgid "" +"When you are setting up networking, we recommend that you create a separate " +"private network, with the IP range `10.0.0.0/24`." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:54 -msgid "[path]``/srv/www/htdocs/pub/``" +#: modules/administration/pages/public-cloud-azure.adoc:23 +msgid "" +"Configure the {productname} Server to use the internal IP address " +"`10.0.0.4`. Ensure it is also accessible from outside the network with a " +"fixed IP address." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:55 -msgid "[path]``/srv/www/os-images``" +#: modules/administration/pages/public-cloud-azure.adoc:24 +msgid "" +"Configure the firewall to only allow inbound traffic on ports `22`, `80`, " +"and `443` to IP address `10.0.0.4`. In this environment, if other servers " +"are added to the network they cannot be reached from outside the network." msgstr "" +#. REMARK: Was does this mean? #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:56 -msgid "[path]``/var/cache/rhn``" +#: modules/administration/pages/public-cloud-azure.adoc:25 +msgid "" +"Outbound is open from the private network. This should be restricted for " +"other servers in this private network." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:57 -msgid "[path]``/var/cache/salt``" +#: modules/administration/pages/public-cloud-azure.adoc:26 +msgid "" +"You will need to set the DNS zones in Azure before you can configure the " +"{productname} Server. For more information on setting DNS zones, see the " +"Azure documentation." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:58 -msgid "[path]``/var/lib/cobbler/``" +#. type: Title == +#: modules/administration/pages/public-cloud-azure.adoc:27 +#, no-wrap +msgid "Configure {productname} Server" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:59 -msgid "" -"[path]``/var/lib/cobbler/templates/`` (before version 4.0 it was [path]``/" -"var/lib/rhn/kickstarts/``)" +#: modules/administration/pages/public-cloud-azure.adoc:28 +msgid "Ensure that your {productname} Server is registered with {scc}." msgstr "" +#. I wonder why we do even need spacecmd #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:60 -msgid "[path]``/var/lib/Kiwi``" +#: modules/administration/pages/public-cloud-azure.adoc:29 +msgid "When your server is registered, install these extra packages:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:61 -msgid "[path]``/var/lib/rhn/``" +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:30 +#, no-wrap +msgid "zypper -n in spacecmd mlocate sysstat\n" msgstr "" +#. spacecmd will be installed by default next time +#. ^ How is so? #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:62 -msgid "[path]``/var/spacewalk/``" +#: modules/administration/pages/public-cloud-azure.adoc:31 +msgid "Apply the latest updates and reboot the server:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:63 +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:32 +#, no-wrap msgid "" -"Plus any directories containing custom data such as scripts, Kickstart or " -"AutoYaST profiles, and custom RPMs." +"zypper -n up -l\n" +"reboot\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:68 -msgid "" -"You will also need to back up your database, which you can do with the " -"[command]``smdba`` tool. For more information about the [command]``smdba`` " -"tool, see xref:administration:backup-restore.adoc[]." +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:33 +msgid "Check that all file systems are mounted and that PostgreSQL is running:" msgstr "" -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:70 +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:34 #, no-wrap -msgid "Procedure: Restore from a Manual Backup" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:73 msgid "" -"Re-install {productname}. For more information about recovering from a " -"backup, see xref:administration:backup-restore.adoc[]." +"mount\n" +"service postgresql status\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:75 +#: modules/administration/pages/public-cloud-azure.adoc:35 msgid "" -"Re-synchronize your {productname} repositories with the [command]``mgr-" -"sync`` tool. For more information about the [command]``mgr-sync`` tool, see " -"<>." +"Complete {productname} Server installation and configuration. For more " +"information, see xref:installation:server-setup.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:76 +#: modules/administration/pages/public-cloud-azure.adoc:36 msgid "" -"You can choose to re-register your product, or skip the registration and SSL " -"certificate generation sections." +"We recommend you configure the {productname} Server so that DHCP does not " +"set the host name. Check [path]``/etc/sysconfig/network/dhcp`` and ensure " +"that `DHCLIENT_SET_HOSTNAME` is set to [literal]``no``:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:77 -msgid "" -"Re-install the [path]``/root/ssl-build/rhn-org-httpd-ssl-key-pair-" -"MACHINE_NAME-VER-REL.noarch.rpm`` package." +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:37 +#: modules/administration/pages/public-cloud.adoc:26 +#, no-wrap +msgid "DHCLIENT_SET_HOSTNAME=\"no\"\n" msgstr "" +#. REMARK: hostname -i? #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:78 +#: modules/administration/pages/public-cloud-azure.adoc:38 msgid "" -"Schedule the re-creation of search indexes next time the [command]``rhn-" -"search`` service is started:" +"Add the Azure client to the [path]``/etc/hosts`` file. At the command " +"prompt, replace [literal]```` with the IP address of the server:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:81 +#: modules/administration/pages/public-cloud-azure.adoc:39 #, no-wrap -msgid "rhn-search cleanindex\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:85 -msgid "" -"This command produces only debug messages. It does not produce error " -"messages." +msgid "echo \" $(hostname -f) $(hostname)\" >> /etc/hosts\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:88 +#: modules/administration/pages/public-cloud-azure.adoc:40 msgid "" -"Check whether you need to restore [path]``/var/spacewalk/packages/``. If " -"[path]``/var/spacewalk/packages/`` was not in your backup, you will need to " -"restore it. If the source repository is available, you can restore [path]``/" -"var/spacewalk/packages/`` with a complete channel synchronization:" +"{productname} Server has a default administration user. In Azure, the " +"system administrator user is called [literal]``admin``. The `admin` user's " +"password is built with two parts. The first part can be found by using this " +"command:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:91 +#: modules/administration/pages/public-cloud-azure.adoc:41 #, no-wrap -msgid "mgr-sync refresh --refresh-channels\n" +msgid "azuremetadata --instance-name\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:94 +#: modules/administration/pages/public-cloud-azure.adoc:42 +msgid "The second part of the password is [literal]``-suma``" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:43 msgid "" -"Check the progress by running [command]``tail -f /var/log/rhn/reposync/" -"````.log`` as _root_." +"Alternatively, you can check the [path]``/var/log/susemanager_firstuser." +"log`` file." msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:98 +#. REMARK: Do we want to list the details here? Or is such a general xref good enough? +#. For the SUSE Manager setup configuration in general, see xref:installation:server-setup.adoc[], _procedure "{productname} Setup"_. +#. Pay special attention to the following settings: +#. * In the first dialog, select [guimenu]``Set up SUSE Manager from scratch`` +#. * In the next dialog, enter a valid mail address for the administrator +#. * It is very important to remember the password given for SSL. +#. Without this password no SUSE Manager Proxy Server can be installed and no other changes can be made to the certificate. +#. For example, this certificate is eg used on all registered systems to communicate with SUSE Manager Server. +#. * In the [guimenu]``Database Settings`` dialog, it is enough to provide a password. +#. Make sure also to remember this password. +#. With these settings the installation can be started. +#. The installation will finish without further input. +#. type: Title = +#: modules/administration/pages/mgr-sync.adoc:1 #, no-wrap -msgid "Administering the Database with smdba" +msgid "Using ``mgr-sync``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:103 +#: modules/administration/pages/mgr-sync.adoc:2 msgid "" -"The [command]``smdba`` tool is used for managing a local PostgreSQL " -"database. It allows you to back up and restore your database, and manage " -"backups. It can also be used to check the status of your database, and " -"perform administration tasks, such as restarting." +"The ``mgr-sync`` tool is used at the command prompt. It provides functions " +"for using {productname} that are not always available in the {webui}. The " +"primary use of ``mgr-sync`` is to connect to the {scc}, retrieve product and " +"package information, and prepare channels for synchronization with the " +"{productname} Server." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:105 +#: modules/administration/pages/mgr-sync.adoc:3 msgid "" -"The [command]``smdba`` tool works with local PostgreSQL databases only, it " -"will not work with remotely accessed databases, or Oracle databases." +"This tool is designed for use with a {suse} support subscription. It is not " +"required for open source distributions, including {opensuse}, {centos}, and " +"{ubuntu}." msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:110 +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:4 msgid "" -"The [command]``smdba`` tool requires [command]``sudo`` access, in order to " -"execute system changes. Ensure you have enabled [command]``sudo`` access " -"for the [username]``admin`` user before you begin, by checking the [path]``/" -"etc/sudoers`` file for this line:" +"The available commands and arguments for ``mgr-sync`` are listed in this " +"table. Use this syntax for ``mgr-sync`` commands:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:113 +#: modules/administration/pages/mgr-sync.adoc:5 #, no-wrap -msgid "admin ALL=(postgres) /usr/bin/smdba\n" +msgid "mgr-sync [-h] [--version] [-v] [-s] [-d {1,2,3}] {list,add,refresh,delete}\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:118 -msgid "Check the runtime status of your database with:" +#. type: Block title +#: modules/administration/pages/mgr-sync.adoc:6 +#, no-wrap +msgid "mgr-sync Commands" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:121 +#. type: Table +#: modules/administration/pages/mgr-sync.adoc:7 #, no-wrap -msgid "smdba db-status\n" +msgid "" +"| Command | Description | Example Use\n" +"| list | List channels, organization credentials, or products | ``mgr-sync list channels``\n" +"| add | Add channels, organization credentials, or products | ``mgr-sync add channel ``\n" +"| refresh | Refresh the local copy of products, channels, and subscriptions | ``mgr-sync refresh``\n" +"| delete | Delete existing SCC organization credentials from the local system | ``mgr-sync delete credentials``\n" +"| sync | Synchronize specified channel or ask for it when left blank| ``mgr-sync sync channel ``\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:124 -msgid "This command will return either ``online`` or ``offline``, for example:" +#: modules/administration/pages/mgr-sync.adoc:8 +msgid "" +"To see the full list of options specific to a command, use this command:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:127 +#: modules/administration/pages/mgr-sync.adoc:9 #, no-wrap -msgid "Checking database core... online\n" +msgid "mgr-sync --help\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:130 -msgid "Starting and stopping the database can be performed with:" +#. type: Block title +#: modules/administration/pages/mgr-sync.adoc:10 +#, no-wrap +msgid "mgr-sync Optional Arguments" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:133 -#: modules/administration/pages/backup-restore.adoc:279 +#. type: Table +#: modules/administration/pages/mgr-sync.adoc:11 #, no-wrap -msgid "smdba db-start\n" +msgid "" +"| Option | Abbreviated option | Description | Example Use\n" +"| help | ``h`` | Display the command usage and options | ``mgr-sync --help``\n" +"| version | N/A | Display the currently installed version of ``mgr-sync`` | ``mgr-sync --version``\n" +"| verbose | ``v`` | Provide verbose output | ``mgr-sync --verbose refresh``\n" +"| store-credentials | ``s`` | Store credentials a local hidden file | ``mgr-sync --store-credentials``\n" +"| debug | ``d`` | Log additional debugging information. Requires a level of 1, 2, 3. 3 provides the highest amnount of debugging information | ``mgr-sync -d 3 refresh``\n" +"| no-sync | N/A | Use with the ``add`` command to add products or channels without beginning a synchronization | ``mgr-sync --no-sync add ``\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:136 -msgid "And:" +#: modules/administration/pages/mgr-sync.adoc:12 +msgid "Logs for ``mgr-sync`` are located in:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:139 -#: modules/administration/pages/backup-restore.adoc:266 -#, no-wrap -msgid "smdba db-stop\n" +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:13 +msgid "[path]``/var/log/rhn/mgr-sync.log``" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:144 +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:14 +msgid "[path]``/var/log/rhn/rhn_web_api.log``" +msgstr "" + +#. type: Title = +#: modules/administration/pages/ssl-certs.adoc:1 #, no-wrap -msgid "Database Backup with smdba" +msgid "SSL Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:150 +#: modules/administration/pages/ssl-certs.adoc:2 msgid "" -"The [command]``smdba`` tool performs a continuous archiving backup. This " -"backup method combines a log of every change made to the database during the " -"current session, with a series of more traditional backup files. When a " -"crash occurs, the database state is first restored from the most recent " -"backup file on disk, then the log of the current session is replayed " -"exactly, to bring the database back to a current state. A continuous " -"archiving backup with [command]``smdba`` is performed with the database " -"running, so there is no need for downtime." +"{productname} uses SSL certificates to ensure that clients are registered to " +"the correct server." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:154 +#: modules/administration/pages/ssl-certs.adoc:3 msgid "" -"This method of backing up is stable and generally creates consistent " -"snapshots, however it can take up a lot of storage space. Ensure you have " -"at least three times the current database size of space available for " -"backups. You can check your current database size by navigating to [path]``/" -"var/lib/pgsql/`` and running [command]``df -h``." +"Every client that uses SSL to register to the {productname} Server checks " +"that it is connecting to the right server by validating against a server " +"certificate. This process is called an SSL handshake." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:159 +#: modules/administration/pages/ssl-certs.adoc:4 msgid "" -"The [command]``smdba`` tool also manages your archives, keeping only the " -"most recent backup, and the current archive of logs. The log files can only " -"be a maximum file size of 16{nbsp}MB, so a new log file will be created when " -"the files reach this size. Every time you create a new backup, previous " -"backups will be purged to release disk space. We recommend you use " -"[command]``cron`` to schedule your [command]``smdba`` backups to ensure that " -"your storage is managed effectively, and you always have a backup ready in " -"case of failure." +"During the SSL handshake, the client will check that the hostname in the " +"server certificate matches what it expects. The client also needs to check " +"if the server certificate is trusted." msgstr "" -#. type: Title === -#: modules/administration/pages/backup-restore.adoc:162 -#, no-wrap -msgid "Performing a Manual Database Backup" +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:5 +msgid "" +"Every {productname} Server that uses SSL requires an SSL server " +"certificate. Provide the path to the server certificate using the " +"``SERVER_CERT`` environment variable during setup, or with the ``--from-" +"server-cert`` option of the [command]``rhn-ssl-tool`` command." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:166 +#: modules/administration/pages/ssl-certs.adoc:6 msgid "" -"The [command]``smdba`` tool can be run directly from the command line. We " -"recommend you run a manual database backup immediately after installation, " -"or if you have made any significant changes to your configuration." +"Certificate authorities (CAs) are certificates that are used to sign other " +"certificates. All certificates must be signed by a certificate authority " +"(CA) in order for them to be considered valid, and for clients to be able to " +"successfully match against them." msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:172 +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:7 msgid "" -"When [command]``smdba`` is run for the first time, or if you have changed " -"the location of the backup, it will need to restart your database before " -"performing the archive. This will result in a small amount of downtime. " -"Regular database backups will not require any downtime." +"When an organization signs its own certificate, the certificate is " +"considered self-signed. A self-signed certificate is straight-forward to " +"set up, and does not cost any money, but they are considered less secure. " +"If you are using a self-signed certificate, you will have a root CA that is " +"signed with itself. When you look at the details of a root CA, you will see " +"that the subject has the same value as the issuer. Provide the path to your " +"root CA certificate using the ``CA_CERT`` environment variable during setup, " +"or with the ``--ca-cert`` option of the [command]``rhn-ssl-tool`` command." msgstr "" -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:174 -#, no-wrap -msgid "Procedure: Performing a Manual Database Backup" +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:8 +msgid "" +"In order for SSL authentication to work correctly, the client must trust the " +"root CA. This means that the root CA must be installed on every client." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:178 +#: modules/administration/pages/ssl-certs.adoc:9 msgid "" -"Allocate permanent storage space for your backup. This example uses a " -"directory located at [path]``/var/spacewalk/``. This will become a " -"permanent target for your backup, so ensure it will remain accessible by " -"your server at all times." +"The default method of SSL authentication is for {productname} to use self-" +"signed certificates. In this case, {productname} has generated all the " +"certificates, and the root CA has signed the server certificate directly." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:179 -msgid "In your backup location, create a directory for the backup:" +#: modules/administration/pages/ssl-certs.adoc:10 +msgid "" +"An alternative method is to use an intermediate CA. In this case, the root " +"CA signs the intermediate CA. The intermediate CA can then sign any number " +"of other intermediate CAs, and the final one signs the server certificate. " +"This is referred to as a chained certificate." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:183 -#, no-wrap -msgid "sudo -u postgres mkdir /var/spacewalk/db-backup\n" +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:11 +msgid "" +"If you are using intermediate CAs in a chained certificate, the root CA is " +"installed on the client, and the server certificate is installed on the " +"server. During the SSL handshake, clients must be able to verify the entire " +"chain of intermediate certificates between the root CA and the server " +"certificate, so they must be able to access all the intermediate " +"certificates." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:187 -msgid "Or, as root:" +#: modules/administration/pages/ssl-certs.adoc:12 +msgid "" +"There are two main ways of achieving this. In {productname}, by default, " +"all the intermediate CAs are installed on the client. However, you could " +"also configure your services on the server to provide them to the client. " +"In this case, during the SSL handshake, the server presents the server " +"certificate as well as all the intermediate CAs." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:191 -#, no-wrap -msgid "install -d -o postgres -g postgres -m 700 /var/spacewalk/db-backup\n" +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:13 +msgid "" +"Whichever method you choose, you must ensure that the ``CA_CERT`` " +"environment variable points to the root CA, and all intermediate CAs. It " +"should not contain the server certificate. The server certificate must be " +"defined at the ``SERVER_CERT`` environment variable." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:194 -msgid "Ensure you have the correct permissions set on the backup location:" +#: modules/administration/pages/ssl-certs.adoc:14 +msgid "" +"By default, {productname} uses a self-signed certificate. For additional " +"security, you can arrange a third party CA to sign your certificates. Third " +"party CAs perform checks to ensure that the information contained in the " +"certificate is correct. They will usually charge an annual fee for this " +"service. Using a third party CA makes certificates harder to spoof, and " +"will provide additional protection for your installation. If you have " +"certificates signed by a third party CA, you can import them to your " +"{productname} installation." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:198 -#, no-wrap -msgid "chown postgres:postgres /var/spacewalk/db-backup\n" +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:15 +msgid "" +"For more on self-signed certificates, see xref:administration:ssl-certs-" +"selfsigned.adoc[]." msgstr "" +"Další informace o certifikátech podepsaných samy sebou najdete v dokumentu " +"xref:administration:ssl-certs-selfsigned.adoc[]." #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:203 +#: modules/administration/pages/ssl-certs.adoc:16 msgid "" -"To create a backup for the first time, run the [command]``smdba backup-hot`` " -"command with the [option]``enable`` option set. This will create the backup " -"in the specified directory, and, if necessary, restart the database:" +"For more on imported certificates, see xref:administration:ssl-certs-" +"imported.adoc[]." msgstr "" +"Další informace o importovaných certifikátech najdete na stránce xref:" +"administration:ssl-certs-imported.adoc[]." -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:207 +#. type: Title = +#: modules/administration/pages/tshoot-taskomatic.adoc:1 #, no-wrap -msgid "smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" +msgid "Troubleshooting Taskomatic" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:211 +#: modules/administration/pages/tshoot-taskomatic.adoc:2 msgid "" -"This command produces debug messages and finishes sucessfully with the " -"output:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:215 -#, no-wrap -msgid "INFO: Finished\n" +"Repository metadata regeneration is a relatively intensive process, so " +"Taskomatic can take several minutes to complete. Additionally, if " +"Taskomatic crashes, repository metadata regeneration can be interrupted." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:219 +#: modules/administration/pages/tshoot-taskomatic.adoc:3 msgid "" -"Check that the backup files exist in the [path]``/var/spacewalk/db-backup`` " -"directory, to ensure that your backup has been successful." +"If Taskomatic is still running, or if the process has crashed, package " +"updates can seem available in the {webui}, but will not appear on the " +"client, and attempts to update the client will fail. In this case, the " +"[command]``zypper ref`` command will show an error like this:" msgstr "" -#. type: Title === -#: modules/administration/pages/backup-restore.adoc:223 +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:4 #, no-wrap -msgid "Scheduling Automatic Backups" +msgid "Valid metadata not found at specified URL\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:229 +#: modules/administration/pages/tshoot-taskomatic.adoc:5 msgid "" -"You do not need to shut down your system in order to perform a database " -"backup with [command]``smdba``. However, because it is a large operation, " -"database performance can slow down while the backup is running. We " -"recommend you schedule regular database backups for a low-traffic period, to " -"minimize disruption." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:234 -msgid "" -"Ensure you have at least three times the current database size of space " -"available for backups. You can check your current database size by " -"navigating to [path]``/var/lib/pgsql/`` and running [command]``df -h``." +"To correct this, determine if Taskomatic is still in the process of " +"generating repository metadata, or if a crash could have occurred. Wait for " +"metadata regeneration to complete or restart Taskomatic after a crash in " +"order for client updates to be carried out correctly." msgstr "" #. type: Block title -#: modules/administration/pages/backup-restore.adoc:236 +#: modules/administration/pages/tshoot-taskomatic.adoc:6 #, no-wrap -msgid "Procedure: Scheduling Automatic Backups" +msgid "Procedure: Resolving Taskomatic Problems" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:238 +#: modules/administration/pages/tshoot-taskomatic.adoc:7 msgid "" -"Create a directory for the backup, and set the appropriate permissions (as " -"root):" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:242 -#, no-wrap -msgid "install -m 700 -o postgres -g postgres /var/spacewalk/db-backup\n" +"On the {productname} Server, check the [path]``/var/log/rhn/" +"rhn_taskomatic_daemon.log`` file to determine if any metadata regeneration " +"processes are still running, or if a crash occurred." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:245 -msgid "" -"Open [path]``/etc/cron.d/db-backup-mgr``, or create it if it does not exist, " -"and add the following line to create the cron job:" +#: modules/administration/pages/tshoot-taskomatic.adoc:8 +msgid "Restart taskomatic:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:249 +#: modules/administration/pages/tshoot-taskomatic.adoc:9 #, no-wrap -msgid "0 2 * * * root /usr/bin/smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" +msgid "service taskomatic restart\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:252 +#: modules/administration/pages/tshoot-taskomatic.adoc:10 msgid "" -"Check the backup directory regularly to ensure the backups are working as " -"expected." +"In the Taskomatic log files, you can identify the section related to " +"metadata regeneration by looking for opening and closing lines that look " +"like this:" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:256 +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:11 #, no-wrap -msgid "Restoring from Backup" +msgid " ,174 [Thread-584] INFO com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Generating new repository metadata for channel 'cloned-2018-q1-sles12-sp3-updates-x86_64'(sha256) 550 packages, 140 errata\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:259 -msgid "" -"The [command]``smdba`` tool can be used to restore from backup in the case " -"of failure." +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:12 +#, no-wrap +msgid "...\n" msgstr "" -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:260 +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:13 #, no-wrap -msgid "Procedure: Restoring from Backup" +msgid " ,704 [Thread-584] INFO com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Repository metadata generation for 'cloned-2018-q1-sles12-sp3-updates-x86_64' finished in 4 seconds\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:262 -msgid "Shut down the database:" +#. type: Title = +#: modules/administration/pages/actions.adoc:1 +#, no-wrap +msgid "Actions" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:268 -msgid "Start the restore process and wait for it to complete:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:272 -#, no-wrap -msgid "smdba backup-restore start\n" +#: modules/administration/pages/actions.adoc:2 +msgid "You can manage actions on your clients in a number of different ways." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:275 -msgid "Restart the database:" +#: modules/administration/pages/actions.adoc:3 +msgid "" +"For Salt clients, you can schedule automated recurring actions to apply the " +"highstate to clients on a specified schedule. You can apply recurring " +"actions to individual clients, to all clients in a system group, or to an " +"entire organization." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:282 -msgid "Check if there are differences between the RPMs and the database." +#: modules/administration/pages/actions.adoc:4 +msgid "" +"On both Salt and traditional clients, you can set actions to be performed in " +"a particular order by creating action chains. Action chains can be created " +"and edited ahead of time, and scheduled to run at a time that suits you." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:286 -#, no-wrap -msgid "spacewalk-data-fsck\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:5 +msgid "" +"You can also perform remote commands on one or more of your Salt clients. " +"Remote commands allows you to issue commands to individual Salt clients, or " +"to all clients that match a search term." msgstr "" #. type: Title == -#: modules/administration/pages/backup-restore.adoc:291 +#: modules/administration/pages/actions.adoc:6 #, no-wrap -msgid "Archive Log Settings" +msgid "Recurring Actions" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:295 +#: modules/administration/pages/actions.adoc:7 msgid "" -"Archive logging allows the database management tool [command]``smdba`` to " -"perform hot backups. In {productname} with an embedded database, archive " -"logging is enabled by default." +"You can apply recurring actions on individual Salt clients, or to all " +"clients in an organization." +msgstr "" + +#. type: Block title +#: modules/administration/pages/actions.adoc:8 +#, no-wrap +msgid "Procedure: Creating a New Recurring Action" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:299 +#: modules/administration/pages/actions.adoc:9 msgid "" -"PostgreSQL maintains a limited number of archive logs. Using the default " -"configuration, approximately 64 files with a size of 16 MiB are stored." +"To apply a recurring action to an individual client, navigate to " +"[guimenu]``Systems``, click the client to configure schedules for, and " +"navigate to the menu:States[Recurring States] tab." msgstr "" -#. FIXME: Use sle 15 channels as an example #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:302 -msgid "Creating a user and syncing the channels:" +#: modules/administration/pages/actions.adoc:10 +msgid "" +"To apply a recurring action to a system group, navigate to menu:" +"Systems[System Groups], select the group to configure schedules for, and " +"navigate to menu:States[Recurring States] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:304 -msgid "SLES12-SP2-Pool-x86_64" +#: modules/administration/pages/actions.adoc:11 +msgid "Click btn:[Create]." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:305 -msgid "SLES12-SP2-Updates-x86_64" +#: modules/administration/pages/actions.adoc:12 +msgid "Type a name for the new schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:306 -msgid "SLE-Manager-Tools12-Pool-x86_64-SP2" +#: modules/administration/pages/actions.adoc:13 +msgid "Choose the frequency of the recurring action:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:307 -msgid "SLE-Manager-Tools12-Updates-x86_64-SP2" +#: modules/administration/pages/actions.adoc:14 +msgid "[guimenu]``Hourly:`` Type the minute of each hour." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:311 +#: modules/administration/pages/actions.adoc:15 msgid "" -"PostgreSQL will generate an additional roughly 1 GB of data. So it is " -"important to think about a backup strategy and create a backups in a regular " -"way." +"For example, [parameter]``15`` will run the action at fifteen minutes past " +"every hour." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:313 -msgid "" -"Archive logs are stored at [path]``/var/lib/pgsql/data/pg_xlog/`` " -"(postgresql)." +#: modules/administration/pages/actions.adoc:16 +msgid "[guimenu]``Daily:`` Select the time of each day." msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:317 -#, no-wrap -msgid "Retrieving an Overview of Occupied Database Space" +#. type: Plain text +#: modules/administration/pages/actions.adoc:17 +msgid "" +"For example, [parameter]``01:00`` will run the action at 0100 every day, in " +"the timezone of the {productname} Server." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:321 +#: modules/administration/pages/actions.adoc:18 msgid "" -"Database administrators may use the subcommand [command]``space-overview`` " -"to get a report about occupied table spaces, for example:" +"[guimenu]``Weekly:`` Select the day of the week and the time of the day, to " +"execute the action every week at the specified time." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:324 -#, no-wrap -msgid "smdba space-overview\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:19 +msgid "" +"[guimenu]``Monthly:`` Select the day of the month and the time of the day, " +"to execute the action every month at the specified time." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:327 -#: modules/administration/pages/backup-restore.adoc:349 -msgid "outputs:" +#: modules/administration/pages/actions.adoc:20 +msgid "" +"[guimenu]``Custom Quartz format:`` For more detailed options, enter a custom " +"quartz string." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:331 -#: modules/administration/pages/backup-restore.adoc:353 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/actions.adoc:21 msgid "" -"SUSE Manager Database Control. Version 1.5.2\n" -"Copyright (c) 2012 by SUSE Linux Products GmbH\n" +"For example, to run a recurring action at 0215 every Saturday of every " +"month, enter:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:337 +#: modules/administration/pages/actions.adoc:22 #, no-wrap +msgid "0 15 2 ? * 7\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:23 msgid "" -"Tablespace | Size (Mb) | Avail (Mb) | Use %\n" -"------------+-----------+------------+------\n" -"postgres | 7 | 49168 | 0.013\n" -"susemanager | 776 | 48399 | 1.602\n" +"OPTIONAL: Toggle the [guimenu]``Test mode`` switch on to run the schedule in " +"test mode." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:343 +#: modules/administration/pages/actions.adoc:24 msgid "" -"The [command]``smdba`` command is available for PostgreSQL. For a more " -"detailed report, use the [command]``space-tables`` subcommand. It lists the " -"table and its size, for example:" +"Click btn:[Create Schedule] to save, and see the complete list of existing " +"schedules." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:346 -#, no-wrap -msgid "smdba space-tables\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:25 +msgid "" +"Organization Administrators can set and edit recurring actions for all " +"clients in the organization. Navigate to menu:Home[My Organization > " +"Recurring States] to see all recurring actions that apply to the entire " +"organization." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:365 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/actions.adoc:26 msgid "" -"Table | Size\n" -"--------------------------------------+-----------\n" -"public.all_primary_keys | 0 bytes\n" -"public.all_tab_columns | 0 bytes\n" -"public.allserverkeywordsincereboot | 0 bytes\n" -"public.dblink_pkey_results | 0 bytes\n" -"public.dual | 8192 bytes\n" -"public.evr_t | 0 bytes\n" -"public.log | 32 kB\n" -"...\n" +"{productname} Administrators can set and edit recurring actions for all " +"clients in all organizations. Navigate to menu:Admin[Organizations], select " +"the organization to manage, and navigate to the menu:States[Recurring " +"States] tab." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/actions.adoc:27 +msgid "" +"Recurring actions can only be used with Salt clients. Traditional clients " +"in your group or organization are ignored." msgstr "" #. type: Title == -#: modules/administration/pages/backup-restore.adoc:369 +#: modules/administration/pages/actions.adoc:28 #, no-wrap -msgid "Moving the Database" +msgid "Action Chains" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:375 +#: modules/administration/pages/actions.adoc:29 msgid "" -"It is possible to move the database to another location. For example, move " -"the database if the database storage space is running low. The following " -"procedure will guide you through moving the database to a new location for " -"use by {productname}." +"If you need to perform a number of sequential actions on your clients, you " +"can create an action chain to ensure the order is respected." msgstr "" -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:376 -#, no-wrap -msgid "Procedure: Moving the Database" +#. type: Plain text +#: modules/administration/pages/actions.adoc:30 +msgid "" +"By default, most clients will execute an action as soon as the command is " +"issued. In some case, actions will take a long time, which could mean that " +"actions issued afterwards fail. For example, if you instruct a client to " +"reboot, then issue a second command, the second action could fail because " +"the reboot is still occurring. To ensure that actions occur in the correct " +"order, use action chains." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:378 +#: modules/administration/pages/actions.adoc:31 msgid "" -"The default storage location for {productname} is [path]``/var/lib/pgsql/``. " -"If you would like to move it, for example to [path]``/storage/postgres/``, " -"proceed as follows." +"You can use action chains on both traditional and Salt clients. Action " +"chains can include any number of these actions, in any order:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:380 -msgid "Stop the running database with (as root):" +#: modules/administration/pages/actions.adoc:32 +msgid "menu:System Details[Remote Command]" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:384 -#, no-wrap -msgid "rcpostgresql stop\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:33 +msgid "menu:System Details[Schedule System Reboot]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:387 -msgid "Shut down the running Spacewalk services with:" +#: modules/administration/pages/actions.adoc:34 +msgid "menu:System Details[States > Highstate]" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:391 -#, no-wrap -msgid "spacewalk-service stop\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:35 +msgid "menu:System Details[Software > Packages > List/Remove]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:394 -msgid "" -"Copy the current working directory structure with [command]``cp`` using the " -"[option]``-a, --archive`` option. For example:" +#: modules/administration/pages/actions.adoc:36 +msgid "menu:System Details[Software > Packages > Install]" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:398 -#, no-wrap -msgid "cp --archive /var/lib/pgsql/ /storage/postgres/\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:37 +msgid "menu:System Details[Software > Packages > Upgrade]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:402 -msgid "" -"This command will copy the contents of [path]``/var/lib/pgsql/`` to [path]``/" -"storage/postgres/pgsql/``." +#: modules/administration/pages/actions.adoc:38 +msgid "menu:System Details[Software > Patches]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:405 -msgid "" -"The contents of the [path]``/var/lib/pgsql`` directory needs to remain the " -"same, otherwise the {productname} database may malfunction. You also should " -"ensure that there is enough available disk space." +#: modules/administration/pages/actions.adoc:39 +msgid "menu:System Details[Software > Software Channels]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:408 -msgid "Mount the new database directory with:" +#: modules/administration/pages/actions.adoc:40 +msgid "menu:System Details[Configuration]" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:412 +#. type: Plain text +#: modules/administration/pages/actions.adoc:41 +msgid "menu:Images[Build]" +msgstr "" + +#. type: Block title +#: modules/administration/pages/actions.adoc:42 #, no-wrap -msgid "mount /storage/postgres/pgsql\n" +msgid "Procedure: Creating a New Action Chain" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:414 +#: modules/administration/pages/actions.adoc:43 msgid "" -"Make sure ownership is `postgres:postgres` and not `root:root` by changing " -"to the new directory and running the following commands:" +"In the {productname} {webui}, navigate to the first action you want to " +"perform in the action chain." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:419 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/actions.adoc:44 msgid "" -"cd /storage/postgres/pgsql/\n" -"ls -l\n" +"For example, navigate to [guimenu]``System Details`` for a client, and click " +"btn:[Schedule System Reboot]." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:423 -msgid "Outputs:" +#: modules/administration/pages/actions.adoc:45 +msgid "Check the [guimenu]``Add to`` field and select ``new action chain``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:428 -#, no-wrap -msgid "" -"total 8\n" -"drwxr-x--- 4 postgres postgres 47 Jun 2 14:35 ./\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:46 +msgid "Confirm the action." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:430 +#: modules/administration/pages/actions.adoc:47 msgid "" -"Add the new database mount location to your servers fstab by editing " -"[path]``etc/fstab``." +"This will not perform the action immediately, it will instead create the new " +"action chain, and a blue bar confirming this appears at the top of the " +"screen." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:431 -msgid "Start the database with:" +#: modules/administration/pages/actions.adoc:48 +msgid "" +"Continue adding actions to your action chain by checking the [guimenu]``Add " +"to`` field and selecting the name of the action chain to add them to." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:435 -#, no-wrap -msgid "rcpostgresql start\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:49 +msgid "" +"When you have finished adding actions, navigate to menu:Schedule[Action " +"Chains] and selecting the action chain from the list." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:438 -msgid "Start the Spacewalk services with:" +#: modules/administration/pages/actions.adoc:50 +msgid "" +"Re-order actions by dragging them and dropping them into the correct " +"position." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:442 -#, no-wrap -msgid "spacewalk-service start\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:51 +msgid "" +"Click the blue plus sign to see the clients an action will be performed on. " +"Click btn:[Save] to save your changes." msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:446 -#, no-wrap -msgid "Recovering from a Crashed Root Partition" +#. type: Plain text +#: modules/administration/pages/actions.adoc:52 +msgid "" +"Schedule a time for your action chain to run, and click btn:[Save and " +"Schedule]." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:451 +#: modules/administration/pages/actions.adoc:53 msgid "" -"This section provides guidance on restoring your server after its root " -"partition has crashed. This section assumes you have setup your server " -"similar to the procedure explained in Installation guide with separate " -"partitions for the database and for channels mounted at [path]``/var/lib/" -"pgsql`` and [path]``/var/spacewalk/``." +"If you leave the page without clicking either btn:[Save] or btn:[Save and " +"Schedule] all unsaved changes will be discarded." msgstr "" -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:452 -#, no-wrap -msgid "Procedure: Recovering from a Crashed Root Partition" +#. type: delimited block = +#: modules/administration/pages/actions.adoc:54 +msgid "" +"If one action in an action chain fails, the action chain stops, and no " +"further actions are executed." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:456 +#: modules/administration/pages/actions.adoc:55 msgid "" -"Install {productname}. Do not mount the [path]``/var/spacewalk`` and " -"[path]``/var/lib/pgsql`` partitions. Wait for the installation to complete " -"before going on to the next step." +"You can see scheduled actions from action chains by navigating to menu:" +"Schedule[Pending Actions]." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:457 -msgid "Shut down the services with [command]``spacewalk-service shutdown``." +#. type: Title == +#: modules/administration/pages/actions.adoc:56 +#, no-wrap +msgid "Remote Commands" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:458 -msgid "Shut down the database with [command]``rcpostgresql stop``." +#: modules/administration/pages/actions.adoc:57 +msgid "" +"You can configure clients to run commands remotely. This allows you to " +"issue scripts or individual commands to a client, without having access to " +"the client directly." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:459 -msgid "Mount [path]``/var/spacewalk`` and [path]``/var/lib/pgsql`` partitions." +#: modules/administration/pages/actions.adoc:58 +msgid "" +"This feature is automatically enabled on Salt clients, and you do not need " +"to perform any further configuration. For traditional clients, the feature " +"is enabled if you have registered the client using a bootstrap script and " +"have enabled remote commands. You can use this procedure to enable it " +"manually, instead." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:460 -msgid "Restore the directories listed in <>." +#: modules/administration/pages/actions.adoc:59 +msgid "" +"Before you begin, ensure your client is subscribed to the appropriate tools " +"child channel for its installed operating system. For more information " +"about subscribing to software channels, see xref:client-configuration:" +"channels.adoc[]." +msgstr "" + +#. type: Block title +#: modules/administration/pages/actions.adoc:60 +#, no-wrap +msgid "Procedure: Configuring Traditional Clients to Accept Remote Commands" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:461 +#: modules/administration/pages/actions.adoc:61 msgid "" -"Start the Spacewalk services with [command]``spacewalk-services start``." +"On the client, at the command prompt, use the package manager to install the " +"[systemitem]``rhncfg``, [systemitem]``rhncfg-client``, and " +"[systemitem]``rhncfg-actions`` packages, if not already installed." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:462 -msgid "Start the database with [command]``rcpostgresql start``." +#. type: delimited block - +#: modules/administration/pages/actions.adoc:63 +#, no-wrap +msgid "zypper in rhncfg rhncfg-client rhncfg-actions\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:464 +#: modules/administration/pages/actions.adoc:64 msgid "" -"{productname} should now operate normally without loss of your database or " -"synced channels." +"On the client, at the command prompt, as root, create a path in the local " +"configuration directory:" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:467 +#. type: delimited block - +#: modules/administration/pages/actions.adoc:65 #, no-wrap -msgid "Database Connection Information" +msgid "mkdir -p /etc/sysconfig/rhn/allowed-actions/script\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:66 +msgid "Create an empty file called [path]``run`` in the new directory." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:470 +#: modules/administration/pages/actions.adoc:67 msgid "" -"The information for connecting to the {productname} database is located in " -"[path]``/etc/rhn/rhn.conf``:" +"This file grants the {productname} Server permission to run remote commands:" msgstr "" -#. There are no such default, they are user-spcified, though #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:480 +#: modules/administration/pages/actions.adoc:68 #, no-wrap +msgid "touch /etc/sysconfig/rhn/allowed-actions/script/run\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:69 msgid "" -"db_backend = postgresql\n" -"db_user = susemanager\n" -"db_password = susemanager\n" -"db_name = susemanager\n" -"db_host = localhost\n" -"db_port = 5432\n" -"db_ssl_enabled =\n" +"For Salt clients, remote commands are run from the [path]``/tmp/`` directory " +"on the client. To ensure that remote commands work accurately, do not mount " +"``/tmp`` with the [parameter]``noexec`` option." msgstr "" -#. type: Title = -#: modules/administration/pages/channel-management.adoc:2 +#. type: delimited block = +#: modules/administration/pages/actions.adoc:70 +msgid "" +"All commands run from the [guimenu]``Remote Commands`` page are executed as " +"{rootuser} on clients. Wildcards can be used to run commands across any " +"number of systems. Always take extra care to check your commands before " +"issuing them." +msgstr "" + +#. type: Block title +#: modules/administration/pages/actions.adoc:71 #, no-wrap -msgid "Channel Management" +msgid "Procedure: Running Remote Commands on Traditional Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:5 -msgid "Channels are a method of grouping software packages." +#: modules/administration/pages/actions.adoc:72 +msgid "" +"In the {productname} {webui}, navigate to [guimenu]``Systems``, click the " +"client to run a remote command on, and navigate to the menu:Details[Remote " +"Command] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:9 +#: modules/administration/pages/actions.adoc:73 msgid "" -"In {productname}, channels are grouped into base and child channels, with " -"base channels grouped by operating system type, version, and architecture, " -"and child channels being compatible with their related base channel. When a " -"client has been assigned to a base channel, it is only possible for that " -"system to install the related child channels. Organizing channels in this " -"way ensures that only compatible packages are installed on each system." +"In the [guimenu]``Run as user`` field, type the user ID (UID) of the user on " +"the client that you want to run the command." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:14 +#: modules/administration/pages/actions.adoc:74 msgid "" -"Software channels use repositories to provide packages. The channels mirror " -"the repositories in {productname}, and the package names and other data are " -"stored in the {productname} database. You can have any number of " -"repositories associated with a channel. The software from those " -"repositories can then be installed on clients by subscribing the client to " -"the appropriate channel." +"Alternatively, you can specify a group to run the command, using the group " +"ID (GID) in the [guimenu]``Run as group`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:17 +#: modules/administration/pages/actions.adoc:75 msgid "" -"Clients can only be assigned to one base channel. The client can then " -"install or update packages from the repositories associated with that base " -"channel and any of its child channels." +"OPTIONAL: In the [guimenu]``Timeout`` field, type a timeout period for the " +"command, in seconds." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:76 +msgid "If the command is not executed within this period, it will not be run." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:77 +msgid "In the [guimenu]``Command label`` field, type a name for your command." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:22 +#: modules/administration/pages/actions.adoc:78 msgid "" -"{productname} provides a number of vendor channels, which provide you " -"everything you need to run {productname}. {productname} Administrators and " -"Channel Administrators have channel management authority, which gives them " -"the ability to create and manage their own custom channels. If you want to " -"use your own packages in your environment, you can create custom channels. " -"Custom channels can be used as a base channel, or you can associate them " -"with a vendor base channel." +"In the [guimenu]``Script`` field, type the command or script to execute." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:24 +#: modules/administration/pages/actions.adoc:79 msgid "" -"For more on creating custom channels, see xref:administration:custom-" -"channels.adoc[]." +"Select a date and time to execute the command, or add the remote command to " +"an action chain." msgstr "" -#. type: Title == -#: modules/administration/pages/channel-management.adoc:27 -#, no-wrap -msgid "Channel Administration" +#. type: Plain text +#: modules/administration/pages/actions.adoc:80 +msgid "Click btn:[Schedule] to schedule the remote command." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:32 +#: modules/administration/pages/actions.adoc:81 msgid "" -"By default, any user can subscribe channels to a system. You can implement " -"restrictions on the channel using the {webui}." +"For more information about action chains, see xref:reference:schedule/action-" +"chains.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/channel-management.adoc:35 +#: modules/administration/pages/actions.adoc:82 #, no-wrap -msgid "Procedure: Restricting Subscriber Access to a Channel" +msgid "Procedure: Running Remote Commands on Salt Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:37 -msgid "" -"In the {productname} {webui}, navigate to menu:Software[Channel List], and " -"select the channel to edit." +#: modules/administration/pages/actions.adoc:83 +msgid "Navigate to menu:Salt[Remote Commands]." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:39 +#: modules/administration/pages/actions.adoc:84 msgid "" -"Locate the [guimenu]``Per-User Subscription Restrictions`` section and check " -"[guimenu]``Only selected users within your organization may subscribe to " -"this channel``. Click btn:[Update] to save the changes." +"In the first field, before the ``@`` symbol, type the command you want to " +"issue." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:39 +#: modules/administration/pages/actions.adoc:85 msgid "" -"Navigate to the [guimenu]``Subscribers`` tab and select or deselect users as " -"required." -msgstr "" - -#. type: Title = -#: modules/administration/pages/content-lifecycle-examples.adoc:2 -#, no-wrap -msgid "Content Lifecycle Management Examples" +"In the second field, after the ``@`` symbol, type the client you want to " +"issue the command on." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:6 +#: modules/administration/pages/actions.adoc:86 msgid "" -"This section contains some common examples of how you can use content " -"lifecycle management. Use these examples to build your own personalized " -"implementation." +"You can type the ``minion-id`` of an individual client, or you can use " +"wildcards to target a range of clients." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:10 -#, no-wrap -msgid "Creating a Project for a Monthly Patch Cycle" +#. type: Plain text +#: modules/administration/pages/actions.adoc:87 +msgid "" +"Click btn:[Find targets] to check which clients you have targeted, and " +"confirm that you have used the correct details." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:13 -msgid "An example project for a monthly patch cycle consists of:" +#: modules/administration/pages/actions.adoc:88 +msgid "Click btn:[Run command] to issue the command to the target clients." msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:15 -#: modules/administration/pages/content-lifecycle-examples.adoc:23 +#. type: Title = +#: modules/administration/pages/admin-overview.adoc:1 #, no-wrap -msgid "Creating a `By Date` filter" +msgid "Administration Guide Overview" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:16 -msgid "Adding the filter to the project" +#: modules/administration/pages/admin-overview.adoc:2 +#, no-wrap +msgid "**Publication Date:** {docdate}\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:17 -msgid "Applying the filter to a new project build" +#: modules/administration/pages/admin-overview.adoc:3 +msgid "" +"This book provides guidance on performing administration tasks on the " +"{productname} Server." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:18 -msgid "Excluding a patch from the project" +#. type: Title = +#: modules/administration/pages/auditing.adoc:1 +#, no-wrap +msgid "Auditing" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:19 -msgid "Including a patch in the project" +#: modules/administration/pages/auditing.adoc:2 +msgid "" +"In {productname}, you can keep track of your clients through a series of " +"auditing tasks. You can check that your clients are up to date with all " +"public security patches (CVEs), perform subscription matching, and use " +"OpenSCAP to check for specification compliance." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:27 +#: modules/administration/pages/auditing.adoc:3 msgid "" -"The ``By Date`` filter excludes all patches released after a specified " -"date. This filter is useful for your content lifecycle projects that follow " -"a monthly patch cycle." +"In the {productname} {webui}, navigate to [guimenu]``Audit`` to perform " +"auditing tasks." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:29 +#. This will probably need to be broken into sub-sections. --LKB 20200205 +#. type: Title == +#: modules/administration/pages/auditing.adoc:4 #, no-wrap -msgid "Procedure: Creating the ``By Date`` Filter" +msgid "CVE Audits" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:31 -#: modules/administration/pages/content-lifecycle-examples.adoc:76 -#: modules/administration/pages/content-lifecycle-examples.adoc:106 +#: modules/administration/pages/auditing.adoc:5 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters] " -"and click btn:[Create Filter]." +"A CVE (common vulnerabilities and exposures) is a fix for a publicly known " +"security vulnerability." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:33 -msgid "" -"In the [guimenu]``Filter Name`` field, type a name for your filter. For " -"example, [systemitem]``Exclude patches by date``." +#. type: delimited block = +#: modules/administration/pages/auditing.adoc:6 +msgid "You must apply CVEs to your clients as soon as they become available." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:34 +#: modules/administration/pages/auditing.adoc:7 msgid "" -"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Issue " -"date)``." +"Each CVE contains an identification number, a description of the " +"vulnerability, and links to further information. CVE identification numbers " +"use the form ``CVE-YEAR-XXXX``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:35 +#: modules/administration/pages/auditing.adoc:8 msgid "" -"In the [guimenu]``Matcher`` field, [guimenu]``later or equal`` is " -"autoselected." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:36 -msgid "Select the date and time." +"In the {productname} {webui}, navigate to menu:Audit[CVE Audit] to see a " +"list of all clients and their current patch status." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:37 -#: modules/administration/pages/content-lifecycle-examples.adoc:48 -#: modules/administration/pages/content-lifecycle-examples.adoc:83 -#: modules/administration/pages/content-lifecycle-examples.adoc:115 -msgid "Click btn:[Save]." -msgstr "" - -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:41 -#, no-wrap -msgid "Adding the Filter to the Project" +#: modules/administration/pages/auditing.adoc:9 +msgid "" +"By default, the CVE data is updated at 2300 every day. We recommend that " +"before you begin a CVE audit you refresh the data to ensure you have the " +"latest patches." msgstr "" #. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:43 +#: modules/administration/pages/auditing.adoc:10 #, no-wrap -msgid "Procedure: Adding a Filter to a Project" +msgid "Procedure: Updating CVE Data" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:45 +#: modules/administration/pages/auditing.adoc:11 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects] " -"and select a project from the list." +"In the {productname} {webui}, navigate to menu:Admin[Task Schedules] and " +"select the ``cve-server-channels-default`` schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:46 -msgid "Click btn:[Attach/Detach Filters] link to see all available filters" +#: modules/administration/pages/auditing.adoc:12 +msgid "Click btn:[cve-server-channels-bunch]." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:47 -msgid "Select the new [guimenu]``Exclude patches by date`` filter." -msgstr "" - -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:52 -#, no-wrap -msgid "Applying the Filter to a new Project Build" +#: modules/administration/pages/auditing.adoc:13 +msgid "Click btn:[Single Run Schedule] to schedule the task." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:56 -msgid "" -"The new filter is added to your filter list, but it still needs to be " -"applied to the project. To apply the filter you need to build the first " -"environment." +#: modules/administration/pages/auditing.adoc:14 +msgid "Allow the task to complete before continuing with the CVE audit." msgstr "" #. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:57 +#: modules/administration/pages/auditing.adoc:15 #, no-wrap -msgid "Procedure: Using the Filter" +msgid "Procedure: Verifying Patch Status" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:59 -msgid "Click btn:[Build] to build the first environment." +#: modules/administration/pages/auditing.adoc:16 +msgid "In the {productname} {webui}, navigate to menu:Audit[CVE Audit]." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:61 +#: modules/administration/pages/auditing.adoc:17 msgid "" -"OPTIONAL: Add a message. You can use messages to help track the build " -"history." +"OPTIONAL: To check the patch status for a particular CVE, type the CVE " +"identifier in the [guimenu]``CVE Number`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:62 +#: modules/administration/pages/auditing.adoc:18 msgid "" -"Check that the filter has worked correctly by using the new channels on a " -"test server." +"Select the patch statuses you want to look for, or leave all statuses " +"checked to look for all." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:64 +#: modules/administration/pages/auditing.adoc:19 msgid "" -"Click btn:[Promote] to move the content to the next environment. The build " -"will take longer if you have a large number of filters, or they are very " -"complex." -msgstr "" - -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:68 -#, no-wrap -msgid "Excluding a Patch from the Project" +"Click btn:[Audit Servers] to check all systems, or click btn:[Audit Images] " +"to check all images." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:72 +#: modules/administration/pages/auditing.adoc:20 msgid "" -"Tests may help you discover issues. When an issue is found, exclude the " -"problem patch released before the `by date` filter." -msgstr "" - -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:73 -#, no-wrap -msgid "Procedure: Excluding a Patch" +"For more information about the patch status icons used on this page, see " +"xref:reference:audit/audit-cve-audit.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:78 +#: modules/administration/pages/auditing.adoc:21 msgid "" -"In the [guimenu]``Filter Name`` field, enter a name for the filter. For " -"example, [systemitem]``Exclude openjdk patch``." +"For each system, the [guimenu]``Next Action`` column provides information " +"about what you need to do to address vulnerabilities. If applicable, a list " +"of candidate channels or patches is also given. You can also assign systems " +"to a [guimenu]``System Set`` for further batch processing." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:79 -#: modules/administration/pages/content-lifecycle-examples.adoc:109 +#: modules/administration/pages/auditing.adoc:22 msgid "" -"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Advisory " -"Name)``." +"You can use the {productname} API to verify the patch status of your " +"clients. Use the ``audit.listSystemsByPatchStatus`` API method. For more " +"information about this method, see the {productname} API Guide." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:80 -#: modules/administration/pages/content-lifecycle-examples.adoc:110 -msgid "In the [guimenu]``Matcher`` field, select [guimenu]``equals``." +#. type: Title == +#: modules/administration/pages/auditing.adoc:23 +#, no-wrap +msgid "CVE Status" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:82 +#: modules/administration/pages/auditing.adoc:24 msgid "" -"In the [guimenu]``Advisory Name`` field, type a name for the advisory. For " -"example, [systemitem]``SUSE-15-2019-1807``." +"The CVE status of clients is usually either ``affected``, ``not affected``, " +"or ``patched``. These statuses are based only on the information that is " +"available to {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:84 -#: modules/administration/pages/content-lifecycle-examples.adoc:177 -#: modules/administration/pages/content-lifecycle-examples.adoc:255 -msgid "Navigate to menu:Content Lifecycle[Projects] and select your project." +#: modules/administration/pages/auditing.adoc:25 +msgid "Within {productname}, these definitions apply:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:85 -msgid "" -"Click btn:[Attach/Detach Filters] link, select [guimenu]``Exclude openjdk " -"patch``, and click btn:[Save]." +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:26 +#, no-wrap +msgid "System affected by a certain vulnerability" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:87 +#: modules/administration/pages/auditing.adoc:27 msgid "" -"When you rebuild the project with the btn:[Build] button, the new filter is " -"used together with the [guimenu]``by date`` filter we added before." +"A system which has an installed package with version lower than the version " +"of the same package in a relevant patch marked for the vulnerability." msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:91 +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:28 #, no-wrap -msgid "Including a Patch in the Project" +msgid "System not affected by a certain vulnerability" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:97 -msgid "" -"In this example, you have received a security alert. An important security " -"patch was released several days after the first of the month you are " -"currently working on. The name of the new patch is ``SUSE-15-2019-2071``. " -"You need to include this new patch into your environment." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:102 +#: modules/administration/pages/auditing.adoc:29 msgid "" -"The [guimenu]``Allow`` filters rule overrides the exclude function of the " -"[guimenu]``Deny`` filter rule. For more information, see xref:" -"administration:content-lifecycle.adoc[]." +"A system which has no installed package that is also in a relevant patch " +"marked for the vulnerability." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:104 +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:30 #, no-wrap -msgid "Procedure: Including a Patch in a Project" +msgid "System patched for a certain vulnerability" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:108 +#: modules/administration/pages/auditing.adoc:31 msgid "" -"In the [guimenu]``Filter Name`` field, type a name for the filter. For " -"example, [systemitem]``Include kernel security fix``." +"A system which has an installed package with version equal to or greater " +"than the version of the same package in a relevant patch marked for the " +"vulnerability." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:111 -msgid "" -"In the [guimenu]``Advisory Name`` field, type " -"[guimenu]``SUSE-15-2019-2071``, and check [guimenu]``Allow``." +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:32 +#, no-wrap +msgid "Relevant patch" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:112 -#: modules/administration/pages/content-lifecycle-examples.adoc:176 -msgid "Click btn:[Save] to store the filter." +#: modules/administration/pages/auditing.adoc:33 +msgid "A patch known by {productname} in a relevant channel." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:113 -msgid "" -"Navigate to menu:Content Lifecycle[Projects] and select your project from " -"the list." +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:34 +#, no-wrap +msgid "Relevant channel" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:114 +#: modules/administration/pages/auditing.adoc:35 msgid "" -"Click btn:[Attach/Detach Filters], and select [guimenu]``Include kernel " -"security patch``." +"A channel managed by {productname}, which is either assigned to the system, " +"the original of a cloned channel which is assigned to the system, a channel " +"linked to a product which is installed on the system or a past or future " +"service pack channel for the system." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:116 -msgid "Click btn:[Build] to rebuild the environment." +#. type: delimited block = +#: modules/administration/pages/auditing.adoc:36 +msgid "" +"Because of the definitions used within {productname}, CVE audit results " +"might be incorrect in some circumstances. For example, unmanaged channels, " +"unmanaged packages, or non-compliant systems might report incorrectly." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:120 +#. type: Title = +#: modules/administration/pages/auth-methods-pam.adoc:1 #, no-wrap -msgid "Update an Existing Monthly Patch Cycle" +msgid "Authentication With PAM" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:123 +#: modules/administration/pages/auth-methods-pam.adoc:2 msgid "" -"When a monthly patch cycle is complete, you can update the patch cycle for " -"the next month." +"{productname} supports network-based authentication systems using pluggable " +"authentication modules (PAM). PAM is a suite of libraries that allows you " +"to integrate {productname} with a centralized authentication mechanism, " +"eliminating the need to remember multiple passwords. {productname} supports " +"LDAP, Kerberos, and other network-based authentication systems using PAM." msgstr "" #. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:124 +#: modules/administration/pages/auth-methods-pam.adoc:3 #, no-wrap -msgid "Procedure: Updating a Monthly Patch Cycle" +msgid "Procedure: Enabling PAM" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:127 -msgid "" -"In the [guimenu]``by date`` field, change the date of the filter to the next " -"month. Alternatively, create a new filter and change the assignment to the " -"project." +#: modules/administration/pages/auth-methods-pam.adoc:4 +msgid "Create a PAM service file at [path]``/etc/pam.d/susemanager``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:129 +#: modules/administration/pages/auth-methods-pam.adoc:5 msgid "" -"Check if the exclude filter for ``SUSE-15-2019-1807`` can be detached from " -"the project. There may be a new patch available to fix this issue." +"A standard [path]``/etc/pam.d/susemanager`` file should look like this. It " +"configures {productname} to use the system wide PAM configuration:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:131 +#. type: delimited block - +#: modules/administration/pages/auth-methods-pam.adoc:6 +#, no-wrap msgid "" -"Detach the ``allow`` filter you added previously. The patch is included by " -"default." +"#%PAM-1.0\n" +"auth include common-auth\n" +"account include common-account\n" +"password include common-password\n" +"session include common-session\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:132 +#: modules/administration/pages/auth-methods-pam.adoc:7 msgid "" -"Rebuild the project to create a new environment with patches for the next " -"month." +"Enforce the use of the service file by adding this line to [path]``/etc/rhn/" +"rhn.conf``:" msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:136 +#. type: delimited block - +#: modules/administration/pages/auth-methods-pam.adoc:8 #, no-wrap -msgid "Enhance a Project with Live Patching" +msgid "pam_auth_service = susemanager\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:139 -msgid "" -"This section covers setting up filters to create environments for live " -"patching." +#: modules/administration/pages/auth-methods-pam.adoc:9 +#, no-wrap +msgid " In this example, the PAM service file is called [systemitem]``susemanager``.\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:143 -msgid "" -"When you are preparing to use live patching, there are some important " -"considerations" +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:10 +#, no-wrap +msgid "Restart the {productname} services after a configuration change.\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:146 -msgid "" -"Only ever use one kernel version on your systems. The live patching " -"packages are installed with a specific kernel." +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:11 +#, no-wrap +msgid "In the {productname} {webui}, navigate to menu:Users[Create User] and enable a new or existing user to authenticate with PAM.\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:147 -msgid "Live patching updates are shipped as one patch." +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:12 +#, no-wrap +msgid "Check the [guimenu]``Pluggable Authentication Modules (PAM)`` checkbox.\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:13 +#, no-wrap +msgid "It is below the password and password confirmation fields.\n" msgstr "" #. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:150 +#: modules/administration/pages/auth-methods-pam.adoc:14 msgid "" -"Each kernel patch that begins a new series of live patching kernels will " -"display the ``required reboot`` flag. These kernel patches come with live " -"patching tools. When you have installed them, you will need to reboot the " -"system at least once before the next year." +"Changing the password in the {productname} {webui} changes only the local " +"password on the {productname} Server. If PAM is enabled for that user, the " +"local password might not be used at all. In the above example, for " +"instance, the Kerberos password will not be changed. Use the password " +"change mechanism of your network service to change the password for these " +"users." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:151 +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:15 msgid "" -"Only install live patch updates that match the installed kernel version." +"To configure system-wide authentication you can use YaST. You will need to " +"install the [package]``yast2-ldap-client`` and [package]``yast2-kerberos-" +"client`` packages." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:153 +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:16 msgid "" -"Live patches are provided as stand-alone patches. You must exclude all " -"regular kernel patches with higher kernel version than the currently " -"installed one." +"For more information about configuring PAM, the SUSE Linux Enterprise Server " +"Security Guide contains a generic example that will also work for other " +"network-based authentication methods. It also describes how to configure an " +"active directory service. For more information, see https://documentation." +"suse.com/sles/15-SP2/html/SLES-all/part-auth.html." msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:158 +#. type: Title = +#: modules/administration/pages/auth-methods-sso-example.adoc:1 #, no-wrap -msgid "Exclude Packages with a Higher Kernel Version" +msgid "Example SSO Implementation" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:162 +#: modules/administration/pages/auth-methods-sso-example.adoc:2 msgid "" -"In this example you update your systems with the ``SUSE-15-2019-1244`` " -"patch. This patch contains ``kernel-default-4.12.14-150.17.1-x86_64``." +"In this example, SSO is implemented by exposing three endpoints with " +"{productname}, and using Keycloak as the identity service provider (IdP)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:164 +#: modules/administration/pages/auth-methods-sso-example.adoc:3 msgid "" -"You need to exclude all patches which contain a higher version of ``kernel-" -"default``." +"Start by setting up the {productname} Server, and the Keycloak IdP. Then " +"you can add the endpoints as clients, and create users." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso-example.adoc:4 +msgid "" +"This example is provided for illustrative purposes only. {suse} does not " +"recommend or support third-party identity service providers, and is not " +"affiliated with Keycloak. For Keycloak support, see https://www.keycloak." +"org/." msgstr "" #. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:165 +#: modules/administration/pages/auth-methods-sso-example.adoc:5 #, no-wrap -msgid "Procedure: Excluding Packages with a Higher Kernel Version" +msgid "Procedure: Setting Up the {productname} Server" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:167 +#: modules/administration/pages/auth-methods-sso-example.adoc:6 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters], " -"and click btn:[Create Filter]." +"On the {productname} Server, open the [path]``/etc/rhn/rhn.conf`` " +"configuration file and edit these parameters." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:169 +#: modules/administration/pages/auth-methods-sso-example.adoc:7 msgid "" -"In the [guimenu]``Filter Name`` field, type a name for your filter. For " -"example, [systemitem]``Exclude kernel greater than 4.12.14-150.17.1``." +"Replace ```` with the fully-qualified domain name of your " +"{productname} installation:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:170 +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso-example.adoc:8 +#, no-wrap msgid "" -"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Contains " -"Package)``." +"java.sso.onelogin.saml2.sp.entityid = /rhn/manager/sso/metadata\n" +"java.sso.onelogin.saml2.sp.assertion_consumer_service.url = /rhn/manager/sso/acs\n" +"java.sso.onelogin.saml2.sp.single_logout_service.url = /rhn/manager/sso/sls\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:171 -msgid "" -"In the [guimenu]``Matcher`` field, select [guimenu]``version greater than``." +#: modules/administration/pages/auth-methods-sso-example.adoc:9 +msgid "In the configuration file, determine the three endpoints to expose:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:172 +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso-example.adoc:10 +#, no-wrap msgid "" -"In the [guimenu]``Package Name`` field, type [systemitem]``kernel-default``." +"java.sso.onelogin.saml2.idp.entityid\n" +"java.sso.onelogin.saml2.idp.single_sign_on_service.url\n" +"java.sso.onelogin.saml2.idp.single_logout_service.url\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:173 -msgid "Leave the the [guimenu]``Epoch`` field empty." +#: modules/administration/pages/auth-methods-sso-example.adoc:11 +msgid "In the IdP metadata, locate the public x509 certificate." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:174 -msgid "In the [guimenu]``Version`` field, type [systemitem]``4.12.14``." +#: modules/administration/pages/auth-methods-sso-example.adoc:12 +msgid "" +"It uses this format: ``/auth/realms//protocol/saml/" +"descriptor``. In the configuration file, specify the public x509 " +"certificate of the IdP:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:175 -msgid "In the [guimenu]``Release`` field, type [systemitem]``150.17.1``." +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso-example.adoc:13 +#, no-wrap +msgid "java.sso.onelogin.saml2.idp.x509cert\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:178 -msgid "Click btn:[Attach/Detach Filters]." +#: modules/administration/pages/auth-methods-sso-example.adoc:14 +msgid "" +"When you have prepared the {productname} Server, you can install Keycloak. " +"You can install Keycloak directly on your machine, or run it in a " +"container. In this example, we run Keycloak in a Docker container. For " +"more information about installing Keycloak, see the Keycloak documentation " +"at https://www.keycloak.org/getting-started/getting-started-docker." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:179 -msgid "" -"Select [guimenu]``Exclude kernel greater than 4.12.14-150.17.1``, and click " -"btn:[Save]." +#. type: Block title +#: modules/administration/pages/auth-methods-sso-example.adoc:15 +#, no-wrap +msgid "Procedure: Setting Up the Identity Service Provider" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:183 +#: modules/administration/pages/auth-methods-sso-example.adoc:16 msgid "" -"When you click btn:[Build], a new environment is created. The new " -"environment contains all the kernel patches up to the version you installed." +"Install Keycloak in a Docker container, according to the Keycloak " +"documentation." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:186 +#: modules/administration/pages/auth-methods-sso-example.adoc:17 msgid "" -"All kernel patches with higher kernel versions are removed. Live patching " -"kernels will stay available as long as they are not the first in a series." +"Run the container using the ``-td`` argument to ensure the process remains " +"running:" msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:202 +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso-example.adoc:18 #, no-wrap -msgid "Switch to a New Kernel Version for Live Patching" +msgid "docker run -td --name=idp -p 8080:8080 -e KEYCLOAK_USER= -e KEYCLOAK_PASSWORD= quay.io/keycloak/keycloak:9.0.2\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:207 +#: modules/administration/pages/auth-methods-sso-example.adoc:19 msgid "" -"Live Patching for a specific kernel version is only available for one year. " -"After one year you must update the kernel on your systems. Execute these " -"environment changes:" +"Sign in the Keycloak {webui} as a privileged user, and create a realm using " +"these details:" msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:208 -#, no-wrap -msgid "Procedure: Switch to a New Kernel Version" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:20 +msgid "In the ``Name`` field, enter a name for the realm." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:211 -msgid "" -"Decide which kernel version you will upgrade to. For example: " -"`4.12.14-150.32.1`" +#: modules/administration/pages/auth-methods-sso-example.adoc:21 +msgid "For example, ``SUMA``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:212 -msgid "Create a new kernel version Filter." +#: modules/administration/pages/auth-methods-sso-example.adoc:22 +msgid "Toggle the ``Enabled`` switch to ``On``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:213 +#: modules/administration/pages/auth-methods-sso-example.adoc:23 msgid "" -"Detach the previous filter **Exclude kernel greater than 4.12.14-150.17.1** " -"and attach the new filter." +"In the ``Endpoints`` field, type ``SAML 2.0 Identity Provider Metadata``." msgstr "" +#. Probably needs more explanation here. --LKB 20200415 #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:220 +#: modules/administration/pages/auth-methods-sso-example.adoc:24 msgid "" -"Click btn:[Build] to rebuild the environment. The new environment contains " -"all kernel patches up to the new kernel version you selected. Systems using " -"these channels will have the kernel update available for installation. You " -"will need to reboot systems after they have performed the upgrade. The new " -"kernel will remain valid for one year. All packages installed during the " -"year will match the current live patching kernel filter." +"This endpoint is ``/auth/realms//protocol/saml/" +"descriptor`` which describes the endpoints and certificate in the " +"{productname} configuration file." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:223 +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:25 +msgid "" +"When you have Keycloak running and set up, you can add the endpoints. " +"Keycloak refers to endpoints as clients." +msgstr "" + +#. type: Block title +#: modules/administration/pages/auth-methods-sso-example.adoc:26 #, no-wrap -msgid "Appstream Filters" +msgid "Procedure: Adding Endpoints as Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:229 -msgid "" -"If you are using {rhel}{nbsp}8 clients, you cannot perform package " -"operations such as installing or upgrading directly from modular " -"repositories like the {rhel} Appstream repository. You can use the " -"Appstream filter to transform modular repositories into regular " -"repositories. It does this by keeping the packages in the repository and " -"stripping away the module metadata. The resulting repository can be used in " -"{productname} in the same way as a regular repository." +#: modules/administration/pages/auth-methods-sso-example.adoc:27 +msgid "In the Keycloak {webui}, create a new client using these details:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:232 +#: modules/administration/pages/auth-methods-sso-example.adoc:28 msgid "" -"The AppStream filter selects a single module stream to be included in the " -"target repository. You can add multiple filters to select multiple module " -"streams." +"In the ``Client ID`` field, enter the endpoint specified in the server " +"configuration file as ``java.sso.onelogin.saml2.idp.entityid``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:235 -msgid "" -"If you do not use an AppStream filter in your CLM project, the module " -"metadata in the modular sources remains intact, and the target repositories " -"contain the same module metadata. As long as at least one AppStream filter " -"is enabled in the CLM project, all target repositories are transformed into " -"regular repositories." +#: modules/administration/pages/auth-methods-sso-example.adoc:29 +msgid "For example, ``https:///rhn/manager/sso/metadata``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:238 -msgid "" -"To use the AppStream filter, you need a CLM project with a modular " -"repository such as ``{rhel} AppStream``. Ensure that you included the " -"module you need as a source before you begin." +#: modules/administration/pages/auth-methods-sso-example.adoc:30 +msgid "In the ``Client Protocol`` field, select ``SAML``." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:241 -#, no-wrap -msgid "Procedure: Using Appstream Filters" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:31 +msgid "Toggle the ``Include AuthnStatement`` switch to ``On``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:244 -#: modules/administration/pages/content-lifecycle-examples.adoc:263 -msgid "" -"In the {productname} {webui}, navigate to your {rhel}{nbsp}8 CLM project. " -"Ensure that you have included the AppStream channels for your project." +#: modules/administration/pages/auth-methods-sso-example.adoc:32 +msgid "Toggle the ``Sign Assertions`` switch to ``On``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:245 -#: modules/administration/pages/content-lifecycle-examples.adoc:264 -msgid "Click btn:``Create Filter`` and use these parameters:" +#: modules/administration/pages/auth-methods-sso-example.adoc:33 +msgid "In the ``Signature Algorithm`` field, select ``RSA_SHA1``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:247 -#: modules/administration/pages/content-lifecycle-examples.adoc:266 -msgid "In the [guimenu]``Filter Name`` field, type a name for the new filter." +#: modules/administration/pages/auth-methods-sso-example.adoc:34 +msgid "In the ``SAML Signature Key Name`` field, select the key." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:248 -#: modules/administration/pages/content-lifecycle-examples.adoc:267 -msgid "" -"In the [guimenu]``Filter Type`` field, select [parameter]``Module (Stream)``." +#: modules/administration/pages/auth-methods-sso-example.adoc:35 +msgid "In the ``Canonicalization Method`` field, select ``Exclusive``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:250 +#: modules/administration/pages/auth-methods-sso-example.adoc:36 msgid "" -"In the [guimenu]``Module Name`` field, type a module name. For example, " -"[parameter]``postgresql``." +"In the ``Fine Grain SAML Endpoint Configuration`` section, add the two " +"endpoints using these details:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:253 +#: modules/administration/pages/auth-methods-sso-example.adoc:37 msgid "" -"In the [guimenu]``Stream`` field, type the name of the desired stream. For " -"example, [parameter]``10``. If you leave this field blank, the default " -"stream for the module is selected." +"In both the ``Assertion Consumer Service`` fields, enter the endpoint " +"specified in the server configuration file as ``java.sso.onelogin.saml2.sp." +"assertion_consumer_service.url``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:254 -msgid "Click btn:[Save] to create the new filter." +#: modules/administration/pages/auth-methods-sso-example.adoc:38 +msgid "For example, ``https:///rhn/manager/sso/acs``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:256 +#: modules/administration/pages/auth-methods-sso-example.adoc:39 msgid "" -"Click btn:``Attach/Detach Filters``, select your new Appstream filter, and " -"click btn:[Save]." +"In both the ``Logout Service`` fields, enter the endpoint specified in the " +"server configuration file as ``java.sso.onelogin.saml2.sp." +"single_logout_service.url``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:40 +msgid "For example, ``https:///rhn/manager/sso/sls``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:259 +#: modules/administration/pages/auth-methods-sso-example.adoc:41 msgid "" -"You can use the browse function in the ``Create/Edit Filter`` form to select " -"a module from a list of available module streams for a modular channel." +"When you have added the endpoints as clients, you can configure the client " +"scope, and map the users between Keycloak and {productname}." msgstr "" #. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:260 +#: modules/administration/pages/auth-methods-sso-example.adoc:42 #, no-wrap -msgid "Procedure: Browsing Available Module Streams" +msgid "Procedure: Configuring Client Scope and Mappers" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:268 -msgid "Click ``Browse available modules`` to see all modular channels." +#: modules/administration/pages/auth-methods-sso-example.adoc:43 +msgid "" +"In the Keycloak {webui}, navigate to the menu:Clients[Client Scopes] tab and " +"assign ``role_list`` as the default client scope." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:269 -msgid "Select a channel to browse the modules and streams:" +#: modules/administration/pages/auth-methods-sso-example.adoc:44 +msgid "" +"Navigate to the menu:Clients[Mappers] tab and add a user attribute ``Uid`` " +"mapper, using the default values." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:271 -msgid "" -"In the [guimenu]``Module Name`` field, start typing a module name to search, " -"or select from the list." +#: modules/administration/pages/auth-methods-sso-example.adoc:45 +msgid "This SAML attribute is expected by {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:272 +#: modules/administration/pages/auth-methods-sso-example.adoc:46 msgid "" -"In the [guimenu]``Stream`` field, start typing a stream name to search, or " -"select from the list." +"Navigate to the menu:Users[Admin] section and create an administrative user." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:278 -msgid "" -"Channel selection is only for browsing modules. The selected channel will " -"not be saved with the filter, and will not affect the CLM process in any way." +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:47 +msgid "This user does not need to match the {productname} administrative user." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:282 +#: modules/administration/pages/auth-methods-sso-example.adoc:48 msgid "" -"You can create additional AppStream filters for any other module stream to " -"be included in the target repository. Any module streams that the selected " -"stream depends on will be automatically included." +"Navigate to the menu:Users[Role Mappings] tab, add a ``uid`` attribute with " +"a value that matches the username of the {productname} administrative user." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:289 +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:49 msgid "" -"Be careful not to specify conflicting, incompatible, or missing module " -"streams. For example, selecting two streams from the same module is invalid." +"Navigate to the menu:Users[Credentials] tab, and set the same password as " +"used by the {productname} administrative user." +msgstr "" + +#. type: Block title +#: modules/administration/pages/auth-methods-sso-example.adoc:50 +#, no-wrap +msgid " Save your changes." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:292 +#: modules/administration/pages/auth-methods-sso-example.adoc:51 msgid "" -"When you build your CLM project using the btn:[Build] button in the {webui}, " -"the target repository is a regular repository without any modules, that " -"contains packages from the selected module streams." +"When you have completed configuration, you can test that the installation is " +"working as expected. Restart the {productname} Server to pick up your " +"changes, and navigate to the {productname} {webui}. If your installation is " +"working correctly, you are redirected to the Keycloak SSO page, where you " +"can authenticate successfully." msgstr "" #. type: Title = -#: modules/administration/pages/content-lifecycle.adoc:2 +#: modules/administration/pages/auth-methods-sso.adoc:1 #, no-wrap -msgid "Content Lifecycle Management" +msgid "Authentication With Single Sign-On (SSO)" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:6 +#: modules/administration/pages/auth-methods-sso.adoc:2 msgid "" -"Content lifecycle management allows you to customize and test packages " -"before updating production clients. This is especially useful if you need " -"to apply updates during a limited maintenance window." +"{productname} supports single sign-on (SSO) by implementing the Security " +"Assertion Markup Language (SAML){nbsp}2 protocol." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:8 +#: modules/administration/pages/auth-methods-sso.adoc:3 msgid "" -"Content lifecycle management allows you to select software channels as " -"sources, adjust them as required for your environment, and thoroughly test " -"them before installing onto your production clients." +"Single sign-on is an authentication process that allows a user to access " +"multiple applications with one set of credentials. SAML is an XML-based " +"standard for exchanging authentication and authorization data. A SAML " +"identity service provider (IdP) provides authentication and authorization " +"services to service providers (SP), such as {productname}. {productname} " +"exposes three endpoints which must be enabled for single sign-on." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:12 -msgid "" -"While you cannot directly modify vendor channels, you can clone them and " -"then modify the clones by adding or removing packages and custom patches. " -"You can assign these cloned channels to test clients to ensure they work as " -"expected. Then, when all tests pass, you can promote them to production " -"servers." +#: modules/administration/pages/auth-methods-sso.adoc:4 +msgid "SSO in {productname} supports:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:15 -msgid "" -"This is achieved through a series of environments that your software " -"channels can move through on their lifecycle. Most environment lifecycles " -"include at least test and production environments, but you can have as many " -"environments as you require." +#: modules/administration/pages/auth-methods-sso.adoc:5 +msgid "Log in with SSO." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:18 +#: modules/administration/pages/auth-methods-sso.adoc:6 msgid "" -"This section covers the basic content lifecycle procedures, and the filters " -"available. For more specific examples, see xref:administration:content-" -"lifecycle-examples.adoc[]." -msgstr "" - -#. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:21 -#, no-wrap -msgid "Create a Content Lifecycle Project" +"Log out with service provider-initiated single logout (SLO), and Identity " +"service provider single logout service (SLS)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:25 -msgid "" -"To set up a content lifecycle, you need to begin with a project. The " -"project defines the software channel sources, the filters used to find " -"packages, and the build environments." +#: modules/administration/pages/auth-methods-sso.adoc:7 +msgid "Assertion and nameId encryption." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle.adoc:26 -#, no-wrap -msgid "Procedure: Creating a Content Lifecycle Project" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:8 +msgid "Assertion signatures." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:28 +#: modules/administration/pages/auth-methods-sso.adoc:9 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " -"and click btn:[Create Project]." +"Message signatures with AuthNRequest, LogoutRequest, and LogoutResponses." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:30 -msgid "" -"In the [guimenu]``Label`` field, enter a label for your project. The " -"[guimenu]``Label`` field only accepts lowercase letters, numbers, periods, " -"hyphens, and underscores." +#: modules/administration/pages/auth-methods-sso.adoc:10 +msgid "Enable an Assertion consumer service endpoint." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:31 -msgid "" -"In the [guimenu]``Name`` field, enter a descriptive name for your project." +#: modules/administration/pages/auth-methods-sso.adoc:11 +msgid "Enable a single logout service endpoint." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:32 -msgid "" -"Click the btn:[Create] button to create your project and return to the " -"project page." +#: modules/administration/pages/auth-methods-sso.adoc:12 +msgid "Publish the SP metadata (which can be signed)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:33 -msgid "Click btn:[Attach/Detach Sources]." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:35 -msgid "" -"In the [guimenu]``Sources`` dialog, select the source type, and select a " -"base channel for your project. The available child channels for the " -"selected base channel are displayed, including information on whether the " -"channel is mandatory or recommended." +#: modules/administration/pages/auth-methods-sso.adoc:13 +msgid "SSO in {productname} does not support:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:37 +#: modules/administration/pages/auth-methods-sso.adoc:14 msgid "" -"Check the child channels you require, and click btn:[Save] to return to the " -"project page. The software channels you selected should now be showing." +"Product choosing and implementation for the identity service provider (IdP)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:40 +#: modules/administration/pages/auth-methods-sso.adoc:15 msgid "" -"In the [guimenu]``Filters`` dialog, select the filters you want to attach to " -"the project. To create a new filter, click btn:[Create new Filter]." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:41 -msgid "Click btn:[Add Environment]." +"SAML support for other products (check with the respective product " +"documentation)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:43 +#: modules/administration/pages/auth-methods-sso.adoc:16 msgid "" -"In the [guimenu]``Environment Lifecycle`` dialog, give the first environment " -"a name and a description, and click btn:[Save]. The [guimenu]``Name`` field " -"only accepts lowercase letters, numbers, periods, hyphens, and underscores." +"For an example implementation of SSO, see xref:administration:auth-methods-" +"sso-example.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:45 +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso.adoc:17 msgid "" -"Continue creating environments until you have all the environments for your " -"lifecycle completed. You can select the order of the environments in the " -"lifecycle by selecting an environment in the [guimenu]``Insert before`` " -"field when you create it." +"If you change from the default authentication method to single sign-on, the " +"new SSO credentials apply only to the {webui}. Client tools such as ``mgr-" +"sync`` or ``spacecmd`` will continue to work with the default authentication " +"method only." msgstr "" #. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:48 +#: modules/administration/pages/auth-methods-sso.adoc:18 #, no-wrap -msgid "Filter Types" +msgid "Prerequisites" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:53 +#: modules/administration/pages/auth-methods-sso.adoc:19 msgid "" -"{productname} allows you to create various types of filters to control the " -"content used for building the project. Filters allow you to select which " -"packages will be included or excluded from the build. For example, you " -"could exclude all kernel packages, or include only specific releases of some " -"packages." +"Before you begin, you need to have configured an external identity service " +"provider with these parameters. Check your IdP documentation for " +"instructions." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:55 -msgid "The supported filters are:" +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso.adoc:20 +msgid "" +"Your IdP must have a SAML:Attribute containing the username of the IdP user " +"domain, called ``uid``. The ``uid`` attribute passed in the SAML:Attribute " +"must be created in the {productname} user base before you activate single " +"sign-on." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:57 -msgid "package filtering" +#: modules/administration/pages/auth-methods-sso.adoc:21 +msgid "You will need these endpoints:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:58 -msgid "by name" +#: modules/administration/pages/auth-methods-sso.adoc:22 +msgid "" +"Assertion consumer service (or ACS): an endpoint to accept SAML messages to " +"establish a session into the Service Provider." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:59 -msgid "by name, epoch, version, release, and architecture" +#: modules/administration/pages/auth-methods-sso.adoc:23 +msgid "" +"The endpoint for ACS in {productname} is: https://server.example.com/rhn/" +"manager/sso/acs" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:60 -msgid "patch filtering" +#: modules/administration/pages/auth-methods-sso.adoc:24 +msgid "" +"Single logout service (or SLS): an endpoint to initiate a logout request " +"from the IdP." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:61 -msgid "by advisory name" +#: modules/administration/pages/auth-methods-sso.adoc:25 +msgid "" +"The endpoint for SLS in {productname} is: https://server.example.com/rhn/" +"manager/sso/sls" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:62 -msgid "by advisory type" +#: modules/administration/pages/auth-methods-sso.adoc:26 +msgid "Metadata: an endpoint to retrieve {productname} metadata for SAML." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:63 -msgid "by synopsis" +#: modules/administration/pages/auth-methods-sso.adoc:27 +msgid "" +"The endpoint for metadata in {productname} is: https://server.example.com/" +"rhn/manager/sso/metadata" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:64 -msgid "by keyword" +#: modules/administration/pages/auth-methods-sso.adoc:28 +msgid "" +"After the authentication with the IdP using the user ``orgadmin`` is " +"successful, you will be logged in into {productname} as the ``orgadmin`` " +"user, provided that the ``orgadmin`` user exists in {productname}." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:65 -msgid "by date" +#. type: Title == +#: modules/administration/pages/auth-methods-sso.adoc:29 +#, no-wrap +msgid "Enable SSO" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:66 -msgid "by affected package" +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso.adoc:30 +msgid "" +"Using SSO is mutually exclusive with other types of authentication: it is " +"either enabled or disabled. SSO is disabled by default." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:67 -msgid "module" +#. type: Block title +#: modules/administration/pages/auth-methods-sso.adoc:31 +#, no-wrap +msgid "Procedure: Enabling SSO" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:68 -msgid "by stream" -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:73 -msgid "Package dependencies are not resolved during content filtering." +#: modules/administration/pages/auth-methods-sso.adoc:32 +msgid "If your users do not yet exist in {productname}, create them first." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:78 +#: modules/administration/pages/auth-methods-sso.adoc:33 msgid "" -"There are multiple matchers you can use with the filter. Which ones are " -"available will depend on the filter type you choose." +"Edit [path]``/etc/rhn/rhn.conf`` and add this line at the end of the file:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:80 -msgid "The available matchers are:" +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso.adoc:34 +#, no-wrap +msgid "java.sso = true\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:82 -msgid "contains" +#: modules/administration/pages/auth-methods-sso.adoc:35 +msgid "" +"Find the parameters you want to customize in [path]``/usr/share/rhn/config-" +"defaults/rhn_java_sso.conf``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:83 -msgid "matches (must take the form of a regular expression)" +#: modules/administration/pages/auth-methods-sso.adoc:36 +msgid "" +"Insert the parameters you want to customize into [path]``/etc/rhn/rhn.conf`` " +"and prefix them with [literal]``java.sso``. For example, in [path]``/usr/" +"share/rhn/config-defaults/rhn_java_sso.conf`` find:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:84 -msgid "equals" +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso.adoc:37 +#, no-wrap +msgid "onelogin.saml2.sp.assertion_consumer_service.url = https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:85 -msgid "greater" +#: modules/administration/pages/auth-methods-sso.adoc:38 +msgid "" +"To customize it, create the corresponding option in [path]``/etc/rhn/rhn." +"conf`` by prefixing the option name with ``java.sso.``:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:86 -msgid "greater or equal" +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso.adoc:39 +#, no-wrap +msgid "java.sso.onelogin.saml2.sp.assertion_consumer_service.url = https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:87 -msgid "lower or equal" +#: modules/administration/pages/auth-methods-sso.adoc:40 +msgid "" +"To find all the occurrences you need to change, search in the file for the " +"placeholders [literal]``YOUR-PRODUCT`` and [literal]``YOUR-IDP-ENTITY``. " +"Every parameter comes with a brief explanation of what it is meant for." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:88 -msgid "lower" +#: modules/administration/pages/auth-methods-sso.adoc:41 +msgid "Restart the spacewalk service to pick up the changes:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:89 -msgid "later or equal" +#: modules/administration/pages/auth-methods-sso.adoc:43 +msgid "" +"When you visit the {productname} URL, you will be redirected to the IdP for " +"SSO where you will be requested to authenticate. Upon successful " +"authentication, you will be redirected to the {productname} {webui}, logged " +"in as the authenticated user. If you encounter problems with logging in " +"using SSO, check the {productname} logs for more information." msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle.adoc:92 +#. type: Title = +#: modules/administration/pages/backup-restore.adoc:1 #, no-wrap -msgid "Filter ``rule`` Parameter" +msgid "Backup and Restore" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:96 +#: modules/administration/pages/backup-restore.adoc:2 msgid "" -"Each filter has a ``rule`` parameter that can be set to either ``Allow`` or " -"``Deny``. The filters are processed like this:" +"Back up your {productname} installation regularly, to prevent data loss. " +"Because {productname} relies on a database as well as the installed program " +"and configurations, it is important to back up all components of your " +"installation. This chapter contains information on the files you need to " +"back up, and introduces the [command]``smdba`` tool to manage database " +"backups. It also contains information about restoring from your backups in " +"the case of a system failure." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:98 -msgid "" -"If a package or patch satisfies a ``Deny`` filter, it will be excluded from " -"the result." +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:3 +#, no-wrap +msgid "Backup Space Requirements" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:99 +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:4 msgid "" -"If a package or patch satisfies an ``Allow`` filter, it will be included in " -"the result (even if it was excluded by a ``Deny`` filter)." +"Regardless of the backup method you use, you must have available at least " +"three times the amount of space your current installation uses. Running out " +"of space can result in backups failing, so check this often." +msgstr "" + +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:5 +#, no-wrap +msgid "Backing up {productname}" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:101 +#: modules/administration/pages/backup-restore.adoc:6 msgid "" -"This behavior is useful when you want to exclude large number of packages or " -"patches using a general ``Deny`` filter and \"cherry-pick\" specific " -"packages or patches with specific ``Allow`` filters." +"The most comprehensive method for backing up your {productname} installation " +"is to back up the relevant files and directories. This can save you time in " +"administering your backup, and can be faster to reinstall and re-synchronize " +"in the case of failure. However, this method requires significant disk " +"space and could take a long time to perform the backup." msgstr "" #. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:105 +#: modules/administration/pages/backup-restore.adoc:7 msgid "" -"Content filters are global in your organization and can be shared between " -"projects." +"If you want to only back up the required files and directories, use the " +"following list. To make this process simpler, and more comprehensive, we " +"recommend backing up the entire [path]``/etc`` and [path]``/root`` " +"directories, not just the ones specified here. Some files only exist if you " +"are actually using the related {susemgr} feature." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:112 -msgid "" -"If your project already contains built sources, when you add an environment " -"it will automatically populate with the existing content. Content will be " -"drawn from the previous environment of the cycle if it had one. If there is " -"no previous environment, it will be left empty until the project sources are " -"built again." +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:8 +msgid "[path]``/etc/cobbler/``" msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:116 -#, no-wrap -msgid "Build a Content Lifecycle Project" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:9 +msgid "[path]``/etc/dhcp.conf``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:119 -msgid "" -"When you have created your project, defined environments, and attached " -"sources and filters, you can build the project for the first time." +#: modules/administration/pages/backup-restore.adoc:10 +msgid "[path]``/etc/fstab`` and any ISO mountpoints you require." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:121 -msgid "" -"Building applies filters to the attached sources and clones them to the " -"first environment in the project." +#: modules/administration/pages/backup-restore.adoc:11 +msgid "[path]``/etc/rhn/``" msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle.adoc:124 -#, no-wrap -msgid "Procedure: Building a Content Lifecycle Project" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:12 +msgid "[path]``/etc/salt``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:127 -msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " -"and select the project you want to build." +#: modules/administration/pages/backup-restore.adoc:13 +msgid "[path]``/etc/sudoers``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:128 -msgid "Review the attached sources and filters, and click btn:[Build]." +#: modules/administration/pages/backup-restore.adoc:14 +msgid "[path]``/etc/sysconfig/rhn/``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:129 -msgid "" -"Provide a version message to describe the changes or updates in this build." +#: modules/administration/pages/backup-restore.adoc:15 +msgid "[path]``/root/.gnupg/``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:130 -#: modules/administration/pages/content-lifecycle.adoc:145 -msgid "" -"You can monitor build progress in the [guimenu]``Environment Lifecycle`` " -"section." +#: modules/administration/pages/backup-restore.adoc:16 +msgid "[path]``/root/.ssh``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:132 +#: modules/administration/pages/backup-restore.adoc:17 msgid "" -"After the build is finished, the environment version is increased by one and " -"the built sources, such as software channels, can be assigned to your " -"clients." +"This file exists if you are using an SSH tunnel or SSH [command]``push``. " +"You will also need to have saved a copy of the ``id-susemanager`` key." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:135 -#, no-wrap -msgid "Promote Environments" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:18 +msgid "[path]``/root/ssl-build/``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:138 -msgid "" -"When the project has been built, the built sources can be sequentially " -"promoted to the environments." +#: modules/administration/pages/backup-restore.adoc:19 +msgid "[path]``/srv/formula_metadata``" msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle.adoc:141 -#, no-wrap -msgid "Procedure: Promoting Environments" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:20 +msgid "[path]``/srv/pillar``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:143 -msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " -"and select the project you want to work with." +#: modules/administration/pages/backup-restore.adoc:21 +msgid "[path]``/srv/salt``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:144 -msgid "" -"In the [guimenu]``Environment Lifecycle`` section, locate the environment to " -"promote to its successor, and click btn:[Promote]." +#: modules/administration/pages/backup-restore.adoc:22 +msgid "[path]``/srv/susemanager``" msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:148 -#, no-wrap -msgid "Assign Clients to Environments" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:23 +msgid "[path]``/srv/tftpboot/``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:152 -msgid "" -"When you build and promote content lifecycle projects, {productname} creates " -"a tree of software channels. To add clients to the environment, assign the " -"base and child software channels to your client using menu:Software[Software " -"Channels] in the [guimenu]``System Details`` page for the client." +#: modules/administration/pages/backup-restore.adoc:24 +msgid "[path]``/srv/www/cobbler``" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:157 -msgid "" -"Newly added cloned channels are not assigned to clients automatically. If " -"you add or promote sources you will need to manually check and update your " -"channel assignments." +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:25 +msgid "[path]``/srv/www/htdocs/pub/``" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:159 -msgid "" -"Automatic assignment is intended to be added to {productname} in a future " -"version." +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:26 +msgid "[path]``/srv/www/os-images``" msgstr "" -#. type: Title = -#: modules/administration/pages/content-staging.adoc:2 -#, no-wrap -msgid "Content Staging" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:27 +msgid "[path]``/var/cache/rhn``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:7 -msgid "" -"Staging is used by clients to download packages in advance, before they are " -"installed. This allows package installation to begin as soon as it is " -"scheduled, which can reduce the amount of time required for a maintenance " -"window." +#: modules/administration/pages/backup-restore.adoc:28 +msgid "[path]``/var/cache/salt``" msgstr "" -#. type: Title == -#: modules/administration/pages/content-staging.adoc:9 -#, no-wrap -msgid "Enable Content Staging" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:29 +msgid "[path]``/var/lib/cobbler/``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:14 +#: modules/administration/pages/backup-restore.adoc:30 msgid "" -"You can manage content staging across your entire organization. In the " -"{productname} {webui}, navigate to menu:Admin[Organizations] to see a list " -"of available organizations. Click the name of an organization, and check " -"the [guimenu]``Enable Staging Contents`` box to allow clients in this " -"organization to stage package data." +"[path]``/var/lib/cobbler/templates/`` (before version 4.0 it was [path]``/" +"var/lib/rhn/kickstarts/``)" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-staging.adoc:18 -msgid "" -"You must be logged in as a {productname} administrator to create and manage " -"organizations." +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:31 +msgid "[path]``/var/lib/Kiwi``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:21 -msgid "" -"You can also enable staging at the command prompt by editing [path]``/etc/" -"sysconfig/rhn/up2date``, and adding or editing these lines:" +#: modules/administration/pages/backup-restore.adoc:32 +msgid "[path]``/var/lib/rhn/``" msgstr "" -#. type: delimited block - -#: modules/administration/pages/content-staging.adoc:25 -#, no-wrap -msgid "" -"stagingContent=1\n" -"stagingContentWindow=24\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:33 +msgid "[path]``/var/spacewalk/``" msgstr "" -#. 2018-12-10, ke: /etc/sysconfig/rhn/up2date still exists. @renner confirmed some tools use it (at least, trad. client). To be renamed in the future. #. type: Plain text -#: modules/administration/pages/content-staging.adoc:36 +#: modules/administration/pages/backup-restore.adoc:34 msgid "" -"The ``stagingContentWindow`` parameter is a time value expressed in hours " -"and determines when downloading will start. It is the number of hours " -"before the scheduled installation or update time. In this example, content " -"will be downloaded 24 hours before the installation time. The start time " -"for download depends on the selected contact method for a system. The " -"assigned contact method sets the time for when the next " -"[command]``mgr_check`` will be executed." +"Plus any directories containing custom data such as scripts, Kickstart or " +"AutoYaST profiles, and custom RPMs." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-staging.adoc:39 +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:35 msgid "" -"Next time an action is scheduled, packages are automatically downloaded, but " -"not installed. At the scheduled time, the staged packages are installed." +"You will also need to back up your database, which you can do with the " +"[command]``smdba`` tool. For more information about the [command]``smdba`` " +"tool, see xref:administration:backup-restore.adoc[]." msgstr "" -#. type: Title == -#: modules/administration/pages/content-staging.adoc:42 +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:36 #, no-wrap -msgid "Configure Content Staging" +msgid "Procedure: Restore from a Manual Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:45 -msgid "There are two parameters used to configure content staging:" +#: modules/administration/pages/backup-restore.adoc:37 +msgid "Re-install {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:48 +#: modules/administration/pages/backup-restore.adoc:38 +#, fuzzy msgid "" -"[parameter]``salt_content_staging_advance`` is the advance time for the " -"content staging window to open, in hours. This is the number of hours " -"before installation starts, that package downloads can begin." +"For more information about recovering from a backup, see xref:administration:" +"backup-restore.adoc[]." msgstr "" +"Další informace o importovaných certifikátech najdete na stránce xref:" +"administration:ssl-certs-imported.adoc[]." #. type: Plain text -#: modules/administration/pages/content-staging.adoc:50 +#: modules/administration/pages/backup-restore.adoc:39 msgid "" -"[parameter]``salt_content_staging_window`` is the duration of the content " -"staging window, in hours. This is the amount of time clients have to stage " -"packages before installation begins." +"Re-synchronize your {productname} repositories with the [command]``mgr-" +"sync`` tool." msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:53 +#: modules/administration/pages/backup-restore.adoc:40 msgid "" -"For example, if [parameter]``salt_content_staging_advance`` is set to six " -"hours, and [parameter]``salt_content_staging_window`` is set to two hours, " -"the staging window will open six hours before the installation time, and " -"remain open for two hours. No packages will be downloaded in the four " -"remaining hours until installation starts." +"For more information about the [command]``mgr-sync`` tool, see <>." msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:55 +#: modules/administration/pages/backup-restore.adoc:41 msgid "" -"If you set the same value for both " -"[parameter]``salt_content_staging_advance`` and " -"[parameter]``salt_content_staging_window`` packages will be able to be " -"downloaded until installation begins." +"You can choose to re-register your product, or skip the registration and SSL " +"certificate generation sections." msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:57 +#: modules/administration/pages/backup-restore.adoc:42 msgid "" -"Configure the content staging parameters in [path]``/usr/share/rhn/config-" -"defaults/rhn_java.conf``." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/content-staging.adoc:59 -msgid "Default values:" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/content-staging.adoc:61 -msgid "[path]``salt_content_staging_advance: 8 hours``" +"Re-install the [path]``/root/ssl-build/rhn-org-httpd-ssl-key-pair-" +"MACHINE_NAME-VER-REL.noarch.rpm`` package." msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:62 -msgid "[path]``salt_content_staging_window: 8 hours``" -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/content-staging.adoc:67 -msgid "Content staging must be enabled for these parameters to work correctly." +#: modules/administration/pages/backup-restore.adoc:43 +msgid "" +"Schedule the re-creation of search indexes next time the [command]``rhn-" +"search`` service is started:" msgstr "" -#. type: Title = -#: modules/administration/pages/custom-channels.adoc:2 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:44 #, no-wrap -msgid "Custom Channels" +msgid "rhn-search cleanindex\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:6 +#: modules/administration/pages/backup-restore.adoc:45 msgid "" -"Custom channels give you the ability to create your own software packages " -"and repositories, which you can use to update your clients. They also allow " -"you to use software provided by third party vendors in your environment." +"This command produces only debug messages. It does not produce error " +"messages." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:8 -msgid "" -"You must have administrator privileges to be able to create and manage " -"custom channels." +#: modules/administration/pages/backup-restore.adoc:46 +msgid "Check whether you need to restore [path]``/var/spacewalk/packages/``." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:10 +#: modules/administration/pages/backup-restore.adoc:47 msgid "" -"Before you create a custom channel, determine which base channel you want to " -"associate it with, and which repositories you want to use for content." +"If [path]``/var/spacewalk/packages/`` was not in your backup, you will need " +"to restore it. If the source repository is available, you can restore " +"[path]``/var/spacewalk/packages/`` with a complete channel synchronization:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:48 +#, no-wrap +msgid "mgr-sync refresh --refresh-channels\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:12 +#: modules/administration/pages/backup-restore.adoc:49 msgid "" -"This section gives more detail on how to create, administer, and delete " -"custom channels." +"Check the progress by running [command]``tail -f /var/log/rhn/reposync/" +"````.log`` as _root_." msgstr "" #. type: Title == -#: modules/administration/pages/custom-channels.adoc:15 +#: modules/administration/pages/backup-restore.adoc:50 #, no-wrap -msgid "Creating Custom Channels and Repositories" +msgid "Administering the Database with smdba" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:19 +#: modules/administration/pages/backup-restore.adoc:51 msgid "" -"If you have custom software packages that you need to install on your " -"{productname} systems, you can create a custom child channel to manage " -"them. You will need to create the channel in the {productname} {webui} and " -"create a repository for the packages, before assigning the channel to your " -"systems." +"The [command]``smdba`` tool is used for managing a local PostgreSQL " +"database. It allows you to back up and restore your database, and manage " +"backups. It can also be used to check the status of your database, and " +"perform administration tasks, such as restarting." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:22 +#: modules/administration/pages/backup-restore.adoc:52 msgid "" -"You can select a vendor channel as the base channel if you want to use " -"packages provided by a vendor. Alternatively, select ``none`` to make your " -"custom channel a base channel." +"The [command]``smdba`` tool works with local PostgreSQL databases only, it " +"will not work with remotely accessed databases, or Oracle databases." msgstr "" -#. We need to create a section on importing GPG keys and change this to point there: https://github.com/SUSE/spacewalk/issues/9474 LKB 2019-09-18 -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:29 +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:53 msgid "" -"Custom channels will sometimes require additional security settings. Many " -"third party vendors secure packages with GPG. If you want to use GPG-" -"protected packages in your custom channel, you will need to trust the GPG " -"key which has been used to sign the metadata. You can then check the " -"[guimenu]``Has Signed Metadata?`` check box to match the package metadata " -"against the trusted GPG keys. For more information on importing GPG keys, " -"see xref:reference:systems/autoinst-gpg-and-ssl-keys.adoc[]." +"The [command]``smdba`` tool requires [command]``sudo`` access, to execute " +"system changes. Ensure you have enabled [command]``sudo`` access for the " +"[username]``admin`` user before you begin, by checking the [path]``/etc/" +"sudoers`` file for this line:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:54 +#, no-wrap +msgid "admin ALL=(postgres) /usr/bin/smdba\n" msgstr "" #. type: delimited block = -#: modules/administration/pages/custom-channels.adoc:35 -msgid "" -"Do not create child channels containing packages that are not compatible " -"with the client system." +#: modules/administration/pages/backup-restore.adoc:55 +msgid "Check the runtime status of your database with:" msgstr "" -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:39 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:56 #, no-wrap -msgid "Procedure: Creating a Custom Channel" +msgid "smdba db-status\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:41 -msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and click btn:[Create Channel]." +#: modules/administration/pages/backup-restore.adoc:57 +msgid "This command will return either ``online`` or ``offline``, for example:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:58 +#, no-wrap +msgid "Checking database core... online\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:43 -msgid "" -"On the [guimenu]``Create Software Channel`` page, give your channel a name " -"(for example, [systemitem]``My Tools SLES 15 SP1 x86_64``) and a label (for " -"example, [systemitem]``my-tools-sles15sp1-x86_64``). Labels must not " -"contain spaces or uppercase letters." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:45 -msgid "" -"In the [guimenu]``Parent Channel`` drop down, choose the relevant base " -"channel (for example, [systemitem]``SLE-Product-SLES15-SP1-Pool for " -"x86_64``). Ensure that you choose the compatible parent channel for your " -"packages." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:46 -msgid "" -"In the [guimenu]``Architecture`` drop down, choose the appropriate hardware " -"architecture (for example, [systemitem]``x86_64``)." +#: modules/administration/pages/backup-restore.adoc:59 +msgid "Starting and stopping the database can be performed with:" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:47 -msgid "" -"Provide any additional information in the contact details, channel access " -"control, and GPG fields, as required for your environment." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:60 +#: modules/administration/pages/backup-restore.adoc:102 +#, no-wrap +msgid "smdba db-start\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:48 -msgid "Click btn:[Create Channel]." +#: modules/administration/pages/backup-restore.adoc:61 +msgid "And:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/custom-channels.adoc:55 -msgid "" -"By default, the ``Enable GPG Check`` field is checked when you create a new " -"channel. If you would like to add custom packages and applications to your " -"channel, make sure you uncheck this field to be able to install unsigned " -"packages. Disabling the GPG check is a security risk if packages are from " -"an untrusted source." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:62 +#: modules/administration/pages/backup-restore.adoc:98 +#, no-wrap +msgid "smdba db-stop\n" msgstr "" -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:59 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:63 #, no-wrap -msgid "Procedure: Creating a Software Repository" +msgid "Database Backup with smdba" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:61 +#: modules/administration/pages/backup-restore.adoc:64 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > " -"Repositories], and click btn:[Create Repository]." +"The [command]``smdba`` tool performs a continuous archiving backup. This " +"backup method combines a log of every change made to the database during the " +"current session, with a series of more traditional backup files. When a " +"crash occurs, the database state is first restored from the most recent " +"backup file on disk, then the log of the current session is replayed " +"exactly, to bring the database back to a current state. A continuous " +"archiving backup with [command]``smdba`` is performed with the database " +"running, so there is no need for downtime." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:62 +#: modules/administration/pages/backup-restore.adoc:65 msgid "" -"On the [guimenu]``Create Repository`` page, give your repository a label " -"(for example, [systemitem]``my-tools-sles15sp1-x86_64-repo``)." +"This method of backing up is stable and generally creates consistent " +"snapshots, however it can take up a lot of storage space. Ensure you have " +"at least three times the current database size of space available for " +"backups. You can check your current database size by navigating to [path]``/" +"var/lib/pgsql/`` and running [command]``df -h``." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:64 +#: modules/administration/pages/backup-restore.adoc:66 msgid "" -"In the [guimenu]``Repository URL`` field, provide the path to the directory " -"that contains the [path]``repodata`` file (for example, " -"[systemitem]``file:///opt/mytools/``). You can use any valid addressing " -"protocol in this field." +"The [command]``smdba`` tool also manages your archives, keeping only the " +"most recent backup, and the current archive of logs. The log files can only " +"be a maximum file size of 16{nbsp}MB, so a new log file will be created when " +"the files reach this size. Every time you create a new backup, previous " +"backups will be purged to release disk space. We recommend you use " +"[command]``cron`` to schedule your [command]``smdba`` backups to ensure that " +"your storage is managed effectively, and you always have a backup ready in " +"case of failure." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:65 -msgid "Uncheck the [guimenu]``Has Signed Metadata?`` check box." +#. type: Title === +#: modules/administration/pages/backup-restore.adoc:67 +#, no-wrap +msgid "Performing a Manual Database Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:66 +#: modules/administration/pages/backup-restore.adoc:68 msgid "" -"OPTIONAL: Complete the SSL fields if your repository requires client " -"certificate authentication." +"The [command]``smdba`` tool can be run directly from the command line. We " +"recommend you run a manual database backup immediately after installation, " +"or if you have made any significant changes to your configuration." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:67 -msgid "Click btn:[Create Repository]." +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:69 +msgid "" +"When [command]``smdba`` is run for the first time, or if you have changed " +"the location of the backup, it will need to restart your database before " +"performing the archive. This will result in a small amount of downtime. " +"Regular database backups will not require any downtime." msgstr "" #. type: Block title -#: modules/administration/pages/custom-channels.adoc:70 +#: modules/administration/pages/backup-restore.adoc:70 #, no-wrap -msgid "Procedure: Assigning the Repository to a Channel" +msgid "Procedure: Performing a Manual Database Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:72 -msgid "" -"Assign your new repository to your custom channel by navigating to menu:" -"Software[Manage > Channels], clicking the name of your newly created custom " -"channel, and navigating to the [guimenu]``Repositories`` tab." +#: modules/administration/pages/backup-restore.adoc:71 +msgid "Allocate permanent storage space for your backup." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:73 +#: modules/administration/pages/backup-restore.adoc:72 msgid "" -"Ensure the repository you want to assign to the channel is checked, and " -"click btn:[Update Repositories]." +"This example uses a directory located at [path]``/var/spacewalk/``. This " +"will become a permanent target for your backup, so ensure it will remain " +"accessible by your server at all times." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:75 -msgid "" -"Navigate to the [guimenu]``Sync`` tab and click btn:[Sync Now] to " -"synchronize immediately. You can also set an automated synchronization " -"schedule on this tab." +#: modules/administration/pages/backup-restore.adoc:73 +msgid "In your backup location, create a directory for the backup:" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:78 -msgid "" -"There are several ways to check if a channel has finished synchronizing:" +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:74 +#, no-wrap +msgid "sudo -u postgres mkdir /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:81 -msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Setup Wizard] and " -"select the [guimenu]``Products`` tab. This dialog displays a completion bar " -"for each product when they are being synchronized." +#: modules/administration/pages/backup-restore.adoc:75 +msgid "Or, as root:" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:84 -msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"then click the channel associated to the repository. Navigate to the menu:" -"[Repositories > Sync] tab. The [guimenu]``Sync Status`` is shown next to " -"the repository name.." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:76 +#, no-wrap +msgid "install -d -o postgres -g postgres -m 700 /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:85 -msgid "Check the synchronization log file at the command prompt:" +#: modules/administration/pages/backup-restore.adoc:77 +msgid "Ensure you have the correct permissions set on the backup location:" msgstr "" #. type: delimited block - -#: modules/administration/pages/custom-channels.adoc:88 +#: modules/administration/pages/backup-restore.adoc:78 #, no-wrap -msgid "tail -f /var/log/rhn/reposync/.log\n" +msgid "chown postgres:postgres /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:92 +#: modules/administration/pages/backup-restore.adoc:79 msgid "" -"Each child channel will generate its own log during the synchronization " -"progress. You will need to check all the base and child channel log files " -"to be sure that the synchronization is complete." +"To create a backup for the first time, run the [command]``smdba backup-hot`` " +"command with the [option]``enable`` option set." msgstr "" -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:95 +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:80 +msgid "" +"This will create the backup in the specified directory, and, if necessary, " +"restart the database:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:81 #, no-wrap -msgid "Procedure: Adding Custom Channels to an Activation Key" +msgid "smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:97 +#: modules/administration/pages/backup-restore.adoc:82 msgid "" -"In the {productname} {webui}, navigate to menu:Systems[Activation Keys], and " -"select the key you want to add the custom channel to." +"This command produces debug messages and finishes sucessfully with the " +"output:" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:99 -msgid "" -"On the [guiemnu]``Details`` tab, in the [guimenu]``Child Channels`` listing, " -"select the channel to associate. You can select multiple channels, if you " -"need to." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:83 +#, no-wrap +msgid "INFO: Finished\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:100 -msgid "Click btn:[Update Activation Key]." +#: modules/administration/pages/backup-restore.adoc:84 +msgid "" +"Check that the backup files exist in the [path]``/var/spacewalk/db-backup`` " +"directory, to ensure that your backup has been successful." msgstr "" -#. type: Title == -#: modules/administration/pages/custom-channels.adoc:103 +#. type: Title === +#: modules/administration/pages/backup-restore.adoc:85 #, no-wrap -msgid "Add Packages and Patches to Custom Channels" +msgid "Scheduling Automatic Backups" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:107 +#: modules/administration/pages/backup-restore.adoc:86 msgid "" -"When you create a new custom channel without cloning it from an existing " -"channel, it will not contain any packages or patches. You can add the " -"packages and patches you require using the {productname} {webui}." +"You do not need to shut down your system to perform a database backup with " +"[command]``smdba``. However, because it is a large operation, database " +"performance can slow down while the backup is running. We recommend you " +"schedule regular database backups for a low-traffic period, to minimize " +"disruption." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:110 +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:87 msgid "" -"Custom channels can only include packages or patches that are cloned or " -"custom, and they must match the base architecture of the channel. Patches " -"added to custom channels must apply to a package that exists in the channel." +"Ensure you have at least three times the current database size of space " +"available for backups. You can check your current database size by " +"navigating to [path]``/var/lib/pgsql/`` and running [command]``df -h``." msgstr "" #. type: Block title -#: modules/administration/pages/custom-channels.adoc:112 +#: modules/administration/pages/backup-restore.adoc:88 #, no-wrap -msgid "Procedure: Adding Packages to Custom Channels" +msgid "Procedure: Scheduling Automatic Backups" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:114 +#: modules/administration/pages/backup-restore.adoc:89 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and go to the [guimenu]``Packages`` tab." +"Create a directory for the backup, and set the appropriate permissions (as " +"root):" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:115 -msgid "" -"OPTIONAL: See all packages currently in the channel by navigating to the " -"[guimenu]``List/Remove`` tab." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:90 +#, no-wrap +msgid "install -m 700 -o postgres -g postgres /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:116 +#: modules/administration/pages/backup-restore.adoc:91 msgid "" -"Add new packages to the channel by navigating to the [guimenu]``Add`` tab." +"Open [path]``/etc/cron.d/db-backup-mgr``, or create it if it does not exist, " +"and add the following line to create the cron job:" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:117 -msgid "" -"Select the parent channel to provide packages, and click btn:[View Packages] " -"to populate the list." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:92 +#, no-wrap +msgid "0 2 * * * root /usr/bin/smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:118 +#: modules/administration/pages/backup-restore.adoc:93 msgid "" -"Check the packages to add to the custom channel, and click btn:[Add " -"Packages]." +"Check the backup directory regularly to ensure the backups are working as " +"expected." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:119 -msgid "" -"When you are satisfied with the selection, click btn:[Confirm Addition] to " -"add the packages to the channel." +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:94 +#, no-wrap +msgid "Restoring from Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:121 +#: modules/administration/pages/backup-restore.adoc:95 msgid "" -"OPTIONAL: You can compare the packages in the current channel with those in " -"a different channel by navigating to menu:Software[Manage > Channels], and " -"going to the menu:Packages[Compare] tab. To make the two channels the same, " -"click the btn:[Merge Differences] button, and resolve any conflicts." +"The [command]``smdba`` tool can be used to restore from backup in the case " +"of failure." msgstr "" #. type: Block title -#: modules/administration/pages/custom-channels.adoc:124 +#: modules/administration/pages/backup-restore.adoc:96 #, no-wrap -msgid "Procedure: Adding Patches to a Custom Channel" +msgid "Procedure: Restoring from Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:126 -msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and go to the [guimenu]``Patches`` tab." +#: modules/administration/pages/backup-restore.adoc:97 +msgid "Shut down the database:" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:127 -msgid "" -"OPTIONAL: See all patches currently in the channel by navigating to the " -"[guimenu]``List/Remove`` tab." +#: modules/administration/pages/backup-restore.adoc:99 +msgid "Start the restore process and wait for it to complete:" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:128 -msgid "" -"Add new patches to the channel by navigating to the [guimenu]``Add`` tab, " -"and selecting what kind of patches you want to add." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:100 +#, no-wrap +msgid "smdba backup-restore start\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:129 -msgid "" -"Select the parent channel to provide patches, and click btn:[View Associated " -"Patches] to populate the list." +#: modules/administration/pages/backup-restore.adoc:101 +msgid "Restart the database:" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:130 -msgid "" -"Check the patches to add to the custom channel, and click btn:[Confirm]." +#: modules/administration/pages/backup-restore.adoc:103 +msgid "Check if there are differences between the RPMs and the database." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:131 -msgid "" -"When you are satisfied with the selection, click btn:[Confirm] to add the " -"patches to the channel." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:104 +#, no-wrap +msgid "spacewalk-data-fsck\n" msgstr "" #. type: Title == -#: modules/administration/pages/custom-channels.adoc:134 +#: modules/administration/pages/backup-restore.adoc:105 #, no-wrap -msgid "Manage Custom Channels" +msgid "Archive Log Settings" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:137 +#: modules/administration/pages/backup-restore.adoc:106 msgid "" -"{productname} administrators and channel administrators can alter or delete " -"any channel." +"Archive logging allows the database management tool [command]``smdba`` to " +"perform hot backups. In {productname} with an embedded database, archive " +"logging is enabled by default." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:141 -msgid "" -"To grant other users rights to alter or delete a channel, navigate to menu:" -"Software[Manage > Channels] and select the channel you want to edit. " -"Navigate to the [guimenu]``Managers`` tab, and check the user to grant " -"permissions. Click btn:[Update] to save the changes." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/custom-channels.adoc:147 +#: modules/administration/pages/backup-restore.adoc:107 msgid "" -"If you delete a channel that has been assigned to a set of clients, it will " -"trigger an immediate update of the channel state for any clients associated " -"with the deleted channel. This is to ensure that the changes are reflected " -"accurately in the repository file." +"PostgreSQL maintains a limited number of archive logs. Using the default " +"configuration, approximately 64 files with a size of 16 MiB are stored." msgstr "" +#. FIXME: Use sle 15 channels as an example #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:153 -msgid "" -"You cannot delete {productname} channels with the {webui}. Only custom " -"channels can be deleted." -msgstr "" - -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:156 -#, no-wrap -msgid "Procedure: Deleting Custom Channels" +#: modules/administration/pages/backup-restore.adoc:108 +msgid "Creating a user and syncing the channels:" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:158 -msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and select the channel you want to delete." +#: modules/administration/pages/backup-restore.adoc:109 +msgid "SLES12-SP2-Pool-x86_64" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:159 -msgid "Click btn:[Delete software channel]." +#: modules/administration/pages/backup-restore.adoc:110 +msgid "SLES12-SP2-Updates-x86_64" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:160 -msgid "" -"On the [guimenu]``Delete Channel`` page, check the details of the channel " -"you are deleting, and check the [guimenu]``Unsubscribe Systems`` checkbox to " -"remove the custom channel from any systems that might still be subscribed." +#: modules/administration/pages/backup-restore.adoc:111 +msgid "SLE-Manager-Tools12-Pool-x86_64-SP2" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:161 -msgid "Click btn:[Delete Channel]." +#: modules/administration/pages/backup-restore.adoc:112 +msgid "SLE-Manager-Tools12-Updates-x86_64-SP2" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:164 +#: modules/administration/pages/backup-restore.adoc:113 msgid "" -"When channels are deleted, the packages that are part of the deleted channel " -"are not automatically removed. You will not be able to update packages that " -"have had their channel deleted." +"PostgreSQL will generate an additional roughly 1 GB of data. So it is " +"important to think about a backup strategy and create a backups in a regular " +"way." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:166 +#: modules/administration/pages/backup-restore.adoc:114 msgid "" -"You can delete packages that are not associated with a channel in the " -"{productname} {webui}. Navigate to menu:Software[Manage > Packages], check " -"the packages to remove, and click btn:[Delete Packages]." +"Archive logs are stored at [path]``/var/lib/pgsql/data/pg_xlog/`` " +"(postgresql)." msgstr "" -#. type: Title = -#: modules/administration/pages/disconnected-setup.adoc:2 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:115 #, no-wrap -msgid "Disconnected Setup" +msgid "Retrieving an Overview of Occupied Database Space" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:5 +#: modules/administration/pages/backup-restore.adoc:116 msgid "" -"When it is not possible to connect {productname} to the internet, you can " -"use it within a disconnected environment." +"Database administrators may use the subcommand [command]``space-overview`` " +"to get a report about occupied table spaces, for example:" msgstr "" -#. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:8 -msgid "" -"The repository mirroring tool (RMT) is available on {sle}{nbsp}15 and " -"later. RMT replaces the subscription management tool (SMT), which can be " -"used on older {sle} installations." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:117 +#, no-wrap +msgid "smdba space-overview\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:12 -msgid "" -"In a disconnected {productname} setup, RMT or SMT uses an external network " -"to connect to {scc}. All software channels and repositories are " -"synchronized to a removable storage device. The storage device can then be " -"used to update the disconnected {productname} installation." +#: modules/administration/pages/backup-restore.adoc:118 +#: modules/administration/pages/backup-restore.adoc:123 +msgid "outputs:" msgstr "" -#. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:14 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:119 +#: modules/administration/pages/backup-restore.adoc:124 +#, no-wrap msgid "" -"This setup allows your {productname} installation to remain in an offline, " -"disconnected environment." +"SUSE Manager Database Control. Version 1.5.2\n" +"Copyright (c) 2012 by SUSE Linux Products GmbH\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:19 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:120 +#, no-wrap msgid "" -"Your RMT or SMT instance must be used to managed a {productname} Server " -"directly. It cannot be used to manage a second RMT or SMT instance, in a " -"cascade." +"Tablespace | Size (Mb) | Avail (Mb) | Use %\n" +"------------+-----------+------------+------\n" +"postgres | 7 | 49168 | 0.013\n" +"susemanager | 776 | 48399 | 1.602\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:22 +#: modules/administration/pages/backup-restore.adoc:121 msgid "" -"For more information on RMT, see https://documentation.suse.com/sles/15-SP1/" -"html/SLES-all/book-rmt.html." +"The [command]``smdba`` command is available for PostgreSQL. For a more " +"detailed report, use the [command]``space-tables`` subcommand. It lists the " +"table and its size, for example:" msgstr "" -#. type: Title == -#: modules/administration/pages/disconnected-setup.adoc:24 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:122 #, no-wrap -msgid "Synchronize RMT" +msgid "smdba space-tables\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:27 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:125 +#, no-wrap msgid "" -"You can use RMT on {sle} 15 installations to manage clients running {sle} 12 " -"or later." +"Table | Size\n" +"--------------------------------------+-----------\n" +"public.all_primary_keys | 0 bytes\n" +"public.all_tab_columns | 0 bytes\n" +"public.allserverkeywordsincereboot | 0 bytes\n" +"public.dblink_pkey_results | 0 bytes\n" +"public.dual | 8192 bytes\n" +"public.evr_t | 0 bytes\n" +"public.log | 32 kB\n" +"...\n" +msgstr "" + +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:126 +#, no-wrap +msgid "Moving the Database" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:29 +#: modules/administration/pages/backup-restore.adoc:127 msgid "" -"We recommend you set up a dedicated RMT instance for each {productname} " -"installation." +"It is possible to move the database to another location. For example, move " +"the database if the database storage space is running low. The following " +"procedure will guide you through moving the database to a new location for " +"use by {productname}." msgstr "" #. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:30 +#: modules/administration/pages/backup-restore.adoc:128 #, no-wrap -msgid "Procedure: Setting up RMT" +msgid "Procedure: Moving the Database" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:32 -msgid "On the RMT instance, install the RMT package:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:35 -#, no-wrap -msgid "zypper in rmt-server\n" +#: modules/administration/pages/backup-restore.adoc:129 +msgid "" +"The default storage location for {productname} is [path]``/var/lib/pgsql/``. " +"If you would like to move it, for example to [path]``/storage/postgres/``, " +"proceed as follows." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:37 -msgid "Configure RMT using {yast}:" +#: modules/administration/pages/backup-restore.adoc:130 +msgid "Stop the running database with (as root):" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:40 +#: modules/administration/pages/backup-restore.adoc:131 #, no-wrap -msgid "yast2 rmt\n" +msgid "rcpostgresql stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:43 +#: modules/administration/pages/backup-restore.adoc:132 +msgid "Shut down the running Spacewalk services with:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:134 msgid "" -"Follow the prompts to complete installation. For more information on " -"setting up RMT, see https://documentation.suse.com/sles/15-SP1/html/SLES-all/" -"book-rmt.html." +"Copy the current working directory structure with [command]``cp`` using the " +"[option]``-a, --archive`` option." msgstr "" -#. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:44 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:136 #, no-wrap -msgid "Procedure: Synchronizing RMT with SCC" +msgid "cp --archive /var/lib/pgsql/ /storage/postgres/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:46 +#: modules/administration/pages/backup-restore.adoc:137 msgid "" -"On the RMT instance, list all available products and repositories for your " -"organization:" +"This command will copy the contents of [path]``/var/lib/pgsql/`` to [path]``/" +"storage/postgres/pgsql/``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:50 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:138 msgid "" -"rmt-cli products list --all\n" -"rmt-cli repos list --all\n" +"The contents of the [path]``/var/lib/pgsql`` directory needs to remain the " +"same, otherwise the {productname} database may malfunction. You also should " +"ensure that there is enough available disk space." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:52 -msgid "Synchronize all available updates for your organization:" +#: modules/administration/pages/backup-restore.adoc:139 +msgid "Mount the new database directory with:" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:55 +#: modules/administration/pages/backup-restore.adoc:140 #, no-wrap -msgid "rmt-cli sync\n" +msgid "mount /storage/postgres/pgsql\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:57 -msgid "You can also configure RMT to synchronize regularly using systemd." +#: modules/administration/pages/backup-restore.adoc:141 +msgid "" +"Make sure ownership is `postgres:postgres` and not `root:root` by changing " +"to the new directory and running the following commands:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:142 +#, no-wrap +msgid "" +"cd /storage/postgres/pgsql/\n" +"ls -l\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:59 -msgid "Enable the products you require. For example, to enable SLES 15:" +#: modules/administration/pages/backup-restore.adoc:143 +msgid "Outputs:" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:62 +#: modules/administration/pages/backup-restore.adoc:144 #, no-wrap -msgid "rmt-cli product enable sles/15/x86_64\n" +msgid "" +"total 8\n" +"drwxr-x--- 4 postgres postgres 47 Jun 2 14:35 ./\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:65 -#: modules/administration/pages/disconnected-setup.adoc:99 +#: modules/administration/pages/backup-restore.adoc:145 msgid "" -"Export the synchronized data to your removable storage. In this example, " -"the storage medium is mounted at [path]``/mnt/usb``:" +"Add the new database mount location to your servers fstab by editing " +"[path]``etc/fstab``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:146 +msgid "Start the database with:" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:68 +#: modules/administration/pages/backup-restore.adoc:147 #, no-wrap -msgid "rmt-cli export data /mnt/usb\n" +msgid "rcpostgresql start\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:70 -#: modules/administration/pages/disconnected-setup.adoc:106 -msgid "Export the enabled repositories to your removable storage:" +#: modules/administration/pages/backup-restore.adoc:148 +msgid "Start the Spacewalk services with:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:72 -#: modules/administration/pages/disconnected-setup.adoc:108 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:150 #, no-wrap -msgid "rmt-cli export settings /mnt/usb\n" +msgid "Recovering from a Crashed Root Partition" msgstr "" -#. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:78 +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:151 msgid "" -"Ensure that the external storage is mounted to a directory that is writeable " -"by the RMT user. You can change RMT user settings in the `cli` section of " -"[path]``/etc/rmt.conf``." +"This section provides guidance on restoring your server after its root " +"partition has crashed. This section assumes you have setup your server " +"similar to the procedure explained in Installation guide with separate " +"partitions for the database and for channels mounted at [path]``/var/lib/" +"pgsql`` and [path]``/var/spacewalk/``." msgstr "" -#. type: Title == -#: modules/administration/pages/disconnected-setup.adoc:82 +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:152 #, no-wrap -msgid "Synchronize SMT" +msgid "Procedure: Recovering from a Crashed Root Partition" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:86 -msgid "" -"SMT is included with {sle} 12, and can be used to manage clients running " -"{sle} 10 or later." +#: modules/administration/pages/backup-restore.adoc:153 +msgid "Install {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:88 +#: modules/administration/pages/backup-restore.adoc:154 msgid "" -"SMT requires you to create a local mirror directory on the SMT instance in " -"order to synchronize repositories and packages." +"Do not mount the [path]``/var/spacewalk`` and [path]``/var/lib/pgsql`` " +"partitions. Wait for the installation to complete before going on to the " +"next step." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:90 -msgid "" -"For more details on installing and configuring SMT, see https://" -"documentation.suse.com/sles/12-SP4/html/SLES-all/book-smt.html." -msgstr "" - -#. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:91 -#, no-wrap -msgid "Procedure: Synchronizing SMT with SCC" +#: modules/administration/pages/backup-restore.adoc:155 +msgid "Shut down the services with [command]``spacewalk-service shutdown``." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:93 -msgid "On the SMT instance, create a database replacement file:" +#: modules/administration/pages/backup-restore.adoc:156 +msgid "Shut down the database with [command]``rcpostgresql stop``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:96 -#, no-wrap -msgid "smt-sync --createdbreplacementfile /tmp/dbrepl.xml\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:157 +msgid "Mount [path]``/var/spacewalk`` and [path]``/var/lib/pgsql`` partitions." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:104 -#, no-wrap -msgid "" -"smt-sync --todir /mnt/usb\n" -"smt-mirror --dbreplfile /tmp/dbrepl.xml --directory /mnt/usb \\\n" -" --fromlocalsmt -L /var/log/smt/smt-mirror-export.log\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:158 +msgid "Restore the directories listed in <>." msgstr "" -#. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:114 +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:159 msgid "" -"Ensure that the external storage is mounted to a directory that is writeable " -"by the RMT user. You can change SMT user settings in [path]``/etc/smt." -"conf``." +"Start the Spacewalk services with [command]``spacewalk-services start``." msgstr "" -#. type: Title == -#: modules/administration/pages/disconnected-setup.adoc:118 -#, no-wrap -msgid "Synchronize a Disconnected Server" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:160 +msgid "Start the database with [command]``rcpostgresql start``." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:121 +#: modules/administration/pages/backup-restore.adoc:161 msgid "" -"When you have removable media loaded with your {scc} data, you can use it to " -"synchronize your disconnected server." +"{productname} should now operate normally without loss of your database or " +"synced channels." msgstr "" -#. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:122 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:162 #, no-wrap -msgid "Procedure: Synchronizing a Disconnected Server" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:125 -msgid "" -"Mount your removable media device to the {productname} server. In this " -"example, the mount point is [path]``/media/disk``." +msgid "Database Connection Information" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:126 +#: modules/administration/pages/backup-restore.adoc:163 msgid "" -"Open ``/etc/rhn/rhn.conf`` and define the mount point by adding or editing " -"this line:" +"The information for connecting to the {productname} database is located in " +"[path]``/etc/rhn/rhn.conf``:" msgstr "" +#. There are no such default, they are user-spcified, though #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:129 +#: modules/administration/pages/backup-restore.adoc:164 #, no-wrap -msgid "server.susemanager.fromdir = /media/disk\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:132 -msgid "Restart the Tomcat service:" +msgid "" +"db_backend = postgresql\n" +"db_user = susemanager\n" +"db_password = susemanager\n" +"db_name = susemanager\n" +"db_host = localhost\n" +"db_port = 5432\n" +"db_ssl_enabled =\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:135 +#. type: Title = +#: modules/administration/pages/channel-management.adoc:1 #, no-wrap -msgid "systemctl restart tomcat\n" +msgid "Channel Management" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:137 -msgid "Refresh the local data:" +#: modules/administration/pages/channel-management.adoc:2 +msgid "Channels are a method of grouping software packages." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:140 -#, no-wrap -msgid "mgr-sync refresh\n" +#. type: Plain text +#: modules/administration/pages/channel-management.adoc:3 +msgid "" +"In {productname}, channels are grouped into base and child channels, with " +"base channels grouped by operating system type, version, and architecture, " +"and child channels being compatible with their related base channel. When a " +"client has been assigned to a base channel, it is only possible for that " +"system to install the related child channels. Organizing channels in this " +"way ensures that only compatible packages are installed on each system." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:142 -msgid "Perform a synchronization:" +#: modules/administration/pages/channel-management.adoc:4 +msgid "" +"Software channels use repositories to provide packages. The channels mirror " +"the repositories in {productname}, and the package names and other data are " +"stored in the {productname} database. You can have any number of " +"repositories associated with a channel. The software from those " +"repositories can then be installed on clients by subscribing the client to " +"the appropriate channel." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:146 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/channel-management.adoc:5 msgid "" -"mgr-sync list channels\n" -"mgr-sync add channel channel-label\n" +"Clients can only be assigned to one base channel. The client can then " +"install or update packages from the repositories associated with that base " +"channel and any of its child channels." msgstr "" -#. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:153 +#. type: Plain text +#: modules/administration/pages/channel-management.adoc:6 msgid "" -"The removable disk that you use for synchronization must always be available " -"at the same mount point. Do not trigger a synchronization, if the storage " -"medium is not mounted. This will result in data corruption." +"{productname} provides a number of vendor channels, which provide you " +"everything you need to run {productname}. {productname} Administrators and " +"Channel Administrators have channel management authority, which gives them " +"the ability to create and manage their own custom channels. If you want to " +"use your own packages in your environment, you can create custom channels. " +"Custom channels can be used as a base channel, or you can associate them " +"with a vendor base channel." msgstr "" -#. type: Title = -#: modules/administration/pages/image-management.adoc:2 -#, no-wrap -msgid "Image Building and Management" +#. type: Plain text +#: modules/administration/pages/channel-management.adoc:7 +msgid "" +"For more on creating custom channels, see xref:administration:custom-" +"channels.adoc[]." msgstr "" #. type: Title == -#: modules/administration/pages/image-management.adoc:7 +#: modules/administration/pages/channel-management.adoc:8 #, no-wrap -msgid "Image Building Overview" +msgid "Channel Administration" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:11 +#: modules/administration/pages/channel-management.adoc:9 msgid "" -"{productname} enables system administrators to build containers and OS " -"Images and push the result in image stores. The workflow looks like this:" +"By default, any user can subscribe channels to a system. You can implement " +"restrictions on the channel using the {webui}." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:13 -msgid "Define an image store" +#. type: Block title +#: modules/administration/pages/channel-management.adoc:10 +#, no-wrap +msgid "Procedure: Restricting Subscriber Access to a Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:14 +#: modules/administration/pages/channel-management.adoc:11 msgid "" -"Define an image profile and associate it with a source (either a git " -"repository or a directory)" +"In the {productname} {webui}, navigate to menu:Software[Channel List], and " +"select the channel to edit." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:15 -msgid "Build the image" +#: modules/administration/pages/channel-management.adoc:12 +msgid "" +"Locate the [guimenu]``Per-User Subscription Restrictions`` section and check " +"[guimenu]``Only selected users within your organization may subscribe to " +"this channel``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:16 -msgid "Push the image to the image store" +#: modules/administration/pages/channel-management.adoc:13 +msgid "Click btn:[Update] to save the changes." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:18 +#: modules/administration/pages/channel-management.adoc:14 msgid "" -"{productname} supports two distinct build types: dockerfile, and the Kiwi " -"image system." +"Navigate to the [guimenu]``Subscribers`` tab and select or deselect users as " +"required." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:23 -msgid "" -"The Kiwi build type is used to build system, virtual, and other images. The " -"image store for the Kiwi build type is pre-defined as a file system " -"directory at [path]``/srv/www/os-images`` on the server. {productname} " -"serves the image store over HTTPS from [literal]``///os-images/" -"``. The image store location is unique and is not customizable." +#. type: Title = +#: modules/administration/pages/content-lifecycle-examples.adoc:1 +#, no-wrap +msgid "Content Lifecycle Management Examples" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:25 +#: modules/administration/pages/content-lifecycle-examples.adoc:2 msgid "" -"Images are always stored in [path]``/srv/www/os-image/``." +"This section contains some common examples of how you can use content " +"lifecycle management. Use these examples to build your own personalized " +"implementation." msgstr "" #. type: Title == -#: modules/administration/pages/image-management.adoc:29 +#: modules/administration/pages/content-lifecycle-examples.adoc:3 #, no-wrap -msgid "Container Images" +msgid "Creating a Project for a Monthly Patch Cycle" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:31 -#, no-wrap -msgid "image-building.png" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:4 +msgid "An example project for a monthly patch cycle consists of:" msgstr "" #. type: Title === -#: modules/administration/pages/image-management.adoc:36 -#: modules/administration/pages/image-management.adoc:396 +#: modules/administration/pages/content-lifecycle-examples.adoc:5 +#: modules/administration/pages/content-lifecycle-examples.adoc:10 #, no-wrap -msgid "Requirements" +msgid "Creating a `By Date` filter" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:41 -msgid "" -"The containers feature is available for Salt clients running {sles} 12 or " -"later. Before you begin, ensure your environment meets these requirements:" +#: modules/administration/pages/content-lifecycle-examples.adoc:6 +msgid "Adding the filter to the project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:44 -msgid "" -"A published git repository containing a dockerfile and configuration " -"scripts. The repository can be public or private, and should be hosted on " -"GitHub, GitLab, or BitBucket." +#: modules/administration/pages/content-lifecycle-examples.adoc:7 +msgid "Applying the filter to a new project build" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:45 -msgid "A properly configured image store, such as a Docker registry." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:51 -msgid "" -"If you require a private image registry you can use an open source solution " -"such as ``Portus``. For additional information on setting up Portus as a " -"registry provider, see the http://port.us.org/[Portus Documentation]." +#: modules/administration/pages/content-lifecycle-examples.adoc:8 +msgid "Excluding a patch from the project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:55 -msgid "For more information on Containers or {caasp}, see:" +#: modules/administration/pages/content-lifecycle-examples.adoc:9 +msgid "Including a patch in the project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:58 +#: modules/administration/pages/content-lifecycle-examples.adoc:11 msgid "" -"https://documentation.suse.com/sles/15-SP1/html/SLES-all/book-sles-docker." -"html" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/image-management.adoc:59 -msgid "https://documentation.suse.com/suse-caasp/4/" +"The ``By Date`` filter excludes all patches released after a specified " +"date. This filter is useful for your content lifecycle projects that follow " +"a monthly patch cycle." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:63 -#: modules/administration/pages/image-management.adoc:425 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:12 #, no-wrap -msgid "Create a Build Host" +msgid "Procedure: Creating the ``By Date`` Filter" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:69 +#: modules/administration/pages/content-lifecycle-examples.adoc:13 +#: modules/administration/pages/content-lifecycle-examples.adoc:38 +#: modules/administration/pages/content-lifecycle-examples.adoc:53 msgid "" -"To build images with {productname}, you will need to create and configure a " -"build host. Container build hosts are Salt clients running {sle} 12 or " -"later. This section guides you through the initial configuration for a " -"build host." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters] " +"and click btn:[Create Filter]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:71 -msgid "" -"From the {productname} {webui}, perform these steps to configure a build " -"host:" +#: modules/administration/pages/content-lifecycle-examples.adoc:14 +#: modules/administration/pages/content-lifecycle-examples.adoc:90 +msgid "In the [guimenu]``Filter Name`` field, type a name for your filter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:74 -msgid "" -"Select a Salt client to be designated as a build host from the menu:" -"Systems[Overview] page." +#: modules/administration/pages/content-lifecycle-examples.adoc:15 +msgid "For example, [systemitem]``Exclude patches by date``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:77 +#: modules/administration/pages/content-lifecycle-examples.adoc:16 msgid "" -"From the [guimenu]``System Details`` page of the selected client assign the " -"containers modules. Go to menu:Software[Software Channels] and enable the " -"containers module (for example, [guimenu]``SLE-Module-Containers15-Pool`` " -"and [guimenu]``SLE-Module-Containers15-Updates``). Confirm by clicking btn:" -"[Change Subscriptions]." +"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Issue " +"date)``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:78 +#: modules/administration/pages/content-lifecycle-examples.adoc:17 msgid "" -"From the menu:System Details[Properties] page, enable ``Container Build " -"Host`` from the [guimenu]``Add-on System Types`` list and confirm by " -"clicking btn:[Update Properties]." +"In the [guimenu]``Matcher`` field, [guimenu]``later or equal`` is " +"autoselected." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:81 -msgid "" -"Install all required packages by applying ``Highstate``. From the system " -"details page select menu:States[Highstate] and click [guimenu]``Apply " -"Highstate``. Alternatively, apply Highstate from the {productname} Server " -"command line:" +#: modules/administration/pages/content-lifecycle-examples.adoc:18 +msgid "Select the date and time." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:84 -#: modules/administration/pages/image-management.adoc:462 -#, no-wrap -msgid "salt '$your_client' state.highstate\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:19 +#: modules/administration/pages/content-lifecycle-examples.adoc:25 +#: modules/administration/pages/content-lifecycle-examples.adoc:45 +#: modules/administration/pages/content-lifecycle-examples.adoc:62 +#: modules/administration/pages/monitoring.adoc:125 +msgid "Click btn:[Save]." msgstr "" #. type: Title === -#: modules/administration/pages/image-management.adoc:89 +#: modules/administration/pages/content-lifecycle-examples.adoc:20 #, no-wrap -msgid "Create an Activation Key for Containers" +msgid "Adding the Filter to the Project" +msgstr "" + +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:21 +#, no-wrap +msgid "Procedure: Adding a Filter to a Project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:93 +#: modules/administration/pages/content-lifecycle-examples.adoc:22 msgid "" -"The containers built using {productname} will use channel(s) associated to " -"the activation key as repositories when building the image. This section " -"will guide you into creating an ad-hoc activation key for this purpose." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects] " +"and select a project from the list." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:97 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:23 +msgid "Click btn:[Attach/Detach Filters] link to see all available filters" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:24 +msgid "Select the new [guimenu]``Exclude patches by date`` filter." +msgstr "" + +#. type: Title === +#: modules/administration/pages/content-lifecycle-examples.adoc:26 +#, no-wrap +msgid "Applying the Filter to a new Project Build" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:27 msgid "" -"To build a container, you will need an activation key that is associated " -"with a channel other than `SUSE Manager Default`." +"The new filter is added to your filter list, but it still needs to be " +"applied to the project. To apply the filter you need to build the first " +"environment." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:99 -#: modules/administration/pages/image-management.adoc:521 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:28 #, no-wrap -msgid "systems_create_activation_key.png" +msgid "Procedure: Using the Filter" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:102 -msgid "Select menu:Systems[Activation Keys]." +#: modules/administration/pages/content-lifecycle-examples.adoc:29 +msgid "Click btn:[Build] to build the first environment." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:103 -msgid "Click btn:[Create Key]." +#: modules/administration/pages/content-lifecycle-examples.adoc:30 +msgid "OPTIONAL: Add a message." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:105 +#: modules/administration/pages/content-lifecycle-examples.adoc:31 +msgid "You can use messages to help track the build history." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:32 msgid "" -"Enter a [guimenu]``Description`` and a [guimenu]``Key`` name. Use the drop-" -"down menu to select the [guimenu]``Base Channel`` to associate with this key." +"Check that the filter has worked correctly by using the new channels on a " +"test server." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:106 -#: modules/administration/pages/image-management.adoc:527 -msgid "Confirm with btn:[Create Activation Key]." +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:33 +msgid "Click btn:[Promote] to move the content to the next environment." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:108 -#: modules/administration/pages/image-management.adoc:529 -msgid "For more information, see <>." +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:34 +msgid "" +"The build will take longer if you have a large number of filters, or they " +"are very complex." msgstr "" #. type: Title === -#: modules/administration/pages/image-management.adoc:112 -#: modules/administration/pages/image-management.adoc:533 +#: modules/administration/pages/content-lifecycle-examples.adoc:35 #, no-wrap -msgid "Create an Image Store" +msgid "Excluding a Patch from the Project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:117 +#: modules/administration/pages/content-lifecycle-examples.adoc:36 msgid "" -"All built images are pushed to an image store. This section contains " -"information about creating an image store." +"Tests may help you discover issues. When an issue is found, exclude the " +"problem patch released before the `by date` filter." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:118 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:37 #, no-wrap -msgid "images_image_stores.png" +msgid "Procedure: Excluding a Patch" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:121 -msgid "Select menu:Images[Stores]." +#: modules/administration/pages/content-lifecycle-examples.adoc:39 +msgid "In the [guimenu]``Filter Name`` field, enter a name for the filter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:122 -msgid "Click [guimenu]``Create`` to create a new store." +#: modules/administration/pages/content-lifecycle-examples.adoc:40 +msgid "For example, [systemitem]``Exclude openjdk patch``." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:124 -#, no-wrap -msgid "images_image_stores_create.png" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:41 +#: modules/administration/pages/content-lifecycle-examples.adoc:56 +msgid "" +"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Advisory " +"Name)``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:127 -msgid "Define a name for the image store in the [guimenu]``Label`` field." +#: modules/administration/pages/content-lifecycle-examples.adoc:42 +#: modules/administration/pages/content-lifecycle-examples.adoc:57 +msgid "In the [guimenu]``Matcher`` field, select [guimenu]``equals``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:128 -msgid "" -"Provide the path to your image registry by filling in the [guimenu]``URI`` " -"field, as a fully qualified domain name (FQDN) for the container registry " -"host (whether internal or external)." +#: modules/administration/pages/content-lifecycle-examples.adoc:43 +msgid "In the [guimenu]``Advisory Name`` field, type a name for the advisory." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:132 -#, no-wrap -msgid "registry.example.com\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:44 +msgid "For example, [systemitem]``SUSE-15-2019-1807``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:136 -msgid "" -"The Registry URI can also be used to specify an image store on a registry " -"that is already in use." +#: modules/administration/pages/content-lifecycle-examples.adoc:46 +#: modules/administration/pages/content-lifecycle-examples.adoc:99 +#: modules/administration/pages/content-lifecycle-examples.adoc:128 +msgid "Navigate to menu:Content Lifecycle[Projects] and select your project." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:140 -#, no-wrap -msgid "registry.example.com:5000/myregistry/myproject\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:47 +msgid "" +"Click btn:[Attach/Detach Filters] link, select [guimenu]``Exclude openjdk " +"patch``, and click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:143 -msgid "Click btn:[Create] to add the new image store." +#: modules/administration/pages/content-lifecycle-examples.adoc:48 +msgid "" +"When you rebuild the project with the btn:[Build] button, the new filter is " +"used together with the [guimenu]``by date`` filter we added before." msgstr "" #. type: Title === -#: modules/administration/pages/image-management.adoc:147 -#: modules/administration/pages/image-management.adoc:550 +#: modules/administration/pages/content-lifecycle-examples.adoc:49 #, no-wrap -msgid "Create an Image Profile" +msgid "Including a Patch in the Project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:152 +#: modules/administration/pages/content-lifecycle-examples.adoc:50 msgid "" -"All container images are built using an image profile, which contains the " -"building instructions. This section contains information about creating an " -"image profile with the {productname} {webui}." +"In this example, you have received a security alert. An important security " +"patch was released several days after the first of the month you are " +"currently working on. The name of the new patch is ``SUSE-15-2019-2071``. " +"You need to include this new patch into your environment." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:153 -#: modules/administration/pages/image-management.adoc:555 -#, no-wrap -msgid "images_image_profiles.png" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:51 +msgid "" +"The [guimenu]``Allow`` filters rule overrides the exclude function of the " +"[guimenu]``Deny`` filter rule. For more information, see xref:" +"administration:content-lifecycle.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/image-management.adoc:155 -#: modules/administration/pages/image-management.adoc:557 +#: modules/administration/pages/content-lifecycle-examples.adoc:52 #, no-wrap -msgid "Procedure: Create an Image Profile" +msgid "Procedure: Including a Patch in a Project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:157 -msgid "" -"To create an image profile select menu:Images[Profiles] and click btn:" -"[Create]." -msgstr "" - -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:159 -#, no-wrap -msgid "images_image_create_profile.png" +#: modules/administration/pages/content-lifecycle-examples.adoc:54 +msgid "In the [guimenu]``Filter Name`` field, type a name for the filter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:162 -msgid "" -"Provide a name for the image profile by filling in the [guimenu]``Label`` " -"field." +#: modules/administration/pages/content-lifecycle-examples.adoc:55 +msgid "For example, [systemitem]``Include kernel security fix``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:167 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:58 msgid "" -"If your container image tag is in a format such as `myproject/myimage`, make " -"sure your image store registry URI contains the `/myproject` suffix." +"In the [guimenu]``Advisory Name`` field, type " +"[guimenu]``SUSE-15-2019-2071``, and check [guimenu]``Allow``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:170 -msgid "Use a dockerfile as the `Image Type`." +#: modules/administration/pages/content-lifecycle-examples.adoc:59 +#: modules/administration/pages/content-lifecycle-examples.adoc:98 +msgid "Click btn:[Save] to store the filter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:172 +#: modules/administration/pages/content-lifecycle-examples.adoc:60 msgid "" -"Use the drop-down menu to select your registry from the `Target Image Store` " -"field." +"Navigate to menu:Content Lifecycle[Projects] and select your project from " +"the list." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:176 +#: modules/administration/pages/content-lifecycle-examples.adoc:61 msgid "" -"In the [guimenu]``Path`` field, type a GitHub, GitLab or BitBucket " -"repository URL. The URL should be be http, https, or a token authentication " -"URL. Use one of these formats:" -msgstr "" - -#. type: Block title -#: modules/administration/pages/image-management.adoc:177 -#, no-wrap -msgid "GitHub Path Options" +"Click btn:[Attach/Detach Filters], and select [guimenu]``Include kernel " +"security patch``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:179 -msgid "GitHub single user project repository" +#: modules/administration/pages/content-lifecycle-examples.adoc:63 +msgid "Click btn:[Build] to rebuild the environment." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:182 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:64 #, no-wrap -msgid "https://github.com/USER/project.git#branchname:folder\n" +msgid "Update an Existing Monthly Patch Cycle" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:185 -msgid "GitHub organization project repository" +#: modules/administration/pages/content-lifecycle-examples.adoc:65 +msgid "" +"When a monthly patch cycle is complete, you can update the patch cycle for " +"the next month." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:188 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:66 #, no-wrap -msgid "https://github.com/ORG/project.git#branchname:folder\n" +msgid "Procedure: Updating a Monthly Patch Cycle" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:191 -msgid "GitHub token authentication" +#: modules/administration/pages/content-lifecycle-examples.adoc:67 +msgid "" +"In the [guimenu]``by date`` field, change the date of the filter to the next " +"month." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:195 +#: modules/administration/pages/content-lifecycle-examples.adoc:68 msgid "" -"If your git repository is private, modify the profile's URL to include " -"authentication. Use this URL format to authenticate with a GitHub token:" +"Alternatively, create a new filter and change the assignment to the project." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:199 -#, no-wrap -msgid "https://USER:@github.com/USER/project.git#master:/container/\n" -msgstr "" - -#. type: Block title -#: modules/administration/pages/image-management.adoc:201 -#, no-wrap -msgid "GitLab Path Options" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:69 +msgid "" +"Check if the exclude filter for ``SUSE-15-2019-1807`` can be detached from " +"the project." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:203 -msgid "GitLab single user project repository" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:207 -#, no-wrap -msgid "https://gitlab.example.com/USER/project.git#master:/container/\n" +#: modules/administration/pages/content-lifecycle-examples.adoc:70 +msgid "There may be a new patch available to fix this issue." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:210 -msgid "GitLab groups project repository" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:214 -#, no-wrap -msgid "https://gitlab.example.com/GROUP/project.git#master:/container/\n" +#: modules/administration/pages/content-lifecycle-examples.adoc:71 +msgid "Detach the ``allow`` filter you added previously." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:217 -msgid "GitLab token authentication" +#: modules/administration/pages/content-lifecycle-examples.adoc:72 +msgid "The patch is included by default." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:221 +#: modules/administration/pages/content-lifecycle-examples.adoc:73 msgid "" -"If your git repository is private and not publicly accessible, you need to " -"modify the profile's git URL to include authentication. Use this URL format " -"to authenticate with a GitLab token:" +"Rebuild the project to create a new environment with patches for the next " +"month." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:225 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:74 #, no-wrap -msgid "https://gitlab-ci-token:@gitlab.example.com/USER/project.git#master:/container/\n" -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:232 -msgid "" -"If you do not specify a git branch, the `master` branch will be used by " -"default. If a `folder` is not specified, the image sources (dockerfile " -"sources) are expected to be in the root directory of the GitHub or GitLab " -"checkout." +msgid "Enhance a Project with Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:236 +#: modules/administration/pages/content-lifecycle-examples.adoc:75 msgid "" -"Select an `Activation Key`. Activation keys ensure that images using a " -"profile are assigned to the correct channel and packages." +"This section covers setting up filters to create environments for live " +"patching." msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:241 +#: modules/administration/pages/content-lifecycle-examples.adoc:76 msgid "" -"When you associate an activation key with an image profile you are ensuring " -"any image using the profile will use the correct software channel and any " -"packages in the channel." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/image-management.adoc:244 -msgid "Click the btn:[Create] button." -msgstr "" - -#. type: Block title -#: modules/administration/pages/image-management.adoc:248 -#, no-wrap -msgid "Example Dockerfile Sources" +"When you are preparing to use live patching, there are some important " +"considerations" msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:252 -msgid "" -"An Image Profile that can be reused is published at https://github.com/SUSE/" -"manager-build-profiles" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:77 +msgid "Only ever use one kernel version on your systems." msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:257 -msgid "" -"The [option]``ARG`` parameters ensure that the built image is associated " -"with the desired repository served by {productname}. The [option]``ARG`` " -"parameters also allow you to build image versions of {sles} which may differ " -"from the version of {sles} used by the build host itself." +#: modules/administration/pages/content-lifecycle-examples.adoc:78 +msgid "The live patching packages are installed with a specific kernel." msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:259 -msgid "" -"For example: The [command]``ARG repo`` parameter and the [command]``echo`` " -"command pointing to the repository file, creates and then injects the " -"correct path into the repository file for the desired channel version." +#: modules/administration/pages/content-lifecycle-examples.adoc:79 +msgid "Live patching updates are shipped as one patch." msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:261 +#: modules/administration/pages/content-lifecycle-examples.adoc:80 msgid "" -"The repository is determined by the activation key that you assigned to your " -"image profile." +"Each kernel patch that begins a new series of live patching kernels will " +"display the ``required reboot`` flag." msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:268 +#: modules/administration/pages/content-lifecycle-examples.adoc:81 msgid "" -"The [package]#python# and [package]#python-xml# packages must be installed " -"in the container. They are required for inspecting images, and for " -"providing the package and product list of a container to the {productname} " -"{webui}. If you do not install them, images will still build but the " -"package and product list will not available in the {webui}." +"These kernel patches come with live patching tools. When you have installed " +"them, you will need to reboot the system at least once before the next year." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:273 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:82 msgid "" -"FROM registry.example.com/sles12sp2\n" -"MAINTAINER Tux Administrator \"tux@example.com\"\n" +"Only install live patch updates that match the installed kernel version." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:275 -#, no-wrap -msgid "### Begin: These lines Required for use with {productname}\n" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:83 +msgid "Live patches are provided as stand-alone patches." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:278 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:84 msgid "" -"ARG repo\n" -"ARG cert\n" +"You must exclude all regular kernel patches with higher kernel version than " +"the currently installed one." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:281 +#. type: Title === +#: modules/administration/pages/content-lifecycle-examples.adoc:85 #, no-wrap -msgid "" -"# Add the correct certificate\n" -"RUN echo \"$cert\" > /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT.pem\n" +msgid "Exclude Packages with a Higher Kernel Version" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:284 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:86 msgid "" -"# Update certificate trust store\n" -"RUN update-ca-certificates\n" +"In this example you update your systems with the ``SUSE-15-2019-1244`` " +"patch. This patch contains ``kernel-default-4.12.14-150.17.1-x86_64``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:287 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:87 msgid "" -"# Add the repository path to the image\n" -"RUN echo \"$repo\" > /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" +"You need to exclude all patches which contain a higher version of ``kernel-" +"default``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:289 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:88 #, no-wrap -msgid "### End: These lines required for use with {productname}\n" +msgid "Procedure: Excluding Packages with a Higher Kernel Version" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:292 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:89 msgid "" -"# Add the package script\n" -"ADD add_packages.sh /root/add_packages.sh\n" +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters], " +"and click btn:[Create Filter]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:295 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:91 msgid "" -"# Run the package script\n" -"RUN /root/add_packages.sh\n" +"For example, [systemitem]``Exclude kernel greater than 4.12.14-150.17.1``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:298 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:92 msgid "" -"# After building remove the repository path from image\n" -"RUN rm -f /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" -msgstr "" - -#. TODO: Replace the "custom-system-info" link -#. type: Block title -#: modules/administration/pages/image-management.adoc:301 -#, no-wrap -msgid "Using Custom Info Key-value Pairs as Docker Buildargs" +"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Contains " +"Package)``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:304 +#: modules/administration/pages/content-lifecycle-examples.adoc:93 msgid "" -"You can assign custom info key-value pairs to attach information to the " -"image profiles. Additionally, these key-value pairs are passed to the " -"Docker build command as `buildargs`." +"In the [guimenu]``Matcher`` field, select [guimenu]``version greater than``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:306 +#: modules/administration/pages/content-lifecycle-examples.adoc:94 msgid "" -"For more information about the available custom info keys and creating " -"additional ones, see xref:reference:systems/custom-system-info.adoc[]." -msgstr "" - -#. type: Title === -#: modules/administration/pages/image-management.adoc:309 -#: modules/administration/pages/image-management.adoc:701 -#, no-wrap -msgid "Build an Image" +"In the [guimenu]``Package Name`` field, type [systemitem]``kernel-default``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:314 -msgid "" -"There are two ways to build an image. You can select menu:Images[Build] " -"from the left navigation bar, or click the build icon in the menu:" -"Images[Profiles] list." +#: modules/administration/pages/content-lifecycle-examples.adoc:95 +msgid "Leave the the [guimenu]``Epoch`` field empty." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:315 -#: modules/administration/pages/image-management.adoc:708 -#, no-wrap -msgid "images_image_build.png" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:96 +msgid "In the [guimenu]``Version`` field, type [systemitem]``4.12.14``." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:317 -#: modules/administration/pages/image-management.adoc:710 -#, no-wrap -msgid "Procedure: Building an Image" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:97 +msgid "In the [guimenu]``Release`` field, type [systemitem]``150.17.1``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:319 -#: modules/administration/pages/image-management.adoc:712 -msgid "Select menu:Images[Build]." +#: modules/administration/pages/content-lifecycle-examples.adoc:100 +#: modules/administration/pages/content-lifecycle.adoc:20 +msgid "Click btn:[Attach/Detach Filters]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:320 +#: modules/administration/pages/content-lifecycle-examples.adoc:101 msgid "" -"Add a different tag name if you want a version other than the default " -"``latest`` (only relevant to containers)." +"Select [guimenu]``Exclude kernel greater than 4.12.14-150.17.1``, and click " +"btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:321 -msgid "Select [guimenu]``Build Profile`` and [guimenu]``Build Host``." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:327 +#: modules/administration/pages/content-lifecycle-examples.adoc:102 msgid "" -"Notice the [guimenu]``Profile Summary`` to the right of the build fields. " -"When you have selected a build profile, detailed information about the " -"selected profile will be displayed in this area." +"When you click btn:[Build], a new environment is created. The new " +"environment contains all the kernel patches up to the version you installed." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:330 -msgid "To schedule a build click the btn:[Build] button." +#: modules/administration/pages/content-lifecycle-examples.adoc:103 +msgid "" +"All kernel patches with higher kernel versions are removed. Live patching " +"kernels will stay available as long as they are not the first in a series." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:334 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:104 #, no-wrap -msgid "Import an Image" +msgid "Switch to a New Kernel Version for Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:341 +#: modules/administration/pages/content-lifecycle-examples.adoc:105 msgid "" -"You can import and inspect arbitrary images. Select menu:Images[Image List] " -"from the left navigation bar. Complete the text boxes of the " -"[guimenu]``Import`` dialog. When it has processed, the imported image will " -"be listed on the [guimenu]``Image List`` page." +"Live Patching for a specific kernel version is only available for one year. " +"After one year you must update the kernel on your systems. Execute these " +"environment changes:" msgstr "" #. type: Block title -#: modules/administration/pages/image-management.adoc:342 +#: modules/administration/pages/content-lifecycle-examples.adoc:106 #, no-wrap -msgid "Procedure: Importing an Image" +msgid "Procedure: Switch to a New Kernel Version" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:344 -msgid "" -"From menu:Images[Image list] click btn:[Import] to open the " -"[guimenu]``Import Image`` dialog." +#: modules/administration/pages/content-lifecycle-examples.adoc:107 +msgid "Decide which kernel version you will upgrade to." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:345 -msgid "In the [guimenu]``Import Image`` dialog complete these fields:" -msgstr "" - -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:347 -#, no-wrap -msgid "Image store:" +#: modules/administration/pages/content-lifecycle-examples.adoc:108 +msgid "For example: `4.12.14-150.32.1`" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:349 -msgid "The registry from where the image will be pulled for inspection." -msgstr "" - -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:350 -#, no-wrap -msgid "Image name:" +#: modules/administration/pages/content-lifecycle-examples.adoc:109 +msgid "Create a new kernel version Filter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:352 -msgid "The name of the image in the registry." -msgstr "" - -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:353 -#, no-wrap -msgid "Image version:" +#: modules/administration/pages/content-lifecycle-examples.adoc:110 +msgid "" +"Detach the previous filter **Exclude kernel greater than 4.12.14-150.17.1** " +"and attach the new filter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:355 -msgid "The version of the image in the registry." +#: modules/administration/pages/content-lifecycle-examples.adoc:111 +msgid "" +"Click btn:[Build] to rebuild the environment. The new environment contains " +"all kernel patches up to the new kernel version you selected. Systems using " +"these channels will have the kernel update available for installation. You " +"will need to reboot systems after they have performed the upgrade. The new " +"kernel will remain valid for one year. All packages installed during the " +"year will match the current live patching kernel filter." msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:356 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:112 #, no-wrap -msgid "Build host:" +msgid "AppStream Filters" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:358 -msgid "The build host that will pull and inspect the image." +#: modules/administration/pages/content-lifecycle-examples.adoc:113 +msgid "" +"If you are using {rhel}{nbsp}8 clients, you cannot perform package " +"operations such as installing or upgrading directly from modular " +"repositories like the {rhel} AppStream repository. You can use the " +"AppStream filter to transform modular repositories into regular " +"repositories. It does this by keeping the packages in the repository and " +"stripping away the module metadata. The resulting repository can be used in " +"{productname} in the same way as a regular repository." msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:359 -#, no-wrap -msgid "Activation key:" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:114 +msgid "" +"The AppStream filter selects a single module stream to be included in the " +"target repository. You can add multiple filters to select multiple module " +"streams." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:361 +#: modules/administration/pages/content-lifecycle-examples.adoc:115 msgid "" -"The activation key that provides the path to the software channel that the " -"image will be inspected with." +"If you do not use an AppStream filter in your CLM project, the module " +"metadata in the modular sources remains intact, and the target repositories " +"contain the same module metadata. As long as at least one AppStream filter " +"is enabled in the CLM project, all target repositories are transformed into " +"regular repositories." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:363 -msgid "For confirmation, click btn:[Import]." +#: modules/administration/pages/content-lifecycle-examples.adoc:116 +msgid "" +"To use the AppStream filter, you need a CLM project with a modular " +"repository such as ``{rhel} AppStream``. Ensure that you included the " +"module you need as a source before you begin." +msgstr "" + +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:117 +#, no-wrap +msgid "Procedure: Using AppStream Filters" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:365 +#: modules/administration/pages/content-lifecycle-examples.adoc:118 +#: modules/administration/pages/content-lifecycle-examples.adoc:132 msgid "" -"The entry for the image is created in the database, and an ``Inspect Image`` " -"action on {productname} is scheduled." +"In the {productname} {webui}, navigate to your {rhel}{nbsp}8 CLM project." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:369 -msgid "" -"When it has been processed, you can find the imported image in the ``Image " -"List``. It has a different icon in the ``Build`` column, to indicate that " -"the image is imported. The status icon for the imported image can also be " -"seen on the ``Overview`` tab for the image." +#: modules/administration/pages/content-lifecycle-examples.adoc:119 +#: modules/administration/pages/content-lifecycle-examples.adoc:133 +msgid "Ensure that you have included the AppStream channels for your project." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:373 -#: modules/administration/pages/image-management.adoc:755 -#, no-wrap -msgid "Troubleshooting" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:120 +#: modules/administration/pages/content-lifecycle-examples.adoc:134 +msgid "Click btn:``Create Filter`` and use these parameters:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:377 -msgid "These are some known problems when working with images:" +#: modules/administration/pages/content-lifecycle-examples.adoc:121 +#: modules/administration/pages/content-lifecycle-examples.adoc:135 +msgid "In the [guimenu]``Filter Name`` field, type a name for the new filter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:379 +#: modules/administration/pages/content-lifecycle-examples.adoc:122 +#: modules/administration/pages/content-lifecycle-examples.adoc:136 msgid "" -"HTTPS certificates to access the registry or the git repositories should be " -"deployed to the client by a custom state file." +"In the [guimenu]``Filter Type`` field, select [parameter]``Module (Stream)``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:380 -msgid "SSH git access using Docker is currently unsupported." +#: modules/administration/pages/content-lifecycle-examples.adoc:123 +msgid "In the [guimenu]``Module Name`` field, type a module name." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:382 -msgid "" -"If the [package]#python# and [package]#python-xml# packages are not " -"installed in your images during the build process, reporting of installed " -"packages or products will fail. This will result in an ``unknown`` update " -"status." +#: modules/administration/pages/content-lifecycle-examples.adoc:124 +msgid "For example, [parameter]``postgresql``." msgstr "" -#. type: Title == -#: modules/administration/pages/image-management.adoc:386 -#, no-wrap -msgid "OS Images" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:125 +msgid "In the [guimenu]``Stream`` field, type the name of the desired stream." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:390 +#: modules/administration/pages/content-lifecycle-examples.adoc:126 msgid "" -"OS Images are built by the Kiwi image system. The output image is " -"customizable and can be PXE, QCOW2, LiveCD, or other types of images." +"For example, [parameter]``10``. If you leave this field blank, the default " +"stream for the module is selected." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:392 -msgid "" -"For more information about the Kiwi build system, see the https://doc." -"opensuse.org/projects/kiwi/doc/[Kiwi documentation]." +#: modules/administration/pages/content-lifecycle-examples.adoc:127 +msgid "Click btn:[Save] to create the new filter." msgstr "" -#. SLE15 images support is not yet released for SUMA4, will be part of SUMA4.0.4 as tech preview -#. From {sles}{nbsp}15, ``kiwi-ng`` is used instead of the legacy Kiwi. #. type: Plain text -#: modules/administration/pages/image-management.adoc:401 +#: modules/administration/pages/content-lifecycle-examples.adoc:129 msgid "" -"The Kiwi image building feature is available for Salt clients running {sles}" -"{nbsp}12 and {sles}{nbsp}11." +"Click btn:``Attach/Detach Filters``, select your new AppStream filter, and " +"click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:403 +#: modules/administration/pages/content-lifecycle-examples.adoc:130 msgid "" -"Kiwi image configuration files and configuration scripts must be accessible " -"in one of these locations:" +"You can use the browse function in the ``Create/Edit Filter`` form to select " +"a module from a list of available module streams for a modular channel." +msgstr "" + +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:131 +#, no-wrap +msgid "Procedure: Browsing Available Module Streams" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:405 -msgid "Git repository" +#: modules/administration/pages/content-lifecycle-examples.adoc:137 +msgid "Click ``Browse available modules`` to see all modular channels." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:406 -msgid "HTTP hosted tarball" +#: modules/administration/pages/content-lifecycle-examples.adoc:138 +msgid "Select a channel to browse the modules and streams:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:407 -msgid "Local build host directory" +#: modules/administration/pages/content-lifecycle-examples.adoc:139 +msgid "" +"In the [guimenu]``Module Name`` field, start typing a module name to search, " +"or select from the list." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:409 +#: modules/administration/pages/content-lifecycle-examples.adoc:140 msgid "" -"For an example of a complete Kiwi repository served by git, see https://" -"github.com/SUSE/manager-build-profiles/tree/master/OSImage" +"In the [guimenu]``Stream`` field, start typing a stream name to search, or " +"select from the list." msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:415 +#: modules/administration/pages/content-lifecycle-examples.adoc:141 msgid "" -"You will need at least 1{nbsp}GB of RAM available for Hosts running OS " -"Images built with Kiwi. Disk space depends on the actual size of the " -"image. For more information, see the documentation of the underlying system." +"Channel selection is only for browsing modules. The selected channel will " +"not be saved with the filter, and will not affect the CLM process in any way." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:142 +msgid "" +"You can create additional AppStream filters for any other module stream to " +"be included in the target repository. Any module streams that the selected " +"stream depends on will be automatically included." msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:421 +#: modules/administration/pages/content-lifecycle-examples.adoc:143 msgid "" -"The build host must be a Salt client. Do not install the build host as a " -"traditional client." +"Be careful not to specify conflicting, incompatible, or missing module " +"streams. For example, selecting two streams from the same module is invalid." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:430 +#: modules/administration/pages/content-lifecycle-examples.adoc:144 msgid "" -"To build all kinds of images with {productname}, create and configure a " -"build host. OS Image build hosts are Salt clients running on {sles}{nbsp}15 " -"SP2, {sles}{nbsp}12 (SP3 or later) or {sles}{nbsp}11 SP4." +"When you build your CLM project using the btn:[Build] button in the {webui}, " +"the target repository is a regular repository without any modules, that " +"contains packages from the selected module streams." +msgstr "" + +#. This feature is mandatory to make RHEL/CentOS 8 modular repositories work +#. in the SUMA UI. Otherwise, even though modular repositories can be synced +#. and assigned to clients, they cannot be used for package operations +#. (install, update, etc.) from SUMA UI (An info message is shown in the UI if +#. that's the case). In that case, the package operations can only be done +#. from the client's CLI manually. +#. type: Title = +#: modules/administration/pages/content-lifecycle.adoc:1 +#, no-wrap +msgid "Content Lifecycle Management" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:432 +#: modules/administration/pages/content-lifecycle.adoc:2 msgid "" -"This procedure will guide you through the initial configuration for a build " -"host." +"Content lifecycle management allows you to customize and test packages " +"before updating production clients. This is especially useful if you need " +"to apply updates during a limited maintenance window." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:436 +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:3 msgid "" -"The operating system on the build host must match the operating system on " -"the targeted image." +"Content lifecycle management allows you to select software channels as " +"sources, adjust them as required for your environment, and thoroughly test " +"them before installing onto your production clients." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:440 +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:4 msgid "" -"For example, build {sles}{nbsp}15 based images on a build host running {sles}" -"{nbsp}15 SP2 OS version. Build {sles}{nbsp}12 based images on a build host " -"running {sles}{nbsp}12 SP4 or {sles}{nbsp}12 SP3 OS version. Build {sles}" -"{nbsp}11 based images on a build host running {sles}{nbsp}11 SP4 OS version." +"While you cannot directly modify vendor channels, you can clone them and " +"then modify the clones by adding or removing packages and custom patches. " +"You can assign these cloned channels to test clients to ensure they work as " +"expected. Then, when all tests pass, you can promote them to production " +"servers." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:444 -msgid "Configure the build host in the {productname} {webui}:" +#: modules/administration/pages/content-lifecycle.adoc:5 +msgid "" +"This is achieved through a series of environments that your software " +"channels can move through on their lifecycle. Most environment lifecycles " +"include at least test and production environments, but you can have as many " +"environments as you require." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:446 +#: modules/administration/pages/content-lifecycle.adoc:6 msgid "" -"Select a client that will be designated as a build host from the menu:" -"Systems[Overview] page." +"This section covers the basic content lifecycle procedures, and the filters " +"available. For more specific examples, see xref:administration:content-" +"lifecycle-examples.adoc[]." +msgstr "" + +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:7 +#, no-wrap +msgid "Create a Content Lifecycle Project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:447 +#: modules/administration/pages/content-lifecycle.adoc:8 msgid "" -"Navigate to the menu:System Details[Properties] tab, enable the " -"[guimenu]``Add-on System Type`` [guimenu]``OS Image Build Host``. Confirm " -"with btn:[Update Properties]." +"To set up a content lifecycle, you need to begin with a project. The " +"project defines the software channel sources, the filters used to find " +"packages, and the build environments." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:448 +#. type: Block title +#: modules/administration/pages/content-lifecycle.adoc:9 #, no-wrap -msgid "os-image-build-host.png" +msgid "Procedure: Creating a Content Lifecycle Project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:451 +#: modules/administration/pages/content-lifecycle.adoc:10 msgid "" -"Navigate to menu:System Details[Software > Software Channels], and enable " -"the required software channels depending on the build host version." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " +"and click btn:[Create Project]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:453 -msgid "" -"{sles}{nbsp}11 build hosts require {productname} Client tools (``SLE-Manager-" -"Tools11-Pool`` and ``SLE-Manager-Tools11-Updates``)." +#: modules/administration/pages/content-lifecycle.adoc:11 +msgid "In the [guimenu]``Label`` field, enter a label for your project." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:454 +#: modules/administration/pages/content-lifecycle.adoc:12 msgid "" -"{sles}{nbsp}12 build hosts require {productname} Client tools (``SLE-Manager-" -"Tools12-Pool`` and ``SLE-Manager-Tools12-Updates``)." +"The [guimenu]``Label`` field only accepts lowercase letters, numbers, " +"periods, hyphens, and underscores." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:456 +#: modules/administration/pages/content-lifecycle.adoc:13 msgid "" -"{sles}{nbsp}15 build hosts require {sles} modules ``SLE-Module-DevTools15-" -"SP2-Pool`` and ``SLE-Module-DevTools15-SP2-Updates``. Schedule and click " -"btn:[Confirm]." +"In the [guimenu]``Name`` field, enter a descriptive name for your project." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:459 +#: modules/administration/pages/content-lifecycle.adoc:14 msgid "" -"Install Kiwi and all required packages by applying `Highstate`. From the " -"system details page select menu:States[Highstate] and click btn:[Apply " -"Highstate]. Alternatively, apply Highstate from the {productname} Server " -"command line:" +"Click the btn:[Create] button to create your project and return to the " +"project page." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:464 -#, no-wrap -msgid "{productname} Web Server Public Certificate RPM" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:15 +msgid "Click btn:[Attach/Detach Sources]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:467 +#: modules/administration/pages/content-lifecycle.adoc:16 msgid "" -"Build host provisioning copies the {productname} certificate RPM to the " -"build host. This certificate is used for accessing repositories provided by " -"{productname}." +"In the [guimenu]``Sources`` dialog, select the source type, and select a " +"base channel for your project." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:470 +#: modules/administration/pages/content-lifecycle.adoc:17 msgid "" -"The certificate is packaged in RPM by the `mgr-package-rpm-certificate-" -"osimage` package script. The package script is called automatically during " -"a new {productname} installation." +"The available child channels for the selected base channel are displayed, " +"including information on whether the channel is mandatory or recommended." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:473 +#: modules/administration/pages/content-lifecycle.adoc:18 msgid "" -"When you upgrade the `spacewalk-certs-tools` package, the upgrade scenario " -"will call the package script using the default values. However if the " -"certificate path was changed or unavailable, you will need to call the " -"package script manually using `--ca-cert-full-path ` " -"after the upgrade procedure has finished." +"Check the child channels you require, and click btn:[Save] to return to the " +"project page." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:475 -#, no-wrap -msgid "Package script call example" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:19 +msgid "The software channels you selected should now be showing." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:479 -#, no-wrap -msgid "/usr/sbin/mgr-package-rpm-certificate-osimage --ca-cert-full-path /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:21 +msgid "" +"In the [guimenu]``Filters`` dialog, select the filters you want to attach to " +"the project." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:482 -msgid "" -"The RPM package with the certificate is stored in a salt-accessible " -"directory such as:" +#: modules/administration/pages/content-lifecycle.adoc:22 +msgid "To create a new filter, click btn:[Create new Filter]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:484 -#, no-wrap -msgid "/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-osimage-1.0-1.noarch.rpm\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:23 +msgid "Click btn:[Add Environment]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:487 +#: modules/administration/pages/content-lifecycle.adoc:24 msgid "" -"The RPM package with the certificate is provided in the local build host " -"repository:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:489 -#, no-wrap -msgid "/var/lib/Kiwi/repo\n" +"In the [guimenu]``Environment Lifecycle`` dialog, give the first environment " +"a name and a description, and click btn:[Save]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:494 +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:25 msgid "" -"Specify the RPM package with the {productname} SSL certificate in the build " -"source, and make sure your Kiwi configuration contains ``rhn-org-trusted-ssl-" -"cert-osimage`` as a required package in the ``bootstrap`` section." +"The [guimenu]``Name`` field only accepts lowercase letters, numbers, " +"periods, hyphens, and underscores." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:495 -#, no-wrap -msgid "config.xml" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:26 +msgid "" +"Continue creating environments until you have all the environments for your " +"lifecycle completed." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:504 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:27 msgid "" -"...\n" -" \n" -" ...\n" -" \n" -" \n" -"...\n" +"You can select the order of the environments in the lifecycle by selecting " +"an environment in the [guimenu]``Insert before`` field when you create it." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:510 +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:28 #, no-wrap -msgid "Create an Activation Key for OS Images" +msgid "Filter Types" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:513 +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:29 msgid "" -"Create an activation key associated with the channel that your OS Images " -"will use as repositories when building the image." +"{productname} allows you to create various types of filters to control the " +"content used for building the project. Filters allow you to select which " +"packages will be included or excluded from the build. For example, you " +"could exclude all kernel packages, or include only specific releases of some " +"packages." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:515 -msgid "Activation keys are mandatory for OS Image building." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:30 +msgid "The supported filters are:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:519 -msgid "" -"To build OS Images, you will need an activation key that is associated with " -"a channel other than `SUSE Manager Default`." +#: modules/administration/pages/content-lifecycle.adoc:31 +msgid "package filtering" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:524 -msgid "In the {webui}, select menu:Systems[Activation Keys]." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:32 +msgid "by name" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:525 -msgid "Click [guimenu]``Create Key``." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:33 +msgid "by name, epoch, version, release, and architecture" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:526 -msgid "" -"Enter a [guimenu]``Description``, a [guimenu]``Key`` name, and use the drop-" -"down box to select a [guimenu]``Base Channel`` to associate with the key." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:34 +msgid "patch filtering" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:539 -msgid "" -"OS Images can require a significant amount of storage space. Therefore, we " -"recommended that the OS Image store is located on a partition of its own or " -"on a Btrfs subvolume, separate from the root partition. By default, the " -"image store will be located at [path]``/srv/www/os-images``." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:35 +msgid "by advisory name" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:543 -msgid "" -"Image stores for Kiwi build type, used to build system, virtual, and other " -"images, are not supported yet." +#: modules/administration/pages/content-lifecycle.adoc:36 +msgid "by advisory type" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:545 -msgid "" -"Images are always stored in [path]``/srv/www/os-images/`` " -"and are accessible via HTTP/HTTPS [url]``https:///os-" -"images/``." +#: modules/administration/pages/content-lifecycle.adoc:37 +msgid "by synopsis" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:554 -msgid "Manage image profiles using the {webui}." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:38 +msgid "by keyword" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:559 -msgid "" -"To create an image profile select from menu:Images[Profiles] and click btn:" -"[Create]." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:39 +msgid "by date" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:561 -#, no-wrap -msgid "images_image_create_profile_kiwi.png" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:40 +msgid "by affected package" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:564 -msgid "" -"In the [guimenu]``Label`` field, provide a name for the `Image Profile`." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:41 +msgid "module" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:565 -msgid "Use `Kiwi` as the [guimenu]``Image Type``." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:42 +msgid "by stream" msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:566 -msgid "Image store is automatically selected." +#: modules/administration/pages/content-lifecycle.adoc:43 +msgid "Package dependencies are not resolved during content filtering." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:567 +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:44 msgid "" -"Enter a [guimenu]``Config URL`` to the directory containing the Kiwi " -"configuration files:" +"There are multiple matchers you can use with the filter. Which ones are " +"available will depend on the filter type you choose." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:568 -msgid "git URI" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:45 +msgid "The available matchers are:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:569 -msgid "HTTPS tarball" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:46 +msgid "contains" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:570 -msgid "Path to build host local directory" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:47 +msgid "matches (must take the form of a regular expression)" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:572 -msgid "" -"Select an [guimenu]``Activation Key``. Activation keys ensure that images " -"using a profile are assigned to the correct channel and packages." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:48 +msgid "equals" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:577 -msgid "" -"Associate an activation key with an image profile to ensure the image " -"profile uses the correct software channel, and any packages." +#: modules/administration/pages/content-lifecycle.adoc:49 +msgid "greater" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:581 -msgid "Confirm with the btn:[Create] button." +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:50 +msgid "greater or equal" msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:583 -#, no-wrap -msgid "Source format options" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:51 +msgid "lower or equal" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:585 -msgid "git/HTTP(S) URL to the repository" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:52 +msgid "lower" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:589 -msgid "" -"URL to the git repository containing the sources of the image to be built. " -"Depending on the layout of the repository the URL can be:" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:53 +msgid "later or equal" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:592 +#. type: Title === +#: modules/administration/pages/content-lifecycle.adoc:54 #, no-wrap -msgid "https://github.com/SUSE/manager-build-profiles\n" +msgid "Filter ``rule`` Parameter" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:597 +#: modules/administration/pages/content-lifecycle.adoc:55 msgid "" -"You can specify a branch after the `#` character in the URL. In this " -"example, we use the `master` branch:" +"Each filter has a ``rule`` parameter that can be set to either ``Allow`` or " +"``Deny``. The filters are processed like this:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:600 -#, no-wrap -msgid "https://github.com/SUSE/manager-build-profiles#master\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:56 +msgid "" +"If a package or patch satisfies a ``Deny`` filter, it will be excluded from " +"the result." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:605 +#: modules/administration/pages/content-lifecycle.adoc:57 msgid "" -"You can specify a directory that contains the image sources after the `:` " -"character. In this example, we use `OSImage/POS_Image-JeOS6`:" +"If a package or patch satisfies an ``Allow`` filter, it will be included in " +"the result (even if it was excluded by a ``Deny`` filter)." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:608 -#, no-wrap -msgid "https://github.com/SUSE/manager-build-profiles#master:OSImage/POS_Image-JeOS6\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:58 +msgid "" +"This behavior is useful when you want to exclude large number of packages or " +"patches using a general ``Deny`` filter and \"cherry-pick\" specific " +"packages or patches with specific ``Allow`` filters." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:611 -msgid "HTTP(S) URL to the tarball" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:59 +msgid "" +"Content filters are global in your organization and can be shared between " +"projects." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:614 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:60 msgid "" -"URL to the tar archive, compressed or uncompressed, hosted on the webserver." +"If your project already contains built sources, when you add an environment " +"it will automatically populate with the existing content. Content will be " +"drawn from the previous environment of the cycle if it had one. If there is " +"no previous environment, it will be left empty until the project sources are " +"built again." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:617 +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:61 #, no-wrap -msgid "https://myimagesourceserver.example.org/MyKiwiImage.tar.gz\n" +msgid "Build a Content Lifecycle Project" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:620 -msgid "Path to the directory on the build host" +#: modules/administration/pages/content-lifecycle.adoc:62 +msgid "" +"When you have created your project, defined environments, and attached " +"sources and filters, you can build the project for the first time." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:624 +#: modules/administration/pages/content-lifecycle.adoc:63 msgid "" -"Enter the path to the directory with the Kiwi build system sources. This " -"directory must be present on the selected build host." +"Building applies filters to the attached sources and clones them to the " +"first environment in the project." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:628 +#. type: Block title +#: modules/administration/pages/content-lifecycle.adoc:64 #, no-wrap -msgid "/var/lib/Kiwi/MyKiwiImage\n" +msgid "Procedure: Building a Content Lifecycle Project" msgstr "" -#. type: Title ==== -#: modules/administration/pages/image-management.adoc:633 -#, no-wrap -msgid "Example of Kiwi Sources" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:65 +msgid "" +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " +"and select the project you want to build." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:639 -msgid "" -"Kiwi sources consist at least of `config.xml`. Usually, `config.sh` and " -"`images.sh` are present as well. Sources can also contain files to be " -"installed in the final image under the `root` subdirectory." +#: modules/administration/pages/content-lifecycle.adoc:66 +msgid "Review the attached sources and filters, and click btn:[Build]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:641 +#: modules/administration/pages/content-lifecycle.adoc:67 msgid "" -"For information about the Kiwi build system, see the https://doc.opensuse." -"org/projects/kiwi/doc/[Kiwi documentation]." +"Provide a version message to describe the changes or updates in this build." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:643 +#: modules/administration/pages/content-lifecycle.adoc:68 +#: modules/administration/pages/content-lifecycle.adoc:75 msgid "" -"{suse} provides examples of fully functional image sources at the https://" -"github.com/SUSE/manager-build-profiles[SUSE/manager-build-profiles] public " -"GitHub repository." +"You can monitor build progress in the [guimenu]``Environment Lifecycle`` " +"section." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:644 -#, no-wrap -msgid "Example of JeOS config.xml" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:69 +msgid "" +"After the build is finished, the environment version is increased by one and " +"the built sources, such as software channels, can be assigned to your " +"clients." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:649 +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:70 #, no-wrap -msgid "\n" +msgid "Promote Environments" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:661 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:71 msgid "" -"\n" -" \n" -" Admin User\n" -" noemail@example.com\n" -" SUSE Linux Enterprise 12 SP3 JeOS\n" -" \n" -" \n" -" 6.0.0\n" -" zypper\n" -" SLE\n" -" SLE\n" +"When the project has been built, the built sources can be sequentially " +"promoted to the environments." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:666 +#. type: Block title +#: modules/administration/pages/content-lifecycle.adoc:72 #, no-wrap +msgid "Procedure: Promoting Environments" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:73 msgid "" -" en_US\n" -" us.map.gz\n" -" Europe/Berlin\n" -" utc\n" +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " +"and select the project you want to work with." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:688 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:74 msgid "" -" true\n" -" \n" -" \n" -" \n" -" \n" -" \n" -" \n" -" \n" -" \n" -" ...\n" -" \n" -" \n" -" ...\n" -" \n" -" \n" -" \n" +"In the [guimenu]``Environment Lifecycle`` section, locate the environment to " +"promote to its successor, and click btn:[Promote]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:696 +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:76 #, no-wrap -msgid "" -" \n" -" \n" -" \n" -" \n" -" ...\n" -" \n" -"\n" +msgid "Assign Clients to Environments" msgstr "" -#. ianew: admin/image-management.adoc -#. iawho: lana 2019-02-27 #. type: Plain text -#: modules/administration/pages/image-management.adoc:707 +#: modules/administration/pages/content-lifecycle.adoc:77 msgid "" -"There are two ways to build an image using the {webui}. Either select menu:" -"Images[Build], or click the build icon in the menu:Images[Profiles] list." +"When you build and promote content lifecycle projects, {productname} creates " +"a tree of software channels. To add clients to the environment, assign the " +"base and child software channels to your client using menu:Software[Software " +"Channels] in the [guimenu]``System Details`` page for the client." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:78 +msgid "" +"Newly added cloned channels are not assigned to clients automatically. If " +"you add or promote sources you will need to manually check and update your " +"channel assignments." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:79 +msgid "" +"Automatic assignment is intended to be added to {productname} in a future " +"version." +msgstr "" + +#. type: Title = +#: modules/administration/pages/content-staging.adoc:1 +#, no-wrap +msgid "Content Staging" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:713 +#: modules/administration/pages/content-staging.adoc:2 msgid "" -"Add a different tag name if you want a version other than the default " -"``latest`` (applies only to containers)." +"Staging is used by clients to download packages in advance, before they are " +"installed. This allows package installation to begin as soon as it is " +"scheduled, which can reduce the amount of time required for a maintenance " +"window." +msgstr "" + +#. type: Title == +#: modules/administration/pages/content-staging.adoc:3 +#, no-wrap +msgid "Enable Content Staging" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:714 -msgid "Select the [guimenu]``Image Profile`` and a [guimenu]``Build Host``." +#: modules/administration/pages/content-staging.adoc:4 +msgid "" +"You can manage content staging across your entire organization. In the " +"{productname} {webui}, navigate to menu:Admin[Organizations] to see a list " +"of available organizations. Click the name of an organization, and check " +"the [guimenu]``Enable Staging Contents`` box to allow clients in this " +"organization to stage package data." msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:720 +#: modules/administration/pages/content-staging.adoc:5 +#: modules/administration/pages/organizations.adoc:6 msgid "" -"A [guimenu]``Profile Summary`` is displayed to the right of the build " -"fields. When you have selected a build profile, detailed information about " -"the selected profile will show up in this area." +"You must be logged in as a {productname} administrator to create and manage " +"organizations." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:724 -msgid "To schedule a build, click the btn:[Build] button." +#: modules/administration/pages/content-staging.adoc:6 +msgid "" +"You can also enable staging at the command prompt by editing [path]``/etc/" +"sysconfig/rhn/up2date``, and adding or editing these lines:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:731 +#. type: delimited block - +#: modules/administration/pages/content-staging.adoc:7 +#, no-wrap msgid "" -"The build server cannot run any form of automounter during the image " -"building process. If applicable, ensure that you do not have your Gnome " -"session running as root. If an automounter is running, the image build will " -"finish successfully, but the checksum of the image will be different and " -"will fail later." +"stagingContent=1\n" +"stagingContentWindow=24\n" msgstr "" +#. 2018-12-10, ke: /etc/sysconfig/rhn/up2date still exists. @renner confirmed some tools use it (at least, trad. client). To be renamed in the future. #. type: Plain text -#: modules/administration/pages/image-management.adoc:738 +#: modules/administration/pages/content-staging.adoc:8 msgid "" -"After the image is successfully built, the inspection phase begins. During " -"the inspection phase {susemgr} collects information about the image:" +"The ``stagingContentWindow`` parameter is a time value expressed in hours " +"and determines when downloading will start. It is the number of hours " +"before the scheduled installation or update time. In this example, content " +"will be downloaded 24 hours before the installation time. The start time " +"for download depends on the selected contact method for a system. The " +"assigned contact method sets the time for when the next " +"[command]``mgr_check`` will be executed." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:740 -msgid "List of packages installed in the image" +#: modules/administration/pages/content-staging.adoc:9 +msgid "" +"Next time an action is scheduled, packages are automatically downloaded, but " +"not installed. At the scheduled time, the staged packages are installed." +msgstr "" + +#. type: Title == +#: modules/administration/pages/content-staging.adoc:10 +#, no-wrap +msgid "Configure Content Staging" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:741 -msgid "Checksum of the image" +#: modules/administration/pages/content-staging.adoc:11 +msgid "There are two parameters used to configure content staging:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:742 -msgid "Image type and other image details" +#: modules/administration/pages/content-staging.adoc:12 +msgid "" +"[parameter]``salt_content_staging_advance`` is the advance time for the " +"content staging window to open, in hours." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:748 +#. type: Plain text +#: modules/administration/pages/content-staging.adoc:13 msgid "" -"If the built image type is `PXE`, a Salt pillar will also be generated. " -"Image pillars are stored in the `/srv/susemanager/pillar_data/images/` " -"directory and the Salt subsystem can access details about the generated " -"image. Details include where the pillar is located and provided, image " -"checksums, information needed for network boot, and more." +"This is the number of hours before installation starts, that package " +"downloads can begin." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:750 -msgid "The generated pillar is available to all connected clients." +#. type: Plain text +#: modules/administration/pages/content-staging.adoc:14 +msgid "" +"[parameter]``salt_content_staging_window`` is the duration of the content " +"staging window, in hours." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:761 +#: modules/administration/pages/content-staging.adoc:15 msgid "" -"Building an image requires several dependent steps. When the build fails, " -"investigating Salt states results can help identify the source of the " -"failure. You can carry out these checks when the build fails:" +"This is the amount of time clients have to stage packages before " +"installation begins." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:763 -msgid "The build host can access the build sources" +#: modules/administration/pages/content-staging.adoc:16 +msgid "" +"For example, if [parameter]``salt_content_staging_advance`` is set to six " +"hours, and [parameter]``salt_content_staging_window`` is set to two hours, " +"the staging window will open six hours before the installation time, and " +"remain open for two hours. No packages will be downloaded in the four " +"remaining hours until installation starts." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:764 +#: modules/administration/pages/content-staging.adoc:17 msgid "" -"There is enough disk space for the image on both the build host and the " -"{productname} server" +"If you set the same value for both " +"[parameter]``salt_content_staging_advance`` and " +"[parameter]``salt_content_staging_window`` packages will be able to be " +"downloaded until installation begins." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:765 -msgid "The activation key has the correct channels associated with it" +#: modules/administration/pages/content-staging.adoc:18 +msgid "" +"Configure the content staging parameters in [path]``/usr/share/rhn/config-" +"defaults/rhn_java.conf``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:766 -msgid "The build sources used are valid" +#: modules/administration/pages/content-staging.adoc:19 +msgid "Default values:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:768 -msgid "" -"The RPM package with the {productname} public certificate is up to date and " -"available at `/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-" -"osimage-1.0-1.noarch.rpm`. For more on how to refresh a public certificate " -"RPM, see <>." +#: modules/administration/pages/content-staging.adoc:20 +msgid "[path]``salt_content_staging_advance: 8 hours``" msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:772 +#. type: Plain text +#: modules/administration/pages/content-staging.adoc:21 +msgid "[path]``salt_content_staging_window: 8 hours``" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/content-staging.adoc:22 +msgid "Content staging must be enabled for these parameters to work correctly." +msgstr "" + +#. type: Title = +#: modules/administration/pages/crash-reporting.adoc:1 #, no-wrap -msgid "Limitations" +msgid "Crash Reporting" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:775 -msgid "The section contains some known issues when working with images." +#: modules/administration/pages/crash-reporting.adoc:2 +msgid "" +"Crash reporting is used to automatically monitor and report on traditional " +"{redhat} clients that have experienced a crash." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:777 +#: modules/administration/pages/crash-reporting.adoc:3 msgid "" -"HTTPS certificates used to access the HTTP sources or git repositories " -"should be deployed to the client by a custom state file, or configured " -"manually." +"Clients that have crash reporting enabled report any crashes to the " +"{productname} Server. This allows you to see what crashes have occurred, " +"manage crash reports, and add custom notes to crashes from within the " +"{productname} {webui}. You can also run reports on crashes." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/crash-reporting.adoc:4 +msgid "" +"Crash reporting works only with traditional {redhat} clients. It does not " +"work with Salt clients, or with traditional clients running any other " +"operating system." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:778 -msgid "Importing Kiwi-based images is not supported." +#: modules/administration/pages/crash-reporting.adoc:5 +msgid "" +"Crash reporting requires the ``spacewalk-abrt`` package installed on the " +"client you want to monitor. To manage crash reports in the {webui}, " +"navigate to menu:Systems[Software Crashes]." msgstr "" #. type: Title == -#: modules/administration/pages/image-management.adoc:782 +#: modules/administration/pages/crash-reporting.adoc:6 #, no-wrap -msgid "List Image Profiles Available for Building" +msgid "Crash Notes" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:787 +#: modules/administration/pages/crash-reporting.adoc:7 msgid "" -"To list images available for building select menu:Images[Image List]. A " -"list of all images will be displayed." +"You can create custom notes for each crash report using the {productname} " +"{webui}. Navigate to menu:Systems[Systems List] and select the client that " +"crashed. Navigate to the menu:Software[Software Crashes] tab to see a list " +"of all current crashes for the selected client. Click the crash to see more " +"information, and navigate to the [guimenu]``Crash Notes`` tab to add or edit " +"notes." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:788 +#. type: Title == +#: modules/administration/pages/crash-reporting.adoc:8 #, no-wrap -msgid "images_list_images.png" +msgid "Organization Crash Configuration" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:792 +#: modules/administration/pages/crash-reporting.adoc:9 msgid "" -"Displayed data about images includes an image [guimenu]``Name``, its " -"[guimenu]``Version`` and the build [guimenu]``Status``. You will also see " -"the image update status with a listing of possible patch and package updates " -"that are available for the image." +"You can manage crash reporting for your entire organization, turning the " +"feature on or off, changing whether crash files are uploaded, and setting a " +"size limit for file upload sizes. Navigate to menu:Admin[Organizations] and " +"select the organization you want to manage. Navigate to the " +"[guimenu]``Configuration`` tab and change the settings as required. Click " +"btn:[Update Organization] to save the changes." +msgstr "" + +#. type: Title == +#: modules/administration/pages/crash-reporting.adoc:10 +#, no-wrap +msgid "Reporting" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:795 +#: modules/administration/pages/crash-reporting.adoc:11 msgid "" -"Clicking the btn:[Details] button on an image will provide a detailed view. " -"The detailed view includes an exact list of relevant patches and a list of " -"all packages installed within the image." +"{productname} allows you to use the following crash-related reports with the " +"spacewalk-report tool:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:799 +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:12 +#, no-wrap msgid "" -"The patch and the package list is only available if the inspect state after " -"a build was successful." +"system-crash-count\n" +"system-crash-details\n" msgstr "" -#. type: Title = -#: modules/administration/pages/iss.adoc:2 +#. type: Plain text +#: modules/administration/pages/crash-reporting.adoc:13 +#, fuzzy +msgid "" +"For more information about reports, see xref:administration:reports.adoc[]." +msgstr "" +"Další informace o importovaných certifikátech najdete na stránce xref:" +"administration:ssl-certs-imported.adoc[]." + +#. type: Title == +#: modules/administration/pages/crash-reporting.adoc:14 #, no-wrap -msgid "Inter-Server Synchronization" +msgid "Managing Crash Reports with the API" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:6 -msgid "" -"If you have more than one {productname} installation, you need to ensure " -"that they stay aligned on content and permissions. Inter-Server " -"Synchronization (ISS) allows you to connect two or more {productname} " -"Servers and keep them up-to-date." +#: modules/administration/pages/crash-reporting.adoc:15 +msgid "Use these API calls to manage reported software crashes:" msgstr "" -#. type: Plain text -#: modules/administration/pages/iss.adoc:9 +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:16 +#, no-wrap msgid "" -"To set up ISS, you need to define one {productname} Server as a master, with " -"the other as a slave. If conflicting configurations exist, the system will " -"prioritize the master configuration." +"system.crash.getLastReportDate()\n" +"system.crash.getUniqueCrashCount()\n" +"system.crash.getTotalCrashCount()\n" +"system.crash.listSystemCrashes()\n" +"system.crash.listSystemCrashFiles()\n" +"system.crash.deleteCrash()\n" +"system.crash.getCrashFileUrl()\n" +"system.crash.getCrashFile()\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/iss.adoc:16 -msgid "" -"ISS Masters are masters only because they have slaves attached to them. " -"This means that you need to set up the ISS Master first, by defining its " -"slaves. You can then set up the ISS Slaves, by attaching them to a master." +#. type: Plain text +#: modules/administration/pages/crash-reporting.adoc:17 +msgid "Use these API calls to manage notes on crashes:" msgstr "" -#. type: Block title -#: modules/administration/pages/iss.adoc:20 +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:18 #, no-wrap -msgid "Procedure: Setting up an ISS Master" +msgid "" +"system.crash.createCrashNote()\n" +"system.crash.deleteCrashNote()\n" +"system.crash.getCrashNotesForCrash()\n" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:23 +#: modules/administration/pages/crash-reporting.adoc:19 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " -"Master Setup], and click btn:[Add new slave]." +"Use these API calls to manage organization settings for crash reporting:" msgstr "" -#. type: Plain text -#: modules/administration/pages/iss.adoc:24 +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:20 +#, no-wrap msgid "" -"In the [guimenu]``Edit Slave Details`` dialog, provide these details for the " -"ISS Master's first slave:" +"org.getCrashFileSizeLimit()\n" +"org.setCrashFileSizeLimit()\n" +"org.isCrashReportingEnabled()\n" +"org.setCrashReporting()\n" +"org.isCrashfileUploadEnabled()\n" +"org.setCrashfileUpload()\n" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:26 +#: modules/administration/pages/crash-reporting.adoc:21 msgid "" -"In the [guimenu]``Slave Fully-Qualified Domain Name`` field, enter the FQDN " -"of the ISS Slave. For example: [systemitem]``server2.example.com``." +"For more information about the API, see the latest API documentation " +"available from https://documentation.suse.com/suma." msgstr "" -#. type: Plain text -#: modules/administration/pages/iss.adoc:27 -msgid "" -"Check the [guimenu]``Allow Slave to Sync?`` checkbox to enable the slave to " -"synchronize with the master." +#. type: Title = +#: modules/administration/pages/custom-channels.adoc:1 +#, no-wrap +msgid "Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:28 +#: modules/administration/pages/custom-channels.adoc:2 msgid "" -"Check the [guimenu]``Sync All Orgs to Slave?`` checkbox to synchronize all " -"organizations to this slave." +"Custom channels give you the ability to create your own software packages " +"and repositories, which you can use to update your clients. They also allow " +"you to use software provided by third party vendors in your environment." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:29 -msgid "Click btn:[Create] to add the ISS slave." +#: modules/administration/pages/custom-channels.adoc:3 +msgid "" +"You must have administrator privileges to be able to create and manage " +"custom channels." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:30 +#: modules/administration/pages/custom-channels.adoc:4 msgid "" -"In the [guimenu]``Allow Export of the Selected Organizations`` section, " -"check the organizations you want to allow this slave to export to the " -"master, and click btn:[Allow Orgs]." +"Before you create a custom channel, determine which base channel you want to " +"associate it with, and which repositories you want to use for content." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:34 +#: modules/administration/pages/custom-channels.adoc:5 msgid "" -"Before you set up the ISS Slave, you will need to ensure you have the " -"appropriate CA certificate." +"This section gives more detail on how to create, administer, and delete " +"custom channels." msgstr "" -#. type: Block title -#: modules/administration/pages/iss.adoc:37 +#. type: Title == +#: modules/administration/pages/custom-channels.adoc:6 #, no-wrap -msgid "Procedure: Copying the Master CA Certificate to an ISS Slave" +msgid "Creating Custom Channels and Repositories" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:39 +#: modules/administration/pages/custom-channels.adoc:7 msgid "" -"On the ISS Master, locate the CA Certificate at ``/srv/www/htdocs/pub/RHN-" -"ORG-TRUSTED-SSL-CERT`` and create a copy that can be transferred to the " -"ISS Slave." +"If you have custom software packages that you need to install on your " +"{productname} systems, you can create a custom child channel to manage " +"them. You will need to create the channel in the {productname} {webui} and " +"create a repository for the packages, before assigning the channel to your " +"systems." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:40 +#: modules/administration/pages/custom-channels.adoc:8 msgid "" -"On the ISS Slave, save the CA certificate file to the ``/etc/pki/trust/" -"anchors/`` directory." +"You can select a vendor channel as the base channel if you want to use " +"packages provided by a vendor. Alternatively, select ``none`` to make your " +"custom channel a base channel." msgstr "" +#. We need to create a section on importing GPG keys and change this to point there: https://github.com/SUSE/spacewalk/issues/9474 LKB 2019-09-18 #. type: Plain text -#: modules/administration/pages/iss.adoc:43 -msgid "When you have copied the certificate, you can set up the ISS Slave." +#: modules/administration/pages/custom-channels.adoc:9 +msgid "" +"Custom channels will sometimes require additional security settings. Many " +"third party vendors secure packages with GPG. If you want to use GPG-" +"protected packages in your custom channel, you will need to trust the GPG " +"key which has been used to sign the metadata. You can then check the " +"[guimenu]``Has Signed Metadata?`` check box to match the package metadata " +"against the trusted GPG keys. For more information on importing GPG keys, " +"see xref:reference:systems/autoinst-gpg-and-ssl-keys.adoc[]." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/custom-channels.adoc:10 +msgid "" +"Do not create child channels containing packages that are not compatible " +"with the client system." msgstr "" #. type: Block title -#: modules/administration/pages/iss.adoc:46 +#: modules/administration/pages/custom-channels.adoc:11 #, no-wrap -msgid "Procedure: Setting up an ISS Slave" +msgid "Procedure: Creating a Custom Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:49 +#: modules/administration/pages/custom-channels.adoc:12 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " -"Slave Setup], and click btn:[Add new master]." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and click btn:[Create Channel]." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:50 +#: modules/administration/pages/custom-channels.adoc:13 msgid "" -"In the [guimenu]``Details for new Master`` dialog, provide these details for " -"the server to use as the ISS master:" +"On the [guimenu]``Create Software Channel`` page, give your channel a name " +"(for example, [systemitem]``My Tools SLES 15 SP1 x86_64``) and a label (for " +"example, [systemitem]``my-tools-sles15sp1-x86_64``)." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:52 -msgid "" -"In the [guimenu]``Master Fully-Qualified Domain Name`` field, enter the FQDN " -"of the ISS Master for this slave. For example: ``server1.example.com``." +#: modules/administration/pages/custom-channels.adoc:14 +msgid "Labels must not contain spaces or uppercase letters." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:54 +#: modules/administration/pages/custom-channels.adoc:15 msgid "" -"In the [guimenu]``Filename of this Master's CA Certificate`` field, enter " -"the absolute path to the CA certificate on the ISS master. This should be " -"``/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT``." +"In the [guimenu]``Parent Channel`` drop down, choose the relevant base " +"channel (for example, [systemitem]``SLE-Product-SLES15-SP1-Pool for " +"x86_64``)." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:55 -msgid "Click btn:[Add new master] to add the ISS Slave to this master." +#: modules/administration/pages/custom-channels.adoc:16 +msgid "Ensure that you choose the compatible parent channel for your packages." msgstr "" -#. type: Block title -#: modules/administration/pages/iss.adoc:58 -#, no-wrap -msgid "Procedure: Completing ISS Setup" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:17 +msgid "" +"In the [guimenu]``Architecture`` drop down, choose the appropriate hardware " +"architecture (for example, [systemitem]``x86_64``)." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:60 +#: modules/administration/pages/custom-channels.adoc:18 msgid "" -"At the command prompt on the ISS Slave, synchronize with the ISS Master:" +"Provide any additional information in the contact details, channel access " +"control, and GPG fields, as required for your environment." msgstr "" -#. type: delimited block - -#: modules/administration/pages/iss.adoc:63 -#, no-wrap -msgid "mgr-inter-sync\n" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:19 +msgid "Click btn:[Create Channel]." msgstr "" -#. type: Plain text -#: modules/administration/pages/iss.adoc:65 -msgid "OPTIONAL: To synchronize a single channel, use this command:" +#. type: delimited block = +#: modules/administration/pages/custom-channels.adoc:20 +msgid "" +"By default, the ``Enable GPG Check`` field is checked when you create a new " +"channel. If you would like to add custom packages and applications to your " +"channel, make sure you uncheck this field to be able to install unsigned " +"packages. Disabling the GPG check is a security risk if packages are from " +"an untrusted source." msgstr "" -#. type: delimited block - -#: modules/administration/pages/iss.adoc:68 +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:21 #, no-wrap -msgid "mgr-inter-sync -c \n" +msgid "Procedure: Creating a Software Repository" msgstr "" -#. Need to double check this against the UI. --LKB 2020-04-08 #. type: Plain text -#: modules/administration/pages/iss.adoc:70 +#: modules/administration/pages/custom-channels.adoc:22 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " -"Configure Master-to-Slave Mappings] and select the organizations you want to " -"synchronize." +"In the {productname} {webui}, navigate to menu:Software[Manage > " +"Repositories], and click btn:[Create Repository]." msgstr "" -#. type: Title = -#: modules/administration/pages/live-patching-channel-setup.adoc:2 -#, no-wrap -msgid "Set up Channels for Live Patching" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:23 +msgid "" +"On the [guimenu]``Create Repository`` page, give your repository a label " +"(for example, [systemitem]``my-tools-sles15sp1-x86_64-repo``)." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:7 +#: modules/administration/pages/custom-channels.adoc:24 msgid "" -"A reboot is required every time you update the full kernel package. " -"Therefore, it is important that clients using Live Patching do not have " -"newer kernels available in the channels they are assigned to. Clients using " -"live patching have updates for the running kernel in the live patching " -"channels." +"In the [guimenu]``Repository URL`` field, provide the path to the directory " +"that contains the [path]``repodata`` file (for example, " +"[systemitem]``file:///opt/mytools/``)." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:9 -msgid "There are two ways to manage channels for live patching:" +#: modules/administration/pages/custom-channels.adoc:25 +msgid "You can use any valid addressing protocol in this field." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:13 -msgid "" -"Use content lifecycle management to clone the product tree and remove kernel " -"versions newer than the running one. This procedure is explained in the " -"xref:content-lifecycle-examples.adoc#enhance-project-with-" -"livepatching[Content Livecycle Management Examples]. This is the " -"recommended solution." +#: modules/administration/pages/custom-channels.adoc:26 +msgid "Uncheck the [guimenu]``Has Signed Metadata?`` check box." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:17 +#: modules/administration/pages/custom-channels.adoc:27 msgid "" -"Use the `spacewalk-manage-channel-lifecycle` tool. This procedure is more " -"manual and requires command line tools as well as the {webui}. This " -"procedure is explained in this section for SLES{nbsp}15 SP1, but it also " -"works for SLE{nbsp}12 SP4 or later." -msgstr "" - -#. type: Title == -#: modules/administration/pages/live-patching-channel-setup.adoc:18 -#, no-wrap -msgid "Use spacewalk-manage-channel-lifecycle for Live Patching" +"OPTIONAL: Complete the SSL fields if your repository requires client " +"certificate authentication." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:22 -msgid "" -"Cloned vendor channels should be prefixed by ``dev`` for development, " -"``testing``, or ``prod`` for production. In this procedure, you will create " -"a ``dev`` cloned channel and then promote the channel to ``testing``." +#: modules/administration/pages/custom-channels.adoc:28 +msgid "Click btn:[Create Repository]." msgstr "" #. type: Block title -#: modules/administration/pages/live-patching-channel-setup.adoc:23 +#: modules/administration/pages/custom-channels.adoc:29 #, no-wrap -msgid "Procedure: Cloning Live Patching Channels" +msgid "Procedure: Assigning the Repository to a Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:26 +#: modules/administration/pages/custom-channels.adoc:30 msgid "" -"At the command prompt on the client, as root, obtain the current package " -"channel tree:" +"Assign your new repository to your custom channel by navigating to menu:" +"Software[Manage > Channels], clicking the name of your newly created custom " +"channel, and navigating to the [guimenu]``Repositories`` tab." msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:34 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:31 msgid "" -"# spacewalk-manage-channel-lifecycle --list-channels\n" -"Spacewalk Username: admin\n" -"Spacewalk Password:\n" -"Channel tree:\n" +"Ensure the repository you want to assign to the channel is checked, and " +"click btn:[Update Repositories]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:41 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:32 msgid "" -" 1. sles15-{sp-vert}-pool-x86_64\n" -" \\__ sle-live-patching15-pool-x86_64-{sp-vert}\n" -" \\__ sle-live-patching15-updates-x86_64-{sp-vert}\n" -" \\__ sle-manager-tools15-pool-x86_64-{sp-vert}\n" -" \\__ sle-manager-tools15-updates-x86_64-{sp-vert}\n" -" \\__ sles15-{sp-vert}-updates-x86_64\n" +"Navigate to the [guimenu]``Sync`` tab and click btn:[Sync Now] to " +"synchronize immediately." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:44 -msgid "" -"Use the [command]``spacewalk-manage-channel`` command with the " -"[option]``init`` argument to automatically create a new development clone of " -"the original vendor channel:" +#: modules/administration/pages/custom-channels.adoc:33 +msgid "You can also set an automated synchronization schedule on this tab." msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:48 -#, no-wrap -msgid "spacewalk-manage-channel-lifecycle --init -c sles15-{sp-vert}-pool-x86_64\n" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:34 +msgid "" +"There are several ways to check if a channel has finished synchronizing:" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:51 +#: modules/administration/pages/custom-channels.adoc:35 msgid "" -"Check that [systemitem]``dev-sles15-{sp-vert}-updates-x86_64`` is available " -"in your channel list." +"In the {productname} {webui}, navigate to menu:Admin[Setup Wizard] and " +"select the [guimenu]``Products`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:53 +#: modules/administration/pages/custom-channels.adoc:36 msgid "" -"Check the ``dev`` cloned channel you created, and remove any kernel updates " -"that require a reboot." -msgstr "" - -#. type: Block title -#: modules/administration/pages/live-patching-channel-setup.adoc:54 -#, no-wrap -msgid "Procedure: Removing Non-Live Kernel Patches from Cloned Channels" +"This dialog displays a completion bar for each product when they are being " +"synchronized." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:57 +#: modules/administration/pages/custom-channels.adoc:37 msgid "" -"Check the current kernel version by selecting the client from menu:" -"Systems[System List], and taking note of the version displayed in the " -"[guimenu]``Kernel`` field." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"then click the channel associated to the repository." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:59 +#: modules/administration/pages/custom-channels.adoc:38 msgid "" -"In the {productname} {webui}, select the client from menu:Systems[Overview], " -"navigate to the menu:Software[Manage > Channels] tab, and select " -"[systemitem]``dev-sles15-sp{sp-vert}-updates-x86_64``. Navigate to the " -"[guimenu]``Patches`` tab, and click btn:[List/Remove Patches]." +"Navigate to the menu:[Repositories > Sync] tab. The [guimenu]``Sync " +"Status`` is shown next to the repository name.." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:60 -msgid "" -"In the search bar, type [systemitem]``kernel`` and identify the kernel " -"version that matches the kernel currently used by your client." +#: modules/administration/pages/custom-channels.adoc:39 +msgid "Check the synchronization log file at the command prompt:" msgstr "" -#. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:61 -msgid "" -"Remove all kernel versions that are newer than the currently installed " -"kernel." +#. type: delimited block - +#: modules/administration/pages/custom-channels.adoc:40 +#, no-wrap +msgid "tail -f /var/log/rhn/reposync/.log\n" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:64 +#: modules/administration/pages/custom-channels.adoc:41 msgid "" -"Your channel is now set up for live patching, and can be promoted to " -"``testing``. In this procedure, you will also add the live patching child " -"channels to your client, ready to be applied." +"Each child channel will generate its own log during the synchronization " +"progress. You will need to check all the base and child channel log files " +"to be sure that the synchronization is complete." msgstr "" #. type: Block title -#: modules/administration/pages/live-patching-channel-setup.adoc:65 +#: modules/administration/pages/custom-channels.adoc:42 #, no-wrap -msgid "Procedure: Promoting Live Patching Channels" +msgid "Procedure: Adding Custom Channels to an Activation Key" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:68 +#: modules/administration/pages/custom-channels.adoc:43 msgid "" -"At the command prompt on the client, as `root`, promote and clone the `dev-" -"sles15-{sp-vert}-pool-x86_64` channel to a new ``testing`` channel:" +"In the {productname} {webui}, navigate to menu:Systems[Activation Keys], and " +"select the key you want to add the custom channel to." msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:72 -#, no-wrap -msgid "# spacewalk-manage-channel-lifecycle --promote -c dev-sles15-{sp-vert}-pool-x86_64\n" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:44 +msgid "" +"On the [guiemnu]``Details`` tab, in the [guimenu]``Child Channels`` listing, " +"select the channel to associate." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:74 -msgid "" -"In the {productname} {webui}, select the client from menu:Systems[Overview], " -"and navigate to the menu:Software[Software Channels] tab." +#: modules/administration/pages/custom-channels.adoc:45 +msgid "You can select multiple channels, if you need to." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:75 -msgid "" -"Check the new [systemitem]``test-sles15-sp{sp-vert}-pool-x86_64`` custom " -"channel to change the base channel, and check both corresponding live " -"patching child channels." +#: modules/administration/pages/custom-channels.adoc:46 +msgid "Click btn:[Update Activation Key]." +msgstr "" + +#. type: Title == +#: modules/administration/pages/custom-channels.adoc:47 +#, no-wrap +msgid "Add Packages and Patches to Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:76 +#: modules/administration/pages/custom-channels.adoc:48 msgid "" -"Click btn:[Next], confirm that the details are correct, and click btn:" -"[Confirm] to save the changes." +"When you create a new custom channel without cloning it from an existing " +"channel, it will not contain any packages or patches. You can add the " +"packages and patches you require using the {productname} {webui}." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:77 +#: modules/administration/pages/custom-channels.adoc:49 msgid "" -"You can now select and view available CVE patches, and apply these important " -"kernel updates with Live Patching." +"Custom channels can only include packages or patches that are cloned or " +"custom, and they must match the base architecture of the channel. Patches " +"added to custom channels must apply to a package that exists in the channel." msgstr "" -#. type: Title = -#: modules/administration/pages/live-patching-sles12.adoc:2 +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:50 #, no-wrap -msgid "Live Patching on SLES{nbsp}12" +msgid "Procedure: Adding Packages to Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:7 +#: modules/administration/pages/custom-channels.adoc:51 msgid "" -"On SLES{nbsp}12 systems, live patching is managed by kGraft. For in depth " -"information covering kGraft use, see https://documentation.suse.com/sles/12-" -"SP4/html/SLES-all/cha-kgraft.html." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and go to the [guimenu]``Packages`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:9 -msgid "Before you begin, ensure:" +#: modules/administration/pages/custom-channels.adoc:52 +msgid "" +"OPTIONAL: See all packages currently in the channel by navigating to the " +"[guimenu]``List/Remove`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:11 -msgid "{productname} is fully updated." +#: modules/administration/pages/custom-channels.adoc:53 +msgid "" +"Add new packages to the channel by navigating to the [guimenu]``Add`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:12 -msgid "You have one or more Salt clients running SLES{nbsp}12 (SP1 or later)." +#: modules/administration/pages/custom-channels.adoc:54 +msgid "" +"Select the parent channel to provide packages, and click btn:[View Packages] " +"to populate the list." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:13 -msgid "Your SLES{nbsp}12 Salt clients are registered with {productname}." +#: modules/administration/pages/custom-channels.adoc:55 +msgid "" +"Check the packages to add to the custom channel, and click btn:[Add " +"Packages]." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:14 +#: modules/administration/pages/custom-channels.adoc:56 msgid "" -"You have access to the SLES{nbsp}12 channels appropriate for your " -"architecture, including the live patching child channel (or channels)." +"When you are satisfied with the selection, click btn:[Confirm Addition] to " +"add the packages to the channel." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:15 -msgid "The clients are fully synchronized." +#: modules/administration/pages/custom-channels.adoc:57 +msgid "" +"OPTIONAL: You can compare the packages in the current channel with those in " +"a different channel by navigating to menu:Software[Manage > Channels], and " +"going to the menu:Packages[Compare] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:17 +#: modules/administration/pages/custom-channels.adoc:58 msgid "" -"Assign the clients to the cloned channels prepared for live patching. For " -"more information on preparation, see xref:administration:live-patching-" -"channel-setup.adoc[]." +"To make the two channels the same, click the btn:[Merge Differences] button, " +"and resolve any conflicts." msgstr "" #. type: Block title -#: modules/administration/pages/live-patching-sles12.adoc:20 +#: modules/administration/pages/custom-channels.adoc:59 #, no-wrap -msgid "Procedure: Setting up for Live Patching" +msgid "Procedure: Adding Patches to a Custom Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:24 +#: modules/administration/pages/custom-channels.adoc:60 msgid "" -"Select the client you want to manage with Live Patching from menu:" -"Systems[Overview], and on the system details page navigate to the menu:" -"Software[Packages > Install] tab. Search for the [systemitem]``kgraft`` " -"package, and install it." -msgstr "" - -#. type: Target for macro image -#: modules/administration/pages/live-patching-sles12.adoc:25 -#, no-wrap -msgid "enable_live_patching_kgraft_install.png" +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and go to the [guimenu]``Patches`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:27 -msgid "Apply the highstate to enable Live Patching, and reboot the client." +#: modules/administration/pages/custom-channels.adoc:61 +msgid "" +"OPTIONAL: See all patches currently in the channel by navigating to the " +"[guimenu]``List/Remove`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:28 -msgid "Repeat for each client that you want to manage with Live Patching." +#: modules/administration/pages/custom-channels.adoc:62 +msgid "" +"Add new patches to the channel by navigating to the [guimenu]``Add`` tab, " +"and selecting what kind of patches you want to add." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:29 +#: modules/administration/pages/custom-channels.adoc:63 msgid "" -"To check that live patching has been enabled correctly, select the client " -"from menu:Systems[System List], and ensure that [systemitem]``Live " -"Patching`` appears in the [guimenu]``Kernel`` field." +"Select the parent channel to provide patches, and click btn:[View Associated " +"Patches] to populate the list." msgstr "" -#. type: Block title -#: modules/administration/pages/live-patching-sles12.adoc:32 -#, no-wrap -msgid "Procedure: Applying Live Patches to a Kernel" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:64 +msgid "" +"Check the patches to add to the custom channel, and click btn:[Confirm]." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:36 +#: modules/administration/pages/custom-channels.adoc:65 msgid "" -"In the {productname} {webui}, select the client from menu:" -"Systems[Overview]. You will see a banner at the top of the screen showing " -"the number of critical and non-critical packages available for the client:" +"When you are satisfied with the selection, click btn:[Confirm] to add the " +"patches to the channel." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/live-patching-sles12.adoc:37 +#. type: Title == +#: modules/administration/pages/custom-channels.adoc:66 #, no-wrap -msgid "live_patching_criticalupdates.png" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:40 -msgid "Click btn:[Critical] to see a list of the available critical patches." +msgid "Manage Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:42 +#: modules/administration/pages/custom-channels.adoc:67 msgid "" -"Select any patch with a synopsis reading [guimenu]``Important: Security " -"update for the Linux kernel``. Security bugs will also include their CVE " -"number, where applicable." +"{productname} administrators and channel administrators can alter or delete " +"any channel." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:43 +#: modules/administration/pages/custom-channels.adoc:68 msgid "" -"OPTIONAL: If you know the CVE number of a patch you want to apply, you can " -"search for it in menu:Audit[CVE Audit], and apply the patch to any clients " -"that require it." +"To grant other users rights to alter or delete a channel, navigate to menu:" +"Software[Manage > Channels] and select the channel you want to edit. " +"Navigate to the [guimenu]``Managers`` tab, and check the user to grant " +"permissions. Click btn:[Update] to save the changes." msgstr "" #. type: delimited block = -#: modules/administration/pages/live-patching-sles12.adoc:49 +#: modules/administration/pages/custom-channels.adoc:69 msgid "" -"Not all kernel patches are Live Patches! Non-Live kernel patches are " -"represented by a `Reboot Required` icon located next to the `Security` " -"shield icon. These patches will always require a reboot." +"If you delete a channel that has been assigned to a set of clients, it will " +"trigger an immediate update of the channel state for any clients associated " +"with the deleted channel. This is to ensure that the changes are reflected " +"accurately in the repository file." msgstr "" -#. type: delimited block = -#: modules/administration/pages/live-patching-sles12.adoc:58 +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:70 msgid "" -"Not all security issues can be fixed by applying a live patch. Some " -"security issues can only be fixed by applying a full kernel update and will " -"require a reboot. The assigned CVE numbers for these issues are not " -"included in live patches. A CVE audit will display this requirement." +"You cannot delete {productname} channels with the {webui}. Only custom " +"channels can be deleted." msgstr "" -#. type: Title = -#: modules/administration/pages/live-patching-sles15.adoc:2 +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:71 #, no-wrap -msgid "Live Patching on SLES{nbsp}15" +msgid "Procedure: Deleting Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:5 +#: modules/administration/pages/custom-channels.adoc:72 msgid "" -"On SLES{nbsp}15 systems and newer, live patching is managed by the " -"[systemitem]``klp livepatch`` tool." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and select the channel you want to delete." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:10 -msgid "You have one or more Salt clients running SLES{nbsp}15 (SP1 or later)." +#: modules/administration/pages/custom-channels.adoc:73 +msgid "Click btn:[Delete software channel]." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:11 -msgid "Your SLES{nbsp}15 Salt clients are registered with {productname}." +#: modules/administration/pages/custom-channels.adoc:74 +msgid "" +"On the [guimenu]``Delete Channel`` page, check the details of the channel " +"you are deleting, and check the [guimenu]``Unsubscribe Systems`` checkbox to " +"remove the custom channel from any systems that might still be subscribed." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:12 -msgid "" -"You have access to the SLES{nbsp}15 channels appropriate for your " -"architecture, including the live patching child channel (or channels)." +#: modules/administration/pages/custom-channels.adoc:75 +msgid "Click btn:[Delete Channel]." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:22 +#: modules/administration/pages/custom-channels.adoc:76 msgid "" -"Select the client you want to manage with Live Patching from menu:" -"Systems[Overview], and navigate to the menu:Software[Packages > Install] " -"tab. Search for the [systemitem]``kernel-livepatch`` package, and install " -"it." -msgstr "" - -#. type: Target for macro image -#: modules/administration/pages/live-patching-sles15.adoc:23 -#, no-wrap -msgid "enable_live_patching_kernel_live_install.png" +"When channels are deleted, the packages that are part of the deleted channel " +"are not automatically removed. You will not be able to update packages that " +"have had their channel deleted." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:27 +#: modules/administration/pages/custom-channels.adoc:77 msgid "" -"To check that live patching has been enabled correctly, select the client " -"from menu:Systems[System List], and ensure that [systemitem]``Live Patch`` " -"appears in the [guimenu]``Kernel`` field." +"You can delete packages that are not associated with a channel in the " +"{productname} {webui}. Navigate to menu:Software[Manage > Packages], check " +"the packages to remove, and click btn:[Delete Packages]." msgstr "" #. type: Title = -#: modules/administration/pages/live-patching.adoc:2 +#: modules/administration/pages/disconnected-setup.adoc:1 #, no-wrap -msgid "Live Patching with SUSE Manager" +msgid "Disconnected Setup" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching.adoc:7 +#: modules/administration/pages/disconnected-setup.adoc:2 msgid "" -"Performing a kernel update usually requires a system reboot. Common " -"vulnerability and exposure (CVE) patches should be applied as soon as " -"possible, but if you cannot afford the downtime, you can use Live Patching " -"to inject these important updates and skip the need to reboot." +"When it is not possible to connect {productname} to the internet, you can " +"use it within a disconnected environment." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching.adoc:9 +#: modules/administration/pages/disconnected-setup.adoc:3 msgid "" -"The procedure for setting up Live Patching is slightly different for " -"SLES{nbsp}12 and SLES{nbsp}15. Both procedures are documented in this " -"section." -msgstr "" - -#. type: Title = -#: modules/administration/pages/maintenance-window-tasks.adoc:2 -#, no-wrap -msgid "Maintenance Window Tasks" +"The repository mirroring tool (RMT) is available on {sle}{nbsp}15 and " +"later. RMT replaces the subscription management tool (SMT), which can be " +"used on older {sle} installations." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:6 +#: modules/administration/pages/disconnected-setup.adoc:4 msgid "" -"If you work with scheduled maintenance windows, you might find it difficult " -"to remember all the things that you need to do before, during, and after " -"that critical downtime of the {productname} Server. {productname} Server " -"related systems such as Inter-Server Synchronization Slave Servers or " -"{productname} Proxies are also affected and have to be considered." +"In a disconnected {productname} setup, RMT or SMT uses an external network " +"to connect to {scc}. All software channels and repositories are " +"synchronized to a removable storage device. The storage device can then be " +"used to update the disconnected {productname} installation." msgstr "" -#. It's similar to zypper at the package level: #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:11 +#: modules/administration/pages/disconnected-setup.adoc:5 msgid "" -"{suse} recommends you always keep your {productname} infrastructure " -"updated. That includes servers, proxies, and build hosts. If you do not " -"keep the {productname} Server updated, you might not be able to update some " -"parts of your environment when you need to." +"This setup allows your {productname} installation to remain in an offline, " +"disconnected environment." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/disconnected-setup.adoc:6 +msgid "" +"Your RMT or SMT instance must be used to managed a {productname} Server " +"directly. It cannot be used to manage a second RMT or SMT instance, in a " +"cascade." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:13 +#: modules/administration/pages/disconnected-setup.adoc:7 msgid "" -"This section contains a checklist for your maintenance window, with links to " -"further information on performing each of the steps." +"For more information on RMT, see https://documentation.suse.com/sles/15-SP2/" +"html/SLES-all/book-rmt.html." msgstr "" #. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:16 +#: modules/administration/pages/disconnected-setup.adoc:8 #, no-wrap -msgid "Server" +msgid "Synchronize RMT" msgstr "" -#. ke, 2019-09-30: we'll stop spacewalk during the update -#. . Stop spacewalk services. -#. You will need to stop the spacewalk, SAP, and database services, along with any others you have running. -#. . Check if the configuration is still correct. #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:24 -msgid "Apply the latest updates. See xref:upgrade:server-intro.adoc[]." +#: modules/administration/pages/disconnected-setup.adoc:9 +msgid "" +"You can use RMT on {sle} 15 installations to manage clients running {sle} 12 " +"or later." msgstr "" -#. We reboot during the above listed procedures. -#. . Reboot the server. -#. . Check if the configuration is still correct. -#. . Start any stopped services. #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:29 -msgid "Upgrade to the latest service pack, if required." +#: modules/administration/pages/disconnected-setup.adoc:10 +msgid "" +"We recommend you set up a dedicated RMT instance for each {productname} " +"installation." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:30 -msgid "" -"Run [command]``spacewalk-service status`` and check whether all required " -"services are up and running." +#. type: Block title +#: modules/administration/pages/disconnected-setup.adoc:11 +#, no-wrap +msgid "Procedure: Setting up RMT" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:32 -msgid "" -"For information about database schema upgrades and PostgreSQL migrations, " -"see xref:upgrade:db-intro.adoc[]." +#: modules/administration/pages/disconnected-setup.adoc:12 +msgid "On the RMT instance, install the RMT package:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:36 -msgid "" -"You can install updates using your package manager. For information on " -"using {yast}, see https://documentation.suse.com/sles/15-SP1/html/SLES-all/" -"cha-onlineupdate-you.html. For information on using zypper, see https://" -"documentation.suse.com/sles/15-SP1/html/SLES-all/cha-sw-cl.html#sec-zypper." +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:13 +#, no-wrap +msgid "zypper in rmt-server\n" msgstr "" -# -# -#. Preferable, you will run such a tool within a maintenance window; for more information, see xref:administration:maintenance-window.adoc#maintenance-window[]. -#. complete procedure, also see above: -#. 1. Log in as root user to the SUSE Manager server. -#. 2. Stop the Spacewalk service: -#. spacewalk-service stop -#. 3. Apply the patch using either zypper patch or YaST Online Update. -#. 4. Upgrade the database schema: -#. spacewalk-schema-upgrade -#. 5. Start the Spacewalk service: -#. spacewalk-service start #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:54 -msgid "" -"By default, several update channels are configured and enabled for the " -"{productname} Server. New and updated packages will become available " -"automatically." +#: modules/administration/pages/disconnected-setup.adoc:14 +msgid "Configure RMT using {yast}:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:15 +#, no-wrap +msgid "yast2 rmt\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:58 -msgid "" -"To keep {susemgr} up to date, either connect it directly to {scc} or use " -"{rmtool} (RMT). You can use RMT as a local installation source for " -"disconnected environments." +#: modules/administration/pages/disconnected-setup.adoc:16 +msgid "Follow the prompts to complete installation." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:62 +#: modules/administration/pages/disconnected-setup.adoc:17 msgid "" -"You can check that the update channels are available on your system with " -"this command:" +"For more information on setting up RMT, see https://documentation.suse.com/" +"sles/15-SP2/html/SLES-all/book-rmt.html." msgstr "" -#. type: delimited block - -#: modules/administration/pages/maintenance-window-tasks.adoc:65 +#. type: Block title +#: modules/administration/pages/disconnected-setup.adoc:18 #, no-wrap -msgid "zypper lr\n" +msgid "Procedure: Synchronizing RMT with SCC" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:68 -msgid "The output will look similar to this:" +#: modules/administration/pages/disconnected-setup.adoc:19 +msgid "" +"On the RMT instance, list all available products and repositories for your " +"organization:" msgstr "" #. type: delimited block - -#: modules/administration/pages/maintenance-window-tasks.adoc:84 +#: modules/administration/pages/disconnected-setup.adoc:20 #, no-wrap msgid "" -"Name | Enabled | GPG Check | Refresh\n" -"-------------------------------------------------------+---------+-----------+--------\n" -"SLE-Module-Basesystem15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Basesystem15-SP1-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-Python2-15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Python2-15-SP1-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Product-SUSE-Manager-Server-4.0-Pool | Yes | (r ) Yes | No\n" -"SLE-Product-SUSE-Manager-Server-4.0-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-SUSE-Manager-Server-4.0-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-SUSE-Manager-Server-4.0-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-Server-Applications15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Server-Applications15-SP1-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-Web-Scripting15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Web-Scripting15-SP1-Updates | Yes | (r ) Yes | Yes\n" +"rmt-cli products list --all\n" +"rmt-cli repos list --all\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:92 -msgid "" -"{productname} releases maintenance updates (MUs) to provide newer packages. " -"Maintenance updates are indicated with a new version number. For example, " -"the major release 4.0 will be incremented to 4.0.1 when an MU is released." +#: modules/administration/pages/disconnected-setup.adoc:21 +msgid "Synchronize all available updates for your organization:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:22 +#, no-wrap +msgid "rmt-cli sync\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:95 -msgid "" -"You can verify which version you are running by looking at the bottom of the " -"navigation bar in the {webui}. You can also fetch the version number with " -"the [literal]``api.getVersion()`` XMLRPC API call." +#: modules/administration/pages/disconnected-setup.adoc:23 +msgid "You can also configure RMT to synchronize regularly using systemd." msgstr "" -#. type: Title === -#: modules/administration/pages/maintenance-window-tasks.adoc:107 -#, no-wrap -msgid "Client Tools" +#. type: Plain text +#: modules/administration/pages/disconnected-setup.adoc:24 +msgid "Enable the products you require." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:115 -msgid "" -"When the server is updated consider to update some tools on the clients, " -"too. Updating [package]``salt-minion``, [package]``zypper``, and other " -"related management package on clients is not a strict requirement, but it is " -"a best practice in general. For example, a maintenance update on the server " -"might introduce a major new Salt version. Then minions will continue to " -"work but might experience problems later on. To avoid this always update " -"the salt-minion package when available. {suse} makes sure that " -"[package]``salt-minion`` can always be updated safely." +#: modules/administration/pages/disconnected-setup.adoc:25 +msgid "For example, to enable SLES 15:" msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:118 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:26 #, no-wrap -msgid "Inter-Server Synchronization Slave Server" +msgid "rmt-cli product enable sles/15/x86_64\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:121 -msgid "" -"If you are using an inter-server synchronization slave server, update it " -"after the {productname} Server update is complete." +#: modules/administration/pages/disconnected-setup.adoc:27 +#: modules/administration/pages/disconnected-setup.adoc:40 +msgid "Export the synchronized data to your removable storage." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:123 -msgid "" -"For more in inter-server synchronization, see xref:administration:iss.adoc[]." +#: modules/administration/pages/disconnected-setup.adoc:28 +#: modules/administration/pages/disconnected-setup.adoc:41 +msgid "In this example, the storage medium is mounted at [path]``/mnt/usb``:" msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:126 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:29 #, no-wrap -msgid "Monitoring Server" +msgid "rmt-cli export data /mnt/usb\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:129 -msgid "" -"If you are using a monitoring server for Prometheus, update it after the " -"{productname} Server update is complete." +#: modules/administration/pages/disconnected-setup.adoc:30 +#: modules/administration/pages/disconnected-setup.adoc:43 +msgid "Export the enabled repositories to your removable storage:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:131 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:31 +#: modules/administration/pages/disconnected-setup.adoc:44 +#, no-wrap +msgid "rmt-cli export settings /mnt/usb\n" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/disconnected-setup.adoc:32 msgid "" -"For more information on monitoring, see xref:administration:monitoring." -"adoc[]." +"Ensure that the external storage is mounted to a directory that is writeable " +"by the RMT user. You can change RMT user settings in the `cli` section of " +"[path]``/etc/rmt.conf``." msgstr "" #. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:134 +#: modules/administration/pages/disconnected-setup.adoc:33 #, no-wrap -msgid "Proxy" +msgid "Synchronize SMT" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:137 +#: modules/administration/pages/disconnected-setup.adoc:34 msgid "" -"Proxies should be updated as soon as {productname} Server updates are " -"complete." +"SMT is included with {sle} 12, and can be used to manage clients running " +"{sle} 10 or later." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:140 +#: modules/administration/pages/disconnected-setup.adoc:35 msgid "" -"In general, running a proxy connected to a server on a different version is " -"not supported. The only exception is for the duration of updates where it " -"is expected that the server is updated first, so the proxy could run the " -"previous version temporarily." +"SMT requires you to create a local mirror directory on the SMT instance to " +"synchronize repositories and packages." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:142 +#: modules/administration/pages/disconnected-setup.adoc:36 msgid "" -"Especially if you are migrating from version 3.2 to 4.0, upgrade the server " -"first, then any proxy." +"For more details on installing and configuring SMT, see https://" +"documentation.suse.com/sles/12-SP5/html/SLES-all/book-smt.html." +msgstr "" + +#. type: Block title +#: modules/administration/pages/disconnected-setup.adoc:37 +#, no-wrap +msgid "Procedure: Synchronizing SMT with SCC" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:143 -msgid "For more information, see xref:upgrade:proxy-intro.adoc[]." +#: modules/administration/pages/disconnected-setup.adoc:38 +msgid "On the SMT instance, create a database replacement file:" msgstr "" -#. type: Title = -#: modules/administration/pages/maintenance-windows.adoc:2 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:39 #, no-wrap -msgid "Maintenance Windows" +msgid "smt-sync --createdbreplacementfile /tmp/dbrepl.xml\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:6 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:42 +#, no-wrap msgid "" -"The maintenance windows feature in {productname} allows you to schedule " -"actions to occur during a scheduled maintenance window period. When you " -"have created your maintenance window schedule, and applied it to a client, " -"you are prevented from executing some actions outside of the specified " -"period." +"smt-sync --todir /mnt/usb\n" +"smt-mirror --dbreplfile /tmp/dbrepl.xml --directory /mnt/usb \\\n" +" --fromlocalsmt -L /var/log/smt/smt-mirror-export.log\n" msgstr "" #. type: delimited block = -#: modules/administration/pages/maintenance-windows.adoc:14 +#: modules/administration/pages/disconnected-setup.adoc:45 msgid "" -"Maintenance windows operate in a different way to system locking. System " -"locks are switched on or off as required, while maintenance windows define " -"periods of time when actions are allowed. Additionally, the allowed and " -"restricted actions differ. For more information about system locks, see " -"xref:client-configuration:system-locking.adoc[]." +"Ensure that the external storage is mounted to a directory that is writeable " +"by the RMT user. You can change SMT user settings in [path]``/etc/smt." +"conf``." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:21 -msgid "" -"Maintenance windows require both a calendar, and a schedule. The calendar " -"defines the date and time of your maintenance window events, including " -"recurring events, and must be in [path]``ical`` format. The schedule uses " -"the events defined in the calendar to create the maintenance windows. You " -"must create an [path]``ical`` file for upload, or link to an [path]``ical`` " -"file to create the calendar, before you can create the schedule." +#. type: Title == +#: modules/administration/pages/disconnected-setup.adoc:46 +#, no-wrap +msgid "Synchronize a Disconnected Server" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:24 +#: modules/administration/pages/disconnected-setup.adoc:47 msgid "" -"When you have created the schedule, you can assign it to clients that are " -"registered to the {productname} Server. Clients that have a maintenance " -"schedule assigned cannot run restricted actions outside of maintenance " -"windows." +"When you have removable media loaded with your {scc} data, you can use it to " +"synchronize your disconnected server." +msgstr "" + +#. type: Block title +#: modules/administration/pages/disconnected-setup.adoc:48 +#, no-wrap +msgid "Procedure: Synchronizing a Disconnected Server" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:27 -msgid "" -"Restricted actions significantly modify the client, and could potentially " -"cause the client to stop running. Some examples of restricted actions are:" +#: modules/administration/pages/disconnected-setup.adoc:49 +msgid "Mount your removable media device to the {productname} server." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:29 -msgid "Package installation" +#: modules/administration/pages/disconnected-setup.adoc:50 +msgid "In this example, the mount point is [path]``/media/disk``." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:30 -msgid "Client upgrade" +#: modules/administration/pages/disconnected-setup.adoc:51 +msgid "" +"Open ``/etc/rhn/rhn.conf`` and define the mount point by adding or editing " +"this line:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:31 -msgid "Service pack migration" +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:52 +#, no-wrap +msgid "server.susemanager.fromdir = /media/disk\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:32 -msgid "Highstate application (for Salt clients)" +#: modules/administration/pages/disconnected-setup.adoc:53 +msgid "Restart the Tomcat service:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:35 -msgid "" -"Unrestricted actions are minor actions that are considered safe and are " -"unlikely to cause problems on the client. Some examples of unrestricted " -"actions are:" +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:54 +#, no-wrap +msgid "systemctl restart tomcat\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:37 -msgid "Package profile update" +#: modules/administration/pages/disconnected-setup.adoc:55 +msgid "Refresh the local data:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:38 -msgid "Hardware refresh" +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:56 +#, no-wrap +msgid "mgr-sync refresh\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:39 -msgid "Subscribing to software channels" +#: modules/administration/pages/disconnected-setup.adoc:57 +msgid "Perform a synchronization:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:43 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:58 +#, no-wrap msgid "" -"Before you begin, you must create an [path]``ical`` file for upload, or link " -"to an [path]``ical`` file to create the calendar. You can create " -"[path]``ical`` files in your preferred calendaring tool, such as Microsoft " -"Outlook, Google Calendar, or KOrganizer." +"mgr-sync list channels\n" +"mgr-sync add channel channel-label\n" msgstr "" -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:46 +#. type: delimited block = +#: modules/administration/pages/disconnected-setup.adoc:59 +msgid "" +"The removable disk that you use for synchronization must always be available " +"at the same mount point. Do not trigger a synchronization, if the storage " +"medium is not mounted. This will result in data corruption." +msgstr "" + +#. type: Title = +#: modules/administration/pages/image-management.adoc:1 #, no-wrap -msgid "Procedure: Uploading a New Maintenance Calendar" +msgid "Image Building and Management" +msgstr "" + +#. type: Title == +#: modules/administration/pages/image-management.adoc:2 +#, no-wrap +msgid "Image Building Overview" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:48 +#: modules/administration/pages/image-management.adoc:3 msgid "" -"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " -"> Calendars], and click btn:[Create]." +"{productname} enables system administrators to build containers and OS " +"Images and push the result in image stores. The workflow looks like this:" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:49 -msgid "" -"In the [guimenu]``Calendar Name`` section, type a name for your calendar." +#: modules/administration/pages/image-management.adoc:4 +msgid "Define an image store" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:50 +#: modules/administration/pages/image-management.adoc:5 msgid "" -"Either provide a URL to your [path]``ical`` file, or upload the file " -"directly." +"Define an image profile and associate it with a source (either a git " +"repository or a directory)" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:51 -msgid "Click btn:[Create Calendar] to save your calendar." +#: modules/administration/pages/image-management.adoc:6 +msgid "Build the image" msgstr "" -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:54 -#, no-wrap -msgid "Procedure: Creating a New Schedule" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:7 +msgid "Push the image to the image store" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:56 -#: modules/administration/pages/maintenance-windows.adoc:108 +#: modules/administration/pages/image-management.adoc:8 msgid "" -"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " -"> Schedules], and click btn:[Create]." +"{productname} supports two distinct build types: dockerfile, and the Kiwi " +"image system." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:57 +#: modules/administration/pages/image-management.adoc:9 msgid "" -"In the [guimenu]``Schedule Name`` section, type a name for your schedule." +"The Kiwi build type is used to build system, virtual, and other images. The " +"image store for the Kiwi build type is pre-defined as a file system " +"directory at [path]``/srv/www/os-images`` on the server. {productname} " +"serves the image store over HTTPS from [literal]``///os-images/" +"``. The image store location is unique and is not customizable." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:58 +#: modules/administration/pages/image-management.adoc:10 msgid "" -"OPTIONAL: If your [path]``ical`` file contains events that apply to more " -"than one schedule, check [guimenu]``Multi``." +"Images are always stored in [path]``/srv/www/os-image/``." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:59 -#: modules/administration/pages/maintenance-windows.adoc:112 -msgid "Select the calendar to assign to this schedule." +#. type: Title == +#: modules/administration/pages/image-management.adoc:11 +#, no-wrap +msgid "Container Images" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:60 -#: modules/administration/pages/maintenance-windows.adoc:113 -#: modules/administration/pages/maintenance-windows.adoc:118 -msgid "Click btn:[Create Schedule] to save your schedule." +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:12 +#, no-wrap +msgid "image-building.png" msgstr "" -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:63 +#. type: Title === +#: modules/administration/pages/image-management.adoc:13 +#: modules/administration/pages/image-management.adoc:135 #, no-wrap -msgid "Procedure: Assigning a Schedule to a Client" +msgid "Requirements" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:66 +#: modules/administration/pages/image-management.adoc:14 msgid "" -"In the {productname} {webui}, navigate to menu:Systems[Systems List], select " -"the client to be assigned to a schedule, locate the [guimenu]``System " -"Properties`` panel, and click btn:[Edit These Properties]. Alternatively, " -"you can assign clients through the system set manager by navigating to menu:" -"Systems[System Set Manager] and using the menu:Misc[Maintenance Windows] tab." +"The containers feature is available for Salt clients running {sles} 12 or " +"later. Before you begin, ensure your environment meets these requirements:" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:67 +#: modules/administration/pages/image-management.adoc:15 msgid "" -"In the [guimenu]``Edit System Details`` page, locate the " -"[guimenu]``Maintenance Schedule`` field, and select the name of the schedule " -"to be assigned." +"A published git repository containing a dockerfile and configuration " +"scripts. The repository can be public or private, and should be hosted on " +"GitHub, GitLab, or BitBucket." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:68 -msgid "Click btn:[Update Properties] to assign the maintenance schedule." +#: modules/administration/pages/image-management.adoc:16 +msgid "A properly configured image store, such as a Docker registry." msgstr "" #. type: delimited block = -#: modules/administration/pages/maintenance-windows.adoc:75 +#: modules/administration/pages/image-management.adoc:17 msgid "" -"When you assign a new maintenance schedule to a client, it is possible that " -"the client might already have some restricted actions scheduled, and that " -"these might now conflict with the new maintenance schedule. If this occurs, " -"the {webui} will display an error and you will not be able to assign the " -"schedule to the client. To resolve this, check the btn:[Cancel affected " -"actions] option when you assign the schedule. This will cancel any " -"previously scheduled actions that conflict with the new maintenance schedule." +"If you require a private image registry you can use an open source solution " +"such as ``Portus``. For additional information on setting up Portus as a " +"registry provider, see the http://port.us.org/[Portus Documentation]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:18 +msgid "For more information on Containers or {caasp}, see:" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:79 +#: modules/administration/pages/image-management.adoc:19 msgid "" -"When you have created your maintenance windows, you can schedule restricted " -"actions, such as package upgrades, to be performed during the maintenance " -"window." +"https://documentation.suse.com/sles/15-SP2/html/SLES-all/book-sles-docker." +"html" msgstr "" -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:82 +#. type: Plain text +#: modules/administration/pages/image-management.adoc:20 +msgid "https://documentation.suse.com/suse-caasp/4/" +msgstr "" + +#. type: Title === +#: modules/administration/pages/image-management.adoc:21 +#: modules/administration/pages/image-management.adoc:144 #, no-wrap -msgid "Procedure: Scheduling a Package Upgrade" +msgid "Create a Build Host" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:84 +#: modules/administration/pages/image-management.adoc:22 msgid "" -"In the {productname} {webui}, navigate to menu:Systems[System List], select " -"the client you want to upgrade, and go to the menu:Software[Packages > " -"Upgrade] tab." +"To build images with {productname}, you will need to create and configure a " +"build host. Container build hosts are Salt clients running {sle} 12 or " +"later. This section guides you through the initial configuration for a " +"build host." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:85 +#: modules/administration/pages/image-management.adoc:23 msgid "" -"Select the package to upgrade from the list, and click btn:[Upgrade " -"Packages]." +"From the {productname} {webui}, perform these steps to configure a build " +"host:" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:86 +#: modules/administration/pages/image-management.adoc:24 msgid "" -"In the [guimenu]``Maintenance Window`` field, select which maintenance " -"window the client should use to perform the upgrade." +"Select a Salt client to be designated as a build host from the menu:" +"Systems[Overview] page." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:87 -msgid "Click btn:[Confirm] to schedule the package upgrade." -msgstr "" - -#. type: Title == -#: modules/administration/pages/maintenance-windows.adoc:90 -#, no-wrap -msgid "Maintenance Schedule Types" +#: modules/administration/pages/image-management.adoc:25 +msgid "" +"From the [guimenu]``System Details`` page of the selected client assign the " +"containers modules. Go to menu:Software[Software Channels] and enable the " +"containers module (for example, [guimenu]``SLE-Module-Containers15-Pool`` " +"and [guimenu]``SLE-Module-Containers15-Updates``). Confirm by clicking btn:" +"[Change Subscriptions]." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:95 +#: modules/administration/pages/image-management.adoc:26 msgid "" -"When you create a calendar, it contains a number of events, which can be " -"either one-time events, or recurring events. Each event contains a " -"``summary`` field. If you want to create multiple maintenance schedules for " -"one calendar, you can specify events for each using the ``summary`` field." +"From the menu:System Details[Properties] page, enable ``Container Build " +"Host`` from the [guimenu]``Add-on System Types`` list and confirm by " +"clicking btn:[Update Properties]." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:98 +#: modules/administration/pages/image-management.adoc:27 msgid "" -"For example, you might like to create a schedule for production servers, and " -"a different schedule for testing servers. In this case, you would specify " -"``SUMMARY: Production Servers`` on events for the production servers, and " -"``SUMMARY: Testing Servers`` on events for the testing servers." +"Install all required packages by applying ``Highstate``. From the system " +"details page select menu:States[Highstate] and click [guimenu]``Apply " +"Highstate``. Alternatively, apply Highstate from the {productname} Server " +"command line:" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/maintenance-windows.adoc:99 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:28 +#: modules/administration/pages/image-management.adoc:158 #, no-wrap -msgid "maint_windows_multi.png" +msgid "salt '$your_client' state.highstate\n" +msgstr "" + +#. type: Title === +#: modules/administration/pages/image-management.adoc:29 +#, no-wrap +msgid "Create an Activation Key for Containers" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:103 +#: modules/administration/pages/image-management.adoc:30 msgid "" -"There are two types of schedule: single, or multi. If your calendar " -"contains events that apply to more than one schedule, then you must select " -"``multi``, and ensure you name the schedule according to the ``summary`` " -"field you used in the calendar file." +"The containers built using {productname} will use channel(s) associated to " +"the activation key as repositories when building the image. This section " +"will guide you into creating an ad-hoc activation key for this purpose." msgstr "" -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:106 -#, no-wrap -msgid "Procedure: Creating a Multi Schedule" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:31 +msgid "" +"To build a container, you will need an activation key that is associated " +"with a channel other than `SUSE Manager Default`." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:110 -msgid "" -"In the [guimenu]``Schedule Name`` section, type the name for your schedule. " -"Ensure it matches the ``summary`` field of the calendar." +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:32 +#: modules/administration/pages/image-management.adoc:176 +#, no-wrap +msgid "systems_create_activation_key.png" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:111 -#: modules/administration/pages/maintenance-windows.adoc:117 -msgid "Check the [guimenu]``Multi`` option." +#: modules/administration/pages/image-management.adoc:33 +msgid "Select menu:Systems[Activation Keys]." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:114 -msgid "To create the next schedule, click btn:[Create]." +#: modules/administration/pages/image-management.adoc:34 +msgid "Click btn:[Create Key]." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:116 +#: modules/administration/pages/image-management.adoc:35 msgid "" -"In the [guimenu]``Schedule Name`` section, type the name for your second " -"schedule. Ensure it matches the ``summary`` field of the second calendar." +"Enter a [guimenu]``Description`` and a [guimenu]``Key`` name. Use the drop-" +"down menu to select the [guimenu]``Base Channel`` to associate with this key." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:119 -msgid "Repeat for each schedule you need to create." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:36 +#: modules/administration/pages/image-management.adoc:180 +msgid "Confirm with btn:[Create Activation Key]." msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-windows.adoc:122 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:37 +#: modules/administration/pages/image-management.adoc:181 +msgid "For more information, see <>." +msgstr "" + +#. type: Title === +#: modules/administration/pages/image-management.adoc:38 +#: modules/administration/pages/image-management.adoc:182 #, no-wrap -msgid "Restricted and Unrestricted Actions" +msgid "Create an Image Store" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:125 +#: modules/administration/pages/image-management.adoc:39 msgid "" -"This sections contains a complete list of restricted and unrestricted " -"actions." +"All built images are pushed to an image store. This section contains " +"information about creating an image store." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:129 -msgid "" -"Restricted actions significantly modify the client, and could potentially " -"cause the client to stop running. Restricted actions can only be run during " -"a maintenance window. The restricted actions are:" +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:40 +#, no-wrap +msgid "images_image_stores.png" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:131 -msgid "" -"Package operations (for example, installing, updating, or removing packages)" +#: modules/administration/pages/image-management.adoc:41 +msgid "Select menu:Images[Stores]." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:132 -msgid "Patch updates" +#: modules/administration/pages/image-management.adoc:42 +msgid "Click [guimenu]``Create`` to create a new store." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:133 -msgid "Rebooting a client" +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:43 +#, no-wrap +msgid "images_image_stores_create.png" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:134 -msgid "Rolling back transactions" +#: modules/administration/pages/image-management.adoc:44 +msgid "Define a name for the image store in the [guimenu]``Label`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:135 -msgid "Configuration management changing tasks" +#: modules/administration/pages/image-management.adoc:45 +msgid "" +"Provide the path to your image registry by filling in the [guimenu]``URI`` " +"field, as a fully qualified domain name (FQDN) for the container registry " +"host (whether internal or external)." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:136 -msgid "Applying a highstate (for Salt clients)" +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:46 +#, no-wrap +msgid "registry.example.com\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:137 -msgid "Autoinstallation and reinstallation" +#: modules/administration/pages/image-management.adoc:47 +msgid "" +"The Registry URI can also be used to specify an image store on a registry " +"that is already in use." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:138 -msgid "Remote commands" +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:48 +#, no-wrap +msgid "registry.example.com:5000/myregistry/myproject\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:139 -msgid "Service pack migrations" +#: modules/administration/pages/image-management.adoc:49 +msgid "Click btn:[Create] to add the new image store." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:140 -msgid "Cluster operations" +#. type: Title === +#: modules/administration/pages/image-management.adoc:50 +#: modules/administration/pages/image-management.adoc:186 +#, no-wrap +msgid "Create an Image Profile" msgstr "" -#. type: delimited block = -#: modules/administration/pages/maintenance-windows.adoc:146 +#. type: Plain text +#: modules/administration/pages/image-management.adoc:51 msgid "" -"For Salt clients, it is possible to run remote commands directly at any time " -"by navigating to menu:Salt[Remote Commands]. This applies whether or not " -"the Salt client is in a maintenance window. For more information about " -"remote commands, see xref:administration:actions.adoc[]." +"All container images are built using an image profile, which contains the " +"building instructions. This section contains information about creating an " +"image profile with the {productname} {webui}." +msgstr "" + +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:52 +#: modules/administration/pages/image-management.adoc:188 +#, no-wrap +msgid "images_image_profiles.png" +msgstr "" + +#. type: Block title +#: modules/administration/pages/image-management.adoc:53 +#: modules/administration/pages/image-management.adoc:189 +#, no-wrap +msgid "Procedure: Create an Image Profile" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:149 +#: modules/administration/pages/image-management.adoc:54 msgid "" -"Unrestricted actions are minor actions that are considered safe and are " -"unlikely to cause problems on the client. If an action is not restricted it " -"is, by definition, unrestricted, and can be be run at any time." +"To create an image profile select menu:Images[Profiles] and click btn:" +"[Create]." msgstr "" -#. type: Title = -#: modules/administration/pages/master-fingerprint.adoc:2 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:55 #, no-wrap -msgid "Set up a Client to Master Validation Fingerprint" +msgid "images_image_create_profile.png" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:6 +#: modules/administration/pages/image-management.adoc:56 msgid "" -"In highly secure network configurations you may wish to ensure your Salt " -"clients are connecting a specific master. To set up validation from client " -"to master enter the master's fingerprint within the [path]``/etc/salt/" -"minion`` configuration file." +"Provide a name for the image profile by filling in the [guimenu]``Label`` " +"field." msgstr "" -#. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:8 -msgid "See the following procedure:" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:57 +msgid "" +"If your container image tag is in a format such as `myproject/myimage`, make " +"sure your image store registry URI contains the `/myproject` suffix." msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:10 -msgid "" -"On the master, at the command prompt, as root, use this command to find the " -"``master.pub`` fingerprint:" +#: modules/administration/pages/image-management.adoc:58 +msgid "Use a dockerfile as the `Image Type`." msgstr "" -#. type: delimited block - -#: modules/administration/pages/master-fingerprint.adoc:14 -#, no-wrap -msgid "salt-key -F master\n" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:59 +msgid "" +"Use the drop-down menu to select your registry from the `Target Image Store` " +"field." msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:19 +#: modules/administration/pages/image-management.adoc:60 msgid "" -"On your client, open the [path]``/etc/salt/minion`` configuration file. " -"Uncomment the following line and enter the master's fingerprint replacing " -"the example fingerprint:" +"In the [guimenu]``Path`` field, type a GitHub, GitLab or BitBucket " +"repository URL. The URL should be be http, https, or a token authentication " +"URL. Use one of these formats:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/master-fingerprint.adoc:23 +#. type: Block title +#: modules/administration/pages/image-management.adoc:61 #, no-wrap -msgid "master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'\n" +msgid "GitHub Path Options" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:26 -msgid "Restart the salt-minion service:" +#: modules/administration/pages/image-management.adoc:62 +msgid "GitHub single user project repository" msgstr "" #. type: delimited block - -#: modules/administration/pages/master-fingerprint.adoc:30 +#: modules/administration/pages/image-management.adoc:63 #, no-wrap -msgid "# systemctl restart salt-minion\n" +msgid "https://github.com/USER/project.git#branchname:folder\n" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:32 -msgid "" -"For information on configuring security from a client, see https://docs." -"saltstack.com/en/latest/ref/configuration/minion.html." +#: modules/administration/pages/image-management.adoc:64 +msgid "GitHub organization project repository" msgstr "" -#. type: Title = -#: modules/administration/pages/mgr-sync.adoc:2 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:65 #, no-wrap -msgid "Using ``mgr-sync``" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:7 -msgid "" -"The ``mgr-sync`` tool is used at the command prompt. It provides functions " -"for using {productname} that are not always available in the {webui}. The " -"primary use of ``mgr-sync`` is to connect to the {scc}, retrieve product and " -"package information, and prepare channels for synchronization with the " -"{productname} Server." +msgid "https://github.com/ORG/project.git#branchname:folder\n" msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:10 -msgid "" -"This tool is designed for use with a {suse} support subscription. It is not " -"required for open source distributions, including {opensuse}, {centos}, and " -"{ubuntu}." +#: modules/administration/pages/image-management.adoc:66 +msgid "GitHub token authentication" msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:13 +#: modules/administration/pages/image-management.adoc:67 msgid "" -"The available commands and arguments for ``mgr-sync`` are listed in this " -"table. Use this syntax for ``mgr-sync`` commands:" +"If your git repository is private, modify the profile's URL to include " +"authentication. Use this URL format to authenticate with a GitHub token:" msgstr "" #. type: delimited block - -#: modules/administration/pages/mgr-sync.adoc:16 +#: modules/administration/pages/image-management.adoc:68 #, no-wrap -msgid "mgr-sync [-h] [--version] [-v] [-s] [-d {1,2,3}] {list,add,refresh,delete}\n" +msgid "https://USER:@github.com/USER/project.git#master:/container/\n" msgstr "" #. type: Block title -#: modules/administration/pages/mgr-sync.adoc:21 -#, no-wrap -msgid "mgr-sync Commands" -msgstr "" - -#. type: Table -#: modules/administration/pages/mgr-sync.adoc:29 +#: modules/administration/pages/image-management.adoc:69 #, no-wrap -msgid "" -"| Command | Description | Example Use\n" -"| list | List channels, organization credentials, or products | ``mgr-sync list channels``\n" -"| add | Add channels, organization credentials, or products | ``mgr-sync add channel ``\n" -"| refresh | Refresh the local copy of products, channels, and subscriptions | ``mgr-sync refresh``\n" -"| delete | Delete existing SCC organization credentials from the local system | ``mgr-sync delete credentials``\n" -"| sync | Synchronize specified channel or ask for it when left blank| ``mgr-sync sync channel ``\n" +msgid "GitLab Path Options" msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:33 -msgid "" -"To see the full list of options specific to a command, use this command:" +#: modules/administration/pages/image-management.adoc:70 +msgid "GitLab single user project repository" msgstr "" #. type: delimited block - -#: modules/administration/pages/mgr-sync.adoc:36 +#: modules/administration/pages/image-management.adoc:71 #, no-wrap -msgid "mgr-sync --help\n" +msgid "https://gitlab.example.com/USER/project.git#master:/container/\n" msgstr "" -#. type: Block title -#: modules/administration/pages/mgr-sync.adoc:42 -#, no-wrap -msgid "mgr-sync Optional Arguments" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:72 +msgid "GitLab groups project repository" msgstr "" -#. type: Table -#: modules/administration/pages/mgr-sync.adoc:51 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:73 #, no-wrap -msgid "" -"| Option | Abbreviated option | Description | Example Use\n" -"| help | ``h`` | Display the command usage and options | ``mgr-sync --help``\n" -"| version | N/A | Display the currently installed version of ``mgr-sync`` | ``mgr-sync --version``\n" -"| verbose | ``v`` | Provide verbose output | ``mgr-sync --verbose refresh``\n" -"| store-credentials | ``s`` | Store credentials a local hidden file | ``mgr-sync --store-credentials``\n" -"| debug | ``d`` | Log additional debugging information. Requires a level of 1, 2, 3. 3 provides the highest amnount of debugging information | ``mgr-sync -d 3 refresh``\n" -"| no-sync | N/A | Use with the ``add`` command to add products or channels without beginning a synchronization | ``mgr-sync --no-sync add ``\n" +msgid "https://gitlab.example.com/GROUP/project.git#master:/container/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:57 -msgid "Logs for ``mgr-sync`` are located in:" +#: modules/administration/pages/image-management.adoc:74 +msgid "GitLab token authentication" msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:59 -msgid "[path]``/var/log/rhn/mgr-sync.log``" +#: modules/administration/pages/image-management.adoc:75 +msgid "" +"If your git repository is private and not publicly accessible, you need to " +"modify the profile's git URL to include authentication. Use this URL format " +"to authenticate with a GitLab token:" msgstr "" -#. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:59 -msgid "[path]``/var/log/rhn/rhn_web_api.log``" +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:76 +#, no-wrap +msgid "https://gitlab-ci-token:@gitlab.example.com/USER/project.git#master:/container/\n" msgstr "" -#. type: Title = -#: modules/administration/pages/mirror-sources.adoc:2 -#, no-wrap -msgid "Mirror Source Packages" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:77 +msgid "" +"If you do not specify a git branch, the `master` branch will be used by " +"default. If a `folder` is not specified, the image sources (dockerfile " +"sources) are expected to be in the root directory of the GitHub or GitLab " +"checkout." msgstr "" #. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:5 +#: modules/administration/pages/image-management.adoc:78 msgid "" -"If you build your own packages locally, or if you require the source code " -"for your packages for legal reasons, it is possible to mirror the source " -"packages on {productname} Server." +"Select an `Activation Key`. Activation keys ensure that images using a " +"profile are assigned to the correct channel and packages." msgstr "" #. type: delimited block = -#: modules/administration/pages/mirror-sources.adoc:9 +#: modules/administration/pages/image-management.adoc:79 msgid "" -"Mirroring source packages can consume a significant amount of disk space." +"When you associate an activation key with an image profile you are ensuring " +"any image using the profile will use the correct software channel and any " +"packages in the channel." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:80 +msgid "Click the btn:[Create] button." msgstr "" #. type: Block title -#: modules/administration/pages/mirror-sources.adoc:11 +#: modules/administration/pages/image-management.adoc:81 #, no-wrap -msgid "Procedure: Mirroring Source Packages" +msgid "Example Dockerfile Sources" msgstr "" #. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:13 +#: modules/administration/pages/image-management.adoc:82 msgid "" -"Open the [filename]``/etc/rhn/rhn.conf`` configuration file, and add this " -"line:" -msgstr "" +"An Image Profile that can be reused is published at https://github.com/SUSE/" +"manager-build-profiles" +msgstr "" -#. type: delimited block - -#: modules/administration/pages/mirror-sources.adoc:17 -#, no-wrap -msgid "server.sync_source_packages = 1\n" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:83 +msgid "" +"The [option]``ARG`` parameters ensure that the built image is associated " +"with the desired repository served by {productname}. The [option]``ARG`` " +"parameters also allow you to build image versions of {sles} which may differ " +"from the version of {sles} used by the build host itself." msgstr "" -#. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:19 -msgid "Restart the Spacewalk service to pick up the changes:" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:84 +msgid "" +"For example: The [command]``ARG repo`` parameter and the [command]``echo`` " +"command pointing to the repository file, creates and then injects the " +"correct path into the repository file for the desired channel version." msgstr "" -#. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:27 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:85 msgid "" -"Currently, this feature can only be enabled globally for all repositories. " -"It is not possible to select individual repositories for mirroring." +"The repository is determined by the activation key that you assigned to your " +"image profile." msgstr "" -#. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:31 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:86 msgid "" -"When this feature has been activated, the source packages will become " -"available in the {productname} {webui} after the next repository " -"synchronization. They will be shown as sources for the binary package, and " -"can be downloaded directly from the {webui}. Source packages cannot be " -"installed on clients using the {webui}." +"The [package]#python# and [package]#python-xml# packages must be installed " +"in the container. They are required for inspecting images, and for " +"providing the package and product list of a container to the {productname} " +"{webui}. If you do not install them, images will still build but the " +"package and product list will not available in the {webui}." msgstr "" -#. type: Title = -#: modules/administration/pages/monitoring.adoc:2 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:87 #, no-wrap -msgid "Monitoring with Prometheus and Grafana" +msgid "" +"FROM registry.example.com/sles12sp2\n" +"MAINTAINER Tux Administrator \"tux@example.com\"\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:7 -msgid "" -"You can monitor your {productname} environment using Prometheus and " -"Grafana. {productname} Server and Proxy are able to provide self-health " -"metrics. You can also install and manage a number of Prometheus exporters " -"on Salt clients." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:88 +#, no-wrap +msgid "### Begin: These lines Required for use with {productname}\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:9 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:89 +#, no-wrap msgid "" -"Prometheus and Grafana packages are included in the {productname} Client " -"Tools for" +"ARG repo\n" +"ARG cert\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:11 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:90 #, no-wrap -msgid " {sle}{nbsp}12, {sle}{nbsp}15, {rhel}{nbsp} 6, {rhel}{nbsp} 7, {rhel}{nbsp} 8 and openSUSE 15.x.\n" +msgid "" +"# Add the correct certificate\n" +"RUN echo \"$cert\" > /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT.pem\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:14 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:91 #, no-wrap -msgid " {sle}{nbsp}12, {sle}{nbsp}15, {centos}{nbsp} 6, {centos}{nbsp} 7, {centos}{nbsp} 8 and openSUSE 15.x.\n" +msgid "" +"# Update certificate trust store\n" +"RUN update-ca-certificates\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:18 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:92 +#, no-wrap msgid "" -"You need to install Prometheus and Grafana on a machine separate from the " -"{productname} Server. We recommend you use a managed Salt client as your " -"monitoring server." +"# Add the repository path to the image\n" +"RUN echo \"$repo\" > /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:22 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:93 +#, no-wrap +msgid "### End: These lines required for use with {productname}\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:94 +#, no-wrap msgid "" -"Prometheus fetches metrics using a pull mechanism, so the server must be " -"able to establish TCP connections to monitored clients. Clients must have " -"corresponding open ports and be reachable over the network. Alternatively, " -"you can use reverse proxies to establish a connection." +"# Add the package script\n" +"ADD add_packages.sh /root/add_packages.sh\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/monitoring.adoc:29 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:95 +#, no-wrap msgid "" -"You must have a monitoring add-on subscription for each client you want to " -"monitor. Visit the {scc} to manage your {productname} subscriptions." +"# Run the package script\n" +"RUN /root/add_packages.sh\n" msgstr "" -#. type: Title == -#: modules/administration/pages/monitoring.adoc:34 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:96 #, no-wrap -msgid "Prometheus and Grafana" +msgid "" +"# After building remove the repository path from image\n" +"RUN rm -f /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" msgstr "" +#. TODO: Replace the "custom-system-info" link #. type: Block title -#: modules/administration/pages/monitoring.adoc:37 +#: modules/administration/pages/image-management.adoc:97 #, no-wrap -msgid "Prometheus" +msgid "Using Custom Info Key-value Pairs as Docker Buildargs" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:41 +#: modules/administration/pages/image-management.adoc:98 msgid "" -"Prometheus is an open-source monitoring tool that is used to record real-" -"time metrics in a time-series database. Metrics are pulled via HTTP, " -"enabling high performance and scalability." +"You can assign custom info key-value pairs to attach information to the " +"image profiles. Additionally, these key-value pairs are passed to the " +"Docker build command as `buildargs`." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:44 +#: modules/administration/pages/image-management.adoc:99 msgid "" -"Prometheus metrics are time series data, or timestamped values belonging to " -"the same group or dimension. A metric is uniquely identified by its name " -"and set of labels." +"For more information about the available custom info keys and creating " +"additional ones, see xref:reference:systems/custom-system-info.adoc[]." msgstr "" -#. TODO:: This should be an actual image. -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:51 +#. type: Title === +#: modules/administration/pages/image-management.adoc:100 +#: modules/administration/pages/image-management.adoc:226 #, no-wrap -msgid "" -" metric name labels timestamp value\n" -"┌────────┴───────┐ ┌───────────┴───────────┐ ┌──────┴──────┐ ┌─┴─┐\n" -"http_requests_total{status=\"200\", method=\"GET\"} @1557331801.111 42236\n" +msgid "Build an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:54 +#: modules/administration/pages/image-management.adoc:101 msgid "" -"Each application or system being monitored must expose metrics in the format " -"above, either through code instrumentation or Prometheus exporters." +"There are two ways to build an image. You can select menu:Images[Build] " +"from the left navigation bar, or click the build icon in the menu:" +"Images[Profiles] list." +msgstr "" + +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:102 +#: modules/administration/pages/image-management.adoc:228 +#, no-wrap +msgid "images_image_build.png" msgstr "" #. type: Block title -#: modules/administration/pages/monitoring.adoc:56 +#: modules/administration/pages/image-management.adoc:103 +#: modules/administration/pages/image-management.adoc:229 #, no-wrap -msgid "Prometheus Exporters" +msgid "Procedure: Building an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:61 -msgid "" -"Exporters are libraries that help with exporting metrics from third-party " -"systems as Prometheus metrics. Exporters are useful whenever it is not " -"feasible to instrument a given application or system with Prometheus metrics " -"directly. Multiple exporters can run on a monitored host to export local " -"metrics." +#: modules/administration/pages/image-management.adoc:104 +#: modules/administration/pages/image-management.adoc:230 +msgid "Select menu:Images[Build]." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:64 +#: modules/administration/pages/image-management.adoc:105 msgid "" -"The Prometheus community provides a list of official exporters, and more can " -"be found as community contributions. For more information and an extensive " -"list of exporters, see https://prometheus.io/docs/instrumenting/exporters/." -msgstr "" - -#. type: Block title -#: modules/administration/pages/monitoring.adoc:66 -#, no-wrap -msgid "Grafana" +"Add a different tag name if you want a version other than the default " +"``latest`` (only relevant to containers)." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:72 -msgid "" -"Grafana is a tool for data visualization, monitoring, and analysis. It is " -"used to create dashboards with panels representing specific metrics over a " -"set period of time. Grafana is commonly used together with Prometheus, but " -"also supports other data sources such as ElasticSearch, MySQL, PostgreSQL, " -"and Influx DB. For more information about Grafana, see https://grafana.com/" -"docs/." +#: modules/administration/pages/image-management.adoc:106 +msgid "Select [guimenu]``Build Profile`` and [guimenu]``Build Host``." msgstr "" -#. type: Title == -#: modules/administration/pages/monitoring.adoc:75 -#, no-wrap -msgid "Set up the Monitoring Server" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:107 +msgid "" +"Notice the [guimenu]``Profile Summary`` to the right of the build fields. " +"When you have selected a build profile, detailed information about the " +"selected profile will be displayed in this area." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:78 -msgid "" -"To set up your monitoring server, you need to install Prometheus and " -"Grafana, and configure them." +#: modules/administration/pages/image-management.adoc:108 +msgid "To schedule a build click the btn:[Build] button." msgstr "" #. type: Title === -#: modules/administration/pages/monitoring.adoc:81 +#: modules/administration/pages/image-management.adoc:109 #, no-wrap -msgid "Install Prometheus" +msgid "Import an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:85 +#: modules/administration/pages/image-management.adoc:110 msgid "" -"If your monitoring server is a {productname} Salt client, you can install " -"the Prometheus package using the {productname} {webui}. Otherwise you can " -"download and install the package on your monitoring server manually." +"You can import and inspect arbitrary images. Select menu:Images[Image List] " +"from the left navigation bar. Complete the text boxes of the " +"[guimenu]``Import`` dialog. When it has processed, the imported image will " +"be listed on the [guimenu]``Image List`` page." msgstr "" #. type: Block title -#: modules/administration/pages/monitoring.adoc:88 +#: modules/administration/pages/image-management.adoc:111 #, no-wrap -msgid "Procedure: Installing Prometheus Using the {webui}" +msgid "Procedure: Importing an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:90 +#: modules/administration/pages/image-management.adoc:112 msgid "" -"In the {productname} {webui}, open the details page of the system where " -"Prometheus is to be installed, and navigate to the [guimenu]``Formulas`` tab." +"From menu:Images[Image list] click btn:[Import] to open the " +"[guimenu]``Import Image`` dialog." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:91 -msgid "" -"Check the [guimenu]``Prometheus`` checkbox to enable monitoring formulas, " -"and click btn:[Save]." +#: modules/administration/pages/image-management.adoc:113 +msgid "In the [guimenu]``Import Image`` dialog complete these fields:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:92 -msgid "Navigate to the ``Prometheus`` tab in the top menu." +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:114 +#, no-wrap +msgid "Image store:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:94 -msgid "" -"In the ``{productname} Server`` section, enter valid {productname} API " -"credentials. Make sure that the credentials you have entered allow access " -"to the set of systems you want to monitor." +#: modules/administration/pages/image-management.adoc:115 +msgid "The registry from where the image will be pulled for inspection." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:95 -#: modules/administration/pages/monitoring.adoc:167 -msgid "Customize any other configuration options according to your needs." +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:116 +#, no-wrap +msgid "Image name:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:96 -#: modules/administration/pages/monitoring.adoc:168 -#: modules/administration/pages/monitoring.adoc:284 -#: modules/administration/pages/monitoring.adoc:342 -msgid "Click btn:[Save Formula]." +#: modules/administration/pages/image-management.adoc:117 +msgid "The name of the image in the registry." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:118 +#, no-wrap +msgid "Image version:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:97 -#: modules/administration/pages/monitoring.adoc:169 -#: modules/administration/pages/monitoring.adoc:343 -msgid "Apply the highstate and confirm that it completes successfully." +#: modules/administration/pages/image-management.adoc:119 +msgid "The version of the image in the registry." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:98 -msgid "" -"Check that the Prometheus interface loads correctly. In your browser, " -"navigate to the URL of the server where Prometheus is installed, on " -"port 9090 (for example, [literal]``http://example.com:9090``)." +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:120 +#, no-wrap +msgid "Build host:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:100 -#: modules/administration/pages/monitoring.adoc:178 -#: modules/administration/pages/monitoring.adoc:296 -#: modules/administration/pages/monitoring.adoc:344 -msgid "" -"For more information about the monitoring formulas, see xref:salt:formula-" -"monitoring.adoc[]." +#: modules/administration/pages/image-management.adoc:121 +msgid "The build host that will pull and inspect the image." msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:103 +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:122 #, no-wrap -msgid "Procedure: Manually Installing and Configuring Prometheus" +msgid "Activation key:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:105 +#: modules/administration/pages/image-management.adoc:123 msgid "" -"On the monitoring server, install the [package]``golang-github-prometheus-" -"prometheus`` package:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:108 -#, no-wrap -msgid "zypper in golang-github-prometheus-prometheus\n" +"The activation key that provides the path to the software channel that the " +"image will be inspected with." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:110 -msgid "Enable the Prometheus service:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:113 -#, no-wrap -msgid "systemctl enable --now prometheus\n" +#: modules/administration/pages/image-management.adoc:124 +msgid "For confirmation, click btn:[Import]." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:116 +#: modules/administration/pages/image-management.adoc:125 msgid "" -"Check that the Prometheus interface loads correctly. In your browser, " -"navigate to the URL of the server where Prometheus is installed, on " -"port 9090 (for example, [literal]``http://example.com:9090``)." +"The entry for the image is created in the database, and an ``Inspect Image`` " +"action on {productname} is scheduled." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:118 +#: modules/administration/pages/image-management.adoc:126 msgid "" -"Open the configuration file at [path]``/etc/prometheus/prometheus.yml`` and " -"add this configuration information. Replace `server.url` with your " -"{productname} server URL and adjust `username` and `password` fields to " -"match your {productname} credentials." +"When it has been processed, you can find the imported image in the ``Image " +"List``. It has a different icon in the ``Build`` column, to indicate that " +"the image is imported. The status icon for the imported image can also be " +"seen on the ``Overview`` tab for the image." msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:134 -#, no-wrap -msgid "" -"# {productname} self-health metrics\n" -"scrape_configs:\n" -"- job_name: 'mgr-server'\n" -" static_configs:\n" -" - targets:\n" -" - 'server.url:9100' # Node exporter\n" -" - 'server.url:9187' # PostgreSQL exporter\n" -" - 'server.url:5556' # JMX exporter (Tomcat)\n" -" - 'server.url:5557' # JMX exporter (Taskomatic)\n" -" - 'server.url:9800' # Taskomatic\n" -" - targets:\n" -" - 'server.url:80' # Message queue\n" -" labels:\n" -" __metrics_path__: /rhn/metrics\n" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:128 +msgid "These are some known problems when working with images:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:141 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/image-management.adoc:129 msgid "" -"# Managed systems metrics:\n" -"- job_name: 'mgr-clients'\n" -" uyuni_sd_configs:\n" -" - host: \"http://server.url\"\n" -" username: \"admin\"\n" -" password: \"admin\"\n" +"HTTPS certificates to access the registry or the git repositories should be " +"deployed to the client by a custom state file." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:143 -msgid "Save the configuration file." +#: modules/administration/pages/image-management.adoc:130 +msgid "SSH git access using Docker is currently unsupported." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:144 -msgid "Restart the Prometheus service:" +#: modules/administration/pages/image-management.adoc:131 +msgid "" +"If the [package]#python# and [package]#python-xml# packages are not " +"installed in your images during the build process, reporting of installed " +"packages or products will fail. This will result in an ``unknown`` update " +"status." msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:147 +#. type: Title == +#: modules/administration/pages/image-management.adoc:132 #, no-wrap -msgid "systemctl restart prometheus\n" +msgid "OS Images" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:150 +#: modules/administration/pages/image-management.adoc:133 msgid "" -"For more information about the Prometheus configuration options, see the " -"official Prometheus documentation at https://prometheus.io/docs/prometheus/" -"latest/configuration/configuration/" -msgstr "" - -#. type: Title === -#: modules/administration/pages/monitoring.adoc:153 -#, no-wrap -msgid "Install Grafana" +"OS Images are built by the Kiwi image system. The output image is " +"customizable and can be PXE, QCOW2, LiveCD, or other types of images." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:157 +#: modules/administration/pages/image-management.adoc:134 msgid "" -"If your monitoring server is a {productname} Salt client, you can install " -"the Grafana package using the {productname} {webui}. Otherwise you can " -"download and install the package on your monitoring server manually." -msgstr "" - -#. type: Block title -#: modules/administration/pages/monitoring.adoc:160 -#, no-wrap -msgid "Procedure: Installing Grafana Using the {webui}" +"For more information about the Kiwi build system, see the https://doc." +"opensuse.org/projects/kiwi/doc/[Kiwi documentation]." msgstr "" +#. SLE15 images support is not yet released for SUMA4, will be part of SUMA4.0.4 as tech preview +#. From {sles}{nbsp}15, ``kiwi-ng`` is used instead of the legacy Kiwi. #. type: Plain text -#: modules/administration/pages/monitoring.adoc:162 +#: modules/administration/pages/image-management.adoc:136 msgid "" -"In the {productname} {webui}, open the details page of the system where " -"Grafana is to be installed, and navigate to the [guimenu]``Formulas`` tab." +"The Kiwi image building feature is available for Salt clients running {sles}" +"{nbsp}12 and {sles}{nbsp}11." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:163 +#: modules/administration/pages/image-management.adoc:137 msgid "" -"Check the [guimenu]``Grafana`` checkbox to enable monitoring formulas, and " -"click btn:[Save]." +"Kiwi image configuration files and configuration scripts must be accessible " +"in one of these locations:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:164 -msgid "Navigate to the ``Grafana`` tab in the top menu." +#: modules/administration/pages/image-management.adoc:138 +msgid "Git repository" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:165 -msgid "" -"In the ``Enable and configure Grafana`` section, enter the admin credentials " -"you want to use to log in Grafana." +#: modules/administration/pages/image-management.adoc:139 +msgid "HTTP hosted tarball" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:166 -msgid "" -"On the ``Datasources`` section, make sure that the Prometheus URL field " -"points to the system where Prometheus is running." +#: modules/administration/pages/image-management.adoc:140 +msgid "Local build host directory" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:170 +#: modules/administration/pages/image-management.adoc:141 msgid "" -"Check that the Grafana interface is loading correctly. In your browser, " -"navigate to the URL of the server where Grafana is installed, on port 3000 " -"(for example, [literal]``http://example.com:3000``)." +"For an example of a complete Kiwi repository served by git, see https://" +"github.com/SUSE/manager-build-profiles/tree/master/OSImage" msgstr "" #. type: delimited block = -#: modules/administration/pages/monitoring.adoc:175 +#: modules/administration/pages/image-management.adoc:142 msgid "" -"{productname} provides pre-built dashboards for server self-health, basic " -"client monitoring, and more. You can choose which dashboards to provision " -"in the formula configuration page." +"You will need at least 1{nbsp}GB of RAM available for Hosts running OS " +"Images built with Kiwi. Disk space depends on the actual size of the " +"image. For more information, see the documentation of the underlying system." msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:180 -#, no-wrap -msgid "Procedure: Manually Installing Grafana" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:143 +msgid "" +"The build host must be a Salt client. Do not install the build host as a " +"traditional client." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:183 -msgid "Install the [package]``grafana`` package:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:186 -#, no-wrap -msgid "zypper in grafana\n" +#: modules/administration/pages/image-management.adoc:145 +msgid "" +"To build all kinds of images with {productname}, create and configure a " +"build host. OS Image build hosts are Salt clients running on {sles}{nbsp}15 " +"SP2, {sles}{nbsp}12 (SP3 or later) or {sles}{nbsp}11 SP4." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:188 -msgid "Enable the Grafana service:" +#: modules/administration/pages/image-management.adoc:146 +msgid "" +"This procedure will guide you through the initial configuration for a build " +"host." msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:191 -#, no-wrap -msgid "systemctl enable --now grafana-server\n" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:147 +msgid "" +"The operating system on the build host must match the operating system on " +"the targeted image." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:194 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:148 msgid "" -"Check that the Grafana interface is loading correctly. In your browser, " -"navigate to the URL of the server where Grafana is installed, on port 3000 " -"(for example, [literal]``http://example.com:3000``)." +"For example, build {sles}{nbsp}15 based images on a build host running {sles}" +"{nbsp}15 SP2 OS version. Build {sles}{nbsp}12 based images on a build host " +"running {sles}{nbsp}12 SP4 or {sles}{nbsp}12 SP3 OS version. Build {sles}" +"{nbsp}11 based images on a build host running {sles}{nbsp}11 SP4 OS version." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/monitoring.adoc:195 -#, no-wrap -msgid "monitoring_grafana_example.png" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:149 +msgid "Configure the build host in the {productname} {webui}:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:198 +#: modules/administration/pages/image-management.adoc:150 msgid "" -"For more information on how to manually install and configure Grafana, see " -"https://grafana.com/docs." +"Select a client that will be designated as a build host from the menu:" +"Systems[Overview] page." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:200 +#: modules/administration/pages/image-management.adoc:151 msgid "" -"For more information about the monitoring formulas with forms, see xref:salt:" -"formula-monitoring.adoc[]." +"Navigate to the menu:System Details[Properties] tab, enable the " +"[guimenu]``Add-on System Type`` [guimenu]``OS Image Build Host``. Confirm " +"with btn:[Update Properties]." msgstr "" -#. type: Title == -#: modules/administration/pages/monitoring.adoc:203 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:152 #, no-wrap -msgid "Configure {productname} Monitoring" +msgid "os-image-build-host.png" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:206 +#: modules/administration/pages/image-management.adoc:153 msgid "" -"With {productname}{nbsp}4, you can enable the server to expose Prometheus " -"self-health metrics, and also install and configure exporters on client " -"systems." -msgstr "" - -#. type: Title === -#: modules/administration/pages/monitoring.adoc:209 -#, no-wrap -msgid "Server Self Monitoring" +"Navigate to menu:System Details[Software > Software Channels], and enable " +"the required software channels depending on the build host version." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:213 +#: modules/administration/pages/image-management.adoc:154 msgid "" -"The Server self-health metrics cover hardware, operating system and " -"{productname} internals. These metrics are made available by " -"instrumentation of the Java application, combined with Prometheus exporters." +"{sles}{nbsp}11 build hosts require {productname} Client tools (``SLE-Manager-" +"Tools11-Pool`` and ``SLE-Manager-Tools11-Updates``)." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:215 -msgid "These exporter packages are shipped with {productname} Server:" +#: modules/administration/pages/image-management.adoc:155 +msgid "" +"{sles}{nbsp}12 build hosts require {productname} Client tools (``SLE-Manager-" +"Tools12-Pool`` and ``SLE-Manager-Tools12-Updates``)." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:218 -#: modules/administration/pages/monitoring.adoc:229 -#: modules/administration/pages/monitoring.adoc:265 +#: modules/administration/pages/image-management.adoc:156 msgid "" -"Node exporter: [systemitem]``golang-github-prometheus-node_exporter``. See " -"https://github.com/prometheus/node_exporter." +"{sles}{nbsp}15 build hosts require {sles} modules ``SLE-Module-DevTools15-" +"SP2-Pool`` and ``SLE-Module-DevTools15-SP2-Updates``. Schedule and click " +"btn:[Confirm]." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:220 -#: modules/administration/pages/monitoring.adoc:267 +#: modules/administration/pages/image-management.adoc:157 msgid "" -"PostgreSQL exporter: [systemitem]``golang-github-wrouesnel-" -"postgres_exporter``. See https://github.com/wrouesnel/postgres_exporter." +"Install Kiwi and all required packages by applying `Highstate`. From the " +"system details page select menu:States[Highstate] and click btn:[Apply " +"Highstate]. Alternatively, apply Highstate from the {productname} Server " +"command line:" +msgstr "" + +#. type: Block title +#: modules/administration/pages/image-management.adoc:159 +#, no-wrap +msgid "{productname} Web Server Public Certificate RPM" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:222 +#: modules/administration/pages/image-management.adoc:160 msgid "" -"JMX exporter: [systemitem]``prometheus-jmx_exporter``. See https://github." -"com/prometheus/jmx_exporter." +"Build host provisioning copies the {productname} certificate RPM to the " +"build host. This certificate is used for accessing repositories provided by " +"{productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:224 -#: modules/administration/pages/monitoring.adoc:269 +#: modules/administration/pages/image-management.adoc:161 msgid "" -"Apache exporter: [systemitem]``golang-github-lusitaniae-apache_exporter``. " -"See https://github.com/Lusitaniae/apache_exporter." +"The certificate is packaged in RPM by the `mgr-package-rpm-certificate-" +"osimage` package script. The package script is called automatically during " +"a new {productname} installation." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:226 -msgid "These exporter packages are shipped with {productname} Proxy:" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:231 -msgid "" -"Squid exporter: [systemitem]``golang-github-boynux-squid_exporter``. See " -"https://github.com/boynux/squid-exporter." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:233 +#: modules/administration/pages/image-management.adoc:162 msgid "" -"The exporter packages are pre-installed in {productname} Server and Proxy, " -"but their respective systemd daemons are disabled by default." +"When you upgrade the `spacewalk-certs-tools` package, the upgrade scenario " +"will call the package script using the default values. However if the " +"certificate path was changed or unavailable, you will need to call the " +"package script manually using `--ca-cert-full-path ` " +"after the upgrade procedure has finished." msgstr "" #. type: Block title -#: modules/administration/pages/monitoring.adoc:236 +#: modules/administration/pages/image-management.adoc:163 #, no-wrap -msgid "Procedure: Enabling Self Monitoring" +msgid "Package script call example" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:239 -msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Manager Configuration > " -"Monitoring]." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:164 +#, no-wrap +msgid "/usr/sbin/mgr-package-rpm-certificate-osimage --ca-cert-full-path /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:240 -msgid "Click btn:[Enable services]." +#: modules/administration/pages/image-management.adoc:165 +msgid "" +"The RPM package with the certificate is stored in a salt-accessible " +"directory such as:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:241 -msgid "Restart Tomcat and Taskomatic." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:166 +#, no-wrap +msgid "/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-osimage-1.0-1.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:242 +#: modules/administration/pages/image-management.adoc:167 msgid "" -"Navigate to the URL of your Prometheus server, on port 9090 (for example, " -"[literal]``http://example.com:9090``)" +"The RPM package with the certificate is provided in the local build host " +"repository:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:243 -msgid "" -"In the Prometheus UI, navigate to menu:[Status > Targets] and confirm that " -"all the endpoints on the ``mgr-server`` group are up." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:168 +#, no-wrap +msgid "/var/lib/Kiwi/repo\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:244 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:169 msgid "" -"If you have also installed Grafana with the {webui}, the server insights " -"will be visible on the {productname} Server dashboard." +"Specify the RPM package with the {productname} SSL certificate in the build " +"source, and make sure your Kiwi configuration contains ``rhn-org-trusted-ssl-" +"cert-osimage`` as a required package in the ``bootstrap`` section." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/monitoring.adoc:245 +#. type: Block title +#: modules/administration/pages/image-management.adoc:170 #, no-wrap -msgid "monitoring_enable_services.png" +msgid "config.xml" msgstr "" -#. type: delimited block = -#: modules/administration/pages/monitoring.adoc:252 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:171 +#, no-wrap msgid "" -"Only server self-health monitoring can be enabled using the {webui}. " -"Metrics for a proxy are not automatically collected by Prometheus. To " -"enable self-health monitoring on a proxy, you will need to manually install " -"exporters and enable them." +"...\n" +" \n" +" ...\n" +" \n" +" \n" +"...\n" msgstr "" #. type: Title === -#: modules/administration/pages/monitoring.adoc:256 +#: modules/administration/pages/image-management.adoc:172 #, no-wrap -msgid "Monitoring Managed Systems" +msgid "Create an Activation Key for OS Images" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:260 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:173 msgid "" -"Prometheus metrics exporters can be installed and configured on Salt clients " -"using formulas. The packages are available from the {productname} client " -"tools channels, and can be enabled and configured directly in the " -"{productname} {webui}." +"Create an activation key associated with the channel that your OS Images " +"will use as repositories when building the image." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:262 -msgid "These exporters can be installed on managed systems:" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:174 +msgid "Activation keys are mandatory for OS Image building." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:272 +#: modules/administration/pages/image-management.adoc:175 msgid "" -"When you have the exporters installed and configured, you can start using " -"Prometheus to collect metrics from monitored systems. If you have " -"configured your monitoring server with the {webui}, metrics collection will " -"happen automatically." +"To build OS Images, you will need an activation key that is associated with " +"a channel other than `SUSE Manager Default`." msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:275 -#, no-wrap -msgid "Procedure: Configuring Prometheus Exporters on a Client" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:177 +msgid "In the {webui}, select menu:Systems[Activation Keys]." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:278 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:178 +msgid "Click [guimenu]``Create Key``." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:179 msgid "" -"In the {productname} {webui}, open the details page of the client to be " -"monitored, and navigate to the menu:Formulas tab." +"Enter a [guimenu]``Description``, a [guimenu]``Key`` name, and use the drop-" +"down box to select a [guimenu]``Base Channel`` to associate with the key." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:279 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:183 msgid "" -"Check the [guimenu]``Enabled`` checkbox on the ``Prometheus Exporters`` " -"formula." +"OS Images can require a significant amount of storage space. Therefore, we " +"recommended that the OS Image store is located on a partition of its own or " +"on a Btrfs subvolume, separate from the root partition. By default, the " +"image store will be located at [path]``/srv/www/os-images``." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:281 -msgid "Navigate to the menu:Formulas[Prometheus Exporters] tab." +#: modules/administration/pages/image-management.adoc:184 +msgid "" +"Image stores for Kiwi build type, used to build system, virtual, and other " +"images, are not supported yet." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:283 +#: modules/administration/pages/image-management.adoc:185 msgid "" -"Select the exporters you want to enable and customize arguments according to " -"your needs. The [guimenu]``Address`` field accepts either a port number " -"preceded by a colon (``:9100``), or a fully resolvable address " -"(``example:9100``)." +"Images are always stored in [path]``/srv/www/os-images/`` " +"and are accessible via HTTP/HTTPS [url]``https:///os-" +"images/``." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:285 -msgid "Apply the highstate." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:187 +msgid "Manage image profiles using the {webui}." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:190 +msgid "" +"To create an image profile select from menu:Images[Profiles] and click btn:" +"[Create]." msgstr "" #. type: Target for macro image -#: modules/administration/pages/monitoring.adoc:286 +#: modules/administration/pages/image-management.adoc:191 #, no-wrap -msgid "monitoring_configure_formula.png" +msgid "images_image_create_profile_kiwi.png" msgstr "" #. type: delimited block = -#: modules/administration/pages/monitoring.adoc:291 +#: modules/administration/pages/image-management.adoc:192 msgid "" -"Monitoring formulas can also be configured for System Groups, by applying " -"the same configuration used for individual systems inside the corresponding " -"group." +"In the [guimenu]``Label`` field, provide a name for the `Image Profile`." msgstr "" -#. type: Title == -#: modules/administration/pages/monitoring.adoc:299 -#, no-wrap -msgid "Network Boundaries" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:193 +msgid "Use `Kiwi` as the [guimenu]``Image Type``." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:303 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:194 +msgid "Image store is automatically selected." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:195 msgid "" -"Prometheus fetches metrics using a pull mechanism, so the server must be " -"able to establish TCP connections to monitored clients. By default, " -"Prometheus uses these ports:" +"Enter a [guimenu]``Config URL`` to the directory containing the Kiwi " +"configuration files:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:305 -msgid "Node exporter: 9100" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:196 +msgid "git URI" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:306 -msgid "PostgreSQL exporter: 9187" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:197 +msgid "HTTPS tarball" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:307 -msgid "Apache exporter: 9117" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:198 +msgid "Path to build host local directory" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:309 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:199 msgid "" -"Additionally, if you are running the alert manager on a different host than " -"where you run Prometheus, you will also need to open port 9093." +"Select an [guimenu]``Activation Key``. Activation keys ensure that images " +"using a profile are assigned to the correct channel and packages." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:311 +#: modules/administration/pages/image-management.adoc:200 msgid "" -"For clients installed on cloud instances, you can add the required ports to " -"a security group that has access to the monitoring server." +"Associate an activation key with an image profile to ensure the image " +"profile uses the correct software channel, and any packages." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:315 -msgid "" -"Alternatively, you can deploy a Prometheus instance in the exporters' local " -"network, and configure federation. This allows the main monitoring server " -"to scrape the time series from the local Prometheus instance. If you use " -"this method, you only need to open the Prometheus API port, which is 9090." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:201 +msgid "Confirm with the btn:[Create] button." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:317 -msgid "" -"For more information on Prometheus federation, see https://prometheus.io/" -"docs/prometheus/latest/federation/." +#. type: Block title +#: modules/administration/pages/image-management.adoc:202 +#, no-wrap +msgid "Source format options" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:320 -msgid "" -"You can also proxy requests through the network boundary. Tools like " -"PushProx deploy a proxy and a client on both sides of the network barrier " -"and allow Prometheus to work across network topologies such as NAT." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:203 +msgid "git/HTTP(S) URL to the repository" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:322 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:204 msgid "" -"For more information on PushProx, see https://github.com/RobustPerception/" -"PushProx." +"URL to the git repository containing the sources of the image to be built. " +"Depending on the layout of the repository the URL can be:" msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:325 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:205 #, no-wrap -msgid "Reverse Proxy Setup" +msgid "https://github.com/SUSE/manager-build-profiles\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:329 +#: modules/administration/pages/image-management.adoc:206 msgid "" -"Prometheus fetches metrics using a pull mechanism, so the server must be " -"able to establish TCP connections to each exporter on the monitored " -"clients. To simplify your firewall configuration, you can use reverse proxy " -"for your exporters. This way all metrics will be exposed on a single port." +"You can specify a branch after the `#` character in the URL. In this " +"example, we use the `master` branch:" msgstr "" -#. Probably a diagram here. --LKB 2020-08-11 -#. type: Block title -#: modules/administration/pages/monitoring.adoc:334 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:207 #, no-wrap -msgid "Procedure: Installing Prometheus Exporters with Reverse Proxy" +msgid "https://github.com/SUSE/manager-build-profiles#master\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:336 +#: modules/administration/pages/image-management.adoc:208 msgid "" -"In the {productname} {webui}, open the details page of the system to be " -"monitored, and navigate to the [guimenu]``Formulas`` tab." +"You can specify a directory that contains the image sources after the `:` " +"character. In this example, we use `OSImage/POS_Image-JeOS6`:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:337 -msgid "" -"Check the [guimenu]``Prometheus Exporters`` checkbox to enable the exporters " -"formula, and click btn:[Save]." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:209 +#, no-wrap +msgid "https://github.com/SUSE/manager-build-profiles#master:OSImage/POS_Image-JeOS6\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:338 -msgid "Navigate to the ``Prometheus Exporters`` tab in the top menu." +#: modules/administration/pages/image-management.adoc:210 +msgid "HTTP(S) URL to the tarball" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:340 +#: modules/administration/pages/image-management.adoc:211 msgid "" -"Check the [guimenu]``Enable reverse proxy`` option, and enter a valid " -"reverse proxy port number. For example, ``9999``." +"URL to the tar archive, compressed or uncompressed, hosted on the webserver." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:341 -msgid "Customize the other exporters according to your needs." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:212 +#, no-wrap +msgid "https://myimagesourceserver.example.org/MyKiwiImage.tar.gz\n" msgstr "" -#. type: Title = -#: modules/administration/pages/openscap.adoc:2 -#, no-wrap -msgid "System Security with OpenSCAP" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:213 +msgid "Path to the directory on the build host" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:7 +#: modules/administration/pages/image-management.adoc:214 msgid "" -"{productname} uses OpenSCAP to audit clients. It allows you to schedule and " -"view compliance scans for any client." +"Enter the path to the directory with the Kiwi build system sources. This " +"directory must be present on the selected build host." +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:215 +#, no-wrap +msgid "/var/lib/Kiwi/MyKiwiImage\n" +msgstr "" + +#. type: Title ==== +#: modules/administration/pages/image-management.adoc:216 +#, no-wrap +msgid "Example of Kiwi Sources" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:217 +msgid "" +"Kiwi sources consist at least of `config.xml`. Usually, `config.sh` and " +"`images.sh` are present as well. Sources can also contain files to be " +"installed in the final image under the `root` subdirectory." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:218 +msgid "" +"For information about the Kiwi build system, see the https://doc.opensuse." +"org/projects/kiwi/doc/[Kiwi documentation]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:219 +msgid "" +"{suse} provides examples of fully functional image sources at the https://" +"github.com/SUSE/manager-build-profiles[SUSE/manager-build-profiles] public " +"GitHub repository." +msgstr "" + +#. type: Block title +#: modules/administration/pages/image-management.adoc:220 +#, no-wrap +msgid "Example of JeOS config.xml" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:221 +#, no-wrap +msgid "\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:222 +#, no-wrap +msgid "" +"\n" +" \n" +" Admin User\n" +" noemail@example.com\n" +" SUSE Linux Enterprise 12 SP3 JeOS\n" +" \n" +" \n" +" 6.0.0\n" +" zypper\n" +" SLE\n" +" SLE\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:223 +#, no-wrap +msgid "" +" en_US\n" +" us.map.gz\n" +" Europe/Berlin\n" +" utc\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:224 +#, no-wrap +msgid "" +" true\n" +" \n" +" \n" +" \n" +" \n" +" \n" +" \n" +" \n" +" \n" +" ...\n" +" \n" +" \n" +" ...\n" +" \n" +" \n" +" \n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:225 +#, no-wrap +msgid "" +" \n" +" \n" +" \n" +" \n" +" ...\n" +" \n" +"\n" +msgstr "" + +#. ianew: admin/image-management.adoc +#. iawho: lana 2019-02-27 +#. type: Plain text +#: modules/administration/pages/image-management.adoc:227 +msgid "" +"There are two ways to build an image using the {webui}. Either select menu:" +"Images[Build], or click the build icon in the menu:Images[Profiles] list." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:231 +msgid "" +"Add a different tag name if you want a version other than the default " +"``latest`` (applies only to containers)." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:232 +msgid "Select the [guimenu]``Image Profile`` and a [guimenu]``Build Host``." msgstr "" #. type: delimited block = -#: modules/administration/pages/openscap.adoc:11 -msgid "OpenSCAP auditing is not available on Salt SSH clients." +#: modules/administration/pages/image-management.adoc:233 +msgid "" +"A [guimenu]``Profile Summary`` is displayed to the right of the build " +"fields. When you have selected a build profile, detailed information about " +"the selected profile will show up in this area." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:14 +#: modules/administration/pages/image-management.adoc:234 +msgid "To schedule a build, click the btn:[Build] button." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:235 +msgid "" +"The build server cannot run any form of automounter during the image " +"building process. If applicable, ensure that you do not have your Gnome " +"session running as root. If an automounter is running, the image build will " +"finish successfully, but the checksum of the image will be different and " +"will fail later." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:236 +msgid "" +"After the image is successfully built, the inspection phase begins. During " +"the inspection phase {susemgr} collects information about the image:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:237 +msgid "List of packages installed in the image" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:238 +msgid "Checksum of the image" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:239 +msgid "Image type and other image details" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:240 +msgid "" +"If the built image type is `PXE`, a Salt pillar will also be generated. " +"Image pillars are stored in the `/srv/susemanager/pillar_data/images/` " +"directory and the Salt subsystem can access details about the generated " +"image. Details include where the pillar is located and provided, image " +"checksums, information needed for network boot, and more." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:241 +msgid "The generated pillar is available to all connected clients." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:243 +msgid "" +"Building an image requires several dependent steps. When the build fails, " +"investigating Salt states results can help identify the source of the " +"failure. You can carry out these checks when the build fails:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:244 +msgid "The build host can access the build sources" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:245 +msgid "" +"There is enough disk space for the image on both the build host and the " +"{productname} server" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:246 +msgid "The activation key has the correct channels associated with it" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:247 +msgid "The build sources used are valid" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:248 +msgid "" +"The RPM package with the {productname} public certificate is up to date and " +"available at `/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-" +"osimage-1.0-1.noarch.rpm`. For more on how to refresh a public certificate " +"RPM, see <>." +msgstr "" + +#. type: Title === +#: modules/administration/pages/image-management.adoc:249 +#, no-wrap +msgid "Limitations" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:250 +msgid "The section contains some known issues when working with images." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:251 msgid "" -"To use openSCAP, you will need the [systemitem]``spacewalk-oscap`` package " -"installed on the clients you want to audit." +"HTTPS certificates used to access the HTTP sources or git repositories " +"should be deployed to the client by a custom state file, or configured " +"manually." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:252 +msgid "Importing Kiwi-based images is not supported." msgstr "" #. type: Title == -#: modules/administration/pages/openscap.adoc:17 +#: modules/administration/pages/image-management.adoc:253 #, no-wrap -msgid "About SCAP" +msgid "List Image Profiles Available for Building" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:21 +#: modules/administration/pages/image-management.adoc:254 msgid "" -"The Security Certification and Authorization Package (SCAP) is a " -"standardized compliance checking solution for enterprise-level Linux " -"infrastructures. It is a line of specifications maintained by the National " -"Institute of Standards and Technology (NIST) for maintaining system security " -"for enterprise systems." +"To list images available for building select menu:Images[Image List]. A " +"list of all images will be displayed." +msgstr "" + +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:255 +#, no-wrap +msgid "images_list_images.png" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:256 +msgid "" +"Displayed data about images includes an image [guimenu]``Name``, its " +"[guimenu]``Version`` and the build [guimenu]``Status``. You will also see " +"the image update status with a listing of possible patch and package updates " +"that are available for the image." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:257 +msgid "" +"Clicking the btn:[Details] button on an image will provide a detailed view. " +"The detailed view includes an exact list of relevant patches and a list of " +"all packages installed within the image." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:258 +msgid "" +"The patch and the package list is only available if the inspect state after " +"a build was successful." +msgstr "" + +#. type: Title = +#: modules/administration/pages/iss.adoc:1 +#, no-wrap +msgid "Inter-Server Synchronization" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:2 +msgid "" +"If you have more than one {productname} installation, you need to ensure " +"that they stay aligned on content and permissions. Inter-Server " +"Synchronization (ISS) allows you to connect two or more {productname} " +"Servers and keep them up-to-date." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:3 +msgid "" +"To set up ISS, you need to define one {productname} Server as a master, with " +"the other as a slave. If conflicting configurations exist, the system will " +"prioritize the master configuration." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/iss.adoc:4 +msgid "" +"ISS Masters are masters only because they have slaves attached to them. " +"This means that you need to set up the ISS Master first, by defining its " +"slaves. You can then set up the ISS Slaves, by attaching them to a master." +msgstr "" + +#. type: Block title +#: modules/administration/pages/iss.adoc:5 +#, no-wrap +msgid "Procedure: Setting up an ISS Master" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:6 +msgid "" +"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " +"Master Setup], and click btn:[Add new slave]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:7 +msgid "" +"In the [guimenu]``Edit Slave Details`` dialog, provide these details for the " +"ISS Master's first slave:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:8 +msgid "" +"In the [guimenu]``Slave Fully-Qualified Domain Name`` field, enter the FQDN " +"of the ISS Slave." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:9 +msgid "For example: [systemitem]``server2.example.com``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:10 +msgid "" +"Check the [guimenu]``Allow Slave to Sync?`` checkbox to enable the slave to " +"synchronize with the master." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:11 +msgid "" +"Check the [guimenu]``Sync All Orgs to Slave?`` checkbox to synchronize all " +"organizations to this slave." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:12 +msgid "Click btn:[Create] to add the ISS slave." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:13 +msgid "" +"In the [guimenu]``Allow Export of the Selected Organizations`` section, " +"check the organizations you want to allow this slave to export to the " +"master, and click btn:[Allow Orgs]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:14 +msgid "" +"Before you set up the ISS Slave, you will need to ensure you have the " +"appropriate CA certificate." +msgstr "" + +#. type: Block title +#: modules/administration/pages/iss.adoc:15 +#, no-wrap +msgid "Procedure: Copying the Master CA Certificate to an ISS Slave" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:16 +msgid "" +"On the ISS Master, locate the CA Certificate at ``/srv/www/htdocs/pub/RHN-" +"ORG-TRUSTED-SSL-CERT`` and create a copy that can be transferred to the " +"ISS Slave." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:17 +msgid "" +"On the ISS Slave, save the CA certificate file to the ``/etc/pki/trust/" +"anchors/`` directory." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:18 +msgid "When you have copied the certificate, you can set up the ISS Slave." +msgstr "" + +#. type: Block title +#: modules/administration/pages/iss.adoc:19 +#, no-wrap +msgid "Procedure: Setting up an ISS Slave" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:20 +msgid "" +"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " +"Slave Setup], and click btn:[Add new master]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:21 +msgid "" +"In the [guimenu]``Details for new Master`` dialog, provide these details for " +"the server to use as the ISS master:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:22 +msgid "" +"In the [guimenu]``Master Fully-Qualified Domain Name`` field, enter the FQDN " +"of the ISS Master for this slave." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:23 +msgid "For example: ``server1.example.com``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:24 +msgid "" +"In the [guimenu]``Filename of this Master's CA Certificate`` field, enter " +"the absolute path to the CA certificate on the ISS master." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:25 +msgid "This should be ``/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:26 +msgid "Click btn:[Add new master] to add the ISS Slave to this master." +msgstr "" + +#. type: Block title +#: modules/administration/pages/iss.adoc:27 +#, no-wrap +msgid "Procedure: Completing ISS Setup" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:28 +msgid "" +"At the command prompt on the ISS Slave, synchronize with the ISS Master:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/iss.adoc:29 +#, no-wrap +msgid "mgr-inter-sync\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/iss.adoc:30 +msgid "OPTIONAL: To synchronize a single channel, use this command:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/iss.adoc:31 +#, no-wrap +msgid "mgr-inter-sync -c \n" +msgstr "" + +#. Need to double check this against the UI. --LKB 2020-04-08 +#. type: Plain text +#: modules/administration/pages/iss.adoc:32 +msgid "" +"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " +"Configure Master-to-Slave Mappings] and select the organizations you want to " +"synchronize." +msgstr "" + +#. type: Title = +#: modules/administration/pages/live-patching-channel-setup.adoc:1 +#, no-wrap +msgid "Set up Channels for Live Patching" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:2 +msgid "" +"A reboot is required every time you update the full kernel package. " +"Therefore, it is important that clients using Live Patching do not have " +"newer kernels available in the channels they are assigned to. Clients using " +"live patching have updates for the running kernel in the live patching " +"channels." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:3 +msgid "There are two ways to manage channels for live patching:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:4 +msgid "" +"Use content lifecycle management to clone the product tree and remove kernel " +"versions newer than the running one. This procedure is explained in the " +"xref:content-lifecycle-examples.adoc#enhance-project-with-" +"livepatching[Content Livecycle Management Examples]. This is the " +"recommended solution." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:5 +msgid "" +"Alternatively, use the `spacewalk-manage-channel-lifecycle` tool. This " +"procedure is more manual and requires command line tools as well as the " +"{webui}. This procedure is explained in this section for SLES{nbsp}15 SP1, " +"but it also works for SLE{nbsp}12 SP4 or later." +msgstr "" + +#. type: Title == +#: modules/administration/pages/live-patching-channel-setup.adoc:6 +#, no-wrap +msgid "Use spacewalk-manage-channel-lifecycle for Live Patching" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:7 +msgid "" +"Cloned vendor channels should be prefixed by ``dev`` for development, " +"``testing``, or ``prod`` for production. In this procedure, you will create " +"a ``dev`` cloned channel and then promote the channel to ``testing``." +msgstr "" + +#. type: Block title +#: modules/administration/pages/live-patching-channel-setup.adoc:8 +#, no-wrap +msgid "Procedure: Cloning Live Patching Channels" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:9 +msgid "" +"At the command prompt on the client, as root, obtain the current package " +"channel tree:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:10 +#, no-wrap +msgid "" +"# spacewalk-manage-channel-lifecycle --list-channels\n" +"Spacewalk Username: admin\n" +"Spacewalk Password:\n" +"Channel tree:\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:11 +#, no-wrap +msgid "" +" 1. sles15-{sp-vert}-pool-x86_64\n" +" \\__ sle-live-patching15-pool-x86_64-{sp-vert}\n" +" \\__ sle-live-patching15-updates-x86_64-{sp-vert}\n" +" \\__ sle-manager-tools15-pool-x86_64-{sp-vert}\n" +" \\__ sle-manager-tools15-updates-x86_64-{sp-vert}\n" +" \\__ sles15-{sp-vert}-updates-x86_64\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:12 +msgid "" +"Use the [command]``spacewalk-manage-channel`` command with the " +"[option]``init`` argument to automatically create a new development clone of " +"the original vendor channel:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:13 +#, no-wrap +msgid "spacewalk-manage-channel-lifecycle --init -c sles15-{sp-vert}-pool-x86_64\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:14 +msgid "" +"Check that [systemitem]``dev-sles15-{sp-vert}-updates-x86_64`` is available " +"in your channel list." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:15 +msgid "" +"Check the ``dev`` cloned channel you created, and remove any kernel updates " +"that require a reboot." +msgstr "" + +#. type: Block title +#: modules/administration/pages/live-patching-channel-setup.adoc:16 +#, no-wrap +msgid "Procedure: Removing Non-Live Kernel Patches from Cloned Channels" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:17 +msgid "" +"Check the current kernel version by selecting the client from menu:" +"Systems[System List], and taking note of the version displayed in the " +"[guimenu]``Kernel`` field." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:18 +msgid "" +"In the {productname} {webui}, select the client from menu:Systems[Overview], " +"navigate to the menu:Software[Manage > Channels] tab, and select " +"[systemitem]``dev-sles15-sp{sp-vert}-updates-x86_64``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:19 +msgid "" +"Navigate to the [guimenu]``Patches`` tab, and click btn:[List/Remove " +"Patches]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:20 +msgid "" +"In the search bar, type [systemitem]``kernel`` and identify the kernel " +"version that matches the kernel currently used by your client." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:21 +msgid "" +"Remove all kernel versions that are newer than the currently installed " +"kernel." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:22 +msgid "" +"Your channel is now set up for live patching, and can be promoted to " +"``testing``. In this procedure, you will also add the live patching child " +"channels to your client, ready to be applied." +msgstr "" + +#. type: Block title +#: modules/administration/pages/live-patching-channel-setup.adoc:23 +#, no-wrap +msgid "Procedure: Promoting Live Patching Channels" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:24 +msgid "" +"At the command prompt on the client, as `root`, promote and clone the `dev-" +"sles15-{sp-vert}-pool-x86_64` channel to a new ``testing`` channel:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:25 +#, no-wrap +msgid "# spacewalk-manage-channel-lifecycle --promote -c dev-sles15-{sp-vert}-pool-x86_64\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:26 +msgid "" +"In the {productname} {webui}, select the client from menu:Systems[Overview], " +"and navigate to the menu:Software[Software Channels] tab." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:27 +msgid "" +"Check the new [systemitem]``test-sles15-sp{sp-vert}-pool-x86_64`` custom " +"channel to change the base channel, and check both corresponding live " +"patching child channels." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:28 +msgid "" +"Click btn:[Next], confirm that the details are correct, and click btn:" +"[Confirm] to save the changes." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:29 +msgid "" +"You can now select and view available CVE patches, and apply these important " +"kernel updates with Live Patching." +msgstr "" + +#. type: Title = +#: modules/administration/pages/live-patching-sles12.adoc:1 +#, no-wrap +msgid "Live Patching on SLES{nbsp}12" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:2 +msgid "" +"On SLES{nbsp}12 systems, live patching is managed by kGraft. For in depth " +"information covering kGraft use, see https://documentation.suse.com/sles/12-" +"SP4/html/SLES-all/cha-kgraft.html." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:3 +#: modules/administration/pages/live-patching-sles15.adoc:3 +msgid "Before you begin, ensure:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:4 +#: modules/administration/pages/live-patching-sles15.adoc:4 +msgid "{productname} is fully updated." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:5 +msgid "You have one or more Salt clients running SLES{nbsp}12 (SP1 or later)." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:6 +msgid "Your SLES{nbsp}12 Salt clients are registered with {productname}." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:7 +msgid "" +"You have access to the SLES{nbsp}12 channels appropriate for your " +"architecture, including the live patching child channel (or channels)." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:8 +#: modules/administration/pages/live-patching-sles15.adoc:8 +msgid "The clients are fully synchronized." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:9 +#: modules/administration/pages/live-patching-sles15.adoc:9 +msgid "Assign the clients to the cloned channels prepared for live patching." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:10 +#: modules/administration/pages/live-patching-sles15.adoc:10 +#, fuzzy +msgid "" +"For more information on preparation, see xref:administration:live-patching-" +"channel-setup.adoc[]." +msgstr "" +"Další informace o certifikátech podepsaných samy sebou najdete v dokumentu " +"xref:administration:ssl-certs-selfsigned.adoc[]." + +#. type: Block title +#: modules/administration/pages/live-patching-sles12.adoc:11 +#: modules/administration/pages/live-patching-sles15.adoc:11 +#, no-wrap +msgid "Procedure: Setting up for Live Patching" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:12 +msgid "" +"Select the client you want to manage with Live Patching from menu:" +"Systems[Overview], and on the system details page navigate to the menu:" +"Software[Packages > Install] tab." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:13 +msgid "Search for the [systemitem]``kgraft`` package, and install it." +msgstr "" + +#. type: Target for macro image +#: modules/administration/pages/live-patching-sles12.adoc:14 +#, no-wrap +msgid "enable_live_patching_kgraft_install.png" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:15 +#: modules/administration/pages/live-patching-sles15.adoc:15 +msgid "Apply the highstate to enable Live Patching, and reboot the client." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:16 +#: modules/administration/pages/live-patching-sles15.adoc:16 +msgid "Repeat for each client that you want to manage with Live Patching." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:17 +msgid "" +"To check that live patching has been enabled correctly, select the client " +"from menu:Systems[System List], and ensure that [systemitem]``Live " +"Patching`` appears in the [guimenu]``Kernel`` field." +msgstr "" + +#. type: Block title +#: modules/administration/pages/live-patching-sles12.adoc:18 +#: modules/administration/pages/live-patching-sles15.adoc:18 +#, no-wrap +msgid "Procedure: Applying Live Patches to a Kernel" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:19 +#: modules/administration/pages/live-patching-sles15.adoc:19 +msgid "" +"In the {productname} {webui}, select the client from menu:Systems[Overview]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:20 +#: modules/administration/pages/live-patching-sles15.adoc:20 +msgid "" +"You will see a banner at the top of the screen showing the number of " +"critical and non-critical packages available for the client:" +msgstr "" + +#. type: Target for macro image +#: modules/administration/pages/live-patching-sles12.adoc:21 +#: modules/administration/pages/live-patching-sles15.adoc:21 +#, no-wrap +msgid "live_patching_criticalupdates.png" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:22 +#: modules/administration/pages/live-patching-sles15.adoc:22 +msgid "Click btn:[Critical] to see a list of the available critical patches." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:23 +#: modules/administration/pages/live-patching-sles15.adoc:23 +msgid "" +"Select any patch with a synopsis reading [guimenu]``Important: Security " +"update for the Linux kernel``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:24 +#: modules/administration/pages/live-patching-sles15.adoc:24 +msgid "Security bugs will also include their CVE number, where applicable." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:25 +#: modules/administration/pages/live-patching-sles15.adoc:25 +msgid "" +"OPTIONAL: If you know the CVE number of a patch you want to apply, you can " +"search for it in menu:Audit[CVE Audit], and apply the patch to any clients " +"that require it." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/live-patching-sles12.adoc:26 +#: modules/administration/pages/live-patching-sles15.adoc:26 +msgid "" +"Not all kernel patches are Live Patches! Non-Live kernel patches are " +"represented by a `Reboot Required` icon located next to the `Security` " +"shield icon. These patches will always require a reboot." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/live-patching-sles12.adoc:27 +#: modules/administration/pages/live-patching-sles15.adoc:27 +msgid "" +"Not all security issues can be fixed by applying a live patch. Some " +"security issues can only be fixed by applying a full kernel update and will " +"require a reboot. The assigned CVE numbers for these issues are not " +"included in live patches. A CVE audit will display this requirement." +msgstr "" + +#. type: Title = +#: modules/administration/pages/live-patching-sles15.adoc:1 +#, no-wrap +msgid "Live Patching on SLES{nbsp}15" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles15.adoc:2 +msgid "" +"On SLES{nbsp}15 systems and newer, live patching is managed by the " +"[systemitem]``klp livepatch`` tool." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles15.adoc:5 +msgid "You have one or more Salt clients running SLES{nbsp}15 (SP1 or later)." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles15.adoc:6 +msgid "Your SLES{nbsp}15 Salt clients are registered with {productname}." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles15.adoc:7 +msgid "" +"You have access to the SLES{nbsp}15 channels appropriate for your " +"architecture, including the live patching child channel (or channels)." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles15.adoc:12 +msgid "" +"Select the client you want to manage with Live Patching from menu:" +"Systems[Overview], and navigate to the menu:Software[Packages > Install] tab." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles15.adoc:13 +msgid "" +"Search for the [systemitem]``kernel-livepatch`` package, and install it." +msgstr "" + +#. type: Target for macro image +#: modules/administration/pages/live-patching-sles15.adoc:14 +#, no-wrap +msgid "enable_live_patching_kernel_live_install.png" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles15.adoc:17 +msgid "" +"To check that live patching has been enabled correctly, select the client " +"from menu:Systems[System List], and ensure that [systemitem]``Live Patch`` " +"appears in the [guimenu]``Kernel`` field." +msgstr "" + +#. type: Title = +#: modules/administration/pages/maintenance-window-tasks.adoc:1 +#, no-wrap +msgid "Maintenance Window Tasks" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:25 +#: modules/administration/pages/maintenance-window-tasks.adoc:2 msgid "" -"SCAP was created to provide a standardized approach to maintaining system " -"security, and the standards that are used will therefore continually change " -"to meet the needs of the community and enterprise businesses. New " -"specifications are governed by NIST's SCAP Release cycle to provide a " -"consistent and repeatable revision work flow. For more information, see " -"http://scap.nist.gov/timeline.html." +"If you work with scheduled maintenance windows, you might find it difficult " +"to remember all the things that you need to do before, during, and after " +"that critical downtime of the {productname} Server. {productname} Server " +"related systems such as Inter-Server Synchronization Slave Servers or " +"{productname} Proxies are also affected and have to be considered." msgstr "" +#. It's similar to zypper at the package level: #. type: Plain text -#: modules/administration/pages/openscap.adoc:30 +#: modules/administration/pages/maintenance-window-tasks.adoc:3 msgid "" -"{productname} uses OpenSCAP to implement the SCAP specifications. OpenSCAP " -"is an auditing tool that utilizes the Extensible Configuration Checklist " -"Description Format (XCCDF). XCCDF is a standard way of expressing checklist " -"content and defines security checklists. It also combines with other " -"specifications such as Common Platform Enumeration (CPE), Common " -"Configuration Enumeration (CCE), and Open Vulnerability and Assessment " -"Language (OVAL), to create a SCAP-expressed checklist that can be processed " -"by SCAP-validated products." +"{suse} recommends you always keep your {productname} infrastructure " +"updated. That includes servers, proxies, and build hosts. If you do not " +"keep the {productname} Server updated, you might not be able to update some " +"parts of your environment when you need to." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:34 +#: modules/administration/pages/maintenance-window-tasks.adoc:4 msgid "" -"OpenSCAP verifies the presence of patches by using content produced by the " -"{suse} Security Team. OpenSCAP checks system security configuration " -"settings and examines systems for signs of compromise by using rules based " -"on standards and specifications. For more information about the {suse} " -"Security Team, see https://www.suse.com/support/security." +"This section contains a checklist for your maintenance window, with links to " +"further information on performing each of the steps." msgstr "" #. type: Title == -#: modules/administration/pages/openscap.adoc:37 +#: modules/administration/pages/maintenance-window-tasks.adoc:5 #, no-wrap -msgid "Prepare Clients for an SCAP Scan" +msgid "Server" msgstr "" +#. ke, 2019-09-30: we'll stop spacewalk during the update +#. . Stop spacewalk services. +#. You will need to stop the spacewalk, SAP, and database services, along with any others you have running. +#. . Check if the configuration is still correct. #. type: Plain text -#: modules/administration/pages/openscap.adoc:41 -msgid "" -"Before you begin, you need to prepare your client systems for SCAP " -"scanning. Ensure clients have the ``openscap-content`` and ``openscap-" -"utils`` packages installed before you begin." +#: modules/administration/pages/maintenance-window-tasks.adoc:6 +msgid "Apply the latest updates." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:45 -msgid "" -"Use this command to determine the location of the appropriate SCAP files. " -"Take a note of these paths for performing the scan:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/openscap.adoc:48 -#, no-wrap -msgid "rpm -ql openscap-content\n" +#: modules/administration/pages/maintenance-window-tasks.adoc:7 +msgid "See xref:upgrade:server-intro.adoc[]." msgstr "" +#. We reboot during the above listed procedures. +#. . Reboot the server. +#. . Check if the configuration is still correct. +#. . Start any stopped services. #. type: Plain text -#: modules/administration/pages/openscap.adoc:51 -msgid "The output should include these files:" +#: modules/administration/pages/maintenance-window-tasks.adoc:8 +msgid "Upgrade to the latest service pack, if required." msgstr "" -#. type: delimited block - -#: modules/administration/pages/openscap.adoc:57 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:9 msgid "" -"/usr/share/openscap/scap-oval.xml\n" -"/usr/share/openscap/scap-xccdf.xml\n" -"/usr/share/openscap/scap-yast2sec-oval.xml\n" -"/usr/share/openscap/scap-yast2sec-xccdf.xml\n" +"Run [command]``spacewalk-service status`` and check whether all required " +"services are up and running." msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:61 -#, no-wrap -msgid "OpenSCAP Content Files" +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:10 +msgid "" +"For information about database schema upgrades and PostgreSQL migrations, " +"see xref:upgrade:db-intro.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:68 +#: modules/administration/pages/maintenance-window-tasks.adoc:11 msgid "" -"OpenSCAP uses SCAP content files to define test rules. These content files " -"are created based on the XCCDF or OVAL standards. You can download publicly " -"available content files and customize it to your requirements. You can " -"install the ``openscap-content`` package for default content file " -"templates. Alternatively, if you are familiar with XCCDF or OVAL, you can " -"create your own content files." +"You can install updates using your package manager. For information on " +"using {yast}, see https://documentation.suse.com/sles/15-SP2/html/SLES-all/" +"cha-onlineupdate-you.html. For information on using zypper, see https://" +"documentation.suse.com/sles/15-SP2/html/SLES-all/cha-sw-cl.html#sec-zypper." msgstr "" -#. type: delimited block = -#: modules/administration/pages/openscap.adoc:75 +# +# +#. Preferable, you will run such a tool within a maintenance window; for more information, see xref:administration:maintenance-window.adoc#maintenance-window[]. +#. complete procedure, also see above: +#. 1. Log in as root user to the SUSE Manager server. +#. 2. Stop the Spacewalk service: +#. spacewalk-service stop +#. 3. Apply the patch using either zypper patch or YaST Online Update. +#. 4. Upgrade the database schema: +#. spacewalk-schema-upgrade +#. 5. Start the Spacewalk service: +#. spacewalk-service start +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:12 msgid "" -"We recommend you use templates to create your SCAP content files. If you " -"create and use your own custom content files, you do so at your own risk. " -"If your system becomes damaged through the use of custom content files, you " -"might not be supported by {suse}." +"By default, several update channels are configured and enabled for the " +"{productname} Server. New and updated packages will become available " +"automatically." msgstr "" -#. ke 2013-08-28: Do we have SCAP content providers? Such as: The United States Government -#. Configuration Baseline (USGCB) for RHEL5 Desktop or Community-provided content (openscap-content -#. package)? For more info, see -#. https://access.redhat.com/site/documentation/en-US/Red_Hat_Network_Satellite/5.5/html/User_Guide/chap-Red_Hat_Network_Satellite-User_Guide-OpenSCAP.html # -#. I think this question is still valid. Who should we contact? LKB 2020-02-06 #. type: Plain text -#: modules/administration/pages/openscap.adoc:88 +#: modules/administration/pages/maintenance-window-tasks.adoc:13 msgid "" -"When you have created your content files, you need to transfer the file to " -"the client. You can do this in the same way as you move any other file, " -"using physical storage media, or across a network with [command]``ftp`` or " -"[command]``scp``." +"To keep {susemgr} up to date, either connect it directly to {scc} or use " +"{rmtool} (RMT). You can use RMT as a local installation source for " +"disconnected environments." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:92 +#: modules/administration/pages/maintenance-window-tasks.adoc:14 msgid "" -"We recommend that you create a package to distribute content files to " -"clients that you are managing with {productname}. Packages can be signed " -"and verified to ensure their integrity. For more information, see xref:" -"administration:custom-channels.adoc[]." +"You can check that the update channels are available on your system with " +"this command:" msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:95 +#. type: delimited block - +#: modules/administration/pages/maintenance-window-tasks.adoc:15 #, no-wrap -msgid "Perform an Audit Scan" +msgid "zypper lr\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:100 -msgid "" -"When you have transferred your content files, you can perform audit scans. " -"Audit scans can be triggered using the {productname} {webui}. You can also " -"use the {productname} API to schedule regular scans." +#: modules/administration/pages/maintenance-window-tasks.adoc:16 +msgid "The output will look similar to this:" msgstr "" -#. type: Block title -#: modules/administration/pages/openscap.adoc:101 +#. type: delimited block - +#: modules/administration/pages/maintenance-window-tasks.adoc:17 #, no-wrap -msgid "Procedure: Running an Audit Scan from the {webui}" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/openscap.adoc:103 msgid "" -"In the {productname} {webui}, navigate to menu:Systems[Systems List] and " -"select the client you want to scan." +"Name | Enabled | GPG Check | Refresh\n" +"-------------------------------------------------------+---------+-----------+--------\n" +"SLE-Module-Basesystem15-SP2-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-Basesystem15-SP2-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Module-Python2-15-SP2-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-Python2-15-SP2-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Product-SUSE-Manager-Server-4.1-Pool | Yes | (r ) Yes | No\n" +"SLE-Product-SUSE-Manager-Server-4.1-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Module-SUSE-Manager-Server-4.1-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-SUSE-Manager-Server-4.1-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Module-Server-Applications15-SP2-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-Server-Applications15-SP2-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Module-Web-Scripting15-SP2-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-Web-Scripting15-SP2-Updates | Yes | (r ) Yes | Yes\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:104 +#: modules/administration/pages/maintenance-window-tasks.adoc:18 msgid "" -"Navigate to the [guimenu]``Audit`` tab, and the [guimenu]``Schedule`` subtab." +"{productname} releases maintenance updates (MUs) to provide newer packages. " +"Maintenance updates are indicated with a new version number. For example, " +"the major release 4.1 will be incremented to 4.1.1 when an MU is released." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:106 +#: modules/administration/pages/maintenance-window-tasks.adoc:19 msgid "" -"In the [guimenu]``Path to XCCDF Document`` field, enter the path to the " -"XCCDF content file on the client. For example: [path]``/usr/share/openscap/" -"scap-yast2sec-xccdf.xml``" +"You can verify which version you are running by looking at the bottom of the " +"navigation bar in the {webui}. You can also fetch the version number with " +"the [literal]``api.getVersion()`` XMLRPC API call." msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:107 -msgid "The scan will run at the client's next scheduled synchronization." +#. type: Title === +#: modules/administration/pages/maintenance-window-tasks.adoc:20 +#, no-wrap +msgid "Client Tools" msgstr "" -#. type: delimited block = -#: modules/administration/pages/openscap.adoc:113 +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:21 msgid "" -"The XCCDF content file is validated before it is run on the remote system. " -"If the content file includes invalid arguments, the test will fail." +"When the server is updated consider to update some tools on the clients, " +"too. Updating [package]``salt-minion``, [package]``zypper``, and other " +"related management package on clients is not a strict requirement, but it is " +"a best practice in general. For example, a maintenance update on the server " +"might introduce a major new Salt version. Then minions will continue to " +"work but might experience problems later on. To avoid this always update " +"the salt-minion package when available. {suse} makes sure that " +"[package]``salt-minion`` can always be updated safely." msgstr "" -#. type: Block title -#: modules/administration/pages/openscap.adoc:117 +#. type: Title == +#: modules/administration/pages/maintenance-window-tasks.adoc:22 #, no-wrap -msgid "Procedure: Running an Audit Scan from the API" +msgid "Inter-Server Synchronization Slave Server" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:119 +#: modules/administration/pages/maintenance-window-tasks.adoc:23 msgid "" -"Before you begin, ensure that the client to be scanned has Python and XML-" -"RPC libraries installed." +"If you are using an inter-server synchronization slave server, update it " +"after the {productname} Server update is complete." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:121 +#: modules/administration/pages/maintenance-window-tasks.adoc:24 msgid "" -"Choose an existing script or create a script for scheduling a system scan " -"through ``system.scap.scheduleXccdfScan``. For example:" +"For more in inter-server synchronization, see xref:administration:iss.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/openscap.adoc:129 +#. type: Title == +#: modules/administration/pages/maintenance-window-tasks.adoc:25 #, no-wrap -msgid "" -"#!/usr/bin/python\n" -"client = xmlrpclib.Server('https://spacewalk.example.com/rpc/api')\n" -"key = client.auth.login('username', 'password')\n" -"client.system.scap.scheduleXccdfScan(key, <1000010001>,\n" -" '',\n" -" '--profile ')\n" +msgid "Monitoring Server" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:132 -msgid "In this example:" +#: modules/administration/pages/maintenance-window-tasks.adoc:26 +msgid "" +"If you are using a monitoring server for Prometheus, update it after the " +"{productname} Server update is complete." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:133 -msgid "``<1000010001>`` is the system ID (sid)." +#: modules/administration/pages/maintenance-window-tasks.adoc:27 +msgid "" +"For more information on monitoring, see xref:administration:monitoring." +"adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:135 -msgid "" -"```` is the path to the content file location on the " -"client. For example, [path]``/usr/local/share/scap/usgcb-sled15desktop-" -"xccdf.xml``." +#. type: Title == +#: modules/administration/pages/maintenance-window-tasks.adoc:28 +#, no-wrap +msgid "Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:137 +#: modules/administration/pages/maintenance-window-tasks.adoc:29 msgid "" -"```` is an additional argument for the [command]``oscap`` " -"command. For example, use " -"``united_states_government_configuration_baseline`` (USGCB)." +"Proxies should be updated as soon as {productname} Server updates are " +"complete." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:138 -msgid "Run the script on the client you want to scan, from the command prompt." -msgstr "" - -#. type: Title == -#: modules/administration/pages/openscap.adoc:141 -#, no-wrap -msgid "Scan Results" +#: modules/administration/pages/maintenance-window-tasks.adoc:30 +msgid "" +"In general, running a proxy connected to a server on a different version is " +"not supported. The only exception is for the duration of updates where it " +"is expected that the server is updated first, so the proxy could run the " +"previous version temporarily." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:147 +#: modules/administration/pages/maintenance-window-tasks.adoc:31 msgid "" -"Information about the scans you have run is in the {productname} {webui}. " -"Navigate to to menu:Audit[OpenSCAP > All Scans] for a table of results. For " -"more information about the data in this table, see xref:reference:audit/" -"openscap-all-scans.adoc[]." +"Especially if you are migrating from version 4.0 to 4.1, upgrade the server " +"first, then any proxy." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:153 -msgid "" -"To ensure that detailed information about scans is available, you need to " -"enable it on the client. In the {productname} {webui}, navigate to menu:" -"Admin[Organizations] and click on the organization the client is a part of. " -"Navigate to the [guimenu]``Configuration`` tab, and check the " -"[guimenu]``Enable Upload of Detailed SCAP Files`` option. When enabled, " -"this generates an additional HTML file on every scan, which contains extra " -"information. The results will show an extra line similar to this:" +#: modules/administration/pages/maintenance-window-tasks.adoc:32 +msgid "For more information, see xref:upgrade:proxy-intro.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/openscap.adoc:156 +#. type: Title = +#: modules/administration/pages/maintenance-windows.adoc:1 #, no-wrap -msgid "Detailed Results: xccdf-report.html xccdf-results.xml scap-yast2sec-oval.xml.result.xml\n" +msgid "Maintenance Windows" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:160 +#: modules/administration/pages/maintenance-windows.adoc:2 msgid "" -"To retrieve scan information from the command line, use the " -"[command]``spacewalk-report`` command:" +"The maintenance windows feature in {productname} allows you to schedule " +"actions to occur during a scheduled maintenance window period. When you " +"have created your maintenance window schedule, and applied it to a client, " +"you are prevented from executing some actions outside of the specified " +"period." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/maintenance-windows.adoc:3 +msgid "" +"Maintenance windows operate in a different way to system locking. System " +"locks are switched on or off as required, while maintenance windows define " +"periods of time when actions are allowed. Additionally, the allowed and " +"restricted actions differ. For more information about system locks, see " +"xref:client-configuration:system-locking.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/openscap.adoc:165 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:4 msgid "" -"spacewalk-report system-history-scap\n" -"spacewalk-report scap-scan\n" -"spacewalk-report scap-scan-results\n" +"Maintenance windows require both a calendar, and a schedule. The calendar " +"defines the date and time of your maintenance window events, including " +"recurring events, and must be in [path]``ical`` format. The schedule uses " +"the events defined in the calendar to create the maintenance windows. You " +"must create an [path]``ical`` file for upload, or link to an [path]``ical`` " +"file to create the calendar, before you can create the schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:169 +#: modules/administration/pages/maintenance-windows.adoc:5 msgid "" -"You can also use the {productname} API to view results, with the ``system." -"scap`` handler." -msgstr "" - -#. type: Title = -#: modules/administration/pages/organizations.adoc:2 -#, no-wrap -msgid "Organizations" +"When you have created the schedule, you can assign it to clients that are " +"registered to the {productname} Server. Clients that have a maintenance " +"schedule assigned cannot run restricted actions outside of maintenance " +"windows." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:6 +#: modules/administration/pages/maintenance-windows.adoc:6 msgid "" -"Organizations are used to manage user access and permissions within " -"{productname}." +"Restricted actions significantly modify the client, and could potentially " +"cause the client to stop running. Some examples of restricted actions are:" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:10 -msgid "" -"For most environments, a single organization is enough. However, more " -"complicated environments might need several organizations. You might like " -"to have an organization for each physical location within your business, or " -"for different business functions." +#: modules/administration/pages/maintenance-windows.adoc:7 +msgid "Package installation" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:13 -msgid "" -"When you have created your organizations, you can create and assign users to " -"your organizations. You can then assign permissions on an organization " -"level, which applies by default to every user assigned to the organization." +#: modules/administration/pages/maintenance-windows.adoc:8 +msgid "Client upgrade" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:16 -msgid "" -"You can also configure authentication methods for your new organization, " -"including PAM and single sign-on. For more information about " -"authentication, see xref:administration:auth-methods.adoc[]." +#: modules/administration/pages/maintenance-windows.adoc:9 +msgid "Service pack migration" msgstr "" -#. type: Block title -#: modules/administration/pages/organizations.adoc:24 -#, no-wrap -msgid "Procedure: Creating a New Organization" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:10 +msgid "Highstate application (for Salt clients)" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:26 +#: modules/administration/pages/maintenance-windows.adoc:11 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Organizations], and " -"click btn:[Create Organization]." +"Unrestricted actions are minor actions that are considered safe and are " +"unlikely to cause problems on the client. Some examples of unrestricted " +"actions are:" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:27 -msgid "In the [guimenu]``Create Organization`` dialog, complete these fields:" +#: modules/administration/pages/maintenance-windows.adoc:12 +msgid "Package profile update" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:29 -msgid "" -"In the [guimenu]``Organization Name`` field, type a name for your new " -"organization. The name should be between 3 and 128 characters long." +#: modules/administration/pages/maintenance-windows.adoc:13 +msgid "Hardware refresh" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:31 -msgid "" -"In the [guimenu]``Desired Login`` field, type the login name you want to use " -"for the organization's administrator. This must be a new administrator " -"account, you will not be able to use an existing administrator account to " -"sign in to the new organization, including the one you are currently signed " -"in with." +#: modules/administration/pages/maintenance-windows.adoc:14 +msgid "Subscribing to software channels" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:34 +#: modules/administration/pages/maintenance-windows.adoc:15 msgid "" -"In the [guimenu]``Desired Password`` field, type a password for the new " -"organization's administrator. Confirm the password by typing it again in " -"the [guimenu]``Confirm Password`` field. Password strength is indicated by " -"the colored bar beneath the password fields." +"Before you begin, you must create an [path]``ical`` file for upload, or link " +"to an [path]``ical`` file to create the calendar. You can create " +"[path]``ical`` files in your preferred calendaring tool, such as Microsoft " +"Outlook, Google Calendar, or KOrganizer." +msgstr "" + +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:16 +#, no-wrap +msgid "Procedure: Uploading a New Maintenance Calendar" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:35 +#: modules/administration/pages/maintenance-windows.adoc:17 msgid "" -"In the [guimenu]``Email`` field, type an email address for the new " -"organization's administrator." +"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " +"> Calendars], and click btn:[Create]." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:36 +#: modules/administration/pages/maintenance-windows.adoc:18 msgid "" -"In the [guimenu]``First Name`` field, select a salutation, and type a given " -"name for the new organization's administrator." +"In the [guimenu]``Calendar Name`` section, type a name for your calendar." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:37 +#: modules/administration/pages/maintenance-windows.adoc:19 msgid "" -"In the [guimenu]``Last Name`` field, type a surname for the new " -"organization's administrator." +"Either provide a URL to your [path]``ical`` file, or upload the file " +"directly." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:38 -msgid "Click btn:[Create Organization]." +#: modules/administration/pages/maintenance-windows.adoc:20 +msgid "Click btn:[Create Calendar] to save your calendar." msgstr "" -#. type: Title == -#: modules/administration/pages/organizations.adoc:41 +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:21 #, no-wrap -msgid "Manage Organizations" +msgid "Procedure: Creating a New Schedule" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:45 +#: modules/administration/pages/maintenance-windows.adoc:22 +#: modules/administration/pages/maintenance-windows.adoc:45 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Organizations] to see a " -"list of available organizations. Click the name of an organization to " -"manage it." +"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " +"> Schedules], and click btn:[Create]." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:47 +#: modules/administration/pages/maintenance-windows.adoc:23 msgid "" -"From the menu:Admin[Organizations] section, you can access tabs to manage " -"users, trusts, configuration, and states for your organization." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/organizations.adoc:52 -msgid "" -"Organizations can only be managed by their administrators. To manage an " -"organization, ensure you are signed in as the correct administrator for the " -"organization you want to change." -msgstr "" - -#. type: Title === -#: modules/administration/pages/organizations.adoc:56 -#, no-wrap -msgid "Organization Users" +"In the [guimenu]``Schedule Name`` section, type a name for your schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:60 +#: modules/administration/pages/maintenance-windows.adoc:24 msgid "" -"Navigate to the [guimenu]``Users`` tab to view the list of all users " -"associated with the organization, and their role. Clicking a username takes " -"you to the [guimenu]``Users`` menu to add, change, or delete users." +"OPTIONAL: If your [path]``ical`` file contains events that apply to more " +"than one schedule, check [guimenu]``Multi``." msgstr "" -#. type: Title === -#: modules/administration/pages/organizations.adoc:63 -#, no-wrap -msgid "Trusted Organizations" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:25 +#: modules/administration/pages/maintenance-windows.adoc:49 +msgid "Select the calendar to assign to this schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:67 -msgid "" -"Navigate to the [guimenu]``Trusts`` tab to add or remove trusted " -"organizations. Establishing trust between organizations allow them to share " -"content between them, and gives you the ability to migrate clients from one " -"organization to another." +#: modules/administration/pages/maintenance-windows.adoc:26 +#: modules/administration/pages/maintenance-windows.adoc:50 +#: modules/administration/pages/maintenance-windows.adoc:55 +msgid "Click btn:[Create Schedule] to save your schedule." msgstr "" -#. type: Title === -#: modules/administration/pages/organizations.adoc:70 +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:27 #, no-wrap -msgid "Configure Organizations" +msgid "Procedure: Assigning a Schedule to a Client" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:74 +#: modules/administration/pages/maintenance-windows.adoc:28 msgid "" -"Navigate to the [guimenu]``Configuration`` tab to manage the configuration " -"of your organization. This includes the use of staged contents, setting up " -"crash reporting, and the use of SCAP files." +"In the {productname} {webui}, navigate to menu:Systems[Systems List], select " +"the client to be assigned to a schedule, locate the [guimenu]``System " +"Properties`` panel, and click btn:[Edit These Properties]." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:76 +#: modules/administration/pages/maintenance-windows.adoc:29 msgid "" -"For more information about content staging, see xref:administration:content-" -"staging.adoc[]." +"Alternatively, you can assign clients through the system set manager by " +"navigating to menu:Systems[System Set Manager] and using the menu:" +"Misc[Maintenance Windows] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:78 +#: modules/administration/pages/maintenance-windows.adoc:30 msgid "" -"For more information about OpenSCAP, see xref:reference:audit/audit-openscap-" -"overview.adoc[]." +"In the [guimenu]``Edit System Details`` page, locate the " +"[guimenu]``Maintenance Schedule`` field, and select the name of the schedule " +"to be assigned." msgstr "" -#. type: Title == -#: modules/administration/pages/organizations.adoc:81 -#, no-wrap -msgid "Manage States" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:31 +msgid "Click btn:[Update Properties] to assign the maintenance schedule." msgstr "" -#. type: Plain text -#: modules/administration/pages/organizations.adoc:86 +#. type: delimited block = +#: modules/administration/pages/maintenance-windows.adoc:32 msgid "" -"Navigate to the [guimenu]``States`` tab to manage Salt states for all " -"clients in your organization. States allow you to define global security " -"policies, or add a common admin user to all clients." +"When you assign a new maintenance schedule to a client, it is possible that " +"the client might already have some restricted actions scheduled, and that " +"these might now conflict with the new maintenance schedule. If this occurs, " +"the {webui} will display an error and you will not be able to assign the " +"schedule to the client. To resolve this, check the btn:[Cancel affected " +"actions] option when you assign the schedule. This will cancel any " +"previously scheduled actions that conflict with the new maintenance schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:88 +#: modules/administration/pages/maintenance-windows.adoc:33 msgid "" -"For more information about Salt States, see xref:salt:salt-states.adoc[]." +"When you have created your maintenance windows, you can schedule restricted " +"actions, such as package upgrades, to be performed during the maintenance " +"window." msgstr "" -#. type: Title === -#: modules/administration/pages/organizations.adoc:91 +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:34 #, no-wrap -msgid "Manage Configuration Channels" +msgid "Procedure: Scheduling a Package Upgrade" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:96 +#: modules/administration/pages/maintenance-windows.adoc:35 msgid "" -"You can select which configuration channels should be applied across your " -"organization. Configuration channels can be created in the {productname} " -"{webui} by navigating to menu:Configuration[Channels]. Apply configuration " -"channels to your organization using the {productname} {webui}." +"In the {productname} {webui}, navigate to menu:Systems[System List], select " +"the client you want to upgrade, and go to the menu:Software[Packages > " +"Upgrade] tab." msgstr "" -#. type: Block title -#: modules/administration/pages/organizations.adoc:97 -#, no-wrap -msgid "Procedure: Applying Configuration Channels to an Organization" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:36 +msgid "" +"Select the package to upgrade from the list, and click btn:[Upgrade " +"Packages]." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:99 +#: modules/administration/pages/maintenance-windows.adoc:37 msgid "" -"In the {productname} {webui}, navigate to menu:Home[My Organization > " -"Configuration Channels]." +"In the [guimenu]``Maintenance Window`` field, select which maintenance " +"window the client should use to perform the upgrade." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:100 -msgid "Use the search feature to locate a channel by name." +#: modules/administration/pages/maintenance-windows.adoc:38 +msgid "Click btn:[Confirm] to schedule the package upgrade." +msgstr "" + +#. type: Title == +#: modules/administration/pages/maintenance-windows.adoc:39 +#, no-wrap +msgid "Maintenance Schedule Types" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:102 +#: modules/administration/pages/maintenance-windows.adoc:40 msgid "" -"Check the channel to be applied and click btn:[Save Changes]. This saves to " -"the database, but does not apply the changes to the channel." +"When you create a calendar, it contains a number of events, which can be " +"either one-time events, or recurring events. Each event contains a " +"``summary`` field. If you want to create multiple maintenance schedules for " +"one calendar, you can specify events for each using the ``summary`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:103 +#: modules/administration/pages/maintenance-windows.adoc:41 msgid "" -"Apply the changes by clicking btn:[Apply]. This schedules the task to apply " -"the changes to all clients within the organization." +"For example, you might like to create a schedule for production servers, and " +"a different schedule for testing servers. In this case, you would specify " +"``SUMMARY: Production Servers`` on events for the production servers, and " +"``SUMMARY: Testing Servers`` on events for the testing servers." msgstr "" -#. type: Title = -#: modules/administration/pages/public-cloud-azure.adoc:2 +#. type: Target for macro image +#: modules/administration/pages/maintenance-windows.adoc:42 #, no-wrap -msgid "{productname} with Azure" +msgid "maint_windows_multi.png" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:6 +#: modules/administration/pages/maintenance-windows.adoc:43 msgid "" -"You can use {productname} Server and Proxy with the Microsoft Azure public " -"cloud. This section discusses what you will need for running {productname} " -"in Azure, and how to set up your installation." +"There are two types of schedule: single, or multi. If your calendar " +"contains events that apply to more than one schedule, then you must select " +"``multi``, and ensure you name the schedule according to the ``summary`` " +"field you used in the calendar file." msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud-azure.adoc:8 +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:44 #, no-wrap -msgid "Configure the Azure Cloud Instance" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:14 -msgid "" -"Use the ``SUSE Manager Server 4 BYOS`` image. The image is a pre-built " -"image created by {suse}. It is based on JeoS, and SUSE Manager is pre-" -"installed but not configured. Configuring SUSE Manager has to be done " -"manually with {yast}." +msgid "Procedure: Creating a Multi Schedule" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:16 +#: modules/administration/pages/maintenance-windows.adoc:46 msgid "" -"When you create your Azure virtual machine, choose something `like d8s_v3` " -"with 8{nbsp}vCPUs and 32{nbsp}GB RAM." +"In the [guimenu]``Schedule Name`` section, type the name for your schedule." msgstr "" -#. * Up to 4 data disks -#. * Max IOPS 2400 -#. * Temporary storage disk of 16{nbsp}GB. -#. Data on this disk will be destroyed after the guest has been switched off. #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:24 -msgid "When you are setting up disk partitioning, we recommend:" +#: modules/administration/pages/maintenance-windows.adoc:47 +msgid "Ensure it matches the ``summary`` field of the calendar." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:26 -msgid "30{nbsp}GB for the disk running the operating system" +#: modules/administration/pages/maintenance-windows.adoc:48 +#: modules/administration/pages/maintenance-windows.adoc:54 +msgid "Check the [guimenu]``Multi`` option." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:27 -msgid "Select `Standard HDD` for the storage account type" +#: modules/administration/pages/maintenance-windows.adoc:51 +msgid "To create the next schedule, click btn:[Create]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:29 -msgid "You will also require three additional data disks:" +#: modules/administration/pages/maintenance-windows.adoc:52 +msgid "" +"In the [guimenu]``Schedule Name`` section, type the name for your second " +"schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:31 -msgid "Disk 0: 64{nbsp}GB on Premium SSD, mounted at [path]``/var/lib/pgsql``" +#: modules/administration/pages/maintenance-windows.adoc:53 +msgid "Ensure it matches the ``summary`` field of the second calendar." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:32 -msgid "" -"Disk 1: 512{nbsp}GB on Standard SSD, mounted at [path]``/var/spacewalk``" +#: modules/administration/pages/maintenance-windows.adoc:56 +msgid "Repeat for each schedule you need to create." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:33 -msgid "Disk 2: 128{nbsp}GB on Standard SSD, mounted at [path]``/var/cache``" +#. type: Title == +#: modules/administration/pages/maintenance-windows.adoc:57 +#, no-wrap +msgid "Restricted and Unrestricted Actions" msgstr "" -#. type: delimited block = -#: modules/administration/pages/public-cloud-azure.adoc:38 +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:58 msgid "" -"Do not use LVM with Azure. If you need more disk space, extend a disk in " -"the Azure portal, then extend the file system with [command]``xfs_growfs``." +"This sections contains a complete list of restricted and unrestricted " +"actions." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:41 -msgid "Partition the disks like this:" +#: modules/administration/pages/maintenance-windows.adoc:59 +msgid "" +"Restricted actions significantly modify the client, and could potentially " +"cause the client to stop running. Restricted actions can only be run during " +"a maintenance window. The restricted actions are:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:43 -msgid "[path]``/dev/sda``: 4 partitions containing the OS" +#: modules/administration/pages/maintenance-windows.adoc:60 +msgid "" +"Package operations (for example, installing, updating, or removing packages)" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:44 -msgid "[path]``/dev/sdb``: temporary storage disk, do not use" +#: modules/administration/pages/maintenance-windows.adoc:61 +msgid "Patch updates" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:45 -msgid "[path]``/dev/sdc``: contains [path]``/var/lib/pgsql``" +#: modules/administration/pages/maintenance-windows.adoc:62 +msgid "Rebooting a client" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:46 -msgid "[path]``/dev/sdd``: contains [path]``/var/spacewalk``" +#: modules/administration/pages/maintenance-windows.adoc:63 +msgid "Rolling back transactions" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:47 -msgid "[path]``/dev/sde``: contains [path]``/var/cache``" +#: modules/administration/pages/maintenance-windows.adoc:64 +msgid "Configuration management changing tasks" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:49 -msgid "You can use these commands to create the disks:" +#: modules/administration/pages/maintenance-windows.adoc:65 +msgid "Applying a highstate (for Salt clients)" msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:71 -#, no-wrap -msgid "" -"for d in sdc sdd sde; do\n" -" parted --script /dev/$d mklabel gpt mkpart primary xfs 0% 100%\n" -" mkfs.xfs /dev/${d}1\n" -"done\n" -"mkdir /cachetmp\n" -"mount /dev/sde1 /cachetmp\n" -"cp -a /var/cache/* /cachetmp/\n" -"umount /cachetmp\n" -"echo \"$(blkid /dev/sdc1|awk -F \" \" '{ print $2 }') /var/lib/pgsql xfs defaults,noatime 0 0\" >> /etc/fstab\n" -"echo \"$(blkid /dev/sdd1|awk -F \" \" '{ print $2 }') /var/spacewalk xfs defaults,noatime 0 0\" >> /etc/fstab\n" -"echo \"$(blkid /dev/sde1|awk -F \" \" '{ print $2 }') /var/cache xfs defaults,noatime 0 0\" >> /etc/fstab\n" -"mkdir -p /var/spacewalk\n" -"mount /var/spacewalk\n" -"chown -R wwwrun:root /var/spacewalk\n" -"mount /var/lib/pgsql\n" -"chown -R postgres:postgres /var/lib/pgsql\n" -"mv /var/cache /var/cache.old\n" -"mkdir /var/cache\n" -"mount /var/cache\n" -"rm -r /var/cache.old\n" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:66 +msgid "Autoinstallation and reinstallation" msgstr "" -#. REMARK: I guess you do this in your Azure instance -#. REMARK: Where do you configure this? #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:77 -msgid "" -"When you are setting up networking, we recommend that you create a separate " -"private network, with the IP range `10.0.0.0/24`." +#: modules/administration/pages/maintenance-windows.adoc:67 +msgid "Remote commands" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:80 -msgid "" -"Configure the {productname} Server to use the internal IP address " -"`10.0.0.4`. Ensure it is also accessible from outside the network with a " -"fixed IP address." +#: modules/administration/pages/maintenance-windows.adoc:68 +msgid "Service pack migrations" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:83 -msgid "" -"Configure the firewall to only allow inbound traffic on ports `22`, `80`, " -"and `443` to IP address `10.0.0.4`. In this environment, if other servers " -"are added to the network they cannot be reached from outside the network." +#: modules/administration/pages/maintenance-windows.adoc:69 +msgid "Cluster operations" msgstr "" -#. REMARK: Was does this mean? -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:87 +#. type: delimited block = +#: modules/administration/pages/maintenance-windows.adoc:70 msgid "" -"Outbound is open from the private network. This should be restricted for " -"other servers in this private network." +"For Salt clients, it is possible to run remote commands directly at any time " +"by navigating to menu:Salt[Remote Commands]. This applies whether or not " +"the Salt client is in a maintenance window. For more information about " +"remote commands, see xref:administration:actions.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:90 +#: modules/administration/pages/maintenance-windows.adoc:71 msgid "" -"You will need to set the DNS zones in Azure before you can configure the " -"{productname} Server. For more information on setting DNS zones, see the " -"Azure documentation." +"Unrestricted actions are minor actions that are considered safe and are " +"unlikely to cause problems on the client. If an action is not restricted it " +"is, by definition, unrestricted, and can be be run at any time." msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud-azure.adoc:93 +#. type: Title = +#: modules/administration/pages/monitoring.adoc:1 #, no-wrap -msgid "Configure {productname} Server" +msgid "Monitoring with Prometheus and Grafana" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:96 -msgid "Ensure that your {productname} Server is registered with {scc}." +#: modules/administration/pages/monitoring.adoc:2 +msgid "" +"You can monitor your {productname} environment using Prometheus and " +"Grafana. {productname} Server and Proxy are able to provide self-health " +"metrics. You can also install and manage a number of Prometheus exporters " +"on Salt clients." msgstr "" -#. I wonder why we do even need spacecmd #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:99 -msgid "When your server is registered, install these extra packages:" +#: modules/administration/pages/monitoring.adoc:3 +msgid "" +"Prometheus and Grafana packages are included in the {productname} Client " +"Tools for:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:101 -#, no-wrap -msgid "zypper -n in spacecmd mlocate sysstat\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:4 +#: modules/administration/pages/monitoring.adoc:10 +msgid "{sle}{nbsp}12" msgstr "" -#. spacecmd will be installed by default next time -#. ^ How is so? #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:106 -msgid "Apply the latest updates and reboot the server:" +#: modules/administration/pages/monitoring.adoc:5 +#: modules/administration/pages/monitoring.adoc:11 +msgid "{sle}{nbsp}15" msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:109 -#, no-wrap -msgid "" -"zypper -n up -l\n" -"reboot\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:6 +msgid "{rhel}{nbsp} 6" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:112 -msgid "Check that all file systems are mounted and that PostgreSQL is running:" +#: modules/administration/pages/monitoring.adoc:7 +msgid "{rhel}{nbsp} 7" msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:115 -#, no-wrap -msgid "" -"mount\n" -"service postgresql status\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:8 +msgid "{rhel}{nbsp} 8" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:119 -msgid "" -"Complete {productname} Server installation and configuration. For more " -"information, see xref:installation:server-setup.adoc[]." +#: modules/administration/pages/monitoring.adoc:9 +msgid "openSUSE 15.x" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:122 -msgid "" -"We recommend you configure the {productname} Server so that DHCP does not " -"set the host name. Check [path]``/etc/sysconfig/network/dhcp`` and ensure " -"that `DHCLIENT_SET_HOSTNAME` is set to [literal]``no``:" +#: modules/administration/pages/monitoring.adoc:12 +msgid "{centos}{nbsp} 6" msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:124 -#, no-wrap -msgid "DHCLIENT_SET_HOSTNAME=\"no\"\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:13 +msgid "{centos}{nbsp} 7" msgstr "" -#. REMARK: hostname -i? #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:129 -msgid "" -"Add the Azure client to the [path]``/etc/hosts`` file. At the command " -"prompt, replace [literal]```` with the IP address of the server:" +#: modules/administration/pages/monitoring.adoc:14 +msgid "{centos}{nbsp} 8" msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:131 -#, no-wrap -msgid "echo \" $(hostname -f) $(hostname)\" >> /etc/hosts\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:15 +msgid "and openSUSE 15.x" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:138 +#: modules/administration/pages/monitoring.adoc:16 msgid "" -"{productname} Server has a default administration user. In Azure, the " -"system administrator user is called [literal]``admin``. The `admin` user's " -"password is built with two parts. The first part can be found by using this " -"command:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:140 -#, no-wrap -msgid "azuremetadata --instance-name\n" +"You need to install Prometheus and Grafana on a machine separate from the " +"{productname} Server. We recommend you use a managed Salt client as your " +"monitoring server." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:143 -msgid "The second part of the password is [literal]``-suma``" +#: modules/administration/pages/monitoring.adoc:17 +msgid "" +"Prometheus fetches metrics using a pull mechanism, so the server must be " +"able to establish TCP connections to monitored clients. Clients must have " +"corresponding open ports and be reachable over the network. Alternatively, " +"you can use reverse proxies to establish a connection." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:145 +#. type: delimited block = +#: modules/administration/pages/monitoring.adoc:18 msgid "" -"Alternatively, you can check the [path]``/var/log/susemanager_firstuser." -"log`` file." +"You must have a monitoring add-on subscription for each client you want to " +"monitor. Visit the {scc} to manage your {productname} subscriptions." msgstr "" -#. type: Title = -#: modules/administration/pages/public-cloud.adoc:2 +#. type: Title == +#: modules/administration/pages/monitoring.adoc:19 #, no-wrap -msgid "Public Cloud" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:7 -msgid "" -"Some public cloud environments provide images for {productname} Server and " -"Proxy. This section discusses what you will need for running {productname} " -"in a public cloud, and how to set up your installation." +msgid "Prometheus and Grafana" msgstr "" -#. type: delimited block = -#: modules/administration/pages/public-cloud.adoc:13 -msgid "" -"Public clouds provide {productname} under a Bring Your Own Subscription " -"(BYOS) model. This means that you must register them with the {scc}. For " -"more information about registering {productname} with {scc}, see xref:" -"installation:general-requirements.adoc[]." +#. type: Block title +#: modules/administration/pages/monitoring.adoc:20 +#, no-wrap +msgid "Prometheus" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:16 +#: modules/administration/pages/monitoring.adoc:21 msgid "" -"Depending on the public cloud network you are using, you can locate the " -"{productname} installation images by searching for the keywords " -"[package]``suse``, [package]``manager``, [package]``proxy``, or " -"[package]``BYOS``." +"Prometheus is an open-source monitoring tool that is used to record real-" +"time metrics in a time-series database. Metrics are pulled via HTTP, " +"enabling high performance and scalability." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:18 +#: modules/administration/pages/monitoring.adoc:22 msgid "" -"For ``SUSE Manager Server in Azure``, see xref:administration:public-cloud-" -"azure.adoc[]." +"Prometheus metrics are time series data, or timestamped values belonging to " +"the same group or dimension. A metric is uniquely identified by its name " +"and set of labels." msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud.adoc:21 +#. TODO:: This should be an actual image. +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:23 #, no-wrap -msgid "Instance Requirements" +msgid "" +" metric name labels timestamp value\n" +"┌────────┴───────┐ ┌───────────┴───────────┐ ┌──────┴──────┐ ┌─┴─┐\n" +"http_requests_total{status=\"200\", method=\"GET\"} @1557331801.111 42236\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:24 +#: modules/administration/pages/monitoring.adoc:24 msgid "" -"Select a public cloud instance that meets the hardware requirements in xref:" -"installation:hardware-requirements.adoc[]." +"Each application or system being monitored must expose metrics in the format " +"above, either through code instrumentation or Prometheus exporters." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:26 -msgid "In addition, be aware of these considerations:" +#. type: Block title +#: modules/administration/pages/monitoring.adoc:25 +#, no-wrap +msgid "Prometheus Exporters" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:30 +#: modules/administration/pages/monitoring.adoc:26 msgid "" -"The {productname} setup procedure performs a forward-confirmed reverse DNS " -"lookup. This must succeed in order for the setup procedure to complete " -"successfully and for {productname} to operate as expected. Therefore, it is " -"important to perform hostname and IP configuration prior to running the " -"{productname} setup procedure." +"Exporters are libraries that help with exporting metrics from third-party " +"systems as Prometheus metrics. Exporters are useful whenever it is not " +"feasible to instrument a given application or system with Prometheus metrics " +"directly. Multiple exporters can run on a monitored host to export local " +"metrics." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:34 +#: modules/administration/pages/monitoring.adoc:27 msgid "" -"{productname} Server and Proxy instances are expected to run in a network " -"configuration that provides you control over DNS entries, but cannot access " -"the wider internet. Within this network configuration DNS resolution must " -"be provided: `hostname -f` must return the fully-qualified domain name " -"(FQDN). DNS resolution is also important for connecting clients. DNS is " -"dependent on the cloud framework you choose, refer to the cloud service " -"provider documentation for detailed instructions." +"The Prometheus community provides a list of official exporters, and more can " +"be found as community contributions. For more information and an extensive " +"list of exporters, see https://prometheus.io/docs/instrumenting/exporters/." +msgstr "" + +#. type: Block title +#: modules/administration/pages/monitoring.adoc:28 +#, no-wrap +msgid "Grafana" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:37 +#: modules/administration/pages/monitoring.adoc:29 msgid "" -"We recommend that you locate software repositories, the server database, and " -"the proxy squid cache on an external virtual disk. This prevents data loss " -"if the instance is unexpectedly terminated. Instructions for setting up an " -"external virtual disk are contained in this section." +"Grafana is a tool for data visualization, monitoring, and analysis. It is " +"used to create dashboards with panels representing specific metrics over a " +"set period of time. Grafana is commonly used together with Prometheus, but " +"also supports other data sources such as ElasticSearch, MySQL, PostgreSQL, " +"and Influx DB. For more information about Grafana, see https://grafana.com/" +"docs/." msgstr "" #. type: Title == -#: modules/administration/pages/public-cloud.adoc:40 +#: modules/administration/pages/monitoring.adoc:30 #, no-wrap -msgid "Network Setup" +msgid "Set up the Monitoring Server" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:44 +#: modules/administration/pages/monitoring.adoc:31 msgid "" -"On a public cloud service, you must run {productname} within a restricted " -"network, such as VPC private subnet with an appropriate firewall setting. " -"The instance must only be able to be accessed by machines in your specified " -"IP ranges." +"To set up your monitoring server, you need to install Prometheus and " +"Grafana, and configure them." msgstr "" -#. type: delimited block = -#: modules/administration/pages/public-cloud.adoc:48 -msgid "" -"A world-accessible {productname} instance violates the terms of the " -"{productname} EULA, and it will not be supported by {suse}." +#. type: Title === +#: modules/administration/pages/monitoring.adoc:32 +#, no-wrap +msgid "Install Prometheus" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:51 +#: modules/administration/pages/monitoring.adoc:33 msgid "" -"To access the {productname} {webui}, allow HTTPS when you set up your " -"networking environment." +"If your monitoring server is a {productname} Salt client, you can install " +"the Prometheus package using the {productname} {webui}. Otherwise you can " +"download and install the package on your monitoring server manually." msgstr "" -#. type: Title === -#: modules/administration/pages/public-cloud.adoc:54 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:34 #, no-wrap -msgid "Set the Hostname" +msgid "Procedure: Installing Prometheus Using the {webui}" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:58 +#: modules/administration/pages/monitoring.adoc:35 msgid "" -"{productname} requires a stable and reliable hostname. Changing the " -"hostname at a later point can create errors." +"In the {productname} {webui}, open the details page of the system where " +"Prometheus is to be installed, and navigate to the [guimenu]``Formulas`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:61 +#: modules/administration/pages/monitoring.adoc:36 msgid "" -"In most public cloud environments, the method shown in this section will " -"work correctly. However, you will have to perform the same modification for " -"every client." +"Check the [guimenu]``Prometheus`` checkbox to enable monitoring formulas, " +"and click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:63 -msgid "" -"You might prefer to manage DNS resolution by creating a DNS entry in your " -"network environment instead." +#: modules/administration/pages/monitoring.adoc:37 +msgid "Navigate to the ``Prometheus`` tab in the top menu." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:67 +#: modules/administration/pages/monitoring.adoc:38 msgid "" -"You can also manage hostname resolution by editing the [path]``/etc/resolv." -"conf`` file. Depending on the order of your setup, if you start the " -"{productname} instance prior to setting up DNS services the file may not " -"contain the appropriate [systemitem]``search`` directive. Check that the " -"proper search directive exists in [path]``/etc/resolv.conf`` and add it if " -"it is missing." +"In the ``{productname} Server`` section, enter valid {productname} API " +"credentials." msgstr "" -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:68 -#, no-wrap -msgid "Procedure: Setting the hostname locally" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:39 +msgid "" +"Make sure that the credentials you have entered allow access to the set of " +"systems you want to monitor." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:71 -msgid "" -"Disable hostname setup by editing the DHCP configuration file at [path]``/" -"etc/sysconfig/network/dhcp``, and adding this line:" +#: modules/administration/pages/monitoring.adoc:40 +#: modules/administration/pages/monitoring.adoc:68 +msgid "Customize any other configuration options according to your needs." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:78 -msgid "" -"Set the hostname locally with the [command]``hostnamectl`` command. Ensure " -"you use the system name, not the FQDN. For example, if the FQDN is " -"[path]``system_name.example.com``, the system name is [path]``system_name``, " -"and the domain name is [path]``example.com``." +#: modules/administration/pages/monitoring.adoc:41 +#: modules/administration/pages/monitoring.adoc:69 +#: modules/administration/pages/monitoring.adoc:129 +#: modules/administration/pages/monitoring.adoc:154 +msgid "Click btn:[Save Formula]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:81 -#, no-wrap -msgid "# hostnamectl set-hostname system_name\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:42 +#: modules/administration/pages/monitoring.adoc:70 +#: modules/administration/pages/monitoring.adoc:155 +msgid "Apply the highstate and confirm that it completes successfully." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:84 +#: modules/administration/pages/monitoring.adoc:43 msgid "" -"Create a DNS entry in your network environment for domain name resolution, " -"or force correct resolution by editing the [path]``/etc/hosts`` file. You " -"can find the IP address by checking your public cloud web console, or from " -"the command line:" +"Check that the Prometheus interface loads correctly. In your browser, " +"navigate to the URL of the server where Prometheus is installed, on " +"port 9090 (for example, [literal]``http://example.com:9090``)." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:87 -msgid "Amazon EC2 instance:" +#: modules/administration/pages/monitoring.adoc:44 +#: modules/administration/pages/monitoring.adoc:73 +#: modules/administration/pages/monitoring.adoc:133 +#: modules/administration/pages/monitoring.adoc:156 +msgid "" +"For more information about the monitoring formulas, see xref:salt:formula-" +"monitoring.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:90 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:45 #, no-wrap -msgid "# ec2metadata --local-ipv4\n" +msgid "Procedure: Manually Installing and Configuring Prometheus" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:92 -msgid "Google Compute Engine:" +#: modules/administration/pages/monitoring.adoc:46 +msgid "" +"On the monitoring server, install the [package]``golang-github-prometheus-" +"prometheus`` package:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:95 +#: modules/administration/pages/monitoring.adoc:47 #, no-wrap -msgid "# gcemetadata --query instance --network-interfaces --ip\n" +msgid "zypper in golang-github-prometheus-prometheus\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:97 -msgid "Microsoft Azure:" +#: modules/administration/pages/monitoring.adoc:48 +msgid "Enable the Prometheus service:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:100 +#: modules/administration/pages/monitoring.adoc:49 #, no-wrap -msgid "# azuremetadata --internal-ip\n" +msgid "systemctl enable --now prometheus\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:104 -msgid "" -"In the following command, replace [literal]```` with IP address " -"you retrieve from the command line above:" +#: modules/administration/pages/monitoring.adoc:50 +msgid "Check that the Prometheus interface loads correctly." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:108 -#, no-wrap -msgid "# echo \" suma.cloud.net suma\" >> /etc/hosts\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:51 +msgid "" +"In your browser, navigate to the URL of the server where Prometheus is " +"installed, on port 9090 (for example, [literal]``http://example.com:9090``)." msgstr "" -#. type: Title === -#: modules/administration/pages/public-cloud.adoc:111 -#, no-wrap -msgid "Set up DNS Resolution" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:52 +msgid "" +"Open the configuration file at [path]``/etc/prometheus/prometheus.yml`` and " +"add this configuration information." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:115 +#: modules/administration/pages/monitoring.adoc:53 msgid "" -"You will need to update the DNS records for the instance within the DNS " -"service of your network environment. Refer to the cloud service provider " -"documentation for detailed instructions:" +"Replace `server.url` with your {productname} server URL and adjust " +"`username` and `password` fields to match your {productname} credentials." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:117 +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:54 +#, no-wrap msgid "" -"http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html[DNS setup " -"on Amazon EC2]" +"# {productname} self-health metrics\n" +"scrape_configs:\n" +"- job_name: 'mgr-server'\n" +" static_configs:\n" +" - targets:\n" +" - 'server.url:9100' # Node exporter\n" +" - 'server.url:9187' # PostgreSQL exporter\n" +" - 'server.url:5556' # JMX exporter (Tomcat)\n" +" - 'server.url:5557' # JMX exporter (Taskomatic)\n" +" - 'server.url:9800' # Taskomatic\n" +" - targets:\n" +" - 'server.url:80' # Message queue\n" +" labels:\n" +" __metrics_path__: /rhn/metrics\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:118 +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:55 +#, no-wrap msgid "" -"https://cloud.google.com/compute/docs/networking[DNS setup on Google Compute " -"Engine]" +"# Managed systems metrics:\n" +"- job_name: 'mgr-clients'\n" +" uyuni_sd_configs:\n" +" - host: \"http://server.url\"\n" +" username: \"admin\"\n" +" password: \"admin\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:119 -msgid "" -"https://azure.microsoft.com/en-us/documentation/articles/dns-operations-" -"recordsets[DNS setup on Microsoft Azure]" +#: modules/administration/pages/monitoring.adoc:56 +msgid "Save the configuration file." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:122 -msgid "" -"If you run a {productname} Server instance, ensure the external storage is " -"attached and prepared correctly, and that DNS resolution is set up as " -"described. Start the ``susemanager_setup`` with {yast}:" +#: modules/administration/pages/monitoring.adoc:57 +msgid "Restart the Prometheus service:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:125 +#: modules/administration/pages/monitoring.adoc:58 #, no-wrap -msgid "# /sbin/yast2 susemanager_setup\n" +msgid "systemctl restart prometheus\n" msgstr "" -#. No need to duplicate this, since it exists within the docs suite. LKB 2019-05-29 -#. Uncommenting, as it turns out some of this content is unique. Will need a more surgical look. LKB 2019-08-02 #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:136 +#: modules/administration/pages/monitoring.adoc:59 msgid "" -"The {productname} setup procedure in YaST is designed as a one pass process " -"with no rollback or cleanup capability. Therefore, if the setup procedure " -"is interrupted or ends with an error, it is not recommended that you repeat " -"the setup process or attempts to manually fix the configuration. These " -"methods are likely to result in a faulty {productname} installation. If you " -"experience errors during setup, start a new instance, and begin the setup " -"procedure again on a clean system." +"For more information about the Prometheus configuration options, see the " +"official Prometheus documentation at https://prometheus.io/docs/prometheus/" +"latest/configuration/configuration/" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:138 -msgid "" -"If you receive a message that there is not enough space available for setup, " -"ensure that your root volume is at least 20 GB and double check that the " -"instructions in <> have been completed " -"correctly." +#. type: Title === +#: modules/administration/pages/monitoring.adoc:60 +#, no-wrap +msgid "Install Grafana" msgstr "" -# -# -# -# -#. REMARK check this; will it still work for sle 15? -#. Commented out per https://github.com/SUSE/spacewalk/issues/8951 LKB 2019-08-06 -#. {productname} Server for the public cloud comes with a bootstrap data module pre-installed. -#. The bootstrap module contains optimized package lists for bootstrapping instances started from {sle} images published by {suse}. -#. If you intend to register such an instance, when you create the bootstrap repository run the [command]``mgr-create-bootstrap-repo`` script using this command, to create a bootstrap repository suitable for {sle} 12 SP1 instances. -#. ---- -#. $ mgr-create-bootstrap-repo --datamodule=mgr_pubcloud_bootstrap_data -c SLE-12-SP1-x86_64 -#. ---- -#. See xref:client-configuration:creating-a-tools-repository.adoc[] for more information on bootstrapping. #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:156 +#: modules/administration/pages/monitoring.adoc:61 msgid "" -"Prior to registering instances started from on demand images remove the " -"following packages from the instance to be registered:" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:157 -msgid "cloud-regionsrv-client" +"If your monitoring server is a {productname} Salt client, you can install " +"the Grafana package using the {productname} {webui}. Otherwise you can " +"download and install the package on your monitoring server manually." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:158 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:62 #, no-wrap -msgid "*For Amazon EC2*\n" +msgid "Procedure: Installing Grafana Using the {webui}" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:160 -msgid "regionServiceClientConfigEC2" +#: modules/administration/pages/monitoring.adoc:63 +msgid "" +"In the {productname} {webui}, open the details page of the system where " +"Grafana is to be installed, and navigate to the [guimenu]``Formulas`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:162 -msgid "regionServiceCertsEC2" +#: modules/administration/pages/monitoring.adoc:64 +msgid "" +"Check the [guimenu]``Grafana`` checkbox to enable monitoring formulas, and " +"click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:163 -#, no-wrap -msgid "*For Google Compute Engine*\n" +#: modules/administration/pages/monitoring.adoc:65 +msgid "Navigate to the ``Grafana`` tab in the top menu." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:165 -msgid "cloud-regionsrv-client-plugin-gce" +#: modules/administration/pages/monitoring.adoc:66 +msgid "" +"In the ``Enable and configure Grafana`` section, enter the admin credentials " +"you want to use to log in Grafana." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:167 -msgid "regionServiceClientConfigGCE" +#: modules/administration/pages/monitoring.adoc:67 +msgid "" +"On the ``Datasources`` section, make sure that the Prometheus URL field " +"points to the system where Prometheus is running." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:169 -msgid "regionServiceCertsGCE" +#: modules/administration/pages/monitoring.adoc:71 +msgid "" +"Check that the Grafana interface is loading correctly. In your browser, " +"navigate to the URL of the server where Grafana is installed, on port 3000 " +"(for example, [literal]``http://example.com:3000``)." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:170 +#. type: delimited block = +#: modules/administration/pages/monitoring.adoc:72 +msgid "" +"{productname} provides pre-built dashboards for server self-health, basic " +"client monitoring, and more. You can choose which dashboards to provision " +"in the formula configuration page." +msgstr "" + +#. type: Block title +#: modules/administration/pages/monitoring.adoc:74 #, no-wrap -msgid "*For Microsoft Azure*\n" +msgid "Procedure: Manually Installing Grafana" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:172 -msgid "regionServiceClientConfigAzure" +#: modules/administration/pages/monitoring.adoc:75 +msgid "Install the [package]``grafana`` package:" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:174 -msgid "regionServiceCertsAzure" +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:76 +#, no-wrap +msgid "zypper in grafana\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:177 -msgid "" -"If these packages are not removed it is possible to create interference " -"between the repositories provided by {productname} and the repositories " -"provided by the SUSE operated update infrastructure." +#: modules/administration/pages/monitoring.adoc:77 +msgid "Enable the Grafana service:" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:180 -msgid "" -"Additionally remove the line from the [path]``/etc/hosts`` file that " -"contains the *susecloud.net* reference." +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:78 +#, no-wrap +msgid "systemctl enable --now grafana-server\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:181 -msgid "If you run a {productname} Proxy instance" +#: modules/administration/pages/monitoring.adoc:79 +msgid "Check that the Grafana interface is loading correctly." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:188 +#: modules/administration/pages/monitoring.adoc:80 msgid "" -"Launch the instance, optionally with external storage configured. If you " -"use external storage (recommended), prepare it according to <>. It is recommended but not required to prepare the storage " -"before configuring {productname} proxy, as the suma-storage script will " -"migrate any existing cached data to the external storage. After preparing " -"the instance, register the system with the parent SUSE Manager, which could " -"be a {productname} Server or another {productname} Proxy. See the xref:" -"installation:proxy-setup.adoc[] for details. When registered, configure " -"your {productname} Proxy instance with this script:" +"In your browser, navigate to the URL of the server where Grafana is " +"installed, on port 3000 (for example, [literal]``http://example.com:3000``)." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:191 +#. type: Target for macro image +#: modules/administration/pages/monitoring.adoc:81 #, no-wrap -msgid "/usr/sbin/configure-proxy.sh\n" +msgid "monitoring_grafana_example.png" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:194 +#: modules/administration/pages/monitoring.adoc:82 msgid "" -"When the script has completed, {productname} should be functional and " -"running. For {productname} Server, the setup process created an " -"administrator user with this user name:" +"For more information on how to manually install and configure Grafana, see " +"https://grafana.com/docs." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:196 -msgid "User name: `admin`" +#: modules/administration/pages/monitoring.adoc:83 +msgid "" +"For more information about the monitoring formulas with forms, see xref:salt:" +"formula-monitoring.adoc[]." msgstr "" -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:198 +#. type: Title == +#: modules/administration/pages/monitoring.adoc:84 #, no-wrap -msgid "Account credentials for admin user" +msgid "Configure {productname} Monitoring" msgstr "" -#. type: Table -#: modules/administration/pages/public-cloud.adoc:220 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:85 msgid "" -"|\n" -" Amazon EC2\n" -"\n" -"|\n" -" Google Compute Engine\n" -"\n" -"|\n" -" Microsoft Azure\n" -"\n" -"\n" -"|\n" -"\n" -"[replaceable]``Instance-ID``\n" -"|\n" -"\n" -"[replaceable]``Instance-ID``\n" -"|\n" -"\n" -"[replaceable]``Instance-Name``**-suma**\n" +"With {productname}{nbsp}4 and higher, you can enable the server to expose " +"Prometheus self-health metrics, and also install and configure exporters on " +"client systems." +msgstr "" + +#. type: Title === +#: modules/administration/pages/monitoring.adoc:86 +#, no-wrap +msgid "Server Self Monitoring" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:223 +#: modules/administration/pages/monitoring.adoc:87 msgid "" -"The current value for the [replaceable]``Instance-ID`` or " -"[replaceable]``Instance-Name`` in case of the Azure Cloud, can be obtained " -"from the public cloud Web console or from within a terminal session as " -"follows:" +"The Server self-health metrics cover hardware, operating system and " +"{productname} internals. These metrics are made available by " +"instrumentation of the Java application, combined with Prometheus exporters." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:224 -msgid "Obtain instance id from within Amazon EC2 instance" +#: modules/administration/pages/monitoring.adoc:88 +msgid "These exporter packages are shipped with {productname} Server:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:228 -#, no-wrap -msgid "$ ec2metadata --instance-id\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:89 +#: modules/administration/pages/monitoring.adoc:98 +#: modules/administration/pages/monitoring.adoc:115 +msgid "Node exporter: [systemitem]``golang-github-prometheus-node_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:230 -msgid "Obtain instance id from within Google Compute Engine instance" +#: modules/administration/pages/monitoring.adoc:90 +#: modules/administration/pages/monitoring.adoc:99 +#: modules/administration/pages/monitoring.adoc:116 +msgid "See https://github.com/prometheus/node_exporter." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:234 -#, no-wrap -msgid "$ gcemetadata --query instance --id\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:91 +#: modules/administration/pages/monitoring.adoc:117 +msgid "" +"PostgreSQL exporter: [systemitem]``golang-github-wrouesnel-" +"postgres_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:236 -msgid "Obtain instance name from within Microsoft Azure instance" +#: modules/administration/pages/monitoring.adoc:92 +#: modules/administration/pages/monitoring.adoc:118 +msgid "See https://github.com/wrouesnel/postgres_exporter." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:240 -#, no-wrap -msgid "$ azuremetadata --instance-name\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:93 +msgid "JMX exporter: [systemitem]``prometheus-jmx_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:244 -msgid "" -"After logging in through the {productname} Server {webui}, *change* the " -"default password." +#: modules/administration/pages/monitoring.adoc:94 +msgid "See https://github.com/prometheus/jmx_exporter." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:247 +#: modules/administration/pages/monitoring.adoc:95 +#: modules/administration/pages/monitoring.adoc:119 msgid "" -"{productname} Proxy does not have administration access to the {webui}. It " -"can be managed through its parent {productname} Server." -msgstr "" - -#. type: Title === -#: modules/administration/pages/public-cloud.adoc:251 -#, no-wrap -msgid "Using Separate Storage Volume" +"Apache exporter: [systemitem]``golang-github-lusitaniae-apache_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:257 -msgid "" -"We recommend that the repositories and the database for {productname} be " -"stored on a virtual storage device. This best practice will avoid data loss " -"in cases where the {productname} instance may need to be terminated. These " -"steps *must* be performed *prior* to running the YaST {productname} setup " -"procedure." +#: modules/administration/pages/monitoring.adoc:96 +#: modules/administration/pages/monitoring.adoc:120 +msgid "See https://github.com/Lusitaniae/apache_exporter." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:261 -msgid "" -"Provision a disk device in the public cloud environment, refer to the cloud " -"service provider documentation for detailed instructions. The size of the " -"disk is dependent on the number of distributions and channels you intend to " -"manage with {productname}. For sizing information refer to https://www.suse." -"com/support/kb/doc.php?id=7015050[SUSE Manager sizing examples]. A rule of " -"thumb is 25 GB per distribution per channel." +#: modules/administration/pages/monitoring.adoc:97 +msgid "These exporter packages are shipped with {productname} Proxy:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:262 -msgid "" -"Once attached the device appears as Unix device node in your instance. For " -"the following command to work this device node name is required. In many " -"cases the attached storage appears as **/dev/sdb**. In order to check which " -"disk devices exists on your system, call the following command:" +#: modules/administration/pages/monitoring.adoc:100 +msgid "Squid exporter: [systemitem]``golang-github-boynux-squid_exporter``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:266 -#, no-wrap -msgid "$ hwinfo --disk | grep -E \"Device File:\"\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:101 +msgid "See https://github.com/boynux/squid-exporter." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:268 +#: modules/administration/pages/monitoring.adoc:102 msgid "" -"With the device name at hand the process of re-linking the directories in " -"the file system {productname} uses to store data is handled by the suma-" -"storage script. In the following example we use [path]``/dev/sdb`` as the " -"device name." +"The exporter packages are pre-installed in {productname} Server and Proxy, " +"but their respective systemd daemons are disabled by default." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:272 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:103 #, no-wrap -msgid "$ /usr/bin/suma-storage /dev/sdb\n" +msgid "Procedure: Enabling Self Monitoring" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:278 +#: modules/administration/pages/monitoring.adoc:104 msgid "" -"After the call all database and repository files used by SUSE Manager Server " -"are moved to the newly created xfs based storage. In case your instance is " -"a {productname} Proxy, the script will move the Squid cache, which caches " -"the software packages, to the newly created storage. The xfs partition is " -"mounted below the path [path]``/manager_storage``. ." +"In the {productname} {webui}, navigate to menu:Admin[Manager Configuration > " +"Monitoring]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:279 -msgid "Create an entry in /etc/fstab (optional)" +#: modules/administration/pages/monitoring.adoc:105 +msgid "Click btn:[Enable services]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:282 -msgid "" -"Different cloud frameworks treat the attachment of external storage devices " -"differently at instance boot time. Please refer to the cloud environment " -"documentation for guidance about the fstab entry." +#: modules/administration/pages/monitoring.adoc:106 +msgid "Restart Tomcat and Taskomatic." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:284 +#: modules/administration/pages/monitoring.adoc:107 msgid "" -"If your cloud framework recommends to add an fstab entry, add the following " -"line to the */etc/fstab* file." -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:288 -#, no-wrap -msgid "/dev/sdb1 /manager_storage xfs defaults,nofail 1 1\n" +"Navigate to the URL of your Prometheus server, on port 9090 (for example, " +"[literal]``http://example.com:9090``)" msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud.adoc:292 -#, no-wrap -msgid "Registration of Cloned Systems" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:108 +msgid "" +"In the Prometheus UI, navigate to menu:[Status > Targets] and confirm that " +"all the endpoints on the ``mgr-server`` group are up." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:298 +#: modules/administration/pages/monitoring.adoc:109 msgid "" -"{productname} cannot distinguish between different instances that use the " -"same system ID. If you register a second instance with the same system ID " -"as a previous instance, {productname} will overwrite the original system " -"data with the new system data. This can occur when you launch multiple " -"instances from the same image, or when an image is created from a running " -"instance. However, it is possible to clone systems and register them " -"successfully by deleting the cloned system's ID, and generating a new ID." +"If you have also installed Grafana with the {webui}, the server insights " +"will be visible on the {productname} Server dashboard." msgstr "" -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:300 +#. type: Target for macro image +#: modules/administration/pages/monitoring.adoc:110 #, no-wrap -msgid "Procedure: Registering Cloned Systems" +msgid "monitoring_enable_services.png" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:302 -msgid "Clone the system using your preferred hypervisor's cloning mechanism." +#. type: delimited block = +#: modules/administration/pages/monitoring.adoc:111 +msgid "" +"Only server self-health monitoring can be enabled using the {webui}. " +"Metrics for a proxy are not automatically collected by Prometheus. To " +"enable self-health monitoring on a proxy, you will need to manually install " +"exporters and enable them." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:303 -msgid "" -"On the cloned system, change the hostname and IP addresses, and check the " -"[path]``/etc/hosts`` file to ensure you have the right host entries." +#. type: Title === +#: modules/administration/pages/monitoring.adoc:112 +#, no-wrap +msgid "Monitoring Managed Systems" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:305 +#: modules/administration/pages/monitoring.adoc:113 msgid "" -"On traditional clients, stop the [command]``rhnsd`` daemon with [command]``/" -"etc/init.d/rhnsd stop`` or, on newer systemd-based systems, with " -"[command]``service rhnsd stop``. Then [command]``service osad stop``." +"Prometheus metrics exporters can be installed and configured on Salt clients " +"using formulas. The packages are available from the {productname} client " +"tools channels, and can be enabled and configured directly in the " +"{productname} {webui}." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:306 -msgid "For SLES 11 or {rhel} 5 or 6 clients, run these commands:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:310 -#, no-wrap -msgid "" -"# rm /var/lib/dbus/machine-id\n" -"# dbus-uuidgen --ensure\n" +#: modules/administration/pages/monitoring.adoc:114 +msgid "These exporters can be installed on managed systems:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:313 -msgid "For SLES 12, SLES 15, or {rhel} 7 clients, run these commands:" +#: modules/administration/pages/monitoring.adoc:121 +msgid "" +"When you have the exporters installed and configured, you can start using " +"Prometheus to collect metrics from monitored systems. If you have " +"configured your monitoring server with the {webui}, metrics collection will " +"happen automatically." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:319 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:122 #, no-wrap -msgid "" -"# rm /etc/machine-id\n" -"# rm /var/lib/dbus/machine-id\n" -"# dbus-uuidgen --ensure\n" -"# systemd-machine-id-setup\n" +msgid "Procedure: Configuring Prometheus Exporters on a Client" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:322 -msgid "If you are using Salt, then you will also need to run these commands:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:326 -#, no-wrap +#: modules/administration/pages/monitoring.adoc:123 msgid "" -"# service salt-minion stop\n" -"# rm -rf /var/cache/salt\n" +"In the {productname} {webui}, open the details page of the client to be " +"monitored, and navigate to the menu:Formulas tab." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:329 -msgid "If you are using a traditional client, clean up the working files with:" +#: modules/administration/pages/monitoring.adoc:124 +msgid "" +"Check the [guimenu]``Enabled`` checkbox on the ``Prometheus Exporters`` " +"formula." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:332 -#, no-wrap -msgid "# rm -f /etc/sysconfig/rhn/{osad-auth.conf,systemid}\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:126 +msgid "Navigate to the menu:Formulas[Prometheus Exporters] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:335 +#: modules/administration/pages/monitoring.adoc:127 msgid "" -"The bootstrap should now run with a new system ID, rather than a duplicate." +"Select the exporters you want to enable and customize arguments according to " +"your needs." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:340 +#: modules/administration/pages/monitoring.adoc:128 msgid "" -"If you are onboarding Salt client clones, then you will also need to check " -"if they have the same Salt minion ID. You will need to delete the minion ID " -"on each cloned client, using the [command]``rm`` command. Each operating " -"system type stores this file in a slightly different location, check the " -"table for the appropriate command." -msgstr "" - -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:342 -#, no-wrap -msgid "Minion ID File Location" +"The [guimenu]``Address`` field accepts either a port number preceded by a " +"colon (``:9100``), or a fully resolvable address (``example:9100``)." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:344 -msgid "" -"Each operating system stores the minion ID file in a slightly different " -"location, check the table for the appropriate command." +#: modules/administration/pages/monitoring.adoc:130 +msgid "Apply the highstate." msgstr "" -#. type: Table -#: modules/administration/pages/public-cloud.adoc:364 +#. type: Target for macro image +#: modules/administration/pages/monitoring.adoc:131 #, no-wrap -msgid "" -"| Operating System | Commands\n" -"| SLES 15 | [command]``rm /etc/salt/minion_id``\n" -"\n" -" [command]``rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" -"| SLES 12 | [command]``rm /etc/salt/minion_id``\n" -"\n" -" [command]``rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" -"| SLES 11 | [command]``rm /etc/salt/minion_id``\n" -"\n" -" [command]``suse_register -E``\n" -"| SLES 10 | [command]``rm -rf /etc/{zmd,zypp}``\n" -"\n" -" [command]``rm -rf /var/lib/zypp/``\n" -" Do not delete [path]``/var/lib/zypp/db/products/``\n" -"\n" -" [command]``rm -rf /var/lib/zmd/``\n" -"| {rhel} 5, 6, 7 | [command]`` rm -f /etc/NCCcredentials``\n" +msgid "monitoring_configure_formula.png" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:367 +#. type: delimited block = +#: modules/administration/pages/monitoring.adoc:132 msgid "" -"When you have deleted the minion ID file, re-run the bootstrap script, and " -"restart the client to see the cloned system in {productname} with the new ID." +"Monitoring formulas can also be configured for System Groups, by applying " +"the same configuration used for individual systems inside the corresponding " +"group." msgstr "" -#. type: Title = -#: modules/administration/pages/repo-metadata.adoc:2 +#. type: Title == +#: modules/administration/pages/monitoring.adoc:134 #, no-wrap -msgid "Signing Repository Metadata" +msgid "Network Boundaries" msgstr "" -#. TODO:: Explain why repository metadata should/would be signed. #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:7 +#: modules/administration/pages/monitoring.adoc:135 msgid "" -"You will require a custom GPG key to be able to sign repository metadata." +"Prometheus fetches metrics using a pull mechanism, so the server must be " +"able to establish TCP connections to monitored clients. By default, " +"Prometheus uses these ports:" msgstr "" -#. type: Block title -#: modules/administration/pages/repo-metadata.adoc:8 -#, no-wrap -msgid "Procedure: Generating a Custom GPG Key" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:136 +msgid "Node exporter: 9100" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:11 -msgid "" -"As the root user, use the [command]``gpg`` command to generate a new key:" +#: modules/administration/pages/monitoring.adoc:137 +msgid "PostgreSQL exporter: 9187" msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:14 -#, no-wrap -msgid "gpg --gen-key\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:138 +msgid "Apache exporter: 9117" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:18 +#: modules/administration/pages/monitoring.adoc:139 msgid "" -"At the prompts, select [systemitem]``RSA`` as the key type, with a size of " -"2048 bits, and select an appropriate expiry date for your key. Check the " -"details for your new key, and type [systemitem]``y`` to confirm." +"Additionally, if you are running the alert manager on a different host than " +"where you run Prometheus, you will also need to open port 9093." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:21 +#: modules/administration/pages/monitoring.adoc:140 msgid "" -"At the prompts, enter a name and email address to be associated with your " -"key. You can also add a comment to help you identify the key, if desired. " -"When you are happy with the user identity, type [systemitem]``O`` to confirm." +"For clients installed on cloud instances, you can add the required ports to " +"a security group that has access to the monitoring server." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:22 -msgid "At the prompt, enter a passphrase to protect your key." +#: modules/administration/pages/monitoring.adoc:141 +msgid "" +"Alternatively, you can deploy a Prometheus instance in the exporters' local " +"network, and configure federation. This allows the main monitoring server " +"to scrape the time series from the local Prometheus instance. If you use " +"this method, you only need to open the Prometheus API port, which is 9090." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:24 +#: modules/administration/pages/monitoring.adoc:142 msgid "" -"The key should be automatically added to your keyring. You can check by " -"listing the keys in your keyring:" +"For more information on Prometheus federation, see https://prometheus.io/" +"docs/prometheus/latest/federation/." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:27 -#, no-wrap -msgid "gpg --list-keys\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:143 +msgid "" +"You can also proxy requests through the network boundary. Tools like " +"PushProx deploy a proxy and a client on both sides of the network barrier " +"and allow Prometheus to work across network topologies such as NAT." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:30 +#: modules/administration/pages/monitoring.adoc:144 msgid "" -"Add the password for your keyring to the [filename]``/etc/rhn/signing.conf`` " -"configuration file, by opening the file in your text editor and adding this " -"line:" +"For more information on PushProx, see https://github.com/RobustPerception/" +"PushProx." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:33 +#. type: Title === +#: modules/administration/pages/monitoring.adoc:145 #, no-wrap -msgid "GPGPASS=\"password\"\n" +msgid "Reverse Proxy Setup" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:37 +#: modules/administration/pages/monitoring.adoc:146 msgid "" -"You can manage metadata signing on the command line using the [command]``mgr-" -"sign-metadata-ctl`` command." +"Prometheus fetches metrics using a pull mechanism, so the server must be " +"able to establish TCP connections to each exporter on the monitored " +"clients. To simplify your firewall configuration, you can use reverse proxy " +"for your exporters to expose all metrics on a single port." msgstr "" +#. Probably a diagram here. --LKB 2020-08-11 #. type: Block title -#: modules/administration/pages/repo-metadata.adoc:39 +#: modules/administration/pages/monitoring.adoc:147 #, no-wrap -msgid "Procedure: Enabling Metadata Signing" +msgid "Procedure: Installing Prometheus Exporters with Reverse Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:42 +#: modules/administration/pages/monitoring.adoc:148 msgid "" -"You will need to know the short identifier for the key to use. You can list " -"your available public keys in short format:" +"In the {productname} {webui}, open the details page of the system to be " +"monitored, and navigate to the [guimenu]``Formulas`` tab." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:50 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:149 msgid "" -"gpg --keyid-format short --list-keys\n" -"...\n" -"pub rsa2048/3E7BFE0A 2019-04-02 [SC] [expires: 2021-04-01]\n" -" A43F9EC645ED838ED3014B035CFA51BF3E7BFE0A\n" -"uid [ultimate] SUSE Manager\n" -"sub rsa2048/118DE7FF 2019-04-02 [E] [expires: 2021-04-01]\n" +"Check the [guimenu]``Prometheus Exporters`` checkbox to enable the exporters " +"formula, and click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:53 -msgid "" -"Enable metadata signing with the [command]``mgr-sign-metadata-ctl`` command:" +#: modules/administration/pages/monitoring.adoc:150 +msgid "Navigate to the ``Prometheus Exporters`` tab in the top menu." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:63 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:151 msgid "" -"mgr-sign-metadata-ctl enable 3E7BFE0A\n" -"OK. Found key 3E7BFE0A in keyring.\n" -"DONE. Set key 3E7BFE0A in /etc/rhn/signing.conf.\n" -"DONE. Enabled metadata signing in /etc/rhn/rhn.conf.\n" -"DONE. Exported key 4E2C3DD8 to /srv/susemanager/salt/gpg/mgr-keyring.gpg.\n" -"DONE. Exported key 4E2C3DD8 to /srv/www/htdocs/pub/mgr-gpg-pub.key.\n" -"NOTE. For the changes to become effective run:\n" -" mgr-sign-metadata-ctl regen-metadata\n" +"Check the [guimenu]``Enable reverse proxy`` option, and enter a valid " +"reverse proxy port number." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:65 -msgid "You can check that your configuration is correct with this command:" +#: modules/administration/pages/monitoring.adoc:152 +msgid "For example, ``9999``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:68 +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:153 +msgid "Customize the other exporters according to your needs." +msgstr "" + +#. type: Title = +#: modules/administration/pages/organizations.adoc:1 #, no-wrap -msgid "mgr-sign-metadata-ctl check-config\n" +msgid "Organizations" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:70 +#: modules/administration/pages/organizations.adoc:2 msgid "" -"Restart the services and schedule metadata regeneration to pick up the " -"changes:" +"Organizations are used to manage user access and permissions within " +"{productname}." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:73 -#, no-wrap -msgid "mgr-sign-metadata-ctl regen-metadata\n" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:3 +msgid "" +"For most environments, a single organization is enough. However, more " +"complicated environments might need several organizations. You might like " +"to have an organization for each physical location within your business, or " +"for different business functions." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:77 +#: modules/administration/pages/organizations.adoc:4 msgid "" -"You can also use the [command]``mgr-sign-metadata-ctl`` command to perform " -"other tasks. Use [command]``mgr-sign-metadata-ctl --help`` to see the " -"complete list." +"When you have created your organizations, you can create and assign users to " +"your organizations. You can then assign permissions on an organization " +"level, which applies by default to every user assigned to the organization." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:81 +#: modules/administration/pages/organizations.adoc:5 msgid "" -"Repository metadata signing is a global option. When it is enabled, it is " -"enabled on all software channels on the server. This means that all clients " -"connected to the server will need to trust the new GPG key to be able to " -"install or update packages." +"You can also configure authentication methods for your new organization, " +"including PAM and single sign-on. For more information about " +"authentication, see xref:administration:auth-methods.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/repo-metadata.adoc:82 +#: modules/administration/pages/organizations.adoc:7 #, no-wrap -msgid "Procedure: Importing GPG keys on Clients" +msgid "Procedure: Creating a New Organization" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:85 -msgid "For RPM-based client systems, use these remote commands:" +#: modules/administration/pages/organizations.adoc:8 +msgid "" +"In the {productname} {webui}, navigate to menu:Admin[Organizations], and " +"click btn:[Create Organization]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:88 -#, no-wrap -msgid "rpm --import http://server.example.com/pub/mgr-gpg-pub.key\n" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:9 +msgid "In the [guimenu]``Create Organization`` dialog, complete these fields:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/organizations.adoc:10 +msgid "" +"In the [guimenu]``Organization Name`` field, type a name for your new " +"organization." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/organizations.adoc:11 +msgid "The name should be between 3 and 128 characters long." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:91 +#: modules/administration/pages/organizations.adoc:12 msgid "" -"For Ubuntu clients, you will need to reassign the channels, which will " -"automatically pick up the new GPG key. You can do this through the " -"{productname} {webui}, or from the command line on the server with this " -"command:" +"In the [guimenu]``Desired Login`` field, type the login name you want to use " +"for the organization's administrator." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:94 -#, no-wrap -msgid "salt state.apply channels\n" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:13 +msgid "" +"This must be a new administrator account, you will not be able to use an " +"existing administrator account to sign in to the new organization, including " +"the one you are currently signed in with." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:95 +#: modules/administration/pages/organizations.adoc:14 msgid "" -"OPTIONAL: For Salt clients, you might prefer to use a state to manage your " -"GPG keys." +"In the [guimenu]``Desired Password`` field, type a password for the new " +"organization's administrator." msgstr "" -#. type: Title = -#: modules/administration/pages/reports.adoc:2 -#, no-wrap -msgid "Generate Reports" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:15 +msgid "" +"Confirm the password by typing it again in the [guimenu]``Confirm Password`` " +"field. Password strength is indicated by the colored bar beneath the " +"password fields." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:7 +#: modules/administration/pages/organizations.adoc:16 msgid "" -"The [command]``spacewalk-report`` command is used to produce a variety of " -"reports. These reports can be helpful for taking inventory of your " -"subscribed systems, users, and organizations. Using reports is often " -"simpler than gathering information manually from the {susemgr} {webui}, " -"especially if you have many systems under management." +"In the [guimenu]``Email`` field, type an email address for the new " +"organization's administrator." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:9 +#: modules/administration/pages/organizations.adoc:17 msgid "" -"To generate reports, you must have the [package]``spacewalk-reports`` " -"package installed." +"In the [guimenu]``First Name`` field, select a salutation, and type a given " +"name for the new organization's administrator." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:11 +#: modules/administration/pages/organizations.adoc:18 msgid "" -"The [command]``spacewalk-report`` command allows you to organize and display " -"reports about content, systems, and user resources across {productname}." +"In the [guimenu]``Last Name`` field, type a surname for the new " +"organization's administrator." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:13 -msgid "You can generate reports on:" +#: modules/administration/pages/organizations.adoc:19 +msgid "Click btn:[Create Organization]." msgstr "" -#. type: Plain text -#: modules/administration/pages/reports.adoc:15 -msgid "System Inventory: list all the systems registered to {productname}." +#. type: Title == +#: modules/administration/pages/organizations.adoc:20 +#, no-wrap +msgid "Manage Organizations" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:17 +#: modules/administration/pages/organizations.adoc:21 msgid "" -"Patches: list all the patches relevant to the registered systems. You can " -"sort patches by severity, as well as the systems that apply to a particular " -"patch." +"In the {productname} {webui}, navigate to menu:Admin[Organizations] to see a " +"list of available organizations. Click the name of an organization to " +"manage it." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:18 +#: modules/administration/pages/organizations.adoc:22 msgid "" -"Users: list all registered users and any systems associated with a " -"particular user." +"From the menu:Admin[Organizations] section, you can access tabs to manage " +"users, trusts, configuration, and states for your organization." msgstr "" -#. type: Plain text -#: modules/administration/pages/reports.adoc:20 +#. type: delimited block = +#: modules/administration/pages/organizations.adoc:23 msgid "" -"To get the report in CSV format, run this command at the command prompt on " -"the server:" +"Organizations can only be managed by their administrators. To manage an " +"organization, ensure you are signed in as the correct administrator for the " +"organization you want to change." msgstr "" -#. type: delimited block - -#: modules/administration/pages/reports.adoc:23 +#. type: Title === +#: modules/administration/pages/organizations.adoc:24 #, no-wrap -msgid "spacewalk-report \n" +msgid "Organization Users" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:26 -msgid "This table lists the available reports:" +#: modules/administration/pages/organizations.adoc:25 +msgid "" +"Navigate to the [guimenu]``Users`` tab to view the list of all users " +"associated with the organization, and their role. Clicking a username takes " +"you to the [guimenu]``Users`` menu to add, change, or delete users." msgstr "" -#. type: Block title -#: modules/administration/pages/reports.adoc:29 +#. type: Title === +#: modules/administration/pages/organizations.adoc:26 #, no-wrap -msgid "[command]``spacewalk-report`` Reports" +msgid "Trusted Organizations" msgstr "" -#. type: Table -#: modules/administration/pages/reports.adoc:84 +#. type: Plain text +#: modules/administration/pages/organizations.adoc:27 +msgid "" +"Navigate to the [guimenu]``Trusts`` tab to add or remove trusted " +"organizations. Establishing trust between organizations allow them to share " +"content between them, and gives you the ability to migrate clients from one " +"organization to another." +msgstr "" + +#. type: Title === +#: modules/administration/pages/organizations.adoc:28 #, no-wrap +msgid "Configure Organizations" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/organizations.adoc:29 msgid "" -"|Report | Invoked as | Description\n" -"| Actions | [command]``actions`` | All actions.\n" -"| Activation Keys | [command]``activation-keys`` | All activation keys, and the entitlements, channels, configuration channels, system groups, and packages associated with them.\n" -"| Activation Keys: Channels | [command]``activation-keys-channels`` | All activation keys and the entities associated with each key.\n" -"| Activation Keys: Configuration | [command]``activation-keys-config`` | All activation keys and the configuration channels associated with each key.\n" -"| Activation Keys: Server Groups | [command]``activation-keys-groups`` | All activation keys and the system groups associated with each key.\n" -"| Activation Keys: Packages | [command]``activation-keys-packages`` | All activation keys and the packages each key can deploy.\n" -"| Channel Packages | [command]``channel-packages`` | All packages in a channel.\n" -"| Channel Report | [command]``channels`` | Detailed report of a given channel.\n" -"| Cloned Channel Report | [command]``cloned-channels`` | Detailed report of cloned channels.\n" -"| Configuration Files | [command]``config-files`` | All configuration file revisions for all organizations, including file contents and file information.\n" -"| Latest Configuration Files | [command]``config-files-latest`` | The most recent configuration file revisions for all organizations, including file contents and file information.\n" -"| Custom Channels | [command]``custom-channels`` | Channel metadata for all channels owned by specific organizations.\n" -"| Custom Info | [command]``custom-info`` | Client custom information.\n" -"| Patches in Channels | [command]``errata-channels`` | All patches in channels.\n" -"| Patches Details | [command]``errata-list`` | All patches that affect registered clients.\n" -"| All patches | [command]``errata-list-all`` | All patches.\n" -"| Patches for Clients | [command]``errata-systems`` | Applicable patches and any registered clients that are affected.\n" -"| Host Guests | [command]``host-guests`` | Host and guests mapping.\n" -"| Inactive Clients | [command]``inactive-systems`` | Inactive clients.\n" -"| System Inventory | [command]``inventory`` | Clients registered to the server, together with hardware and software information.\n" -"| Kickstart Scripts | [command]``kickstart-scripts`` | All kickstart scripts, with details.\n" -"| Kickstart Trees | [command]``kickstartable-trees`` | Kickstartable trees.\n" -"| All Upgradable Versions | [command]``packages-updates-all`` | All newer package versions that can be upgraded.\n" -"| Newest Upgradable Version | [command]``packages-updates-newest`` | Newest package versions that can be upgraded.\n" -"| Proxy Overview | [command]``proxies-overview`` | All proxies and the clients registered to each.\n" -"| Repositories | [command]``repositories`` | All repositories, with their associated SSL details, and any filters.\n" -"| Result of SCAP | [command]``scap-scan`` | Result of OpenSCAP ``sccdf`` evaluations.\n" -"| Result of SCAP | [command]``scap-scan-results`` | Result of OpenSCAP ``sccdf`` evaluations, in a different format.\n" -"| System Data | [command]``splice-export`` | Client data needed for splice integration.\n" -"| System Crash: Count | [command]``system-crash-count`` | The total number of client crashes.\n" -"| System Crash: Details | [command]``system-crash-details`` | Crash details for all clients.\n" -"| System Currency | [command]``system-currency`` | Number of available patches for each registered client.\n" -"| System Extra Packages | [command]``system-extra-packages`` | All packages installed on all clients that are not available from channels the client is subscribed to.\n" -"| System Groups | [command]``system-groups`` | System groups.\n" -"| Activation Keys for System Groups | [command]``system-groups-keys`` | Activation keys for system groups.\n" -"| Systems in System Groups | [command]``system-groups-systems`` | Clients in system groups.\n" -"| System Groups Users | [command]``system-groups-users`` | System groups and users that have permissions on them.\n" -"| History: System | [command]``system-history`` | Event history for each client.\n" -"| History: Channels | [command]``system-history-channels`` | Channel event history.\n" -"| History: Configuration | [command]``system-history-configuration`` | Configuration event history.\n" -"| History: Entitlements | [command]``system-history-entitlements`` | System entitlement event history.\n" -"| History: Errata | [command]``system-history-errata`` | Errata event history.\n" -"| History: Kickstart | [command]``system-history-kickstart`` | Kickstart event history.\n" -"| History: Packages | [command]``system-history-packages`` | Package event history.\n" -"| History: SCAP | [command]``system-history-scap`` | OpenSCAP event history.\n" -"| MD5 Certificates | [command]``system-md5-certificates`` | All registered clients using certificates with an MD5 checksum.\n" -"| Installed Packages | [command]``system-packages-installed`` | Packages installed on clients.\n" -"| System Profiles | [command]``system-profiles`` | All clients registered to the server, with software and system group information.\n" -"| Users | [command]``users`` | All users registered to {productname}.\n" -"| MD5 Users | [command]``users-md5`` | All users for all organizations using MD5 encrypted passwords, with their details and roles.\n" -"| Systems administered | [command]``users-systems`` | Clients that individual users can administer.\n" +"Navigate to the [guimenu]``Configuration`` tab to manage the configuration " +"of your organization. This includes the use of staged contents, setting up " +"crash reporting, and the use of SCAP files." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:88 +#: modules/administration/pages/organizations.adoc:30 msgid "" -"For more information about an individual report, run [command]``spacewalk-" -"report`` with the option [option]``--info`` or [option]``--list-fields-" -"info`` and the report name. The description and list of possible fields in " -"the report will be shown." +"For more information about content staging, see xref:administration:content-" +"staging.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:89 +#: modules/administration/pages/organizations.adoc:31 msgid "" -"For further information on program invocation and options, see the " -"[literal]``spacewalk-report(8)`` man page as well as the [option]``--" -"help``parameter of the [command]``spacewalk-report`` command." +"For more information about OpenSCAP, see xref:reference:audit/audit-openscap-" +"overview.adoc[]." msgstr "" -#. type: Title = -#: modules/administration/pages/space-management.adoc:2 +#. type: Title == +#: modules/administration/pages/organizations.adoc:32 #, no-wrap -msgid "Managing Disk Space" +msgid "Manage States" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:5 +#: modules/administration/pages/organizations.adoc:33 msgid "" -"Running out of disk space can have a severe impact on the {productname} " -"database and file structure which, in some cases, is not recoverable." +"Navigate to the [guimenu]``States`` tab to manage Salt states for all " +"clients in your organization. States allow you to define global security " +"policies, or add a common admin user to all clients." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:9 +#: modules/administration/pages/organizations.adoc:34 msgid "" -"{productname} monitors some directories for free disk space. You can modify " -"which directories are monitored, and the warnings that are created. All " -"settings are configured in the [path]``/etc/rhn/rhn.conf`` configuration " -"file." +"For more information about Salt States, see xref:salt:salt-states.adoc[]." msgstr "" -#. type: Title == -#: modules/administration/pages/space-management.adoc:12 +#. type: Title === +#: modules/administration/pages/organizations.adoc:35 #, no-wrap -msgid "Monitored Directories" +msgid "Manage Configuration Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:15 -msgid "By default, {productname} monitors these directories:" +#: modules/administration/pages/organizations.adoc:36 +msgid "" +"You can select which configuration channels should be applied across your " +"organization. Configuration channels can be created in the {productname} " +"{webui} by navigating to menu:Configuration[Channels]. Apply configuration " +"channels to your organization using the {productname} {webui}." msgstr "" -#. type: Plain text -#: modules/administration/pages/space-management.adoc:17 -msgid "[path]``/var/lib/pgsql``" +#. type: Block title +#: modules/administration/pages/organizations.adoc:37 +#, no-wrap +msgid "Procedure: Applying Configuration Channels to an Organization" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:18 -msgid "[path]``/var/spacewalk``" +#: modules/administration/pages/organizations.adoc:38 +msgid "" +"In the {productname} {webui}, navigate to menu:Home[My Organization > " +"Configuration Channels]." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:19 -msgid "[path]``/var/cache``" +#: modules/administration/pages/organizations.adoc:39 +msgid "Use the search feature to locate a channel by name." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:20 -msgid "[path]``/srv``" +#: modules/administration/pages/organizations.adoc:40 +msgid "Check the channel to be applied and click btn:[Save Changes]." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:23 +#: modules/administration/pages/organizations.adoc:41 msgid "" -"You can change which directories are monitored with the " -"[systemitem]``spacecheck_dirs`` parameter. You can specify multiple " -"directories by separating them with a space." +"This saves to the database, but does not apply the changes to the channel." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:25 -#: modules/administration/pages/space-management.adoc:40 -#: modules/administration/pages/space-management.adoc:57 -msgid "For example:" +#: modules/administration/pages/organizations.adoc:42 +msgid "Apply the changes by clicking btn:[Apply]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/space-management.adoc:28 +#. type: Plain text +#: modules/administration/pages/organizations.adoc:43 +msgid "" +"This schedules the task to apply the changes to all clients within the " +"organization." +msgstr "" + +#. type: Title = +#: modules/administration/pages/public-cloud.adoc:1 #, no-wrap -msgid "spacecheck_dirs = /var/lib/pgsql /var/spacewalk /var/cache /srv\n" +msgid "Public Cloud" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:2 +msgid "" +"Some public cloud environments provide images for {productname} Server and " +"Proxy. This section discusses what you will need for running {productname} " +"in a public cloud, and how to set up your installation." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/public-cloud.adoc:3 +msgid "" +"Public clouds provide {productname} under a Bring Your Own Subscription " +"(BYOS) model. This means that you must register them with the {scc}. For " +"more information about registering {productname} with {scc}, see xref:" +"installation:general-requirements.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:4 +msgid "" +"Depending on the public cloud network you are using, you can locate the " +"{productname} installation images by searching for the keywords " +"[package]``suse``, [package]``manager``, [package]``proxy``, or " +"[package]``BYOS``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:5 +msgid "" +"For ``SUSE Manager Server in Azure``, see xref:administration:public-cloud-" +"azure.adoc[]." msgstr "" #. type: Title == -#: modules/administration/pages/space-management.adoc:32 +#: modules/administration/pages/public-cloud.adoc:6 #, no-wrap -msgid "Thresholds" +msgid "Instance Requirements" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:36 +#: modules/administration/pages/public-cloud.adoc:7 msgid "" -"By default, {productname} will create a warning mail when a monitored " -"directory has less than 10% of total space available. A critical alert is " -"created when a monitored directory falls below 5% space available." +"Select a public cloud instance that meets the hardware requirements in xref:" +"installation:hardware-requirements.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:38 +#: modules/administration/pages/public-cloud.adoc:8 +msgid "In addition, be aware of these considerations:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:9 msgid "" -"You can change these alert thresholds with the " -"[systemitem]``spacecheck_free_alert`` and " -"[systemitem]``spacecheck_free_critical`` parameters." +"The {productname} setup procedure performs a forward-confirmed reverse DNS " +"lookup." msgstr "" -#. type: delimited block - -#: modules/administration/pages/space-management.adoc:44 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:10 msgid "" -"spacecheck_free_alert = 10\n" -"spacecheck_free_critical = 5\n" +"This must succeed in order for the setup procedure to complete successfully " +"and for {productname} to operate as expected. Therefore, it is important to " +"perform hostname and IP configuration prior to running the {productname} " +"setup procedure." msgstr "" -#. type: Title == -#: modules/administration/pages/space-management.adoc:48 -#, no-wrap -msgid "Shut Down Services" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:11 +msgid "" +"{productname} Server and Proxy instances are expected to run in a network " +"configuration that provides you control over DNS entries, but cannot access " +"the wider internet." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:51 +#: modules/administration/pages/public-cloud.adoc:12 msgid "" -"By default, {productname} will shut down the spacewalk services when the " -"critical alert threshold is reached." +"Within this network configuration DNS resolution must be provided: `hostname " +"-f` must return the fully-qualified domain name (FQDN). DNS resolution is " +"also important for connecting clients. DNS is dependent on the cloud " +"framework you choose, refer to the cloud service provider documentation for " +"detailed instructions." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:55 +#: modules/administration/pages/public-cloud.adoc:13 msgid "" -"You can change this behavior with the [systemitem]``spacecheck_shutdown`` " -"parameter. A value of ``true`` will enable the shut down feature. Any " -"other value will disable it." +"We recommend that you locate software repositories, the server database, and " +"the proxy squid cache on an external virtual disk." msgstr "" -#. type: delimited block - -#: modules/administration/pages/space-management.adoc:59 -#, no-wrap -msgid "spacecheck_shutdown = true\n" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:14 +msgid "" +"This prevents data loss if the instance is unexpectedly terminated. " +"Instructions for setting up an external virtual disk are contained in this " +"section." msgstr "" #. type: Title == -#: modules/administration/pages/space-management.adoc:62 +#: modules/administration/pages/public-cloud.adoc:15 #, no-wrap -msgid "Disable Space Checking" +msgid "Network Setup" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:66 +#: modules/administration/pages/public-cloud.adoc:16 msgid "" -"The space checking tool is enabled by default. You can disable it entirely " -"with these commands:" +"On a public cloud service, you must run {productname} within a restricted " +"network, such as VPC private subnet with an appropriate firewall setting. " +"The instance must only be able to be accessed by machines in your specified " +"IP ranges." msgstr "" -#. type: delimited block - -#: modules/administration/pages/space-management.adoc:70 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/public-cloud.adoc:17 msgid "" -"systemctl stop spacewalk-diskcheck.timer\n" -"systemctl disable spacewalk-diskcheck.timer\n" +"A world-accessible {productname} instance violates the terms of the " +"{productname} EULA, and it will not be supported by {suse}." msgstr "" -#. type: Title = -#: modules/administration/pages/ssl-certs-imported.adoc:2 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:18 +msgid "" +"To access the {productname} {webui}, allow HTTPS when you set up your " +"networking environment." +msgstr "" + +#. type: Title === +#: modules/administration/pages/public-cloud.adoc:19 #, no-wrap -msgid "Import SSL Certificates" +msgid "Set the Hostname" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:6 +#: modules/administration/pages/public-cloud.adoc:20 msgid "" -"By default, {productname} uses a self-signed certificate. For additional " -"security, you can import a custom certificate, signed by a third party " -"certificate authority (CA)." +"{productname} requires a stable and reliable hostname. Changing the " +"hostname at a later point can create errors." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:8 +#: modules/administration/pages/public-cloud.adoc:21 msgid "" -"This section covers how to use an imported SSL certificate with a new " -"{productname} installation, and how to replace existing self-signed " -"certificates with imported certificates." +"In most public cloud environments, the method shown in this section will " +"work correctly. However, you will have to perform the same modification for " +"every client." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:10 -msgid "Before you begin, ensure you have:" +#: modules/administration/pages/public-cloud.adoc:22 +msgid "" +"You might prefer to manage DNS resolution by creating a DNS entry in your " +"network environment instead." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:12 -msgid "A certificate authority (CA) SSL public certificate" +#: modules/administration/pages/public-cloud.adoc:23 +msgid "" +"You can also manage hostname resolution by editing the [path]``/etc/resolv." +"conf`` file. Depending on the order of your setup, if you start the " +"{productname} instance prior to setting up DNS services the file may not " +"contain the appropriate [systemitem]``search`` directive. Check that the " +"proper search directive exists in [path]``/etc/resolv.conf`` and add it if " +"it is missing." msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:13 -msgid "An SSL server key" +#. type: Block title +#: modules/administration/pages/public-cloud.adoc:24 +#, no-wrap +msgid "Procedure: Setting the hostname locally" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:14 -msgid "An SSL server certificate" +#: modules/administration/pages/public-cloud.adoc:25 +msgid "" +"Disable hostname setup by editing the DHCP configuration file at [path]``/" +"etc/sysconfig/network/dhcp``, and adding this line:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:16 -msgid "Your key and certificate files must be in PEM format." +#: modules/administration/pages/public-cloud.adoc:27 +msgid "Set the hostname locally with the [command]``hostnamectl`` command." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:20 +#: modules/administration/pages/public-cloud.adoc:28 msgid "" -"The host name of the SSL keys and certificates must match the fully " -"qualified host name of the machine you deploy them on. You can set the host " -"names in the ``X509v3 Subject Alternative Name`` section of the " -"certificate. You can also list multiple host names if your environment " -"requires it." +"Ensure you use the system name, not the FQDN. For example, if the FQDN is " +"[path]``system_name.example.com``, the system name is [path]``system_name``, " +"and the domain name is [path]``example.com``." msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-imported.adoc:23 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:29 #, no-wrap -msgid "Import Certificates for New Installations" +msgid "# hostnamectl set-hostname system_name\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:27 +#: modules/administration/pages/public-cloud.adoc:30 msgid "" -"By default, {productname} uses a self-signed certificate. After you have " -"completed the initial setup, you can replace the default certificate with an " -"imported certificate." -msgstr "" - -#. type: Block title -#: modules/administration/pages/ssl-certs-imported.adoc:30 -#, no-wrap -msgid "Procedure: Import Certificates on a New {productname} Server" +"Create a DNS entry in your network environment for domain name resolution, " +"or force correct resolution by editing the [path]``/etc/hosts`` file." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:33 +#: modules/administration/pages/public-cloud.adoc:31 msgid "" -"Install the {productname} Server according to the instructions in xref:" -"installation:install-intro.adoc[]." +"You can find the IP address by checking your public cloud web console, or " +"from the command line:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:34 -msgid "" -"Complete the initial setup according to xref:installation:server-setup." -"adoc[]." +#: modules/administration/pages/public-cloud.adoc:32 +msgid "Amazon EC2 instance:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:33 +#, no-wrap +msgid "# ec2metadata --local-ipv4\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:35 -msgid "" -"At the command prompt, point the SSL environment variables to the " -"certificate file locations:" +#: modules/administration/pages/public-cloud.adoc:34 +msgid "Google Compute Engine:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:40 +#: modules/administration/pages/public-cloud.adoc:35 #, no-wrap -msgid "" -"export CA_CERT=\n" -"export SERVER_KEY=\n" -"export SERVER_CERT=\n" +msgid "# gcemetadata --query instance --network-interfaces --ip\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:42 -msgid "Complete {productname} setup:" +#: modules/administration/pages/public-cloud.adoc:36 +msgid "Microsoft Azure:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:45 +#: modules/administration/pages/public-cloud.adoc:37 #, no-wrap -msgid "yast susemanager_setup\n" +msgid "# azuremetadata --internal-ip\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:49 +#: modules/administration/pages/public-cloud.adoc:38 msgid "" -"When you are prompted for certificate details during setup, fill in random " -"values. The values will be overridden by the values you specified at the " -"command prompt." +"In the following command, replace [literal]```` with IP address " +"you retrieve from the command line above:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/ssl-certs-imported.adoc:53 -msgid "" -"Execute the [command]``yast susemanager_setup`` command from the same shell " -"you exported the environment variables from." +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:39 +#, no-wrap +msgid "# echo \" suma.cloud.net suma\" >> /etc/hosts\n" msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-imported.adoc:57 +#. type: Title === +#: modules/administration/pages/public-cloud.adoc:40 #, no-wrap -msgid "Import Certificates for New Proxy Installations" +msgid "Set up DNS Resolution" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:61 +#: modules/administration/pages/public-cloud.adoc:41 msgid "" -"By default, {productname} Proxy uses a self-signed certificate. After you " -"have completed the initial setup, you can replace the default certificate " -"with an imported certificate." +"You will need to update the DNS records for the instance within the DNS " +"service of your network environment. Refer to the cloud service provider " +"documentation for detailed instructions:" msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-imported.adoc:65 -#, no-wrap -msgid "Procedure: Import Certificates on a New {productname} Proxy" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:42 +msgid "" +"http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html[DNS setup " +"on Amazon EC2]" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:68 +#: modules/administration/pages/public-cloud.adoc:43 msgid "" -"Install the {productname} Proxy according to the instructions in xref:" -"installation:install-intro.adoc[]." +"https://cloud.google.com/compute/docs/networking[DNS setup on Google Compute " +"Engine]" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:69 +#: modules/administration/pages/public-cloud.adoc:44 msgid "" -"Complete the initial setup according to xref:installation:proxy-setup.adoc[]." +"https://azure.microsoft.com/en-us/documentation/articles/dns-operations-" +"recordsets[DNS setup on Microsoft Azure]" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:70 -msgid "At the command prompt, run:" +#: modules/administration/pages/public-cloud.adoc:45 +msgid "" +"If you run a {productname} Server instance, ensure the external storage is " +"attached and prepared correctly, and that DNS resolution is set up as " +"described. Start the ``susemanager_setup`` with {yast}:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:73 +#: modules/administration/pages/public-cloud.adoc:46 #, no-wrap -msgid "configure-proxy.sh\n" +msgid "# /sbin/yast2 susemanager_setup\n" msgstr "" +#. No need to duplicate this, since it exists within the docs suite. LKB 2019-05-29 +#. Uncommenting, as it turns out some of this content is unique. Will need a more surgical look. LKB 2019-08-02 #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:75 +#: modules/administration/pages/public-cloud.adoc:47 msgid "" -"At the ``Do you want to import existing certificates?`` prompt, type kbd:[y]." +"The {productname} setup procedure in YaST is designed as a one pass process " +"with no rollback or cleanup capability. Therefore, if the setup procedure " +"is interrupted or ends with an error, it is not recommended that you repeat " +"the setup process or attempts to manually fix the configuration. These " +"methods are likely to result in a faulty {productname} installation. If you " +"experience errors during setup, start a new instance, and begin the setup " +"procedure again on a clean system." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:76 -msgid "Follow the prompts to complete setup." +#: modules/administration/pages/public-cloud.adoc:48 +msgid "" +"If you receive a message that there is not enough space available for setup, " +"ensure that your root volume is at least 20 GB and double check that the " +"instructions in <> have been completed " +"correctly." msgstr "" -#. type: delimited block = -#: modules/administration/pages/ssl-certs-imported.adoc:82 +# +# +# +# +#. REMARK check this; will it still work for sle 15? +#. Commented out per https://github.com/SUSE/spacewalk/issues/8951 LKB 2019-08-06 +#. {productname} Server for the public cloud comes with a bootstrap data module pre-installed. +#. The bootstrap module contains optimized package lists for bootstrapping instances started from {sle} images published by {suse}. +#. If you intend to register such an instance, when you create the bootstrap repository run the [command]``mgr-create-bootstrap-repo`` script using this command, to create a bootstrap repository suitable for {sle} 12 SP1 instances. +#. ---- +#. $ mgr-create-bootstrap-repo --datamodule=mgr_pubcloud_bootstrap_data -c SLE-12-SP1-x86_64 +#. ---- +#. See xref:client-configuration:creating-a-tools-repository.adoc[] for more information on bootstrapping. +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:49 msgid "" -"Use the same certificate authority to sign all server certificates for " -"servers and proxies. Certificates signed with different CAs will not match." +"Prior to registering instances started from on demand images remove the " +"following packages from the instance to be registered:" msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-imported.adoc:86 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:50 +msgid "cloud-regionsrv-client" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:51 #, no-wrap -msgid "Replace Certificates with a Third Party Certificate" +msgid "*For Amazon EC2*\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:90 -msgid "" -"You can replace active certificates on your {productname} installation with " -"a new third party certificate. To replace the certificates, you can replace " -"the installed CA certificate RPM with a new RPM containing the third party " -"certificate, and then update the database." +#: modules/administration/pages/public-cloud.adoc:52 +msgid "regionServiceClientConfigEC2" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:93 -msgid "" -"This procedure is similar to the one described in xref:administration:ssl-" -"certs-selfsigned.adoc#ssl-certs-selfsigned-create-replace[]. The difference " -"is that we import the certificates generated by an external PKI." +#: modules/administration/pages/public-cloud.adoc:53 +msgid "regionServiceCertsEC2" msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-imported.adoc:96 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:54 #, no-wrap -msgid "Procedure: Replacing Existing Certificates" +msgid "*For Google Compute Engine*\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:99 -msgid "" -"On the {productname} Server, at the command prompt, move the old certificate " -"directory to a backup location:" +#: modules/administration/pages/public-cloud.adoc:55 +msgid "cloud-regionsrv-client-plugin-gce" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:102 -#, no-wrap -msgid "mv /root/ssl-build /root/old-ssl-build\n" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:56 +msgid "regionServiceClientConfigGCE" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:105 -msgid "Generate a CA certificate RPM from the new certificate:" +#: modules/administration/pages/public-cloud.adoc:57 +msgid "regionServiceCertsGCE" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:108 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:58 #, no-wrap -msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\" --from-ca-cert=\n" +msgid "*For Microsoft Azure*\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:111 -msgid "Generate a new server certificate RPM:" +#: modules/administration/pages/public-cloud.adoc:59 +msgid "regionServiceClientConfigAzure" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:114 -#, no-wrap -msgid "rhn-ssl-tool --gen-server --rpm-only --dir=\"/root/ssl-build\" --from-server-key= --from-server-cert=\n" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:60 +msgid "regionServiceCertsAzure" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:120 +#: modules/administration/pages/public-cloud.adoc:61 msgid "" -"When you create the new server certificate RPM, you might get a warning that " -"server certificate request file could not be found. This file is not " -"required, and the procedure will complete correctly without it. However, if " -"you want to avoid the error, you can copy the file into the server " -"directory, and name it [path]``server.csr``:" +"If these packages are not removed it is possible to create interference " +"between the repositories provided by {productname} and the repositories " +"provided by the SUSE operated update infrastructure." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:123 -#, no-wrap -msgid "cp .csr /root/ssl-build//server.csr\n" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:62 +msgid "" +"Additionally remove the line from the [path]``/etc/hosts`` file that " +"contains the *susecloud.net* reference." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:128 -msgid "" -"When you have created the new [path]``ssl-build`` directory, you can create " -"combined certificate RPMs and deploy them on the clients. For the " -"procedures to do this, see xref:administration:ssl-certs-selfsigned.adoc[]." +#: modules/administration/pages/public-cloud.adoc:63 +msgid "If you run a {productname} Proxy instance" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:130 +#: modules/administration/pages/public-cloud.adoc:64 msgid "" -"If you are using a proxy, you will need to generate a server certificate RPM " -"for each proxy, using their host names and cnames." +"Launch the instance, optionally with external storage configured. If you " +"use external storage (recommended), prepare it according to <>. It is recommended but not required to prepare the storage " +"before configuring {productname} proxy, as the suma-storage script will " +"migrate any existing cached data to the external storage. After preparing " +"the instance, register the system with the parent SUSE Manager, which could " +"be a {productname} Server or another {productname} Proxy. See the xref:" +"installation:proxy-setup.adoc[] for details. When registered, configure " +"your {productname} Proxy instance with this script:" msgstr "" -#. type: Title = -#: modules/administration/pages/ssl-certs-selfsigned.adoc:2 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:65 #, no-wrap -msgid "Self-Signed SSL Certificates" +msgid "/usr/sbin/configure-proxy.sh\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:9 +#: modules/administration/pages/public-cloud.adoc:66 msgid "" -"By default, {productname} uses a self-signed certificate. In this case, the " -"certificate is created and signed by {productname}. This method does not " -"use an independent certificate authority to guarantee that the details of " -"the certificate are correct. Third party CAs perform checks to ensure that " -"the information contained in the certificate is correct. For more on third " -"party CAs, see xref:administration:ssl-certs-imported.adoc[]." +"When the script has completed, {productname} should be functional and " +"running." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:14 +#: modules/administration/pages/public-cloud.adoc:67 msgid "" -"This section covers how to re-create your self-signed certificates on an " -"existing installation. It also covers how to create new self-signed " -"certificates and authenticate your existing clients to the new certificate, " -"using an intermediate certificate. Intermediate certificates merge the " -"intermediate and root CA certificates into one file. Ensure that the " -"intermediate certificate comes first in the combined file." +"For {productname} Server, the setup process created an administrator user " +"with this user name:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:16 -msgid "" -"The host name of the SSL keys and certificates must match the fully " -"qualified host name of the machine you deploy them on." +#: modules/administration/pages/public-cloud.adoc:68 +msgid "User name: `admin`" msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-selfsigned.adoc:19 +#. type: Block title +#: modules/administration/pages/public-cloud.adoc:69 #, no-wrap -msgid "Re-Create Existing Server Certificates" +msgid "Account credentials for admin user" msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:22 +#. type: Table +#: modules/administration/pages/public-cloud.adoc:70 +#, no-wrap msgid "" -"If your existing certificates have expired or stopped working for any " -"reason, you can generate a new server certificate from the existing CA." +"|\n" +" Amazon EC2\n" +"\n" +"|\n" +" Google Compute Engine\n" +"\n" +"|\n" +" Microsoft Azure\n" +"\n" +"\n" +"|\n" +"\n" +"[replaceable]``Instance-ID``\n" +"|\n" +"\n" +"[replaceable]``Instance-ID``\n" +"|\n" +"\n" +"[replaceable]``Instance-Name``**-suma**\n" msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:23 -#, no-wrap -msgid "Procedure: Re-Creating an Existing Server Certificate" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:71 +msgid "" +"The current value for the [replaceable]``Instance-ID`` or " +"[replaceable]``Instance-Name`` in case of the Azure Cloud, can be obtained " +"from the public cloud Web console or from within a terminal session as " +"follows:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:26 -msgid "" -"On the {productname} Server, at the command prompt, regenerate the server " -"certificate:" +#: modules/administration/pages/public-cloud.adoc:72 +msgid "Obtain instance id from within Amazon EC2 instance" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:32 +#: modules/administration/pages/public-cloud.adoc:73 #, no-wrap -msgid "" -"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" -"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" -"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" -"--set-hostname=\"susemanager.example.com\" --set-cname=\"example.com\"\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:35 -#: modules/administration/pages/ssl-certs-selfsigned.adoc:92 -msgid "" -"Ensure that the [systemitem]``set-cname`` parameter is the fully-qualified " -"domain name of your {productname} Server. You can use the the " -"[systemitem]``set-cname`` parameter multiple times if you require multiple " -"aliases." +msgid "$ ec2metadata --instance-id\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:38 -msgid "" -"Install the RPM that contains the newly generated certificate. Check that " -"you have the latest version of the RPM before running this command. The " -"version number is incremented every time you re-create the certificates." +#: modules/administration/pages/public-cloud.adoc:74 +msgid "Obtain instance id from within Google Compute Engine instance" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:41 +#: modules/administration/pages/public-cloud.adoc:75 #, no-wrap -msgid "rpm -Uhv /root/ssl-build/lnx0259a/rhn-org-httpd-ssl-key-pair-lnx0259a-1.0-2.noarch.rpm\n" +msgid "$ gcemetadata --query instance --id\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:43 -#: modules/administration/pages/ssl-certs-selfsigned.adoc:180 -#: modules/administration/pages/ssl-certs-selfsigned.adoc:212 -msgid "Restart services to pick up the changes:" +#: modules/administration/pages/public-cloud.adoc:76 +msgid "Obtain instance name from within Microsoft Azure instance" msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-selfsigned.adoc:51 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:77 #, no-wrap -msgid "Create and Replace CA and Server Certificates" +msgid "$ azuremetadata --instance-name\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:57 +#: modules/administration/pages/public-cloud.adoc:78 msgid "" -"If you need to create entirely new certificates for an existing " -"installation, you need to create a combined certificate first. Clients will " -"authenticate to the certificate with both the old and new details. Then you " -"can go ahead and remove the old details. This maintains the chain of trust." +"After logging in through the {productname} Server {webui}, *change* the " +"default password." msgstr "" -#. type: delimited block = -#: modules/administration/pages/ssl-certs-selfsigned.adoc:63 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:79 msgid "" -"Be careful with this procedure! It is possible to break the trust chain " -"between the server and clients using this procedure. If that happens, you " -"will need an administrative user to log in to every client and deploy the CA " -"directly." +"{productname} Proxy does not have administration access to the {webui}. It " +"can be managed through its parent {productname} Server." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:67 +#. type: Title === +#: modules/administration/pages/public-cloud.adoc:80 #, no-wrap -msgid "Procedure: Creating New Certificates" +msgid "Using Separate Storage Volume" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:70 +#: modules/administration/pages/public-cloud.adoc:81 msgid "" -"On the {productname} Server, at the command prompt, move the old certificate " -"directory to a new location:" +"We recommend that the repositories and the database for {productname} be " +"stored on a virtual storage device. This best practice will avoid data loss " +"in cases where the {productname} instance may need to be terminated. These " +"steps *must* be performed *prior* to running the YaST {productname} setup " +"procedure." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:75 -msgid "Generate a new CA certificate and create an RPM:" +#: modules/administration/pages/public-cloud.adoc:82 +msgid "" +"Provision a disk device in the public cloud environment, refer to the cloud " +"service provider documentation for detailed instructions. The size of the " +"disk is dependent on the number of distributions and channels you intend to " +"manage with {productname}." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:81 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:83 msgid "" -"rhn-ssl-tool --gen-ca --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" -"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" -"--set-org-unit=\"ORGANIZATION UNIT\" --set-common-name=\"SUSE Manager CA Certificate\" \\\n" -"--set-email=\"name@example.com\"\n" +"For sizing information refer to https://www.suse.com/support/kb/doc.php?" +"id=7015050[SUSE Manager sizing examples]. A rule of thumb is 25 GB per " +"distribution per channel." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:83 -msgid "Generate a new server certificate and create an RPM:" +#: modules/administration/pages/public-cloud.adoc:84 +msgid "" +"Once attached the device appears as Unix device node in your instance. For " +"the following command to work this device node name is required. In many " +"cases the attached storage appears as **/dev/sdb**. In order to check which " +"disk devices exists on your system, call the following command:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:89 +#: modules/administration/pages/public-cloud.adoc:85 #, no-wrap +msgid "$ hwinfo --disk | grep -E \"Device File:\"\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:86 msgid "" -"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" -"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" -"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" -"--set-hostname=\"susemanager.example.top\" --set-cname=\"example.com\"\n" +"With the device name at hand the process of re-linking the directories in " +"the file system {productname} uses to store data is handled by the suma-" +"storage script. In the following example we use [path]``/dev/sdb`` as the " +"device name." +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:87 +#, no-wrap +msgid "$ /usr/bin/suma-storage /dev/sdb\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:94 +#: modules/administration/pages/public-cloud.adoc:88 msgid "" -"You will need to generate a server certificate RPM for each proxy, using " -"their host names and cnames." +"After the call all database and repository files used by SUSE Manager Server " +"are moved to the newly created xfs based storage. In case your instance is " +"a {productname} Proxy, the script will move the Squid cache, which caches " +"the software packages, to the newly created storage. The xfs partition is " +"mounted below the path [path]``/manager_storage``. ." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:89 +msgid "Create an entry in /etc/fstab (optional)" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:97 +#: modules/administration/pages/public-cloud.adoc:90 msgid "" -"When you have new certificates, you can create the combined RPMs to " -"authenticate the clients." -msgstr "" - -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:100 -#, no-wrap -msgid "Procedure: Create Combined Certificate RPMs" +"Different cloud frameworks treat the attachment of external storage devices " +"differently at instance boot time. Please refer to the cloud environment " +"documentation for guidance about the fstab entry." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:102 +#: modules/administration/pages/public-cloud.adoc:91 msgid "" -"Create a new CA file that combines the old and new certificate details, and " -"generate a new RPM:" +"If your cloud framework recommends to add an fstab entry, add the following " +"line to the */etc/fstab* file." msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:109 +#: modules/administration/pages/public-cloud.adoc:92 #, no-wrap -msgid "" -"mkdir /root/combined-ssl-build\n" -"cp /root/old-ssl-build/RHN-ORG-TRUSTED-SSL-CERT /root/combined-ssl-build/\n" -"cat /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT >> /root/combined-ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" -"cp /root/old-ssl-build/*.rpm /root/combined-ssl-build/\n" -"rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/combined-ssl-build\"\n" -msgstr "" - -#. I would like to split up these steps, I think. LKB 2019-09-10 -#. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:112 -msgid "Deploy the CA certificate on the server:" +msgid "/dev/sdb1 /manager_storage xfs defaults,nofail 1 1\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:116 +#. type: Title == +#: modules/administration/pages/public-cloud.adoc:93 #, no-wrap -msgid "" -"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/combined-ssl-build \\\n" -"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" +msgid "Registration of Cloned Systems" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:119 +#: modules/administration/pages/public-cloud.adoc:94 msgid "" -"When you have the combined RPMs, you can deploy the combined CA certificates " -"to your clients." +"{productname} cannot distinguish between different instances that use the " +"same system ID. If you register a second instance with the same system ID " +"as a previous instance, {productname} will overwrite the original system " +"data with the new system data. This can occur when you launch multiple " +"instances from the same image, or when an image is created from a running " +"instance. However, it is possible to clone systems and register them " +"successfully by deleting the cloned system's ID, and generating a new ID." msgstr "" #. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:122 +#: modules/administration/pages/public-cloud.adoc:95 #, no-wrap -msgid "Procedure: Deploying Combined Certificates on Traditional Clients" +msgid "Procedure: Registering Cloned Systems" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:125 -msgid "On the client, create a new custom channel using these details:" +#: modules/administration/pages/public-cloud.adoc:96 +msgid "Clone the system using your preferred hypervisor's cloning mechanism." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:127 -msgid "Name: SSL-CA-Channel" +#: modules/administration/pages/public-cloud.adoc:97 +msgid "" +"On the cloned system, change the hostname and IP addresses, and check the " +"[path]``/etc/hosts`` file to ensure you have the right host entries." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:128 -msgid "Label: ssl-ca-channel" +#: modules/administration/pages/public-cloud.adoc:98 +msgid "" +"On traditional clients, stop the [command]``rhnsd`` daemon with [command]``/" +"etc/init.d/rhnsd stop`` or, on newer systemd-based systems, with " +"[command]``service rhnsd stop``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:129 -msgid "Parent Channel: " +#: modules/administration/pages/public-cloud.adoc:99 +msgid "Then [command]``service osad stop``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:130 -msgid "Summary: SSL-CA-Channel" +#: modules/administration/pages/public-cloud.adoc:100 +msgid "For SLES 11 or {rhel} 5 or 6 clients, run these commands:" msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:133 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:101 +#: modules/administration/pages/tshoot-registerclones.adoc:13 +#, no-wrap msgid "" -"For more on creating custom channels, see xref:administration:channel-" -"management.adoc[]." +"# rm /var/lib/dbus/machine-id\n" +"# dbus-uuidgen --ensure\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:134 -msgid "Upload the CA certificate RPM to the channel:" +#: modules/administration/pages/public-cloud.adoc:102 +msgid "For SLES 12, SLES 15, or {rhel} 7 clients, run these commands:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:139 +#: modules/administration/pages/public-cloud.adoc:103 +#: modules/administration/pages/tshoot-registerclones.adoc:11 +#: modules/administration/pages/tshoot-registerclones.adoc:37 #, no-wrap msgid "" -"rhnpush -c ssl-ca-channel --nosig \\\n" -"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" -"/root/combined-ssl-build/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm\n" +"# rm /etc/machine-id\n" +"# rm /var/lib/dbus/machine-id\n" +"# dbus-uuidgen --ensure\n" +"# systemd-machine-id-setup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:141 -msgid "Subscribe all clients to the new ``SSL-CA-Channel`` channel." +#: modules/administration/pages/public-cloud.adoc:104 +msgid "If you are using Salt, then you will also need to run these commands:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:105 +#, no-wrap +msgid "" +"# service salt-minion stop\n" +"# rm -rf /var/cache/salt\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:142 -msgid "Install the CA certificate RPM on all clients by updating the channel." +#: modules/administration/pages/public-cloud.adoc:106 +msgid "If you are using a traditional client, clean up the working files with:" msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:145 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:107 +#: modules/administration/pages/tshoot-registerclones.adoc:34 #, no-wrap -msgid "Procedure: Deploying Combined Certificates on Salt Clients" +msgid "# rm -f /etc/sysconfig/rhn/{osad-auth.conf,systemid}\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:148 -msgid "In the {productname} {webui}, navigate to menu:Systems[Overview]." +#: modules/administration/pages/public-cloud.adoc:108 +msgid "" +"The bootstrap should now run with a new system ID, rather than a duplicate." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:149 +#: modules/administration/pages/public-cloud.adoc:109 msgid "" -"Check all your Salt Clients to add them to the System Set Manager (SSM)." +"If you are onboarding Salt client clones, then you will also need to check " +"if they have the same Salt minion ID. You will need to delete the minion ID " +"on each cloned client, using the [command]``rm`` command. Each operating " +"system type stores this file in a slightly different location, check the " +"table for the appropriate command." msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:150 -msgid "Navigate to menu:Systems[System Set Manager > Overview]." +#. type: Block title +#: modules/administration/pages/public-cloud.adoc:110 +#, no-wrap +msgid "Minion ID File Location" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:151 +#: modules/administration/pages/public-cloud.adoc:111 msgid "" -"In the [guimenu]``States`` field, click btn:[Apply] to apply the system " -"states." +"Each operating system stores the minion ID file in a slightly different " +"location, check the table for the appropriate command." +msgstr "" + +#. type: Table +#: modules/administration/pages/public-cloud.adoc:112 +#, no-wrap +msgid "" +"| Operating System | Commands\n" +"| SLES 15 | [command]``rm /etc/salt/minion_id``\n" +"\n" +" [command]``rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" +"| SLES 12 | [command]``rm /etc/salt/minion_id``\n" +"\n" +" [command]``rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" +"| SLES 11 | [command]``rm /etc/salt/minion_id``\n" +"\n" +" [command]``suse_register -E``\n" +"| SLES 10 | [command]``rm -rf /etc/{zmd,zypp}``\n" +"\n" +" [command]``rm -rf /var/lib/zypp/``\n" +" Do not delete [path]``/var/lib/zypp/db/products/``\n" +"\n" +" [command]``rm -rf /var/lib/zmd/``\n" +"| {rhel} 5, 6, 7 | [command]`` rm -f /etc/NCCcredentials``\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:152 +#: modules/administration/pages/public-cloud.adoc:113 msgid "" -"In the [guimenu]``Highstate`` page, click btn:[Apply Highstate] to propagate " -"the changes to the clients." +"When you have deleted the minion ID file, re-run the bootstrap script, and " +"restart the client to see the cloned system in {productname} with the new ID." +msgstr "" + +#. type: Title = +#: modules/administration/pages/repo-metadata.adoc:1 +#, no-wrap +msgid "Signing Repository Metadata" msgstr "" +#. TODO:: Explain why repository metadata should/would be signed. #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:154 +#: modules/administration/pages/repo-metadata.adoc:2 msgid "" -"When you have every client trusting both the old and new certificates, you " -"can go ahead and replace the server certificate on the {productname} Server " -"and Proxies." +"You will require a custom GPG key to be able to sign repository metadata." msgstr "" #. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:157 +#: modules/administration/pages/repo-metadata.adoc:3 #, no-wrap -msgid "Procedure: Replace Server Certificate on the Server" +msgid "Procedure: Generating a Custom GPG Key" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:160 +#: modules/administration/pages/repo-metadata.adoc:4 msgid "" -"On the {productname} Server, at the command prompt, install the RPM from the " -"[path]``ssl-build`` directory:" +"As the root user, use the [command]``gpg`` command to generate a new key:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:163 +#: modules/administration/pages/repo-metadata.adoc:5 #, no-wrap -msgid "rpm -Uhv ssl-build/susemanager/rhn-org-httpd-ssl-key-pair-susemanager-1.0-2.noarch.rpm\n" +msgid "gpg --gen-key\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:165 -msgid "Restart services to pick the changes:" +#: modules/administration/pages/repo-metadata.adoc:6 +msgid "" +"At the prompts, select [systemitem]``RSA`` as the key type, with a size of " +"2048 bits, and select an appropriate expiry date for your key." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:172 -#, no-wrap -msgid "Procedure: Replace Server Certificate on the Proxy" +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:7 +msgid "" +"Check the details for your new key, and type [systemitem]``y`` to confirm." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:175 +#: modules/administration/pages/repo-metadata.adoc:8 msgid "" -"On the {productname} Proxy, at the command prompt, install the RPM from the " -"[path]``ssl-build`` directory:" +"At the prompts, enter a name and email address to be associated with your " +"key." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:178 -#, no-wrap -msgid "rpm -Uhv ssl-build/susemanager-proxy/rhn-org-httpd-ssl-key-pair-susemanager-proxy-1.0-2.noarch.rpm\n" +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:9 +msgid "" +"You can also add a comment to help you identify the key, if desired. When " +"you are happy with the user identity, type [systemitem]``O`` to confirm." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:10 +msgid "At the prompt, enter a passphrase to protect your key." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:11 +msgid "The key should be automatically added to your keyring." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:12 +msgid "You can check by listing the keys in your keyring:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:183 +#: modules/administration/pages/repo-metadata.adoc:13 #, no-wrap -msgid "rhn-proxy restart\n" +msgid "gpg --list-keys\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:185 +#: modules/administration/pages/repo-metadata.adoc:14 msgid "" -"Test that all clients still operate as expected and can use SSL to reach the " -"{productname} Server and any proxies." +"Add the password for your keyring to the [filename]``/etc/rhn/signing.conf`` " +"configuration file, by opening the file in your text editor and adding this " +"line:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:15 +#, no-wrap +msgid "GPGPASS=\"password\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:189 +#: modules/administration/pages/repo-metadata.adoc:16 msgid "" -"When you have replaced the server certificates on your server and any " -"proxies, you need to update the certificate with only the new details on all " -"the clients. This is done by adding it to the client channels you set up " -"previously." +"You can manage metadata signing on the command line using the [command]``mgr-" +"sign-metadata-ctl`` command." msgstr "" #. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:192 +#: modules/administration/pages/repo-metadata.adoc:17 #, no-wrap -msgid "Procedure: Adding the New Certificates to the Client Channel" +msgid "Procedure: Enabling Metadata Signing" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:195 -msgid "" -"Copy the combined certificate RPM into the [path]``/root/ssl-build/`` " -"directory:" +#: modules/administration/pages/repo-metadata.adoc:18 +msgid "You will need to know the short identifier for the key to use." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:19 +msgid "You can list your available public keys in short format:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:198 +#: modules/administration/pages/repo-metadata.adoc:20 #, no-wrap -msgid "cp /root/combined-ssl-build/*.rpm /root/ssl-build/\n" +msgid "" +"gpg --keyid-format short --list-keys\n" +"...\n" +"pub rsa2048/3E7BFE0A 2019-04-02 [SC] [expires: 2021-04-01]\n" +" A43F9EC645ED838ED3014B035CFA51BF3E7BFE0A\n" +"uid [ultimate] SUSE Manager\n" +"sub rsa2048/118DE7FF 2019-04-02 [E] [expires: 2021-04-01]\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:201 +#: modules/administration/pages/repo-metadata.adoc:21 msgid "" -"Generate a new RPM with from the new certificates. Check the release number " -"carefully to ensure you have the right certificate file:" +"Enable metadata signing with the [command]``mgr-sign-metadata-ctl`` command:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:204 +#: modules/administration/pages/repo-metadata.adoc:22 #, no-wrap -msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\"\n" +msgid "" +"mgr-sign-metadata-ctl enable 3E7BFE0A\n" +"OK. Found key 3E7BFE0A in keyring.\n" +"DONE. Set key 3E7BFE0A in /etc/rhn/signing.conf.\n" +"DONE. Enabled metadata signing in /etc/rhn/rhn.conf.\n" +"DONE. Exported key 4E2C3DD8 to /srv/susemanager/salt/gpg/mgr-keyring.gpg.\n" +"DONE. Exported key 4E2C3DD8 to /srv/www/htdocs/pub/mgr-gpg-pub.key.\n" +"NOTE. For the changes to become effective run:\n" +" mgr-sign-metadata-ctl regen-metadata\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:206 -msgid "Install the new local certificates on the {productname} Server:" +#: modules/administration/pages/repo-metadata.adoc:23 +msgid "You can check that your configuration is correct with this command:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:210 +#: modules/administration/pages/repo-metadata.adoc:24 #, no-wrap -msgid "" -"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/ssl-build \\\n" -"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" +msgid "mgr-sign-metadata-ctl check-config\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:217 -msgid "Upload the new RPM into the channel:" +#: modules/administration/pages/repo-metadata.adoc:25 +msgid "" +"Restart the services and schedule metadata regeneration to pick up the " +"changes:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:222 +#: modules/administration/pages/repo-metadata.adoc:26 #, no-wrap +msgid "mgr-sign-metadata-ctl regen-metadata\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:27 msgid "" -"rhnpush -c ssl-ca-channel --nosig \\\n" -"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" -"/root/ssl-build/rhn-org-trusted-ssl-cert-1.0-3.noarch.rpm\n" +"You can also use the [command]``mgr-sign-metadata-ctl`` command to perform " +"other tasks. Use [command]``mgr-sign-metadata-ctl --help`` to see the " +"complete list." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:227 +#: modules/administration/pages/repo-metadata.adoc:28 msgid "" -"When you have the new certificate in the channel, you can use the " -"{productname} {webui} to update it on all clients and proxies, by " -"synchronizing them with the channel. Alternatively, for Salt clients, you " -"can use menu:Salt[Remote Commands], or apply the highstate." +"Repository metadata signing is a global option. When it is enabled, it is " +"enabled on all software channels on the server. This means that all clients " +"connected to the server will need to trust the new GPG key to be able to " +"install or update packages." +msgstr "" + +#. type: Block title +#: modules/administration/pages/repo-metadata.adoc:29 +#, no-wrap +msgid "Procedure: Importing GPG keys on Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:232 -msgid "" -"You will also need to update your proxies to remove the copy of the " -"certificate and the associated RPM. Your proxies must have the same " -"certificate content as the server. Check the [path]``/srv/www/htdocs/pub/`` " -"directory and ensure it contains:" +#: modules/administration/pages/repo-metadata.adoc:30 +msgid "For RPM-based client systems, use these remote commands:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:236 +#: modules/administration/pages/repo-metadata.adoc:31 #, no-wrap +msgid "rpm --import http://server.example.com/pub/mgr-gpg-pub.key\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:32 msgid "" -"RHN-ORG-TRUSTED-SSL-CERT\n" -"rhn-org-trusted-ssl-cert-*.noarch.rpm\n" +"For Ubuntu clients, you will need to reassign the channels, which will " +"automatically pick up the new GPG key." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:239 +#: modules/administration/pages/repo-metadata.adoc:33 msgid "" -"To complete the process, you need to update the database with this command:" +"You can do this through the {productname} {webui}, or from the command line " +"on the server with this command:" msgstr "" #. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:242 +#: modules/administration/pages/repo-metadata.adoc:34 #, no-wrap -msgid "/usr/bin/rhn-ssl-dbstore --ca-cert=/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" +msgid "salt state.apply channels\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:244 +#: modules/administration/pages/repo-metadata.adoc:35 msgid "" -"If you use bootstrap, remember to also update your bootstrap scripts to " -"reflect the new certificate information." +"OPTIONAL: For Salt clients, you might prefer to use a state to manage your " +"GPG keys." msgstr "" #. type: Title = -#: modules/administration/pages/ssl-certs.adoc:2 +#: modules/administration/pages/reports.adoc:1 #, no-wrap -msgid "SSL Certificates" +msgid "Generate Reports" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:5 +#: modules/administration/pages/reports.adoc:2 msgid "" -"{productname} uses SSL certificates to ensure that clients are registered to " -"the correct server." +"The [command]``spacewalk-report`` command is used to produce a variety of " +"reports. These reports can be helpful for taking inventory of your " +"subscribed systems, users, and organizations. Using reports is often " +"simpler than gathering information manually from the {susemgr} {webui}, " +"especially if you have many systems under management." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:8 +#: modules/administration/pages/reports.adoc:3 msgid "" -"Every client that uses SSL to register to the {productname} Server checks " -"that it is connecting to the right server by validating against a server " -"certificate. This process is called an SSL handshake." +"To generate reports, you must have the [package]``spacewalk-reports`` " +"package installed." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:11 +#: modules/administration/pages/reports.adoc:4 msgid "" -"During the SSL handshake, the client will check that the hostname in the " -"server certificate matches what it expects. The client also needs to check " -"if the server certificate is trusted." +"The [command]``spacewalk-report`` command allows you to organize and display " +"reports about content, systems, and user resources across {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:14 -msgid "" -"Every {productname} Server that uses SSL requires an SSL server " -"certificate. Provide the path to the server certificate using the " -"``SERVER_CERT`` environment variable during setup, or with the ``--from-" -"server-cert`` option of the [command]``rhn-ssl-tool`` command." +#: modules/administration/pages/reports.adoc:5 +msgid "You can generate reports on:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:17 -msgid "" -"Certificate authorities (CAs) are certificates that are used to sign other " -"certificates. All certificates must be signed by a certificate authority " -"(CA) in order for them to be considered valid, and for clients to be able to " -"successfully match against them." +#: modules/administration/pages/reports.adoc:6 +msgid "System Inventory: list all the systems registered to {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:23 -msgid "" -"When an organization signs its own certificate, the certificate is " -"considered self-signed. A self-signed certificate is straight-forward to " -"set up, and does not cost any money, but they are considered less secure. " -"If you are using a self-signed certificate, you will have a root CA that is " -"signed with itself. When you look at the details of a root CA, you will see " -"that the subject has the same value as the issuer. Provide the path to your " -"root CA certificate using the ``CA_CERT`` environment variable during setup, " -"or with the ``--ca-cert`` option of the [command]``rhn-ssl-tool`` command." +#: modules/administration/pages/reports.adoc:7 +msgid "Patches: list all the patches relevant to the registered systems." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:26 +#: modules/administration/pages/reports.adoc:8 msgid "" -"In order for SSL authentication to work correctly, the client must trust the " -"root CA. This means that the root CA must be installed on every client." +"You can sort patches by severity, as well as the systems that apply to a " +"particular patch." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:29 +#: modules/administration/pages/reports.adoc:9 msgid "" -"The default method of SSL authentication is for {productname} to use self-" -"signed certificates. In this case, {productname} has generated all the " -"certificates, and the root CA has signed the server certificate directly." +"Users: list all registered users and any systems associated with a " +"particular user." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:34 +#: modules/administration/pages/reports.adoc:10 msgid "" -"An alternative method is to use an intermediate CA. In this case, the root " -"CA signs the intermediate CA. The intermediate CA can then sign any number " -"of other intermediate CAs, and the final one signs the server certificate. " -"This is referred to as a chained certificate." +"To get the report in CSV format, run this command at the command prompt on " +"the server:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/reports.adoc:11 +#, no-wrap +msgid "spacewalk-report \n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:37 +#: modules/administration/pages/reports.adoc:12 +msgid "This table lists the available reports:" +msgstr "" + +#. type: Block title +#: modules/administration/pages/reports.adoc:13 +#, no-wrap +msgid "[command]``spacewalk-report`` Reports" +msgstr "" + +#. type: Table +#: modules/administration/pages/reports.adoc:14 +#, no-wrap msgid "" -"If you are using intermediate CAs in a chained certificate, the root CA is " -"installed on the client, and the server certificate is installed on the " -"server. During the SSL handshake, clients must be able to verify the entire " -"chain of intermediate certificates between the root CA and the server " -"certificate, so they must be able to access all the intermediate " -"certificates." +"|Report | Invoked as | Description\n" +"| Actions | [command]``actions`` | All actions.\n" +"| Activation Keys | [command]``activation-keys`` | All activation keys, and the entitlements, channels, configuration channels, system groups, and packages associated with them.\n" +"| Activation Keys: Channels | [command]``activation-keys-channels`` | All activation keys and the entities associated with each key.\n" +"| Activation Keys: Configuration | [command]``activation-keys-config`` | All activation keys and the configuration channels associated with each key.\n" +"| Activation Keys: Server Groups | [command]``activation-keys-groups`` | All activation keys and the system groups associated with each key.\n" +"| Activation Keys: Packages | [command]``activation-keys-packages`` | All activation keys and the packages each key can deploy.\n" +"| Channel Packages | [command]``channel-packages`` | All packages in a channel.\n" +"| Channel Report | [command]``channels`` | Detailed report of a given channel.\n" +"| Cloned Channel Report | [command]``cloned-channels`` | Detailed report of cloned channels.\n" +"| Configuration Files | [command]``config-files`` | All configuration file revisions for all organizations, including file contents and file information.\n" +"| Latest Configuration Files | [command]``config-files-latest`` | The most recent configuration file revisions for all organizations, including file contents and file information.\n" +"| Custom Channels | [command]``custom-channels`` | Channel metadata for all channels owned by specific organizations.\n" +"| Custom Info | [command]``custom-info`` | Client custom information.\n" +"| Patches in Channels | [command]``errata-channels`` | All patches in channels.\n" +"| Patches Details | [command]``errata-list`` | All patches that affect registered clients.\n" +"| All patches | [command]``errata-list-all`` | All patches.\n" +"| Patches for Clients | [command]``errata-systems`` | Applicable patches and any registered clients that are affected.\n" +"| Host Guests | [command]``host-guests`` | Host and guests mapping.\n" +"| Inactive Clients | [command]``inactive-systems`` | Inactive clients.\n" +"| System Inventory | [command]``inventory`` | Clients registered to the server, together with hardware and software information.\n" +"| Kickstart Scripts | [command]``kickstart-scripts`` | All kickstart scripts, with details.\n" +"| Kickstart Trees | [command]``kickstartable-trees`` | Kickstartable trees.\n" +"| All Upgradable Versions | [command]``packages-updates-all`` | All newer package versions that can be upgraded.\n" +"| Newest Upgradable Version | [command]``packages-updates-newest`` | Newest package versions that can be upgraded.\n" +"| Proxy Overview | [command]``proxies-overview`` | All proxies and the clients registered to each.\n" +"| Repositories | [command]``repositories`` | All repositories, with their associated SSL details, and any filters.\n" +"| Result of SCAP | [command]``scap-scan`` | Result of OpenSCAP ``sccdf`` evaluations.\n" +"| Result of SCAP | [command]``scap-scan-results`` | Result of OpenSCAP ``sccdf`` evaluations, in a different format.\n" +"| System Data | [command]``splice-export`` | Client data needed for splice integration.\n" +"| System Crash: Count | [command]``system-crash-count`` | The total number of client crashes.\n" +"| System Crash: Details | [command]``system-crash-details`` | Crash details for all clients.\n" +"| System Currency | [command]``system-currency`` | Number of available patches for each registered client.\n" +"| System Extra Packages | [command]``system-extra-packages`` | All packages installed on all clients that are not available from channels the client is subscribed to.\n" +"| System Groups | [command]``system-groups`` | System groups.\n" +"| Activation Keys for System Groups | [command]``system-groups-keys`` | Activation keys for system groups.\n" +"| Systems in System Groups | [command]``system-groups-systems`` | Clients in system groups.\n" +"| System Groups Users | [command]``system-groups-users`` | System groups and users that have permissions on them.\n" +"| History: System | [command]``system-history`` | Event history for each client.\n" +"| History: Channels | [command]``system-history-channels`` | Channel event history.\n" +"| History: Configuration | [command]``system-history-configuration`` | Configuration event history.\n" +"| History: Entitlements | [command]``system-history-entitlements`` | System entitlement event history.\n" +"| History: Errata | [command]``system-history-errata`` | Errata event history.\n" +"| History: Kickstart | [command]``system-history-kickstart`` | Kickstart event history.\n" +"| History: Packages | [command]``system-history-packages`` | Package event history.\n" +"| History: SCAP | [command]``system-history-scap`` | OpenSCAP event history.\n" +"| MD5 Certificates | [command]``system-md5-certificates`` | All registered clients using certificates with an MD5 checksum.\n" +"| Installed Packages | [command]``system-packages-installed`` | Packages installed on clients.\n" +"| System Profiles | [command]``system-profiles`` | All clients registered to the server, with software and system group information.\n" +"| Users | [command]``users`` | All users registered to {productname}.\n" +"| MD5 Users | [command]``users-md5`` | All users for all organizations using MD5 encrypted passwords, with their details and roles.\n" +"| Systems administered | [command]``users-systems`` | Clients that individual users can administer.\n" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:42 +#: modules/administration/pages/reports.adoc:15 msgid "" -"There are two main ways of achieving this. In {productname}, by default, " -"all the intermediate CAs are installed on the client. However, you could " -"also configure your services on the server to provide them to the client. " -"In this case, during the SSL handshake, the server presents the server " -"certificate as well as all the intermediate CAs." +"For more information about an individual report, run [command]``spacewalk-" +"report`` with the option [option]``--info`` or [option]``--list-fields-" +"info`` and the report name. The description and list of possible fields in " +"the report will be shown." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:46 +#: modules/administration/pages/reports.adoc:16 msgid "" -"Whichever method you choose, you must ensure that the ``CA_CERT`` " -"environment variable points to the root CA, and all intermediate CAs. It " -"should not contain the server certificate. The server certificate must be " -"defined at the ``SERVER_CERT`` environment variable." +"For further information on program invocation and options, see the " +"[literal]``spacewalk-report(8)`` man page as well as the [option]``--" +"help``parameter of the [command]``spacewalk-report`` command." +msgstr "" + +#. type: Title = +#: modules/administration/pages/ssl-certs-selfsigned.adoc:1 +#, no-wrap +msgid "Self-Signed SSL Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:53 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:2 msgid "" -"By default, {productname} uses a self-signed certificate. For additional " -"security, you can arrange a third party CA to sign your certificates. Third " -"party CAs perform checks to ensure that the information contained in the " -"certificate is correct. They will usually charge an annual fee for this " -"service. Using a third party CA makes certificates harder to spoof, and " -"will provide additional protection for your installation. If you have " -"certificates signed by a third party CA, you can import them to your " -"{productname} installation." +"By default, {productname} uses a self-signed certificate. In this case, the " +"certificate is created and signed by {productname}. This method does not " +"use an independent certificate authority to guarantee that the details of " +"the certificate are correct. Third party CAs perform checks to ensure that " +"the information contained in the certificate is correct. For more on third " +"party CAs, see xref:administration:ssl-certs-imported.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:55 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:3 msgid "" -"For more on self-signed certificates, see xref:administration:ssl-certs-" -"selfsigned.adoc[]." +"This section covers how to re-create your self-signed certificates on an " +"existing installation. It also covers how to create new self-signed " +"certificates and authenticate your existing clients to the new certificate, " +"using an intermediate certificate. Intermediate certificates merge the " +"intermediate and root CA certificates into one file. Ensure that the " +"intermediate certificate comes first in the combined file." msgstr "" -"Další informace o certifikátech podepsaných samy sebou najdete v dokumentu " -"xref:administration:ssl-certs-selfsigned.adoc[]." #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:55 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:4 msgid "" -"For more on imported certificates, see xref:administration:ssl-certs-" -"imported.adoc[]." +"The host name of the SSL keys and certificates must match the fully " +"qualified host name of the machine you deploy them on." msgstr "" -"Další informace o importovaných certifikátech najdete na stránce " -"xref:administration:ssl-certs-imported.adoc[]." -#. type: Title = -#: modules/administration/pages/subscription-matching.adoc:2 +#. type: Title == +#: modules/administration/pages/ssl-certs-selfsigned.adoc:5 #, no-wrap -msgid "Subscription Matching" +msgid "Re-Create Existing Server Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:7 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:6 msgid "" -"Your {suse} products require subscriptions, which are managed by the {scc} " -"(SCC). {productname} runs a nightly report checking the subscription status " -"of all your registered clients against your SCC account. The report gives " -"you information about which clients consume which subscriptions, how many " -"subscriptions you have remaining and available to use, and which clients do " -"not have a current subscription." +"If your existing certificates have expired or stopped working for any " +"reason, you can generate a new server certificate from the existing CA." msgstr "" -#. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:9 -msgid "Navigate to menu:Audit[Subscription Matching] to see the report." +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:7 +#, no-wrap +msgid "Procedure: Re-Creating an Existing Server Certificate" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:11 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:8 msgid "" -"The [guimenu]``Subscriptions Report`` tab gives information about current " -"and expiring subscriptions." +"On the {productname} Server, at the command prompt, regenerate the server " +"certificate:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:9 +#, no-wrap +msgid "" +"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" +"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" +"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" +"--set-hostname=\"susemanager.example.com\" --set-cname=\"example.com\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:15 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:10 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:26 msgid "" -"The [guimenu]``Unmatched Products Report`` tab gives a list of clients that " -"do not have a current subscription. This includes clients that could not be " -"matched, or that are not currently registered with {productname}. The " -"report includes product names and the number of systems that remain " -"unmatched." +"Ensure that the [systemitem]``set-cname`` parameter is the fully-qualified " +"domain name of your {productname} Server. You can use the the " +"[systemitem]``set-cname`` parameter multiple times if you require multiple " +"aliases." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:18 -msgid "" -"The [guimenu]``Pins`` tab allows you to associate individual clients to the " -"relevant subscription. This is especially useful if the subscription " -"manager is not automatically associating clients to subscriptions " -"successfully." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:11 +msgid "Install the RPM that contains the newly generated certificate." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:20 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:12 msgid "" -"The [guimenu]``Messages`` tab shows any errors that occurred during the " -"matching process." +"Check that you have the latest version of the RPM before running this " +"command. The version number is incremented every time you re-create the " +"certificates." msgstr "" -#. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:22 -msgid "" -"You can also download the reports in .csv format, or access them from that " -"command prompt in the [path]``/var/lib/spacewalk/subscription-matcher/`` " -"directory." +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:13 +#, no-wrap +msgid "rpm -Uhv /root/ssl-build/lnx0259a/rhn-org-httpd-ssl-key-pair-lnx0259a-1.0-2.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:26 -msgid "" -"By default, the subscription matcher runs daily, at midnight. To change " -"this, navigate to menu:Admin[Task Schedules] and click ``gatherer-matcher-" -"default``. Change the schedule as required, and click btn:[Update Schedule]." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:14 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:61 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:73 +msgid "Restart services to pick up the changes:" msgstr "" -#. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:30 -msgid "" -"Because the report can only match current clients with current " -"subscriptions, you might find that the matches change over time. The same " -"client will not always match the same subscription. This can be due to new " -"clients being registered or unregistered, or because of the addition or " -"expiration of subscriptions." +#. type: Title == +#: modules/administration/pages/ssl-certs-selfsigned.adoc:16 +#, no-wrap +msgid "Create and Replace CA and Server Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:34 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:17 msgid "" -"The subscription matcher will automatically attempt to reduce the number of " -"unmatched products, limited by the terms and conditions of the subscriptions " -"in your account. However, if you have incomplete hardware information, " -"unknown virtual machine host assignments, or clients running in unknown " -"public clouds, the matcher might show that you do not have enough " -"subscriptions available. Always ensure you have complete data about your " -"clients included in {productname}, to help ensure accuracy." +"If you need to create entirely new certificates for an existing " +"installation, you need to create a combined certificate first. Clients will " +"authenticate to the certificate with both the old and new details. Then you " +"can go ahead and remove the old details. This maintains the chain of trust." msgstr "" #. type: delimited block = -#: modules/administration/pages/subscription-matching.adoc:40 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:18 msgid "" -"The subscription matcher will not always match clients and subscriptions " -"accurately. It is not intended to be a replacement for auditing." +"Be careful with this procedure! It is possible to break the trust chain " +"between the server and clients using this procedure. If that happens, you " +"will need an administrative user to log in to every client and deploy the CA " +"directly." msgstr "" -#. type: Title == -#: modules/administration/pages/subscription-matching.adoc:44 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:19 #, no-wrap -msgid "Pin Clients to Subscriptions" +msgid "Procedure: Creating New Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:49 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:20 msgid "" -"If the subscription matcher is not automatically matching a particular " -"client with the correct subscription, you can manually pin them. When you " -"have created a pin, the subscription matcher favors matching a specific " -"subscription with a given system or group of systems." +"On the {productname} Server, at the command prompt, move the old certificate " +"directory to a new location:" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:53 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:22 +msgid "Generate a new CA certificate and create an RPM:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:23 +#, no-wrap msgid "" -"However, the matcher will not always respect a pin. It depends on the " -"subscription being available, and whether or not the subscription can be " -"applied to the client. Additionally, pins will be ignored if they result in " -"a match that violates the terms and conditions of the subscription, or if " -"the matcher detects a more accurate match if the pin is ignored." +"rhn-ssl-tool --gen-ca --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" +"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" +"--set-org-unit=\"ORGANIZATION UNIT\" --set-common-name=\"SUSE Manager CA Certificate\" \\\n" +"--set-email=\"name@example.com\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:55 -msgid "To add a new pin, click btn:[Add a Pin], and select the client to pin." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:24 +msgid "Generate a new server certificate and create an RPM:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/subscription-matching.adoc:60 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:25 +#, no-wrap msgid "" -"We do not recommend using pinning regularly, or for a large number of " -"clients. The subscription matcher tool is generally accurate enough for " -"most installations." +"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" +"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" +"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" +"--set-hostname=\"susemanager.example.top\" --set-cname=\"example.com\"\n" msgstr "" -#. type: Title = -#: modules/administration/pages/task-schedules.adoc:2 -#, no-wrap -msgid "Task Schedules" +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:27 +msgid "" +"You will need to generate a server certificate RPM for each proxy, using " +"their host names and cnames." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:5 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:28 msgid "" -"Under menu:Admin[Task Schedules] all predefined task bunches are listed." +"When you have new certificates, you can create the combined RPMs to " +"authenticate the clients." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/task-schedules.adoc:6 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:29 #, no-wrap -msgid "admin_task_schedules.png" +msgid "Procedure: Create Combined Certificate RPMs" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:11 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:30 msgid "" -"Click a menu:SUSE Manager Schedules[Schedule name] to open its menu:Schedule " -"Name[Basic Schedule Details] where you can disable it or change the " -"frequency. Click btn:[Edit Schedule] to update the schedule with your " -"settings. To delete a schedule, click btn:[Delete Schedule] in the upper " -"right-hand corner." +"Create a new CA file that combines the old and new certificate details, and " +"generate a new RPM:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/task-schedules.adoc:15 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:31 +#, no-wrap msgid "" -"Only disable or delete a schedule if you are absolutely certain this is " -"necessary as they are essential for {productname} to work properly." +"mkdir /root/combined-ssl-build\n" +"cp /root/old-ssl-build/RHN-ORG-TRUSTED-SSL-CERT /root/combined-ssl-build/\n" +"cat /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT >> /root/combined-ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" +"cp /root/old-ssl-build/*.rpm /root/combined-ssl-build/\n" +"rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/combined-ssl-build\"\n" msgstr "" +#. I would like to split up these steps, I think. LKB 2019-09-10 #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:19 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:32 +msgid "Deploy the CA certificate on the server:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:33 +#, no-wrap msgid "" -"If you click a bunch name, a list of runs of that bunch type and their " -"status will be displayed. Clicking the start time links takes you back to " -"the menu:Schedule Name[Basic Schedule Details]." +"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/combined-ssl-build \\\n" +"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:21 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:34 msgid "" -"For example, the following predefined task bunches are scheduled by default " -"and can be configured:" +"When you have the combined RPMs, you can deploy the combined CA certificates " +"to your clients." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:22 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:35 #, no-wrap -msgid "menu:channel-repodata-default:[]" +msgid "Procedure: Deploying Combined Certificates on Traditional Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:24 -msgid "(Re)generates repository metadata files." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:36 +msgid "On the client, create a new custom channel using these details:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:26 -#, no-wrap -msgid "menu:cleanup-data-default:[]" +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:37 +msgid "Name: SSL-CA-Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:28 -msgid "" -"Cleans up stale package change log and monitoring time series data from the " -"database." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:38 +msgid "Label: ssl-ca-channel" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:30 -#, no-wrap -msgid "menu:clear-taskologs-default:[]" +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:39 +msgid "Parent Channel: " msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:32 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:40 +msgid "Summary: SSL-CA-Channel" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:41 msgid "" -"Clears task engine (taskomatic) history data older than a specified number " -"of days, depending on the job type, from the database." +"For more on creating custom channels, see xref:administration:channel-" +"management.adoc[]." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:34 +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:42 +msgid "Upload the CA certificate RPM to the channel:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:43 #, no-wrap -msgid "menu:cobbler-sync-default:[]" +msgid "" +"rhnpush -c ssl-ca-channel --nosig \\\n" +"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" +"/root/combined-ssl-build/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:37 -msgid "" -"Synchronizes distribution and profile data from {productname} to Cobbler. " -"For more information, see xref:client-configuration:cobbler.adoc[]." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:44 +msgid "Subscribe all clients to the new ``SSL-CA-Channel`` channel." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:39 +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:45 +msgid "Install the CA certificate RPM on all clients by updating the channel." +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:46 #, no-wrap -msgid "menu:compare-configs-default:[]" +msgid "Procedure: Deploying Combined Certificates on Salt Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:44 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:47 +msgid "In the {productname} {webui}, navigate to menu:Systems[Overview]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:48 +msgid "Check all your Salt Clients to add them to the system set manager." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:49 +msgid "Navigate to menu:Systems[System Set Manager > Overview]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:50 msgid "" -"Compares configuration files as stored in configuration channels with the " -"files stored on all configuration-enabled servers. To review comparisons, " -"click menu:Systems[] tab and select the system of interest. Go to menu:" -"Configuration[Compare Files]. For more information, see xref:reference:" -"systems/system-details/sd-configuration.adoc#sd-config-compare-files[]." +"In the [guimenu]``States`` field, click btn:[Apply] to apply the system " +"states." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:46 -#, no-wrap -msgid "menu:cve-server-channels-default:[]" +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:51 +msgid "" +"In the [guimenu]``Highstate`` page, click btn:[Apply Highstate] to propagate " +"the changes to the clients." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:50 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:52 msgid "" -"Updates internal pre-computed CVE data that is used to display results on " -"the menu:Audit[CVE Audit] page. Search results in the menu:Audit[CVE Audit] " -"page are updated to the last run of this schedule). For more information, " -"see xref:reference:audit/audit-cve-audit.adoc[]." +"When you have every client trusting both the old and new certificates, you " +"can go ahead and replace the server certificate on the {productname} Server " +"and Proxies." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:52 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:53 #, no-wrap -msgid "menu:daily-status-default:[]" +msgid "Procedure: Replace Server Certificate on the Server" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:56 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:54 msgid "" -"Sends daily report e-mails to relevant addresses. To learn more about how " -"to configure notifications for specific users, see xref:reference:users/user-" -"details.adoc[]." +"On the {productname} Server, at the command prompt, install the RPM from the " +"[path]``ssl-build`` directory:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:58 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:55 #, no-wrap -msgid "menu:errata-cache-default:[]" +msgid "rpm -Uhv ssl-build/susemanager/rhn-org-httpd-ssl-key-pair-susemanager-1.0-2.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:62 -msgid "" -"Updates internal patch cache database tables, which are used to look up " -"packages that need updates for each server. Also, this sends notification " -"emails to users that might be interested in certain patches. For more " -"information about patches, see xref:reference:patches/patches-menu.adoc[]." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:56 +msgid "Restart services to pick the changes:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:64 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:58 #, no-wrap -msgid "menu:errata-queue-default:[]" +msgid "Procedure: Replace Server Certificate on the Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:66 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:59 msgid "" -"Queues automatic updates (patches) for servers that are configured to " -"receive them." +"On the {productname} Proxy, at the command prompt, install the RPM from the " +"[path]``ssl-build`` directory:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:68 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:60 #, no-wrap -msgid "menu:kickstart-cleanup-default:[]" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/task-schedules.adoc:70 -msgid "Cleans up stale kickstart session data." +msgid "rpm -Uhv ssl-build/susemanager-proxy/rhn-org-httpd-ssl-key-pair-susemanager-proxy-1.0-2.noarch.rpm\n" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:72 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:62 #, no-wrap -msgid "menu:kickstartfile-sync-default:[]" +msgid "rhn-proxy restart\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:74 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:63 msgid "" -"Generates Cobbler files corresponding to Kickstart profiles created by the " -"configuration wizard." -msgstr "" - -#. we probably no longer want to reference NCC; I do not know whether it works the same way with SCC (if at all) -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:77 -#, no-wrap -msgid "menu:mgr-register-default:[]" +"Test that all clients still operate as expected and can use SSL to reach the " +"{productname} Server and any proxies." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:79 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:64 msgid "" -"Calls the [command]``mgr-register`` command, which synchronizes client " -"registration data with NCC (new, changed or deleted clients' data are " -"forwarded)." +"When you have replaced the server certificates on your server and any " +"proxies, you need to update the certificate with only the new details on all " +"the clients. This is done by adding it to the client channels you set up " +"previously." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:81 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:65 #, no-wrap -msgid "menu:mgr-sync-refresh-default:[]" +msgid "Procedure: Adding the New Certificates to the Client Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:83 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:66 msgid "" -"The default time at which the start of synchronization with SUSE Customer " -"Center (SCC) takes place (``mgr-sync-refresh``)." +"Copy the combined certificate RPM into the [path]``/root/ssl-build/`` " +"directory:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:84 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:67 #, no-wrap -msgid "menu:minion-action-cleanup-default:[]" +msgid "cp /root/combined-ssl-build/*.rpm /root/ssl-build/\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:68 +msgid "Generate a new RPM with from the new certificates." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:89 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:69 msgid "" -"Deletes stale client action data from the file system. First it tries to " -"complete any possibly unfinished actions by looking up the corresponding " -"results; these results are stored in the Salt job cache. An unfinished " -"action can occur if the server has missed the results of the action. For " -"successfully completed actions it removes artifacts such as executed script " -"files." +"Check the release number carefully to ensure you have the right certificate " +"file:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:91 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:70 #, no-wrap -msgid "menu:package-cleanup-default:[]" +msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:93 -msgid "Deletes stale package files from the file system." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:71 +msgid "Install the new local certificates on the {productname} Server:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:94 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:72 #, no-wrap -msgid "menu:reboot-action-cleanup-default:[]" +msgid "" +"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/ssl-build \\\n" +"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:97 -msgid "" -"Any reboot actions pending for more than six hours are marked as failed and " -"associated data is cleaned up in the database. For more information on " -"scheduling reboot actions, see xref:reference:systems/system-details/sd-" -"provisioning.adoc#sd-power-management[]." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:75 +msgid "Upload the new RPM into the channel:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:99 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:76 #, no-wrap -msgid "menu:sandbox-cleanup-default:[]" +msgid "" +"rhnpush -c ssl-ca-channel --nosig \\\n" +"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" +"/root/ssl-build/rhn-org-trusted-ssl-cert-1.0-3.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:104 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:77 msgid "" -"Cleans up Sandbox configuration files and channels that are older than the " -"__sandbox_lifetime__ configuration parameter (3 days by default). Sandbox " -"files are those imported from systems or files under development. For more " -"information, see xref:reference:systems/system-details/sd-configuration." -"adoc#sd-config-add-files[]." -msgstr "" - -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:106 -#, no-wrap -msgid "menu:session-cleanup-default:[]" +"When you have the new certificate in the channel, you can use the " +"{productname} {webui} to update it on all clients and proxies, by " +"synchronizing them with the channel. Alternatively, for Salt clients, you " +"can use menu:Salt[Remote Commands], or apply the highstate." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:108 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:78 msgid "" -"Cleans up stale Web interface sessions, typically data that is temporarily " -"stored when a user logs in and then closes the browser before logging out." +"You will also need to update your proxies to remove the copy of the " +"certificate and the associated RPM. Your proxies must have the same " +"certificate content as the server. Check the [path]``/srv/www/htdocs/pub/`` " +"directory and ensure it contains:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:110 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:79 #, no-wrap -msgid "menu:ssh-push-default:[]" +msgid "" +"RHN-ORG-TRUSTED-SSL-CERT\n" +"rhn-org-trusted-ssl-cert-*.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:112 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:80 msgid "" -"Prompts clients to check in with {productname} via SSH if they are " -"configured with a `SSH Push` contact method." +"To complete the process, you need to update the database with this command:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:113 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:81 #, no-wrap -msgid "menu:token-cleanup-default:[]" +msgid "/usr/bin/rhn-ssl-dbstore --ca-cert=/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:114 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:82 msgid "" -"Deletes expired repository tokens that are used by Salt clients to download " -"packages and metadata." +"If you use bootstrap, remember to also update your bootstrap scripts to " +"reflect the new certificate information." msgstr "" #. type: Title = -#: modules/administration/pages/tshoot-corruptrepo.adoc:2 +#: modules/administration/pages/tshoot-corruptrepo.adoc:1 #, no-wrap msgid "Troubleshooting Corrupt Repositories" msgstr "" @@ -12374,7 +13431,7 @@ msgstr "" #. . Another step #. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-corruptrepo.adoc:26 +#: modules/administration/pages/tshoot-corruptrepo.adoc:2 msgid "" "The information in the repository metadata files can become corrupt or out " "of date. This can create problems with updating clients. You can fix this " @@ -12383,37 +13440,47 @@ msgid "" msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-corruptrepo.adoc:27 +#: modules/administration/pages/tshoot-corruptrepo.adoc:3 #, no-wrap msgid "Procedure: Resolving Corrupt Repository Data" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-corruptrepo.adoc:30 +#: modules/administration/pages/tshoot-corruptrepo.adoc:4 msgid "" "Remove all files from [path]``/var/cache/rhn/repodata/-" -"updates-x86_64``. If you do not know the channel label, you can find it in " -"the {productname} {webui}, by navigating to menu:Software[Channels > Channel " -"Label]." +"updates-x86_64``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-corruptrepo.adoc:5 +msgid "" +"If you do not know the channel label, you can find it in the {productname} " +"{webui}, by navigating to menu:Software[Channels > Channel Label]." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-corruptrepo.adoc:31 +#: modules/administration/pages/tshoot-corruptrepo.adoc:6 msgid "Regenerate the file from the command line:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-corruptrepo.adoc:34 +#: modules/administration/pages/tshoot-corruptrepo.adoc:7 #, no-wrap msgid "spacecmd softwarechannel_regenerateyumcache -updates-x86_64\n" msgstr "" #. type: Title = -#: modules/administration/pages/tshoot-diskspace.adoc:2 +#: modules/administration/pages/tshoot-firewalls.adoc:1 #, no-wrap -msgid "Troubleshooting Disk Space" +msgid "Troubleshooting Firewalls" msgstr "" +# +# +# +# +# # # # @@ -12429,56 +13496,67 @@ msgstr "" #. . First step #. . Another step #. . Last step +#. Cause: User firewall is set to block outgoing traffic by dropping the packet request. During sync with SCC, SUMA waits for an answer on each URL until it times out, eventually causing the entire refresh of the product list to timeout. Applies only to third party (non-SUSE) products, as sync with SCC needs to access locations other than SCC to verify if the if the download location is valid. +#. Consequence: The sync to SCC fails, and the third party products are not shown in the product list. +#. Fix: Configure the firewall to reject requests from SUMA instead of drop (preferred), or configure a firewall on the server (if no ability to change firewall settings) +#. Result: Sync to SCC will either be able to reach the URLs required, or will have request rejected so that the request fails rather than times out. #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:23 +#: modules/administration/pages/tshoot-firewalls.adoc:2 msgid "" -"Running out of disk space can have a severe impact on the {productname} " -"database and file structure which, in most cases, is not recoverable." +"If you are using a firewall that blocks outgoing traffic, it will either " +"``REJECT`` or ``DROP`` network requests. If it is set to ``DROP`` then you " +"might find that synchronizing with the {scc} times out." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:26 +#: modules/administration/pages/tshoot-firewalls.adoc:3 msgid "" -"{productname} monitors free space in specific directories, and has " -"configurable alerts. For more on space management, see xref:administration:" -"space-management.adoc[]." +"This occurs because the synchronization process needs to access third-party " +"repositories that provide packages for non-{suse} clients, and not just the " +"{scc}. When the {productname} Server attempts to reach these repositories " +"to check that they are valid, the firewall drops the requests, and the " +"synchronization continues to wait for the response until it times out." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:28 +#: modules/administration/pages/tshoot-firewalls.adoc:4 msgid "" -"You can recover disk space by removing unused custom channels and redundant " -"database entries before you run out of space entirely." +"If this occurs, you will notice that the synchronization will take a long " +"time before it fails, and that your non-{suse} products are not shown in the " +"product list." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:30 -msgid "" -"For instructions on how to delete custom channels, see xref:administration:" -"channel-management.adoc[]." +#: modules/administration/pages/tshoot-firewalls.adoc:5 +msgid "You can fix this problem in several different ways." msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-diskspace.adoc:31 -#, no-wrap -msgid "Procedure: Resolving redundant database entries" +#. type: Plain text +#: modules/administration/pages/tshoot-firewalls.adoc:6 +msgid "" +"The simplest method is to configure your firewall to allow access to the " +"URLs required by non-{suse} repositories. This allows the synchronization " +"process to reach the URLs and complete successfully." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:33 +#: modules/administration/pages/tshoot-firewalls.adoc:7 msgid "" -"Use the [command]``spacewalk-data-fsck`` command to list any redundant " -"database entries." +"If allowing external traffic is not possible, configure your firewall to " +"``REJECT`` requests from {productname} instead of ``DROP``. This rejects " +"requests to third-party URLs, so that the synchronization fails early rather " +"than times out, and the products are not shown in the list." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:33 +#: modules/administration/pages/tshoot-firewalls.adoc:8 msgid "" -"Use the [command]``spacewalk-data-fsck --remove`` command to delete them." +"If you do not have configuration access to the firewall, you can consider " +"setting up a separate firewall on the {productname} Server instead." msgstr "" #. type: Title = -#: modules/administration/pages/tshoot-hostname-rename.adoc:2 +#: modules/administration/pages/tshoot-hostname-rename.adoc:1 #, no-wrap msgid "Troubleshooting Renaming {productname} Server" msgstr "" @@ -12505,7 +13583,7 @@ msgstr "" #. Fix: Use the [command]``spacewalk-hostname-rename`` script to update the settings in the PostgreSQL database and the internal structures of {productname}. #. Result: Renaming is successfully propagated #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:33 +#: modules/administration/pages/tshoot-hostname-rename.adoc:2 msgid "" "If you change the hostname of the {productname} Server locally, your " "{productname} installation will cease to work properly. This is because the " @@ -12514,7 +13592,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:36 +#: modules/administration/pages/tshoot-hostname-rename.adoc:3 msgid "" "If you need to change the hostname of the {productname} Server, you can do " "so using the [command]``spacewalk-hostname-rename`` script. This script " @@ -12523,71 +13601,92 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:38 +#: modules/administration/pages/tshoot-hostname-rename.adoc:4 msgid "" "The [command]``spacewalk-hostname-rename`` script is part of the " "[package]``spacewalk-utils`` package." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:40 +#: modules/administration/pages/tshoot-hostname-rename.adoc:5 msgid "" "The only mandatory parameter for the script is the newly configured IP " "address of the {productname} Server." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-hostname-rename.adoc:43 +#: modules/administration/pages/tshoot-hostname-rename.adoc:6 #, no-wrap msgid "Procedure: Renaming {productname} Server" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:47 +#: modules/administration/pages/tshoot-hostname-rename.adoc:7 msgid "" "Change the network settings of the server on the system level locally and " -"remotely at the DNS server. You will also need to provide configuration " -"settings for reverse name resolution. Changing network settings is done in " -"the same way as with renaming any other system." +"remotely at the DNS server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:8 +msgid "" +"You will also need to provide configuration settings for reverse name " +"resolution. Changing network settings is done in the same way as with " +"renaming any other system." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:48 +#: modules/administration/pages/tshoot-hostname-rename.adoc:9 msgid "" "Reboot the {productname} Server to use the new network configuration and to " "ensure the hostname has changed." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:50 +#: modules/administration/pages/tshoot-hostname-rename.adoc:10 +msgid "Remove the old [package]``rhn-org-httpd-ssl-key-pair`` package:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-hostname-rename.adoc:11 +#, no-wrap +msgid "zypper rm package rhn-org-httpd-ssl-key-pair\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:12 msgid "" "Run the script [command]``spacewalk-hostname-rename`` script with the public " -"IP address of the server. If the server is not using the new hostname, the " -"script will fail." +"IP address of the server." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:51 +#: modules/administration/pages/tshoot-hostname-rename.adoc:13 +msgid "If the server is not using the new hostname, the script will fail." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:14 msgid "" "Re-configure your clients to make your environment aware of the new hostname " "and IP address." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:53 +#: modules/administration/pages/tshoot-hostname-rename.adoc:15 msgid "" "In the Salt minion configuration file [path]``/etc/salt/minion``, you must " "make sure to specify the name of the new Salt master ({productname} Server):" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-hostname-rename.adoc:56 +#: modules/administration/pages/tshoot-hostname-rename.adoc:16 #, no-wrap msgid "master: \n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:61 +#: modules/administration/pages/tshoot-hostname-rename.adoc:17 msgid "" "Traditional clients have the [path]``/etc/sysconfig/rhn/up2date`` " "configuration file that must be changed. With a re-activation key you can " @@ -12596,25 +13695,24 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:63 +#: modules/administration/pages/tshoot-hostname-rename.adoc:18 msgid "" "OPTIONAL: If you use PXE boot through a {productname} Proxy, you must check " -"the configuration settings of the proxy. On the proxy, run the " -"[command]``configure-tftpsync.sh`` setup script and enter the requested " -"information. For more information, see xref:installation:proxy-setup.adoc[]." +"the configuration settings of the proxy." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-intro.adoc:4 +#: modules/administration/pages/tshoot-hostname-rename.adoc:19 msgid "" -"This section contains some common problems you might encounter with " -"{productname}, and solutions to resolving them." +"On the proxy, run the [command]``configure-tftpsync.sh`` setup script and " +"enter the requested information. For more information, see xref:" +"installation:proxy-setup.adoc[]." msgstr "" #. type: Title = -#: modules/administration/pages/tshoot-localcert.adoc:2 +#: modules/administration/pages/tshoot-inactiveclients.adoc:1 #, no-wrap -msgid "Troubleshooting Local Issuer Certificates" +msgid "Troubleshooting Inactive clients" msgstr "" # @@ -12633,21 +13731,103 @@ msgstr "" #. . Another step #. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-localcert.adoc:25 +#: modules/administration/pages/tshoot-inactiveclients.adoc:2 msgid "" -"Some older bootstrap scripts create a link to the local certificate in the " -"wrong place. This results in zypper returning an ``Unrecognized error`` " -"about the local issuer certificate. You can ensure that the link to the " -"local issuer certificate has been created correctly by checking the [path]``/" -"etc/ssl/certs/`` directory. If you come across this problem, you should " -"consider updating your bootstrap scripts to ensure that zypper operates as " -"expected." +"A Taskomatic job periodically pings clients to ensure they are connected. " +"Clients are considered inactive if they have not responded to a Taskomatic " +"check in for 24 hours or more. To see a list of inactive clients in the " +"{webui}, navigate to menu:Systems[System List > Inactive]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:3 +msgid "Clients can become inactive for a number of reasons:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:4 +msgid "The client is not entitled to any {productname} service." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:5 +msgid "" +"If the client remains unentitled for 180 days (6 months), it is removed." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:6 +msgid "" +"On traditional clients, the [clientitem]``rhnsd`` service has been disabled." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:7 +msgid "The client is behind a firewall that does not allow HTTPS connections." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:8 +msgid "The client is behind a proxy that is misconfigured." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:9 +msgid "" +"The client is communicating with a different {productname} Server, or the " +"connection has been misconfigured." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:10 +msgid "" +"The client is not in a network that can communicate with the " +"{productname} Server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:11 +msgid "" +"A firewall is blocking traffic between the client and the {productname} " +"Server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:12 +msgid "Taskomatic is misconfigured." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:13 +msgid "" +"For more information about client connections to the server, see xref:client-" +"configuration:contact-methods-intro.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:14 +#, fuzzy +msgid "" +"For more information about configuring ports, see xref:installation:ports." +"adoc[]." +msgstr "" +"Další informace o importovaných certifikátech najdete na stránce xref:" +"administration:ssl-certs-imported.adoc[]." + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:15 +#, fuzzy +msgid "" +"For more information about troubleshooting firewalls, see xref:" +"administration:tshoot-firewalls.adoc[]." msgstr "" +"Další informace o importovaných certifikátech najdete na stránce xref:" +"administration:ssl-certs-imported.adoc[]." #. type: Title = -#: modules/administration/pages/tshoot-logintimeout.adoc:2 +#: modules/administration/pages/tshoot-registerclones.adoc:1 #, no-wrap -msgid "Troubleshooting Login Timeouts" +msgid "Troubleshooting Registering Cloned Clients" msgstr "" # @@ -12666,268 +13846,248 @@ msgstr "" #. . Another step #. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:24 +#: modules/administration/pages/tshoot-registerclones.adoc:2 +msgid "" +"If you are using {productname} to manage virtual machines, you might find it " +"useful to create clones of your VMs. A clone is a VM that uses a primary " +"disk that is an exact copy of an existing disk." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:3 msgid "" -"By default, the {productname} {webui} will require users to log in again " -"after 30{nbsp}minutes. Depending on your environment, you might want to " -"adjust the login timeout value." +"While cloning VMs can save you a lot of time, the duplicated identifying " +"information on the disk can sometimes cause problems." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:28 +#: modules/administration/pages/tshoot-registerclones.adoc:4 msgid "" -"To adjust the value, you will need to make the change in both [path]``rhn." -"conf`` and [path]``web.xml``. Ensure you set the value in seconds in " -"[path]``/etc/rhn/rhn.conf``, and in minutes in [path]``web.xml``. The two " -"values must equal the same amount of time." +"If you have a client that is already registered, you create a clone of that " +"client, and then try and register the clone, you probably want {productname} " +"to register them as two separate clients. However, if the machine ID in " +"both the original client and the clone is the same, {productname} will " +"register both clients as one system, and the existing client data will be " +"over-written with that of the clone." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:30 +#: modules/administration/pages/tshoot-registerclones.adoc:5 msgid "" -"For example, to change the timeout value to one hour, set the value in " -"[path]``rhn.conf`` to 3600 seconds, and the value in [path]``web.xml`` to 60 " -"minutes." +"This can be resolved by changing the machine ID of the clone, so that " +"{productname} recognizes them as two different clients." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/tshoot-registerclones.adoc:6 +msgid "" +"Each step of this procedure is performed on the cloned client. This " +"procedure does not manipulate the original client, which will still be " +"registered to {productname}." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-logintimeout.adoc:33 +#: modules/administration/pages/tshoot-registerclones.adoc:7 #, no-wrap -msgid "Procedure: Adjusting the {webui} Login Timeout Value" +msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Salt Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:35 -msgid "Stop services:" +#: modules/administration/pages/tshoot-registerclones.adoc:8 +#: modules/administration/pages/tshoot-registerclones.adoc:21 +msgid "On the cloned machine, change the hostname and IP addresses." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:40 +#: modules/administration/pages/tshoot-registerclones.adoc:9 +#: modules/administration/pages/tshoot-registerclones.adoc:22 msgid "" -"Open [path]``/etc/rhn/rhn.conf`` and add or edit this line to include the " -"new timeout value in seconds:" +"Make sure [path]``/etc/hosts`` contains the changes you made and the correct " +"host entries." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-logintimeout.adoc:43 -#, no-wrap -msgid "web.session_database_lifetime = \n" +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:10 +msgid "" +"For distributions that support systemd: If your machines have the same " +"machine ID, delete the file on each duplicated client and re-create it:" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:45 -#: modules/administration/pages/tshoot-logintimeout.adoc:51 -msgid "Save and close the file." +#: modules/administration/pages/tshoot-registerclones.adoc:12 +msgid "" +"For distributions that do not support systemd: Generate a machine ID from " +"dbus:" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:46 +#: modules/administration/pages/tshoot-registerclones.adoc:14 msgid "" -"Open [path]``/srv/tomcat/webapps/rhn/WEB-INF/web.xml`` and add or edit this " -"line to include the new timeout value in minutes:" +"If your clients still have the same Salt client ID, delete the " +"[path]``minion_id`` file on each client (FQDN will be used when it is " +"regenerated on client restart):" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-logintimeout.adoc:49 +#: modules/administration/pages/tshoot-registerclones.adoc:15 #, no-wrap -msgid "Timeout_Value_in_Minutes\n" +msgid "# rm /etc/salt/minion_id\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:52 -msgid "Restart services:" +#: modules/administration/pages/tshoot-registerclones.adoc:16 +msgid "" +"Delete accepted keys from the onboarding page and the system profile from " +"{productname}, and restart the client with:" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-notifications.adoc:2 +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:17 #, no-wrap -msgid "Troubleshooting Notifications" +msgid "# service salt-minion restart\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:18 +msgid "Re-register the clients." msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-notifications.adoc:26 +#: modules/administration/pages/tshoot-registerclones.adoc:19 msgid "" -"The default lifetime of notification messages is 30 days, after which " -"messages are deleted from the database, regardless of read status. To " -"change this value, add or edit this line in [path]``/etc/rhn/rhn.conf``:" +"Each client will now have a different [path]``/etc/machine-id`` and should " +"be correctly displayed on the [guimenu]``System Overview`` page." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-notifications.adoc:29 +#. type: Block title +#: modules/administration/pages/tshoot-registerclones.adoc:20 #, no-wrap -msgid "java.notifications_lifetime = 30\n" +msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Traditional Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-notifications.adoc:33 +#: modules/administration/pages/tshoot-registerclones.adoc:23 msgid "" -"All notification types are enabled by default. To disable a notification " -"type, add or edit this line in [path]``/etc/rhn/rhn.conf``:" +"Stop the [systemitem]``rhnsd`` daemon, on {rhnminrelease6} and {sle} 11 with:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-notifications.adoc:36 +#: modules/administration/pages/tshoot-registerclones.adoc:24 #, no-wrap -msgid "java.notifications_type_disabled = OnboardingFailed,ChannelSyncFailed,ChannelSyncFinished\n" +msgid "# /etc/init.d/rhnsd stop\n" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-osadjabberd.adoc:2 -#, no-wrap -msgid "Troubleshooting OSAD and jabberd" +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:25 +msgid "or, on newer systemd-based systems, with:" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step -#. type: Title == -#: modules/administration/pages/tshoot-osadjabberd.adoc:24 +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:26 #, no-wrap -msgid "Open File Count Exceeded" +msgid "# service rhnsd stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:27 -msgid "" -"In some cases, the maximum number of files that jabber can open is lower " -"than the number of connected OSAD clients." +#: modules/administration/pages/tshoot-registerclones.adoc:27 +msgid "Stop [systemitem]``osad`` with:" msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:29 -msgid "" -"If this occurs, OSAD clients cannot contact the SUSE Manager Server, and " -"jabberd will take an excessive amount of time to respond on port 5222." +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:28 +#, no-wrap +msgid "# /etc/init.d/osad stop\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/tshoot-osadjabberd.adoc:35 -msgid "" -"This fix is only required if you have more than 8192 clients connected using " -"OSAD. In this case, we recommend you consider using Salt clients instead. " -"For more information about tuning large scale installations, see xref:salt:" -"large-scale.adoc[]." +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:29 +#: modules/administration/pages/tshoot-registerclones.adoc:31 +msgid "or:" msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:39 -msgid "" -"You can increase the number of files available to jabber by editing the " -"jabberd local configuration file. By default, the file is located at " -"[path]``/etc/systemd/system/jabberd.service.d/override.conf``." +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:30 +#, no-wrap +msgid "# service osad stop\n" msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-osadjabberd.adoc:42 +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:32 #, no-wrap -msgid "Procedure: Adjusting the Maximum File Count" +msgid "# rcosad stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:45 +#: modules/administration/pages/tshoot-registerclones.adoc:33 msgid "" -"At the command prompt, as root, open the local configuration file for " -"editing:" +"Remove the [systemitem]``osad`` authentication configuration file and the " +"system ID:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-osadjabberd.adoc:48 -#, no-wrap -msgid "systemctl edit jabberd\n" +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:35 +msgid "Delete the files containing the machine IDs:" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:50 -msgid "Add or edit this section:" +#: modules/administration/pages/tshoot-registerclones.adoc:36 +msgid "SLES{nbsp}12:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:38 +msgid "SLES{nbsp}11:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-osadjabberd.adoc:54 +#: modules/administration/pages/tshoot-registerclones.adoc:39 #, no-wrap -msgid "" -"[Service]\n" -"LimitNOFILE=:\n" +msgid "# suse_register -E\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:58 -msgid "" -"The value you choose will vary depending on your environment. For example, " -"if you have 9500 clients, increase the soft value by 100 to 9600, and the " -"hard value by 1000 to 10500:" +#: modules/administration/pages/tshoot-registerclones.adoc:40 +msgid "Remove the credential files:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:41 +msgid "SLES clients:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-osadjabberd.adoc:63 +#: modules/administration/pages/tshoot-registerclones.adoc:42 #, no-wrap -msgid "" -"[Unit]\n" -"LimitNOFILE=\n" -"LimitNOFILE=9600:10500\n" +msgid "# rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:65 -msgid "Save the file and exit the editor." +#: modules/administration/pages/tshoot-registerclones.adoc:43 +msgid "{rhel} clients:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/tshoot-osadjabberd.adoc:70 -msgid "" -"The default editor for systemctl files is vim. To save the file and exit, " -"press kbd:[Esc] to enter ``normal`` mode, type kbd:[:wq] and press kbd:" -"[Enter]." +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:44 +#, no-wrap +msgid "# rm -f /etc/NCCcredentials\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:74 -msgid "" -"Ensure you also update the `max_fds` parameter in [path]``/etc/jabberd/c2s." -"xml``. For example: `10500`" +#: modules/administration/pages/tshoot-registerclones.adoc:45 +msgid "Re-run the bootstrap script." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:79 +#: modules/administration/pages/tshoot-registerclones.adoc:46 msgid "" -"The soft file limit is the maximum number of open files for a single " -"process. In {productname} the highest consuming process is ``c2s``, which " -"opens a connection per client. 100 additional files are added, here, to " -"accommodate for any non-connection file that ``c2s`` requires to work " -"correctly. The hard limit applies to all processes belonging to jabber, and " -"also accounts for open files from the router, ``c2s`` and ``sm`` processes." +"You should now see the cloned system in {productname} without overriding the " +"system it was cloned from." msgstr "" #. type: Title = -#: modules/administration/pages/tshoot-packages.adoc:2 +#: modules/administration/pages/tshoot-saltboot.adoc:1 #, no-wrap -msgid "Troubleshooting Package Inconsistencies" +msgid "Troubleshooting the Saltboot Formula" msgstr "" # @@ -12946,390 +14106,518 @@ msgstr "" #. . Another step #. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:25 +#: modules/administration/pages/tshoot-saltboot.adoc:2 msgid "" -"When packages on a client are locked, {productname} Server may not be able " -"to correctly determine the set of applicable patches. When this occurs, " -"package updates will be available in the {webui}, but will not appear on the " -"client, and attempts to update the client will fail. Check package locks " -"and exclude lists to determine if packages are locked or excluded on the " -"client." +"Because of a problem in the computed partition size value, the saltboot " +"formula can sometimes fail when it is created on SLE{nbsp}11 SP3 clients, " +"with an error like this:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-saltboot.adoc:3 +#, no-wrap +msgid "" +" ID: disk1_partitioned\n" +" Function: saltboot.partitioned\n" +" Name: disk1\n" +" Result: false\n" +" Comment: An exception occurred in this state: Traceback (most recent call last):\n" +" File \"/usr/lib/python2.6/site-packages/salt/state.py\", line 1767, in call\n" +" **cdata['kwargs'])\n" +" File \"/usr/lib/python2.6/site-packages/salt/loader.py\", line 1705, in wrapper\n" +" return f(*args, **kwargs)\n" +" File \"/var/cache/salt/minion/extmods/states/saltboot.py\", line 393, in disk_partitioned\n" +" existing = __salt__['partition.list'](device, unit='MiB')\n" +" File \"/usr/lib/python2.6/site-packages/salt/modules/parted.py\", line 177, in list_\n" +" 'Problem encountered while parsing output from parted')\n" +"CommandExecutionError: Problem encountered while parsing output from parted\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-saltboot.adoc:4 +msgid "" +"This problem can be resolved by manually configuring the size of the " +"partition containing the operating system. When the size is set correctly, " +"formula creation will work as expected." +msgstr "" + +#. type: Block title +#: modules/administration/pages/tshoot-saltboot.adoc:5 +#, no-wrap +msgid "Procedure: Manually Configuring the Partition Size in the Saltboot Formula" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-saltboot.adoc:6 +msgid "" +"In the {productname} {webui}, navigate to menu:Systems[System Groups] and " +"select the ``Hardware Type Group`` that contains the SLE{nbsp}11 SP3 client " +"that is causing the error." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:27 +#: modules/administration/pages/tshoot-saltboot.adoc:7 msgid "" -"On the client, check package locks and exclude lists to determine if " -"packages are locked or excluded:" +"In the [guimenu]``Formulas`` tab, navigate to the [guimenu]``Saltboot`` " +"subtab." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:29 +#: modules/administration/pages/tshoot-saltboot.adoc:8 msgid "" -"On an Expanded Support Platform, check [path]``/etc/yum.conf`` and search " -"for ``exclude=``." +"Locate the partition that contains the operating system, and in the " +"[guimenu]``Partition Size`` field, type the appropriate size (in MiB)." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:29 -msgid "On {sle} and {opensuse}, use the [command]``zypper locks`` command." +#: modules/administration/pages/tshoot-saltboot.adoc:9 +msgid "Click btn:[Save Formula], and apply the highstate to save your changes." msgstr "" #. type: Title = -#: modules/administration/pages/tshoot-registerclones.adoc:2 +#: modules/administration/pages/openscap.adoc:1 #, no-wrap -msgid "Troubleshooting Registering Cloned Clients" -msgstr "" - -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step -#. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:25 -msgid "" -"If you are using {productname} to manage virtual machines, you might find it " -"useful to create clones of your VMs. A clone is a VM that uses a primary " -"disk that is an exact copy of an existing disk." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:27 -msgid "" -"While cloning VMs can save you a lot of time, the duplicated identifying " -"information on the disk can sometimes cause problems." +msgid "System Security with OpenSCAP" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:30 +#: modules/administration/pages/openscap.adoc:2 msgid "" -"If you have a client that is already registered, you create a clone of that " -"client, and then try and register the clone, you probably want {productname} " -"to register them as two separate clients. However, if the machine ID in " -"both the original client and the clone is the same, {productname} will " -"register both clients as one system, and the existing client data will be " -"over-written with that of the clone." +"{productname} uses OpenSCAP to audit clients. It allows you to schedule and " +"view compliance scans for any client." msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:32 -msgid "" -"This can be resolved by changing the machine ID of the clone, so that " -"{productname} recognizes them as two different clients." +#. type: delimited block = +#: modules/administration/pages/openscap.adoc:3 +msgid "OpenSCAP auditing is not available on Salt SSH clients." msgstr "" #. type: delimited block = -#: modules/administration/pages/tshoot-registerclones.adoc:37 +#: modules/administration/pages/openscap.adoc:4 msgid "" -"Each step of this procedure is performed on the cloned client. This " -"procedure does not manipulate the original client, which will still be " -"registered to {productname}." +"Scanning clients can consume a lot of memory and compute power on the client " +"being scanned. For {redhat} clients, ensure you have at least 2{nbsp}GB of " +"RAM available on each client to be scanned." msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-registerclones.adoc:41 +#. type: Title == +#: modules/administration/pages/openscap.adoc:5 #, no-wrap -msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Salt Clients" +msgid "About SCAP" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:45 -#: modules/administration/pages/tshoot-registerclones.adoc:79 +#: modules/administration/pages/openscap.adoc:6 msgid "" -"On the cloned machine, change the hostname and IP addresses. Make sure " -"[path]``/etc/hosts`` contains the changes you made and the correct host " -"entries." +"The Security Certification and Authorization Package (SCAP) is a " +"standardized compliance checking solution for enterprise-level Linux " +"infrastructures. It is a line of specifications maintained by the National " +"Institute of Standards and Technology (NIST) for maintaining system security " +"for enterprise systems." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:46 +#: modules/administration/pages/openscap.adoc:7 msgid "" -"For distributions that support systemd: If your machines have the same " -"machine ID, delete the file on each duplicated client and re-create it:" +"SCAP was created to provide a standardized approach to maintaining system " +"security, and the standards that are used will therefore continually change " +"to meet the needs of the community and enterprise businesses. New " +"specifications are governed by NIST's SCAP Release cycle to provide a " +"consistent and repeatable revision work flow. For more information, see " +"http://scap.nist.gov/timeline.html." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:55 +#: modules/administration/pages/openscap.adoc:8 msgid "" -"For distributions that do not support systemd: Generate a machine ID from " -"dbus:" +"{productname} uses OpenSCAP to implement the SCAP specifications. OpenSCAP " +"is an auditing tool that utilizes the Extensible Configuration Checklist " +"Description Format (XCCDF). XCCDF is a standard way of expressing checklist " +"content and defines security checklists. It also combines with other " +"specifications such as Common Platform Enumeration (CPE), Common " +"Configuration Enumeration (CCE), and Open Vulnerability and Assessment " +"Language (OVAL), to create a SCAP-expressed checklist that can be processed " +"by SCAP-validated products." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:61 +#: modules/administration/pages/openscap.adoc:9 msgid "" -"If your clients still have the same Salt client ID, delete the " -"[path]``minion_id`` file on each client (FQDN will be used when it is " -"regenerated on client restart):" +"OpenSCAP verifies the presence of patches by using content produced by the " +"{suse} Security Team. OpenSCAP checks system security configuration " +"settings and examines systems for signs of compromise by using rules based " +"on standards and specifications. For more information about the {suse} " +"Security Team, see https://www.suse.com/support/security." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:64 +#. type: Title == +#: modules/administration/pages/openscap.adoc:10 #, no-wrap -msgid "# rm /etc/salt/minion_id\n" +msgid "Prepare Clients for an SCAP Scan" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:66 +#: modules/administration/pages/openscap.adoc:11 msgid "" -"Delete accepted keys from the onboarding page and the system profile from " -"{productname}, and restart the client with:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:69 -#, no-wrap -msgid "# service salt-minion restart\n" +"Before you begin, you need to prepare your client systems for SCAP scanning." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:72 +#: modules/administration/pages/openscap.adoc:12 msgid "" -"Re-register the clients. Each client will now have a different [path]``/etc/" -"machine-id`` and should be correctly displayed on the [guimenu]``System " -"Overview`` page." +"For scanning {sles} clients, install the ``openscap-content`` and ``openscap-" +"utils`` packages before you begin. Use this command to determine the " +"location of the appropriate SCAP files. Take a note of the file paths for " +"performing the scan:" msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-registerclones.adoc:75 +#. type: delimited block - +#: modules/administration/pages/openscap.adoc:13 #, no-wrap -msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Traditional Clients" +msgid "rpm -ql openscap-content\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:80 +#: modules/administration/pages/openscap.adoc:14 msgid "" -"Stop the [systemitem]``rhnsd`` daemon, on {rhnminrelease6} and {sle} 11 with:" +"For scanning {redhat} clients, install the ``scap-security-guide`` and " +"``openscap-utils`` packages before you begin. Use this command to determine " +"the location of the appropriate SCAP files. Take a note of the file paths " +"for performing the scan:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:83 +#: modules/administration/pages/openscap.adoc:15 #, no-wrap -msgid "# /etc/init.d/rhnsd stop\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:86 -msgid "or, on newer systemd-based systems, with:" +msgid "rpm -ql scap-security-guide\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:89 +#. type: Title == +#: modules/administration/pages/openscap.adoc:16 #, no-wrap -msgid "# service rhnsd stop\n" +msgid "OpenSCAP Content Files" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:91 -msgid "Stop [systemitem]``osad`` with:" +#: modules/administration/pages/openscap.adoc:17 +msgid "" +"OpenSCAP uses SCAP content files to define test rules. These content files " +"are created based on the XCCDF or OVAL standards. You can download publicly " +"available content files and customize it to your requirements. You can " +"install the ``openscap-content`` package for default content file " +"templates. Alternatively, if you are familiar with XCCDF or OVAL, you can " +"create your own content files." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:94 -#, no-wrap -msgid "# /etc/init.d/osad stop\n" +#. type: delimited block = +#: modules/administration/pages/openscap.adoc:18 +msgid "" +"We recommend you use templates to create your SCAP content files. If you " +"create and use your own custom content files, you do so at your own risk. " +"If your system becomes damaged through the use of custom content files, you " +"might not be supported by {suse}." msgstr "" +#. ke 2013-08-28: Do we have SCAP content providers? Such as: The United States Government +#. Configuration Baseline (USGCB) for RHEL5 Desktop or Community-provided content (openscap-content +#. package)? For more info, see +#. https://access.redhat.com/site/documentation/en-US/Red_Hat_Network_Satellite/5.5/html/User_Guide/chap-Red_Hat_Network_Satellite-User_Guide-OpenSCAP.html # +#. I think this question is still valid. Who should we contact? LKB 2020-02-06 #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:97 -#: modules/administration/pages/tshoot-registerclones.adoc:103 -msgid "or:" +#: modules/administration/pages/openscap.adoc:19 +msgid "" +"When you have created your content files, you need to transfer the file to " +"the client. You can do this in the same way as you move any other file, " +"using physical storage media, or across a network with [command]``ftp`` or " +"[command]``scp``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:100 -#, no-wrap -msgid "# service osad stop\n" +#. type: Plain text +#: modules/administration/pages/openscap.adoc:20 +msgid "" +"We recommend that you create a package to distribute content files to " +"clients that you are managing with {productname}. Packages can be signed " +"and verified to ensure their integrity. For more information, see xref:" +"administration:custom-channels.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:106 +#. type: Title == +#: modules/administration/pages/openscap.adoc:21 #, no-wrap -msgid "# rcosad stop\n" +msgid "Perform an Audit Scan" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:108 +#: modules/administration/pages/openscap.adoc:22 msgid "" -"Remove the [systemitem]``osad`` authentication configuration file and the " -"system ID:" +"When you have transferred your content files, you can perform audit scans. " +"Audit scans can be triggered using the {productname} {webui}. You can also " +"use the {productname} API to schedule regular scans." msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:113 -msgid "Delete the files containing the machine IDs:" +#. type: Block title +#: modules/administration/pages/openscap.adoc:23 +#, no-wrap +msgid "Procedure: Running an Audit Scan from the {webui}" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:115 -msgid "SLES{nbsp}12:" +#: modules/administration/pages/openscap.adoc:24 +msgid "" +"In the {productname} {webui}, navigate to menu:Systems[Systems List] and " +"select the client you want to scan." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:123 -msgid "SLES{nbsp}11:" +#: modules/administration/pages/openscap.adoc:25 +msgid "" +"Navigate to the [guimenu]``Audit`` tab, and the [guimenu]``Schedule`` subtab." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:126 -#, no-wrap -msgid "# suse_register -E\n" +#. type: Plain text +#: modules/administration/pages/openscap.adoc:26 +msgid "" +"In the [guimenu]``Path to XCCDF Document`` field, enter the path to the " +"XCCDF content file on the client. For example: [path]``/usr/share/openscap/" +"scap-yast2sec-xccdf.xml``" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:128 -msgid "Remove the credential files:" +#: modules/administration/pages/openscap.adoc:27 +msgid "The scan will run at the client's next scheduled synchronization." msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:129 -msgid "SLES clients:" +#. type: delimited block = +#: modules/administration/pages/openscap.adoc:28 +msgid "" +"The XCCDF content file is validated before it is run on the remote system. " +"If the content file includes invalid arguments, the test will fail." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:132 +#. type: Block title +#: modules/administration/pages/openscap.adoc:29 #, no-wrap -msgid "# rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}\n" +msgid "Procedure: Running an Audit Scan from the API" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:134 -msgid "{rhel} clients:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:137 -#, no-wrap -msgid "# rm -f /etc/NCCcredentials\n" +#: modules/administration/pages/openscap.adoc:30 +msgid "" +"Before you begin, ensure that the client to be scanned has Python and XML-" +"RPC libraries installed." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:139 +#: modules/administration/pages/openscap.adoc:31 msgid "" -"Re-run the bootstrap script. You should now see the cloned system in " -"{productname} without overriding the system it was cloned from." +"Choose an existing script or create a script for scheduling a system scan " +"through ``system.scap.scheduleXccdfScan``. For example:" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-rpctimeout.adoc:2 +#. type: delimited block - +#: modules/administration/pages/openscap.adoc:32 #, no-wrap -msgid "Troubleshooting RPC Connection Timeouts" +msgid "" +"#!/usr/bin/python\n" +"client = xmlrpclib.Server('https://spacewalk.example.com/rpc/api')\n" +"key = client.auth.login('username', 'password')\n" +"client.system.scap.scheduleXccdfScan(key, <1000010001>,\n" +" '',\n" +" '--profile ')\n" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:26 -msgid "" -"RPC connections can sometimes time out due to slow networks or a network " -"link going down. This results in package downloads or batch jobs hanging or " -"taking longer than expected. You can adjust the maximum time that an RPC " -"connection can take by editing the configuration file. While this will not " -"resolve networking problems, it will cause a process to fail rather than " -"hang." +#: modules/administration/pages/openscap.adoc:33 +msgid "In this example:" msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-rpctimeout.adoc:28 -#, no-wrap -msgid "Procedure: Resolving RPC connection timeouts" +#. type: Plain text +#: modules/administration/pages/openscap.adoc:34 +msgid "``<1000010001>`` is the system ID (sid)." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:31 +#: modules/administration/pages/openscap.adoc:35 msgid "" -"On the {productname} Server, open the [filename]``/etc/rhn/rhn.conf`` file " -"and set a maximum timeout value (in seconds):" +"```` is the path to the content file location on the " +"client. For example, [path]``/usr/local/share/scap/usgcb-sled15desktop-" +"xccdf.xml``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:34 -#, no-wrap -msgid "server.timeout =`number`\n" +#. type: Plain text +#: modules/administration/pages/openscap.adoc:36 +msgid "" +"```` is an additional argument for the [command]``oscap`` " +"command. For example, use " +"``united_states_government_configuration_baseline`` (USGCB)." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:36 -msgid "" -"On the {productname} Proxy, open the [filename]``/etc/rhn/rhn.conf`` file " -"and set a maximum timeout value (in seconds):" +#: modules/administration/pages/openscap.adoc:37 +msgid "Run the script on the client you want to scan, from the command prompt." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:39 +#. type: Title == +#: modules/administration/pages/openscap.adoc:38 #, no-wrap -msgid "proxy.timeout =`number`\n" +msgid "Scan Results" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:41 +#: modules/administration/pages/openscap.adoc:39 msgid "" -"On a {sles} client that uses zypper, open the [filename]``/etc/zypp/zypp." -"conf`` file and set a maximum timeout value (in seconds):" +"Information about the scans you have run is in the {productname} {webui}. " +"Navigate to to menu:Audit[OpenSCAP > All Scans] for a table of results. For " +"more information about the data in this table, see xref:reference:audit/" +"openscap-all-scans.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/openscap.adoc:40 +msgid "" +"To ensure that detailed information about scans is available, you need to " +"enable it on the client. In the {productname} {webui}, navigate to menu:" +"Admin[Organizations] and click on the organization the client is a part of. " +"Navigate to the [guimenu]``Configuration`` tab, and check the " +"[guimenu]``Enable Upload of Detailed SCAP Files`` option. When enabled, " +"this generates an additional HTML file on every scan, which contains extra " +"information. The results will show an extra line similar to this:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:46 +#: modules/administration/pages/openscap.adoc:41 #, no-wrap -msgid "" -"## Valid values: [0,3600]\n" -"## Default value: 180\n" -"download.transfer_timeout = 180\n" +msgid "Detailed Results: xccdf-report.html xccdf-results.xml scap-yast2sec-oval.xml.result.xml\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:48 +#: modules/administration/pages/openscap.adoc:42 msgid "" -"On a {rhel} client that uses yum, open the [filename]``/etc/yum.conf`` file " -"and set a maximum timeout value (in seconds):" +"To retrieve scan information from the command line, use the " +"[command]``spacewalk-report`` command:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:51 +#: modules/administration/pages/openscap.adoc:43 #, no-wrap -msgid "timeout =`number`\n" +msgid "" +"spacewalk-report system-history-scap\n" +"spacewalk-report scap-scan\n" +"spacewalk-report scap-scan-results\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/tshoot-rpctimeout.adoc:56 +#. type: Plain text +#: modules/administration/pages/openscap.adoc:44 msgid "" -"If you limit RPC timeouts to less than `180` seconds, you risk aborting " -"perfectly normal operations." +"You can also use the {productname} API to view results, with the ``system." +"scap`` handler." msgstr "" +#. Old content that has come across from the Reference Guide starts here. Pretty much all of this now exists in the right locations, but I'm leaving it here for posterity on the chance that there is yelling. --LKB 2020-08-05 +#. [[sm-audit-page]] +#. = Systems Audit Page +#. To display a system's audit page, click menu:Systems[system_name > Audit]. +#. Use this page to schedule and view compliance scans for a particular system. +#. Scans are performed by the OpenSCAP tool, which implements NIST's standard Security Content Automation Protocol (SCAP). +#. Before you scan a system, make sure that the SCAP content is prepared and all prerequisites in +#. xref:reference:audit/audit-openscap-overview.adoc#s1-openscap-suma-prerq[Prerequisites for Using OpenSCAP in {productname}] are met. +#. == List Scans +#. This subtab lists a summary of all scans completed on the system. +#. The following columns are displayed: +#. XCCDF Test Result:: +#. The scan test result name, which provides a link to the detailed results of the scan. +#. Completed:: +#. The exact time the scan finished. +#. Compliance:: +#. The unweighted pass/fail ratio of compliance based on the Standard used. +#. P:: +#. Number of checks that passed. +#. F:: +#. Number of checks that failed. +#. E:: +#. Number of errors that occurred during the scan. +#. U:: +#. Unknown. +#. N:: +#. Not applicable to the machine. +#. K:: +#. Not checked. +#. S:: +#. Not Selected. +#. I:: +#. Informational. +#. X:: +#. Fixed. +#. Total:: +#. Total number of checks. +#. Each entry starts with an icon indicating the results of a comparison to a previous similar scan. +#. The icons indicate the following: +#. * "RHN List Checked" Icon -- no difference between the compared scans. +#. * "RHN List Alert" Icon -- arbitrary differences between the compared scans. +#. * "RHN List Error" Icon -- major differences between the compared scans. Either there are more failures than the previous scan or less passes +#. * "RHN List Check In" Icon -- no comparable scan was found, therefore, no comparison was made. +#. To find out what has changed between two scans in more detail, select the ones you are interested in and click menu:Compare Selected Scans[] +#. . +#. To delete scans that are no longer relevant, select those and click on menu:Remove Selected Scans[] +#. . +#. Scan results can also be downloaded in CSV format. +#. == Scan Details +#. The Scan Details page contains the results of a single scan. +#. The page is divided into two sections: +#. Details of the XCCDF Scan:: +#. This section displays various details about the scan, including: +#. ** File System Path: the path to the XCCDF file used for the scan. +#. ** Command-line Arguments: any additional command-line arguments that were used. +#. ** Profile Identifier: the profile identifier used for the scan. +#. ** Profile Title: the title of the profile used for the scan. +#. ** Scan's Error output: any errors encountered during the scan. +#. XCCDF Rule Results:: +#. The rule results provide the full list of XCCDF rule identifiers, identifying tags, and the result for each of these rule checks. +#. This list can be filtered by a specific result. +#. [[sm-audit-schedule]] +#. == Schedule Audit +#. Use the Schedule New XCCDF Scan page to schedule new scans for specific machines. +#. Scans occur at the system's next scheduled check-in that occurs after the date and time specified. +#. The following fields can be configured: +#. Command-line Arguments::: +#. Optional arguments to the [command]``oscap`` command, either: +#. ** ``--profile PROFILE``: Specifies a particular profile from the XCCDF document. +#. + +#. Profiles are determined by the Profile tag in the XCCDF XML file. +#. Use the [command]``oscap`` command to see a list of profiles within a given XCCDF file, for example: +#. + +#. ---- +#. # oscap info /usr/local/share/scap/dist_sles12_scap-sles12-oval.xml +#. Document type: XCCDF Checklist +#. Checklist version: 1.1 +#. Status: draft +#. Generated: 2015-12-12 +#. Imported: 2016-02-15T22:09:33 +#. Resolved: false +#. Profiles: SLES12-Default +#. ---- +#. + +#. If not specified, the default profile is used. +#. Some early versions of OpenSCAP in require that you use the `--profile` option or the scan will fail. +#. ** ``--skip-valid``: Do not validate input and output files. You can use this option to bypass the file validation process if you do not have well-formed XCCDF content. +#. Path to XCCDF Document::: +#. This is a required field. +#. The path parameter points to the XCCDF content location on the client system. +#. For example: [path]``/usr/local/share/scap/dist_sles12_scap-sles12-oval.xml`` +#. + +#. WARNING: The XCCDF content is validated before it is run on the remote system. +#. Specifying invalid arguments can cause [command]``spacewalk-oscap`` to fail to validate or run. +#. Due to security concerns, the [command]``oscap xccdf eval`` command only accepts a limited set of parameters. +#. + +#. For information about how to schedule scans using the {webui} +#. , refer to: +#. xref:reference:audit/audit-openscap-overview.adoc#pro-os-suma-audit-scans-webui[Procedure: Scans via the Web Interface] #. type: Title = -#: modules/administration/pages/tshoot-saltboot.adoc:2 +#: modules/administration/pages/tshoot-osadjabberd.adoc:1 #, no-wrap -msgid "Troubleshooting the Saltboot Formula" +msgid "Troubleshooting OSAD and jabberd" msgstr "" -# -# -# #. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS #. Troubleshooting format: #. One sentence each: @@ -13343,318 +14631,359 @@ msgstr "" #. . Another step #. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:23 +#: modules/administration/pages/tshoot-osadjabberd.adoc:2 msgid "" -"Because of a problem in the computed partition size value, the saltboot " -"formula can sometimes fail when it is created on SLE{nbsp}11 SP3 clients, " -"with an error like this:" +"In some cases, the maximum number of files that jabber can open is lower " +"than the number of connected OSAD clients." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-saltboot.adoc:39 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/tshoot-osadjabberd.adoc:3 msgid "" -" ID: disk1_partitioned\n" -" Function: saltboot.partitioned\n" -" Name: disk1\n" -" Result: false\n" -" Comment: An exception occurred in this state: Traceback (most recent call last):\n" -" File \"/usr/lib/python2.6/site-packages/salt/state.py\", line 1767, in call\n" -" **cdata['kwargs'])\n" -" File \"/usr/lib/python2.6/site-packages/salt/loader.py\", line 1705, in wrapper\n" -" return f(*args, **kwargs)\n" -" File \"/var/cache/salt/minion/extmods/states/saltboot.py\", line 393, in disk_partitioned\n" -" existing = __salt__['partition.list'](device, unit='MiB')\n" -" File \"/usr/lib/python2.6/site-packages/salt/modules/parted.py\", line 177, in list_\n" -" 'Problem encountered while parsing output from parted')\n" -"CommandExecutionError: Problem encountered while parsing output from parted\n" +"If this occurs, OSAD clients cannot contact the SUSE Manager Server, and " +"jabberd will take an excessive amount of time to respond on port 5222." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/tshoot-osadjabberd.adoc:4 +msgid "" +"This fix is only required if you have more than 8192 clients connected using " +"OSAD. In this case, we recommend you consider using Salt clients instead. " +"For more information about tuning large scale installations, see xref:salt:" +"large-scale.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:43 +#: modules/administration/pages/tshoot-osadjabberd.adoc:5 msgid "" -"This problem can be resolved by manually configuring the size of the " -"partition containing the operating system. When the size is set correctly, " -"formula creation will work as expected." +"You can increase the number of files available to jabber by editing the " +"jabberd local configuration file. By default, the file is located at " +"[path]``/etc/systemd/system/jabberd.service.d/override.conf``." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-saltboot.adoc:45 +#: modules/administration/pages/tshoot-osadjabberd.adoc:6 #, no-wrap -msgid "Procedure: Manually Configuring the Partition Size in the Saltboot Formula" +msgid "Procedure: Adjusting the Maximum File Count" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:49 +#: modules/administration/pages/tshoot-osadjabberd.adoc:7 msgid "" -"In the {productname} {webui}, navigate to menu:Systems[System Groups] and " -"select the ``Hardware Type Group`` that contains the SLE{nbsp}11 SP3 client " -"that is causing the error. In the [guimenu]``Formulas`` tab, navigate to " -"the [guimenu]``Saltboot`` subtab." +"At the command prompt, as root, open the local configuration file for " +"editing:" msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:50 -msgid "" -"Locate the partition that contains the operating system, and in the " -"[guimenu]``Partition Size`` field, type the appropriate size (in MiB)." +#. type: delimited block - +#: modules/administration/pages/tshoot-osadjabberd.adoc:8 +#, no-wrap +msgid "systemctl edit jabberd\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:50 -msgid "Click btn:[Save Formula], and apply the highstate to save your changes." +#: modules/administration/pages/tshoot-osadjabberd.adoc:9 +msgid "Add or edit this section:" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-sync.adoc:2 +#. type: delimited block - +#: modules/administration/pages/tshoot-osadjabberd.adoc:10 #, no-wrap -msgid "Troubleshooting Package Synchronization" +msgid "" +"[Service]\n" +"LimitNOFILE=:\n" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-sync.adoc:25 +#: modules/administration/pages/tshoot-osadjabberd.adoc:11 msgid "" -"{productname} does not automatically trust third party GPG keys. If package " -"synchronization fails, it could be because of an untrusted GPG key. You can " -"find out if this is the case by opening [path]``/var/log/rhn/reposync`` and " -"looking for an error like this:" +"The value you choose will vary depending on your environment. For example, " +"if you have 9500 clients, increase the soft value by 100 to 9600, and the " +"hard value by 1000 to 10500:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-sync.adoc:31 +#: modules/administration/pages/tshoot-osadjabberd.adoc:12 #, no-wrap msgid "" -"['/usr/bin/spacewalk-repo-sync', '--channel', 'sle-12-sp1-ga-desktop-\n" -"nvidia-driver-x86_64', '--type', 'yum', '--non-interactive']\n" -"ChannelException: The GPG key for this repository is not part of the keyring.\n" -"Please run spacewalk-repo-sync in interactive mode to import it.\n" +"[Unit]\n" +"LimitNOFILE=\n" +"LimitNOFILE=9600:10500\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-sync.adoc:34 -msgid "" -"To resolve the problem, you need to import the GPG key to {productname}. " -"For more on importing GPG keys, see xref:administration:repo-metadata.adoc[]." -msgstr "" - -#. type: Title = -#: modules/administration/pages/tshoot-taskomatic.adoc:2 -#, no-wrap -msgid "Troubleshooting Taskomatic" +#: modules/administration/pages/tshoot-osadjabberd.adoc:13 +msgid "Save the file and exit the editor." msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step -#. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:23 +#. type: delimited block = +#: modules/administration/pages/tshoot-osadjabberd.adoc:14 msgid "" -"Repository metadata regeneration is a relatively intensive process, so " -"Taskomatic can take several minutes to complete. Additionally, if " -"Taskomatic crashes, repository metadata regeneration can be interrupted." +"The default editor for systemctl files is vim. To save the file and exit, " +"press kbd:[Esc] to enter ``normal`` mode, type kbd:[:wq] and press kbd:" +"[Enter]." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:26 +#: modules/administration/pages/tshoot-osadjabberd.adoc:15 msgid "" -"If Taskomatic is still running, or if the process has crashed, package " -"updates can seem available in the {webui}, but will not appear on the " -"client, and attempts to update the client will fail. In this case, the " -"[command]``zypper ref`` command will show an error like this:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:29 -#, no-wrap -msgid "Valid metadata not found at specified URL\n" +"Ensure you also update the `max_fds` parameter in [path]``/etc/jabberd/c2s." +"xml``. For example: `10500`" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:33 +#: modules/administration/pages/tshoot-osadjabberd.adoc:16 msgid "" -"To correct this, determine if Taskomatic is still in the process of " -"generating repository metadata, or if a crash could have occurred. Wait for " -"metadata regeneration to complete or restart Taskomatic after a crash in " -"order for client updates to be carried out correctly." +"The soft file limit is the maximum number of open files for a single " +"process. In {productname} the highest consuming process is ``c2s``, which " +"opens a connection per client. 100 additional files are added, here, to " +"accommodate for any non-connection file that ``c2s`` requires to work " +"correctly. The hard limit applies to all processes belonging to jabber, and " +"also accounts for open files from the router, ``c2s`` and ``sm`` processes." msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-taskomatic.adoc:36 +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +#. Delinking per https://github.com/SUSE/spacewalk/issues/9516 LKB 2019-09-23 +#. == jabberd Database Corruption +#. ``SYMPTOMS``: After _a disk is full error_ or a _disk crash event_, the [systemitem]``jabberd`` database may have become corrupted. +#. [systemitem]``jabberd`` may then fail starting Spacewalk services: +#. ---- +#. Starting spacewalk services... +#. Initializing jabberd processes... +#. Starting router done +#. Starting sm startproc: exit status of parent of /usr/bin/sm: 2 failed +#. Terminating jabberd processes... +#. ---- +#. [path]``/var/log/messages`` shows more details: +#. ---- +#. jabberd/sm[31445]: starting up +#. jabberd/sm[31445]: process id is 31445, written to /var/lib/jabberd/pid/sm.pid +#. jabberd/sm[31445]: loading 'db' storage module +#. jabberd/sm[31445]: db: corruption detected! close all jabberd processes and run db_recover +#. jabberd/router[31437]: shutting down +#. ---- +#. ``CURE``: Remove the [systemitem]``jabberd`` database and restart. +#. [systemitem]``jabberd`` will automatically re-create the database. +#. Enter at the command prompt: +#. ---- +#. spacewalk-service stop +#. rm -rf /var/lib/jabberd/db/* +#. spacewalk-service start +#. ---- +#. ke, 2019-08-08: not sure whether we want this here: +#. An alternative approach would be to test another database, but SUSE Manager does not deliver drivers for this: +#. ---- +#. rcosa-dispatcher stop +#. rcjabberd stop +#. cd /var/lib/jabberd/db +#. rm * +#. cp /usr/share/doc/packages/jabberd/db-setup.sqlite . +#. sqlite3 sqlite.db < db-setup.sqlite +#. chown jabber:jabber * +#. rcjabberd start +#. rcosa-dispatcher start +#. ---- +#. Delinking per https://github.com/SUSE/spacewalk/issues/9516 LKB 2019-09-23 +#. == Capturing XMPP Network Data for Debugging Purposes +#. If you are experiencing bugs regarding OSAD, it can be useful to dump network messages to help with debugging. +#. The following procedures provide information on capturing data from both the client and server side. +#. .Procedure: Server Side Capture +#. . Install the [package]#tcpdump# package on the server as root: +#. + +#. ---- +#. zypper in tcpdump +#. ---- +#. . Stop the OSA dispatcher and Jabber processes: +#. + +#. ---- +#. rcosa-dispatcher stop +#. rcjabberd stop +#. ---- +#. . Start data capture on port 5222: +#. + +#. ---- +#. tcpdump -s 0 port 5222 -w server_dump.pcap +#. ---- +#. . Open a second terminal and start the OSA dispatcher and Jabber processes: +#. + +#. ---- +#. rcosa-dispatcher start +#. rcjabberd start +#. ---- +#. . Operate the server and clients so the bug you formerly experienced is reproduced. +#. . When you have finished your capture re-open the first terminal and stop the data capture with kbd:[CTRL+c]. +#. .Procedure: Client Side Capture +#. . Install the tcpdump package on your client as root: +#. + +#. ---- +#. zypper in tcpdump +#. ---- +#. . Stop the OSA process: +#. + +#. ---- +#. rcosad stop +#. ---- +#. . Begin data capture on port 5222: +#. + +#. ---- +#. tcpdump -s 0 port 5222 -w client_client_dump.pcap +#. ---- +#. . Open a second terminal and start the OSA process: +#. + +#. ---- +#. rcosad start +#. ---- +#. . Operate the server and clients so the bug you formerly experienced is reproduced. +#. . When you have finished your capture re-open the first terminal and stop the data capture with kbd:[CTRL+c]. +#. type: Title = +#: modules/administration/pages/tshoot-sync.adoc:1 #, no-wrap -msgid "Procedure: Resolving Taskomatic Problems" +msgid "Troubleshooting Synchronization" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:39 +#: modules/administration/pages/tshoot-sync.adoc:2 msgid "" -"On the {productname} Server, check the [path]``/var/log/rhn/" -"rhn_taskomatic_daemon.log`` file to determine if any metadata regeneration " -"processes are still running, or if a crash occurred." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:40 -msgid "Restart taskomatic:" +"Synchronization can fail for a number of reasons. To get more information " +"about a connection problem, run this command:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:43 +#: modules/administration/pages/tshoot-sync.adoc:3 #, no-wrap -msgid "service taskomatic restart\n" +msgid "" +"export URLGRABBER_DEBUG=DEBUG\n" +"spacewalk-repo-sync -c > /var/log/spacewalk-repo-sync-$(date +%F-%R).log 2>&1\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:47 +#: modules/administration/pages/tshoot-sync.adoc:4 msgid "" -"In the Taskomatic log files, you can identify the section related to " -"metadata regeneration by looking for opening and closing lines that look " -"like this:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:50 -#, no-wrap -msgid " ,174 [Thread-584] INFO com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Generating new repository metadata for channel 'cloned-2018-q1-sles12-sp3-updates-x86_64'(sha256) 550 packages, 140 errata\n" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:52 -#, no-wrap -msgid "...\n" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:54 -#, no-wrap -msgid " ,704 [Thread-584] INFO com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Repository metadata generation for 'cloned-2018-q1-sles12-sp3-updates-x86_64' finished in 4 seconds\n" +"You can also check logs created by Zypper at [path]``/var/log/zypper.log``" msgstr "" -#. type: Title = -#: modules/administration/pages/tuning-changelogs.adoc:2 +#. type: Labeled list +#: modules/administration/pages/tshoot-sync.adoc:5 #, no-wrap -msgid "Tuning Changelogs" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:7 -msgid "" -"Some packages have a long list of changelog entries. This data is " -"downloaded by default, but it is not always useful information to keep. In " -"order to limit the amount of changelog metadata which is downloaded and to " -"save disk space, you can put a limit on how many entries to keep on disk." +msgid "GPG Key Mismatch" msgstr "" +# +# +# #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:10 +#: modules/administration/pages/tshoot-sync.adoc:6 msgid "" -"This configuration option is in the [filename]``/etc/rhn/rhn.conf`` " -"configuration file. The parameter defaults to [systemitem]``0``, which " -"means unlimited." +"{productname} does not automatically trust third party GPG keys. If package " +"synchronization fails, it could be because of an untrusted GPG key. You can " +"find out if this is the case by opening [path]``/var/log/rhn/reposync`` and " +"looking for an error like this:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tuning-changelogs.adoc:13 +#: modules/administration/pages/tshoot-sync.adoc:7 #, no-wrap -msgid "java.max_changelog_entries = 0\n" +msgid "" +"['/usr/bin/spacewalk-repo-sync', '--channel', 'sle-12-sp1-ga-desktop-\n" +"nvidia-driver-x86_64', '--type', 'yum', '--non-interactive']\n" +"RepoMDError: Cannot access repository. Maybe repository GPG keys are not imported\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:16 +#: modules/administration/pages/tshoot-sync.adoc:8 msgid "" -"If you set this parameter, it will come into effect only for new packages " -"when they are synchronized." +"To resolve the problem, you need to import the GPG key to {productname}. " +"For more on importing GPG keys, see xref:administration:repo-metadata.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:18 -msgid "" -"After changing this parameter, restart services with ``spacewalk-service " -"restart``." +#. type: Labeled list +#: modules/administration/pages/tshoot-sync.adoc:9 +#, no-wrap +msgid "Checksum Mismatch" msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:20 +#: modules/administration/pages/tshoot-sync.adoc:10 msgid "" -"You might like to delete and regenerate the cached data to remove older data." +"If a checksum has failed, you might see an error like this in the [path]``/" +"var/log/rhn/reposync/*.log`` log file:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/tuning-changelogs.adoc:26 +#. type: delimited block - +#: modules/administration/pages/tshoot-sync.adoc:11 +#, no-wrap msgid "" -"Deleting and regenerating cached data can take a long time. Depending on " -"the number of channels you have and the amount of data to be deleted, it can " -"potentially take several hours. The task is run in the background by " -"Taskomatic, so you can continue to use {productname} while the operation " -"completes, however you should expect some performance loss." +"Repo Sync Errors: (50, u'checksums did not match\n" +"326a904c2fbd7a0e20033c87fc84ebba6b24d937 vs\n" +"afd8c60d7908b2b0e2d95ad0b333920aea9892eb', 'Invalid information uploaded\n" +"to the server')\n" +"The package microcode_ctl-1.17-102.57.62.1.x86_64 which is referenced by\n" +"patch microcode_ctl-8413 was not found in the database. This patch has\n" +"been skipped.\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:29 +#: modules/administration/pages/tshoot-sync.adoc:12 msgid "" -"You can delete and request a regeneration of cached data from the command " -"line:" +"You can resolve this error by running the synchronization from the command " +"prompt with the [command]``-Y`` option:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tuning-changelogs.adoc:32 +#: modules/administration/pages/tshoot-sync.adoc:13 #, no-wrap -msgid "spacewalk-sql -i\n" +msgid "spacewalk-repo-sync --channel -Y\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:34 -msgid "Then on the SQL database prompt, enter:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tuning-changelogs.adoc:43 -#, no-wrap +#: modules/administration/pages/tshoot-sync.adoc:14 msgid "" -"DELETE FROM rhnPackageRepodata;\n" -"INSERT INTO rhnRepoRegenQueue (id, CHANNEL_LABEL, REASON, FORCE)\n" -"(SELECT sequence_nextval('rhn_repo_regen_queue_id_seq'),\n" -" C.label,\n" -" 'cached data regeneration',\n" -" 'Y'\n" -" FROM rhnChannel C);\n" -"\\q\n" +"This option verifies the repository data before the synchronization, rather " +"than relying on locally cached checksums." msgstr "" #. type: Title = -#: modules/administration/pages/users.adoc:2 +#: modules/administration/pages/users.adoc:1 #, no-wrap msgid "Users" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:6 +#: modules/administration/pages/users.adoc:2 msgid "" "{productname} Administrators can add new users, grant permissions, and " "deactivate or delete users. If you are managing a large number of users, " @@ -13662,14 +14991,14 @@ msgid "" msgstr "" #. type: delimited block = -#: modules/administration/pages/users.adoc:11 +#: modules/administration/pages/users.adoc:3 msgid "" "The [guimenu]``Users`` menu is only available if you are logged in with a " "{productname} administrator account." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:18 +#: modules/administration/pages/users.adoc:4 msgid "" "To manage {productname} users, navigate to menu:Users[User List > All] to " "see all users in your {productname} Server. Each user in the list shows the " @@ -13680,14 +15009,14 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:20 +#: modules/administration/pages/users.adoc:5 msgid "" "To add new users to your organization, click btn:[Create User], complete the " "details for the new user, and click btn:[Create Login]." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:24 +#: modules/administration/pages/users.adoc:6 msgid "" "You can deactivate or delete user accounts if they are no longer required. " "Deactivated user accounts can be reactivated at any time. Deleted user " @@ -13695,7 +15024,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:27 +#: modules/administration/pages/users.adoc:7 msgid "" "Users can deactivate their own accounts. However, if users have an " "administrator role, the role must be removed before the account can be " @@ -13703,7 +15032,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:31 +#: modules/administration/pages/users.adoc:8 msgid "" "Deactivated users cannot log in to the {productname} {webui} or schedule any " "actions. Actions scheduled by a user prior to their deactivation remain in " @@ -13712,7 +15041,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:34 +#: modules/administration/pages/users.adoc:9 msgid "" "Users can hold multiple administrator roles, and there can be more than one " "user holding any administrator role at any time. There must always be at " @@ -13720,13 +15049,13 @@ msgid "" msgstr "" #. type: Block title -#: modules/administration/pages/users.adoc:37 +#: modules/administration/pages/users.adoc:10 #, no-wrap msgid "User Administrator Role Permissions" msgstr "" #. type: Table -#: modules/administration/pages/users.adoc:48 +#: modules/administration/pages/users.adoc:11 #, no-wrap msgid "" "| Role Name | Description\n" @@ -13741,20 +15070,20 @@ msgid "" msgstr "" #. type: Title == -#: modules/administration/pages/users.adoc:52 +#: modules/administration/pages/users.adoc:12 #, no-wrap msgid "User Permissions and Systems" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:55 +#: modules/administration/pages/users.adoc:13 msgid "" "If you have created system groups to manage your clients, you can assign " "groups to users for them to manage." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:58 +#: modules/administration/pages/users.adoc:14 msgid "" "To assign a user to a system group, navigate to menu:Users[User List], click " "the username to edit, and go to the [guimenu]``System Groups`` tab. Check " @@ -13762,7 +15091,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:62 +#: modules/administration/pages/users.adoc:15 msgid "" "You can also select one or more default system groups for a user. When the " "user registers a new client, it is assigned to the chosen system group by " @@ -13772,7 +15101,7 @@ msgstr "" #. I really don't understand what this is. Need a sentence or two to explain it. --LKB 2020-04-29 #. type: Plain text -#: modules/administration/pages/users.adoc:67 +#: modules/administration/pages/users.adoc:16 msgid "" "To manage external groups, navigate to menu:Users[System Group " "Configuration], and go to the [guimenu]``External Authentication`` tab. " @@ -13781,14 +15110,14 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:69 +#: modules/administration/pages/users.adoc:17 msgid "" "For more information about system groups, see xref:reference:systems/system-" "groups.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:73 +#: modules/administration/pages/users.adoc:18 msgid "" "To see the individual clients a user can administer, navigate to menu:" "Users[User List], click the username to edit, and go to the " @@ -13797,20 +15126,20 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:75 +#: modules/administration/pages/users.adoc:19 msgid "" "For more information about the system set manager, see xref:client-" -"configuration:using-ssm.adoc[]." +"configuration:system-set-manager.adoc[]." msgstr "" #. type: Title == -#: modules/administration/pages/users.adoc:78 +#: modules/administration/pages/users.adoc:20 #, no-wrap msgid "Users and Channel Permissions" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:81 +#: modules/administration/pages/users.adoc:21 msgid "" "You can assign users to software channels within your organization either as " "a subscriber that consumes content from channels, or as an administrator, " @@ -13818,7 +15147,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:84 +#: modules/administration/pages/users.adoc:22 msgid "" "To subscribe a user to a channel, navigate to menu:Users[User List], click " "the username to edit, and go to the menu:Channel Permissions[Subscription] " @@ -13826,7 +15155,7 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:87 +#: modules/administration/pages/users.adoc:23 msgid "" "To grant a user channel management permissions, navigate to menu:Users[User " "List], click the username to edit, and go to the menu:Channel " @@ -13835,286 +15164,394 @@ msgid "" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:89 +#: modules/administration/pages/users.adoc:24 msgid "" "Some channels in the list might not be subscribable. This is usually " "because of the users administrator status, or the channels global settings." msgstr "" +#. type: Title == +#: modules/administration/pages/users.adoc:25 +#, no-wrap +msgid "User Language" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/users.adoc:26 +msgid "" +"When you create a new user, you can choose which language to use for the " +"{webui}. After a user has been created, you can change the language by " +"navigating to menu:Home[My Preferences]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/users.adoc:27 +msgid "" +"The default language is set in the ``rhn.conf`` configuration file. To " +"change the default language, open the [path]``/etc/rhn/rhn.conf`` file and " +"add or edit this line:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/users.adoc:28 +#, no-wrap +msgid "web.locale = \n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/users.adoc:29 +msgid "If the parameter is not set, the default language is ``en_US``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/users.adoc:30 +msgid "These languages are available in {productname}:" +msgstr "" + +#. type: Block title +#: modules/administration/pages/users.adoc:31 +#: modules/administration/pages/users.adoc:33 +#, no-wrap +msgid "Available Language Codes" +msgstr "" + +#. type: Table +#: modules/administration/pages/users.adoc:32 +#, no-wrap +msgid "" +"| Language code | Language | Dialect\n" +"| ``en_US`` | English | United States\n" +"| ``zh_CN`` | Chinese | Mainland, Simplified\n" +msgstr "" + +#. type: Table +#: modules/administration/pages/users.adoc:34 +#, no-wrap +msgid "" +"| Language code | Language | Dialect\n" +"| ``bn_IN`` | Bangla | India\n" +"| ``ca`` | Catalan |\n" +"| ``de`` | German |\n" +"| ``en_US`` | English | United States\n" +"| ``es`` | Spanish |\n" +"| ``fr`` | French |\n" +"| ``gu`` | Gujarati |\n" +"| ``hi`` | Hindi |\n" +"| ``it`` | Italian |\n" +"| ``ja`` | Japanese |\n" +"| ``ko`` | Korean |\n" +"| ``pa`` | Punjabi |\n" +"| ``pt`` | Portuguese |\n" +"| ``pt_BR`` | Portuguese | Brazil\n" +"| ``ru`` | Russian |\n" +"| ``ta`` | Tamil |\n" +"| ``zh_CN`` | Chinese | Mainland, Simplified\n" +"| ``zh_TW`` | Chinese | Taiwan, Traditional\n" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/users.adoc:35 +msgid "" +"Translations in {uyuni} are provided by the community, and could be " +"incorrect or incomplete. Where a translation is not available, the {webui} " +"will default to English (``en_US``)." +msgstr "" + #. type: Title = -#: modules/administration/nav-administration-guide.adoc:4 +#: modules/administration/nav-administration-guide.adoc:1 #, no-wrap msgid "Administration Guide: {productname} {productnumber}" msgstr "" #. Image Management #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:11 +#: modules/administration/nav-administration-guide.adoc:2 msgid "xref:admin-overview.adoc[Administration Guide Overview]" msgstr "" #. Channel Management #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:13 +#: modules/administration/nav-administration-guide.adoc:3 msgid "xref:image-management.adoc[Image Management]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:14 +#: modules/administration/nav-administration-guide.adoc:4 msgid "xref:channel-management.adoc[Channel Management]" msgstr "" #. Subscription Matching #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:16 +#: modules/administration/nav-administration-guide.adoc:5 msgid "xref:custom-channels.adoc[Custom Channels]" msgstr "" #. Live Patching #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:18 +#: modules/administration/nav-administration-guide.adoc:6 msgid "xref:subscription-matching.adoc[Subscription Matching]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:19 +#: modules/administration/nav-administration-guide.adoc:7 msgid "xref:live-patching.adoc[Live Patching]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:20 +#: modules/administration/nav-administration-guide.adoc:8 msgid "xref:live-patching-channel-setup.adoc[Channel Setup for Live Patching]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:21 +#: modules/administration/nav-administration-guide.adoc:9 msgid "xref:live-patching-sles15.adoc[Live Patching on SLES 15]" msgstr "" #. Monitoring #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:23 +#: modules/administration/nav-administration-guide.adoc:10 msgid "xref:live-patching-sles12.adoc[Live Patching on SLES 12]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:24 +#: modules/administration/nav-administration-guide.adoc:11 msgid "xref:monitoring.adoc[Monitoring]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:25 +#: modules/administration/nav-administration-guide.adoc:12 msgid "xref:organizations.adoc[Organizations]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:26 +#: modules/administration/nav-administration-guide.adoc:13 msgid "xref:content-staging.adoc[Content Staging]" msgstr "" #. Content Lifecycle #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:28 +#: modules/administration/nav-administration-guide.adoc:14 msgid "xref:disconnected-setup.adoc[Disconnected Setup]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:29 +#: modules/administration/nav-administration-guide.adoc:15 msgid "xref:content-lifecycle.adoc[Content Lifecycle Management]" msgstr "" #. Authentication Methods #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:31 +#: modules/administration/nav-administration-guide.adoc:16 msgid "" "xref:content-lifecycle-examples.adoc[Content Lifecycle Management Examples]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:32 +#: modules/administration/nav-administration-guide.adoc:17 msgid "xref:auth-methods.adoc[Authentication Methods]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:33 +#: modules/administration/nav-administration-guide.adoc:18 msgid "xref:auth-methods-sso.adoc[Authentication With SSO]" msgstr "" #. SSL Certificates #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:35 +#: modules/administration/nav-administration-guide.adoc:19 msgid "xref:auth-methods-pam.adoc[Authentication With PAM]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:36 +#: modules/administration/nav-administration-guide.adoc:20 msgid "xref:ssl-certs.adoc[SSL Certificates]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:37 +#: modules/administration/nav-administration-guide.adoc:21 msgid "xref:ssl-certs-selfsigned.adoc[Self-Signed SSL Certificates]" msgstr "" #. ISS #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:39 +#: modules/administration/nav-administration-guide.adoc:22 msgid "xref:ssl-certs-imported.adoc[Imported SSL Certificates]" msgstr "" #. Tasks, Actions, & Maintenance Windows #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:41 +#: modules/administration/nav-administration-guide.adoc:23 msgid "xref:iss.adoc[Inter-Server Synchronization]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:42 +#: modules/administration/nav-administration-guide.adoc:24 msgid "xref:actions.adoc[Actions]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:43 +#: modules/administration/nav-administration-guide.adoc:25 msgid "xref:task-schedules.adoc[Task Schedules]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:44 +#: modules/administration/nav-administration-guide.adoc:26 +msgid "xref:crash-reporting.adoc[Crash Reporting]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:27 msgid "xref:maintenance-windows.adoc[Maintenance Windows]" msgstr "" -#. Backing up +#. Users #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:46 +#: modules/administration/nav-administration-guide.adoc:28 msgid "xref:maintenance-window-tasks.adoc[Maintenance Window Tasks]" msgstr "" +#. Backing up #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:47 +#: modules/administration/nav-administration-guide.adoc:29 +msgid "xref:users.adoc[Users]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:30 msgid "xref:backup-restore.adoc[Backing Up and Restoring]" msgstr "" #. mgr-sync #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:49 +#: modules/administration/nav-administration-guide.adoc:31 msgid "xref:space-management.adoc[Managing Disk Space]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:50 +#: modules/administration/nav-administration-guide.adoc:32 msgid "xref:mgr-sync.adoc[Using mgr-sync]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:51 +#: modules/administration/nav-administration-guide.adoc:33 msgid "Security" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:52 +#: modules/administration/nav-administration-guide.adoc:34 msgid "xref:master-fingerprint.adoc[Master Fingerprint]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:53 +#: modules/administration/nav-administration-guide.adoc:35 msgid "xref:repo-metadata.adoc[Repository Metadata]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:54 +#: modules/administration/nav-administration-guide.adoc:36 msgid "xref:mirror-sources.adoc[Mirror Sources]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:55 +#: modules/administration/nav-administration-guide.adoc:37 msgid "xref:openscap.adoc[OpenSCAP]" msgstr "" #. Spacewalk Reports #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:57 +#: modules/administration/nav-administration-guide.adoc:38 msgid "xref:auditing.adoc[Auditing Packages]" msgstr "" #. Tuning #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:59 +#: modules/administration/nav-administration-guide.adoc:39 msgid "xref:reports.adoc[Generate Reports]" msgstr "" #. Troubleshooting #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:61 +#: modules/administration/nav-administration-guide.adoc:40 msgid "xref:tuning-changelogs.adoc[Tuning Changelogs]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:62 +#: modules/administration/nav-administration-guide.adoc:41 msgid "xref:tshoot-intro.adoc[Troubleshooting]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:63 +#: modules/administration/nav-administration-guide.adoc:42 msgid "xref:tshoot-corruptrepo.adoc[Troubleshooting Corrupt Repositories]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:64 +#: modules/administration/nav-administration-guide.adoc:43 msgid "xref:tshoot-diskspace.adoc[Troubleshooting Disk Space]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:65 +#: modules/administration/nav-administration-guide.adoc:44 +msgid "xref:tshoot-firewalls.adoc[Troubleshooting Firewalls]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:45 +msgid "xref:tshoot-inactiveclients.adoc[Troubleshooting Inactive Clients]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:46 msgid "xref:tshoot-localcert.adoc[Troubleshooting Local Certificates]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:66 +#: modules/administration/nav-administration-guide.adoc:47 msgid "xref:tshoot-logintimeout.adoc[Troubleshooting Login Timeout]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:67 +#: modules/administration/nav-administration-guide.adoc:48 msgid "xref:tshoot-notifications.adoc[Troubleshooting Notifications]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:68 +#: modules/administration/nav-administration-guide.adoc:49 msgid "xref:tshoot-osadjabberd.adoc[Troubleshooting OSAD and jabberd]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:69 +#: modules/administration/nav-administration-guide.adoc:50 msgid "xref:tshoot-packages.adoc[Troubleshooting Packages]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:70 +#: modules/administration/nav-administration-guide.adoc:51 msgid "" "xref:tshoot-registerclones.adoc[Troubleshooting Registering Cloned Clients]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:71 +#: modules/administration/nav-administration-guide.adoc:52 msgid "xref:tshoot-hostname-rename.adoc[Troubleshooting Renaming the Server]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:72 +#: modules/administration/nav-administration-guide.adoc:53 msgid "xref:tshoot-rpctimeout.adoc[Troubleshooting RPC Timeouts]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:73 +#: modules/administration/nav-administration-guide.adoc:54 msgid "xref:tshoot-saltboot.adoc[Troubleshooting Saltboot]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:74 -msgid "xref:tshoot-sync.adoc[Troubleshooting Product Synchronization]" +#: modules/administration/nav-administration-guide.adoc:55 +msgid "xref:tshoot-sync.adoc[Troubleshooting Synchronization]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:75 +#: modules/administration/nav-administration-guide.adoc:56 msgid "xref:tshoot-taskomatic.adoc[Troubleshooting Taskomatic]" msgstr "" diff --git a/l10n-weblate/administration/es.po b/l10n-weblate/administration/es.po index 0fb74a30aa3..98818bd3013 100644 --- a/l10n-weblate/administration/es.po +++ b/l10n-weblate/administration/es.po @@ -6,11 +6,11 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2020-06-14 00:54+0200\n" +"POT-Creation-Date: 2020-09-30 10:38+0200\n" "PO-Revision-Date: 2020-09-01 09:08+0000\n" "Last-Translator: Pau Garcia Quiles \n" -"Language-Team: Spanish \n" +"Language-Team: Spanish \n" "Language: es\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" @@ -19,14098 +19,15520 @@ msgstr "" "X-Generator: Weblate 3.6.1\n" #. type: Title = -#: modules/administration/pages/backup-restore.adoc:2 +#: modules/administration/pages/live-patching.adoc:1 #, no-wrap -msgid "Backup and Restore" +msgid "Live Patching with SUSE Manager" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:8 +#: modules/administration/pages/live-patching.adoc:2 msgid "" -"Back up your {productname} installation regularly, in order to prevent data " -"loss. Because {productname} relies on a database as well as the installed " -"program and configurations, it is important to back up all components of " -"your installation. This chapter contains information on the files you need " -"to back up, and introduces the [command]``smdba`` tool to manage database " -"backups. It also contains information about restoring from your backups in " -"the case of a system failure." -msgstr "" - -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:9 -#, no-wrap -msgid "Backup Space Requirements" +"Performing a kernel update usually requires a system reboot. Common " +"vulnerability and exposure (CVE) patches should be applied as soon as " +"possible, but if you cannot afford the downtime, you can use Live Patching " +"to inject these important updates and skip the need to reboot." msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:14 +#. type: Plain text +#: modules/administration/pages/live-patching.adoc:3 msgid "" -"Regardless of the backup method you use, you must have available at least " -"three times the amount of space your current installation uses. Running out " -"of space can result in backups failing, so check this often." +"The procedure for setting up Live Patching is slightly different for " +"SLES{nbsp}12 and SLES{nbsp}15. Both procedures are documented in this " +"section." msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:19 +#. type: Title = +#: modules/administration/pages/master-fingerprint.adoc:1 #, no-wrap -msgid "Backing up {productname}" +msgid "Set up a Client to Master Validation Fingerprint" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:24 -msgid "" -"The most comprehensive method for backing up your {productname} installation " -"is to back up the relevant files and directories. This can save you time in " -"administering your backup, and can be faster to reinstall and re-synchronize " -"in the case of failure. However, this method requires significant disk " -"space and could take a long time to perform the backup." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:30 +#: modules/administration/pages/master-fingerprint.adoc:2 msgid "" -"If you want to only back up the required files and directories, use the " -"following list. To make this process simpler, and more comprehensive, we " -"recommend backing up the entire [path]``/etc`` and [path]``/root`` " -"directories, not just the ones specified here. Some files only exist if you " -"are actually using the related {susemgr} feature." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:34 -msgid "[path]``/etc/cobbler/``" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:35 -msgid "[path]``/etc/dhcp.conf``" +"In highly secure network configurations you may wish to ensure your Salt " +"clients are connecting a specific master. To set up validation from client " +"to master enter the master's fingerprint within the [path]``/etc/salt/" +"minion`` configuration file." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:36 -msgid "[path]``/etc/fstab`` and any ISO mountpoints you require." +#: modules/administration/pages/master-fingerprint.adoc:3 +msgid "See the following procedure:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:37 -msgid "[path]``/etc/rhn/``" +#: modules/administration/pages/master-fingerprint.adoc:4 +msgid "" +"On the master, at the command prompt, as root, use this command to find the " +"``master.pub`` fingerprint:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:38 -msgid "[path]``/etc/salt``" +#. type: delimited block - +#: modules/administration/pages/master-fingerprint.adoc:5 +#, no-wrap +msgid "salt-key -F master\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:39 -msgid "[path]``/etc/sudoers``" +#: modules/administration/pages/master-fingerprint.adoc:6 +msgid "" +"On your client, open the [path]``/etc/salt/minion`` configuration file. " +"Uncomment the following line and enter the master's fingerprint replacing " +"the example fingerprint:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:40 -msgid "[path]``/etc/sysconfig/rhn/``" +#. type: delimited block - +#: modules/administration/pages/master-fingerprint.adoc:7 +#, no-wrap +msgid "master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:41 -msgid "[path]``/root/.gnupg/``" +#: modules/administration/pages/master-fingerprint.adoc:8 +msgid "Restart the salt-minion service:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:42 -msgid "[path]``/root/.ssh``" +#. type: delimited block - +#: modules/administration/pages/master-fingerprint.adoc:9 +#, no-wrap +msgid "# systemctl restart salt-minion\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:46 +#: modules/administration/pages/master-fingerprint.adoc:10 msgid "" -"This file exists if you are using an SSH tunnel or SSH [command]``push``. " -"You will also need to have saved a copy of the ``id-susemanager`` key." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:47 -msgid "[path]``/root/ssl-build/``" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:48 -msgid "[path]``/srv/formula_metadata``" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:49 -msgid "[path]``/srv/pillar``" +"For information on configuring security from a client, see https://docs." +"saltstack.com/en/latest/ref/configuration/minion.html." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:50 -msgid "[path]``/srv/salt``" +#. type: Title = +#: modules/administration/pages/mirror-sources.adoc:1 +#, no-wrap +msgid "Mirror Source Packages" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:51 -msgid "[path]``/srv/susemanager``" +#: modules/administration/pages/mirror-sources.adoc:2 +msgid "" +"If you build your own packages locally, or if you require the source code " +"for your packages for legal reasons, it is possible to mirror the source " +"packages on {productname} Server." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:52 -msgid "[path]``/srv/tftpboot/``" +#. type: delimited block = +#: modules/administration/pages/mirror-sources.adoc:3 +msgid "" +"Mirroring source packages can consume a significant amount of disk space." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:53 -msgid "[path]``/srv/www/cobbler``" +#. type: Block title +#: modules/administration/pages/mirror-sources.adoc:4 +#, no-wrap +msgid "Procedure: Mirroring Source Packages" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:54 -msgid "[path]``/srv/www/htdocs/pub/``" +#: modules/administration/pages/mirror-sources.adoc:5 +msgid "" +"Open the [filename]``/etc/rhn/rhn.conf`` configuration file, and add this " +"line:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:55 -msgid "[path]``/srv/www/os-images``" +#. type: delimited block - +#: modules/administration/pages/mirror-sources.adoc:6 +#, no-wrap +msgid "server.sync_source_packages = 1\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:56 -msgid "[path]``/var/cache/rhn``" +#: modules/administration/pages/mirror-sources.adoc:7 +msgid "Restart the Spacewalk service to pick up the changes:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:57 -msgid "[path]``/var/cache/salt``" +#. type: delimited block - +#: modules/administration/pages/mirror-sources.adoc:8 +#: modules/administration/pages/auth-methods-sso.adoc:42 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:15 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:57 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:74 +#, no-wrap +msgid "spacewalk-service restart\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:58 -msgid "[path]``/var/lib/cobbler/``" +#: modules/administration/pages/mirror-sources.adoc:9 +msgid "" +"Currently, this feature can only be enabled globally for all repositories. " +"It is not possible to select individual repositories for mirroring." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:59 +#: modules/administration/pages/mirror-sources.adoc:10 msgid "" -"[path]``/var/lib/cobbler/templates/`` (before version 4.0 it was [path]``/" -"var/lib/rhn/kickstarts/``)" +"When this feature has been activated, the source packages will become " +"available in the {productname} {webui} after the next repository " +"synchronization. They will be shown as sources for the binary package, and " +"can be downloaded directly from the {webui}. Source packages cannot be " +"installed on clients using the {webui}." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:60 -msgid "[path]``/var/lib/Kiwi``" +#. type: Title = +#: modules/administration/pages/tshoot-diskspace.adoc:1 +#, no-wrap +msgid "Troubleshooting Disk Space" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:61 -msgid "[path]``/var/lib/rhn/``" +#: modules/administration/pages/tshoot-diskspace.adoc:2 +msgid "" +"Running out of disk space can have a severe impact on the {productname} " +"database and file structure which, in most cases, is not recoverable." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:62 -msgid "[path]``/var/spacewalk/``" +#: modules/administration/pages/tshoot-diskspace.adoc:3 +msgid "" +"{productname} monitors free space in specific directories, and has " +"configurable alerts. For more on space management, see xref:administration:" +"space-management.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:63 +#: modules/administration/pages/tshoot-diskspace.adoc:4 msgid "" -"Plus any directories containing custom data such as scripts, Kickstart or " -"AutoYaST profiles, and custom RPMs." +"You can recover disk space by removing unused custom channels and redundant " +"database entries before you run out of space entirely." msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:68 +#. type: Plain text +#: modules/administration/pages/tshoot-diskspace.adoc:5 msgid "" -"You will also need to back up your database, which you can do with the " -"[command]``smdba`` tool. For more information about the [command]``smdba`` " -"tool, see xref:administration:backup-restore.adoc[]." +"For instructions on how to delete custom channels, see xref:administration:" +"channel-management.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/backup-restore.adoc:70 +#: modules/administration/pages/tshoot-diskspace.adoc:6 #, no-wrap -msgid "Procedure: Restore from a Manual Backup" +msgid "Procedure: Resolving redundant database entries" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:73 +#: modules/administration/pages/tshoot-diskspace.adoc:7 msgid "" -"Re-install {productname}. For more information about recovering from a " -"backup, see xref:administration:backup-restore.adoc[]." +"Use the [command]``spacewalk-data-fsck`` command to list any redundant " +"database entries." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:75 +#: modules/administration/pages/tshoot-diskspace.adoc:8 msgid "" -"Re-synchronize your {productname} repositories with the [command]``mgr-" -"sync`` tool. For more information about the [command]``mgr-sync`` tool, see " -"<>." +"Use the [command]``spacewalk-data-fsck --remove`` command to delete them." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:76 -msgid "" -"You can choose to re-register your product, or skip the registration and SSL " -"certificate generation sections." +#. type: Title === +#: modules/administration/pages/tshoot-intro.adoc:1 +#: modules/administration/pages/image-management.adoc:127 +#: modules/administration/pages/image-management.adoc:242 +#, no-wrap +msgid "Troubleshooting" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:77 +#: modules/administration/pages/tshoot-intro.adoc:2 msgid "" -"Re-install the [path]``/root/ssl-build/rhn-org-httpd-ssl-key-pair-" -"MACHINE_NAME-VER-REL.noarch.rpm`` package." +"This section contains some common problems you might encounter with " +"{productname}, and solutions to resolving them." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:78 -msgid "" -"Schedule the re-creation of search indexes next time the [command]``rhn-" -"search`` service is started:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:81 +#. type: Title = +#: modules/administration/pages/tshoot-localcert.adoc:1 #, no-wrap -msgid "rhn-search cleanindex\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:85 -msgid "" -"This command produces only debug messages. It does not produce error " -"messages." +msgid "Troubleshooting Local Issuer Certificates" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:88 +#: modules/administration/pages/tshoot-localcert.adoc:2 msgid "" -"Check whether you need to restore [path]``/var/spacewalk/packages/``. If " -"[path]``/var/spacewalk/packages/`` was not in your backup, you will need to " -"restore it. If the source repository is available, you can restore [path]``/" -"var/spacewalk/packages/`` with a complete channel synchronization:" +"Some older bootstrap scripts create a link to the local certificate in the " +"wrong place. This results in zypper returning an ``Unrecognized error`` " +"about the local issuer certificate. You can ensure that the link to the " +"local issuer certificate has been created correctly by checking the [path]``/" +"etc/ssl/certs/`` directory. If you come across this problem, you should " +"consider updating your bootstrap scripts to ensure that zypper operates as " +"expected." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:91 +#. type: Title = +#: modules/administration/pages/tshoot-logintimeout.adoc:1 #, no-wrap -msgid "mgr-sync refresh --refresh-channels\n" +msgid "Troubleshooting Login Timeouts" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:94 +#: modules/administration/pages/tshoot-logintimeout.adoc:2 msgid "" -"Check the progress by running [command]``tail -f /var/log/rhn/reposync/" -"````.log`` as _root_." -msgstr "" - -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:98 -#, no-wrap -msgid "Administering the Database with smdba" +"By default, the {productname} {webui} will require users to log in again " +"after 30{nbsp}minutes. Depending on your environment, you might want to " +"adjust the login timeout value." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:103 +#: modules/administration/pages/tshoot-logintimeout.adoc:3 msgid "" -"The [command]``smdba`` tool is used for managing a local PostgreSQL " -"database. It allows you to back up and restore your database, and manage " -"backups. It can also be used to check the status of your database, and " -"perform administration tasks, such as restarting." +"To adjust the value, you will need to make the change in both [path]``rhn." +"conf`` and [path]``web.xml``. Ensure you set the value in seconds in " +"[path]``/etc/rhn/rhn.conf``, and in minutes in [path]``web.xml``. The two " +"values must equal the same amount of time." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:105 -msgid "" -"The [command]``smdba`` tool works with local PostgreSQL databases only, it " -"will not work with remotely accessed databases, or Oracle databases." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:110 +#: modules/administration/pages/tshoot-logintimeout.adoc:4 msgid "" -"The [command]``smdba`` tool requires [command]``sudo`` access, in order to " -"execute system changes. Ensure you have enabled [command]``sudo`` access " -"for the [username]``admin`` user before you begin, by checking the [path]``/" -"etc/sudoers`` file for this line:" +"For example, to change the timeout value to one hour, set the value in " +"[path]``rhn.conf`` to 3600 seconds, and the value in [path]``web.xml`` to 60 " +"minutes." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:113 +#. type: Block title +#: modules/administration/pages/tshoot-logintimeout.adoc:5 #, no-wrap -msgid "admin ALL=(postgres) /usr/bin/smdba\n" +msgid "Procedure: Adjusting the {webui} Login Timeout Value" msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:118 -msgid "Check the runtime status of your database with:" +#. type: Plain text +#: modules/administration/pages/tshoot-logintimeout.adoc:6 +msgid "Stop services:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:121 +#: modules/administration/pages/tshoot-logintimeout.adoc:7 +#: modules/administration/pages/backup-restore.adoc:133 #, no-wrap -msgid "smdba db-status\n" +msgid "spacewalk-service stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:124 -msgid "This command will return either ``online`` or ``offline``, for example:" +#: modules/administration/pages/tshoot-logintimeout.adoc:8 +msgid "" +"Open [path]``/etc/rhn/rhn.conf`` and add or edit this line to include the " +"new timeout value in seconds:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:127 +#: modules/administration/pages/tshoot-logintimeout.adoc:9 #, no-wrap -msgid "Checking database core... online\n" +msgid "web.session_database_lifetime = \n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:130 -msgid "Starting and stopping the database can be performed with:" +#: modules/administration/pages/tshoot-logintimeout.adoc:10 +#: modules/administration/pages/tshoot-logintimeout.adoc:13 +msgid "Save and close the file." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-logintimeout.adoc:11 +msgid "" +"Open [path]``/srv/tomcat/webapps/rhn/WEB-INF/web.xml`` and add or edit this " +"line to include the new timeout value in minutes:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:133 -#: modules/administration/pages/backup-restore.adoc:279 +#: modules/administration/pages/tshoot-logintimeout.adoc:12 #, no-wrap -msgid "smdba db-start\n" +msgid "Timeout_Value_in_Minutes\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:136 -msgid "And:" +#: modules/administration/pages/tshoot-logintimeout.adoc:14 +msgid "Restart services:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:139 -#: modules/administration/pages/backup-restore.adoc:266 +#: modules/administration/pages/tshoot-logintimeout.adoc:15 +#: modules/administration/pages/backup-restore.adoc:149 #, no-wrap -msgid "smdba db-stop\n" +msgid "spacewalk-service start\n" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:144 +#. type: Title = +#: modules/administration/pages/tshoot-packages.adoc:1 #, no-wrap -msgid "Database Backup with smdba" +msgid "Troubleshooting Package Inconsistencies" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:150 +#: modules/administration/pages/tshoot-packages.adoc:2 msgid "" -"The [command]``smdba`` tool performs a continuous archiving backup. This " -"backup method combines a log of every change made to the database during the " -"current session, with a series of more traditional backup files. When a " -"crash occurs, the database state is first restored from the most recent " -"backup file on disk, then the log of the current session is replayed " -"exactly, to bring the database back to a current state. A continuous " -"archiving backup with [command]``smdba`` is performed with the database " -"running, so there is no need for downtime." +"When packages on a client are locked, {productname} Server may not be able " +"to correctly determine the set of applicable patches. When this occurs, " +"package updates will be available in the {webui}, but will not appear on the " +"client, and attempts to update the client will fail. Check package locks " +"and exclude lists to determine if packages are locked or excluded on the " +"client." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:154 +#: modules/administration/pages/tshoot-packages.adoc:3 msgid "" -"This method of backing up is stable and generally creates consistent " -"snapshots, however it can take up a lot of storage space. Ensure you have " -"at least three times the current database size of space available for " -"backups. You can check your current database size by navigating to [path]``/" -"var/lib/pgsql/`` and running [command]``df -h``." +"On the client, check package locks and exclude lists to determine if " +"packages are locked or excluded:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:159 +#: modules/administration/pages/tshoot-packages.adoc:4 msgid "" -"The [command]``smdba`` tool also manages your archives, keeping only the " -"most recent backup, and the current archive of logs. The log files can only " -"be a maximum file size of 16{nbsp}MB, so a new log file will be created when " -"the files reach this size. Every time you create a new backup, previous " -"backups will be purged to release disk space. We recommend you use " -"[command]``cron`` to schedule your [command]``smdba`` backups to ensure that " -"your storage is managed effectively, and you always have a backup ready in " -"case of failure." +"On an Expanded Support Platform, check [path]``/etc/yum.conf`` and search " +"for ``exclude=``." msgstr "" -#. type: Title === -#: modules/administration/pages/backup-restore.adoc:162 -#, no-wrap -msgid "Performing a Manual Database Backup" +#. type: Plain text +#: modules/administration/pages/tshoot-packages.adoc:5 +msgid "On {sle} and {opensuse}, use the [command]``zypper locks`` command." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:166 -msgid "" -"The [command]``smdba`` tool can be run directly from the command line. We " -"recommend you run a manual database backup immediately after installation, " -"or if you have made any significant changes to your configuration." +#. type: Title = +#: modules/administration/pages/tshoot-rpctimeout.adoc:1 +#, no-wrap +msgid "Troubleshooting RPC Connection Timeouts" msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:172 +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step +#. type: Plain text +#: modules/administration/pages/tshoot-rpctimeout.adoc:2 msgid "" -"When [command]``smdba`` is run for the first time, or if you have changed " -"the location of the backup, it will need to restart your database before " -"performing the archive. This will result in a small amount of downtime. " -"Regular database backups will not require any downtime." +"RPC connections can sometimes time out due to slow networks or a network " +"link going down. This results in package downloads or batch jobs hanging or " +"taking longer than expected. You can adjust the maximum time that an RPC " +"connection can take by editing the configuration file. While this will not " +"resolve networking problems, it will cause a process to fail rather than " +"hang." msgstr "" #. type: Block title -#: modules/administration/pages/backup-restore.adoc:174 +#: modules/administration/pages/tshoot-rpctimeout.adoc:3 #, no-wrap -msgid "Procedure: Performing a Manual Database Backup" +msgid "Procedure: Resolving RPC connection timeouts" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:178 +#: modules/administration/pages/tshoot-rpctimeout.adoc:4 msgid "" -"Allocate permanent storage space for your backup. This example uses a " -"directory located at [path]``/var/spacewalk/``. This will become a " -"permanent target for your backup, so ensure it will remain accessible by " -"your server at all times." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:179 -msgid "In your backup location, create a directory for the backup:" +"On the {productname} Server, open the [filename]``/etc/rhn/rhn.conf`` file " +"and set a maximum timeout value (in seconds):" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:183 +#: modules/administration/pages/tshoot-rpctimeout.adoc:5 #, no-wrap -msgid "sudo -u postgres mkdir /var/spacewalk/db-backup\n" +msgid "server.timeout =`number`\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:187 -msgid "Or, as root:" +#: modules/administration/pages/tshoot-rpctimeout.adoc:6 +msgid "" +"On the {productname} Proxy, open the [filename]``/etc/rhn/rhn.conf`` file " +"and set a maximum timeout value (in seconds):" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:191 +#: modules/administration/pages/tshoot-rpctimeout.adoc:7 #, no-wrap -msgid "install -d -o postgres -g postgres -m 700 /var/spacewalk/db-backup\n" +msgid "proxy.timeout =`number`\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:194 -msgid "Ensure you have the correct permissions set on the backup location:" +#: modules/administration/pages/tshoot-rpctimeout.adoc:8 +msgid "" +"On a {sles} client that uses zypper, open the [filename]``/etc/zypp/zypp." +"conf`` file and set a maximum timeout value (in seconds):" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:198 +#: modules/administration/pages/tshoot-rpctimeout.adoc:9 #, no-wrap -msgid "chown postgres:postgres /var/spacewalk/db-backup\n" +msgid "" +"## Valid values: [0,3600]\n" +"## Default value: 180\n" +"download.transfer_timeout = 180\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:203 +#: modules/administration/pages/tshoot-rpctimeout.adoc:10 msgid "" -"To create a backup for the first time, run the [command]``smdba backup-hot`` " -"command with the [option]``enable`` option set. This will create the backup " -"in the specified directory, and, if necessary, restart the database:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:207 -#, no-wrap -msgid "smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:211 -msgid "" -"This command produces debug messages and finishes sucessfully with the " -"output:" +"On a {rhel} client that uses yum, open the [filename]``/etc/yum.conf`` file " +"and set a maximum timeout value (in seconds):" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:215 +#: modules/administration/pages/tshoot-rpctimeout.adoc:11 #, no-wrap -msgid "INFO: Finished\n" +msgid "timeout =`number`\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:219 +#. type: delimited block = +#: modules/administration/pages/tshoot-rpctimeout.adoc:12 msgid "" -"Check that the backup files exist in the [path]``/var/spacewalk/db-backup`` " -"directory, to ensure that your backup has been successful." +"If you limit RPC timeouts to less than `180` seconds, you risk aborting " +"perfectly normal operations." msgstr "" -#. type: Title === -#: modules/administration/pages/backup-restore.adoc:223 +#. type: Title = +#: modules/administration/pages/tuning-changelogs.adoc:1 #, no-wrap -msgid "Scheduling Automatic Backups" +msgid "Tuning Changelogs" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:229 -msgid "" -"You do not need to shut down your system in order to perform a database " -"backup with [command]``smdba``. However, because it is a large operation, " -"database performance can slow down while the backup is running. We " -"recommend you schedule regular database backups for a low-traffic period, to " -"minimize disruption." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:234 +#: modules/administration/pages/tuning-changelogs.adoc:2 msgid "" -"Ensure you have at least three times the current database size of space " -"available for backups. You can check your current database size by " -"navigating to [path]``/var/lib/pgsql/`` and running [command]``df -h``." -msgstr "" - -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:236 -#, no-wrap -msgid "Procedure: Scheduling Automatic Backups" +"Some packages have a long list of changelog entries. This data is " +"downloaded by default, but it is not always useful information to keep. In " +"order to limit the amount of changelog metadata which is downloaded and to " +"save disk space, you can put a limit on how many entries to keep on disk." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:238 +#: modules/administration/pages/tuning-changelogs.adoc:3 msgid "" -"Create a directory for the backup, and set the appropriate permissions (as " -"root):" +"This configuration option is in the [filename]``/etc/rhn/rhn.conf`` " +"configuration file. The parameter defaults to [systemitem]``0``, which " +"means unlimited." msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:242 +#: modules/administration/pages/tuning-changelogs.adoc:4 #, no-wrap -msgid "install -m 700 -o postgres -g postgres /var/spacewalk/db-backup\n" +msgid "java.max_changelog_entries = 0\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:245 +#: modules/administration/pages/tuning-changelogs.adoc:5 msgid "" -"Open [path]``/etc/cron.d/db-backup-mgr``, or create it if it does not exist, " -"and add the following line to create the cron job:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:249 -#, no-wrap -msgid "0 2 * * * root /usr/bin/smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" +"If you set this parameter, it will come into effect only for new packages " +"when they are synchronized." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:252 +#: modules/administration/pages/tuning-changelogs.adoc:6 msgid "" -"Check the backup directory regularly to ensure the backups are working as " -"expected." -msgstr "" - -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:256 -#, no-wrap -msgid "Restoring from Backup" +"After changing this parameter, restart services with ``spacewalk-service " +"restart``." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:259 +#: modules/administration/pages/tuning-changelogs.adoc:7 msgid "" -"The [command]``smdba`` tool can be used to restore from backup in the case " -"of failure." -msgstr "" - -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:260 -#, no-wrap -msgid "Procedure: Restoring from Backup" +"You might like to delete and regenerate the cached data to remove older data." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:262 -msgid "Shut down the database:" +#. type: delimited block = +#: modules/administration/pages/tuning-changelogs.adoc:8 +msgid "" +"Deleting and regenerating cached data can take a long time. Depending on " +"the number of channels you have and the amount of data to be deleted, it can " +"potentially take several hours. The task is run in the background by " +"Taskomatic, so you can continue to use {productname} while the operation " +"completes, however you should expect some performance loss." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:268 -msgid "Start the restore process and wait for it to complete:" +#: modules/administration/pages/tuning-changelogs.adoc:9 +msgid "" +"You can delete and request a regeneration of cached data from the command " +"line:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:272 +#: modules/administration/pages/tuning-changelogs.adoc:10 #, no-wrap -msgid "smdba backup-restore start\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:275 -msgid "Restart the database:" +msgid "spacewalk-sql -i\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:282 -msgid "Check if there are differences between the RPMs and the database." +#: modules/administration/pages/tuning-changelogs.adoc:11 +msgid "Then on the SQL database prompt, enter:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:286 +#: modules/administration/pages/tuning-changelogs.adoc:12 #, no-wrap -msgid "spacewalk-data-fsck\n" +msgid "" +"DELETE FROM rhnPackageRepodata;\n" +"INSERT INTO rhnRepoRegenQueue (id, CHANNEL_LABEL, REASON, FORCE)\n" +"(SELECT sequence_nextval('rhn_repo_regen_queue_id_seq'),\n" +" C.label,\n" +" 'cached data regeneration',\n" +" 'Y'\n" +" FROM rhnChannel C);\n" +"\\q\n" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:291 +#. type: Title = +#: modules/administration/pages/space-management.adoc:1 #, no-wrap -msgid "Archive Log Settings" +msgid "Managing Disk Space" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:295 +#: modules/administration/pages/space-management.adoc:2 msgid "" -"Archive logging allows the database management tool [command]``smdba`` to " -"perform hot backups. In {productname} with an embedded database, archive " -"logging is enabled by default." +"Running out of disk space can have a severe impact on the {productname} " +"database and file structure which, in some cases, is not recoverable." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:299 +#: modules/administration/pages/space-management.adoc:3 msgid "" -"PostgreSQL maintains a limited number of archive logs. Using the default " -"configuration, approximately 64 files with a size of 16 MiB are stored." +"{productname} monitors some directories for free disk space. You can modify " +"which directories are monitored, and the warnings that are created. All " +"settings are configured in the [path]``/etc/rhn/rhn.conf`` configuration " +"file." +msgstr "" + +#. type: Title == +#: modules/administration/pages/space-management.adoc:4 +#, no-wrap +msgid "Monitored Directories" msgstr "" -#. FIXME: Use sle 15 channels as an example #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:302 -msgid "Creating a user and syncing the channels:" +#: modules/administration/pages/space-management.adoc:5 +msgid "By default, {productname} monitors these directories:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:304 -msgid "SLES12-SP2-Pool-x86_64" +#: modules/administration/pages/space-management.adoc:6 +msgid "[path]``/var/lib/pgsql``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:305 -msgid "SLES12-SP2-Updates-x86_64" +#: modules/administration/pages/space-management.adoc:7 +msgid "[path]``/var/spacewalk``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:306 -msgid "SLE-Manager-Tools12-Pool-x86_64-SP2" +#: modules/administration/pages/space-management.adoc:8 +msgid "[path]``/var/cache``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:307 -msgid "SLE-Manager-Tools12-Updates-x86_64-SP2" +#: modules/administration/pages/space-management.adoc:9 +msgid "[path]``/srv``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:311 +#: modules/administration/pages/space-management.adoc:10 msgid "" -"PostgreSQL will generate an additional roughly 1 GB of data. So it is " -"important to think about a backup strategy and create a backups in a regular " -"way." +"You can change which directories are monitored with the " +"[systemitem]``spacecheck_dirs`` parameter. You can specify multiple " +"directories by separating them with a space." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:313 -msgid "" -"Archive logs are stored at [path]``/var/lib/pgsql/data/pg_xlog/`` " -"(postgresql)." +#: modules/administration/pages/space-management.adoc:11 +#: modules/administration/pages/space-management.adoc:16 +#: modules/administration/pages/space-management.adoc:21 +#: modules/administration/pages/actions.adoc:62 +#: modules/administration/pages/backup-restore.adoc:135 +msgid "For example:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/space-management.adoc:12 +#, no-wrap +msgid "spacecheck_dirs = /var/lib/pgsql /var/spacewalk /var/cache /srv\n" msgstr "" #. type: Title == -#: modules/administration/pages/backup-restore.adoc:317 +#: modules/administration/pages/space-management.adoc:13 #, no-wrap -msgid "Retrieving an Overview of Occupied Database Space" +msgid "Thresholds" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:321 +#: modules/administration/pages/space-management.adoc:14 msgid "" -"Database administrators may use the subcommand [command]``space-overview`` " -"to get a report about occupied table spaces, for example:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:324 -#, no-wrap -msgid "smdba space-overview\n" +"By default, {productname} will create a warning mail when a monitored " +"directory has less than 10% of total space available. A critical alert is " +"created when a monitored directory falls below 5% space available." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:327 -#: modules/administration/pages/backup-restore.adoc:349 -msgid "outputs:" +#: modules/administration/pages/space-management.adoc:15 +msgid "" +"You can change these alert thresholds with the " +"[systemitem]``spacecheck_free_alert`` and " +"[systemitem]``spacecheck_free_critical`` parameters." msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:331 -#: modules/administration/pages/backup-restore.adoc:353 +#: modules/administration/pages/space-management.adoc:17 #, no-wrap msgid "" -"SUSE Manager Database Control. Version 1.5.2\n" -"Copyright (c) 2012 by SUSE Linux Products GmbH\n" +"spacecheck_free_alert = 10\n" +"spacecheck_free_critical = 5\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:337 +#. type: Title == +#: modules/administration/pages/space-management.adoc:18 #, no-wrap -msgid "" -"Tablespace | Size (Mb) | Avail (Mb) | Use %\n" -"------------+-----------+------------+------\n" -"postgres | 7 | 49168 | 0.013\n" -"susemanager | 776 | 48399 | 1.602\n" +msgid "Shut Down Services" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:343 +#: modules/administration/pages/space-management.adoc:19 msgid "" -"The [command]``smdba`` command is available for PostgreSQL. For a more " -"detailed report, use the [command]``space-tables`` subcommand. It lists the " -"table and its size, for example:" +"By default, {productname} will shut down the spacewalk services when the " +"critical alert threshold is reached." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:346 -#, no-wrap -msgid "smdba space-tables\n" +#. type: Plain text +#: modules/administration/pages/space-management.adoc:20 +msgid "" +"You can change this behavior with the [systemitem]``spacecheck_shutdown`` " +"parameter. A value of ``true`` will enable the shut down feature. Any " +"other value will disable it." msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:365 +#: modules/administration/pages/space-management.adoc:22 #, no-wrap -msgid "" -"Table | Size\n" -"--------------------------------------+-----------\n" -"public.all_primary_keys | 0 bytes\n" -"public.all_tab_columns | 0 bytes\n" -"public.allserverkeywordsincereboot | 0 bytes\n" -"public.dblink_pkey_results | 0 bytes\n" -"public.dual | 8192 bytes\n" -"public.evr_t | 0 bytes\n" -"public.log | 32 kB\n" -"...\n" +msgid "spacecheck_shutdown = true\n" msgstr "" #. type: Title == -#: modules/administration/pages/backup-restore.adoc:369 +#: modules/administration/pages/space-management.adoc:23 #, no-wrap -msgid "Moving the Database" +msgid "Disable Space Checking" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:375 +#: modules/administration/pages/space-management.adoc:24 msgid "" -"It is possible to move the database to another location. For example, move " -"the database if the database storage space is running low. The following " -"procedure will guide you through moving the database to a new location for " -"use by {productname}." +"The space checking tool is enabled by default. You can disable it entirely " +"with these commands:" msgstr "" -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:376 +#. type: delimited block - +#: modules/administration/pages/space-management.adoc:25 #, no-wrap -msgid "Procedure: Moving the Database" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:378 msgid "" -"The default storage location for {productname} is [path]``/var/lib/pgsql/``. " -"If you would like to move it, for example to [path]``/storage/postgres/``, " -"proceed as follows." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:380 -msgid "Stop the running database with (as root):" +"systemctl stop spacewalk-diskcheck.timer\n" +"systemctl disable spacewalk-diskcheck.timer\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:384 +#. type: Title = +#: modules/administration/pages/task-schedules.adoc:1 #, no-wrap -msgid "rcpostgresql stop\n" +msgid "Task Schedules" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:387 -msgid "Shut down the running Spacewalk services with:" +#: modules/administration/pages/task-schedules.adoc:2 +msgid "" +"Under menu:Admin[Task Schedules] all predefined task bunches are listed." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:391 +#. type: Target for macro image +#: modules/administration/pages/task-schedules.adoc:3 #, no-wrap -msgid "spacewalk-service stop\n" +msgid "admin_task_schedules.png" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:394 +#: modules/administration/pages/task-schedules.adoc:4 msgid "" -"Copy the current working directory structure with [command]``cp`` using the " -"[option]``-a, --archive`` option. For example:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:398 -#, no-wrap -msgid "cp --archive /var/lib/pgsql/ /storage/postgres/\n" +"Click a menu:SUSE Manager Schedules[Schedule name] to open its menu:Schedule " +"Name[Basic Schedule Details] where you can disable it or change the " +"frequency. Click btn:[Edit Schedule] to update the schedule with your " +"settings. To delete a schedule, click btn:[Delete Schedule] in the upper " +"right-hand corner." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:402 +#. type: delimited block = +#: modules/administration/pages/task-schedules.adoc:5 msgid "" -"This command will copy the contents of [path]``/var/lib/pgsql/`` to [path]``/" -"storage/postgres/pgsql/``." +"Only disable or delete a schedule if you are absolutely certain this is " +"necessary as they are essential for {productname} to work properly." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:405 +#: modules/administration/pages/task-schedules.adoc:6 msgid "" -"The contents of the [path]``/var/lib/pgsql`` directory needs to remain the " -"same, otherwise the {productname} database may malfunction. You also should " -"ensure that there is enough available disk space." +"If you click a bunch name, a list of runs of that bunch type and their " +"status will be displayed. Clicking the start time links takes you back to " +"the menu:Schedule Name[Basic Schedule Details]." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:408 -msgid "Mount the new database directory with:" +#: modules/administration/pages/task-schedules.adoc:7 +msgid "" +"For example, the following predefined task bunches are scheduled by default " +"and can be configured:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:412 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:8 #, no-wrap -msgid "mount /storage/postgres/pgsql\n" +msgid "menu:channel-repodata-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:414 -msgid "" -"Make sure ownership is `postgres:postgres` and not `root:root` by changing " -"to the new directory and running the following commands:" +#: modules/administration/pages/task-schedules.adoc:9 +msgid "(Re)generates repository metadata files." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:419 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:10 #, no-wrap -msgid "" -"cd /storage/postgres/pgsql/\n" -"ls -l\n" +msgid "menu:cleanup-data-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:423 -msgid "Outputs:" +#: modules/administration/pages/task-schedules.adoc:11 +msgid "" +"Cleans up stale package change log and monitoring time series data from the " +"database." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:428 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:12 #, no-wrap -msgid "" -"total 8\n" -"drwxr-x--- 4 postgres postgres 47 Jun 2 14:35 ./\n" +msgid "menu:clear-taskologs-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:430 +#: modules/administration/pages/task-schedules.adoc:13 msgid "" -"Add the new database mount location to your servers fstab by editing " -"[path]``etc/fstab``." +"Clears task engine (taskomatic) history data older than a specified number " +"of days, depending on the job type, from the database." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:14 +#, no-wrap +msgid "menu:cobbler-sync-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:431 -msgid "Start the database with:" +#: modules/administration/pages/task-schedules.adoc:15 +msgid "" +"Synchronizes distribution and profile data from {productname} to Cobbler. " +"For more information, see xref:client-configuration:cobbler.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:435 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:16 #, no-wrap -msgid "rcpostgresql start\n" +msgid "menu:compare-configs-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:438 -msgid "Start the Spacewalk services with:" +#: modules/administration/pages/task-schedules.adoc:17 +msgid "" +"Compares configuration files as stored in configuration channels with the " +"files stored on all configuration-enabled servers. To review comparisons, " +"click menu:Systems[] tab and select the system of interest. Go to menu:" +"Configuration[Compare Files]. For more information, see xref:reference:" +"systems/system-details/sd-configuration.adoc#sd-config-compare-files[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:442 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:18 #, no-wrap -msgid "spacewalk-service start\n" +msgid "menu:cve-server-channels-default:[]" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:446 +#. type: Plain text +#: modules/administration/pages/task-schedules.adoc:19 +msgid "" +"Updates internal pre-computed CVE data that is used to display results on " +"the menu:Audit[CVE Audit] page. Search results in the menu:Audit[CVE Audit] " +"page are updated to the last run of this schedule). For more information, " +"see xref:reference:audit/audit-cve-audit.adoc[]." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:20 #, no-wrap -msgid "Recovering from a Crashed Root Partition" +msgid "menu:daily-status-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:451 +#: modules/administration/pages/task-schedules.adoc:21 msgid "" -"This section provides guidance on restoring your server after its root " -"partition has crashed. This section assumes you have setup your server " -"similar to the procedure explained in Installation guide with separate " -"partitions for the database and for channels mounted at [path]``/var/lib/" -"pgsql`` and [path]``/var/spacewalk/``." +"Sends daily report e-mails to relevant addresses. To learn more about how " +"to configure notifications for specific users, see xref:reference:users/user-" +"details.adoc[]." msgstr "" -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:452 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:22 #, no-wrap -msgid "Procedure: Recovering from a Crashed Root Partition" +msgid "menu:errata-cache-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:456 +#: modules/administration/pages/task-schedules.adoc:23 msgid "" -"Install {productname}. Do not mount the [path]``/var/spacewalk`` and " -"[path]``/var/lib/pgsql`` partitions. Wait for the installation to complete " -"before going on to the next step." +"Updates internal patch cache database tables, which are used to look up " +"packages that need updates for each server. Also, this sends notification " +"emails to users that might be interested in certain patches. For more " +"information about patches, see xref:reference:patches/patches-menu.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:457 -msgid "Shut down the services with [command]``spacewalk-service shutdown``." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:24 +#, no-wrap +msgid "menu:errata-queue-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:458 -msgid "Shut down the database with [command]``rcpostgresql stop``." +#: modules/administration/pages/task-schedules.adoc:25 +msgid "" +"Queues automatic updates (patches) for servers that are configured to " +"receive them." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:459 -msgid "Mount [path]``/var/spacewalk`` and [path]``/var/lib/pgsql`` partitions." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:26 +#, no-wrap +msgid "menu:kickstart-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:460 -msgid "Restore the directories listed in <>." +#: modules/administration/pages/task-schedules.adoc:27 +msgid "Cleans up stale kickstart session data." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:28 +#, no-wrap +msgid "menu:kickstartfile-sync-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:461 +#: modules/administration/pages/task-schedules.adoc:29 msgid "" -"Start the Spacewalk services with [command]``spacewalk-services start``." +"Generates Cobbler files corresponding to Kickstart profiles created by the " +"configuration wizard." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:462 -msgid "Start the database with [command]``rcpostgresql start``." +#. we probably no longer want to reference NCC; I do not know whether it works the same way with SCC (if at all) +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:30 +#, no-wrap +msgid "menu:mgr-register-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:464 +#: modules/administration/pages/task-schedules.adoc:31 msgid "" -"{productname} should now operate normally without loss of your database or " -"synced channels." +"Calls the [command]``mgr-register`` command, which synchronizes client " +"registration data with NCC (new, changed or deleted clients' data are " +"forwarded)." msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:467 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:32 #, no-wrap -msgid "Database Connection Information" +msgid "menu:mgr-sync-refresh-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:470 +#: modules/administration/pages/task-schedules.adoc:33 msgid "" -"The information for connecting to the {productname} database is located in " -"[path]``/etc/rhn/rhn.conf``:" +"The default time at which the start of synchronization with SUSE Customer " +"Center (SCC) takes place (``mgr-sync-refresh``)." msgstr "" -#. There are no such default, they are user-spcified, though -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:480 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:34 #, no-wrap +msgid "menu:minion-action-cleanup-default:[]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/task-schedules.adoc:35 msgid "" -"db_backend = postgresql\n" -"db_user = susemanager\n" -"db_password = susemanager\n" -"db_name = susemanager\n" -"db_host = localhost\n" -"db_port = 5432\n" -"db_ssl_enabled =\n" +"Deletes stale client action data from the file system. First it tries to " +"complete any possibly unfinished actions by looking up the corresponding " +"results; these results are stored in the Salt job cache. An unfinished " +"action can occur if the server has missed the results of the action. For " +"successfully completed actions it removes artifacts such as executed script " +"files." msgstr "" -#. type: Title = -#: modules/administration/pages/disconnected-setup.adoc:2 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:36 #, no-wrap -msgid "Disconnected Setup" +msgid "menu:package-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:5 -msgid "" -"When it is not possible to connect {productname} to the internet, you can " -"use it within a disconnected environment." +#: modules/administration/pages/task-schedules.adoc:37 +msgid "Deletes stale package files from the file system." msgstr "" -#. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:8 -msgid "" -"The repository mirroring tool (RMT) is available on {sle}{nbsp}15 and " -"later. RMT replaces the subscription management tool (SMT), which can be " -"used on older {sle} installations." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:38 +#, no-wrap +msgid "menu:reboot-action-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:12 +#: modules/administration/pages/task-schedules.adoc:39 msgid "" -"In a disconnected {productname} setup, RMT or SMT uses an external network " -"to connect to {scc}. All software channels and repositories are " -"synchronized to a removable storage device. The storage device can then be " -"used to update the disconnected {productname} installation." +"Any reboot actions pending for more than six hours are marked as failed and " +"associated data is cleaned up in the database. For more information on " +"scheduling reboot actions, see xref:reference:systems/system-details/sd-" +"provisioning.adoc#sd-power-management[]." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:40 +#, no-wrap +msgid "menu:sandbox-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:14 +#: modules/administration/pages/task-schedules.adoc:41 msgid "" -"This setup allows your {productname} installation to remain in an offline, " -"disconnected environment." +"Cleans up Sandbox configuration files and channels that are older than the " +"__sandbox_lifetime__ configuration parameter (3 days by default). Sandbox " +"files are those imported from systems or files under development. For more " +"information, see xref:reference:systems/system-details/sd-configuration." +"adoc#sd-config-add-files[]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:19 -msgid "" -"Your RMT or SMT instance must be used to managed a {productname} Server " -"directly. It cannot be used to manage a second RMT or SMT instance, in a " -"cascade." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:42 +#, no-wrap +msgid "menu:session-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:22 +#: modules/administration/pages/task-schedules.adoc:43 msgid "" -"For more information on RMT, see https://documentation.suse.com/sles/15-SP1/" -"html/SLES-all/book-rmt.html." +"Cleans up stale Web interface sessions, typically data that is temporarily " +"stored when a user logs in and then closes the browser before logging out." msgstr "" -#. type: Title == -#: modules/administration/pages/disconnected-setup.adoc:24 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:44 #, no-wrap -msgid "Synchronize RMT" +msgid "menu:ssh-push-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:27 +#: modules/administration/pages/task-schedules.adoc:45 msgid "" -"You can use RMT on {sle} 15 installations to manage clients running {sle} 12 " -"or later." +"Prompts clients to check in with {productname} via SSH if they are " +"configured with a `SSH Push` contact method." msgstr "" -#. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:29 -msgid "" -"We recommend you set up a dedicated RMT instance for each {productname} " -"installation." -msgstr "" - -#. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:30 -#, no-wrap -msgid "Procedure: Setting up RMT" +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:46 +#, no-wrap +msgid "menu:token-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:32 -msgid "On the RMT instance, install the RMT package:" +#: modules/administration/pages/task-schedules.adoc:47 +msgid "" +"Deletes expired repository tokens that are used by Salt clients to download " +"packages and metadata." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:35 +#. type: Title = +#: modules/administration/pages/subscription-matching.adoc:1 #, no-wrap -msgid "zypper in rmt-server\n" +msgid "Subscription Matching" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:37 -msgid "Configure RMT using {yast}:" +#: modules/administration/pages/subscription-matching.adoc:2 +msgid "" +"Your {suse} products require subscriptions, which are managed by the {scc} " +"(SCC). {productname} runs a nightly report checking the subscription status " +"of all your registered clients against your SCC account. The report gives " +"you information about which clients consume which subscriptions, how many " +"subscriptions you have remaining and available to use, and which clients do " +"not have a current subscription." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:40 -#, no-wrap -msgid "yast2 rmt\n" +#. type: Plain text +#: modules/administration/pages/subscription-matching.adoc:3 +msgid "Navigate to menu:Audit[Subscription Matching] to see the report." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:43 +#: modules/administration/pages/subscription-matching.adoc:4 msgid "" -"Follow the prompts to complete installation. For more information on " -"setting up RMT, see https://documentation.suse.com/sles/15-SP1/html/SLES-all/" -"book-rmt.html." +"The [guimenu]``Subscriptions Report`` tab gives information about current " +"and expiring subscriptions." msgstr "" -#. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:44 -#, no-wrap -msgid "Procedure: Synchronizing RMT with SCC" +#. type: Plain text +#: modules/administration/pages/subscription-matching.adoc:5 +msgid "" +"The [guimenu]``Unmatched Products Report`` tab gives a list of clients that " +"do not have a current subscription. This includes clients that could not be " +"matched, or that are not currently registered with {productname}. The " +"report includes product names and the number of systems that remain " +"unmatched." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:46 +#: modules/administration/pages/subscription-matching.adoc:6 msgid "" -"On the RMT instance, list all available products and repositories for your " -"organization:" +"The [guimenu]``Pins`` tab allows you to associate individual clients to the " +"relevant subscription. This is especially useful if the subscription " +"manager is not automatically associating clients to subscriptions " +"successfully." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:50 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/subscription-matching.adoc:7 msgid "" -"rmt-cli products list --all\n" -"rmt-cli repos list --all\n" +"The [guimenu]``Messages`` tab shows any errors that occurred during the " +"matching process." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:52 -msgid "Synchronize all available updates for your organization:" +#: modules/administration/pages/subscription-matching.adoc:8 +msgid "" +"You can also download the reports in .csv format, or access them from that " +"command prompt in the [path]``/var/lib/spacewalk/subscription-matcher/`` " +"directory." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:55 -#, no-wrap -msgid "rmt-cli sync\n" +#. type: Plain text +#: modules/administration/pages/subscription-matching.adoc:9 +msgid "" +"By default, the subscription matcher runs daily, at midnight. To change " +"this, navigate to menu:Admin[Task Schedules] and click ``gatherer-matcher-" +"default``. Change the schedule as required, and click btn:[Update Schedule]." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:57 -msgid "You can also configure RMT to synchronize regularly using systemd." +#: modules/administration/pages/subscription-matching.adoc:10 +msgid "" +"Because the report can only match current clients with current " +"subscriptions, you might find that the matches change over time. The same " +"client will not always match the same subscription. This can be due to new " +"clients being registered or unregistered, or because of the addition or " +"expiration of subscriptions." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:59 -msgid "Enable the products you require. For example, to enable SLES 15:" +#: modules/administration/pages/subscription-matching.adoc:11 +msgid "" +"The subscription matcher will automatically attempt to reduce the number of " +"unmatched products, limited by the terms and conditions of the subscriptions " +"in your account. However, if you have incomplete hardware information, " +"unknown virtual machine host assignments, or clients running in unknown " +"public clouds, the matcher might show that you do not have enough " +"subscriptions available. Always ensure you have complete data about your " +"clients included in {productname}, to help ensure accuracy." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:62 +#. type: delimited block = +#: modules/administration/pages/subscription-matching.adoc:12 +msgid "" +"The subscription matcher will not always match clients and subscriptions " +"accurately. It is not intended to be a replacement for auditing." +msgstr "" + +#. type: Title == +#: modules/administration/pages/subscription-matching.adoc:13 #, no-wrap -msgid "rmt-cli product enable sles/15/x86_64\n" +msgid "Pin Clients to Subscriptions" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:65 -#: modules/administration/pages/disconnected-setup.adoc:99 +#: modules/administration/pages/subscription-matching.adoc:14 msgid "" -"Export the synchronized data to your removable storage. In this example, " -"the storage medium is mounted at [path]``/mnt/usb``:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:68 -#, no-wrap -msgid "rmt-cli export data /mnt/usb\n" +"If the subscription matcher is not automatically matching a particular " +"client with the correct subscription, you can manually pin them. When you " +"have created a pin, the subscription matcher favors matching a specific " +"subscription with a given system or group of systems." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:70 -#: modules/administration/pages/disconnected-setup.adoc:106 -msgid "Export the enabled repositories to your removable storage:" +#: modules/administration/pages/subscription-matching.adoc:15 +msgid "" +"However, the matcher will not always respect a pin. It depends on the " +"subscription being available, and whether or not the subscription can be " +"applied to the client. Additionally, pins will be ignored if they result in " +"a match that violates the terms and conditions of the subscription, or if " +"the matcher detects a more accurate match if the pin is ignored." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:72 -#: modules/administration/pages/disconnected-setup.adoc:108 -#, no-wrap -msgid "rmt-cli export settings /mnt/usb\n" +#. type: Plain text +#: modules/administration/pages/subscription-matching.adoc:16 +msgid "To add a new pin, click btn:[Add a Pin], and select the client to pin." msgstr "" #. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:78 +#: modules/administration/pages/subscription-matching.adoc:17 msgid "" -"Ensure that the external storage is mounted to a directory that is writeable " -"by the RMT user. You can change RMT user settings in the `cli` section of " -"[path]``/etc/rmt.conf``." +"We do not recommend using pinning regularly, or for a large number of " +"clients. The subscription matcher tool is generally accurate enough for " +"most installations." msgstr "" -#. type: Title == -#: modules/administration/pages/disconnected-setup.adoc:82 +#. type: Title = +#: modules/administration/pages/ssl-certs-imported.adoc:1 #, no-wrap -msgid "Synchronize SMT" +msgid "Import SSL Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:86 +#: modules/administration/pages/ssl-certs-imported.adoc:2 msgid "" -"SMT is included with {sle} 12, and can be used to manage clients running " -"{sle} 10 or later." +"By default, {productname} uses a self-signed certificate. For additional " +"security, you can import a custom certificate, signed by a third party " +"certificate authority (CA)." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:88 +#: modules/administration/pages/ssl-certs-imported.adoc:3 msgid "" -"SMT requires you to create a local mirror directory on the SMT instance in " -"order to synchronize repositories and packages." +"This section covers how to use an imported SSL certificate with a new " +"{productname} installation, and how to replace existing self-signed " +"certificates with imported certificates." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:90 -msgid "" -"For more details on installing and configuring SMT, see https://" -"documentation.suse.com/sles/12-SP4/html/SLES-all/book-smt.html." +#: modules/administration/pages/ssl-certs-imported.adoc:4 +msgid "Before you begin, ensure you have:" msgstr "" -#. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:91 -#, no-wrap -msgid "Procedure: Synchronizing SMT with SCC" +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:5 +msgid "A certificate authority (CA) SSL public certificate" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:93 -msgid "On the SMT instance, create a database replacement file:" +#: modules/administration/pages/ssl-certs-imported.adoc:6 +msgid "An SSL server key" msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:96 -#, no-wrap -msgid "smt-sync --createdbreplacementfile /tmp/dbrepl.xml\n" +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:7 +msgid "An SSL server certificate" msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:104 -#, no-wrap -msgid "" -"smt-sync --todir /mnt/usb\n" -"smt-mirror --dbreplfile /tmp/dbrepl.xml --directory /mnt/usb \\\n" -" --fromlocalsmt -L /var/log/smt/smt-mirror-export.log\n" +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:8 +msgid "Your key and certificate files must be in PEM format." msgstr "" -#. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:114 +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:9 msgid "" -"Ensure that the external storage is mounted to a directory that is writeable " -"by the RMT user. You can change SMT user settings in [path]``/etc/smt." -"conf``." +"The host name of the SSL keys and certificates must match the fully " +"qualified host name of the machine you deploy them on. You can set the host " +"names in the ``X509v3 Subject Alternative Name`` section of the " +"certificate. You can also list multiple host names if your environment " +"requires it." msgstr "" #. type: Title == -#: modules/administration/pages/disconnected-setup.adoc:118 +#: modules/administration/pages/ssl-certs-imported.adoc:10 #, no-wrap -msgid "Synchronize a Disconnected Server" +msgid "Import Certificates for New Installations" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:121 +#: modules/administration/pages/ssl-certs-imported.adoc:11 msgid "" -"When you have removable media loaded with your {scc} data, you can use it to " -"synchronize your disconnected server." +"By default, {productname} uses a self-signed certificate. After you have " +"completed the initial setup, you can replace the default certificate with an " +"imported certificate." msgstr "" #. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:122 +#: modules/administration/pages/ssl-certs-imported.adoc:12 #, no-wrap -msgid "Procedure: Synchronizing a Disconnected Server" +msgid "Procedure: Import Certificates on a New {productname} Server" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:125 +#: modules/administration/pages/ssl-certs-imported.adoc:13 msgid "" -"Mount your removable media device to the {productname} server. In this " -"example, the mount point is [path]``/media/disk``." +"Install the {productname} Server according to the instructions in xref:" +"installation:install-intro.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:126 +#: modules/administration/pages/ssl-certs-imported.adoc:14 msgid "" -"Open ``/etc/rhn/rhn.conf`` and define the mount point by adding or editing " -"this line:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:129 -#, no-wrap -msgid "server.susemanager.fromdir = /media/disk\n" +"Complete the initial setup according to xref:installation:server-setup." +"adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:132 -msgid "Restart the Tomcat service:" +#: modules/administration/pages/ssl-certs-imported.adoc:15 +msgid "" +"At the command prompt, point the SSL environment variables to the " +"certificate file locations:" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:135 +#: modules/administration/pages/ssl-certs-imported.adoc:16 #, no-wrap -msgid "systemctl restart tomcat\n" +msgid "" +"export CA_CERT=\n" +"export SERVER_KEY=\n" +"export SERVER_CERT=\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:137 -msgid "Refresh the local data:" +#: modules/administration/pages/ssl-certs-imported.adoc:17 +msgid "Complete {productname} setup:" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:140 +#: modules/administration/pages/ssl-certs-imported.adoc:18 #, no-wrap -msgid "mgr-sync refresh\n" +msgid "yast susemanager_setup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:142 -msgid "Perform a synchronization:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:146 -#, no-wrap +#: modules/administration/pages/ssl-certs-imported.adoc:19 msgid "" -"mgr-sync list channels\n" -"mgr-sync add channel channel-label\n" +"When you are prompted for certificate details during setup, fill in random " +"values. The values will be overridden by the values you specified at the " +"command prompt." msgstr "" #. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:153 +#: modules/administration/pages/ssl-certs-imported.adoc:20 msgid "" -"The removable disk that you use for synchronization must always be available " -"at the same mount point. Do not trigger a synchronization, if the storage " -"medium is not mounted. This will result in data corruption." +"Execute the [command]``yast susemanager_setup`` command from the same shell " +"you exported the environment variables from." msgstr "" -#. type: Title = -#: modules/administration/pages/live-patching.adoc:2 +#. type: Title == +#: modules/administration/pages/ssl-certs-imported.adoc:21 #, no-wrap -msgid "Live Patching with SUSE Manager" +msgid "Import Certificates for New Proxy Installations" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching.adoc:7 +#: modules/administration/pages/ssl-certs-imported.adoc:22 msgid "" -"Performing a kernel update usually requires a system reboot. Common " -"vulnerability and exposure (CVE) patches should be applied as soon as " -"possible, but if you cannot afford the downtime, you can use Live Patching " -"to inject these important updates and skip the need to reboot." +"By default, {productname} Proxy uses a self-signed certificate. After you " +"have completed the initial setup, you can replace the default certificate " +"with an imported certificate." +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-imported.adoc:23 +#, no-wrap +msgid "Procedure: Import Certificates on a New {productname} Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching.adoc:9 +#: modules/administration/pages/ssl-certs-imported.adoc:24 msgid "" -"The procedure for setting up Live Patching is slightly different for " -"SLES{nbsp}12 and SLES{nbsp}15. Both procedures are documented in this " -"section." +"Install the {productname} Proxy according to the instructions in xref:" +"installation:install-intro.adoc[]." msgstr "" -#. type: Title = -#: modules/administration/pages/master-fingerprint.adoc:2 +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:25 +msgid "" +"Complete the initial setup according to xref:installation:proxy-setup.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:26 +msgid "At the command prompt, run:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:27 #, no-wrap -msgid "Set up a Client to Master Validation Fingerprint" +msgid "configure-proxy.sh\n" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:6 +#: modules/administration/pages/ssl-certs-imported.adoc:28 msgid "" -"In highly secure network configurations you may wish to ensure your Salt " -"clients are connecting a specific master. To set up validation from client " -"to master enter the master's fingerprint within the [path]``/etc/salt/" -"minion`` configuration file." +"At the ``Do you want to import existing certificates?`` prompt, type kbd:[y]." msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:8 -msgid "See the following procedure:" +#: modules/administration/pages/ssl-certs-imported.adoc:29 +msgid "Follow the prompts to complete setup." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/ssl-certs-imported.adoc:30 +msgid "" +"Use the same certificate authority to sign all server certificates for " +"servers and proxies. Certificates signed with different CAs will not match." +msgstr "" + +#. type: Title == +#: modules/administration/pages/ssl-certs-imported.adoc:31 +#, no-wrap +msgid "Replace Certificates with a Third Party Certificate" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:10 +#: modules/administration/pages/ssl-certs-imported.adoc:32 msgid "" -"On the master, at the command prompt, as root, use this command to find the " -"``master.pub`` fingerprint:" +"You can replace active certificates on your {productname} installation with " +"a new third party certificate. To replace the certificates, you can replace " +"the installed CA certificate RPM with a new RPM containing the third party " +"certificate, and then update the database." msgstr "" -#. type: delimited block - -#: modules/administration/pages/master-fingerprint.adoc:14 +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:33 +msgid "" +"This procedure is similar to the one described in xref:administration:ssl-" +"certs-selfsigned.adoc#ssl-certs-selfsigned-create-replace[]. The difference " +"is that we import the certificates generated by an external PKI." +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-imported.adoc:34 #, no-wrap -msgid "salt-key -F master\n" +msgid "Procedure: Replacing Existing Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:19 +#: modules/administration/pages/ssl-certs-imported.adoc:35 msgid "" -"On your client, open the [path]``/etc/salt/minion`` configuration file. " -"Uncomment the following line and enter the master's fingerprint replacing " -"the example fingerprint:" +"On the {productname} Server, at the command prompt, move the old certificate " +"directory to a backup location:" msgstr "" #. type: delimited block - -#: modules/administration/pages/master-fingerprint.adoc:23 +#: modules/administration/pages/ssl-certs-imported.adoc:36 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:21 #, no-wrap -msgid "master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'\n" +msgid "mv /root/ssl-build /root/old-ssl-build\n" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:26 -msgid "Restart the salt-minion service:" +#: modules/administration/pages/ssl-certs-imported.adoc:37 +msgid "Generate a CA certificate RPM from the new certificate:" msgstr "" #. type: delimited block - -#: modules/administration/pages/master-fingerprint.adoc:30 +#: modules/administration/pages/ssl-certs-imported.adoc:38 #, no-wrap -msgid "# systemctl restart salt-minion\n" +msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\" --from-ca-cert=\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:39 +msgid "Generate a new server certificate RPM:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:40 +#, no-wrap +msgid "rhn-ssl-tool --gen-server --rpm-only --dir=\"/root/ssl-build\" --from-server-key= --from-server-cert=\n" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:32 +#: modules/administration/pages/ssl-certs-imported.adoc:41 msgid "" -"For information on configuring security from a client, see https://docs." -"saltstack.com/en/latest/ref/configuration/minion.html." +"When you create the new server certificate RPM, you might get a warning that " +"server certificate request file could not be found. This file is not " +"required, and the procedure will complete correctly without it. However, if " +"you want to avoid the error, you can copy the file into the server " +"directory, and name it [path]``server.csr``:" msgstr "" -#. type: Title = -#: modules/administration/pages/mirror-sources.adoc:2 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:42 #, no-wrap -msgid "Mirror Source Packages" +msgid "cp .csr /root/ssl-build//server.csr\n" msgstr "" #. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:5 +#: modules/administration/pages/ssl-certs-imported.adoc:43 msgid "" -"If you build your own packages locally, or if you require the source code " -"for your packages for legal reasons, it is possible to mirror the source " -"packages on {productname} Server." +"When you have created the new [path]``ssl-build`` directory, you can create " +"combined certificate RPMs and deploy them on the clients. For the " +"procedures to do this, see xref:administration:ssl-certs-selfsigned.adoc[]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/mirror-sources.adoc:9 +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:44 msgid "" -"Mirroring source packages can consume a significant amount of disk space." +"If you are using a proxy, you will need to generate a server certificate RPM " +"for each proxy, using their host names and cnames." msgstr "" -#. type: Block title -#: modules/administration/pages/mirror-sources.adoc:11 +#. type: Title = +#: modules/administration/pages/tshoot-notifications.adoc:1 #, no-wrap -msgid "Procedure: Mirroring Source Packages" +msgid "Troubleshooting Notifications" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:13 +#: modules/administration/pages/tshoot-notifications.adoc:2 msgid "" -"Open the [filename]``/etc/rhn/rhn.conf`` configuration file, and add this " -"line:" +"The default lifetime of notification messages is 30 days, after which " +"messages are deleted from the database, regardless of read status. To " +"change this value, add or edit this line in [path]``/etc/rhn/rhn.conf``:" msgstr "" #. type: delimited block - -#: modules/administration/pages/mirror-sources.adoc:17 +#: modules/administration/pages/tshoot-notifications.adoc:3 #, no-wrap -msgid "server.sync_source_packages = 1\n" +msgid "java.notifications_lifetime = 30\n" msgstr "" #. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:19 -msgid "Restart the Spacewalk service to pick up the changes:" +#: modules/administration/pages/tshoot-notifications.adoc:4 +msgid "" +"All notification types are enabled by default. To disable a notification " +"type, add or edit this line in [path]``/etc/rhn/rhn.conf``:" msgstr "" #. type: delimited block - -#: modules/administration/pages/mirror-sources.adoc:23 +#: modules/administration/pages/tshoot-notifications.adoc:5 #, no-wrap -msgid "spacewalk-service restart\n" +msgid "java.notifications_type_disabled = OnboardingFailed,ChannelSyncFailed,ChannelSyncFinished\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:27 -msgid "" -"Currently, this feature can only be enabled globally for all repositories. " -"It is not possible to select individual repositories for mirroring." +#. type: Title = +#: modules/administration/pages/auth-methods.adoc:1 +#, no-wrap +msgid "Authentication Methods" msgstr "" #. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:31 +#: modules/administration/pages/auth-methods.adoc:2 msgid "" -"When this feature has been activated, the source packages will become " -"available in the {productname} {webui} after the next repository " -"synchronization. They will be shown as sources for the binary package, and " -"can be downloaded directly from the {webui}. Source packages cannot be " -"installed on clients using the {webui}." +"{productname} supports several different authentication methods. This " +"section discusses pluggable authentication modules (PAM) and single sign-on " +"(SSO)." msgstr "" #. type: Title = -#: modules/administration/pages/reports.adoc:2 +#: modules/administration/pages/public-cloud-azure.adoc:1 #, no-wrap -msgid "Generate Reports" +msgid "{productname} with Azure" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:7 +#: modules/administration/pages/public-cloud-azure.adoc:2 msgid "" -"The [command]``spacewalk-report`` command is used to produce a variety of " -"reports. These reports can be helpful for taking inventory of your " -"subscribed systems, users, and organizations. Using reports is often " -"simpler than gathering information manually from the {susemgr} {webui}, " -"especially if you have many systems under management." +"You can use {productname} Server and Proxy with the Microsoft Azure public " +"cloud. This section discusses what you will need for running {productname} " +"in Azure, and how to set up your installation." +msgstr "" + +#. type: Title == +#: modules/administration/pages/public-cloud-azure.adoc:3 +#, no-wrap +msgid "Configure the Azure Cloud Instance" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:9 +#: modules/administration/pages/public-cloud-azure.adoc:4 msgid "" -"To generate reports, you must have the [package]``spacewalk-reports`` " -"package installed." +"Use the ``SUSE Manager Server 4 BYOS`` image. The image is a pre-built " +"image created by {suse}. It is based on JeoS, and SUSE Manager is pre-" +"installed but not configured. Configuring SUSE Manager has to be done " +"manually with {yast}." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:11 +#: modules/administration/pages/public-cloud-azure.adoc:5 msgid "" -"The [command]``spacewalk-report`` command allows you to organize and display " -"reports about content, systems, and user resources across {productname}." +"When you create your Azure virtual machine, choose something `like d8s_v3` " +"with 8{nbsp}vCPUs and 32{nbsp}GB RAM." msgstr "" +#. * Up to 4 data disks +#. * Max IOPS 2400 +#. * Temporary storage disk of 16{nbsp}GB. +#. Data on this disk will be destroyed after the guest has been switched off. #. type: Plain text -#: modules/administration/pages/reports.adoc:13 -msgid "You can generate reports on:" +#: modules/administration/pages/public-cloud-azure.adoc:6 +msgid "When you are setting up disk partitioning, we recommend:" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:15 -msgid "System Inventory: list all the systems registered to {productname}." +#: modules/administration/pages/public-cloud-azure.adoc:7 +msgid "30{nbsp}GB for the disk running the operating system" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:17 -msgid "" -"Patches: list all the patches relevant to the registered systems. You can " -"sort patches by severity, as well as the systems that apply to a particular " -"patch." +#: modules/administration/pages/public-cloud-azure.adoc:8 +msgid "Select `Standard HDD` for the storage account type" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:9 +msgid "You will also require three additional data disks:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:10 +msgid "Disk 0: 64{nbsp}GB on Premium SSD, mounted at [path]``/var/lib/pgsql``" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:18 +#: modules/administration/pages/public-cloud-azure.adoc:11 msgid "" -"Users: list all registered users and any systems associated with a " -"particular user." +"Disk 1: 512{nbsp}GB on Standard SSD, mounted at [path]``/var/spacewalk``" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:20 +#: modules/administration/pages/public-cloud-azure.adoc:12 +msgid "Disk 2: 128{nbsp}GB on Standard SSD, mounted at [path]``/var/cache``" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/public-cloud-azure.adoc:13 msgid "" -"To get the report in CSV format, run this command at the command prompt on " -"the server:" +"Do not use LVM with Azure. If you need more disk space, extend a disk in " +"the Azure portal, then extend the file system with [command]``xfs_growfs``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/reports.adoc:23 -#, no-wrap -msgid "spacewalk-report \n" +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:14 +msgid "Partition the disks like this:" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:26 -msgid "This table lists the available reports:" +#: modules/administration/pages/public-cloud-azure.adoc:15 +msgid "[path]``/dev/sda``: 4 partitions containing the OS" msgstr "" -#. type: Block title -#: modules/administration/pages/reports.adoc:29 -#, no-wrap -msgid "[command]``spacewalk-report`` Reports" +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:16 +msgid "[path]``/dev/sdb``: temporary storage disk, do not use" msgstr "" -#. type: Table -#: modules/administration/pages/reports.adoc:84 +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:17 +msgid "[path]``/dev/sdc``: contains [path]``/var/lib/pgsql``" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:18 +msgid "[path]``/dev/sdd``: contains [path]``/var/spacewalk``" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:19 +msgid "[path]``/dev/sde``: contains [path]``/var/cache``" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:20 +msgid "You can use these commands to create the disks:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:21 #, no-wrap msgid "" -"|Report | Invoked as | Description\n" -"| Actions | [command]``actions`` | All actions.\n" -"| Activation Keys | [command]``activation-keys`` | All activation keys, and the entitlements, channels, configuration channels, system groups, and packages associated with them.\n" -"| Activation Keys: Channels | [command]``activation-keys-channels`` | All activation keys and the entities associated with each key.\n" -"| Activation Keys: Configuration | [command]``activation-keys-config`` | All activation keys and the configuration channels associated with each key.\n" -"| Activation Keys: Server Groups | [command]``activation-keys-groups`` | All activation keys and the system groups associated with each key.\n" -"| Activation Keys: Packages | [command]``activation-keys-packages`` | All activation keys and the packages each key can deploy.\n" -"| Channel Packages | [command]``channel-packages`` | All packages in a channel.\n" -"| Channel Report | [command]``channels`` | Detailed report of a given channel.\n" -"| Cloned Channel Report | [command]``cloned-channels`` | Detailed report of cloned channels.\n" -"| Configuration Files | [command]``config-files`` | All configuration file revisions for all organizations, including file contents and file information.\n" -"| Latest Configuration Files | [command]``config-files-latest`` | The most recent configuration file revisions for all organizations, including file contents and file information.\n" -"| Custom Channels | [command]``custom-channels`` | Channel metadata for all channels owned by specific organizations.\n" -"| Custom Info | [command]``custom-info`` | Client custom information.\n" -"| Patches in Channels | [command]``errata-channels`` | All patches in channels.\n" -"| Patches Details | [command]``errata-list`` | All patches that affect registered clients.\n" -"| All patches | [command]``errata-list-all`` | All patches.\n" -"| Patches for Clients | [command]``errata-systems`` | Applicable patches and any registered clients that are affected.\n" -"| Host Guests | [command]``host-guests`` | Host and guests mapping.\n" -"| Inactive Clients | [command]``inactive-systems`` | Inactive clients.\n" -"| System Inventory | [command]``inventory`` | Clients registered to the server, together with hardware and software information.\n" -"| Kickstart Scripts | [command]``kickstart-scripts`` | All kickstart scripts, with details.\n" -"| Kickstart Trees | [command]``kickstartable-trees`` | Kickstartable trees.\n" -"| All Upgradable Versions | [command]``packages-updates-all`` | All newer package versions that can be upgraded.\n" -"| Newest Upgradable Version | [command]``packages-updates-newest`` | Newest package versions that can be upgraded.\n" -"| Proxy Overview | [command]``proxies-overview`` | All proxies and the clients registered to each.\n" -"| Repositories | [command]``repositories`` | All repositories, with their associated SSL details, and any filters.\n" -"| Result of SCAP | [command]``scap-scan`` | Result of OpenSCAP ``sccdf`` evaluations.\n" -"| Result of SCAP | [command]``scap-scan-results`` | Result of OpenSCAP ``sccdf`` evaluations, in a different format.\n" -"| System Data | [command]``splice-export`` | Client data needed for splice integration.\n" -"| System Crash: Count | [command]``system-crash-count`` | The total number of client crashes.\n" -"| System Crash: Details | [command]``system-crash-details`` | Crash details for all clients.\n" -"| System Currency | [command]``system-currency`` | Number of available patches for each registered client.\n" -"| System Extra Packages | [command]``system-extra-packages`` | All packages installed on all clients that are not available from channels the client is subscribed to.\n" -"| System Groups | [command]``system-groups`` | System groups.\n" -"| Activation Keys for System Groups | [command]``system-groups-keys`` | Activation keys for system groups.\n" -"| Systems in System Groups | [command]``system-groups-systems`` | Clients in system groups.\n" -"| System Groups Users | [command]``system-groups-users`` | System groups and users that have permissions on them.\n" -"| History: System | [command]``system-history`` | Event history for each client.\n" -"| History: Channels | [command]``system-history-channels`` | Channel event history.\n" -"| History: Configuration | [command]``system-history-configuration`` | Configuration event history.\n" -"| History: Entitlements | [command]``system-history-entitlements`` | System entitlement event history.\n" -"| History: Errata | [command]``system-history-errata`` | Errata event history.\n" -"| History: Kickstart | [command]``system-history-kickstart`` | Kickstart event history.\n" -"| History: Packages | [command]``system-history-packages`` | Package event history.\n" -"| History: SCAP | [command]``system-history-scap`` | OpenSCAP event history.\n" -"| MD5 Certificates | [command]``system-md5-certificates`` | All registered clients using certificates with an MD5 checksum.\n" -"| Installed Packages | [command]``system-packages-installed`` | Packages installed on clients.\n" -"| System Profiles | [command]``system-profiles`` | All clients registered to the server, with software and system group information.\n" -"| Users | [command]``users`` | All users registered to {productname}.\n" -"| MD5 Users | [command]``users-md5`` | All users for all organizations using MD5 encrypted passwords, with their details and roles.\n" -"| Systems administered | [command]``users-systems`` | Clients that individual users can administer.\n" +"for d in sdc sdd sde; do\n" +" parted --script /dev/$d mklabel gpt mkpart primary xfs 0% 100%\n" +" mkfs.xfs /dev/${d}1\n" +"done\n" +"mkdir /cachetmp\n" +"mount /dev/sde1 /cachetmp\n" +"cp -a /var/cache/* /cachetmp/\n" +"umount /cachetmp\n" +"echo \"$(blkid /dev/sdc1|awk -F \" \" '{ print $2 }') /var/lib/pgsql xfs defaults,noatime 0 0\" >> /etc/fstab\n" +"echo \"$(blkid /dev/sdd1|awk -F \" \" '{ print $2 }') /var/spacewalk xfs defaults,noatime 0 0\" >> /etc/fstab\n" +"echo \"$(blkid /dev/sde1|awk -F \" \" '{ print $2 }') /var/cache xfs defaults,noatime 0 0\" >> /etc/fstab\n" +"mkdir -p /var/spacewalk\n" +"mount /var/spacewalk\n" +"chown -R wwwrun:root /var/spacewalk\n" +"mount /var/lib/pgsql\n" +"chown -R postgres:postgres /var/lib/pgsql\n" +"mv /var/cache /var/cache.old\n" +"mkdir /var/cache\n" +"mount /var/cache\n" +"rm -r /var/cache.old\n" +msgstr "" + +#. REMARK: I guess you do this in your Azure instance +#. REMARK: Where do you configure this? +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:22 +msgid "" +"When you are setting up networking, we recommend that you create a separate " +"private network, with the IP range `10.0.0.0/24`." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:23 +msgid "" +"Configure the {productname} Server to use the internal IP address " +"`10.0.0.4`. Ensure it is also accessible from outside the network with a " +"fixed IP address." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:24 +msgid "" +"Configure the firewall to only allow inbound traffic on ports `22`, `80`, " +"and `443` to IP address `10.0.0.4`. In this environment, if other servers " +"are added to the network they cannot be reached from outside the network." +msgstr "" + +#. REMARK: Was does this mean? +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:25 +msgid "" +"Outbound is open from the private network. This should be restricted for " +"other servers in this private network." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:26 +msgid "" +"You will need to set the DNS zones in Azure before you can configure the " +"{productname} Server. For more information on setting DNS zones, see the " +"Azure documentation." +msgstr "" + +#. type: Title == +#: modules/administration/pages/public-cloud-azure.adoc:27 +#, no-wrap +msgid "Configure {productname} Server" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:28 +msgid "Ensure that your {productname} Server is registered with {scc}." +msgstr "" + +#. I wonder why we do even need spacecmd +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:29 +msgid "When your server is registered, install these extra packages:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:30 +#, no-wrap +msgid "zypper -n in spacecmd mlocate sysstat\n" +msgstr "" + +#. spacecmd will be installed by default next time +#. ^ How is so? +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:31 +msgid "Apply the latest updates and reboot the server:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:32 +#, no-wrap +msgid "" +"zypper -n up -l\n" +"reboot\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:33 +msgid "Check that all file systems are mounted and that PostgreSQL is running:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:34 +#, no-wrap +msgid "" +"mount\n" +"service postgresql status\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:35 +msgid "" +"Complete {productname} Server installation and configuration. For more " +"information, see xref:installation:server-setup.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:36 +msgid "" +"We recommend you configure the {productname} Server so that DHCP does not " +"set the host name. Check [path]``/etc/sysconfig/network/dhcp`` and ensure " +"that `DHCLIENT_SET_HOSTNAME` is set to [literal]``no``:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:37 +#: modules/administration/pages/public-cloud.adoc:26 +#, no-wrap +msgid "DHCLIENT_SET_HOSTNAME=\"no\"\n" +msgstr "" + +#. REMARK: hostname -i? +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:38 +msgid "" +"Add the Azure client to the [path]``/etc/hosts`` file. At the command " +"prompt, replace [literal]```` with the IP address of the server:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:39 +#, no-wrap +msgid "echo \" $(hostname -f) $(hostname)\" >> /etc/hosts\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:40 +msgid "" +"{productname} Server has a default administration user. In Azure, the " +"system administrator user is called [literal]``admin``. The `admin` user's " +"password is built with two parts. The first part can be found by using this " +"command:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:41 +#, no-wrap +msgid "azuremetadata --instance-name\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:42 +msgid "The second part of the password is [literal]``-suma``" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:43 +msgid "" +"Alternatively, you can check the [path]``/var/log/susemanager_firstuser." +"log`` file." +msgstr "" + +#. REMARK: Do we want to list the details here? Or is such a general xref good enough? +#. For the SUSE Manager setup configuration in general, see xref:installation:server-setup.adoc[], _procedure "{productname} Setup"_. +#. Pay special attention to the following settings: +#. * In the first dialog, select [guimenu]``Set up SUSE Manager from scratch`` +#. * In the next dialog, enter a valid mail address for the administrator +#. * It is very important to remember the password given for SSL. +#. Without this password no SUSE Manager Proxy Server can be installed and no other changes can be made to the certificate. +#. For example, this certificate is eg used on all registered systems to communicate with SUSE Manager Server. +#. * In the [guimenu]``Database Settings`` dialog, it is enough to provide a password. +#. Make sure also to remember this password. +#. With these settings the installation can be started. +#. The installation will finish without further input. +#. type: Title = +#: modules/administration/pages/mgr-sync.adoc:1 +#, no-wrap +msgid "Using ``mgr-sync``" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:2 +msgid "" +"The ``mgr-sync`` tool is used at the command prompt. It provides functions " +"for using {productname} that are not always available in the {webui}. The " +"primary use of ``mgr-sync`` is to connect to the {scc}, retrieve product and " +"package information, and prepare channels for synchronization with the " +"{productname} Server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:3 +msgid "" +"This tool is designed for use with a {suse} support subscription. It is not " +"required for open source distributions, including {opensuse}, {centos}, and " +"{ubuntu}." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:4 +msgid "" +"The available commands and arguments for ``mgr-sync`` are listed in this " +"table. Use this syntax for ``mgr-sync`` commands:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/mgr-sync.adoc:5 +#, no-wrap +msgid "mgr-sync [-h] [--version] [-v] [-s] [-d {1,2,3}] {list,add,refresh,delete}\n" +msgstr "" + +#. type: Block title +#: modules/administration/pages/mgr-sync.adoc:6 +#, no-wrap +msgid "mgr-sync Commands" +msgstr "" + +#. type: Table +#: modules/administration/pages/mgr-sync.adoc:7 +#, no-wrap +msgid "" +"| Command | Description | Example Use\n" +"| list | List channels, organization credentials, or products | ``mgr-sync list channels``\n" +"| add | Add channels, organization credentials, or products | ``mgr-sync add channel ``\n" +"| refresh | Refresh the local copy of products, channels, and subscriptions | ``mgr-sync refresh``\n" +"| delete | Delete existing SCC organization credentials from the local system | ``mgr-sync delete credentials``\n" +"| sync | Synchronize specified channel or ask for it when left blank| ``mgr-sync sync channel ``\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:8 +msgid "" +"To see the full list of options specific to a command, use this command:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/mgr-sync.adoc:9 +#, no-wrap +msgid "mgr-sync --help\n" +msgstr "" + +#. type: Block title +#: modules/administration/pages/mgr-sync.adoc:10 +#, no-wrap +msgid "mgr-sync Optional Arguments" +msgstr "" + +#. type: Table +#: modules/administration/pages/mgr-sync.adoc:11 +#, no-wrap +msgid "" +"| Option | Abbreviated option | Description | Example Use\n" +"| help | ``h`` | Display the command usage and options | ``mgr-sync --help``\n" +"| version | N/A | Display the currently installed version of ``mgr-sync`` | ``mgr-sync --version``\n" +"| verbose | ``v`` | Provide verbose output | ``mgr-sync --verbose refresh``\n" +"| store-credentials | ``s`` | Store credentials a local hidden file | ``mgr-sync --store-credentials``\n" +"| debug | ``d`` | Log additional debugging information. Requires a level of 1, 2, 3. 3 provides the highest amnount of debugging information | ``mgr-sync -d 3 refresh``\n" +"| no-sync | N/A | Use with the ``add`` command to add products or channels without beginning a synchronization | ``mgr-sync --no-sync add ``\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:12 +msgid "Logs for ``mgr-sync`` are located in:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:13 +msgid "[path]``/var/log/rhn/mgr-sync.log``" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:14 +msgid "[path]``/var/log/rhn/rhn_web_api.log``" +msgstr "" + +#. type: Title = +#: modules/administration/pages/ssl-certs.adoc:1 +#, no-wrap +msgid "SSL Certificates" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:2 +msgid "" +"{productname} uses SSL certificates to ensure that clients are registered to " +"the correct server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:3 +msgid "" +"Every client that uses SSL to register to the {productname} Server checks " +"that it is connecting to the right server by validating against a server " +"certificate. This process is called an SSL handshake." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:4 +msgid "" +"During the SSL handshake, the client will check that the hostname in the " +"server certificate matches what it expects. The client also needs to check " +"if the server certificate is trusted." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:5 +msgid "" +"Every {productname} Server that uses SSL requires an SSL server " +"certificate. Provide the path to the server certificate using the " +"``SERVER_CERT`` environment variable during setup, or with the ``--from-" +"server-cert`` option of the [command]``rhn-ssl-tool`` command." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:6 +msgid "" +"Certificate authorities (CAs) are certificates that are used to sign other " +"certificates. All certificates must be signed by a certificate authority " +"(CA) in order for them to be considered valid, and for clients to be able to " +"successfully match against them." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:7 +msgid "" +"When an organization signs its own certificate, the certificate is " +"considered self-signed. A self-signed certificate is straight-forward to " +"set up, and does not cost any money, but they are considered less secure. " +"If you are using a self-signed certificate, you will have a root CA that is " +"signed with itself. When you look at the details of a root CA, you will see " +"that the subject has the same value as the issuer. Provide the path to your " +"root CA certificate using the ``CA_CERT`` environment variable during setup, " +"or with the ``--ca-cert`` option of the [command]``rhn-ssl-tool`` command." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:8 +msgid "" +"In order for SSL authentication to work correctly, the client must trust the " +"root CA. This means that the root CA must be installed on every client." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:9 +msgid "" +"The default method of SSL authentication is for {productname} to use self-" +"signed certificates. In this case, {productname} has generated all the " +"certificates, and the root CA has signed the server certificate directly." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:10 +msgid "" +"An alternative method is to use an intermediate CA. In this case, the root " +"CA signs the intermediate CA. The intermediate CA can then sign any number " +"of other intermediate CAs, and the final one signs the server certificate. " +"This is referred to as a chained certificate." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:11 +msgid "" +"If you are using intermediate CAs in a chained certificate, the root CA is " +"installed on the client, and the server certificate is installed on the " +"server. During the SSL handshake, clients must be able to verify the entire " +"chain of intermediate certificates between the root CA and the server " +"certificate, so they must be able to access all the intermediate " +"certificates." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:12 +msgid "" +"There are two main ways of achieving this. In {productname}, by default, " +"all the intermediate CAs are installed on the client. However, you could " +"also configure your services on the server to provide them to the client. " +"In this case, during the SSL handshake, the server presents the server " +"certificate as well as all the intermediate CAs." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:13 +msgid "" +"Whichever method you choose, you must ensure that the ``CA_CERT`` " +"environment variable points to the root CA, and all intermediate CAs. It " +"should not contain the server certificate. The server certificate must be " +"defined at the ``SERVER_CERT`` environment variable." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:14 +msgid "" +"By default, {productname} uses a self-signed certificate. For additional " +"security, you can arrange a third party CA to sign your certificates. Third " +"party CAs perform checks to ensure that the information contained in the " +"certificate is correct. They will usually charge an annual fee for this " +"service. Using a third party CA makes certificates harder to spoof, and " +"will provide additional protection for your installation. If you have " +"certificates signed by a third party CA, you can import them to your " +"{productname} installation." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:15 +msgid "" +"For more on self-signed certificates, see xref:administration:ssl-certs-" +"selfsigned.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:16 +msgid "" +"For more on imported certificates, see xref:administration:ssl-certs-" +"imported.adoc[]." +msgstr "" + +#. type: Title = +#: modules/administration/pages/tshoot-taskomatic.adoc:1 +#, no-wrap +msgid "Troubleshooting Taskomatic" +msgstr "" + +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step +#. type: Plain text +#: modules/administration/pages/tshoot-taskomatic.adoc:2 +msgid "" +"Repository metadata regeneration is a relatively intensive process, so " +"Taskomatic can take several minutes to complete. Additionally, if " +"Taskomatic crashes, repository metadata regeneration can be interrupted." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-taskomatic.adoc:3 +msgid "" +"If Taskomatic is still running, or if the process has crashed, package " +"updates can seem available in the {webui}, but will not appear on the " +"client, and attempts to update the client will fail. In this case, the " +"[command]``zypper ref`` command will show an error like this:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:4 +#, no-wrap +msgid "Valid metadata not found at specified URL\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-taskomatic.adoc:5 +msgid "" +"To correct this, determine if Taskomatic is still in the process of " +"generating repository metadata, or if a crash could have occurred. Wait for " +"metadata regeneration to complete or restart Taskomatic after a crash in " +"order for client updates to be carried out correctly." +msgstr "" + +#. type: Block title +#: modules/administration/pages/tshoot-taskomatic.adoc:6 +#, no-wrap +msgid "Procedure: Resolving Taskomatic Problems" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-taskomatic.adoc:7 +msgid "" +"On the {productname} Server, check the [path]``/var/log/rhn/" +"rhn_taskomatic_daemon.log`` file to determine if any metadata regeneration " +"processes are still running, or if a crash occurred." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-taskomatic.adoc:8 +msgid "Restart taskomatic:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:9 +#, no-wrap +msgid "service taskomatic restart\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-taskomatic.adoc:10 +msgid "" +"In the Taskomatic log files, you can identify the section related to " +"metadata regeneration by looking for opening and closing lines that look " +"like this:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:11 +#, no-wrap +msgid " ,174 [Thread-584] INFO com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Generating new repository metadata for channel 'cloned-2018-q1-sles12-sp3-updates-x86_64'(sha256) 550 packages, 140 errata\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:12 +#, no-wrap +msgid "...\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:13 +#, no-wrap +msgid " ,704 [Thread-584] INFO com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Repository metadata generation for 'cloned-2018-q1-sles12-sp3-updates-x86_64' finished in 4 seconds\n" +msgstr "" + +#. type: Title = +#: modules/administration/pages/actions.adoc:1 +#, no-wrap +msgid "Actions" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:2 +msgid "You can manage actions on your clients in a number of different ways." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:3 +msgid "" +"For Salt clients, you can schedule automated recurring actions to apply the " +"highstate to clients on a specified schedule. You can apply recurring " +"actions to individual clients, to all clients in a system group, or to an " +"entire organization." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:4 +msgid "" +"On both Salt and traditional clients, you can set actions to be performed in " +"a particular order by creating action chains. Action chains can be created " +"and edited ahead of time, and scheduled to run at a time that suits you." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:5 +msgid "" +"You can also perform remote commands on one or more of your Salt clients. " +"Remote commands allows you to issue commands to individual Salt clients, or " +"to all clients that match a search term." +msgstr "" + +#. type: Title == +#: modules/administration/pages/actions.adoc:6 +#, no-wrap +msgid "Recurring Actions" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:7 +msgid "" +"You can apply recurring actions on individual Salt clients, or to all " +"clients in an organization." +msgstr "" + +#. type: Block title +#: modules/administration/pages/actions.adoc:8 +#, no-wrap +msgid "Procedure: Creating a New Recurring Action" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:9 +msgid "" +"To apply a recurring action to an individual client, navigate to " +"[guimenu]``Systems``, click the client to configure schedules for, and " +"navigate to the menu:States[Recurring States] tab." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:10 +msgid "" +"To apply a recurring action to a system group, navigate to menu:" +"Systems[System Groups], select the group to configure schedules for, and " +"navigate to menu:States[Recurring States] tab." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:11 +msgid "Click btn:[Create]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:12 +msgid "Type a name for the new schedule." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:13 +msgid "Choose the frequency of the recurring action:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:14 +msgid "[guimenu]``Hourly:`` Type the minute of each hour." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:15 +msgid "" +"For example, [parameter]``15`` will run the action at fifteen minutes past " +"every hour." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:16 +msgid "[guimenu]``Daily:`` Select the time of each day." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:17 +msgid "" +"For example, [parameter]``01:00`` will run the action at 0100 every day, in " +"the timezone of the {productname} Server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:18 +msgid "" +"[guimenu]``Weekly:`` Select the day of the week and the time of the day, to " +"execute the action every week at the specified time." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:19 +msgid "" +"[guimenu]``Monthly:`` Select the day of the month and the time of the day, " +"to execute the action every month at the specified time." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:20 +msgid "" +"[guimenu]``Custom Quartz format:`` For more detailed options, enter a custom " +"quartz string." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:21 +msgid "" +"For example, to run a recurring action at 0215 every Saturday of every " +"month, enter:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/actions.adoc:22 +#, no-wrap +msgid "0 15 2 ? * 7\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:23 +msgid "" +"OPTIONAL: Toggle the [guimenu]``Test mode`` switch on to run the schedule in " +"test mode." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:24 +msgid "" +"Click btn:[Create Schedule] to save, and see the complete list of existing " +"schedules." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:25 +msgid "" +"Organization Administrators can set and edit recurring actions for all " +"clients in the organization. Navigate to menu:Home[My Organization > " +"Recurring States] to see all recurring actions that apply to the entire " +"organization." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:26 +msgid "" +"{productname} Administrators can set and edit recurring actions for all " +"clients in all organizations. Navigate to menu:Admin[Organizations], select " +"the organization to manage, and navigate to the menu:States[Recurring " +"States] tab." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/actions.adoc:27 +msgid "" +"Recurring actions can only be used with Salt clients. Traditional clients " +"in your group or organization are ignored." +msgstr "" + +#. type: Title == +#: modules/administration/pages/actions.adoc:28 +#, no-wrap +msgid "Action Chains" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:29 +msgid "" +"If you need to perform a number of sequential actions on your clients, you " +"can create an action chain to ensure the order is respected." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:30 +msgid "" +"By default, most clients will execute an action as soon as the command is " +"issued. In some case, actions will take a long time, which could mean that " +"actions issued afterwards fail. For example, if you instruct a client to " +"reboot, then issue a second command, the second action could fail because " +"the reboot is still occurring. To ensure that actions occur in the correct " +"order, use action chains." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:31 +msgid "" +"You can use action chains on both traditional and Salt clients. Action " +"chains can include any number of these actions, in any order:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:32 +msgid "menu:System Details[Remote Command]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:33 +msgid "menu:System Details[Schedule System Reboot]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:34 +msgid "menu:System Details[States > Highstate]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:35 +msgid "menu:System Details[Software > Packages > List/Remove]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:36 +msgid "menu:System Details[Software > Packages > Install]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:37 +msgid "menu:System Details[Software > Packages > Upgrade]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:38 +msgid "menu:System Details[Software > Patches]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:39 +msgid "menu:System Details[Software > Software Channels]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:40 +msgid "menu:System Details[Configuration]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:41 +msgid "menu:Images[Build]" +msgstr "" + +#. type: Block title +#: modules/administration/pages/actions.adoc:42 +#, no-wrap +msgid "Procedure: Creating a New Action Chain" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:43 +msgid "" +"In the {productname} {webui}, navigate to the first action you want to " +"perform in the action chain." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:44 +msgid "" +"For example, navigate to [guimenu]``System Details`` for a client, and click " +"btn:[Schedule System Reboot]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:45 +msgid "Check the [guimenu]``Add to`` field and select ``new action chain``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:46 +msgid "Confirm the action." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:47 +msgid "" +"This will not perform the action immediately, it will instead create the new " +"action chain, and a blue bar confirming this appears at the top of the " +"screen." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:88 +#: modules/administration/pages/actions.adoc:48 msgid "" -"For more information about an individual report, run [command]``spacewalk-" -"report`` with the option [option]``--info`` or [option]``--list-fields-" -"info`` and the report name. The description and list of possible fields in " -"the report will be shown." +"Continue adding actions to your action chain by checking the [guimenu]``Add " +"to`` field and selecting the name of the action chain to add them to." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:89 +#: modules/administration/pages/actions.adoc:49 msgid "" -"For further information on program invocation and options, see the " -"[literal]``spacewalk-report(8)`` man page as well as the [option]``--" -"help``parameter of the [command]``spacewalk-report`` command." +"When you have finished adding actions, navigate to menu:Schedule[Action " +"Chains] and selecting the action chain from the list." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-corruptrepo.adoc:2 +#. type: Plain text +#: modules/administration/pages/actions.adoc:50 +msgid "" +"Re-order actions by dragging them and dropping them into the correct " +"position." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:51 +msgid "" +"Click the blue plus sign to see the clients an action will be performed on. " +"Click btn:[Save] to save your changes." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:52 +msgid "" +"Schedule a time for your action chain to run, and click btn:[Save and " +"Schedule]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:53 +msgid "" +"If you leave the page without clicking either btn:[Save] or btn:[Save and " +"Schedule] all unsaved changes will be discarded." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/actions.adoc:54 +msgid "" +"If one action in an action chain fails, the action chain stops, and no " +"further actions are executed." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:55 +msgid "" +"You can see scheduled actions from action chains by navigating to menu:" +"Schedule[Pending Actions]." +msgstr "" + +#. type: Title == +#: modules/administration/pages/actions.adoc:56 #, no-wrap -msgid "Troubleshooting Corrupt Repositories" +msgid "Remote Commands" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-corruptrepo.adoc:26 +#: modules/administration/pages/actions.adoc:57 msgid "" -"The information in the repository metadata files can become corrupt or out " -"of date. This can create problems with updating clients. You can fix this " -"by removing the files and regenerating it. With an new repository data " -"file, updates should operate as expected." +"You can configure clients to run commands remotely. This allows you to " +"issue scripts or individual commands to a client, without having access to " +"the client directly." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:58 +msgid "" +"This feature is automatically enabled on Salt clients, and you do not need " +"to perform any further configuration. For traditional clients, the feature " +"is enabled if you have registered the client using a bootstrap script and " +"have enabled remote commands. You can use this procedure to enable it " +"manually, instead." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:59 +msgid "" +"Before you begin, ensure your client is subscribed to the appropriate tools " +"child channel for its installed operating system. For more information " +"about subscribing to software channels, see xref:client-configuration:" +"channels.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-corruptrepo.adoc:27 +#: modules/administration/pages/actions.adoc:60 #, no-wrap -msgid "Procedure: Resolving Corrupt Repository Data" +msgid "Procedure: Configuring Traditional Clients to Accept Remote Commands" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-corruptrepo.adoc:30 +#: modules/administration/pages/actions.adoc:61 msgid "" -"Remove all files from [path]``/var/cache/rhn/repodata/-" -"updates-x86_64``. If you do not know the channel label, you can find it in " -"the {productname} {webui}, by navigating to menu:Software[Channels > Channel " -"Label]." +"On the client, at the command prompt, use the package manager to install the " +"[systemitem]``rhncfg``, [systemitem]``rhncfg-client``, and " +"[systemitem]``rhncfg-actions`` packages, if not already installed." +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/actions.adoc:63 +#, no-wrap +msgid "zypper in rhncfg rhncfg-client rhncfg-actions\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-corruptrepo.adoc:31 -msgid "Regenerate the file from the command line:" +#: modules/administration/pages/actions.adoc:64 +msgid "" +"On the client, at the command prompt, as root, create a path in the local " +"configuration directory:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-corruptrepo.adoc:34 +#: modules/administration/pages/actions.adoc:65 #, no-wrap -msgid "spacecmd softwarechannel_regenerateyumcache -updates-x86_64\n" +msgid "mkdir -p /etc/sysconfig/rhn/allowed-actions/script\n" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-diskspace.adoc:2 +#. type: Plain text +#: modules/administration/pages/actions.adoc:66 +msgid "Create an empty file called [path]``run`` in the new directory." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:67 +msgid "" +"This file grants the {productname} Server permission to run remote commands:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/actions.adoc:68 #, no-wrap -msgid "Troubleshooting Disk Space" +msgid "touch /etc/sysconfig/rhn/allowed-actions/script/run\n" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:23 +#: modules/administration/pages/actions.adoc:69 msgid "" -"Running out of disk space can have a severe impact on the {productname} " -"database and file structure which, in most cases, is not recoverable." +"For Salt clients, remote commands are run from the [path]``/tmp/`` directory " +"on the client. To ensure that remote commands work accurately, do not mount " +"``/tmp`` with the [parameter]``noexec`` option." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/actions.adoc:70 +msgid "" +"All commands run from the [guimenu]``Remote Commands`` page are executed as " +"{rootuser} on clients. Wildcards can be used to run commands across any " +"number of systems. Always take extra care to check your commands before " +"issuing them." +msgstr "" + +#. type: Block title +#: modules/administration/pages/actions.adoc:71 +#, no-wrap +msgid "Procedure: Running Remote Commands on Traditional Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:26 +#: modules/administration/pages/actions.adoc:72 msgid "" -"{productname} monitors free space in specific directories, and has " -"configurable alerts. For more on space management, see xref:administration:" -"space-management.adoc[]." +"In the {productname} {webui}, navigate to [guimenu]``Systems``, click the " +"client to run a remote command on, and navigate to the menu:Details[Remote " +"Command] tab." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:73 +msgid "" +"In the [guimenu]``Run as user`` field, type the user ID (UID) of the user on " +"the client that you want to run the command." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:28 +#: modules/administration/pages/actions.adoc:74 msgid "" -"You can recover disk space by removing unused custom channels and redundant " -"database entries before you run out of space entirely." +"Alternatively, you can specify a group to run the command, using the group " +"ID (GID) in the [guimenu]``Run as group`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:30 +#: modules/administration/pages/actions.adoc:75 msgid "" -"For instructions on how to delete custom channels, see xref:administration:" -"channel-management.adoc[]." +"OPTIONAL: In the [guimenu]``Timeout`` field, type a timeout period for the " +"command, in seconds." msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-diskspace.adoc:31 -#, no-wrap -msgid "Procedure: Resolving redundant database entries" +#. type: Plain text +#: modules/administration/pages/actions.adoc:76 +msgid "If the command is not executed within this period, it will not be run." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:77 +msgid "In the [guimenu]``Command label`` field, type a name for your command." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:33 +#: modules/administration/pages/actions.adoc:78 msgid "" -"Use the [command]``spacewalk-data-fsck`` command to list any redundant " -"database entries." +"In the [guimenu]``Script`` field, type the command or script to execute." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:33 +#: modules/administration/pages/actions.adoc:79 msgid "" -"Use the [command]``spacewalk-data-fsck --remove`` command to delete them." +"Select a date and time to execute the command, or add the remote command to " +"an action chain." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-intro.adoc:2 -#, no-wrap -msgid "Troubleshooting" +#. type: Plain text +#: modules/administration/pages/actions.adoc:80 +msgid "Click btn:[Schedule] to schedule the remote command." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-intro.adoc:4 +#: modules/administration/pages/actions.adoc:81 msgid "" -"This section contains some common problems you might encounter with " -"{productname}, and solutions to resolving them." +"For more information about action chains, see xref:reference:schedule/action-" +"chains.adoc[]." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-localcert.adoc:2 +#. type: Block title +#: modules/administration/pages/actions.adoc:82 #, no-wrap -msgid "Troubleshooting Local Issuer Certificates" +msgid "Procedure: Running Remote Commands on Salt Clients" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-localcert.adoc:25 -msgid "" -"Some older bootstrap scripts create a link to the local certificate in the " -"wrong place. This results in zypper returning an ``Unrecognized error`` " -"about the local issuer certificate. You can ensure that the link to the " -"local issuer certificate has been created correctly by checking the [path]``/" -"etc/ssl/certs/`` directory. If you come across this problem, you should " -"consider updating your bootstrap scripts to ensure that zypper operates as " -"expected." +#: modules/administration/pages/actions.adoc:83 +msgid "Navigate to menu:Salt[Remote Commands]." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-logintimeout.adoc:2 -#, no-wrap -msgid "Troubleshooting Login Timeouts" +#. type: Plain text +#: modules/administration/pages/actions.adoc:84 +msgid "" +"In the first field, before the ``@`` symbol, type the command you want to " +"issue." msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:24 +#: modules/administration/pages/actions.adoc:85 msgid "" -"By default, the {productname} {webui} will require users to log in again " -"after 30{nbsp}minutes. Depending on your environment, you might want to " -"adjust the login timeout value." +"In the second field, after the ``@`` symbol, type the client you want to " +"issue the command on." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:28 +#: modules/administration/pages/actions.adoc:86 msgid "" -"To adjust the value, you will need to make the change in both [path]``rhn." -"conf`` and [path]``web.xml``. Ensure you set the value in seconds in " -"[path]``/etc/rhn/rhn.conf``, and in minutes in [path]``web.xml``. The two " -"values must equal the same amount of time." +"You can type the ``minion-id`` of an individual client, or you can use " +"wildcards to target a range of clients." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:30 +#: modules/administration/pages/actions.adoc:87 msgid "" -"For example, to change the timeout value to one hour, set the value in " -"[path]``rhn.conf`` to 3600 seconds, and the value in [path]``web.xml`` to 60 " -"minutes." +"Click btn:[Find targets] to check which clients you have targeted, and " +"confirm that you have used the correct details." msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-logintimeout.adoc:33 +#. type: Plain text +#: modules/administration/pages/actions.adoc:88 +msgid "Click btn:[Run command] to issue the command to the target clients." +msgstr "" + +#. type: Title = +#: modules/administration/pages/admin-overview.adoc:1 #, no-wrap -msgid "Procedure: Adjusting the {webui} Login Timeout Value" +msgid "Administration Guide Overview" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:35 -msgid "Stop services:" +#: modules/administration/pages/admin-overview.adoc:2 +#, no-wrap +msgid "**Publication Date:** {docdate}\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:40 +#: modules/administration/pages/admin-overview.adoc:3 msgid "" -"Open [path]``/etc/rhn/rhn.conf`` and add or edit this line to include the " -"new timeout value in seconds:" +"This book provides guidance on performing administration tasks on the " +"{productname} Server." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-logintimeout.adoc:43 +#. type: Title = +#: modules/administration/pages/auditing.adoc:1 #, no-wrap -msgid "web.session_database_lifetime = \n" +msgid "Auditing" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:45 -#: modules/administration/pages/tshoot-logintimeout.adoc:51 -msgid "Save and close the file." +#: modules/administration/pages/auditing.adoc:2 +msgid "" +"In {productname}, you can keep track of your clients through a series of " +"auditing tasks. You can check that your clients are up to date with all " +"public security patches (CVEs), perform subscription matching, and use " +"OpenSCAP to check for specification compliance." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:46 +#: modules/administration/pages/auditing.adoc:3 msgid "" -"Open [path]``/srv/tomcat/webapps/rhn/WEB-INF/web.xml`` and add or edit this " -"line to include the new timeout value in minutes:" +"In the {productname} {webui}, navigate to [guimenu]``Audit`` to perform " +"auditing tasks." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-logintimeout.adoc:49 +#. This will probably need to be broken into sub-sections. --LKB 20200205 +#. type: Title == +#: modules/administration/pages/auditing.adoc:4 #, no-wrap -msgid "Timeout_Value_in_Minutes\n" +msgid "CVE Audits" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:52 -msgid "Restart services:" +#: modules/administration/pages/auditing.adoc:5 +msgid "" +"A CVE (common vulnerabilities and exposures) is a fix for a publicly known " +"security vulnerability." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-packages.adoc:2 -#, no-wrap -msgid "Troubleshooting Package Inconsistencies" +#. type: delimited block = +#: modules/administration/pages/auditing.adoc:6 +msgid "You must apply CVEs to your clients as soon as they become available." msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:25 +#: modules/administration/pages/auditing.adoc:7 msgid "" -"When packages on a client are locked, {productname} Server may not be able " -"to correctly determine the set of applicable patches. When this occurs, " -"package updates will be available in the {webui}, but will not appear on the " -"client, and attempts to update the client will fail. Check package locks " -"and exclude lists to determine if packages are locked or excluded on the " -"client." +"Each CVE contains an identification number, a description of the " +"vulnerability, and links to further information. CVE identification numbers " +"use the form ``CVE-YEAR-XXXX``." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:27 +#: modules/administration/pages/auditing.adoc:8 msgid "" -"On the client, check package locks and exclude lists to determine if " -"packages are locked or excluded:" +"In the {productname} {webui}, navigate to menu:Audit[CVE Audit] to see a " +"list of all clients and their current patch status." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:29 +#: modules/administration/pages/auditing.adoc:9 msgid "" -"On an Expanded Support Platform, check [path]``/etc/yum.conf`` and search " -"for ``exclude=``." +"By default, the CVE data is updated at 2300 every day. We recommend that " +"before you begin a CVE audit you refresh the data to ensure you have the " +"latest patches." +msgstr "" + +#. type: Block title +#: modules/administration/pages/auditing.adoc:10 +#, no-wrap +msgid "Procedure: Updating CVE Data" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:29 -msgid "On {sle} and {opensuse}, use the [command]``zypper locks`` command." +#: modules/administration/pages/auditing.adoc:11 +msgid "" +"In the {productname} {webui}, navigate to menu:Admin[Task Schedules] and " +"select the ``cve-server-channels-default`` schedule." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-registerclones.adoc:2 +#. type: Plain text +#: modules/administration/pages/auditing.adoc:12 +msgid "Click btn:[cve-server-channels-bunch]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auditing.adoc:13 +msgid "Click btn:[Single Run Schedule] to schedule the task." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auditing.adoc:14 +msgid "Allow the task to complete before continuing with the CVE audit." +msgstr "" + +#. type: Block title +#: modules/administration/pages/auditing.adoc:15 #, no-wrap -msgid "Troubleshooting Registering Cloned Clients" +msgid "Procedure: Verifying Patch Status" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:25 +#: modules/administration/pages/auditing.adoc:16 +msgid "In the {productname} {webui}, navigate to menu:Audit[CVE Audit]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auditing.adoc:17 msgid "" -"If you are using {productname} to manage virtual machines, you might find it " -"useful to create clones of your VMs. A clone is a VM that uses a primary " -"disk that is an exact copy of an existing disk." +"OPTIONAL: To check the patch status for a particular CVE, type the CVE " +"identifier in the [guimenu]``CVE Number`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:27 +#: modules/administration/pages/auditing.adoc:18 msgid "" -"While cloning VMs can save you a lot of time, the duplicated identifying " -"information on the disk can sometimes cause problems." +"Select the patch statuses you want to look for, or leave all statuses " +"checked to look for all." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:30 +#: modules/administration/pages/auditing.adoc:19 msgid "" -"If you have a client that is already registered, you create a clone of that " -"client, and then try and register the clone, you probably want {productname} " -"to register them as two separate clients. However, if the machine ID in " -"both the original client and the clone is the same, {productname} will " -"register both clients as one system, and the existing client data will be " -"over-written with that of the clone." +"Click btn:[Audit Servers] to check all systems, or click btn:[Audit Images] " +"to check all images." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:32 +#: modules/administration/pages/auditing.adoc:20 msgid "" -"This can be resolved by changing the machine ID of the clone, so that " -"{productname} recognizes them as two different clients." +"For more information about the patch status icons used on this page, see " +"xref:reference:audit/audit-cve-audit.adoc[]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/tshoot-registerclones.adoc:37 +#. type: Plain text +#: modules/administration/pages/auditing.adoc:21 msgid "" -"Each step of this procedure is performed on the cloned client. This " -"procedure does not manipulate the original client, which will still be " -"registered to {productname}." +"For each system, the [guimenu]``Next Action`` column provides information " +"about what you need to do to address vulnerabilities. If applicable, a list " +"of candidate channels or patches is also given. You can also assign systems " +"to a [guimenu]``System Set`` for further batch processing." msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-registerclones.adoc:41 +#. type: Plain text +#: modules/administration/pages/auditing.adoc:22 +msgid "" +"You can use the {productname} API to verify the patch status of your " +"clients. Use the ``audit.listSystemsByPatchStatus`` API method. For more " +"information about this method, see the {productname} API Guide." +msgstr "" + +#. type: Title == +#: modules/administration/pages/auditing.adoc:23 #, no-wrap -msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Salt Clients" +msgid "CVE Status" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:45 -#: modules/administration/pages/tshoot-registerclones.adoc:79 +#: modules/administration/pages/auditing.adoc:24 msgid "" -"On the cloned machine, change the hostname and IP addresses. Make sure " -"[path]``/etc/hosts`` contains the changes you made and the correct host " -"entries." +"The CVE status of clients is usually either ``affected``, ``not affected``, " +"or ``patched``. These statuses are based only on the information that is " +"available to {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:46 -msgid "" -"For distributions that support systemd: If your machines have the same " -"machine ID, delete the file on each duplicated client and re-create it:" +#: modules/administration/pages/auditing.adoc:25 +msgid "Within {productname}, these definitions apply:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:52 -#: modules/administration/pages/tshoot-registerclones.adoc:121 +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:26 #, no-wrap -msgid "" -"# rm /etc/machine-id\n" -"# rm /var/lib/dbus/machine-id\n" -"# dbus-uuidgen --ensure\n" -"# systemd-machine-id-setup\n" +msgid "System affected by a certain vulnerability" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:55 +#: modules/administration/pages/auditing.adoc:27 msgid "" -"For distributions that do not support systemd: Generate a machine ID from " -"dbus:" +"A system which has an installed package with version lower than the version " +"of the same package in a relevant patch marked for the vulnerability." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:59 +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:28 #, no-wrap +msgid "System not affected by a certain vulnerability" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auditing.adoc:29 msgid "" -"# rm /var/lib/dbus/machine-id\n" -"# dbus-uuidgen --ensure\n" +"A system which has no installed package that is also in a relevant patch " +"marked for the vulnerability." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:30 +#, no-wrap +msgid "System patched for a certain vulnerability" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:61 +#: modules/administration/pages/auditing.adoc:31 msgid "" -"If your clients still have the same Salt client ID, delete the " -"[path]``minion_id`` file on each client (FQDN will be used when it is " -"regenerated on client restart):" +"A system which has an installed package with version equal to or greater " +"than the version of the same package in a relevant patch marked for the " +"vulnerability." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:64 +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:32 #, no-wrap -msgid "# rm /etc/salt/minion_id\n" +msgid "Relevant patch" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auditing.adoc:33 +msgid "A patch known by {productname} in a relevant channel." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:34 +#, no-wrap +msgid "Relevant channel" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auditing.adoc:35 +msgid "" +"A channel managed by {productname}, which is either assigned to the system, " +"the original of a cloned channel which is assigned to the system, a channel " +"linked to a product which is installed on the system or a past or future " +"service pack channel for the system." msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:66 +#. type: delimited block = +#: modules/administration/pages/auditing.adoc:36 msgid "" -"Delete accepted keys from the onboarding page and the system profile from " -"{productname}, and restart the client with:" +"Because of the definitions used within {productname}, CVE audit results " +"might be incorrect in some circumstances. For example, unmanaged channels, " +"unmanaged packages, or non-compliant systems might report incorrectly." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:69 +#. type: Title = +#: modules/administration/pages/auth-methods-pam.adoc:1 #, no-wrap -msgid "# service salt-minion restart\n" +msgid "Authentication With PAM" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:72 +#: modules/administration/pages/auth-methods-pam.adoc:2 msgid "" -"Re-register the clients. Each client will now have a different [path]``/etc/" -"machine-id`` and should be correctly displayed on the [guimenu]``System " -"Overview`` page." +"{productname} supports network-based authentication systems using pluggable " +"authentication modules (PAM). PAM is a suite of libraries that allows you " +"to integrate {productname} with a centralized authentication mechanism, " +"eliminating the need to remember multiple passwords. {productname} supports " +"LDAP, Kerberos, and other network-based authentication systems using PAM." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-registerclones.adoc:75 +#: modules/administration/pages/auth-methods-pam.adoc:3 #, no-wrap -msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Traditional Clients" +msgid "Procedure: Enabling PAM" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:80 -msgid "" -"Stop the [systemitem]``rhnsd`` daemon, on {rhnminrelease6} and {sle} 11 with:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:83 -#, no-wrap -msgid "# /etc/init.d/rhnsd stop\n" +#: modules/administration/pages/auth-methods-pam.adoc:4 +msgid "Create a PAM service file at [path]``/etc/pam.d/susemanager``." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:86 -msgid "or, on newer systemd-based systems, with:" +#: modules/administration/pages/auth-methods-pam.adoc:5 +msgid "" +"A standard [path]``/etc/pam.d/susemanager`` file should look like this. It " +"configures {productname} to use the system wide PAM configuration:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:89 +#: modules/administration/pages/auth-methods-pam.adoc:6 #, no-wrap -msgid "# service rhnsd stop\n" +msgid "" +"#%PAM-1.0\n" +"auth include common-auth\n" +"account include common-account\n" +"password include common-password\n" +"session include common-session\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:91 -msgid "Stop [systemitem]``osad`` with:" +#: modules/administration/pages/auth-methods-pam.adoc:7 +msgid "" +"Enforce the use of the service file by adding this line to [path]``/etc/rhn/" +"rhn.conf``:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:94 +#: modules/administration/pages/auth-methods-pam.adoc:8 #, no-wrap -msgid "# /etc/init.d/osad stop\n" +msgid "pam_auth_service = susemanager\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:97 -#: modules/administration/pages/tshoot-registerclones.adoc:103 -msgid "or:" +#: modules/administration/pages/auth-methods-pam.adoc:9 +#, no-wrap +msgid " In this example, the PAM service file is called [systemitem]``susemanager``.\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:100 +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:10 #, no-wrap -msgid "# service osad stop\n" +msgid "Restart the {productname} services after a configuration change.\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:106 +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:11 #, no-wrap -msgid "# rcosad stop\n" +msgid "In the {productname} {webui}, navigate to menu:Users[Create User] and enable a new or existing user to authenticate with PAM.\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:108 -msgid "" -"Remove the [systemitem]``osad`` authentication configuration file and the " -"system ID:" +#: modules/administration/pages/auth-methods-pam.adoc:12 +#, no-wrap +msgid "Check the [guimenu]``Pluggable Authentication Modules (PAM)`` checkbox.\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:111 +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:13 #, no-wrap -msgid "# rm -f /etc/sysconfig/rhn/{osad-auth.conf,systemid}\n" +msgid "It is below the password and password confirmation fields.\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:113 -msgid "Delete the files containing the machine IDs:" +#. type: delimited block = +#: modules/administration/pages/auth-methods-pam.adoc:14 +msgid "" +"Changing the password in the {productname} {webui} changes only the local " +"password on the {productname} Server. If PAM is enabled for that user, the " +"local password might not be used at all. In the above example, for " +"instance, the Kerberos password will not be changed. Use the password " +"change mechanism of your network service to change the password for these " +"users." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:115 -msgid "SLES{nbsp}12:" +#: modules/administration/pages/auth-methods-pam.adoc:15 +msgid "" +"To configure system-wide authentication you can use YaST. You will need to " +"install the [package]``yast2-ldap-client`` and [package]``yast2-kerberos-" +"client`` packages." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:123 -msgid "SLES{nbsp}11:" +#: modules/administration/pages/auth-methods-pam.adoc:16 +msgid "" +"For more information about configuring PAM, the SUSE Linux Enterprise Server " +"Security Guide contains a generic example that will also work for other " +"network-based authentication methods. It also describes how to configure an " +"active directory service. For more information, see https://documentation." +"suse.com/sles/15-SP2/html/SLES-all/part-auth.html." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:126 +#. type: Title = +#: modules/administration/pages/auth-methods-sso-example.adoc:1 #, no-wrap -msgid "# suse_register -E\n" +msgid "Example SSO Implementation" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:128 -msgid "Remove the credential files:" +#: modules/administration/pages/auth-methods-sso-example.adoc:2 +msgid "" +"In this example, SSO is implemented by exposing three endpoints with " +"{productname}, and using Keycloak as the identity service provider (IdP)." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:129 -msgid "SLES clients:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:132 -#, no-wrap -msgid "# rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}\n" +#: modules/administration/pages/auth-methods-sso-example.adoc:3 +msgid "" +"Start by setting up the {productname} Server, and the Keycloak IdP. Then " +"you can add the endpoints as clients, and create users." msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:134 -msgid "{rhel} clients:" +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso-example.adoc:4 +msgid "" +"This example is provided for illustrative purposes only. {suse} does not " +"recommend or support third-party identity service providers, and is not " +"affiliated with Keycloak. For Keycloak support, see https://www.keycloak." +"org/." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:137 +#. type: Block title +#: modules/administration/pages/auth-methods-sso-example.adoc:5 #, no-wrap -msgid "# rm -f /etc/NCCcredentials\n" +msgid "Procedure: Setting Up the {productname} Server" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:139 +#: modules/administration/pages/auth-methods-sso-example.adoc:6 msgid "" -"Re-run the bootstrap script. You should now see the cloned system in " -"{productname} without overriding the system it was cloned from." -msgstr "" - -#. type: Title = -#: modules/administration/pages/tshoot-rpctimeout.adoc:2 -#, no-wrap -msgid "Troubleshooting RPC Connection Timeouts" +"On the {productname} Server, open the [path]``/etc/rhn/rhn.conf`` " +"configuration file and edit these parameters." msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:26 +#: modules/administration/pages/auth-methods-sso-example.adoc:7 msgid "" -"RPC connections can sometimes time out due to slow networks or a network " -"link going down. This results in package downloads or batch jobs hanging or " -"taking longer than expected. You can adjust the maximum time that an RPC " -"connection can take by editing the configuration file. While this will not " -"resolve networking problems, it will cause a process to fail rather than " -"hang." +"Replace ```` with the fully-qualified domain name of your " +"{productname} installation:" msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-rpctimeout.adoc:28 +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso-example.adoc:8 #, no-wrap -msgid "Procedure: Resolving RPC connection timeouts" +msgid "" +"java.sso.onelogin.saml2.sp.entityid = /rhn/manager/sso/metadata\n" +"java.sso.onelogin.saml2.sp.assertion_consumer_service.url = /rhn/manager/sso/acs\n" +"java.sso.onelogin.saml2.sp.single_logout_service.url = /rhn/manager/sso/sls\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:31 -msgid "" -"On the {productname} Server, open the [filename]``/etc/rhn/rhn.conf`` file " -"and set a maximum timeout value (in seconds):" +#: modules/administration/pages/auth-methods-sso-example.adoc:9 +msgid "In the configuration file, determine the three endpoints to expose:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:34 +#: modules/administration/pages/auth-methods-sso-example.adoc:10 #, no-wrap -msgid "server.timeout =`number`\n" +msgid "" +"java.sso.onelogin.saml2.idp.entityid\n" +"java.sso.onelogin.saml2.idp.single_sign_on_service.url\n" +"java.sso.onelogin.saml2.idp.single_logout_service.url\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:11 +msgid "In the IdP metadata, locate the public x509 certificate." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:36 +#: modules/administration/pages/auth-methods-sso-example.adoc:12 msgid "" -"On the {productname} Proxy, open the [filename]``/etc/rhn/rhn.conf`` file " -"and set a maximum timeout value (in seconds):" +"It uses this format: ``/auth/realms//protocol/saml/" +"descriptor``. In the configuration file, specify the public x509 " +"certificate of the IdP:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:39 +#: modules/administration/pages/auth-methods-sso-example.adoc:13 #, no-wrap -msgid "proxy.timeout =`number`\n" +msgid "java.sso.onelogin.saml2.idp.x509cert\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:41 +#: modules/administration/pages/auth-methods-sso-example.adoc:14 msgid "" -"On a {sles} client that uses zypper, open the [filename]``/etc/zypp/zypp." -"conf`` file and set a maximum timeout value (in seconds):" +"When you have prepared the {productname} Server, you can install Keycloak. " +"You can install Keycloak directly on your machine, or run it in a " +"container. In this example, we run Keycloak in a Docker container. For " +"more information about installing Keycloak, see the Keycloak documentation " +"at https://www.keycloak.org/getting-started/getting-started-docker." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:46 +#. type: Block title +#: modules/administration/pages/auth-methods-sso-example.adoc:15 #, no-wrap +msgid "Procedure: Setting Up the Identity Service Provider" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:16 msgid "" -"## Valid values: [0,3600]\n" -"## Default value: 180\n" -"download.transfer_timeout = 180\n" +"Install Keycloak in a Docker container, according to the Keycloak " +"documentation." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:48 +#: modules/administration/pages/auth-methods-sso-example.adoc:17 msgid "" -"On a {rhel} client that uses yum, open the [filename]``/etc/yum.conf`` file " -"and set a maximum timeout value (in seconds):" +"Run the container using the ``-td`` argument to ensure the process remains " +"running:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:51 +#: modules/administration/pages/auth-methods-sso-example.adoc:18 #, no-wrap -msgid "timeout =`number`\n" +msgid "docker run -td --name=idp -p 8080:8080 -e KEYCLOAK_USER= -e KEYCLOAK_PASSWORD= quay.io/keycloak/keycloak:9.0.2\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/tshoot-rpctimeout.adoc:56 +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:19 msgid "" -"If you limit RPC timeouts to less than `180` seconds, you risk aborting " -"perfectly normal operations." +"Sign in the Keycloak {webui} as a privileged user, and create a realm using " +"these details:" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-saltboot.adoc:2 -#, no-wrap -msgid "Troubleshooting the Saltboot Formula" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:20 +msgid "In the ``Name`` field, enter a name for the realm." msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:23 -msgid "" -"Because of a problem in the computed partition size value, the saltboot " -"formula can sometimes fail when it is created on SLE{nbsp}11 SP3 clients, " -"with an error like this:" +#: modules/administration/pages/auth-methods-sso-example.adoc:21 +msgid "For example, ``SUMA``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-saltboot.adoc:39 -#, no-wrap -msgid "" -" ID: disk1_partitioned\n" -" Function: saltboot.partitioned\n" -" Name: disk1\n" -" Result: false\n" -" Comment: An exception occurred in this state: Traceback (most recent call last):\n" -" File \"/usr/lib/python2.6/site-packages/salt/state.py\", line 1767, in call\n" -" **cdata['kwargs'])\n" -" File \"/usr/lib/python2.6/site-packages/salt/loader.py\", line 1705, in wrapper\n" -" return f(*args, **kwargs)\n" -" File \"/var/cache/salt/minion/extmods/states/saltboot.py\", line 393, in disk_partitioned\n" -" existing = __salt__['partition.list'](device, unit='MiB')\n" -" File \"/usr/lib/python2.6/site-packages/salt/modules/parted.py\", line 177, in list_\n" -" 'Problem encountered while parsing output from parted')\n" -"CommandExecutionError: Problem encountered while parsing output from parted\n" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:22 +msgid "Toggle the ``Enabled`` switch to ``On``." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:43 +#: modules/administration/pages/auth-methods-sso-example.adoc:23 msgid "" -"This problem can be resolved by manually configuring the size of the " -"partition containing the operating system. When the size is set correctly, " -"formula creation will work as expected." -msgstr "" - -#. type: Block title -#: modules/administration/pages/tshoot-saltboot.adoc:45 -#, no-wrap -msgid "Procedure: Manually Configuring the Partition Size in the Saltboot Formula" +"In the ``Endpoints`` field, type ``SAML 2.0 Identity Provider Metadata``." msgstr "" +#. Probably needs more explanation here. --LKB 20200415 #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:49 +#: modules/administration/pages/auth-methods-sso-example.adoc:24 msgid "" -"In the {productname} {webui}, navigate to menu:Systems[System Groups] and " -"select the ``Hardware Type Group`` that contains the SLE{nbsp}11 SP3 client " -"that is causing the error. In the [guimenu]``Formulas`` tab, navigate to " -"the [guimenu]``Saltboot`` subtab." +"This endpoint is ``/auth/realms//protocol/saml/" +"descriptor`` which describes the endpoints and certificate in the " +"{productname} configuration file." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:50 +#: modules/administration/pages/auth-methods-sso-example.adoc:25 msgid "" -"Locate the partition that contains the operating system, and in the " -"[guimenu]``Partition Size`` field, type the appropriate size (in MiB)." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:50 -msgid "Click btn:[Save Formula], and apply the highstate to save your changes." +"When you have Keycloak running and set up, you can add the endpoints. " +"Keycloak refers to endpoints as clients." msgstr "" -#. type: Title = -#: modules/administration/pages/tuning-changelogs.adoc:2 +#. type: Block title +#: modules/administration/pages/auth-methods-sso-example.adoc:26 #, no-wrap -msgid "Tuning Changelogs" +msgid "Procedure: Adding Endpoints as Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:7 -msgid "" -"Some packages have a long list of changelog entries. This data is " -"downloaded by default, but it is not always useful information to keep. In " -"order to limit the amount of changelog metadata which is downloaded and to " -"save disk space, you can put a limit on how many entries to keep on disk." +#: modules/administration/pages/auth-methods-sso-example.adoc:27 +msgid "In the Keycloak {webui}, create a new client using these details:" msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:10 +#: modules/administration/pages/auth-methods-sso-example.adoc:28 msgid "" -"This configuration option is in the [filename]``/etc/rhn/rhn.conf`` " -"configuration file. The parameter defaults to [systemitem]``0``, which " -"means unlimited." +"In the ``Client ID`` field, enter the endpoint specified in the server " +"configuration file as ``java.sso.onelogin.saml2.idp.entityid``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tuning-changelogs.adoc:13 -#, no-wrap -msgid "java.max_changelog_entries = 0\n" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:29 +msgid "For example, ``https:///rhn/manager/sso/metadata``." msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:16 -msgid "" -"If you set this parameter, it will come into effect only for new packages " -"when they are synchronized." +#: modules/administration/pages/auth-methods-sso-example.adoc:30 +msgid "In the ``Client Protocol`` field, select ``SAML``." msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:18 -msgid "" -"After changing this parameter, restart services with ``spacewalk-service " -"restart``." +#: modules/administration/pages/auth-methods-sso-example.adoc:31 +msgid "Toggle the ``Include AuthnStatement`` switch to ``On``." msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:20 -msgid "" -"You might like to delete and regenerate the cached data to remove older data." +#: modules/administration/pages/auth-methods-sso-example.adoc:32 +msgid "Toggle the ``Sign Assertions`` switch to ``On``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/tuning-changelogs.adoc:26 -msgid "" -"Deleting and regenerating cached data can take a long time. Depending on " -"the number of channels you have and the amount of data to be deleted, it can " -"potentially take several hours. The task is run in the background by " -"Taskomatic, so you can continue to use {productname} while the operation " -"completes, however you should expect some performance loss." +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:33 +msgid "In the ``Signature Algorithm`` field, select ``RSA_SHA1``." msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:29 -msgid "" -"You can delete and request a regeneration of cached data from the command " -"line:" +#: modules/administration/pages/auth-methods-sso-example.adoc:34 +msgid "In the ``SAML Signature Key Name`` field, select the key." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tuning-changelogs.adoc:32 -#, no-wrap -msgid "spacewalk-sql -i\n" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:35 +msgid "In the ``Canonicalization Method`` field, select ``Exclusive``." msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:34 -msgid "Then on the SQL database prompt, enter:" +#: modules/administration/pages/auth-methods-sso-example.adoc:36 +msgid "" +"In the ``Fine Grain SAML Endpoint Configuration`` section, add the two " +"endpoints using these details:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tuning-changelogs.adoc:43 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:37 msgid "" -"DELETE FROM rhnPackageRepodata;\n" -"INSERT INTO rhnRepoRegenQueue (id, CHANNEL_LABEL, REASON, FORCE)\n" -"(SELECT sequence_nextval('rhn_repo_regen_queue_id_seq'),\n" -" C.label,\n" -" 'cached data regeneration',\n" -" 'Y'\n" -" FROM rhnChannel C);\n" -"\\q\n" +"In both the ``Assertion Consumer Service`` fields, enter the endpoint " +"specified in the server configuration file as ``java.sso.onelogin.saml2.sp." +"assertion_consumer_service.url``." msgstr "" -#. type: Title = -#: modules/administration/pages/repo-metadata.adoc:2 -#, no-wrap -msgid "Signing Repository Metadata" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:38 +msgid "For example, ``https:///rhn/manager/sso/acs``." msgstr "" -#. TODO:: Explain why repository metadata should/would be signed. #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:7 +#: modules/administration/pages/auth-methods-sso-example.adoc:39 msgid "" -"You will require a custom GPG key to be able to sign repository metadata." +"In both the ``Logout Service`` fields, enter the endpoint specified in the " +"server configuration file as ``java.sso.onelogin.saml2.sp." +"single_logout_service.url``." msgstr "" -#. type: Block title -#: modules/administration/pages/repo-metadata.adoc:8 -#, no-wrap -msgid "Procedure: Generating a Custom GPG Key" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:40 +msgid "For example, ``https:///rhn/manager/sso/sls``." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:11 +#: modules/administration/pages/auth-methods-sso-example.adoc:41 msgid "" -"As the root user, use the [command]``gpg`` command to generate a new key:" +"When you have added the endpoints as clients, you can configure the client " +"scope, and map the users between Keycloak and {productname}." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:14 +#. type: Block title +#: modules/administration/pages/auth-methods-sso-example.adoc:42 #, no-wrap -msgid "gpg --gen-key\n" +msgid "Procedure: Configuring Client Scope and Mappers" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:18 +#: modules/administration/pages/auth-methods-sso-example.adoc:43 msgid "" -"At the prompts, select [systemitem]``RSA`` as the key type, with a size of " -"2048 bits, and select an appropriate expiry date for your key. Check the " -"details for your new key, and type [systemitem]``y`` to confirm." +"In the Keycloak {webui}, navigate to the menu:Clients[Client Scopes] tab and " +"assign ``role_list`` as the default client scope." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:21 +#: modules/administration/pages/auth-methods-sso-example.adoc:44 msgid "" -"At the prompts, enter a name and email address to be associated with your " -"key. You can also add a comment to help you identify the key, if desired. " -"When you are happy with the user identity, type [systemitem]``O`` to confirm." +"Navigate to the menu:Clients[Mappers] tab and add a user attribute ``Uid`` " +"mapper, using the default values." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:22 -msgid "At the prompt, enter a passphrase to protect your key." +#: modules/administration/pages/auth-methods-sso-example.adoc:45 +msgid "This SAML attribute is expected by {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:24 +#: modules/administration/pages/auth-methods-sso-example.adoc:46 msgid "" -"The key should be automatically added to your keyring. You can check by " -"listing the keys in your keyring:" +"Navigate to the menu:Users[Admin] section and create an administrative user." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:27 -#, no-wrap -msgid "gpg --list-keys\n" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:47 +msgid "This user does not need to match the {productname} administrative user." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:30 +#: modules/administration/pages/auth-methods-sso-example.adoc:48 msgid "" -"Add the password for your keyring to the [filename]``/etc/rhn/signing.conf`` " -"configuration file, by opening the file in your text editor and adding this " -"line:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:33 -#, no-wrap -msgid "GPGPASS=\"password\"\n" +"Navigate to the menu:Users[Role Mappings] tab, add a ``uid`` attribute with " +"a value that matches the username of the {productname} administrative user." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:37 +#: modules/administration/pages/auth-methods-sso-example.adoc:49 msgid "" -"You can manage metadata signing on the command line using the [command]``mgr-" -"sign-metadata-ctl`` command." +"Navigate to the menu:Users[Credentials] tab, and set the same password as " +"used by the {productname} administrative user." msgstr "" #. type: Block title -#: modules/administration/pages/repo-metadata.adoc:39 +#: modules/administration/pages/auth-methods-sso-example.adoc:50 #, no-wrap -msgid "Procedure: Enabling Metadata Signing" +msgid " Save your changes." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:42 +#: modules/administration/pages/auth-methods-sso-example.adoc:51 msgid "" -"You will need to know the short identifier for the key to use. You can list " -"your available public keys in short format:" +"When you have completed configuration, you can test that the installation is " +"working as expected. Restart the {productname} Server to pick up your " +"changes, and navigate to the {productname} {webui}. If your installation is " +"working correctly, you are redirected to the Keycloak SSO page, where you " +"can authenticate successfully." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:50 +#. type: Title = +#: modules/administration/pages/auth-methods-sso.adoc:1 #, no-wrap -msgid "" -"gpg --keyid-format short --list-keys\n" -"...\n" -"pub rsa2048/3E7BFE0A 2019-04-02 [SC] [expires: 2021-04-01]\n" -" A43F9EC645ED838ED3014B035CFA51BF3E7BFE0A\n" -"uid [ultimate] SUSE Manager\n" -"sub rsa2048/118DE7FF 2019-04-02 [E] [expires: 2021-04-01]\n" +msgid "Authentication With Single Sign-On (SSO)" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:53 +#: modules/administration/pages/auth-methods-sso.adoc:2 msgid "" -"Enable metadata signing with the [command]``mgr-sign-metadata-ctl`` command:" +"{productname} supports single sign-on (SSO) by implementing the Security " +"Assertion Markup Language (SAML){nbsp}2 protocol." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:63 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:3 msgid "" -"mgr-sign-metadata-ctl enable 3E7BFE0A\n" -"OK. Found key 3E7BFE0A in keyring.\n" -"DONE. Set key 3E7BFE0A in /etc/rhn/signing.conf.\n" -"DONE. Enabled metadata signing in /etc/rhn/rhn.conf.\n" -"DONE. Exported key 4E2C3DD8 to /srv/susemanager/salt/gpg/mgr-keyring.gpg.\n" -"DONE. Exported key 4E2C3DD8 to /srv/www/htdocs/pub/mgr-gpg-pub.key.\n" -"NOTE. For the changes to become effective run:\n" -" mgr-sign-metadata-ctl regen-metadata\n" +"Single sign-on is an authentication process that allows a user to access " +"multiple applications with one set of credentials. SAML is an XML-based " +"standard for exchanging authentication and authorization data. A SAML " +"identity service provider (IdP) provides authentication and authorization " +"services to service providers (SP), such as {productname}. {productname} " +"exposes three endpoints which must be enabled for single sign-on." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:65 -msgid "You can check that your configuration is correct with this command:" +#: modules/administration/pages/auth-methods-sso.adoc:4 +msgid "SSO in {productname} supports:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:68 -#, no-wrap -msgid "mgr-sign-metadata-ctl check-config\n" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:5 +msgid "Log in with SSO." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:70 +#: modules/administration/pages/auth-methods-sso.adoc:6 msgid "" -"Restart the services and schedule metadata regeneration to pick up the " -"changes:" +"Log out with service provider-initiated single logout (SLO), and Identity " +"service provider single logout service (SLS)." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:73 -#, no-wrap -msgid "mgr-sign-metadata-ctl regen-metadata\n" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:7 +msgid "Assertion and nameId encryption." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:77 -msgid "" -"You can also use the [command]``mgr-sign-metadata-ctl`` command to perform " -"other tasks. Use [command]``mgr-sign-metadata-ctl --help`` to see the " -"complete list." +#: modules/administration/pages/auth-methods-sso.adoc:8 +msgid "Assertion signatures." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:81 +#: modules/administration/pages/auth-methods-sso.adoc:9 msgid "" -"Repository metadata signing is a global option. When it is enabled, it is " -"enabled on all software channels on the server. This means that all clients " -"connected to the server will need to trust the new GPG key to be able to " -"install or update packages." -msgstr "" - -#. type: Block title -#: modules/administration/pages/repo-metadata.adoc:82 -#, no-wrap -msgid "Procedure: Importing GPG keys on Clients" +"Message signatures with AuthNRequest, LogoutRequest, and LogoutResponses." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:85 -msgid "For RPM-based client systems, use these remote commands:" +#: modules/administration/pages/auth-methods-sso.adoc:10 +msgid "Enable an Assertion consumer service endpoint." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:88 -#, no-wrap -msgid "rpm --import http://server.example.com/pub/mgr-gpg-pub.key\n" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:11 +msgid "Enable a single logout service endpoint." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:91 -msgid "" -"For Ubuntu clients, you will need to reassign the channels, which will " -"automatically pick up the new GPG key. You can do this through the " -"{productname} {webui}, or from the command line on the server with this " -"command:" +#: modules/administration/pages/auth-methods-sso.adoc:12 +msgid "Publish the SP metadata (which can be signed)." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:94 -#, no-wrap -msgid "salt state.apply channels\n" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:13 +msgid "SSO in {productname} does not support:" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:95 +#: modules/administration/pages/auth-methods-sso.adoc:14 msgid "" -"OPTIONAL: For Salt clients, you might prefer to use a state to manage your " -"GPG keys." +"Product choosing and implementation for the identity service provider (IdP)." msgstr "" -#. type: Title = -#: modules/administration/pages/space-management.adoc:2 -#, no-wrap -msgid "Managing Disk Space" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:15 +msgid "" +"SAML support for other products (check with the respective product " +"documentation)." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:5 +#: modules/administration/pages/auth-methods-sso.adoc:16 msgid "" -"Running out of disk space can have a severe impact on the {productname} " -"database and file structure which, in some cases, is not recoverable." +"For an example implementation of SSO, see xref:administration:auth-methods-" +"sso-example.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/space-management.adoc:9 +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso.adoc:17 msgid "" -"{productname} monitors some directories for free disk space. You can modify " -"which directories are monitored, and the warnings that are created. All " -"settings are configured in the [path]``/etc/rhn/rhn.conf`` configuration " -"file." +"If you change from the default authentication method to single sign-on, the " +"new SSO credentials apply only to the {webui}. Client tools such as ``mgr-" +"sync`` or ``spacecmd`` will continue to work with the default authentication " +"method only." msgstr "" #. type: Title == -#: modules/administration/pages/space-management.adoc:12 +#: modules/administration/pages/auth-methods-sso.adoc:18 #, no-wrap -msgid "Monitored Directories" +msgid "Prerequisites" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:15 -msgid "By default, {productname} monitors these directories:" +#: modules/administration/pages/auth-methods-sso.adoc:19 +msgid "" +"Before you begin, you need to have configured an external identity service " +"provider with these parameters. Check your IdP documentation for " +"instructions." msgstr "" -#. type: Plain text -#: modules/administration/pages/space-management.adoc:17 -msgid "[path]``/var/lib/pgsql``" +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso.adoc:20 +msgid "" +"Your IdP must have a SAML:Attribute containing the username of the IdP user " +"domain, called ``uid``. The ``uid`` attribute passed in the SAML:Attribute " +"must be created in the {productname} user base before you activate single " +"sign-on." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:18 -msgid "[path]``/var/spacewalk``" +#: modules/administration/pages/auth-methods-sso.adoc:21 +msgid "You will need these endpoints:" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:19 -msgid "[path]``/var/cache``" +#: modules/administration/pages/auth-methods-sso.adoc:22 +msgid "" +"Assertion consumer service (or ACS): an endpoint to accept SAML messages to " +"establish a session into the Service Provider." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:20 -msgid "[path]``/srv``" +#: modules/administration/pages/auth-methods-sso.adoc:23 +msgid "" +"The endpoint for ACS in {productname} is: https://server.example.com/rhn/" +"manager/sso/acs" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:23 +#: modules/administration/pages/auth-methods-sso.adoc:24 msgid "" -"You can change which directories are monitored with the " -"[systemitem]``spacecheck_dirs`` parameter. You can specify multiple " -"directories by separating them with a space." +"Single logout service (or SLS): an endpoint to initiate a logout request " +"from the IdP." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:25 -#: modules/administration/pages/space-management.adoc:40 -#: modules/administration/pages/space-management.adoc:57 -msgid "For example:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/space-management.adoc:28 -#, no-wrap -msgid "spacecheck_dirs = /var/lib/pgsql /var/spacewalk /var/cache /srv\n" +#: modules/administration/pages/auth-methods-sso.adoc:25 +msgid "" +"The endpoint for SLS in {productname} is: https://server.example.com/rhn/" +"manager/sso/sls" msgstr "" -#. type: Title == -#: modules/administration/pages/space-management.adoc:32 -#, no-wrap -msgid "Thresholds" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:26 +msgid "Metadata: an endpoint to retrieve {productname} metadata for SAML." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:36 +#: modules/administration/pages/auth-methods-sso.adoc:27 msgid "" -"By default, {productname} will create a warning mail when a monitored " -"directory has less than 10% of total space available. A critical alert is " -"created when a monitored directory falls below 5% space available." +"The endpoint for metadata in {productname} is: https://server.example.com/" +"rhn/manager/sso/metadata" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:38 +#: modules/administration/pages/auth-methods-sso.adoc:28 msgid "" -"You can change these alert thresholds with the " -"[systemitem]``spacecheck_free_alert`` and " -"[systemitem]``spacecheck_free_critical`` parameters." +"After the authentication with the IdP using the user ``orgadmin`` is " +"successful, you will be logged in into {productname} as the ``orgadmin`` " +"user, provided that the ``orgadmin`` user exists in {productname}." msgstr "" -#. type: delimited block - -#: modules/administration/pages/space-management.adoc:44 +#. type: Title == +#: modules/administration/pages/auth-methods-sso.adoc:29 #, no-wrap +msgid "Enable SSO" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso.adoc:30 msgid "" -"spacecheck_free_alert = 10\n" -"spacecheck_free_critical = 5\n" +"Using SSO is mutually exclusive with other types of authentication: it is " +"either enabled or disabled. SSO is disabled by default." msgstr "" -#. type: Title == -#: modules/administration/pages/space-management.adoc:48 +#. type: Block title +#: modules/administration/pages/auth-methods-sso.adoc:31 #, no-wrap -msgid "Shut Down Services" +msgid "Procedure: Enabling SSO" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:51 -msgid "" -"By default, {productname} will shut down the spacewalk services when the " -"critical alert threshold is reached." +#: modules/administration/pages/auth-methods-sso.adoc:32 +msgid "If your users do not yet exist in {productname}, create them first." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:55 +#: modules/administration/pages/auth-methods-sso.adoc:33 msgid "" -"You can change this behavior with the [systemitem]``spacecheck_shutdown`` " -"parameter. A value of ``true`` will enable the shut down feature. Any " -"other value will disable it." +"Edit [path]``/etc/rhn/rhn.conf`` and add this line at the end of the file:" msgstr "" #. type: delimited block - -#: modules/administration/pages/space-management.adoc:59 +#: modules/administration/pages/auth-methods-sso.adoc:34 #, no-wrap -msgid "spacecheck_shutdown = true\n" +msgid "java.sso = true\n" msgstr "" -#. type: Title == -#: modules/administration/pages/space-management.adoc:62 -#, no-wrap -msgid "Disable Space Checking" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:35 +msgid "" +"Find the parameters you want to customize in [path]``/usr/share/rhn/config-" +"defaults/rhn_java_sso.conf``." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:66 +#: modules/administration/pages/auth-methods-sso.adoc:36 msgid "" -"The space checking tool is enabled by default. You can disable it entirely " -"with these commands:" +"Insert the parameters you want to customize into [path]``/etc/rhn/rhn.conf`` " +"and prefix them with [literal]``java.sso``. For example, in [path]``/usr/" +"share/rhn/config-defaults/rhn_java_sso.conf`` find:" msgstr "" #. type: delimited block - -#: modules/administration/pages/space-management.adoc:70 +#: modules/administration/pages/auth-methods-sso.adoc:37 #, no-wrap +msgid "onelogin.saml2.sp.assertion_consumer_service.url = https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:38 msgid "" -"systemctl stop spacewalk-diskcheck.timer\n" -"systemctl disable spacewalk-diskcheck.timer\n" +"To customize it, create the corresponding option in [path]``/etc/rhn/rhn." +"conf`` by prefixing the option name with ``java.sso.``:" msgstr "" -#. type: Title = -#: modules/administration/pages/live-patching-channel-setup.adoc:2 +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso.adoc:39 #, no-wrap -msgid "Set up Channels for Live Patching" +msgid "java.sso.onelogin.saml2.sp.assertion_consumer_service.url = https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:7 +#: modules/administration/pages/auth-methods-sso.adoc:40 msgid "" -"A reboot is required every time you update the full kernel package. " -"Therefore, it is important that clients using Live Patching do not have " -"newer kernels available in the channels they are assigned to. Clients using " -"live patching have updates for the running kernel in the live patching " -"channels." +"To find all the occurrences you need to change, search in the file for the " +"placeholders [literal]``YOUR-PRODUCT`` and [literal]``YOUR-IDP-ENTITY``. " +"Every parameter comes with a brief explanation of what it is meant for." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:9 -msgid "There are two ways to manage channels for live patching:" +#: modules/administration/pages/auth-methods-sso.adoc:41 +msgid "Restart the spacewalk service to pick up the changes:" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:13 +#: modules/administration/pages/auth-methods-sso.adoc:43 msgid "" -"Use content lifecycle management to clone the product tree and remove kernel " -"versions newer than the running one. This procedure is explained in the " -"xref:content-lifecycle-examples.adoc#enhance-project-with-" -"livepatching[Content Livecycle Management Examples]. This is the " -"recommended solution." +"When you visit the {productname} URL, you will be redirected to the IdP for " +"SSO where you will be requested to authenticate. Upon successful " +"authentication, you will be redirected to the {productname} {webui}, logged " +"in as the authenticated user. If you encounter problems with logging in " +"using SSO, check the {productname} logs for more information." +msgstr "" + +#. type: Title = +#: modules/administration/pages/backup-restore.adoc:1 +#, no-wrap +msgid "Backup and Restore" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:17 +#: modules/administration/pages/backup-restore.adoc:2 msgid "" -"Use the `spacewalk-manage-channel-lifecycle` tool. This procedure is more " -"manual and requires command line tools as well as the {webui}. This " -"procedure is explained in this section for SLES{nbsp}15 SP1, but it also " -"works for SLE{nbsp}12 SP4 or later." +"Back up your {productname} installation regularly, to prevent data loss. " +"Because {productname} relies on a database as well as the installed program " +"and configurations, it is important to back up all components of your " +"installation. This chapter contains information on the files you need to " +"back up, and introduces the [command]``smdba`` tool to manage database " +"backups. It also contains information about restoring from your backups in " +"the case of a system failure." msgstr "" -#. type: Title == -#: modules/administration/pages/live-patching-channel-setup.adoc:18 +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:3 #, no-wrap -msgid "Use spacewalk-manage-channel-lifecycle for Live Patching" +msgid "Backup Space Requirements" msgstr "" -#. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:22 +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:4 msgid "" -"Cloned vendor channels should be prefixed by ``dev`` for development, " -"``testing``, or ``prod`` for production. In this procedure, you will create " -"a ``dev`` cloned channel and then promote the channel to ``testing``." +"Regardless of the backup method you use, you must have available at least " +"three times the amount of space your current installation uses. Running out " +"of space can result in backups failing, so check this often." msgstr "" -#. type: Block title -#: modules/administration/pages/live-patching-channel-setup.adoc:23 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:5 #, no-wrap -msgid "Procedure: Cloning Live Patching Channels" +msgid "Backing up {productname}" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:26 +#: modules/administration/pages/backup-restore.adoc:6 msgid "" -"At the command prompt on the client, as root, obtain the current package " -"channel tree:" +"The most comprehensive method for backing up your {productname} installation " +"is to back up the relevant files and directories. This can save you time in " +"administering your backup, and can be faster to reinstall and re-synchronize " +"in the case of failure. However, this method requires significant disk " +"space and could take a long time to perform the backup." msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:34 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:7 msgid "" -"# spacewalk-manage-channel-lifecycle --list-channels\n" -"Spacewalk Username: admin\n" -"Spacewalk Password:\n" -"Channel tree:\n" +"If you want to only back up the required files and directories, use the " +"following list. To make this process simpler, and more comprehensive, we " +"recommend backing up the entire [path]``/etc`` and [path]``/root`` " +"directories, not just the ones specified here. Some files only exist if you " +"are actually using the related {susemgr} feature." msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:41 -#, no-wrap -msgid "" -" 1. sles15-{sp-vert}-pool-x86_64\n" -" \\__ sle-live-patching15-pool-x86_64-{sp-vert}\n" -" \\__ sle-live-patching15-updates-x86_64-{sp-vert}\n" -" \\__ sle-manager-tools15-pool-x86_64-{sp-vert}\n" -" \\__ sle-manager-tools15-updates-x86_64-{sp-vert}\n" -" \\__ sles15-{sp-vert}-updates-x86_64\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:8 +msgid "[path]``/etc/cobbler/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:44 -msgid "" -"Use the [command]``spacewalk-manage-channel`` command with the " -"[option]``init`` argument to automatically create a new development clone of " -"the original vendor channel:" +#: modules/administration/pages/backup-restore.adoc:9 +msgid "[path]``/etc/dhcp.conf``" msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:48 -#, no-wrap -msgid "spacewalk-manage-channel-lifecycle --init -c sles15-{sp-vert}-pool-x86_64\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:10 +msgid "[path]``/etc/fstab`` and any ISO mountpoints you require." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:51 -msgid "" -"Check that [systemitem]``dev-sles15-{sp-vert}-updates-x86_64`` is available " -"in your channel list." +#: modules/administration/pages/backup-restore.adoc:11 +msgid "[path]``/etc/rhn/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:53 -msgid "" -"Check the ``dev`` cloned channel you created, and remove any kernel updates " -"that require a reboot." +#: modules/administration/pages/backup-restore.adoc:12 +msgid "[path]``/etc/salt``" msgstr "" -#. type: Block title -#: modules/administration/pages/live-patching-channel-setup.adoc:54 -#, no-wrap -msgid "Procedure: Removing Non-Live Kernel Patches from Cloned Channels" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:13 +msgid "[path]``/etc/sudoers``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:57 -msgid "" -"Check the current kernel version by selecting the client from menu:" -"Systems[System List], and taking note of the version displayed in the " -"[guimenu]``Kernel`` field." +#: modules/administration/pages/backup-restore.adoc:14 +msgid "[path]``/etc/sysconfig/rhn/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:59 -msgid "" -"In the {productname} {webui}, select the client from menu:Systems[Overview], " -"navigate to the menu:Software[Manage > Channels] tab, and select " -"[systemitem]``dev-sles15-sp{sp-vert}-updates-x86_64``. Navigate to the " -"[guimenu]``Patches`` tab, and click btn:[List/Remove Patches]." +#: modules/administration/pages/backup-restore.adoc:15 +msgid "[path]``/root/.gnupg/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:60 -msgid "" -"In the search bar, type [systemitem]``kernel`` and identify the kernel " -"version that matches the kernel currently used by your client." +#: modules/administration/pages/backup-restore.adoc:16 +msgid "[path]``/root/.ssh``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:61 +#: modules/administration/pages/backup-restore.adoc:17 msgid "" -"Remove all kernel versions that are newer than the currently installed " -"kernel." +"This file exists if you are using an SSH tunnel or SSH [command]``push``. " +"You will also need to have saved a copy of the ``id-susemanager`` key." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:64 -msgid "" -"Your channel is now set up for live patching, and can be promoted to " -"``testing``. In this procedure, you will also add the live patching child " -"channels to your client, ready to be applied." +#: modules/administration/pages/backup-restore.adoc:18 +msgid "[path]``/root/ssl-build/``" msgstr "" -#. type: Block title -#: modules/administration/pages/live-patching-channel-setup.adoc:65 -#, no-wrap -msgid "Procedure: Promoting Live Patching Channels" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:19 +msgid "[path]``/srv/formula_metadata``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:68 -msgid "" -"At the command prompt on the client, as `root`, promote and clone the `dev-" -"sles15-{sp-vert}-pool-x86_64` channel to a new ``testing`` channel:" +#: modules/administration/pages/backup-restore.adoc:20 +msgid "[path]``/srv/pillar``" msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:72 -#, no-wrap -msgid "# spacewalk-manage-channel-lifecycle --promote -c dev-sles15-{sp-vert}-pool-x86_64\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:21 +msgid "[path]``/srv/salt``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:74 -msgid "" -"In the {productname} {webui}, select the client from menu:Systems[Overview], " -"and navigate to the menu:Software[Software Channels] tab." +#: modules/administration/pages/backup-restore.adoc:22 +msgid "[path]``/srv/susemanager``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:75 -msgid "" -"Check the new [systemitem]``test-sles15-sp{sp-vert}-pool-x86_64`` custom " -"channel to change the base channel, and check both corresponding live " -"patching child channels." +#: modules/administration/pages/backup-restore.adoc:23 +msgid "[path]``/srv/tftpboot/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:76 -msgid "" -"Click btn:[Next], confirm that the details are correct, and click btn:" -"[Confirm] to save the changes." +#: modules/administration/pages/backup-restore.adoc:24 +msgid "[path]``/srv/www/cobbler``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:77 -msgid "" -"You can now select and view available CVE patches, and apply these important " -"kernel updates with Live Patching." +#: modules/administration/pages/backup-restore.adoc:25 +msgid "[path]``/srv/www/htdocs/pub/``" msgstr "" -#. type: Title = -#: modules/administration/pages/live-patching-sles12.adoc:2 -#, no-wrap -msgid "Live Patching on SLES{nbsp}12" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:26 +msgid "[path]``/srv/www/os-images``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:7 -msgid "" -"On SLES{nbsp}12 systems, live patching is managed by kGraft. For in depth " -"information covering kGraft use, see https://documentation.suse.com/sles/12-" -"SP4/html/SLES-all/cha-kgraft.html." +#: modules/administration/pages/backup-restore.adoc:27 +msgid "[path]``/var/cache/rhn``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:9 -msgid "Before you begin, ensure:" +#: modules/administration/pages/backup-restore.adoc:28 +msgid "[path]``/var/cache/salt``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:11 -msgid "{productname} is fully updated." +#: modules/administration/pages/backup-restore.adoc:29 +msgid "[path]``/var/lib/cobbler/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:12 -msgid "You have one or more Salt clients running SLES{nbsp}12 (SP1 or later)." +#: modules/administration/pages/backup-restore.adoc:30 +msgid "" +"[path]``/var/lib/cobbler/templates/`` (before version 4.0 it was [path]``/" +"var/lib/rhn/kickstarts/``)" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:13 -msgid "Your SLES{nbsp}12 Salt clients are registered with {productname}." +#: modules/administration/pages/backup-restore.adoc:31 +msgid "[path]``/var/lib/Kiwi``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:14 -msgid "" -"You have access to the SLES{nbsp}12 channels appropriate for your " -"architecture, including the live patching child channel (or channels)." +#: modules/administration/pages/backup-restore.adoc:32 +msgid "[path]``/var/lib/rhn/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:15 -msgid "The clients are fully synchronized." +#: modules/administration/pages/backup-restore.adoc:33 +msgid "[path]``/var/spacewalk/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:17 +#: modules/administration/pages/backup-restore.adoc:34 msgid "" -"Assign the clients to the cloned channels prepared for live patching. For " -"more information on preparation, see xref:administration:live-patching-" -"channel-setup.adoc[]." +"Plus any directories containing custom data such as scripts, Kickstart or " +"AutoYaST profiles, and custom RPMs." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:35 +msgid "" +"You will also need to back up your database, which you can do with the " +"[command]``smdba`` tool. For more information about the [command]``smdba`` " +"tool, see xref:administration:backup-restore.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/live-patching-sles12.adoc:20 +#: modules/administration/pages/backup-restore.adoc:36 #, no-wrap -msgid "Procedure: Setting up for Live Patching" +msgid "Procedure: Restore from a Manual Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:24 -msgid "" -"Select the client you want to manage with Live Patching from menu:" -"Systems[Overview], and on the system details page navigate to the menu:" -"Software[Packages > Install] tab. Search for the [systemitem]``kgraft`` " -"package, and install it." +#: modules/administration/pages/backup-restore.adoc:37 +msgid "Re-install {productname}." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/live-patching-sles12.adoc:25 -#, no-wrap -msgid "enable_live_patching_kgraft_install.png" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:38 +msgid "" +"For more information about recovering from a backup, see xref:administration:" +"backup-restore.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:27 -msgid "Apply the highstate to enable Live Patching, and reboot the client." +#: modules/administration/pages/backup-restore.adoc:39 +msgid "" +"Re-synchronize your {productname} repositories with the [command]``mgr-" +"sync`` tool." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:28 -msgid "Repeat for each client that you want to manage with Live Patching." +#: modules/administration/pages/backup-restore.adoc:40 +msgid "" +"For more information about the [command]``mgr-sync`` tool, see <>." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:29 +#: modules/administration/pages/backup-restore.adoc:41 msgid "" -"To check that live patching has been enabled correctly, select the client " -"from menu:Systems[System List], and ensure that [systemitem]``Live " -"Patching`` appears in the [guimenu]``Kernel`` field." +"You can choose to re-register your product, or skip the registration and SSL " +"certificate generation sections." msgstr "" -#. type: Block title -#: modules/administration/pages/live-patching-sles12.adoc:32 -#, no-wrap -msgid "Procedure: Applying Live Patches to a Kernel" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:42 +msgid "" +"Re-install the [path]``/root/ssl-build/rhn-org-httpd-ssl-key-pair-" +"MACHINE_NAME-VER-REL.noarch.rpm`` package." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:36 +#: modules/administration/pages/backup-restore.adoc:43 msgid "" -"In the {productname} {webui}, select the client from menu:" -"Systems[Overview]. You will see a banner at the top of the screen showing " -"the number of critical and non-critical packages available for the client:" +"Schedule the re-creation of search indexes next time the [command]``rhn-" +"search`` service is started:" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/live-patching-sles12.adoc:37 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:44 #, no-wrap -msgid "live_patching_criticalupdates.png" +msgid "rhn-search cleanindex\n" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:40 -msgid "Click btn:[Critical] to see a list of the available critical patches." +#: modules/administration/pages/backup-restore.adoc:45 +msgid "" +"This command produces only debug messages. It does not produce error " +"messages." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:42 -msgid "" -"Select any patch with a synopsis reading [guimenu]``Important: Security " -"update for the Linux kernel``. Security bugs will also include their CVE " -"number, where applicable." +#: modules/administration/pages/backup-restore.adoc:46 +msgid "Check whether you need to restore [path]``/var/spacewalk/packages/``." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:43 +#: modules/administration/pages/backup-restore.adoc:47 msgid "" -"OPTIONAL: If you know the CVE number of a patch you want to apply, you can " -"search for it in menu:Audit[CVE Audit], and apply the patch to any clients " -"that require it." +"If [path]``/var/spacewalk/packages/`` was not in your backup, you will need " +"to restore it. If the source repository is available, you can restore " +"[path]``/var/spacewalk/packages/`` with a complete channel synchronization:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/live-patching-sles12.adoc:49 -msgid "" -"Not all kernel patches are Live Patches! Non-Live kernel patches are " -"represented by a `Reboot Required` icon located next to the `Security` " -"shield icon. These patches will always require a reboot." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:48 +#, no-wrap +msgid "mgr-sync refresh --refresh-channels\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/live-patching-sles12.adoc:58 +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:49 msgid "" -"Not all security issues can be fixed by applying a live patch. Some " -"security issues can only be fixed by applying a full kernel update and will " -"require a reboot. The assigned CVE numbers for these issues are not " -"included in live patches. A CVE audit will display this requirement." +"Check the progress by running [command]``tail -f /var/log/rhn/reposync/" +"````.log`` as _root_." msgstr "" -#. type: Title = -#: modules/administration/pages/live-patching-sles15.adoc:2 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:50 #, no-wrap -msgid "Live Patching on SLES{nbsp}15" +msgid "Administering the Database with smdba" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:5 +#: modules/administration/pages/backup-restore.adoc:51 msgid "" -"On SLES{nbsp}15 systems and newer, live patching is managed by the " -"[systemitem]``klp livepatch`` tool." +"The [command]``smdba`` tool is used for managing a local PostgreSQL " +"database. It allows you to back up and restore your database, and manage " +"backups. It can also be used to check the status of your database, and " +"perform administration tasks, such as restarting." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:10 -msgid "You have one or more Salt clients running SLES{nbsp}15 (SP1 or later)." +#: modules/administration/pages/backup-restore.adoc:52 +msgid "" +"The [command]``smdba`` tool works with local PostgreSQL databases only, it " +"will not work with remotely accessed databases, or Oracle databases." msgstr "" -#. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:11 -msgid "Your SLES{nbsp}15 Salt clients are registered with {productname}." +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:53 +msgid "" +"The [command]``smdba`` tool requires [command]``sudo`` access, to execute " +"system changes. Ensure you have enabled [command]``sudo`` access for the " +"[username]``admin`` user before you begin, by checking the [path]``/etc/" +"sudoers`` file for this line:" msgstr "" -#. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:12 -msgid "" -"You have access to the SLES{nbsp}15 channels appropriate for your " -"architecture, including the live patching child channel (or channels)." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:54 +#, no-wrap +msgid "admin ALL=(postgres) /usr/bin/smdba\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:22 -msgid "" -"Select the client you want to manage with Live Patching from menu:" -"Systems[Overview], and navigate to the menu:Software[Packages > Install] " -"tab. Search for the [systemitem]``kernel-livepatch`` package, and install " -"it." +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:55 +msgid "Check the runtime status of your database with:" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/live-patching-sles15.adoc:23 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:56 #, no-wrap -msgid "enable_live_patching_kernel_live_install.png" +msgid "smdba db-status\n" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:27 -msgid "" -"To check that live patching has been enabled correctly, select the client " -"from menu:Systems[System List], and ensure that [systemitem]``Live Patch`` " -"appears in the [guimenu]``Kernel`` field." +#: modules/administration/pages/backup-restore.adoc:57 +msgid "This command will return either ``online`` or ``offline``, for example:" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-sync.adoc:2 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:58 #, no-wrap -msgid "Troubleshooting Package Synchronization" +msgid "Checking database core... online\n" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-sync.adoc:25 -msgid "" -"{productname} does not automatically trust third party GPG keys. If package " -"synchronization fails, it could be because of an untrusted GPG key. You can " -"find out if this is the case by opening [path]``/var/log/rhn/reposync`` and " -"looking for an error like this:" +#: modules/administration/pages/backup-restore.adoc:59 +msgid "Starting and stopping the database can be performed with:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-sync.adoc:31 +#: modules/administration/pages/backup-restore.adoc:60 +#: modules/administration/pages/backup-restore.adoc:102 #, no-wrap -msgid "" -"['/usr/bin/spacewalk-repo-sync', '--channel', 'sle-12-sp1-ga-desktop-\n" -"nvidia-driver-x86_64', '--type', 'yum', '--non-interactive']\n" -"ChannelException: The GPG key for this repository is not part of the keyring.\n" -"Please run spacewalk-repo-sync in interactive mode to import it.\n" +msgid "smdba db-start\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-sync.adoc:34 -msgid "" -"To resolve the problem, you need to import the GPG key to {productname}. " -"For more on importing GPG keys, see xref:administration:repo-metadata.adoc[]." +#: modules/administration/pages/backup-restore.adoc:61 +msgid "And:" msgstr "" -#. type: Title = -#: modules/administration/pages/auditing.adoc:2 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:62 +#: modules/administration/pages/backup-restore.adoc:98 #, no-wrap -msgid "Auditing" +msgid "smdba db-stop\n" +msgstr "" + +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:63 +#, no-wrap +msgid "Database Backup with smdba" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:6 +#: modules/administration/pages/backup-restore.adoc:64 msgid "" -"In {productname}, you can keep track of your clients through a series of " -"auditing tasks. You can check that your clients are up to date with all " -"public security patches (CVEs), perform subscription matching, and use " -"OpenSCAP to check for specification compliance." +"The [command]``smdba`` tool performs a continuous archiving backup. This " +"backup method combines a log of every change made to the database during the " +"current session, with a series of more traditional backup files. When a " +"crash occurs, the database state is first restored from the most recent " +"backup file on disk, then the log of the current session is replayed " +"exactly, to bring the database back to a current state. A continuous " +"archiving backup with [command]``smdba`` is performed with the database " +"running, so there is no need for downtime." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:65 +msgid "" +"This method of backing up is stable and generally creates consistent " +"snapshots, however it can take up a lot of storage space. Ensure you have " +"at least three times the current database size of space available for " +"backups. You can check your current database size by navigating to [path]``/" +"var/lib/pgsql/`` and running [command]``df -h``." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:8 +#: modules/administration/pages/backup-restore.adoc:66 msgid "" -"In the {productname} {webui}, navigate to [guimenu]``Audit`` to perform " -"auditing tasks." +"The [command]``smdba`` tool also manages your archives, keeping only the " +"most recent backup, and the current archive of logs. The log files can only " +"be a maximum file size of 16{nbsp}MB, so a new log file will be created when " +"the files reach this size. Every time you create a new backup, previous " +"backups will be purged to release disk space. We recommend you use " +"[command]``cron`` to schedule your [command]``smdba`` backups to ensure that " +"your storage is managed effectively, and you always have a backup ready in " +"case of failure." msgstr "" -#. This will probably need to be broken into sub-sections. --LKB 20200205 -#. type: Title == -#: modules/administration/pages/auditing.adoc:14 +#. type: Title === +#: modules/administration/pages/backup-restore.adoc:67 #, no-wrap -msgid "CVE Audits" +msgid "Performing a Manual Database Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:17 +#: modules/administration/pages/backup-restore.adoc:68 msgid "" -"A CVE (common vulnerabilities and exposures) is a fix for a publicly known " -"security vulnerability." +"The [command]``smdba`` tool can be run directly from the command line. We " +"recommend you run a manual database backup immediately after installation, " +"or if you have made any significant changes to your configuration." msgstr "" #. type: delimited block = -#: modules/administration/pages/auditing.adoc:21 -msgid "You must apply CVEs to your clients as soon as they become available." +#: modules/administration/pages/backup-restore.adoc:69 +msgid "" +"When [command]``smdba`` is run for the first time, or if you have changed " +"the location of the backup, it will need to restart your database before " +"performing the archive. This will result in a small amount of downtime. " +"Regular database backups will not require any downtime." +msgstr "" + +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:70 +#, no-wrap +msgid "Procedure: Performing a Manual Database Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:25 -msgid "" -"Each CVE contains an identification number, a description of the " -"vulnerability, and links to further information. CVE identification numbers " -"use the form ``CVE-YEAR-XXXX``." +#: modules/administration/pages/backup-restore.adoc:71 +msgid "Allocate permanent storage space for your backup." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:27 +#: modules/administration/pages/backup-restore.adoc:72 msgid "" -"In the {productname} {webui}, navigate to menu:Audit[CVE Audit] to see a " -"list of all clients and their current patch status." +"This example uses a directory located at [path]``/var/spacewalk/``. This " +"will become a permanent target for your backup, so ensure it will remain " +"accessible by your server at all times." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:30 -msgid "" -"By default, the CVE data is updated at 2300 every day. We recommend that " -"before you begin a CVE audit you refresh the data to ensure you have the " -"latest patches." +#: modules/administration/pages/backup-restore.adoc:73 +msgid "In your backup location, create a directory for the backup:" msgstr "" -#. type: Block title -#: modules/administration/pages/auditing.adoc:33 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:74 #, no-wrap -msgid "Procedure: Updating CVE Data" +msgid "sudo -u postgres mkdir /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:35 -msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Task Schedules] and " -"select the ``cve-server-channels-default`` schedule." +#: modules/administration/pages/backup-restore.adoc:75 +msgid "Or, as root:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:36 -msgid "Click btn:[cve-server-channels-bunch]." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:76 +#, no-wrap +msgid "install -d -o postgres -g postgres -m 700 /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:38 -msgid "" -"Click btn:[Single Run Schedule] to schedule the task. Allow the task to " -"complete before continuing with the CVE audit." +#: modules/administration/pages/backup-restore.adoc:77 +msgid "Ensure you have the correct permissions set on the backup location:" msgstr "" -#. type: Block title -#: modules/administration/pages/auditing.adoc:41 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:78 #, no-wrap -msgid "Procedure: Verifying Patch Status" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/auditing.adoc:43 -msgid "In the {productname} {webui}, navigate to menu:Audit[CVE Audit]." +msgid "chown postgres:postgres /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:44 +#: modules/administration/pages/backup-restore.adoc:79 msgid "" -"OPTIONAL: To check the patch status for a particular CVE, type the CVE " -"identifier in the [guimenu]``CVE Number`` field." +"To create a backup for the first time, run the [command]``smdba backup-hot`` " +"command with the [option]``enable`` option set." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:45 +#: modules/administration/pages/backup-restore.adoc:80 msgid "" -"Select the patch statuses you want to look for, or leave all statuses " -"checked to look for all." +"This will create the backup in the specified directory, and, if necessary, " +"restart the database:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:46 -msgid "" -"Click btn:[Audit Servers] to check all systems, or click btn:[Audit Images] " -"to check all images." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:81 +#, no-wrap +msgid "smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:48 +#: modules/administration/pages/backup-restore.adoc:82 msgid "" -"For more information about the patch status icons used on this page, see " -"xref:reference:audit/audit-cve-audit.adoc[]." +"This command produces debug messages and finishes sucessfully with the " +"output:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:53 -msgid "" -"For each system, the [guimenu]``Next Action`` column provides information " -"about what you need to do to address vulnerabilities. If applicable, a list " -"of candidate channels or patches is also given. You can also assign systems " -"to a [guimenu]``System Set`` for further batch processing." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:83 +#, no-wrap +msgid "INFO: Finished\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:58 +#: modules/administration/pages/backup-restore.adoc:84 msgid "" -"You can use the {productname} API to verify the patch status of your " -"clients. Use the ``audit.listSystemsByPatchStatus`` API method. For more " -"information about this method, see the {productname} API Guide." +"Check that the backup files exist in the [path]``/var/spacewalk/db-backup`` " +"directory, to ensure that your backup has been successful." msgstr "" -#. type: Title == -#: modules/administration/pages/auditing.adoc:61 +#. type: Title === +#: modules/administration/pages/backup-restore.adoc:85 #, no-wrap -msgid "CVE Status" +msgid "Scheduling Automatic Backups" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:65 +#: modules/administration/pages/backup-restore.adoc:86 msgid "" -"The CVE status of clients is usually either ``affected``, ``not affected``, " -"or ``patched``. These statuses are based only on the information that is " -"available to {productname}." +"You do not need to shut down your system to perform a database backup with " +"[command]``smdba``. However, because it is a large operation, database " +"performance can slow down while the backup is running. We recommend you " +"schedule regular database backups for a low-traffic period, to minimize " +"disruption." msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:67 -msgid "Within {productname}, these definitions apply:" +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:87 +msgid "" +"Ensure you have at least three times the current database size of space " +"available for backups. You can check your current database size by " +"navigating to [path]``/var/lib/pgsql/`` and running [command]``df -h``." msgstr "" -#. type: Labeled list -#: modules/administration/pages/auditing.adoc:68 +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:88 #, no-wrap -msgid "System affected by a certain vulnerability" +msgid "Procedure: Scheduling Automatic Backups" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:70 +#: modules/administration/pages/backup-restore.adoc:89 msgid "" -"A system which has an installed package with version lower than the version " -"of the same package in a relevant patch marked for the vulnerability." +"Create a directory for the backup, and set the appropriate permissions (as " +"root):" msgstr "" -#. type: Labeled list -#: modules/administration/pages/auditing.adoc:71 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:90 #, no-wrap -msgid "System not affected by a certain vulnerability" +msgid "install -m 700 -o postgres -g postgres /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:73 +#: modules/administration/pages/backup-restore.adoc:91 msgid "" -"A system which has no installed package that is also in a relevant patch " -"marked for the vulnerability." +"Open [path]``/etc/cron.d/db-backup-mgr``, or create it if it does not exist, " +"and add the following line to create the cron job:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/auditing.adoc:74 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:92 #, no-wrap -msgid "System patched for a certain vulnerability" +msgid "0 2 * * * root /usr/bin/smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:76 +#: modules/administration/pages/backup-restore.adoc:93 msgid "" -"A system which has an installed package with version equal to or greater " -"than the version of the same package in a relevant patch marked for the " -"vulnerability." +"Check the backup directory regularly to ensure the backups are working as " +"expected." msgstr "" -#. type: Labeled list -#: modules/administration/pages/auditing.adoc:77 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:94 #, no-wrap -msgid "Relevant patch" +msgid "Restoring from Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:79 -msgid "A patch known by {productname} in a relevant channel." +#: modules/administration/pages/backup-restore.adoc:95 +msgid "" +"The [command]``smdba`` tool can be used to restore from backup in the case " +"of failure." msgstr "" -#. type: Labeled list -#: modules/administration/pages/auditing.adoc:80 +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:96 #, no-wrap -msgid "Relevant channel" +msgid "Procedure: Restoring from Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:82 -msgid "" -"A channel managed by {productname}, which is either assigned to the system, " -"the original of a cloned channel which is assigned to the system, a channel " -"linked to a product which is installed on the system or a past or future " -"service pack channel for the system." +#: modules/administration/pages/backup-restore.adoc:97 +msgid "Shut down the database:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/auditing.adoc:87 -msgid "" -"Because of the definitions used within {productname}, CVE audit results " -"might be incorrect in some circumstances. For example, unmanaged channels, " -"unmanaged packages, or non-compliant systems might report incorrectly." +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:99 +msgid "Start the restore process and wait for it to complete:" msgstr "" -#. type: Title = -#: modules/administration/pages/content-staging.adoc:2 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:100 #, no-wrap -msgid "Content Staging" +msgid "smdba backup-restore start\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:7 -msgid "" -"Staging is used by clients to download packages in advance, before they are " -"installed. This allows package installation to begin as soon as it is " -"scheduled, which can reduce the amount of time required for a maintenance " -"window." +#: modules/administration/pages/backup-restore.adoc:101 +msgid "Restart the database:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:103 +msgid "Check if there are differences between the RPMs and the database." +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:104 +#, no-wrap +msgid "spacewalk-data-fsck\n" msgstr "" #. type: Title == -#: modules/administration/pages/content-staging.adoc:9 +#: modules/administration/pages/backup-restore.adoc:105 #, no-wrap -msgid "Enable Content Staging" +msgid "Archive Log Settings" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:14 +#: modules/administration/pages/backup-restore.adoc:106 msgid "" -"You can manage content staging across your entire organization. In the " -"{productname} {webui}, navigate to menu:Admin[Organizations] to see a list " -"of available organizations. Click the name of an organization, and check " -"the [guimenu]``Enable Staging Contents`` box to allow clients in this " -"organization to stage package data." +"Archive logging allows the database management tool [command]``smdba`` to " +"perform hot backups. In {productname} with an embedded database, archive " +"logging is enabled by default." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-staging.adoc:18 +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:107 msgid "" -"You must be logged in as a {productname} administrator to create and manage " -"organizations." +"PostgreSQL maintains a limited number of archive logs. Using the default " +"configuration, approximately 64 files with a size of 16 MiB are stored." msgstr "" +#. FIXME: Use sle 15 channels as an example #. type: Plain text -#: modules/administration/pages/content-staging.adoc:21 -msgid "" -"You can also enable staging at the command prompt by editing [path]``/etc/" -"sysconfig/rhn/up2date``, and adding or editing these lines:" +#: modules/administration/pages/backup-restore.adoc:108 +msgid "Creating a user and syncing the channels:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/content-staging.adoc:25 -#, no-wrap -msgid "" -"stagingContent=1\n" -"stagingContentWindow=24\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:109 +msgid "SLES12-SP2-Pool-x86_64" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:110 +msgid "SLES12-SP2-Updates-x86_64" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:111 +msgid "SLE-Manager-Tools12-Pool-x86_64-SP2" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:112 +msgid "SLE-Manager-Tools12-Updates-x86_64-SP2" msgstr "" -#. 2018-12-10, ke: /etc/sysconfig/rhn/up2date still exists. @renner confirmed some tools use it (at least, trad. client). To be renamed in the future. #. type: Plain text -#: modules/administration/pages/content-staging.adoc:36 +#: modules/administration/pages/backup-restore.adoc:113 msgid "" -"The ``stagingContentWindow`` parameter is a time value expressed in hours " -"and determines when downloading will start. It is the number of hours " -"before the scheduled installation or update time. In this example, content " -"will be downloaded 24 hours before the installation time. The start time " -"for download depends on the selected contact method for a system. The " -"assigned contact method sets the time for when the next " -"[command]``mgr_check`` will be executed." +"PostgreSQL will generate an additional roughly 1 GB of data. So it is " +"important to think about a backup strategy and create a backups in a regular " +"way." msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:39 +#: modules/administration/pages/backup-restore.adoc:114 msgid "" -"Next time an action is scheduled, packages are automatically downloaded, but " -"not installed. At the scheduled time, the staged packages are installed." +"Archive logs are stored at [path]``/var/lib/pgsql/data/pg_xlog/`` " +"(postgresql)." msgstr "" #. type: Title == -#: modules/administration/pages/content-staging.adoc:42 +#: modules/administration/pages/backup-restore.adoc:115 #, no-wrap -msgid "Configure Content Staging" +msgid "Retrieving an Overview of Occupied Database Space" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:45 -msgid "There are two parameters used to configure content staging:" +#: modules/administration/pages/backup-restore.adoc:116 +msgid "" +"Database administrators may use the subcommand [command]``space-overview`` " +"to get a report about occupied table spaces, for example:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:117 +#, no-wrap +msgid "smdba space-overview\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:48 +#: modules/administration/pages/backup-restore.adoc:118 +#: modules/administration/pages/backup-restore.adoc:123 +msgid "outputs:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:119 +#: modules/administration/pages/backup-restore.adoc:124 +#, no-wrap msgid "" -"[parameter]``salt_content_staging_advance`` is the advance time for the " -"content staging window to open, in hours. This is the number of hours " -"before installation starts, that package downloads can begin." +"SUSE Manager Database Control. Version 1.5.2\n" +"Copyright (c) 2012 by SUSE Linux Products GmbH\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-staging.adoc:50 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:120 +#, no-wrap msgid "" -"[parameter]``salt_content_staging_window`` is the duration of the content " -"staging window, in hours. This is the amount of time clients have to stage " -"packages before installation begins." +"Tablespace | Size (Mb) | Avail (Mb) | Use %\n" +"------------+-----------+------------+------\n" +"postgres | 7 | 49168 | 0.013\n" +"susemanager | 776 | 48399 | 1.602\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:53 +#: modules/administration/pages/backup-restore.adoc:121 msgid "" -"For example, if [parameter]``salt_content_staging_advance`` is set to six " -"hours, and [parameter]``salt_content_staging_window`` is set to two hours, " -"the staging window will open six hours before the installation time, and " -"remain open for two hours. No packages will be downloaded in the four " -"remaining hours until installation starts." +"The [command]``smdba`` command is available for PostgreSQL. For a more " +"detailed report, use the [command]``space-tables`` subcommand. It lists the " +"table and its size, for example:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-staging.adoc:55 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:122 +#, no-wrap +msgid "smdba space-tables\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:125 +#, no-wrap msgid "" -"If you set the same value for both " -"[parameter]``salt_content_staging_advance`` and " -"[parameter]``salt_content_staging_window`` packages will be able to be " -"downloaded until installation begins." +"Table | Size\n" +"--------------------------------------+-----------\n" +"public.all_primary_keys | 0 bytes\n" +"public.all_tab_columns | 0 bytes\n" +"public.allserverkeywordsincereboot | 0 bytes\n" +"public.dblink_pkey_results | 0 bytes\n" +"public.dual | 8192 bytes\n" +"public.evr_t | 0 bytes\n" +"public.log | 32 kB\n" +"...\n" +msgstr "" + +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:126 +#, no-wrap +msgid "Moving the Database" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:57 +#: modules/administration/pages/backup-restore.adoc:127 msgid "" -"Configure the content staging parameters in [path]``/usr/share/rhn/config-" -"defaults/rhn_java.conf``." +"It is possible to move the database to another location. For example, move " +"the database if the database storage space is running low. The following " +"procedure will guide you through moving the database to a new location for " +"use by {productname}." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-staging.adoc:59 -msgid "Default values:" +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:128 +#, no-wrap +msgid "Procedure: Moving the Database" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:61 -msgid "[path]``salt_content_staging_advance: 8 hours``" +#: modules/administration/pages/backup-restore.adoc:129 +msgid "" +"The default storage location for {productname} is [path]``/var/lib/pgsql/``. " +"If you would like to move it, for example to [path]``/storage/postgres/``, " +"proceed as follows." msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:62 -msgid "[path]``salt_content_staging_window: 8 hours``" +#: modules/administration/pages/backup-restore.adoc:130 +msgid "Stop the running database with (as root):" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-staging.adoc:67 -msgid "Content staging must be enabled for these parameters to work correctly." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:131 +#, no-wrap +msgid "rcpostgresql stop\n" msgstr "" -#. type: Title = -#: modules/administration/pages/task-schedules.adoc:2 -#, no-wrap -msgid "Task Schedules" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:132 +msgid "Shut down the running Spacewalk services with:" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:5 +#: modules/administration/pages/backup-restore.adoc:134 msgid "" -"Under menu:Admin[Task Schedules] all predefined task bunches are listed." +"Copy the current working directory structure with [command]``cp`` using the " +"[option]``-a, --archive`` option." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/task-schedules.adoc:6 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:136 #, no-wrap -msgid "admin_task_schedules.png" +msgid "cp --archive /var/lib/pgsql/ /storage/postgres/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:11 +#: modules/administration/pages/backup-restore.adoc:137 msgid "" -"Click a menu:SUSE Manager Schedules[Schedule name] to open its menu:Schedule " -"Name[Basic Schedule Details] where you can disable it or change the " -"frequency. Click btn:[Edit Schedule] to update the schedule with your " -"settings. To delete a schedule, click btn:[Delete Schedule] in the upper " -"right-hand corner." +"This command will copy the contents of [path]``/var/lib/pgsql/`` to [path]``/" +"storage/postgres/pgsql/``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/task-schedules.adoc:15 +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:138 msgid "" -"Only disable or delete a schedule if you are absolutely certain this is " -"necessary as they are essential for {productname} to work properly." +"The contents of the [path]``/var/lib/pgsql`` directory needs to remain the " +"same, otherwise the {productname} database may malfunction. You also should " +"ensure that there is enough available disk space." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:19 -msgid "" -"If you click a bunch name, a list of runs of that bunch type and their " -"status will be displayed. Clicking the start time links takes you back to " -"the menu:Schedule Name[Basic Schedule Details]." +#: modules/administration/pages/backup-restore.adoc:139 +msgid "Mount the new database directory with:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:140 +#, no-wrap +msgid "mount /storage/postgres/pgsql\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:21 +#: modules/administration/pages/backup-restore.adoc:141 msgid "" -"For example, the following predefined task bunches are scheduled by default " -"and can be configured:" +"Make sure ownership is `postgres:postgres` and not `root:root` by changing " +"to the new directory and running the following commands:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:22 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:142 #, no-wrap -msgid "menu:channel-repodata-default:[]" +msgid "" +"cd /storage/postgres/pgsql/\n" +"ls -l\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:24 -msgid "(Re)generates repository metadata files." +#: modules/administration/pages/backup-restore.adoc:143 +msgid "Outputs:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:26 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:144 #, no-wrap -msgid "menu:cleanup-data-default:[]" +msgid "" +"total 8\n" +"drwxr-x--- 4 postgres postgres 47 Jun 2 14:35 ./\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:28 +#: modules/administration/pages/backup-restore.adoc:145 msgid "" -"Cleans up stale package change log and monitoring time series data from the " -"database." +"Add the new database mount location to your servers fstab by editing " +"[path]``etc/fstab``." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:30 +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:146 +msgid "Start the database with:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:147 #, no-wrap -msgid "menu:clear-taskologs-default:[]" +msgid "rcpostgresql start\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:32 -msgid "" -"Clears task engine (taskomatic) history data older than a specified number " -"of days, depending on the job type, from the database." +#: modules/administration/pages/backup-restore.adoc:148 +msgid "Start the Spacewalk services with:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:34 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:150 #, no-wrap -msgid "menu:cobbler-sync-default:[]" +msgid "Recovering from a Crashed Root Partition" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:37 +#: modules/administration/pages/backup-restore.adoc:151 msgid "" -"Synchronizes distribution and profile data from {productname} to Cobbler. " -"For more information, see xref:client-configuration:cobbler.adoc[]." +"This section provides guidance on restoring your server after its root " +"partition has crashed. This section assumes you have setup your server " +"similar to the procedure explained in Installation guide with separate " +"partitions for the database and for channels mounted at [path]``/var/lib/" +"pgsql`` and [path]``/var/spacewalk/``." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:39 +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:152 #, no-wrap -msgid "menu:compare-configs-default:[]" +msgid "Procedure: Recovering from a Crashed Root Partition" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:44 -msgid "" -"Compares configuration files as stored in configuration channels with the " -"files stored on all configuration-enabled servers. To review comparisons, " -"click menu:Systems[] tab and select the system of interest. Go to menu:" -"Configuration[Compare Files]. For more information, see xref:reference:" -"systems/system-details/sd-configuration.adoc#sd-config-compare-files[]." +#: modules/administration/pages/backup-restore.adoc:153 +msgid "Install {productname}." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:46 -#, no-wrap -msgid "menu:cve-server-channels-default:[]" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:154 +msgid "" +"Do not mount the [path]``/var/spacewalk`` and [path]``/var/lib/pgsql`` " +"partitions. Wait for the installation to complete before going on to the " +"next step." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:50 -msgid "" -"Updates internal pre-computed CVE data that is used to display results on " -"the menu:Audit[CVE Audit] page. Search results in the menu:Audit[CVE Audit] " -"page are updated to the last run of this schedule). For more information, " -"see xref:reference:audit/audit-cve-audit.adoc[]." +#: modules/administration/pages/backup-restore.adoc:155 +msgid "Shut down the services with [command]``spacewalk-service shutdown``." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:52 -#, no-wrap -msgid "menu:daily-status-default:[]" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:156 +msgid "Shut down the database with [command]``rcpostgresql stop``." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:56 -msgid "" -"Sends daily report e-mails to relevant addresses. To learn more about how " -"to configure notifications for specific users, see xref:reference:users/user-" -"details.adoc[]." +#: modules/administration/pages/backup-restore.adoc:157 +msgid "Mount [path]``/var/spacewalk`` and [path]``/var/lib/pgsql`` partitions." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:58 -#, no-wrap -msgid "menu:errata-cache-default:[]" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:158 +msgid "Restore the directories listed in <>." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:62 +#: modules/administration/pages/backup-restore.adoc:159 msgid "" -"Updates internal patch cache database tables, which are used to look up " -"packages that need updates for each server. Also, this sends notification " -"emails to users that might be interested in certain patches. For more " -"information about patches, see xref:reference:patches/patches-menu.adoc[]." +"Start the Spacewalk services with [command]``spacewalk-services start``." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:64 -#, no-wrap -msgid "menu:errata-queue-default:[]" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:160 +msgid "Start the database with [command]``rcpostgresql start``." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:66 +#: modules/administration/pages/backup-restore.adoc:161 msgid "" -"Queues automatic updates (patches) for servers that are configured to " -"receive them." +"{productname} should now operate normally without loss of your database or " +"synced channels." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:68 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:162 #, no-wrap -msgid "menu:kickstart-cleanup-default:[]" +msgid "Database Connection Information" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:70 -msgid "Cleans up stale kickstart session data." +#: modules/administration/pages/backup-restore.adoc:163 +msgid "" +"The information for connecting to the {productname} database is located in " +"[path]``/etc/rhn/rhn.conf``:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:72 +#. There are no such default, they are user-spcified, though +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:164 #, no-wrap -msgid "menu:kickstartfile-sync-default:[]" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/task-schedules.adoc:74 msgid "" -"Generates Cobbler files corresponding to Kickstart profiles created by the " -"configuration wizard." +"db_backend = postgresql\n" +"db_user = susemanager\n" +"db_password = susemanager\n" +"db_name = susemanager\n" +"db_host = localhost\n" +"db_port = 5432\n" +"db_ssl_enabled =\n" msgstr "" -#. we probably no longer want to reference NCC; I do not know whether it works the same way with SCC (if at all) -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:77 +#. type: Title = +#: modules/administration/pages/channel-management.adoc:1 #, no-wrap -msgid "menu:mgr-register-default:[]" +msgid "Channel Management" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/channel-management.adoc:2 +msgid "Channels are a method of grouping software packages." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:79 +#: modules/administration/pages/channel-management.adoc:3 msgid "" -"Calls the [command]``mgr-register`` command, which synchronizes client " -"registration data with NCC (new, changed or deleted clients' data are " -"forwarded)." +"In {productname}, channels are grouped into base and child channels, with " +"base channels grouped by operating system type, version, and architecture, " +"and child channels being compatible with their related base channel. When a " +"client has been assigned to a base channel, it is only possible for that " +"system to install the related child channels. Organizing channels in this " +"way ensures that only compatible packages are installed on each system." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:81 -#, no-wrap -msgid "menu:mgr-sync-refresh-default:[]" +#. type: Plain text +#: modules/administration/pages/channel-management.adoc:4 +msgid "" +"Software channels use repositories to provide packages. The channels mirror " +"the repositories in {productname}, and the package names and other data are " +"stored in the {productname} database. You can have any number of " +"repositories associated with a channel. The software from those " +"repositories can then be installed on clients by subscribing the client to " +"the appropriate channel." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:83 +#: modules/administration/pages/channel-management.adoc:5 msgid "" -"The default time at which the start of synchronization with SUSE Customer " -"Center (SCC) takes place (``mgr-sync-refresh``)." +"Clients can only be assigned to one base channel. The client can then " +"install or update packages from the repositories associated with that base " +"channel and any of its child channels." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:84 -#, no-wrap -msgid "menu:minion-action-cleanup-default:[]" +#. type: Plain text +#: modules/administration/pages/channel-management.adoc:6 +msgid "" +"{productname} provides a number of vendor channels, which provide you " +"everything you need to run {productname}. {productname} Administrators and " +"Channel Administrators have channel management authority, which gives them " +"the ability to create and manage their own custom channels. If you want to " +"use your own packages in your environment, you can create custom channels. " +"Custom channels can be used as a base channel, or you can associate them " +"with a vendor base channel." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:89 +#: modules/administration/pages/channel-management.adoc:7 msgid "" -"Deletes stale client action data from the file system. First it tries to " -"complete any possibly unfinished actions by looking up the corresponding " -"results; these results are stored in the Salt job cache. An unfinished " -"action can occur if the server has missed the results of the action. For " -"successfully completed actions it removes artifacts such as executed script " -"files." +"For more on creating custom channels, see xref:administration:custom-" +"channels.adoc[]." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:91 +#. type: Title == +#: modules/administration/pages/channel-management.adoc:8 #, no-wrap -msgid "menu:package-cleanup-default:[]" +msgid "Channel Administration" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:93 -msgid "Deletes stale package files from the file system." +#: modules/administration/pages/channel-management.adoc:9 +msgid "" +"By default, any user can subscribe channels to a system. You can implement " +"restrictions on the channel using the {webui}." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:94 +#. type: Block title +#: modules/administration/pages/channel-management.adoc:10 #, no-wrap -msgid "menu:reboot-action-cleanup-default:[]" +msgid "Procedure: Restricting Subscriber Access to a Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:97 +#: modules/administration/pages/channel-management.adoc:11 msgid "" -"Any reboot actions pending for more than six hours are marked as failed and " -"associated data is cleaned up in the database. For more information on " -"scheduling reboot actions, see xref:reference:systems/system-details/sd-" -"provisioning.adoc#sd-power-management[]." -msgstr "" - -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:99 -#, no-wrap -msgid "menu:sandbox-cleanup-default:[]" +"In the {productname} {webui}, navigate to menu:Software[Channel List], and " +"select the channel to edit." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:104 +#: modules/administration/pages/channel-management.adoc:12 msgid "" -"Cleans up Sandbox configuration files and channels that are older than the " -"__sandbox_lifetime__ configuration parameter (3 days by default). Sandbox " -"files are those imported from systems or files under development. For more " -"information, see xref:reference:systems/system-details/sd-configuration." -"adoc#sd-config-add-files[]." +"Locate the [guimenu]``Per-User Subscription Restrictions`` section and check " +"[guimenu]``Only selected users within your organization may subscribe to " +"this channel``." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:106 -#, no-wrap -msgid "menu:session-cleanup-default:[]" +#. type: Plain text +#: modules/administration/pages/channel-management.adoc:13 +msgid "Click btn:[Update] to save the changes." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:108 +#: modules/administration/pages/channel-management.adoc:14 msgid "" -"Cleans up stale Web interface sessions, typically data that is temporarily " -"stored when a user logs in and then closes the browser before logging out." +"Navigate to the [guimenu]``Subscribers`` tab and select or deselect users as " +"required." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:110 +#. type: Title = +#: modules/administration/pages/content-lifecycle-examples.adoc:1 #, no-wrap -msgid "menu:ssh-push-default:[]" +msgid "Content Lifecycle Management Examples" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:112 +#: modules/administration/pages/content-lifecycle-examples.adoc:2 msgid "" -"Prompts clients to check in with {productname} via SSH if they are " -"configured with a `SSH Push` contact method." +"This section contains some common examples of how you can use content " +"lifecycle management. Use these examples to build your own personalized " +"implementation." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:113 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:3 #, no-wrap -msgid "menu:token-cleanup-default:[]" +msgid "Creating a Project for a Monthly Patch Cycle" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:114 -msgid "" -"Deletes expired repository tokens that are used by Salt clients to download " -"packages and metadata." +#: modules/administration/pages/content-lifecycle-examples.adoc:4 +msgid "An example project for a monthly patch cycle consists of:" msgstr "" -#. type: Title = -#: modules/administration/pages/organizations.adoc:2 +#. type: Title === +#: modules/administration/pages/content-lifecycle-examples.adoc:5 +#: modules/administration/pages/content-lifecycle-examples.adoc:10 #, no-wrap -msgid "Organizations" +msgid "Creating a `By Date` filter" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:6 -msgid "" -"Organizations are used to manage user access and permissions within " -"{productname}." +#: modules/administration/pages/content-lifecycle-examples.adoc:6 +msgid "Adding the filter to the project" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:10 -msgid "" -"For most environments, a single organization is enough. However, more " -"complicated environments might need several organizations. You might like " -"to have an organization for each physical location within your business, or " -"for different business functions." +#: modules/administration/pages/content-lifecycle-examples.adoc:7 +msgid "Applying the filter to a new project build" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:13 -msgid "" -"When you have created your organizations, you can create and assign users to " -"your organizations. You can then assign permissions on an organization " -"level, which applies by default to every user assigned to the organization." +#: modules/administration/pages/content-lifecycle-examples.adoc:8 +msgid "Excluding a patch from the project" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:16 -msgid "" -"You can also configure authentication methods for your new organization, " -"including PAM and single sign-on. For more information about " -"authentication, see xref:administration:auth-methods.adoc[]." -msgstr "" - -#. type: Block title -#: modules/administration/pages/organizations.adoc:24 -#, no-wrap -msgid "Procedure: Creating a New Organization" +#: modules/administration/pages/content-lifecycle-examples.adoc:9 +msgid "Including a patch in the project" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:26 +#: modules/administration/pages/content-lifecycle-examples.adoc:11 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Organizations], and " -"click btn:[Create Organization]." +"The ``By Date`` filter excludes all patches released after a specified " +"date. This filter is useful for your content lifecycle projects that follow " +"a monthly patch cycle." msgstr "" -#. type: Plain text -#: modules/administration/pages/organizations.adoc:27 -msgid "In the [guimenu]``Create Organization`` dialog, complete these fields:" +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:12 +#, no-wrap +msgid "Procedure: Creating the ``By Date`` Filter" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:29 +#: modules/administration/pages/content-lifecycle-examples.adoc:13 +#: modules/administration/pages/content-lifecycle-examples.adoc:38 +#: modules/administration/pages/content-lifecycle-examples.adoc:53 msgid "" -"In the [guimenu]``Organization Name`` field, type a name for your new " -"organization. The name should be between 3 and 128 characters long." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters] " +"and click btn:[Create Filter]." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:31 -msgid "" -"In the [guimenu]``Desired Login`` field, type the login name you want to use " -"for the organization's administrator. This must be a new administrator " -"account, you will not be able to use an existing administrator account to " -"sign in to the new organization, including the one you are currently signed " -"in with." +#: modules/administration/pages/content-lifecycle-examples.adoc:14 +#: modules/administration/pages/content-lifecycle-examples.adoc:90 +msgid "In the [guimenu]``Filter Name`` field, type a name for your filter." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:34 -msgid "" -"In the [guimenu]``Desired Password`` field, type a password for the new " -"organization's administrator. Confirm the password by typing it again in " -"the [guimenu]``Confirm Password`` field. Password strength is indicated by " -"the colored bar beneath the password fields." +#: modules/administration/pages/content-lifecycle-examples.adoc:15 +msgid "For example, [systemitem]``Exclude patches by date``." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:35 +#: modules/administration/pages/content-lifecycle-examples.adoc:16 msgid "" -"In the [guimenu]``Email`` field, type an email address for the new " -"organization's administrator." +"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Issue " +"date)``." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:36 +#: modules/administration/pages/content-lifecycle-examples.adoc:17 msgid "" -"In the [guimenu]``First Name`` field, select a salutation, and type a given " -"name for the new organization's administrator." +"In the [guimenu]``Matcher`` field, [guimenu]``later or equal`` is " +"autoselected." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:37 -msgid "" -"In the [guimenu]``Last Name`` field, type a surname for the new " -"organization's administrator." +#: modules/administration/pages/content-lifecycle-examples.adoc:18 +msgid "Select the date and time." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:38 -msgid "Click btn:[Create Organization]." +#: modules/administration/pages/content-lifecycle-examples.adoc:19 +#: modules/administration/pages/content-lifecycle-examples.adoc:25 +#: modules/administration/pages/content-lifecycle-examples.adoc:45 +#: modules/administration/pages/content-lifecycle-examples.adoc:62 +#: modules/administration/pages/monitoring.adoc:125 +msgid "Click btn:[Save]." msgstr "" -#. type: Title == -#: modules/administration/pages/organizations.adoc:41 +#. type: Title === +#: modules/administration/pages/content-lifecycle-examples.adoc:20 #, no-wrap -msgid "Manage Organizations" +msgid "Adding the Filter to the Project" msgstr "" -#. type: Plain text -#: modules/administration/pages/organizations.adoc:45 -msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Organizations] to see a " -"list of available organizations. Click the name of an organization to " -"manage it." +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:21 +#, no-wrap +msgid "Procedure: Adding a Filter to a Project" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:47 -msgid "" -"From the menu:Admin[Organizations] section, you can access tabs to manage " -"users, trusts, configuration, and states for your organization." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/organizations.adoc:52 +#: modules/administration/pages/content-lifecycle-examples.adoc:22 msgid "" -"Organizations can only be managed by their administrators. To manage an " -"organization, ensure you are signed in as the correct administrator for the " -"organization you want to change." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects] " +"and select a project from the list." msgstr "" - -#. type: Title === -#: modules/administration/pages/organizations.adoc:56 -#, no-wrap -msgid "Organization Users" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:23 +msgid "Click btn:[Attach/Detach Filters] link to see all available filters" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:60 -msgid "" -"Navigate to the [guimenu]``Users`` tab to view the list of all users " -"associated with the organization, and their role. Clicking a username takes " -"you to the [guimenu]``Users`` menu to add, change, or delete users." +#: modules/administration/pages/content-lifecycle-examples.adoc:24 +msgid "Select the new [guimenu]``Exclude patches by date`` filter." msgstr "" #. type: Title === -#: modules/administration/pages/organizations.adoc:63 +#: modules/administration/pages/content-lifecycle-examples.adoc:26 #, no-wrap -msgid "Trusted Organizations" +msgid "Applying the Filter to a new Project Build" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:67 +#: modules/administration/pages/content-lifecycle-examples.adoc:27 msgid "" -"Navigate to the [guimenu]``Trusts`` tab to add or remove trusted " -"organizations. Establishing trust between organizations allow them to share " -"content between them, and gives you the ability to migrate clients from one " -"organization to another." +"The new filter is added to your filter list, but it still needs to be " +"applied to the project. To apply the filter you need to build the first " +"environment." msgstr "" -#. type: Title === -#: modules/administration/pages/organizations.adoc:70 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:28 #, no-wrap -msgid "Configure Organizations" +msgid "Procedure: Using the Filter" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:74 -msgid "" -"Navigate to the [guimenu]``Configuration`` tab to manage the configuration " -"of your organization. This includes the use of staged contents, setting up " -"crash reporting, and the use of SCAP files." +#: modules/administration/pages/content-lifecycle-examples.adoc:29 +msgid "Click btn:[Build] to build the first environment." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:76 -msgid "" -"For more information about content staging, see xref:administration:content-" -"staging.adoc[]." +#: modules/administration/pages/content-lifecycle-examples.adoc:30 +msgid "OPTIONAL: Add a message." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:78 -msgid "" -"For more information about OpenSCAP, see xref:reference:audit/audit-openscap-" -"overview.adoc[]." +#: modules/administration/pages/content-lifecycle-examples.adoc:31 +msgid "You can use messages to help track the build history." msgstr "" -#. type: Title == -#: modules/administration/pages/organizations.adoc:81 -#, no-wrap -msgid "Manage States" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:32 +msgid "" +"Check that the filter has worked correctly by using the new channels on a " +"test server." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:86 -msgid "" -"Navigate to the [guimenu]``States`` tab to manage Salt states for all " -"clients in your organization. States allow you to define global security " -"policies, or add a common admin user to all clients." +#: modules/administration/pages/content-lifecycle-examples.adoc:33 +msgid "Click btn:[Promote] to move the content to the next environment." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:88 +#: modules/administration/pages/content-lifecycle-examples.adoc:34 msgid "" -"For more information about Salt States, see xref:salt:salt-states.adoc[]." +"The build will take longer if you have a large number of filters, or they " +"are very complex." msgstr "" #. type: Title === -#: modules/administration/pages/organizations.adoc:91 +#: modules/administration/pages/content-lifecycle-examples.adoc:35 #, no-wrap -msgid "Manage Configuration Channels" +msgid "Excluding a Patch from the Project" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:96 +#: modules/administration/pages/content-lifecycle-examples.adoc:36 msgid "" -"You can select which configuration channels should be applied across your " -"organization. Configuration channels can be created in the {productname} " -"{webui} by navigating to menu:Configuration[Channels]. Apply configuration " -"channels to your organization using the {productname} {webui}." +"Tests may help you discover issues. When an issue is found, exclude the " +"problem patch released before the `by date` filter." msgstr "" #. type: Block title -#: modules/administration/pages/organizations.adoc:97 +#: modules/administration/pages/content-lifecycle-examples.adoc:37 #, no-wrap -msgid "Procedure: Applying Configuration Channels to an Organization" +msgid "Procedure: Excluding a Patch" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:99 -msgid "" -"In the {productname} {webui}, navigate to menu:Home[My Organization > " -"Configuration Channels]." +#: modules/administration/pages/content-lifecycle-examples.adoc:39 +msgid "In the [guimenu]``Filter Name`` field, enter a name for the filter." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:100 -msgid "Use the search feature to locate a channel by name." +#: modules/administration/pages/content-lifecycle-examples.adoc:40 +msgid "For example, [systemitem]``Exclude openjdk patch``." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:102 +#: modules/administration/pages/content-lifecycle-examples.adoc:41 +#: modules/administration/pages/content-lifecycle-examples.adoc:56 msgid "" -"Check the channel to be applied and click btn:[Save Changes]. This saves to " -"the database, but does not apply the changes to the channel." +"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Advisory " +"Name)``." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:103 -msgid "" -"Apply the changes by clicking btn:[Apply]. This schedules the task to apply " -"the changes to all clients within the organization." +#: modules/administration/pages/content-lifecycle-examples.adoc:42 +#: modules/administration/pages/content-lifecycle-examples.adoc:57 +msgid "In the [guimenu]``Matcher`` field, select [guimenu]``equals``." msgstr "" -#. type: Title = -#: modules/administration/pages/subscription-matching.adoc:2 -#, no-wrap -msgid "Subscription Matching" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:43 +msgid "In the [guimenu]``Advisory Name`` field, type a name for the advisory." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:7 -msgid "" -"Your {suse} products require subscriptions, which are managed by the {scc} " -"(SCC). {productname} runs a nightly report checking the subscription status " -"of all your registered clients against your SCC account. The report gives " -"you information about which clients consume which subscriptions, how many " -"subscriptions you have remaining and available to use, and which clients do " -"not have a current subscription." +#: modules/administration/pages/content-lifecycle-examples.adoc:44 +msgid "For example, [systemitem]``SUSE-15-2019-1807``." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:9 -msgid "Navigate to menu:Audit[Subscription Matching] to see the report." +#: modules/administration/pages/content-lifecycle-examples.adoc:46 +#: modules/administration/pages/content-lifecycle-examples.adoc:99 +#: modules/administration/pages/content-lifecycle-examples.adoc:128 +msgid "Navigate to menu:Content Lifecycle[Projects] and select your project." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:11 +#: modules/administration/pages/content-lifecycle-examples.adoc:47 msgid "" -"The [guimenu]``Subscriptions Report`` tab gives information about current " -"and expiring subscriptions." +"Click btn:[Attach/Detach Filters] link, select [guimenu]``Exclude openjdk " +"patch``, and click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:15 +#: modules/administration/pages/content-lifecycle-examples.adoc:48 msgid "" -"The [guimenu]``Unmatched Products Report`` tab gives a list of clients that " -"do not have a current subscription. This includes clients that could not be " -"matched, or that are not currently registered with {productname}. The " -"report includes product names and the number of systems that remain " -"unmatched." +"When you rebuild the project with the btn:[Build] button, the new filter is " +"used together with the [guimenu]``by date`` filter we added before." msgstr "" -#. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:18 -msgid "" -"The [guimenu]``Pins`` tab allows you to associate individual clients to the " -"relevant subscription. This is especially useful if the subscription " -"manager is not automatically associating clients to subscriptions " -"successfully." +#. type: Title === +#: modules/administration/pages/content-lifecycle-examples.adoc:49 +#, no-wrap +msgid "Including a Patch in the Project" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:20 +#: modules/administration/pages/content-lifecycle-examples.adoc:50 msgid "" -"The [guimenu]``Messages`` tab shows any errors that occurred during the " -"matching process." +"In this example, you have received a security alert. An important security " +"patch was released several days after the first of the month you are " +"currently working on. The name of the new patch is ``SUSE-15-2019-2071``. " +"You need to include this new patch into your environment." msgstr "" -#. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:22 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:51 msgid "" -"You can also download the reports in .csv format, or access them from that " -"command prompt in the [path]``/var/lib/spacewalk/subscription-matcher/`` " -"directory." +"The [guimenu]``Allow`` filters rule overrides the exclude function of the " +"[guimenu]``Deny`` filter rule. For more information, see xref:" +"administration:content-lifecycle.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:26 -msgid "" -"By default, the subscription matcher runs daily, at midnight. To change " -"this, navigate to menu:Admin[Task Schedules] and click ``gatherer-matcher-" -"default``. Change the schedule as required, and click btn:[Update Schedule]." +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:52 +#, no-wrap +msgid "Procedure: Including a Patch in a Project" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:30 -msgid "" -"Because the report can only match current clients with current " -"subscriptions, you might find that the matches change over time. The same " -"client will not always match the same subscription. This can be due to new " -"clients being registered or unregistered, or because of the addition or " -"expiration of subscriptions." +#: modules/administration/pages/content-lifecycle-examples.adoc:54 +msgid "In the [guimenu]``Filter Name`` field, type a name for the filter." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:34 -msgid "" -"The subscription matcher will automatically attempt to reduce the number of " -"unmatched products, limited by the terms and conditions of the subscriptions " -"in your account. However, if you have incomplete hardware information, " -"unknown virtual machine host assignments, or clients running in unknown " -"public clouds, the matcher might show that you do not have enough " -"subscriptions available. Always ensure you have complete data about your " -"clients included in {productname}, to help ensure accuracy." +#: modules/administration/pages/content-lifecycle-examples.adoc:55 +msgid "For example, [systemitem]``Include kernel security fix``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/subscription-matching.adoc:40 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:58 msgid "" -"The subscription matcher will not always match clients and subscriptions " -"accurately. It is not intended to be a replacement for auditing." +"In the [guimenu]``Advisory Name`` field, type " +"[guimenu]``SUSE-15-2019-2071``, and check [guimenu]``Allow``." msgstr "" -#. type: Title == -#: modules/administration/pages/subscription-matching.adoc:44 -#, no-wrap -msgid "Pin Clients to Subscriptions" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:59 +#: modules/administration/pages/content-lifecycle-examples.adoc:98 +msgid "Click btn:[Save] to store the filter." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:49 +#: modules/administration/pages/content-lifecycle-examples.adoc:60 msgid "" -"If the subscription matcher is not automatically matching a particular " -"client with the correct subscription, you can manually pin them. When you " -"have created a pin, the subscription matcher favors matching a specific " -"subscription with a given system or group of systems." +"Navigate to menu:Content Lifecycle[Projects] and select your project from " +"the list." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:53 +#: modules/administration/pages/content-lifecycle-examples.adoc:61 msgid "" -"However, the matcher will not always respect a pin. It depends on the " -"subscription being available, and whether or not the subscription can be " -"applied to the client. Additionally, pins will be ignored if they result in " -"a match that violates the terms and conditions of the subscription, or if " -"the matcher detects a more accurate match if the pin is ignored." +"Click btn:[Attach/Detach Filters], and select [guimenu]``Include kernel " +"security patch``." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:55 -msgid "To add a new pin, click btn:[Add a Pin], and select the client to pin." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/subscription-matching.adoc:60 -msgid "" -"We do not recommend using pinning regularly, or for a large number of " -"clients. The subscription matcher tool is generally accurate enough for " -"most installations." +#: modules/administration/pages/content-lifecycle-examples.adoc:63 +msgid "Click btn:[Build] to rebuild the environment." msgstr "" -#. type: Title = -#: modules/administration/pages/ssl-certs-imported.adoc:2 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:64 #, no-wrap -msgid "Import SSL Certificates" +msgid "Update an Existing Monthly Patch Cycle" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:6 +#: modules/administration/pages/content-lifecycle-examples.adoc:65 msgid "" -"By default, {productname} uses a self-signed certificate. For additional " -"security, you can import a custom certificate, signed by a third party " -"certificate authority (CA)." +"When a monthly patch cycle is complete, you can update the patch cycle for " +"the next month." +msgstr "" + +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:66 +#, no-wrap +msgid "Procedure: Updating a Monthly Patch Cycle" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:8 +#: modules/administration/pages/content-lifecycle-examples.adoc:67 msgid "" -"This section covers how to use an imported SSL certificate with a new " -"{productname} installation, and how to replace existing self-signed " -"certificates with imported certificates." +"In the [guimenu]``by date`` field, change the date of the filter to the next " +"month." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:10 -msgid "Before you begin, ensure you have:" +#: modules/administration/pages/content-lifecycle-examples.adoc:68 +msgid "" +"Alternatively, create a new filter and change the assignment to the project." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:12 -msgid "A certificate authority (CA) SSL public certificate" +#: modules/administration/pages/content-lifecycle-examples.adoc:69 +msgid "" +"Check if the exclude filter for ``SUSE-15-2019-1807`` can be detached from " +"the project." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:13 -msgid "An SSL server key" +#: modules/administration/pages/content-lifecycle-examples.adoc:70 +msgid "There may be a new patch available to fix this issue." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:14 -msgid "An SSL server certificate" +#: modules/administration/pages/content-lifecycle-examples.adoc:71 +msgid "Detach the ``allow`` filter you added previously." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:16 -msgid "Your key and certificate files must be in PEM format." +#: modules/administration/pages/content-lifecycle-examples.adoc:72 +msgid "The patch is included by default." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:20 +#: modules/administration/pages/content-lifecycle-examples.adoc:73 msgid "" -"The host name of the SSL keys and certificates must match the fully " -"qualified host name of the machine you deploy them on. You can set the host " -"names in the ``X509v3 Subject Alternative Name`` section of the " -"certificate. You can also list multiple host names if your environment " -"requires it." +"Rebuild the project to create a new environment with patches for the next " +"month." msgstr "" #. type: Title == -#: modules/administration/pages/ssl-certs-imported.adoc:23 +#: modules/administration/pages/content-lifecycle-examples.adoc:74 #, no-wrap -msgid "Import Certificates for New Installations" +msgid "Enhance a Project with Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:27 +#: modules/administration/pages/content-lifecycle-examples.adoc:75 msgid "" -"By default, {productname} uses a self-signed certificate. After you have " -"completed the initial setup, you can replace the default certificate with an " -"imported certificate." +"This section covers setting up filters to create environments for live " +"patching." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:76 +msgid "" +"When you are preparing to use live patching, there are some important " +"considerations" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:77 +msgid "Only ever use one kernel version on your systems." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:78 +msgid "The live patching packages are installed with a specific kernel." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-imported.adoc:30 -#, no-wrap -msgid "Procedure: Import Certificates on a New {productname} Server" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:79 +msgid "Live patching updates are shipped as one patch." msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:33 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:80 msgid "" -"Install the {productname} Server according to the instructions in xref:" -"installation:install-intro.adoc[]." +"Each kernel patch that begins a new series of live patching kernels will " +"display the ``required reboot`` flag." msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:34 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:81 msgid "" -"Complete the initial setup according to xref:installation:server-setup." -"adoc[]." +"These kernel patches come with live patching tools. When you have installed " +"them, you will need to reboot the system at least once before the next year." msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:35 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:82 msgid "" -"At the command prompt, point the SSL environment variables to the " -"certificate file locations:" +"Only install live patch updates that match the installed kernel version." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:40 -#, no-wrap -msgid "" -"export CA_CERT=\n" -"export SERVER_KEY=\n" -"export SERVER_CERT=\n" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:83 +msgid "Live patches are provided as stand-alone patches." msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:42 -msgid "Complete {productname} setup:" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:84 +msgid "" +"You must exclude all regular kernel patches with higher kernel version than " +"the currently installed one." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:45 +#. type: Title === +#: modules/administration/pages/content-lifecycle-examples.adoc:85 #, no-wrap -msgid "yast susemanager_setup\n" +msgid "Exclude Packages with a Higher Kernel Version" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:49 +#: modules/administration/pages/content-lifecycle-examples.adoc:86 msgid "" -"When you are prompted for certificate details during setup, fill in random " -"values. The values will be overridden by the values you specified at the " -"command prompt." +"In this example you update your systems with the ``SUSE-15-2019-1244`` " +"patch. This patch contains ``kernel-default-4.12.14-150.17.1-x86_64``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/ssl-certs-imported.adoc:53 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:87 msgid "" -"Execute the [command]``yast susemanager_setup`` command from the same shell " -"you exported the environment variables from." +"You need to exclude all patches which contain a higher version of ``kernel-" +"default``." msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-imported.adoc:57 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:88 #, no-wrap -msgid "Import Certificates for New Proxy Installations" +msgid "Procedure: Excluding Packages with a Higher Kernel Version" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:61 +#: modules/administration/pages/content-lifecycle-examples.adoc:89 msgid "" -"By default, {productname} Proxy uses a self-signed certificate. After you " -"have completed the initial setup, you can replace the default certificate " -"with an imported certificate." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters], " +"and click btn:[Create Filter]." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-imported.adoc:65 -#, no-wrap -msgid "Procedure: Import Certificates on a New {productname} Proxy" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:91 +msgid "" +"For example, [systemitem]``Exclude kernel greater than 4.12.14-150.17.1``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:68 +#: modules/administration/pages/content-lifecycle-examples.adoc:92 msgid "" -"Install the {productname} Proxy according to the instructions in xref:" -"installation:install-intro.adoc[]." +"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Contains " +"Package)``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:69 +#: modules/administration/pages/content-lifecycle-examples.adoc:93 msgid "" -"Complete the initial setup according to xref:installation:proxy-setup.adoc[]." +"In the [guimenu]``Matcher`` field, select [guimenu]``version greater than``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:70 -msgid "At the command prompt, run:" +#: modules/administration/pages/content-lifecycle-examples.adoc:94 +msgid "" +"In the [guimenu]``Package Name`` field, type [systemitem]``kernel-default``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:73 -#, no-wrap -msgid "configure-proxy.sh\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:95 +msgid "Leave the the [guimenu]``Epoch`` field empty." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:75 -msgid "" -"At the ``Do you want to import existing certificates?`` prompt, type kbd:[y]." +#: modules/administration/pages/content-lifecycle-examples.adoc:96 +msgid "In the [guimenu]``Version`` field, type [systemitem]``4.12.14``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:76 -msgid "Follow the prompts to complete setup." +#: modules/administration/pages/content-lifecycle-examples.adoc:97 +msgid "In the [guimenu]``Release`` field, type [systemitem]``150.17.1``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/ssl-certs-imported.adoc:82 -msgid "" -"Use the same certificate authority to sign all server certificates for " -"servers and proxies. Certificates signed with different CAs will not match." +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:100 +#: modules/administration/pages/content-lifecycle.adoc:20 +msgid "Click btn:[Attach/Detach Filters]." msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-imported.adoc:86 -#, no-wrap -msgid "Replace Certificates with a Third Party Certificate" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:101 +msgid "" +"Select [guimenu]``Exclude kernel greater than 4.12.14-150.17.1``, and click " +"btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:90 +#: modules/administration/pages/content-lifecycle-examples.adoc:102 msgid "" -"You can replace active certificates on your {productname} installation with " -"a new third party certificate. To replace the certificates, you can replace " -"the installed CA certificate RPM with a new RPM containing the third party " -"certificate, and then update the database." +"When you click btn:[Build], a new environment is created. The new " +"environment contains all the kernel patches up to the version you installed." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:93 +#: modules/administration/pages/content-lifecycle-examples.adoc:103 msgid "" -"This procedure is similar to the one described in xref:administration:ssl-" -"certs-selfsigned.adoc#ssl-certs-selfsigned-create-replace[]. The difference " -"is that we import the certificates generated by an external PKI." +"All kernel patches with higher kernel versions are removed. Live patching " +"kernels will stay available as long as they are not the first in a series." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-imported.adoc:96 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:104 #, no-wrap -msgid "Procedure: Replacing Existing Certificates" +msgid "Switch to a New Kernel Version for Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:99 +#: modules/administration/pages/content-lifecycle-examples.adoc:105 msgid "" -"On the {productname} Server, at the command prompt, move the old certificate " -"directory to a backup location:" +"Live Patching for a specific kernel version is only available for one year. " +"After one year you must update the kernel on your systems. Execute these " +"environment changes:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:102 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:106 #, no-wrap -msgid "mv /root/ssl-build /root/old-ssl-build\n" +msgid "Procedure: Switch to a New Kernel Version" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:105 -msgid "Generate a CA certificate RPM from the new certificate:" +#: modules/administration/pages/content-lifecycle-examples.adoc:107 +msgid "Decide which kernel version you will upgrade to." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:108 -#, no-wrap -msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\" --from-ca-cert=\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:108 +msgid "For example: `4.12.14-150.32.1`" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:111 -msgid "Generate a new server certificate RPM:" +#: modules/administration/pages/content-lifecycle-examples.adoc:109 +msgid "Create a new kernel version Filter." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:114 -#, no-wrap -msgid "rhn-ssl-tool --gen-server --rpm-only --dir=\"/root/ssl-build\" --from-server-key= --from-server-cert=\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:110 +msgid "" +"Detach the previous filter **Exclude kernel greater than 4.12.14-150.17.1** " +"and attach the new filter." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:120 +#: modules/administration/pages/content-lifecycle-examples.adoc:111 msgid "" -"When you create the new server certificate RPM, you might get a warning that " -"server certificate request file could not be found. This file is not " -"required, and the procedure will complete correctly without it. However, if " -"you want to avoid the error, you can copy the file into the server " -"directory, and name it [path]``server.csr``:" +"Click btn:[Build] to rebuild the environment. The new environment contains " +"all kernel patches up to the new kernel version you selected. Systems using " +"these channels will have the kernel update available for installation. You " +"will need to reboot systems after they have performed the upgrade. The new " +"kernel will remain valid for one year. All packages installed during the " +"year will match the current live patching kernel filter." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:123 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:112 #, no-wrap -msgid "cp .csr /root/ssl-build//server.csr\n" +msgid "AppStream Filters" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:128 -msgid "" -"When you have created the new [path]``ssl-build`` directory, you can create " -"combined certificate RPMs and deploy them on the clients. For the " -"procedures to do this, see xref:administration:ssl-certs-selfsigned.adoc[]." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:130 +#: modules/administration/pages/content-lifecycle-examples.adoc:113 msgid "" -"If you are using a proxy, you will need to generate a server certificate RPM " -"for each proxy, using their host names and cnames." -msgstr "" - -#. type: Title = -#: modules/administration/pages/ssl-certs-selfsigned.adoc:2 -#, no-wrap -msgid "Self-Signed SSL Certificates" +"If you are using {rhel}{nbsp}8 clients, you cannot perform package " +"operations such as installing or upgrading directly from modular " +"repositories like the {rhel} AppStream repository. You can use the " +"AppStream filter to transform modular repositories into regular " +"repositories. It does this by keeping the packages in the repository and " +"stripping away the module metadata. The resulting repository can be used in " +"{productname} in the same way as a regular repository." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:9 +#: modules/administration/pages/content-lifecycle-examples.adoc:114 msgid "" -"By default, {productname} uses a self-signed certificate. In this case, the " -"certificate is created and signed by {productname}. This method does not " -"use an independent certificate authority to guarantee that the details of " -"the certificate are correct. Third party CAs perform checks to ensure that " -"the information contained in the certificate is correct. For more on third " -"party CAs, see xref:administration:ssl-certs-imported.adoc[]." +"The AppStream filter selects a single module stream to be included in the " +"target repository. You can add multiple filters to select multiple module " +"streams." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:14 +#: modules/administration/pages/content-lifecycle-examples.adoc:115 msgid "" -"This section covers how to re-create your self-signed certificates on an " -"existing installation. It also covers how to create new self-signed " -"certificates and authenticate your existing clients to the new certificate, " -"using an intermediate certificate. Intermediate certificates merge the " -"intermediate and root CA certificates into one file. Ensure that the " -"intermediate certificate comes first in the combined file." +"If you do not use an AppStream filter in your CLM project, the module " +"metadata in the modular sources remains intact, and the target repositories " +"contain the same module metadata. As long as at least one AppStream filter " +"is enabled in the CLM project, all target repositories are transformed into " +"regular repositories." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:16 +#: modules/administration/pages/content-lifecycle-examples.adoc:116 msgid "" -"The host name of the SSL keys and certificates must match the fully " -"qualified host name of the machine you deploy them on." +"To use the AppStream filter, you need a CLM project with a modular " +"repository such as ``{rhel} AppStream``. Ensure that you included the " +"module you need as a source before you begin." msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-selfsigned.adoc:19 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:117 #, no-wrap -msgid "Re-Create Existing Server Certificates" +msgid "Procedure: Using AppStream Filters" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:22 +#: modules/administration/pages/content-lifecycle-examples.adoc:118 +#: modules/administration/pages/content-lifecycle-examples.adoc:132 msgid "" -"If your existing certificates have expired or stopped working for any " -"reason, you can generate a new server certificate from the existing CA." +"In the {productname} {webui}, navigate to your {rhel}{nbsp}8 CLM project." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:23 -#, no-wrap -msgid "Procedure: Re-Creating an Existing Server Certificate" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:119 +#: modules/administration/pages/content-lifecycle-examples.adoc:133 +msgid "Ensure that you have included the AppStream channels for your project." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:26 -msgid "" -"On the {productname} Server, at the command prompt, regenerate the server " -"certificate:" +#: modules/administration/pages/content-lifecycle-examples.adoc:120 +#: modules/administration/pages/content-lifecycle-examples.adoc:134 +msgid "Click btn:``Create Filter`` and use these parameters:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:32 -#, no-wrap -msgid "" -"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" -"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" -"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" -"--set-hostname=\"susemanager.example.com\" --set-cname=\"example.com\"\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:121 +#: modules/administration/pages/content-lifecycle-examples.adoc:135 +msgid "In the [guimenu]``Filter Name`` field, type a name for the new filter." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:35 -#: modules/administration/pages/ssl-certs-selfsigned.adoc:92 +#: modules/administration/pages/content-lifecycle-examples.adoc:122 +#: modules/administration/pages/content-lifecycle-examples.adoc:136 msgid "" -"Ensure that the [systemitem]``set-cname`` parameter is the fully-qualified " -"domain name of your {productname} Server. You can use the the " -"[systemitem]``set-cname`` parameter multiple times if you require multiple " -"aliases." +"In the [guimenu]``Filter Type`` field, select [parameter]``Module (Stream)``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:38 -msgid "" -"Install the RPM that contains the newly generated certificate. Check that " -"you have the latest version of the RPM before running this command. The " -"version number is incremented every time you re-create the certificates." +#: modules/administration/pages/content-lifecycle-examples.adoc:123 +msgid "In the [guimenu]``Module Name`` field, type a module name." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:41 -#, no-wrap -msgid "rpm -Uhv /root/ssl-build/lnx0259a/rhn-org-httpd-ssl-key-pair-lnx0259a-1.0-2.noarch.rpm\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:124 +msgid "For example, [parameter]``postgresql``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:43 -#: modules/administration/pages/ssl-certs-selfsigned.adoc:180 -#: modules/administration/pages/ssl-certs-selfsigned.adoc:212 -msgid "Restart services to pick up the changes:" +#: modules/administration/pages/content-lifecycle-examples.adoc:125 +msgid "In the [guimenu]``Stream`` field, type the name of the desired stream." msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-selfsigned.adoc:51 -#, no-wrap -msgid "Create and Replace CA and Server Certificates" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:126 +msgid "" +"For example, [parameter]``10``. If you leave this field blank, the default " +"stream for the module is selected." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:57 +#: modules/administration/pages/content-lifecycle-examples.adoc:127 +msgid "Click btn:[Save] to create the new filter." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:129 msgid "" -"If you need to create entirely new certificates for an existing " -"installation, you need to create a combined certificate first. Clients will " -"authenticate to the certificate with both the old and new details. Then you " -"can go ahead and remove the old details. This maintains the chain of trust." +"Click btn:``Attach/Detach Filters``, select your new AppStream filter, and " +"click btn:[Save]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/ssl-certs-selfsigned.adoc:63 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:130 msgid "" -"Be careful with this procedure! It is possible to break the trust chain " -"between the server and clients using this procedure. If that happens, you " -"will need an administrative user to log in to every client and deploy the CA " -"directly." +"You can use the browse function in the ``Create/Edit Filter`` form to select " +"a module from a list of available module streams for a modular channel." msgstr "" #. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:67 +#: modules/administration/pages/content-lifecycle-examples.adoc:131 #, no-wrap -msgid "Procedure: Creating New Certificates" +msgid "Procedure: Browsing Available Module Streams" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:70 -msgid "" -"On the {productname} Server, at the command prompt, move the old certificate " -"directory to a new location:" +#: modules/administration/pages/content-lifecycle-examples.adoc:137 +msgid "Click ``Browse available modules`` to see all modular channels." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:75 -msgid "Generate a new CA certificate and create an RPM:" +#: modules/administration/pages/content-lifecycle-examples.adoc:138 +msgid "Select a channel to browse the modules and streams:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:81 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:139 msgid "" -"rhn-ssl-tool --gen-ca --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" -"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" -"--set-org-unit=\"ORGANIZATION UNIT\" --set-common-name=\"SUSE Manager CA Certificate\" \\\n" -"--set-email=\"name@example.com\"\n" +"In the [guimenu]``Module Name`` field, start typing a module name to search, " +"or select from the list." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:83 -msgid "Generate a new server certificate and create an RPM:" +#: modules/administration/pages/content-lifecycle-examples.adoc:140 +msgid "" +"In the [guimenu]``Stream`` field, start typing a stream name to search, or " +"select from the list." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:89 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:141 msgid "" -"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" -"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" -"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" -"--set-hostname=\"susemanager.example.top\" --set-cname=\"example.com\"\n" +"Channel selection is only for browsing modules. The selected channel will " +"not be saved with the filter, and will not affect the CLM process in any way." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:94 +#: modules/administration/pages/content-lifecycle-examples.adoc:142 msgid "" -"You will need to generate a server certificate RPM for each proxy, using " -"their host names and cnames." +"You can create additional AppStream filters for any other module stream to " +"be included in the target repository. Any module streams that the selected " +"stream depends on will be automatically included." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:143 +msgid "" +"Be careful not to specify conflicting, incompatible, or missing module " +"streams. For example, selecting two streams from the same module is invalid." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:97 +#: modules/administration/pages/content-lifecycle-examples.adoc:144 msgid "" -"When you have new certificates, you can create the combined RPMs to " -"authenticate the clients." +"When you build your CLM project using the btn:[Build] button in the {webui}, " +"the target repository is a regular repository without any modules, that " +"contains packages from the selected module streams." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:100 +#. This feature is mandatory to make RHEL/CentOS 8 modular repositories work +#. in the SUMA UI. Otherwise, even though modular repositories can be synced +#. and assigned to clients, they cannot be used for package operations +#. (install, update, etc.) from SUMA UI (An info message is shown in the UI if +#. that's the case). In that case, the package operations can only be done +#. from the client's CLI manually. +#. type: Title = +#: modules/administration/pages/content-lifecycle.adoc:1 #, no-wrap -msgid "Procedure: Create Combined Certificate RPMs" +msgid "Content Lifecycle Management" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:102 +#: modules/administration/pages/content-lifecycle.adoc:2 msgid "" -"Create a new CA file that combines the old and new certificate details, and " -"generate a new RPM:" +"Content lifecycle management allows you to customize and test packages " +"before updating production clients. This is especially useful if you need " +"to apply updates during a limited maintenance window." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:109 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:3 msgid "" -"mkdir /root/combined-ssl-build\n" -"cp /root/old-ssl-build/RHN-ORG-TRUSTED-SSL-CERT /root/combined-ssl-build/\n" -"cat /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT >> /root/combined-ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" -"cp /root/old-ssl-build/*.rpm /root/combined-ssl-build/\n" -"rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/combined-ssl-build\"\n" +"Content lifecycle management allows you to select software channels as " +"sources, adjust them as required for your environment, and thoroughly test " +"them before installing onto your production clients." msgstr "" -#. I would like to split up these steps, I think. LKB 2019-09-10 #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:112 -msgid "Deploy the CA certificate on the server:" +#: modules/administration/pages/content-lifecycle.adoc:4 +msgid "" +"While you cannot directly modify vendor channels, you can clone them and " +"then modify the clones by adding or removing packages and custom patches. " +"You can assign these cloned channels to test clients to ensure they work as " +"expected. Then, when all tests pass, you can promote them to production " +"servers." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:116 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:5 msgid "" -"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/combined-ssl-build \\\n" -"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" +"This is achieved through a series of environments that your software " +"channels can move through on their lifecycle. Most environment lifecycles " +"include at least test and production environments, but you can have as many " +"environments as you require." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:119 +#: modules/administration/pages/content-lifecycle.adoc:6 msgid "" -"When you have the combined RPMs, you can deploy the combined CA certificates " -"to your clients." +"This section covers the basic content lifecycle procedures, and the filters " +"available. For more specific examples, see xref:administration:content-" +"lifecycle-examples.adoc[]." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:122 +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:7 #, no-wrap -msgid "Procedure: Deploying Combined Certificates on Traditional Clients" +msgid "Create a Content Lifecycle Project" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:125 -msgid "On the client, create a new custom channel using these details:" +#: modules/administration/pages/content-lifecycle.adoc:8 +msgid "" +"To set up a content lifecycle, you need to begin with a project. The " +"project defines the software channel sources, the filters used to find " +"packages, and the build environments." +msgstr "" + +#. type: Block title +#: modules/administration/pages/content-lifecycle.adoc:9 +#, no-wrap +msgid "Procedure: Creating a Content Lifecycle Project" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:127 -msgid "Name: SSL-CA-Channel" +#: modules/administration/pages/content-lifecycle.adoc:10 +msgid "" +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " +"and click btn:[Create Project]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:128 -msgid "Label: ssl-ca-channel" +#: modules/administration/pages/content-lifecycle.adoc:11 +msgid "In the [guimenu]``Label`` field, enter a label for your project." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:129 -msgid "Parent Channel: " +#: modules/administration/pages/content-lifecycle.adoc:12 +msgid "" +"The [guimenu]``Label`` field only accepts lowercase letters, numbers, " +"periods, hyphens, and underscores." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:130 -msgid "Summary: SSL-CA-Channel" +#: modules/administration/pages/content-lifecycle.adoc:13 +msgid "" +"In the [guimenu]``Name`` field, enter a descriptive name for your project." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:133 +#: modules/administration/pages/content-lifecycle.adoc:14 msgid "" -"For more on creating custom channels, see xref:administration:channel-" -"management.adoc[]." +"Click the btn:[Create] button to create your project and return to the " +"project page." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:134 -msgid "Upload the CA certificate RPM to the channel:" +#: modules/administration/pages/content-lifecycle.adoc:15 +msgid "Click btn:[Attach/Detach Sources]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:139 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:16 msgid "" -"rhnpush -c ssl-ca-channel --nosig \\\n" -"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" -"/root/combined-ssl-build/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm\n" +"In the [guimenu]``Sources`` dialog, select the source type, and select a " +"base channel for your project." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:141 -msgid "Subscribe all clients to the new ``SSL-CA-Channel`` channel." +#: modules/administration/pages/content-lifecycle.adoc:17 +msgid "" +"The available child channels for the selected base channel are displayed, " +"including information on whether the channel is mandatory or recommended." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:142 -msgid "Install the CA certificate RPM on all clients by updating the channel." +#: modules/administration/pages/content-lifecycle.adoc:18 +msgid "" +"Check the child channels you require, and click btn:[Save] to return to the " +"project page." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:145 -#, no-wrap -msgid "Procedure: Deploying Combined Certificates on Salt Clients" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:19 +msgid "The software channels you selected should now be showing." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:148 -msgid "In the {productname} {webui}, navigate to menu:Systems[Overview]." +#: modules/administration/pages/content-lifecycle.adoc:21 +msgid "" +"In the [guimenu]``Filters`` dialog, select the filters you want to attach to " +"the project." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:149 -msgid "" -"Check all your Salt Clients to add them to the System Set Manager (SSM)." +#: modules/administration/pages/content-lifecycle.adoc:22 +msgid "To create a new filter, click btn:[Create new Filter]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:150 -msgid "Navigate to menu:Systems[System Set Manager > Overview]." +#: modules/administration/pages/content-lifecycle.adoc:23 +msgid "Click btn:[Add Environment]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:151 +#: modules/administration/pages/content-lifecycle.adoc:24 msgid "" -"In the [guimenu]``States`` field, click btn:[Apply] to apply the system " -"states." +"In the [guimenu]``Environment Lifecycle`` dialog, give the first environment " +"a name and a description, and click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:152 +#: modules/administration/pages/content-lifecycle.adoc:25 msgid "" -"In the [guimenu]``Highstate`` page, click btn:[Apply Highstate] to propagate " -"the changes to the clients." +"The [guimenu]``Name`` field only accepts lowercase letters, numbers, " +"periods, hyphens, and underscores." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:154 +#: modules/administration/pages/content-lifecycle.adoc:26 msgid "" -"When you have every client trusting both the old and new certificates, you " -"can go ahead and replace the server certificate on the {productname} Server " -"and Proxies." +"Continue creating environments until you have all the environments for your " +"lifecycle completed." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:157 +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:27 +msgid "" +"You can select the order of the environments in the lifecycle by selecting " +"an environment in the [guimenu]``Insert before`` field when you create it." +msgstr "" + +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:28 #, no-wrap -msgid "Procedure: Replace Server Certificate on the Server" +msgid "Filter Types" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:160 +#: modules/administration/pages/content-lifecycle.adoc:29 msgid "" -"On the {productname} Server, at the command prompt, install the RPM from the " -"[path]``ssl-build`` directory:" +"{productname} allows you to create various types of filters to control the " +"content used for building the project. Filters allow you to select which " +"packages will be included or excluded from the build. For example, you " +"could exclude all kernel packages, or include only specific releases of some " +"packages." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:163 -#, no-wrap -msgid "rpm -Uhv ssl-build/susemanager/rhn-org-httpd-ssl-key-pair-susemanager-1.0-2.noarch.rpm\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:30 +msgid "The supported filters are:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:165 -msgid "Restart services to pick the changes:" +#: modules/administration/pages/content-lifecycle.adoc:31 +msgid "package filtering" msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:172 -#, no-wrap -msgid "Procedure: Replace Server Certificate on the Proxy" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:32 +msgid "by name" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:175 -msgid "" -"On the {productname} Proxy, at the command prompt, install the RPM from the " -"[path]``ssl-build`` directory:" +#: modules/administration/pages/content-lifecycle.adoc:33 +msgid "by name, epoch, version, release, and architecture" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:178 -#, no-wrap -msgid "rpm -Uhv ssl-build/susemanager-proxy/rhn-org-httpd-ssl-key-pair-susemanager-proxy-1.0-2.noarch.rpm\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:34 +msgid "patch filtering" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:35 +msgid "by advisory name" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:36 +msgid "by advisory type" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:37 +msgid "by synopsis" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:183 -#, no-wrap -msgid "rhn-proxy restart\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:38 +msgid "by keyword" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:185 -msgid "" -"Test that all clients still operate as expected and can use SSL to reach the " -"{productname} Server and any proxies." +#: modules/administration/pages/content-lifecycle.adoc:39 +msgid "by date" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:189 -msgid "" -"When you have replaced the server certificates on your server and any " -"proxies, you need to update the certificate with only the new details on all " -"the clients. This is done by adding it to the client channels you set up " -"previously." +#: modules/administration/pages/content-lifecycle.adoc:40 +msgid "by affected package" msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:192 -#, no-wrap -msgid "Procedure: Adding the New Certificates to the Client Channel" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:41 +msgid "module" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:195 -msgid "" -"Copy the combined certificate RPM into the [path]``/root/ssl-build/`` " -"directory:" +#: modules/administration/pages/content-lifecycle.adoc:42 +msgid "by stream" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:198 -#, no-wrap -msgid "cp /root/combined-ssl-build/*.rpm /root/ssl-build/\n" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:43 +msgid "Package dependencies are not resolved during content filtering." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:201 +#: modules/administration/pages/content-lifecycle.adoc:44 msgid "" -"Generate a new RPM with from the new certificates. Check the release number " -"carefully to ensure you have the right certificate file:" +"There are multiple matchers you can use with the filter. Which ones are " +"available will depend on the filter type you choose." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:204 -#, no-wrap -msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\"\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:45 +msgid "The available matchers are:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:206 -msgid "Install the new local certificates on the {productname} Server:" +#: modules/administration/pages/content-lifecycle.adoc:46 +msgid "contains" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:210 -#, no-wrap -msgid "" -"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/ssl-build \\\n" -"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:47 +msgid "matches (must take the form of a regular expression)" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:217 -msgid "Upload the new RPM into the channel:" +#: modules/administration/pages/content-lifecycle.adoc:48 +msgid "equals" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:222 -#, no-wrap -msgid "" -"rhnpush -c ssl-ca-channel --nosig \\\n" -"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" -"/root/ssl-build/rhn-org-trusted-ssl-cert-1.0-3.noarch.rpm\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:49 +msgid "greater" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:227 -msgid "" -"When you have the new certificate in the channel, you can use the " -"{productname} {webui} to update it on all clients and proxies, by " -"synchronizing them with the channel. Alternatively, for Salt clients, you " -"can use menu:Salt[Remote Commands], or apply the highstate." +#: modules/administration/pages/content-lifecycle.adoc:50 +msgid "greater or equal" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:232 -msgid "" -"You will also need to update your proxies to remove the copy of the " -"certificate and the associated RPM. Your proxies must have the same " -"certificate content as the server. Check the [path]``/srv/www/htdocs/pub/`` " -"directory and ensure it contains:" +#: modules/administration/pages/content-lifecycle.adoc:51 +msgid "lower or equal" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:236 -#, no-wrap -msgid "" -"RHN-ORG-TRUSTED-SSL-CERT\n" -"rhn-org-trusted-ssl-cert-*.noarch.rpm\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:52 +msgid "lower" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:239 -msgid "" -"To complete the process, you need to update the database with this command:" +#: modules/administration/pages/content-lifecycle.adoc:53 +msgid "later or equal" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:242 +#. type: Title === +#: modules/administration/pages/content-lifecycle.adoc:54 #, no-wrap -msgid "/usr/bin/rhn-ssl-dbstore --ca-cert=/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" +msgid "Filter ``rule`` Parameter" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:244 +#: modules/administration/pages/content-lifecycle.adoc:55 msgid "" -"If you use bootstrap, remember to also update your bootstrap scripts to " -"reflect the new certificate information." -msgstr "" - -#. type: Title = -#: modules/administration/pages/content-lifecycle.adoc:2 -#, no-wrap -msgid "Content Lifecycle Management" +"Each filter has a ``rule`` parameter that can be set to either ``Allow`` or " +"``Deny``. The filters are processed like this:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:6 +#: modules/administration/pages/content-lifecycle.adoc:56 msgid "" -"Content lifecycle management allows you to customize and test packages " -"before updating production clients. This is especially useful if you need " -"to apply updates during a limited maintenance window." +"If a package or patch satisfies a ``Deny`` filter, it will be excluded from " +"the result." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:8 +#: modules/administration/pages/content-lifecycle.adoc:57 msgid "" -"Content lifecycle management allows you to select software channels as " -"sources, adjust them as required for your environment, and thoroughly test " -"them before installing onto your production clients." +"If a package or patch satisfies an ``Allow`` filter, it will be included in " +"the result (even if it was excluded by a ``Deny`` filter)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:12 +#: modules/administration/pages/content-lifecycle.adoc:58 msgid "" -"While you cannot directly modify vendor channels, you can clone them and " -"then modify the clones by adding or removing packages and custom patches. " -"You can assign these cloned channels to test clients to ensure they work as " -"expected. Then, when all tests pass, you can promote them to production " -"servers." +"This behavior is useful when you want to exclude large number of packages or " +"patches using a general ``Deny`` filter and \"cherry-pick\" specific " +"packages or patches with specific ``Allow`` filters." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:15 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:59 msgid "" -"This is achieved through a series of environments that your software " -"channels can move through on their lifecycle. Most environment lifecycles " -"include at least test and production environments, but you can have as many " -"environments as you require." +"Content filters are global in your organization and can be shared between " +"projects." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:18 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:60 msgid "" -"This section covers the basic content lifecycle procedures, and the filters " -"available. For more specific examples, see xref:administration:content-" -"lifecycle-examples.adoc[]." +"If your project already contains built sources, when you add an environment " +"it will automatically populate with the existing content. Content will be " +"drawn from the previous environment of the cycle if it had one. If there is " +"no previous environment, it will be left empty until the project sources are " +"built again." msgstr "" #. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:21 +#: modules/administration/pages/content-lifecycle.adoc:61 #, no-wrap -msgid "Create a Content Lifecycle Project" +msgid "Build a Content Lifecycle Project" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:25 +#: modules/administration/pages/content-lifecycle.adoc:62 msgid "" -"To set up a content lifecycle, you need to begin with a project. The " -"project defines the software channel sources, the filters used to find " -"packages, and the build environments." -msgstr "" - -#. type: Block title -#: modules/administration/pages/content-lifecycle.adoc:26 -#, no-wrap -msgid "Procedure: Creating a Content Lifecycle Project" +"When you have created your project, defined environments, and attached " +"sources and filters, you can build the project for the first time." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:28 +#: modules/administration/pages/content-lifecycle.adoc:63 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " -"and click btn:[Create Project]." +"Building applies filters to the attached sources and clones them to the " +"first environment in the project." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:30 -msgid "" -"In the [guimenu]``Label`` field, enter a label for your project. The " -"[guimenu]``Label`` field only accepts lowercase letters, numbers, periods, " -"hyphens, and underscores." +#. type: Block title +#: modules/administration/pages/content-lifecycle.adoc:64 +#, no-wrap +msgid "Procedure: Building a Content Lifecycle Project" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:31 +#: modules/administration/pages/content-lifecycle.adoc:65 msgid "" -"In the [guimenu]``Name`` field, enter a descriptive name for your project." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " +"and select the project you want to build." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:32 -msgid "" -"Click the btn:[Create] button to create your project and return to the " -"project page." +#: modules/administration/pages/content-lifecycle.adoc:66 +msgid "Review the attached sources and filters, and click btn:[Build]." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:33 -msgid "Click btn:[Attach/Detach Sources]." +#: modules/administration/pages/content-lifecycle.adoc:67 +msgid "" +"Provide a version message to describe the changes or updates in this build." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:35 +#: modules/administration/pages/content-lifecycle.adoc:68 +#: modules/administration/pages/content-lifecycle.adoc:75 msgid "" -"In the [guimenu]``Sources`` dialog, select the source type, and select a " -"base channel for your project. The available child channels for the " -"selected base channel are displayed, including information on whether the " -"channel is mandatory or recommended." +"You can monitor build progress in the [guimenu]``Environment Lifecycle`` " +"section." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:37 +#: modules/administration/pages/content-lifecycle.adoc:69 msgid "" -"Check the child channels you require, and click btn:[Save] to return to the " -"project page. The software channels you selected should now be showing." +"After the build is finished, the environment version is increased by one and " +"the built sources, such as software channels, can be assigned to your " +"clients." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:38 -msgid "Click btn:[Attach/Detach Filters]." +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:70 +#, no-wrap +msgid "Promote Environments" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:40 +#: modules/administration/pages/content-lifecycle.adoc:71 msgid "" -"In the [guimenu]``Filters`` dialog, select the filters you want to attach to " -"the project. To create a new filter, click btn:[Create new Filter]." +"When the project has been built, the built sources can be sequentially " +"promoted to the environments." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:41 -msgid "Click btn:[Add Environment]." +#. type: Block title +#: modules/administration/pages/content-lifecycle.adoc:72 +#, no-wrap +msgid "Procedure: Promoting Environments" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:43 +#: modules/administration/pages/content-lifecycle.adoc:73 msgid "" -"In the [guimenu]``Environment Lifecycle`` dialog, give the first environment " -"a name and a description, and click btn:[Save]. The [guimenu]``Name`` field " -"only accepts lowercase letters, numbers, periods, hyphens, and underscores." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " +"and select the project you want to work with." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:45 +#: modules/administration/pages/content-lifecycle.adoc:74 msgid "" -"Continue creating environments until you have all the environments for your " -"lifecycle completed. You can select the order of the environments in the " -"lifecycle by selecting an environment in the [guimenu]``Insert before`` " -"field when you create it." +"In the [guimenu]``Environment Lifecycle`` section, locate the environment to " +"promote to its successor, and click btn:[Promote]." msgstr "" #. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:48 +#: modules/administration/pages/content-lifecycle.adoc:76 #, no-wrap -msgid "Filter Types" +msgid "Assign Clients to Environments" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:53 +#: modules/administration/pages/content-lifecycle.adoc:77 msgid "" -"{productname} allows you to create various types of filters to control the " -"content used for building the project. Filters allow you to select which " -"packages will be included or excluded from the build. For example, you " -"could exclude all kernel packages, or include only specific releases of some " -"packages." +"When you build and promote content lifecycle projects, {productname} creates " +"a tree of software channels. To add clients to the environment, assign the " +"base and child software channels to your client using menu:Software[Software " +"Channels] in the [guimenu]``System Details`` page for the client." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:55 -msgid "The supported filters are:" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:78 +msgid "" +"Newly added cloned channels are not assigned to clients automatically. If " +"you add or promote sources you will need to manually check and update your " +"channel assignments." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:57 -msgid "package filtering" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:79 +msgid "" +"Automatic assignment is intended to be added to {productname} in a future " +"version." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:58 -msgid "by name" +#. type: Title = +#: modules/administration/pages/content-staging.adoc:1 +#, no-wrap +msgid "Content Staging" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:59 -msgid "by name, epoch, version, release, and architecture" +#: modules/administration/pages/content-staging.adoc:2 +msgid "" +"Staging is used by clients to download packages in advance, before they are " +"installed. This allows package installation to begin as soon as it is " +"scheduled, which can reduce the amount of time required for a maintenance " +"window." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:60 -msgid "patch filtering" +#. type: Title == +#: modules/administration/pages/content-staging.adoc:3 +#, no-wrap +msgid "Enable Content Staging" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:61 -msgid "by advisory name" +#: modules/administration/pages/content-staging.adoc:4 +msgid "" +"You can manage content staging across your entire organization. In the " +"{productname} {webui}, navigate to menu:Admin[Organizations] to see a list " +"of available organizations. Click the name of an organization, and check " +"the [guimenu]``Enable Staging Contents`` box to allow clients in this " +"organization to stage package data." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:62 -msgid "by advisory type" +#. type: delimited block = +#: modules/administration/pages/content-staging.adoc:5 +#: modules/administration/pages/organizations.adoc:6 +msgid "" +"You must be logged in as a {productname} administrator to create and manage " +"organizations." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:63 -msgid "by synopsis" +#: modules/administration/pages/content-staging.adoc:6 +msgid "" +"You can also enable staging at the command prompt by editing [path]``/etc/" +"sysconfig/rhn/up2date``, and adding or editing these lines:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:64 -msgid "by keyword" +#. type: delimited block - +#: modules/administration/pages/content-staging.adoc:7 +#, no-wrap +msgid "" +"stagingContent=1\n" +"stagingContentWindow=24\n" msgstr "" +#. 2018-12-10, ke: /etc/sysconfig/rhn/up2date still exists. @renner confirmed some tools use it (at least, trad. client). To be renamed in the future. #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:65 -msgid "by date" +#: modules/administration/pages/content-staging.adoc:8 +msgid "" +"The ``stagingContentWindow`` parameter is a time value expressed in hours " +"and determines when downloading will start. It is the number of hours " +"before the scheduled installation or update time. In this example, content " +"will be downloaded 24 hours before the installation time. The start time " +"for download depends on the selected contact method for a system. The " +"assigned contact method sets the time for when the next " +"[command]``mgr_check`` will be executed." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:66 -msgid "by affected package" +#: modules/administration/pages/content-staging.adoc:9 +msgid "" +"Next time an action is scheduled, packages are automatically downloaded, but " +"not installed. At the scheduled time, the staged packages are installed." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:67 -msgid "module" +#. type: Title == +#: modules/administration/pages/content-staging.adoc:10 +#, no-wrap +msgid "Configure Content Staging" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:68 -msgid "by stream" +#: modules/administration/pages/content-staging.adoc:11 +msgid "There are two parameters used to configure content staging:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:73 -msgid "Package dependencies are not resolved during content filtering." +#. type: Plain text +#: modules/administration/pages/content-staging.adoc:12 +msgid "" +"[parameter]``salt_content_staging_advance`` is the advance time for the " +"content staging window to open, in hours." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:78 +#: modules/administration/pages/content-staging.adoc:13 msgid "" -"There are multiple matchers you can use with the filter. Which ones are " -"available will depend on the filter type you choose." +"This is the number of hours before installation starts, that package " +"downloads can begin." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:80 -msgid "The available matchers are:" +#: modules/administration/pages/content-staging.adoc:14 +msgid "" +"[parameter]``salt_content_staging_window`` is the duration of the content " +"staging window, in hours." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:82 -msgid "contains" +#: modules/administration/pages/content-staging.adoc:15 +msgid "" +"This is the amount of time clients have to stage packages before " +"installation begins." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:83 -msgid "matches (must take the form of a regular expression)" +#: modules/administration/pages/content-staging.adoc:16 +msgid "" +"For example, if [parameter]``salt_content_staging_advance`` is set to six " +"hours, and [parameter]``salt_content_staging_window`` is set to two hours, " +"the staging window will open six hours before the installation time, and " +"remain open for two hours. No packages will be downloaded in the four " +"remaining hours until installation starts." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:84 -msgid "equals" +#: modules/administration/pages/content-staging.adoc:17 +msgid "" +"If you set the same value for both " +"[parameter]``salt_content_staging_advance`` and " +"[parameter]``salt_content_staging_window`` packages will be able to be " +"downloaded until installation begins." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:85 -msgid "greater" +#: modules/administration/pages/content-staging.adoc:18 +msgid "" +"Configure the content staging parameters in [path]``/usr/share/rhn/config-" +"defaults/rhn_java.conf``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:86 -msgid "greater or equal" +#: modules/administration/pages/content-staging.adoc:19 +msgid "Default values:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:87 -msgid "lower or equal" +#: modules/administration/pages/content-staging.adoc:20 +msgid "[path]``salt_content_staging_advance: 8 hours``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:88 -msgid "lower" +#: modules/administration/pages/content-staging.adoc:21 +msgid "[path]``salt_content_staging_window: 8 hours``" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:89 -msgid "later or equal" +#. type: delimited block = +#: modules/administration/pages/content-staging.adoc:22 +msgid "Content staging must be enabled for these parameters to work correctly." msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle.adoc:92 +#. type: Title = +#: modules/administration/pages/crash-reporting.adoc:1 #, no-wrap -msgid "Filter ``rule`` Parameter" +msgid "Crash Reporting" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:96 +#: modules/administration/pages/crash-reporting.adoc:2 msgid "" -"Each filter has a ``rule`` parameter that can be set to either ``Allow`` or " -"``Deny``. The filters are processed like this:" +"Crash reporting is used to automatically monitor and report on traditional " +"{redhat} clients that have experienced a crash." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:98 +#: modules/administration/pages/crash-reporting.adoc:3 msgid "" -"If a package or patch satisfies a ``Deny`` filter, it will be excluded from " -"the result." +"Clients that have crash reporting enabled report any crashes to the " +"{productname} Server. This allows you to see what crashes have occurred, " +"manage crash reports, and add custom notes to crashes from within the " +"{productname} {webui}. You can also run reports on crashes." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:99 +#. type: delimited block = +#: modules/administration/pages/crash-reporting.adoc:4 msgid "" -"If a package or patch satisfies an ``Allow`` filter, it will be included in " -"the result (even if it was excluded by a ``Deny`` filter)." +"Crash reporting works only with traditional {redhat} clients. It does not " +"work with Salt clients, or with traditional clients running any other " +"operating system." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:101 +#: modules/administration/pages/crash-reporting.adoc:5 msgid "" -"This behavior is useful when you want to exclude large number of packages or " -"patches using a general ``Deny`` filter and \"cherry-pick\" specific " -"packages or patches with specific ``Allow`` filters." +"Crash reporting requires the ``spacewalk-abrt`` package installed on the " +"client you want to monitor. To manage crash reports in the {webui}, " +"navigate to menu:Systems[Software Crashes]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:105 -msgid "" -"Content filters are global in your organization and can be shared between " -"projects." +#. type: Title == +#: modules/administration/pages/crash-reporting.adoc:6 +#, no-wrap +msgid "Crash Notes" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:112 +#. type: Plain text +#: modules/administration/pages/crash-reporting.adoc:7 msgid "" -"If your project already contains built sources, when you add an environment " -"it will automatically populate with the existing content. Content will be " -"drawn from the previous environment of the cycle if it had one. If there is " -"no previous environment, it will be left empty until the project sources are " -"built again." +"You can create custom notes for each crash report using the {productname} " +"{webui}. Navigate to menu:Systems[Systems List] and select the client that " +"crashed. Navigate to the menu:Software[Software Crashes] tab to see a list " +"of all current crashes for the selected client. Click the crash to see more " +"information, and navigate to the [guimenu]``Crash Notes`` tab to add or edit " +"notes." msgstr "" #. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:116 +#: modules/administration/pages/crash-reporting.adoc:8 #, no-wrap -msgid "Build a Content Lifecycle Project" +msgid "Organization Crash Configuration" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:119 +#: modules/administration/pages/crash-reporting.adoc:9 msgid "" -"When you have created your project, defined environments, and attached " -"sources and filters, you can build the project for the first time." +"You can manage crash reporting for your entire organization, turning the " +"feature on or off, changing whether crash files are uploaded, and setting a " +"size limit for file upload sizes. Navigate to menu:Admin[Organizations] and " +"select the organization you want to manage. Navigate to the " +"[guimenu]``Configuration`` tab and change the settings as required. Click " +"btn:[Update Organization] to save the changes." +msgstr "" + +#. type: Title == +#: modules/administration/pages/crash-reporting.adoc:10 +#, no-wrap +msgid "Reporting" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:121 +#: modules/administration/pages/crash-reporting.adoc:11 msgid "" -"Building applies filters to the attached sources and clones them to the " -"first environment in the project." +"{productname} allows you to use the following crash-related reports with the " +"spacewalk-report tool:" msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle.adoc:124 +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:12 #, no-wrap -msgid "Procedure: Building a Content Lifecycle Project" +msgid "" +"system-crash-count\n" +"system-crash-details\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:127 +#: modules/administration/pages/crash-reporting.adoc:13 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " -"and select the project you want to build." +"For more information about reports, see xref:administration:reports.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:128 -msgid "Review the attached sources and filters, and click btn:[Build]." +#. type: Title == +#: modules/administration/pages/crash-reporting.adoc:14 +#, no-wrap +msgid "Managing Crash Reports with the API" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:129 +#: modules/administration/pages/crash-reporting.adoc:15 +msgid "Use these API calls to manage reported software crashes:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:16 +#, no-wrap msgid "" -"Provide a version message to describe the changes or updates in this build." +"system.crash.getLastReportDate()\n" +"system.crash.getUniqueCrashCount()\n" +"system.crash.getTotalCrashCount()\n" +"system.crash.listSystemCrashes()\n" +"system.crash.listSystemCrashFiles()\n" +"system.crash.deleteCrash()\n" +"system.crash.getCrashFileUrl()\n" +"system.crash.getCrashFile()\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:130 -#: modules/administration/pages/content-lifecycle.adoc:145 +#: modules/administration/pages/crash-reporting.adoc:17 +msgid "Use these API calls to manage notes on crashes:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:18 +#, no-wrap msgid "" -"You can monitor build progress in the [guimenu]``Environment Lifecycle`` " -"section." +"system.crash.createCrashNote()\n" +"system.crash.deleteCrashNote()\n" +"system.crash.getCrashNotesForCrash()\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:132 +#: modules/administration/pages/crash-reporting.adoc:19 msgid "" -"After the build is finished, the environment version is increased by one and " -"the built sources, such as software channels, can be assigned to your " -"clients." +"Use these API calls to manage organization settings for crash reporting:" msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:135 +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:20 #, no-wrap -msgid "Promote Environments" +msgid "" +"org.getCrashFileSizeLimit()\n" +"org.setCrashFileSizeLimit()\n" +"org.isCrashReportingEnabled()\n" +"org.setCrashReporting()\n" +"org.isCrashfileUploadEnabled()\n" +"org.setCrashfileUpload()\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:138 +#: modules/administration/pages/crash-reporting.adoc:21 msgid "" -"When the project has been built, the built sources can be sequentially " -"promoted to the environments." +"For more information about the API, see the latest API documentation " +"available from https://documentation.suse.com/suma." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle.adoc:141 +#. type: Title = +#: modules/administration/pages/custom-channels.adoc:1 #, no-wrap -msgid "Procedure: Promoting Environments" +msgid "Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:143 +#: modules/administration/pages/custom-channels.adoc:2 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " -"and select the project you want to work with." +"Custom channels give you the ability to create your own software packages " +"and repositories, which you can use to update your clients. They also allow " +"you to use software provided by third party vendors in your environment." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:144 +#: modules/administration/pages/custom-channels.adoc:3 msgid "" -"In the [guimenu]``Environment Lifecycle`` section, locate the environment to " -"promote to its successor, and click btn:[Promote]." -msgstr "" - -#. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:148 -#, no-wrap -msgid "Assign Clients to Environments" +"You must have administrator privileges to be able to create and manage " +"custom channels." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:152 +#: modules/administration/pages/custom-channels.adoc:4 msgid "" -"When you build and promote content lifecycle projects, {productname} creates " -"a tree of software channels. To add clients to the environment, assign the " -"base and child software channels to your client using menu:Software[Software " -"Channels] in the [guimenu]``System Details`` page for the client." +"Before you create a custom channel, determine which base channel you want to " +"associate it with, and which repositories you want to use for content." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:157 +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:5 msgid "" -"Newly added cloned channels are not assigned to clients automatically. If " -"you add or promote sources you will need to manually check and update your " -"channel assignments." +"This section gives more detail on how to create, administer, and delete " +"custom channels." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:159 -msgid "" -"Automatic assignment is intended to be added to {productname} in a future " -"version." +#. type: Title == +#: modules/administration/pages/custom-channels.adoc:6 +#, no-wrap +msgid "Creating Custom Channels and Repositories" msgstr "" -#. type: Title = -#: modules/administration/pages/iss.adoc:2 -#, no-wrap -msgid "Inter-Server Synchronization" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:7 +msgid "" +"If you have custom software packages that you need to install on your " +"{productname} systems, you can create a custom child channel to manage " +"them. You will need to create the channel in the {productname} {webui} and " +"create a repository for the packages, before assigning the channel to your " +"systems." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:6 +#: modules/administration/pages/custom-channels.adoc:8 msgid "" -"If you have more than one {productname} installation, you need to ensure " -"that they stay aligned on content and permissions. Inter-Server " -"Synchronization (ISS) allows you to connect two or more {productname} " -"Servers and keep them up-to-date." +"You can select a vendor channel as the base channel if you want to use " +"packages provided by a vendor. Alternatively, select ``none`` to make your " +"custom channel a base channel." msgstr "" +#. We need to create a section on importing GPG keys and change this to point there: https://github.com/SUSE/spacewalk/issues/9474 LKB 2019-09-18 #. type: Plain text -#: modules/administration/pages/iss.adoc:9 +#: modules/administration/pages/custom-channels.adoc:9 msgid "" -"To set up ISS, you need to define one {productname} Server as a master, with " -"the other as a slave. If conflicting configurations exist, the system will " -"prioritize the master configuration." +"Custom channels will sometimes require additional security settings. Many " +"third party vendors secure packages with GPG. If you want to use GPG-" +"protected packages in your custom channel, you will need to trust the GPG " +"key which has been used to sign the metadata. You can then check the " +"[guimenu]``Has Signed Metadata?`` check box to match the package metadata " +"against the trusted GPG keys. For more information on importing GPG keys, " +"see xref:reference:systems/autoinst-gpg-and-ssl-keys.adoc[]." msgstr "" #. type: delimited block = -#: modules/administration/pages/iss.adoc:16 +#: modules/administration/pages/custom-channels.adoc:10 msgid "" -"ISS Masters are masters only because they have slaves attached to them. " -"This means that you need to set up the ISS Master first, by defining its " -"slaves. You can then set up the ISS Slaves, by attaching them to a master." +"Do not create child channels containing packages that are not compatible " +"with the client system." msgstr "" #. type: Block title -#: modules/administration/pages/iss.adoc:20 +#: modules/administration/pages/custom-channels.adoc:11 #, no-wrap -msgid "Procedure: Setting up an ISS Master" +msgid "Procedure: Creating a Custom Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:23 +#: modules/administration/pages/custom-channels.adoc:12 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " -"Master Setup], and click btn:[Add new slave]." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and click btn:[Create Channel]." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:24 +#: modules/administration/pages/custom-channels.adoc:13 msgid "" -"In the [guimenu]``Edit Slave Details`` dialog, provide these details for the " -"ISS Master's first slave:" +"On the [guimenu]``Create Software Channel`` page, give your channel a name " +"(for example, [systemitem]``My Tools SLES 15 SP1 x86_64``) and a label (for " +"example, [systemitem]``my-tools-sles15sp1-x86_64``)." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:26 -msgid "" -"In the [guimenu]``Slave Fully-Qualified Domain Name`` field, enter the FQDN " -"of the ISS Slave. For example: [systemitem]``server2.example.com``." +#: modules/administration/pages/custom-channels.adoc:14 +msgid "Labels must not contain spaces or uppercase letters." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:27 +#: modules/administration/pages/custom-channels.adoc:15 msgid "" -"Check the [guimenu]``Allow Slave to Sync?`` checkbox to enable the slave to " -"synchronize with the master." +"In the [guimenu]``Parent Channel`` drop down, choose the relevant base " +"channel (for example, [systemitem]``SLE-Product-SLES15-SP1-Pool for " +"x86_64``)." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:28 -msgid "" -"Check the [guimenu]``Sync All Orgs to Slave?`` checkbox to synchronize all " -"organizations to this slave." +#: modules/administration/pages/custom-channels.adoc:16 +msgid "Ensure that you choose the compatible parent channel for your packages." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:29 -msgid "Click btn:[Create] to add the ISS slave." +#: modules/administration/pages/custom-channels.adoc:17 +msgid "" +"In the [guimenu]``Architecture`` drop down, choose the appropriate hardware " +"architecture (for example, [systemitem]``x86_64``)." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:30 +#: modules/administration/pages/custom-channels.adoc:18 msgid "" -"In the [guimenu]``Allow Export of the Selected Organizations`` section, " -"check the organizations you want to allow this slave to export to the " -"master, and click btn:[Allow Orgs]." +"Provide any additional information in the contact details, channel access " +"control, and GPG fields, as required for your environment." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:34 +#: modules/administration/pages/custom-channels.adoc:19 +msgid "Click btn:[Create Channel]." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/custom-channels.adoc:20 msgid "" -"Before you set up the ISS Slave, you will need to ensure you have the " -"appropriate CA certificate." +"By default, the ``Enable GPG Check`` field is checked when you create a new " +"channel. If you would like to add custom packages and applications to your " +"channel, make sure you uncheck this field to be able to install unsigned " +"packages. Disabling the GPG check is a security risk if packages are from " +"an untrusted source." msgstr "" #. type: Block title -#: modules/administration/pages/iss.adoc:37 +#: modules/administration/pages/custom-channels.adoc:21 #, no-wrap -msgid "Procedure: Copying the Master CA Certificate to an ISS Slave" +msgid "Procedure: Creating a Software Repository" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:22 +msgid "" +"In the {productname} {webui}, navigate to menu:Software[Manage > " +"Repositories], and click btn:[Create Repository]." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:39 +#: modules/administration/pages/custom-channels.adoc:23 msgid "" -"On the ISS Master, locate the CA Certificate at ``/srv/www/htdocs/pub/RHN-" -"ORG-TRUSTED-SSL-CERT`` and create a copy that can be transferred to the " -"ISS Slave." +"On the [guimenu]``Create Repository`` page, give your repository a label " +"(for example, [systemitem]``my-tools-sles15sp1-x86_64-repo``)." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:40 +#: modules/administration/pages/custom-channels.adoc:24 msgid "" -"On the ISS Slave, save the CA certificate file to the ``/etc/pki/trust/" -"anchors/`` directory." +"In the [guimenu]``Repository URL`` field, provide the path to the directory " +"that contains the [path]``repodata`` file (for example, " +"[systemitem]``file:///opt/mytools/``)." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:43 -msgid "When you have copied the certificate, you can set up the ISS Slave." +#: modules/administration/pages/custom-channels.adoc:25 +msgid "You can use any valid addressing protocol in this field." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:26 +msgid "Uncheck the [guimenu]``Has Signed Metadata?`` check box." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:27 +msgid "" +"OPTIONAL: Complete the SSL fields if your repository requires client " +"certificate authentication." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:28 +msgid "Click btn:[Create Repository]." msgstr "" #. type: Block title -#: modules/administration/pages/iss.adoc:46 +#: modules/administration/pages/custom-channels.adoc:29 #, no-wrap -msgid "Procedure: Setting up an ISS Slave" +msgid "Procedure: Assigning the Repository to a Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:49 +#: modules/administration/pages/custom-channels.adoc:30 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " -"Slave Setup], and click btn:[Add new master]." +"Assign your new repository to your custom channel by navigating to menu:" +"Software[Manage > Channels], clicking the name of your newly created custom " +"channel, and navigating to the [guimenu]``Repositories`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:50 +#: modules/administration/pages/custom-channels.adoc:31 msgid "" -"In the [guimenu]``Details for new Master`` dialog, provide these details for " -"the server to use as the ISS master:" +"Ensure the repository you want to assign to the channel is checked, and " +"click btn:[Update Repositories]." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:52 +#: modules/administration/pages/custom-channels.adoc:32 msgid "" -"In the [guimenu]``Master Fully-Qualified Domain Name`` field, enter the FQDN " -"of the ISS Master for this slave. For example: ``server1.example.com``." +"Navigate to the [guimenu]``Sync`` tab and click btn:[Sync Now] to " +"synchronize immediately." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:54 +#: modules/administration/pages/custom-channels.adoc:33 +msgid "You can also set an automated synchronization schedule on this tab." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:34 msgid "" -"In the [guimenu]``Filename of this Master's CA Certificate`` field, enter " -"the absolute path to the CA certificate on the ISS master. This should be " -"``/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT``." +"There are several ways to check if a channel has finished synchronizing:" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:55 -msgid "Click btn:[Add new master] to add the ISS Slave to this master." +#: modules/administration/pages/custom-channels.adoc:35 +msgid "" +"In the {productname} {webui}, navigate to menu:Admin[Setup Wizard] and " +"select the [guimenu]``Products`` tab." msgstr "" -#. type: Block title -#: modules/administration/pages/iss.adoc:58 -#, no-wrap -msgid "Procedure: Completing ISS Setup" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:36 +msgid "" +"This dialog displays a completion bar for each product when they are being " +"synchronized." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:60 +#: modules/administration/pages/custom-channels.adoc:37 msgid "" -"At the command prompt on the ISS Slave, synchronize with the ISS Master:" +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"then click the channel associated to the repository." msgstr "" -#. type: delimited block - -#: modules/administration/pages/iss.adoc:63 -#, no-wrap -msgid "mgr-inter-sync\n" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:38 +msgid "" +"Navigate to the menu:[Repositories > Sync] tab. The [guimenu]``Sync " +"Status`` is shown next to the repository name.." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:65 -msgid "OPTIONAL: To synchronize a single channel, use this command:" +#: modules/administration/pages/custom-channels.adoc:39 +msgid "Check the synchronization log file at the command prompt:" msgstr "" #. type: delimited block - -#: modules/administration/pages/iss.adoc:68 +#: modules/administration/pages/custom-channels.adoc:40 #, no-wrap -msgid "mgr-inter-sync -c \n" +msgid "tail -f /var/log/rhn/reposync/.log\n" msgstr "" -#. Need to double check this against the UI. --LKB 2020-04-08 #. type: Plain text -#: modules/administration/pages/iss.adoc:70 +#: modules/administration/pages/custom-channels.adoc:41 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " -"Configure Master-to-Slave Mappings] and select the organizations you want to " -"synchronize." +"Each child channel will generate its own log during the synchronization " +"progress. You will need to check all the base and child channel log files " +"to be sure that the synchronization is complete." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-notifications.adoc:2 +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:42 #, no-wrap -msgid "Troubleshooting Notifications" +msgid "Procedure: Adding Custom Channels to an Activation Key" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-notifications.adoc:26 +#: modules/administration/pages/custom-channels.adoc:43 msgid "" -"The default lifetime of notification messages is 30 days, after which " -"messages are deleted from the database, regardless of read status. To " -"change this value, add or edit this line in [path]``/etc/rhn/rhn.conf``:" +"In the {productname} {webui}, navigate to menu:Systems[Activation Keys], and " +"select the key you want to add the custom channel to." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-notifications.adoc:29 -#, no-wrap -msgid "java.notifications_lifetime = 30\n" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:44 +msgid "" +"On the [guiemnu]``Details`` tab, in the [guimenu]``Child Channels`` listing, " +"select the channel to associate." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-notifications.adoc:33 -msgid "" -"All notification types are enabled by default. To disable a notification " -"type, add or edit this line in [path]``/etc/rhn/rhn.conf``:" +#: modules/administration/pages/custom-channels.adoc:45 +msgid "You can select multiple channels, if you need to." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-notifications.adoc:36 -#, no-wrap -msgid "java.notifications_type_disabled = OnboardingFailed,ChannelSyncFailed,ChannelSyncFinished\n" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:46 +msgid "Click btn:[Update Activation Key]." msgstr "" -#. type: Title = -#: modules/administration/pages/users.adoc:2 +#. type: Title == +#: modules/administration/pages/custom-channels.adoc:47 #, no-wrap -msgid "Users" +msgid "Add Packages and Patches to Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:6 +#: modules/administration/pages/custom-channels.adoc:48 msgid "" -"{productname} Administrators can add new users, grant permissions, and " -"deactivate or delete users. If you are managing a large number of users, " -"you can assign users to system groups to manage permissions at a group level." +"When you create a new custom channel without cloning it from an existing " +"channel, it will not contain any packages or patches. You can add the " +"packages and patches you require using the {productname} {webui}." msgstr "" -#. type: delimited block = -#: modules/administration/pages/users.adoc:11 +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:49 msgid "" -"The [guimenu]``Users`` menu is only available if you are logged in with a " -"{productname} administrator account." +"Custom channels can only include packages or patches that are cloned or " +"custom, and they must match the base architecture of the channel. Patches " +"added to custom channels must apply to a package that exists in the channel." msgstr "" -#. type: Plain text -#: modules/administration/pages/users.adoc:18 -msgid "" -"To manage {productname} users, navigate to menu:Users[User List > All] to " -"see all users in your {productname} Server. Each user in the list shows the " -"username, real name, assigned roles, the date the user last signed in, and " -"the current status of the user. Click btn:``Create User`` to create a new " -"user account. Click the username to go to the [guimenu]``User Details`` " -"page." +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:50 +#, no-wrap +msgid "Procedure: Adding Packages to Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:20 +#: modules/administration/pages/custom-channels.adoc:51 msgid "" -"To add new users to your organization, click btn:[Create User], complete the " -"details for the new user, and click btn:[Create Login]." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and go to the [guimenu]``Packages`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:24 +#: modules/administration/pages/custom-channels.adoc:52 msgid "" -"You can deactivate or delete user accounts if they are no longer required. " -"Deactivated user accounts can be reactivated at any time. Deleted user " -"accounts are not visible, and cannot be retrieved." +"OPTIONAL: See all packages currently in the channel by navigating to the " +"[guimenu]``List/Remove`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:27 +#: modules/administration/pages/custom-channels.adoc:53 msgid "" -"Users can deactivate their own accounts. However, if users have an " -"administrator role, the role must be removed before the account can be " -"deactivated." +"Add new packages to the channel by navigating to the [guimenu]``Add`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:31 +#: modules/administration/pages/custom-channels.adoc:54 msgid "" -"Deactivated users cannot log in to the {productname} {webui} or schedule any " -"actions. Actions scheduled by a user prior to their deactivation remain in " -"the action queue. Deactivated users can be reactivated by {productname} " -"administrators." +"Select the parent channel to provide packages, and click btn:[View Packages] " +"to populate the list." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:34 +#: modules/administration/pages/custom-channels.adoc:55 msgid "" -"Users can hold multiple administrator roles, and there can be more than one " -"user holding any administrator role at any time. There must always be at " -"least one active {productname} Administrator." -msgstr "" - -#. type: Block title -#: modules/administration/pages/users.adoc:37 -#, no-wrap -msgid "User Administrator Role Permissions" +"Check the packages to add to the custom channel, and click btn:[Add " +"Packages]." msgstr "" -#. type: Table -#: modules/administration/pages/users.adoc:48 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:56 msgid "" -"| Role Name | Description\n" -"| System Group User | Standard role associated with all users.\n" -"| {productname} Administrator | Can perform all functions, including changing privileges of other users.\n" -"| Organization Administrator | Manages activation keys, configurations, channels, and system groups.\n" -"| Activation Key Administrator | Manages activation keys.\n" -"| Image Administrator | Manages image profiles, builds, and stores.\n" -"| Configuration Administrator | Manages system configuration.\n" -"| Channel Administrator | Manages software channels, including making channels globally subscribable, and creating new channels.\n" -"| System Group Administrator | Manages systems groups, including creating and deleting system groups, adding clients to existing groups, and managing user access to groups.\n" +"When you are satisfied with the selection, click btn:[Confirm Addition] to " +"add the packages to the channel." msgstr "" -#. type: Title == -#: modules/administration/pages/users.adoc:52 -#, no-wrap -msgid "User Permissions and Systems" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:57 +msgid "" +"OPTIONAL: You can compare the packages in the current channel with those in " +"a different channel by navigating to menu:Software[Manage > Channels], and " +"going to the menu:Packages[Compare] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:55 +#: modules/administration/pages/custom-channels.adoc:58 msgid "" -"If you have created system groups to manage your clients, you can assign " -"groups to users for them to manage." +"To make the two channels the same, click the btn:[Merge Differences] button, " +"and resolve any conflicts." +msgstr "" + +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:59 +#, no-wrap +msgid "Procedure: Adding Patches to a Custom Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:58 +#: modules/administration/pages/custom-channels.adoc:60 msgid "" -"To assign a user to a system group, navigate to menu:Users[User List], click " -"the username to edit, and go to the [guimenu]``System Groups`` tab. Check " -"the groups to assign, and click btn:``Update Defaults``." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and go to the [guimenu]``Patches`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:62 +#: modules/administration/pages/custom-channels.adoc:61 msgid "" -"You can also select one or more default system groups for a user. When the " -"user registers a new client, it is assigned to the chosen system group by " -"default. This allows the user to immediately access the newly-registered " -"client." +"OPTIONAL: See all patches currently in the channel by navigating to the " +"[guimenu]``List/Remove`` tab." msgstr "" -#. I really don't understand what this is. Need a sentence or two to explain it. --LKB 2020-04-29 #. type: Plain text -#: modules/administration/pages/users.adoc:67 +#: modules/administration/pages/custom-channels.adoc:62 msgid "" -"To manage external groups, navigate to menu:Users[System Group " -"Configuration], and go to the [guimenu]``External Authentication`` tab. " -"Click btn:[Create External Group] to create a new external group. Give the " -"group a name, and assign it to the appropriate system group." +"Add new patches to the channel by navigating to the [guimenu]``Add`` tab, " +"and selecting what kind of patches you want to add." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:69 +#: modules/administration/pages/custom-channels.adoc:63 msgid "" -"For more information about system groups, see xref:reference:systems/system-" -"groups.adoc[]." +"Select the parent channel to provide patches, and click btn:[View Associated " +"Patches] to populate the list." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:73 +#: modules/administration/pages/custom-channels.adoc:64 msgid "" -"To see the individual clients a user can administer, navigate to menu:" -"Users[User List], click the username to edit, and go to the " -"[guimenu]``Systems`` tab. To carry out bulk tasks, you can select clients " -"from the list to add them to the system set manager." +"Check the patches to add to the custom channel, and click btn:[Confirm]." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:75 +#: modules/administration/pages/custom-channels.adoc:65 msgid "" -"For more information about the system set manager, see xref:client-" -"configuration:using-ssm.adoc[]." +"When you are satisfied with the selection, click btn:[Confirm] to add the " +"patches to the channel." msgstr "" #. type: Title == -#: modules/administration/pages/users.adoc:78 +#: modules/administration/pages/custom-channels.adoc:66 #, no-wrap -msgid "Users and Channel Permissions" +msgid "Manage Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:81 +#: modules/administration/pages/custom-channels.adoc:67 msgid "" -"You can assign users to software channels within your organization either as " -"a subscriber that consumes content from channels, or as an administrator, " -"who can manage the channels themselves." +"{productname} administrators and channel administrators can alter or delete " +"any channel." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:84 +#: modules/administration/pages/custom-channels.adoc:68 msgid "" -"To subscribe a user to a channel, navigate to menu:Users[User List], click " -"the username to edit, and go to the menu:Channel Permissions[Subscription] " -"tab. Check the channels to assign, and click btn:``Update Permissions``." +"To grant other users rights to alter or delete a channel, navigate to menu:" +"Software[Manage > Channels] and select the channel you want to edit. " +"Navigate to the [guimenu]``Managers`` tab, and check the user to grant " +"permissions. Click btn:[Update] to save the changes." msgstr "" -#. type: Plain text -#: modules/administration/pages/users.adoc:87 +#. type: delimited block = +#: modules/administration/pages/custom-channels.adoc:69 msgid "" -"To grant a user channel management permissions, navigate to menu:Users[User " -"List], click the username to edit, and go to the menu:Channel " -"Permissions[Management] tab. Check the channels to assign, and click btn:" -"``Update Permissions``." +"If you delete a channel that has been assigned to a set of clients, it will " +"trigger an immediate update of the channel state for any clients associated " +"with the deleted channel. This is to ensure that the changes are reflected " +"accurately in the repository file." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:89 +#: modules/administration/pages/custom-channels.adoc:70 msgid "" -"Some channels in the list might not be subscribable. This is usually " -"because of the users administrator status, or the channels global settings." +"You cannot delete {productname} channels with the {webui}. Only custom " +"channels can be deleted." msgstr "" -#. type: Title = -#: modules/administration/pages/auth-methods-sso-example.adoc:2 +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:71 #, no-wrap -msgid "Example SSO Implementation" +msgid "Procedure: Deleting Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:5 +#: modules/administration/pages/custom-channels.adoc:72 msgid "" -"In this example, SSO is implemented by exposing three endpoints with " -"{productname}, and using Keycloak as the identity service provider (IdP)." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and select the channel you want to delete." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:8 -msgid "" -"Start by setting up the {productname} Server, and the Keycloak IdP. Then " -"you can add the endpoints as clients, and create users." +#: modules/administration/pages/custom-channels.adoc:73 +msgid "Click btn:[Delete software channel]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/auth-methods-sso-example.adoc:15 +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:74 msgid "" -"This example is provided for illustrative purposes only. {suse} does not " -"recommend or support third-party identity service providers, and is not " -"affiliated with Keycloak. For Keycloak support, see https://www.keycloak." -"org/." +"On the [guimenu]``Delete Channel`` page, check the details of the channel " +"you are deleting, and check the [guimenu]``Unsubscribe Systems`` checkbox to " +"remove the custom channel from any systems that might still be subscribed." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:19 -#, no-wrap -msgid "Procedure: Setting Up the {productname} Server" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:75 +msgid "Click btn:[Delete Channel]." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:22 +#: modules/administration/pages/custom-channels.adoc:76 msgid "" -"On the {productname} Server, open the [path]``/etc/rhn/rhn.conf`` " -"configuration file and edit these parameters. Replace ```` with the " -"fully-qualified domain name of your {productname} installation:" +"When channels are deleted, the packages that are part of the deleted channel " +"are not automatically removed. You will not be able to update packages that " +"have had their channel deleted." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:27 +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:77 +msgid "" +"You can delete packages that are not associated with a channel in the " +"{productname} {webui}. Navigate to menu:Software[Manage > Packages], check " +"the packages to remove, and click btn:[Delete Packages]." +msgstr "" + +#. type: Title = +#: modules/administration/pages/disconnected-setup.adoc:1 #, no-wrap +msgid "Disconnected Setup" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/disconnected-setup.adoc:2 msgid "" -"java.sso.onelogin.saml2.sp.entityid = /rhn/manager/sso/metadata\n" -"java.sso.onelogin.saml2.sp.assertion_consumer_service.url = /rhn/manager/sso/acs\n" -"java.sso.onelogin.saml2.sp.single_logout_service.url = /rhn/manager/sso/sls\n" +"When it is not possible to connect {productname} to the internet, you can " +"use it within a disconnected environment." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:29 -msgid "In the configuration file, determine the three endpoints to expose:" +#: modules/administration/pages/disconnected-setup.adoc:3 +msgid "" +"The repository mirroring tool (RMT) is available on {sle}{nbsp}15 and " +"later. RMT replaces the subscription management tool (SMT), which can be " +"used on older {sle} installations." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:34 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/disconnected-setup.adoc:4 msgid "" -"java.sso.onelogin.saml2.idp.entityid\n" -"java.sso.onelogin.saml2.idp.single_sign_on_service.url\n" -"java.sso.onelogin.saml2.idp.single_logout_service.url\n" +"In a disconnected {productname} setup, RMT or SMT uses an external network " +"to connect to {scc}. All software channels and repositories are " +"synchronized to a removable storage device. The storage device can then be " +"used to update the disconnected {productname} installation." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:39 +#: modules/administration/pages/disconnected-setup.adoc:5 msgid "" -"In the IdP metadata, locate the public x509 certificate. It uses this " -"format: ``/auth/realms//protocol/saml/" -"descriptor``. In the configuration file, specify the public x509 " -"certificate of the IdP:" +"This setup allows your {productname} installation to remain in an offline, " +"disconnected environment." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:42 -#, no-wrap -msgid "java.sso.onelogin.saml2.idp.x509cert\n" +#. type: delimited block = +#: modules/administration/pages/disconnected-setup.adoc:6 +msgid "" +"Your RMT or SMT instance must be used to managed a {productname} Server " +"directly. It cannot be used to manage a second RMT or SMT instance, in a " +"cascade." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:49 +#: modules/administration/pages/disconnected-setup.adoc:7 msgid "" -"When you have prepared the {productname} Server, you can install Keycloak. " -"You can install Keycloak directly on your machine, or run it in a " -"container. In this example, we run Keycloak in a Docker container. For " -"more information about installing Keycloak, see the Keycloak documentation " -"at https://www.keycloak.org/getting-started/getting-started-docker." +"For more information on RMT, see https://documentation.suse.com/sles/15-SP2/" +"html/SLES-all/book-rmt.html." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:52 +#. type: Title == +#: modules/administration/pages/disconnected-setup.adoc:8 #, no-wrap -msgid "Procedure: Setting Up the Identity Service Provider" +msgid "Synchronize RMT" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:54 +#: modules/administration/pages/disconnected-setup.adoc:9 msgid "" -"Install Keycloak in a Docker container, according to the Keycloak " -"documentation." +"You can use RMT on {sle} 15 installations to manage clients running {sle} 12 " +"or later." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:55 +#: modules/administration/pages/disconnected-setup.adoc:10 msgid "" -"Run the container using the ``-td`` argument to ensure the process remains " -"running:" +"We recommend you set up a dedicated RMT instance for each {productname} " +"installation." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:58 +#. type: Block title +#: modules/administration/pages/disconnected-setup.adoc:11 #, no-wrap -msgid "docker run -td --name=idp -p 8080:8080 -e KEYCLOAK_USER= -e KEYCLOAK_PASSWORD= quay.io/keycloak/keycloak:9.0.2\n" +msgid "Procedure: Setting up RMT" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:60 -msgid "" -"Sign in the Keycloak {webui} as a privileged user, and create a realm using " -"these details:" +#: modules/administration/pages/disconnected-setup.adoc:12 +msgid "On the RMT instance, install the RMT package:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:63 -msgid "" -"In the ``Name`` field, enter a name for the realm. For example, ``SUMA``." +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:13 +#, no-wrap +msgid "zypper in rmt-server\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:64 -msgid "Toggle the ``Enabled`` switch to ``On``." +#: modules/administration/pages/disconnected-setup.adoc:14 +msgid "Configure RMT using {yast}:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:15 +#, no-wrap +msgid "yast2 rmt\n" msgstr "" -#. Probably needs more explanation here. --LKB 20200415 #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:67 -msgid "" -"In the ``Endpoints`` field, type ``SAML 2.0 Identity Provider Metadata``. " -"This endpoint is ``/auth/realms//protocol/saml/" -"descriptor`` which describes the endpoints and certificate in the " -"{productname} configuration file." +#: modules/administration/pages/disconnected-setup.adoc:16 +msgid "Follow the prompts to complete installation." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:72 +#: modules/administration/pages/disconnected-setup.adoc:17 msgid "" -"When you have Keycloak running and set up, you can add the endpoints. " -"Keycloak refers to endpoints as clients." +"For more information on setting up RMT, see https://documentation.suse.com/" +"sles/15-SP2/html/SLES-all/book-rmt.html." msgstr "" #. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:75 +#: modules/administration/pages/disconnected-setup.adoc:18 #, no-wrap -msgid "Procedure: Adding Endpoints as Clients" +msgid "Procedure: Synchronizing RMT with SCC" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:77 -msgid "In the Keycloak {webui}, create a new client using these details:" +#: modules/administration/pages/disconnected-setup.adoc:19 +msgid "" +"On the RMT instance, list all available products and repositories for your " +"organization:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:80 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:20 +#, no-wrap msgid "" -"In the ``Client ID`` field, enter the endpoint specified in the server " -"configuration file as ``java.sso.onelogin.saml2.idp.entityid``. For " -"example, ``https:///rhn/manager/sso/metadata``." +"rmt-cli products list --all\n" +"rmt-cli repos list --all\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:81 -msgid "In the ``Client Protocol`` field, select ``SAML``." +#: modules/administration/pages/disconnected-setup.adoc:21 +msgid "Synchronize all available updates for your organization:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:82 -msgid "Toggle the ``Include AuthnStatement`` switch to ``On``." +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:22 +#, no-wrap +msgid "rmt-cli sync\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:83 -msgid "Toggle the ``Sign Assertions`` switch to ``On``." +#: modules/administration/pages/disconnected-setup.adoc:23 +msgid "You can also configure RMT to synchronize regularly using systemd." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:84 -msgid "In the ``Signature Algorithm`` field, select ``RSA_SHA1``." +#: modules/administration/pages/disconnected-setup.adoc:24 +msgid "Enable the products you require." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:85 -msgid "In the ``SAML Signature Key Name`` field, select the key." +#: modules/administration/pages/disconnected-setup.adoc:25 +msgid "For example, to enable SLES 15:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:86 -msgid "In the ``Canonicalization Method`` field, select ``Exclusive``." +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:26 +#, no-wrap +msgid "rmt-cli product enable sles/15/x86_64\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:87 -msgid "" -"In the ``Fine Grain SAML Endpoint Configuration`` section, add the two " -"endpoints using these details:" +#: modules/administration/pages/disconnected-setup.adoc:27 +#: modules/administration/pages/disconnected-setup.adoc:40 +msgid "Export the synchronized data to your removable storage." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:90 -msgid "" -"In both the ``Assertion Consumer Service`` fields, enter the endpoint " -"specified in the server configuration file as ``java.sso.onelogin.saml2.sp." -"assertion_consumer_service.url``. For example, ``https:///rhn/manager/" -"sso/acs``." +#: modules/administration/pages/disconnected-setup.adoc:28 +#: modules/administration/pages/disconnected-setup.adoc:41 +msgid "In this example, the storage medium is mounted at [path]``/mnt/usb``:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:92 -msgid "" -"In both the ``Logout Service`` fields, enter the endpoint specified in the " -"server configuration file as ``java.sso.onelogin.saml2.sp." -"single_logout_service.url``. For example, ``https:///rhn/manager/sso/" -"sls``." +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:29 +#, no-wrap +msgid "rmt-cli export data /mnt/usb\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:96 -msgid "" -"When you have added the endpoints as clients, you can configure the client " -"scope, and map the users between Keycloak and {productname}." +#: modules/administration/pages/disconnected-setup.adoc:30 +#: modules/administration/pages/disconnected-setup.adoc:43 +msgid "Export the enabled repositories to your removable storage:" msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:99 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:31 +#: modules/administration/pages/disconnected-setup.adoc:44 #, no-wrap -msgid "Procedure: Configuring Client Scope and Mappers" +msgid "rmt-cli export settings /mnt/usb\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:101 +#. type: delimited block = +#: modules/administration/pages/disconnected-setup.adoc:32 msgid "" -"In the Keycloak {webui}, navigate to the menu:Clients[Client Scopes] tab and " -"assign ``role_list`` as the default client scope." +"Ensure that the external storage is mounted to a directory that is writeable " +"by the RMT user. You can change RMT user settings in the `cli` section of " +"[path]``/etc/rmt.conf``." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:103 -msgid "" -"Navigate to the menu:Clients[Mappers] tab and add a user attribute ``Uid`` " -"mapper, using the default values. This SAML attribute is expected by " -"{productname}." +#. type: Title == +#: modules/administration/pages/disconnected-setup.adoc:33 +#, no-wrap +msgid "Synchronize SMT" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:105 +#: modules/administration/pages/disconnected-setup.adoc:34 msgid "" -"Navigate to the menu:Users[Admin] section and create an administrative " -"user. This user does not need to match the {productname} administrative " -"user." +"SMT is included with {sle} 12, and can be used to manage clients running " +"{sle} 10 or later." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:106 +#: modules/administration/pages/disconnected-setup.adoc:35 msgid "" -"Navigate to the menu:Users[Role Mappings] tab, add a ``uid`` attribute with " -"a value that matches the username of the {productname} administrative user." +"SMT requires you to create a local mirror directory on the SMT instance to " +"synchronize repositories and packages." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:107 +#: modules/administration/pages/disconnected-setup.adoc:36 msgid "" -"Navigate to the menu:Users[Credentials] tab, and set the same password as " -"used by the {productname} administrative user." +"For more details on installing and configuring SMT, see https://" +"documentation.suse.com/sles/12-SP5/html/SLES-all/book-smt.html." msgstr "" #. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:107 +#: modules/administration/pages/disconnected-setup.adoc:37 #, no-wrap -msgid " Save your changes." +msgid "Procedure: Synchronizing SMT with SCC" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:113 -msgid "" -"When you have completed configuration, you can test that the installation is " -"working as expected. Restart the {productname} Server to pick up your " -"changes, and navigate to the {productname} {webui}. If your installation is " -"working correctly, you are redirected to the Keycloak SSO page, where you " -"can authenticate successfully." +#: modules/administration/pages/disconnected-setup.adoc:38 +msgid "On the SMT instance, create a database replacement file:" msgstr "" -#. type: Title = -#: modules/administration/pages/auth-methods.adoc:2 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:39 #, no-wrap -msgid "Authentication Methods" +msgid "smt-sync --createdbreplacementfile /tmp/dbrepl.xml\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods.adoc:5 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:42 +#, no-wrap msgid "" -"{productname} supports several different authentication methods. This " -"section discusses pluggable authentication modules (PAM) and single sign-on " -"(SSO)." +"smt-sync --todir /mnt/usb\n" +"smt-mirror --dbreplfile /tmp/dbrepl.xml --directory /mnt/usb \\\n" +" --fromlocalsmt -L /var/log/smt/smt-mirror-export.log\n" msgstr "" -#. type: Title = -#: modules/administration/pages/channel-management.adoc:2 -#, no-wrap -msgid "Channel Management" +#. type: delimited block = +#: modules/administration/pages/disconnected-setup.adoc:45 +msgid "" +"Ensure that the external storage is mounted to a directory that is writeable " +"by the RMT user. You can change SMT user settings in [path]``/etc/smt." +"conf``." msgstr "" -#. type: Plain text -#: modules/administration/pages/channel-management.adoc:5 -msgid "Channels are a method of grouping software packages." +#. type: Title == +#: modules/administration/pages/disconnected-setup.adoc:46 +#, no-wrap +msgid "Synchronize a Disconnected Server" msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:9 +#: modules/administration/pages/disconnected-setup.adoc:47 msgid "" -"In {productname}, channels are grouped into base and child channels, with " -"base channels grouped by operating system type, version, and architecture, " -"and child channels being compatible with their related base channel. When a " -"client has been assigned to a base channel, it is only possible for that " -"system to install the related child channels. Organizing channels in this " -"way ensures that only compatible packages are installed on each system." +"When you have removable media loaded with your {scc} data, you can use it to " +"synchronize your disconnected server." msgstr "" -#. type: Plain text -#: modules/administration/pages/channel-management.adoc:14 -msgid "" -"Software channels use repositories to provide packages. The channels mirror " -"the repositories in {productname}, and the package names and other data are " -"stored in the {productname} database. You can have any number of " -"repositories associated with a channel. The software from those " -"repositories can then be installed on clients by subscribing the client to " -"the appropriate channel." +#. type: Block title +#: modules/administration/pages/disconnected-setup.adoc:48 +#, no-wrap +msgid "Procedure: Synchronizing a Disconnected Server" msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:17 -msgid "" -"Clients can only be assigned to one base channel. The client can then " -"install or update packages from the repositories associated with that base " -"channel and any of its child channels." +#: modules/administration/pages/disconnected-setup.adoc:49 +msgid "Mount your removable media device to the {productname} server." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:22 -msgid "" -"{productname} provides a number of vendor channels, which provide you " -"everything you need to run {productname}. {productname} Administrators and " -"Channel Administrators have channel management authority, which gives them " -"the ability to create and manage their own custom channels. If you want to " -"use your own packages in your environment, you can create custom channels. " -"Custom channels can be used as a base channel, or you can associate them " -"with a vendor base channel." +#: modules/administration/pages/disconnected-setup.adoc:50 +msgid "In this example, the mount point is [path]``/media/disk``." msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:24 +#: modules/administration/pages/disconnected-setup.adoc:51 msgid "" -"For more on creating custom channels, see xref:administration:custom-" -"channels.adoc[]." +"Open ``/etc/rhn/rhn.conf`` and define the mount point by adding or editing " +"this line:" msgstr "" -#. type: Title == -#: modules/administration/pages/channel-management.adoc:27 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:52 #, no-wrap -msgid "Channel Administration" +msgid "server.susemanager.fromdir = /media/disk\n" msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:32 -msgid "" -"By default, any user can subscribe channels to a system. You can implement " -"restrictions on the channel using the {webui}." +#: modules/administration/pages/disconnected-setup.adoc:53 +msgid "Restart the Tomcat service:" msgstr "" -#. type: Block title -#: modules/administration/pages/channel-management.adoc:35 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:54 #, no-wrap -msgid "Procedure: Restricting Subscriber Access to a Channel" +msgid "systemctl restart tomcat\n" msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:37 -msgid "" -"In the {productname} {webui}, navigate to menu:Software[Channel List], and " -"select the channel to edit." +#: modules/administration/pages/disconnected-setup.adoc:55 +msgid "Refresh the local data:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:56 +#, no-wrap +msgid "mgr-sync refresh\n" msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:39 +#: modules/administration/pages/disconnected-setup.adoc:57 +msgid "Perform a synchronization:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:58 +#, no-wrap msgid "" -"Locate the [guimenu]``Per-User Subscription Restrictions`` section and check " -"[guimenu]``Only selected users within your organization may subscribe to " -"this channel``. Click btn:[Update] to save the changes." +"mgr-sync list channels\n" +"mgr-sync add channel channel-label\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/channel-management.adoc:39 +#. type: delimited block = +#: modules/administration/pages/disconnected-setup.adoc:59 msgid "" -"Navigate to the [guimenu]``Subscribers`` tab and select or deselect users as " -"required." +"The removable disk that you use for synchronization must always be available " +"at the same mount point. Do not trigger a synchronization, if the storage " +"medium is not mounted. This will result in data corruption." msgstr "" #. type: Title = -#: modules/administration/pages/public-cloud-azure.adoc:2 +#: modules/administration/pages/image-management.adoc:1 #, no-wrap -msgid "{productname} with Azure" +msgid "Image Building and Management" +msgstr "" + +#. type: Title == +#: modules/administration/pages/image-management.adoc:2 +#, no-wrap +msgid "Image Building Overview" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:6 +#: modules/administration/pages/image-management.adoc:3 msgid "" -"You can use {productname} Server and Proxy with the Microsoft Azure public " -"cloud. This section discusses what you will need for running {productname} " -"in Azure, and how to set up your installation." +"{productname} enables system administrators to build containers and OS " +"Images and push the result in image stores. The workflow looks like this:" msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud-azure.adoc:8 -#, no-wrap -msgid "Configure the Azure Cloud Instance" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:4 +msgid "Define an image store" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:14 +#: modules/administration/pages/image-management.adoc:5 msgid "" -"Use the ``SUSE Manager Server 4 BYOS`` image. The image is a pre-built " -"image created by {suse}. It is based on JeoS, and SUSE Manager is pre-" -"installed but not configured. Configuring SUSE Manager has to be done " -"manually with {yast}." +"Define an image profile and associate it with a source (either a git " +"repository or a directory)" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:16 -msgid "" -"When you create your Azure virtual machine, choose something `like d8s_v3` " -"with 8{nbsp}vCPUs and 32{nbsp}GB RAM." +#: modules/administration/pages/image-management.adoc:6 +msgid "Build the image" msgstr "" -#. * Up to 4 data disks -#. * Max IOPS 2400 -#. * Temporary storage disk of 16{nbsp}GB. -#. Data on this disk will be destroyed after the guest has been switched off. #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:24 -msgid "When you are setting up disk partitioning, we recommend:" +#: modules/administration/pages/image-management.adoc:7 +msgid "Push the image to the image store" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:26 -msgid "30{nbsp}GB for the disk running the operating system" +#: modules/administration/pages/image-management.adoc:8 +msgid "" +"{productname} supports two distinct build types: dockerfile, and the Kiwi " +"image system." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:27 -msgid "Select `Standard HDD` for the storage account type" +#: modules/administration/pages/image-management.adoc:9 +msgid "" +"The Kiwi build type is used to build system, virtual, and other images. The " +"image store for the Kiwi build type is pre-defined as a file system " +"directory at [path]``/srv/www/os-images`` on the server. {productname} " +"serves the image store over HTTPS from [literal]``///os-images/" +"``. The image store location is unique and is not customizable." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:29 -msgid "You will also require three additional data disks:" +#: modules/administration/pages/image-management.adoc:10 +msgid "" +"Images are always stored in [path]``/srv/www/os-image/``." +msgstr "" + +#. type: Title == +#: modules/administration/pages/image-management.adoc:11 +#, no-wrap +msgid "Container Images" +msgstr "" + +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:12 +#, no-wrap +msgid "image-building.png" msgstr "" +#. type: Title === +#: modules/administration/pages/image-management.adoc:13 +#: modules/administration/pages/image-management.adoc:135 +#, no-wrap +msgid "Requirements" +msgstr "Requisitos" + #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:31 -msgid "Disk 0: 64{nbsp}GB on Premium SSD, mounted at [path]``/var/lib/pgsql``" +#: modules/administration/pages/image-management.adoc:14 +msgid "" +"The containers feature is available for Salt clients running {sles} 12 or " +"later. Before you begin, ensure your environment meets these requirements:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:32 +#: modules/administration/pages/image-management.adoc:15 msgid "" -"Disk 1: 512{nbsp}GB on Standard SSD, mounted at [path]``/var/spacewalk``" +"A published git repository containing a dockerfile and configuration " +"scripts. The repository can be public or private, and should be hosted on " +"GitHub, GitLab, or BitBucket." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:33 -msgid "Disk 2: 128{nbsp}GB on Standard SSD, mounted at [path]``/var/cache``" +#: modules/administration/pages/image-management.adoc:16 +msgid "A properly configured image store, such as a Docker registry." msgstr "" #. type: delimited block = -#: modules/administration/pages/public-cloud-azure.adoc:38 +#: modules/administration/pages/image-management.adoc:17 msgid "" -"Do not use LVM with Azure. If you need more disk space, extend a disk in " -"the Azure portal, then extend the file system with [command]``xfs_growfs``." +"If you require a private image registry you can use an open source solution " +"such as ``Portus``. For additional information on setting up Portus as a " +"registry provider, see the http://port.us.org/[Portus Documentation]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:41 -msgid "Partition the disks like this:" +#: modules/administration/pages/image-management.adoc:18 +msgid "For more information on Containers or {caasp}, see:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:43 -msgid "[path]``/dev/sda``: 4 partitions containing the OS" +#: modules/administration/pages/image-management.adoc:19 +msgid "" +"https://documentation.suse.com/sles/15-SP2/html/SLES-all/book-sles-docker." +"html" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:44 -msgid "[path]``/dev/sdb``: temporary storage disk, do not use" +#: modules/administration/pages/image-management.adoc:20 +msgid "https://documentation.suse.com/suse-caasp/4/" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:45 -msgid "[path]``/dev/sdc``: contains [path]``/var/lib/pgsql``" +#. type: Title === +#: modules/administration/pages/image-management.adoc:21 +#: modules/administration/pages/image-management.adoc:144 +#, no-wrap +msgid "Create a Build Host" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:46 -msgid "[path]``/dev/sdd``: contains [path]``/var/spacewalk``" +#: modules/administration/pages/image-management.adoc:22 +msgid "" +"To build images with {productname}, you will need to create and configure a " +"build host. Container build hosts are Salt clients running {sle} 12 or " +"later. This section guides you through the initial configuration for a " +"build host." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:47 -msgid "[path]``/dev/sde``: contains [path]``/var/cache``" +#: modules/administration/pages/image-management.adoc:23 +msgid "" +"From the {productname} {webui}, perform these steps to configure a build " +"host:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:49 -msgid "You can use these commands to create the disks:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:71 -#, no-wrap +#: modules/administration/pages/image-management.adoc:24 msgid "" -"for d in sdc sdd sde; do\n" -" parted --script /dev/$d mklabel gpt mkpart primary xfs 0% 100%\n" -" mkfs.xfs /dev/${d}1\n" -"done\n" -"mkdir /cachetmp\n" -"mount /dev/sde1 /cachetmp\n" -"cp -a /var/cache/* /cachetmp/\n" -"umount /cachetmp\n" -"echo \"$(blkid /dev/sdc1|awk -F \" \" '{ print $2 }') /var/lib/pgsql xfs defaults,noatime 0 0\" >> /etc/fstab\n" -"echo \"$(blkid /dev/sdd1|awk -F \" \" '{ print $2 }') /var/spacewalk xfs defaults,noatime 0 0\" >> /etc/fstab\n" -"echo \"$(blkid /dev/sde1|awk -F \" \" '{ print $2 }') /var/cache xfs defaults,noatime 0 0\" >> /etc/fstab\n" -"mkdir -p /var/spacewalk\n" -"mount /var/spacewalk\n" -"chown -R wwwrun:root /var/spacewalk\n" -"mount /var/lib/pgsql\n" -"chown -R postgres:postgres /var/lib/pgsql\n" -"mv /var/cache /var/cache.old\n" -"mkdir /var/cache\n" -"mount /var/cache\n" -"rm -r /var/cache.old\n" +"Select a Salt client to be designated as a build host from the menu:" +"Systems[Overview] page." msgstr "" -#. REMARK: I guess you do this in your Azure instance -#. REMARK: Where do you configure this? #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:77 +#: modules/administration/pages/image-management.adoc:25 msgid "" -"When you are setting up networking, we recommend that you create a separate " -"private network, with the IP range `10.0.0.0/24`." +"From the [guimenu]``System Details`` page of the selected client assign the " +"containers modules. Go to menu:Software[Software Channels] and enable the " +"containers module (for example, [guimenu]``SLE-Module-Containers15-Pool`` " +"and [guimenu]``SLE-Module-Containers15-Updates``). Confirm by clicking btn:" +"[Change Subscriptions]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:80 +#: modules/administration/pages/image-management.adoc:26 msgid "" -"Configure the {productname} Server to use the internal IP address " -"`10.0.0.4`. Ensure it is also accessible from outside the network with a " -"fixed IP address." +"From the menu:System Details[Properties] page, enable ``Container Build " +"Host`` from the [guimenu]``Add-on System Types`` list and confirm by " +"clicking btn:[Update Properties]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:83 +#: modules/administration/pages/image-management.adoc:27 msgid "" -"Configure the firewall to only allow inbound traffic on ports `22`, `80`, " -"and `443` to IP address `10.0.0.4`. In this environment, if other servers " -"are added to the network they cannot be reached from outside the network." +"Install all required packages by applying ``Highstate``. From the system " +"details page select menu:States[Highstate] and click [guimenu]``Apply " +"Highstate``. Alternatively, apply Highstate from the {productname} Server " +"command line:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:28 +#: modules/administration/pages/image-management.adoc:158 +#, no-wrap +msgid "salt '$your_client' state.highstate\n" +msgstr "" + +#. type: Title === +#: modules/administration/pages/image-management.adoc:29 +#, no-wrap +msgid "Create an Activation Key for Containers" msgstr "" -#. REMARK: Was does this mean? #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:87 +#: modules/administration/pages/image-management.adoc:30 msgid "" -"Outbound is open from the private network. This should be restricted for " -"other servers in this private network." +"The containers built using {productname} will use channel(s) associated to " +"the activation key as repositories when building the image. This section " +"will guide you into creating an ad-hoc activation key for this purpose." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:90 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:31 msgid "" -"You will need to set the DNS zones in Azure before you can configure the " -"{productname} Server. For more information on setting DNS zones, see the " -"Azure documentation." +"To build a container, you will need an activation key that is associated " +"with a channel other than `SUSE Manager Default`." msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud-azure.adoc:93 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:32 +#: modules/administration/pages/image-management.adoc:176 #, no-wrap -msgid "Configure {productname} Server" +msgid "systems_create_activation_key.png" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:96 -msgid "Ensure that your {productname} Server is registered with {scc}." +#: modules/administration/pages/image-management.adoc:33 +msgid "Select menu:Systems[Activation Keys]." msgstr "" -#. I wonder why we do even need spacecmd #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:99 -msgid "When your server is registered, install these extra packages:" +#: modules/administration/pages/image-management.adoc:34 +msgid "Click btn:[Create Key]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:101 +#. type: Plain text +#: modules/administration/pages/image-management.adoc:35 +msgid "" +"Enter a [guimenu]``Description`` and a [guimenu]``Key`` name. Use the drop-" +"down menu to select the [guimenu]``Base Channel`` to associate with this key." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:36 +#: modules/administration/pages/image-management.adoc:180 +msgid "Confirm with btn:[Create Activation Key]." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:37 +#: modules/administration/pages/image-management.adoc:181 +msgid "For more information, see <>." +msgstr "" + +#. type: Title === +#: modules/administration/pages/image-management.adoc:38 +#: modules/administration/pages/image-management.adoc:182 #, no-wrap -msgid "zypper -n in spacecmd mlocate sysstat\n" +msgid "Create an Image Store" msgstr "" -#. spacecmd will be installed by default next time -#. ^ How is so? #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:106 -msgid "Apply the latest updates and reboot the server:" +#: modules/administration/pages/image-management.adoc:39 +msgid "" +"All built images are pushed to an image store. This section contains " +"information about creating an image store." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:109 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:40 #, no-wrap -msgid "" -"zypper -n up -l\n" -"reboot\n" +msgid "images_image_stores.png" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:112 -msgid "Check that all file systems are mounted and that PostgreSQL is running:" +#: modules/administration/pages/image-management.adoc:41 +msgid "Select menu:Images[Stores]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:115 +#. type: Plain text +#: modules/administration/pages/image-management.adoc:42 +msgid "Click [guimenu]``Create`` to create a new store." +msgstr "" + +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:43 #, no-wrap -msgid "" -"mount\n" -"service postgresql status\n" +msgid "images_image_stores_create.png" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:119 -msgid "" -"Complete {productname} Server installation and configuration. For more " -"information, see xref:installation:server-setup.adoc[]." +#: modules/administration/pages/image-management.adoc:44 +msgid "Define a name for the image store in the [guimenu]``Label`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:122 +#: modules/administration/pages/image-management.adoc:45 msgid "" -"We recommend you configure the {productname} Server so that DHCP does not " -"set the host name. Check [path]``/etc/sysconfig/network/dhcp`` and ensure " -"that `DHCLIENT_SET_HOSTNAME` is set to [literal]``no``:" +"Provide the path to your image registry by filling in the [guimenu]``URI`` " +"field, as a fully qualified domain name (FQDN) for the container registry " +"host (whether internal or external)." msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:124 +#: modules/administration/pages/image-management.adoc:46 #, no-wrap -msgid "DHCLIENT_SET_HOSTNAME=\"no\"\n" +msgid "registry.example.com\n" msgstr "" -#. REMARK: hostname -i? #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:129 +#: modules/administration/pages/image-management.adoc:47 msgid "" -"Add the Azure client to the [path]``/etc/hosts`` file. At the command " -"prompt, replace [literal]```` with the IP address of the server:" +"The Registry URI can also be used to specify an image store on a registry " +"that is already in use." msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:131 +#: modules/administration/pages/image-management.adoc:48 #, no-wrap -msgid "echo \" $(hostname -f) $(hostname)\" >> /etc/hosts\n" +msgid "registry.example.com:5000/myregistry/myproject\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:138 -msgid "" -"{productname} Server has a default administration user. In Azure, the " -"system administrator user is called [literal]``admin``. The `admin` user's " -"password is built with two parts. The first part can be found by using this " -"command:" +#: modules/administration/pages/image-management.adoc:49 +msgid "Click btn:[Create] to add the new image store." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:140 +#. type: Title === +#: modules/administration/pages/image-management.adoc:50 +#: modules/administration/pages/image-management.adoc:186 #, no-wrap -msgid "azuremetadata --instance-name\n" +msgid "Create an Image Profile" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:143 -msgid "The second part of the password is [literal]``-suma``" +#: modules/administration/pages/image-management.adoc:51 +msgid "" +"All container images are built using an image profile, which contains the " +"building instructions. This section contains information about creating an " +"image profile with the {productname} {webui}." +msgstr "" + +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:52 +#: modules/administration/pages/image-management.adoc:188 +#, no-wrap +msgid "images_image_profiles.png" +msgstr "" + +#. type: Block title +#: modules/administration/pages/image-management.adoc:53 +#: modules/administration/pages/image-management.adoc:189 +#, no-wrap +msgid "Procedure: Create an Image Profile" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:145 +#: modules/administration/pages/image-management.adoc:54 msgid "" -"Alternatively, you can check the [path]``/var/log/susemanager_firstuser." -"log`` file." +"To create an image profile select menu:Images[Profiles] and click btn:" +"[Create]." msgstr "" -#. type: Title = -#: modules/administration/pages/mgr-sync.adoc:2 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:55 #, no-wrap -msgid "Using ``mgr-sync``" +msgid "images_image_create_profile.png" msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:7 +#: modules/administration/pages/image-management.adoc:56 msgid "" -"The ``mgr-sync`` tool is used at the command prompt. It provides functions " -"for using {productname} that are not always available in the {webui}. The " -"primary use of ``mgr-sync`` is to connect to the {scc}, retrieve product and " -"package information, and prepare channels for synchronization with the " -"{productname} Server." +"Provide a name for the image profile by filling in the [guimenu]``Label`` " +"field." msgstr "" -#. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:10 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:57 msgid "" -"This tool is designed for use with a {suse} support subscription. It is not " -"required for open source distributions, including {opensuse}, {centos}, and " -"{ubuntu}." +"If your container image tag is in a format such as `myproject/myimage`, make " +"sure your image store registry URI contains the `/myproject` suffix." msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:13 +#: modules/administration/pages/image-management.adoc:58 +msgid "Use a dockerfile as the `Image Type`." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:59 msgid "" -"The available commands and arguments for ``mgr-sync`` are listed in this " -"table. Use this syntax for ``mgr-sync`` commands:" +"Use the drop-down menu to select your registry from the `Target Image Store` " +"field." msgstr "" -#. type: delimited block - -#: modules/administration/pages/mgr-sync.adoc:16 -#, no-wrap -msgid "mgr-sync [-h] [--version] [-v] [-s] [-d {1,2,3}] {list,add,refresh,delete}\n" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:60 +msgid "" +"In the [guimenu]``Path`` field, type a GitHub, GitLab or BitBucket " +"repository URL. The URL should be be http, https, or a token authentication " +"URL. Use one of these formats:" msgstr "" #. type: Block title -#: modules/administration/pages/mgr-sync.adoc:21 -#, no-wrap -msgid "mgr-sync Commands" -msgstr "" - -#. type: Table -#: modules/administration/pages/mgr-sync.adoc:29 +#: modules/administration/pages/image-management.adoc:61 #, no-wrap -msgid "" -"| Command | Description | Example Use\n" -"| list | List channels, organization credentials, or products | ``mgr-sync list channels``\n" -"| add | Add channels, organization credentials, or products | ``mgr-sync add channel ``\n" -"| refresh | Refresh the local copy of products, channels, and subscriptions | ``mgr-sync refresh``\n" -"| delete | Delete existing SCC organization credentials from the local system | ``mgr-sync delete credentials``\n" -"| sync | Synchronize specified channel or ask for it when left blank| ``mgr-sync sync channel ``\n" +msgid "GitHub Path Options" msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:33 -msgid "" -"To see the full list of options specific to a command, use this command:" +#: modules/administration/pages/image-management.adoc:62 +msgid "GitHub single user project repository" msgstr "" #. type: delimited block - -#: modules/administration/pages/mgr-sync.adoc:36 +#: modules/administration/pages/image-management.adoc:63 #, no-wrap -msgid "mgr-sync --help\n" +msgid "https://github.com/USER/project.git#branchname:folder\n" msgstr "" -#. type: Block title -#: modules/administration/pages/mgr-sync.adoc:42 -#, no-wrap -msgid "mgr-sync Optional Arguments" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:64 +msgid "GitHub organization project repository" msgstr "" -#. type: Table -#: modules/administration/pages/mgr-sync.adoc:51 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:65 #, no-wrap -msgid "" -"| Option | Abbreviated option | Description | Example Use\n" -"| help | ``h`` | Display the command usage and options | ``mgr-sync --help``\n" -"| version | N/A | Display the currently installed version of ``mgr-sync`` | ``mgr-sync --version``\n" -"| verbose | ``v`` | Provide verbose output | ``mgr-sync --verbose refresh``\n" -"| store-credentials | ``s`` | Store credentials a local hidden file | ``mgr-sync --store-credentials``\n" -"| debug | ``d`` | Log additional debugging information. Requires a level of 1, 2, 3. 3 provides the highest amnount of debugging information | ``mgr-sync -d 3 refresh``\n" -"| no-sync | N/A | Use with the ``add`` command to add products or channels without beginning a synchronization | ``mgr-sync --no-sync add ``\n" +msgid "https://github.com/ORG/project.git#branchname:folder\n" msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:57 -msgid "Logs for ``mgr-sync`` are located in:" +#: modules/administration/pages/image-management.adoc:66 +msgid "GitHub token authentication" msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:59 -msgid "[path]``/var/log/rhn/mgr-sync.log``" +#: modules/administration/pages/image-management.adoc:67 +msgid "" +"If your git repository is private, modify the profile's URL to include " +"authentication. Use this URL format to authenticate with a GitHub token:" msgstr "" -#. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:59 -msgid "[path]``/var/log/rhn/rhn_web_api.log``" +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:68 +#, no-wrap +msgid "https://USER:@github.com/USER/project.git#master:/container/\n" msgstr "" -#. type: Title = -#: modules/administration/pages/auth-methods-pam.adoc:2 +#. type: Block title +#: modules/administration/pages/image-management.adoc:69 #, no-wrap -msgid "Authentication With PAM" +msgid "GitLab Path Options" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:7 -msgid "" -"{productname} supports network-based authentication systems using pluggable " -"authentication modules (PAM). PAM is a suite of libraries that allows you " -"to integrate {productname} with a centralized authentication mechanism, " -"eliminating the need to remember multiple passwords. {productname} supports " -"LDAP, Kerberos, and other network-based authentication systems using PAM." +#: modules/administration/pages/image-management.adoc:70 +msgid "GitLab single user project repository" msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-pam.adoc:10 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:71 #, no-wrap -msgid "Procedure: Enabling PAM" +msgid "https://gitlab.example.com/USER/project.git#master:/container/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:15 -msgid "" -"Create a PAM service file at [path]``/etc/pam.d/susemanager``. A standard " -"[path]``/etc/pam.d/susemanager`` file should look like this. It configures " -"{productname} to use the system wide PAM configuration:" +#: modules/administration/pages/image-management.adoc:72 +msgid "GitLab groups project repository" msgstr "" #. type: delimited block - -#: modules/administration/pages/auth-methods-pam.adoc:22 +#: modules/administration/pages/image-management.adoc:73 #, no-wrap -msgid "" -"#%PAM-1.0\n" -"auth include common-auth\n" -"account include common-account\n" -"password include common-password\n" -"session include common-session\n" +msgid "https://gitlab.example.com/GROUP/project.git#master:/container/\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:74 +msgid "GitLab token authentication" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:24 +#: modules/administration/pages/image-management.adoc:75 msgid "" -"Enforce the use of the service file by adding this line to [path]``/etc/rhn/" -"rhn.conf``:" +"If your git repository is private and not publicly accessible, you need to " +"modify the profile's git URL to include authentication. Use this URL format " +"to authenticate with a GitLab token:" msgstr "" #. type: delimited block - -#: modules/administration/pages/auth-methods-pam.adoc:27 +#: modules/administration/pages/image-management.adoc:76 #, no-wrap -msgid "pam_auth_service = susemanager\n" +msgid "https://gitlab-ci-token:@gitlab.example.com/USER/project.git#master:/container/\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:30 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:77 msgid "" -"In this example, the PAM service file is called [systemitem]``susemanager``." +"If you do not specify a git branch, the `master` branch will be used by " +"default. If a `folder` is not specified, the image sources (dockerfile " +"sources) are expected to be in the root directory of the GitHub or GitLab " +"checkout." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:31 -msgid "Restart the {productname} services after a configuration change." +#: modules/administration/pages/image-management.adoc:78 +msgid "" +"Select an `Activation Key`. Activation keys ensure that images using a " +"profile are assigned to the correct channel and packages." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:32 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:79 msgid "" -"In the {productname} {webui}, navigate to menu:Users[Create User] and enable " -"a new or existing user to authenticate with PAM." +"When you associate an activation key with an image profile you are ensuring " +"any image using the profile will use the correct software channel and any " +"packages in the channel." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:34 -msgid "" -"Check the [guimenu]``Pluggable Authentication Modules (PAM)`` checkbox. It " -"is below the password and password confirmation fields." +#: modules/administration/pages/image-management.adoc:80 +msgid "Click the btn:[Create] button." msgstr "" -#. type: delimited block = -#: modules/administration/pages/auth-methods-pam.adoc:43 -msgid "" -"Changing the password in the {productname} {webui} changes only the local " -"password on the {productname} Server. If PAM is enabled for that user, the " -"local password might not be used at all. In the above example, for " -"instance, the Kerberos password will not be changed. Use the password " -"change mechanism of your network service to change the password for these " -"users." +#. type: Block title +#: modules/administration/pages/image-management.adoc:81 +#, no-wrap +msgid "Example Dockerfile Sources" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:48 +#: modules/administration/pages/image-management.adoc:82 msgid "" -"To configure system-wide authentication you can use YaST. You will need to " -"install the [package]``yast2-ldap-client`` and [package]``yast2-kerberos-" -"client`` packages." +"An Image Profile that can be reused is published at https://github.com/SUSE/" +"manager-build-profiles" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:52 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:83 msgid "" -"For more information about configuring PAM, the SUSE Linux Enterprise Server " -"Security Guide contains a generic example that will also work for other " -"network-based authentication methods. It also describes how to configure an " -"active directory service. For more information, see https://documentation." -"suse.com/sles/15-SP1/html/SLES-all/part-auth.html." +"The [option]``ARG`` parameters ensure that the built image is associated " +"with the desired repository served by {productname}. The [option]``ARG`` " +"parameters also allow you to build image versions of {sles} which may differ " +"from the version of {sles} used by the build host itself." msgstr "" -#. type: Title = -#: modules/administration/pages/auth-methods-sso.adoc:2 -#, no-wrap -msgid "Authentication With Single Sign-On (SSO)" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:84 +msgid "" +"For example: The [command]``ARG repo`` parameter and the [command]``echo`` " +"command pointing to the repository file, creates and then injects the " +"correct path into the repository file for the desired channel version." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:5 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:85 msgid "" -"{productname} supports single sign-on (SSO) by implementing the Security " -"Assertion Markup Language (SAML){nbsp}2 protocol." +"The repository is determined by the activation key that you assigned to your " +"image profile." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:10 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:86 msgid "" -"Single sign-on is an authentication process that allows a user to access " -"multiple applications with one set of credentials. SAML is an XML-based " -"standard for exchanging authentication and authorization data. A SAML " -"identity service provider (IdP) provides authentication and authorization " -"services to service providers (SP), such as {productname}. {productname} " -"exposes three endpoints which must be enabled for single sign-on." +"The [package]#python# and [package]#python-xml# packages must be installed " +"in the container. They are required for inspecting images, and for " +"providing the package and product list of a container to the {productname} " +"{webui}. If you do not install them, images will still build but the " +"package and product list will not available in the {webui}." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:12 -msgid "SSO in {productname} supports:" +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:87 +#, no-wrap +msgid "" +"FROM registry.example.com/sles12sp2\n" +"MAINTAINER Tux Administrator \"tux@example.com\"\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:14 -msgid "Log in with SSO." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:88 +#, no-wrap +msgid "### Begin: These lines Required for use with {productname}\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:15 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:89 +#, no-wrap msgid "" -"Log out with service provider-initiated single logout (SLO), and Identity " -"service provider single logout service (SLS)." +"ARG repo\n" +"ARG cert\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:16 -msgid "Assertion and nameId encryption." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:90 +#, no-wrap +msgid "" +"# Add the correct certificate\n" +"RUN echo \"$cert\" > /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT.pem\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:17 -msgid "Assertion signatures." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:91 +#, no-wrap +msgid "" +"# Update certificate trust store\n" +"RUN update-ca-certificates\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:18 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:92 +#, no-wrap msgid "" -"Message signatures with AuthNRequest, LogoutRequest, and LogoutResponses." +"# Add the repository path to the image\n" +"RUN echo \"$repo\" > /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:19 -msgid "Enable an Assertion consumer service endpoint." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:93 +#, no-wrap +msgid "### End: These lines required for use with {productname}\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:20 -msgid "Enable a single logout service endpoint." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:94 +#, no-wrap +msgid "" +"# Add the package script\n" +"ADD add_packages.sh /root/add_packages.sh\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:21 -msgid "Publish the SP metadata (which can be signed)." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:95 +#, no-wrap +msgid "" +"# Run the package script\n" +"RUN /root/add_packages.sh\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:23 -msgid "SSO in {productname} does not support:" +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:96 +#, no-wrap +msgid "" +"# After building remove the repository path from image\n" +"RUN rm -f /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" +msgstr "" + +#. TODO: Replace the "custom-system-info" link +#. type: Block title +#: modules/administration/pages/image-management.adoc:97 +#, no-wrap +msgid "Using Custom Info Key-value Pairs as Docker Buildargs" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:25 +#: modules/administration/pages/image-management.adoc:98 msgid "" -"Product choosing and implementation for the identity service provider (IdP)." +"You can assign custom info key-value pairs to attach information to the " +"image profiles. Additionally, these key-value pairs are passed to the " +"Docker build command as `buildargs`." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:26 +#: modules/administration/pages/image-management.adoc:99 msgid "" -"SAML support for other products (check with the respective product " -"documentation)." +"For more information about the available custom info keys and creating " +"additional ones, see xref:reference:systems/custom-system-info.adoc[]." +msgstr "" + +#. type: Title === +#: modules/administration/pages/image-management.adoc:100 +#: modules/administration/pages/image-management.adoc:226 +#, no-wrap +msgid "Build an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:28 +#: modules/administration/pages/image-management.adoc:101 msgid "" -"For an example implementation of SSO, see xref:administration:auth-methods-" -"sso-example.adoc[]." +"There are two ways to build an image. You can select menu:Images[Build] " +"from the left navigation bar, or click the build icon in the menu:" +"Images[Profiles] list." msgstr "" -#. type: delimited block = -#: modules/administration/pages/auth-methods-sso.adoc:34 -msgid "" -"If you change from the default authentication method to single sign-on, the " -"new SSO credentials apply only to the {webui}. Client tools such as ``mgr-" -"sync`` or ``spacecmd`` will continue to work with the default authentication " -"method only." +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:102 +#: modules/administration/pages/image-management.adoc:228 +#, no-wrap +msgid "images_image_build.png" msgstr "" -#. type: Title == -#: modules/administration/pages/auth-methods-sso.adoc:38 +#. type: Block title +#: modules/administration/pages/image-management.adoc:103 +#: modules/administration/pages/image-management.adoc:229 #, no-wrap -msgid "Prerequisites" +msgid "Procedure: Building an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:42 +#: modules/administration/pages/image-management.adoc:104 +#: modules/administration/pages/image-management.adoc:230 +msgid "Select menu:Images[Build]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:105 msgid "" -"Before you begin, you need to have configured an external identity service " -"provider with these parameters. Check your IdP documentation for " -"instructions." +"Add a different tag name if you want a version other than the default " +"``latest`` (only relevant to containers)." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:106 +msgid "Select [guimenu]``Build Profile`` and [guimenu]``Build Host``." msgstr "" #. type: delimited block = -#: modules/administration/pages/auth-methods-sso.adoc:48 +#: modules/administration/pages/image-management.adoc:107 msgid "" -"Your IdP must have a SAML:Attribute containing the username of the IdP user " -"domain, called ``uid``. The ``uid`` attribute passed in the SAML:Attribute " -"must be created in the {productname} user base before you activate single " -"sign-on." +"Notice the [guimenu]``Profile Summary`` to the right of the build fields. " +"When you have selected a build profile, detailed information about the " +"selected profile will be displayed in this area." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:52 -msgid "You will need these endpoints:" +#: modules/administration/pages/image-management.adoc:108 +msgid "To schedule a build click the btn:[Build] button." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:55 -msgid "" -"Assertion consumer service (or ACS): an endpoint to accept SAML messages to " -"establish a session into the Service Provider. The endpoint for ACS in " -"{productname} is: https://server.example.com/rhn/manager/sso/acs" +#. type: Title === +#: modules/administration/pages/image-management.adoc:109 +#, no-wrap +msgid "Import an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:57 +#: modules/administration/pages/image-management.adoc:110 msgid "" -"Single logout service (or SLS): an endpoint to initiate a logout request " -"from the IdP. The endpoint for SLS in {productname} is: https://server." -"example.com/rhn/manager/sso/sls" +"You can import and inspect arbitrary images. Select menu:Images[Image List] " +"from the left navigation bar. Complete the text boxes of the " +"[guimenu]``Import`` dialog. When it has processed, the imported image will " +"be listed on the [guimenu]``Image List`` page." +msgstr "" + +#. type: Block title +#: modules/administration/pages/image-management.adoc:111 +#, no-wrap +msgid "Procedure: Importing an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:59 +#: modules/administration/pages/image-management.adoc:112 msgid "" -"Metadata: an endpoint to retrieve {productname} metadata for SAML. The " -"endpoint for metadata in {productname} is: https://server.example.com/rhn/" -"manager/sso/metadata" +"From menu:Images[Image list] click btn:[Import] to open the " +"[guimenu]``Import Image`` dialog." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:61 -msgid "" -"After the authentication with the IdP using the user ``orgadmin`` is " -"successful, you will be logged in into {productname} as the ``orgadmin`` " -"user, provided that the ``orgadmin`` user exists in {productname}." +#: modules/administration/pages/image-management.adoc:113 +msgid "In the [guimenu]``Import Image`` dialog complete these fields:" msgstr "" -#. type: Title == -#: modules/administration/pages/auth-methods-sso.adoc:64 +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:114 #, no-wrap -msgid "Enable SSO" +msgid "Image store:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/auth-methods-sso.adoc:70 -msgid "" -"Using SSO is mutually exclusive with other types of authentication: it is " -"either enabled or disabled. SSO is disabled by default." +#. type: Plain text +#: modules/administration/pages/image-management.adoc:115 +msgid "The registry from where the image will be pulled for inspection." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso.adoc:72 +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:116 #, no-wrap -msgid "Procedure: Enabling SSO" +msgid "Image name:" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:75 -msgid "If your users do not yet exist in {productname}, create them first." +#: modules/administration/pages/image-management.adoc:117 +msgid "The name of the image in the registry." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:118 +#, no-wrap +msgid "Image version:" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:76 -msgid "" -"Edit [path]``/etc/rhn/rhn.conf`` and add this line at the end of the file:" +#: modules/administration/pages/image-management.adoc:119 +msgid "The version of the image in the registry." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso.adoc:79 +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:120 #, no-wrap -msgid "java.sso = true\n" +msgid "Build host:" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:83 -msgid "" -"Find the parameters you want to customize in [path]``/usr/share/rhn/config-" -"defaults/rhn_java_sso.conf``. Insert the parameters you want to customize " -"into [path]``/etc/rhn/rhn.conf`` and prefix them with [literal]``java." -"sso``. For example, in [path]``/usr/share/rhn/config-defaults/rhn_java_sso." -"conf`` find:" +#: modules/administration/pages/image-management.adoc:121 +msgid "The build host that will pull and inspect the image." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso.adoc:86 +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:122 #, no-wrap -msgid "onelogin.saml2.sp.assertion_consumer_service.url = https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" +msgid "Activation key:" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:89 +#: modules/administration/pages/image-management.adoc:123 msgid "" -"To customize it, create the corresponding option in [path]``/etc/rhn/rhn." -"conf`` by prefixing the option name with ``java.sso.``:" +"The activation key that provides the path to the software channel that the " +"image will be inspected with." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso.adoc:92 -#, no-wrap -msgid "java.sso.onelogin.saml2.sp.assertion_consumer_service.url = https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:124 +msgid "For confirmation, click btn:[Import]." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:96 +#: modules/administration/pages/image-management.adoc:125 msgid "" -"To find all the occurrences you need to change, search in the file for the " -"placeholders [literal]``YOUR-PRODUCT`` and [literal]``YOUR-IDP-ENTITY``. " -"Every parameter comes with a brief explanation of what it is meant for." +"The entry for the image is created in the database, and an ``Inspect Image`` " +"action on {productname} is scheduled." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:97 -msgid "Restart the spacewalk service to pick up the changes:" +#: modules/administration/pages/image-management.adoc:126 +msgid "" +"When it has been processed, you can find the imported image in the ``Image " +"List``. It has a different icon in the ``Build`` column, to indicate that " +"the image is imported. The status icon for the imported image can also be " +"seen on the ``Overview`` tab for the image." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:128 +msgid "These are some known problems when working with images:" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:104 +#: modules/administration/pages/image-management.adoc:129 msgid "" -"When you visit the {productname} URL, you will be redirected to the IdP for " -"SSO where you will be requested to authenticate. Upon successful " -"authentication, you will be redirected to the {productname} {webui}, logged " -"in as the authenticated user. If you encounter problems with logging in " -"using SSO, check the {productname} logs for more information." +"HTTPS certificates to access the registry or the git repositories should be " +"deployed to the client by a custom state file." msgstr "" -#. type: Title = -#: modules/administration/pages/content-lifecycle-examples.adoc:2 -#, no-wrap -msgid "Content Lifecycle Management Examples" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:130 +msgid "SSH git access using Docker is currently unsupported." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:6 +#: modules/administration/pages/image-management.adoc:131 msgid "" -"This section contains some common examples of how you can use content " -"lifecycle management. Use these examples to build your own personalized " -"implementation." +"If the [package]#python# and [package]#python-xml# packages are not " +"installed in your images during the build process, reporting of installed " +"packages or products will fail. This will result in an ``unknown`` update " +"status." msgstr "" #. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:10 +#: modules/administration/pages/image-management.adoc:132 #, no-wrap -msgid "Creating a Project for a Monthly Patch Cycle" +msgid "OS Images" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:13 -msgid "An example project for a monthly patch cycle consists of:" +#: modules/administration/pages/image-management.adoc:133 +msgid "" +"OS Images are built by the Kiwi image system. The output image is " +"customizable and can be PXE, QCOW2, LiveCD, or other types of images." msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:15 -#: modules/administration/pages/content-lifecycle-examples.adoc:23 -#, no-wrap -msgid "Creating a `By Date` filter" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:134 +msgid "" +"For more information about the Kiwi build system, see the https://doc." +"opensuse.org/projects/kiwi/doc/[Kiwi documentation]." msgstr "" +#. SLE15 images support is not yet released for SUMA4, will be part of SUMA4.0.4 as tech preview +#. From {sles}{nbsp}15, ``kiwi-ng`` is used instead of the legacy Kiwi. #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:16 -msgid "Adding the filter to the project" +#: modules/administration/pages/image-management.adoc:136 +msgid "" +"The Kiwi image building feature is available for Salt clients running {sles}" +"{nbsp}12 and {sles}{nbsp}11." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:17 -msgid "Applying the filter to a new project build" +#: modules/administration/pages/image-management.adoc:137 +msgid "" +"Kiwi image configuration files and configuration scripts must be accessible " +"in one of these locations:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:18 -msgid "Excluding a patch from the project" +#: modules/administration/pages/image-management.adoc:138 +msgid "Git repository" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:19 -msgid "Including a patch in the project" +#: modules/administration/pages/image-management.adoc:139 +msgid "HTTP hosted tarball" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:27 +#: modules/administration/pages/image-management.adoc:140 +msgid "Local build host directory" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:141 msgid "" -"The ``By Date`` filter excludes all patches released after a specified " -"date. This filter is useful for your content lifecycle projects that follow " -"a monthly patch cycle." +"For an example of a complete Kiwi repository served by git, see https://" +"github.com/SUSE/manager-build-profiles/tree/master/OSImage" msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:29 -#, no-wrap -msgid "Procedure: Creating the ``By Date`` Filter" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:142 +msgid "" +"You will need at least 1{nbsp}GB of RAM available for Hosts running OS " +"Images built with Kiwi. Disk space depends on the actual size of the " +"image. For more information, see the documentation of the underlying system." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:143 +msgid "" +"The build host must be a Salt client. Do not install the build host as a " +"traditional client." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:31 -#: modules/administration/pages/content-lifecycle-examples.adoc:76 -#: modules/administration/pages/content-lifecycle-examples.adoc:106 +#: modules/administration/pages/image-management.adoc:145 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters] " -"and click btn:[Create Filter]." +"To build all kinds of images with {productname}, create and configure a " +"build host. OS Image build hosts are Salt clients running on {sles}{nbsp}15 " +"SP2, {sles}{nbsp}12 (SP3 or later) or {sles}{nbsp}11 SP4." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:33 +#: modules/administration/pages/image-management.adoc:146 +msgid "" +"This procedure will guide you through the initial configuration for a build " +"host." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:147 msgid "" -"In the [guimenu]``Filter Name`` field, type a name for your filter. For " -"example, [systemitem]``Exclude patches by date``." +"The operating system on the build host must match the operating system on " +"the targeted image." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:34 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:148 msgid "" -"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Issue " -"date)``." +"For example, build {sles}{nbsp}15 based images on a build host running {sles}" +"{nbsp}15 SP2 OS version. Build {sles}{nbsp}12 based images on a build host " +"running {sles}{nbsp}12 SP4 or {sles}{nbsp}12 SP3 OS version. Build {sles}" +"{nbsp}11 based images on a build host running {sles}{nbsp}11 SP4 OS version." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:35 -msgid "" -"In the [guimenu]``Matcher`` field, [guimenu]``later or equal`` is " -"autoselected." +#: modules/administration/pages/image-management.adoc:149 +msgid "Configure the build host in the {productname} {webui}:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:36 -msgid "Select the date and time." +#: modules/administration/pages/image-management.adoc:150 +msgid "" +"Select a client that will be designated as a build host from the menu:" +"Systems[Overview] page." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:37 -#: modules/administration/pages/content-lifecycle-examples.adoc:48 -#: modules/administration/pages/content-lifecycle-examples.adoc:83 -#: modules/administration/pages/content-lifecycle-examples.adoc:115 -msgid "Click btn:[Save]." -msgstr "" - -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:41 -#, no-wrap -msgid "Adding the Filter to the Project" +#: modules/administration/pages/image-management.adoc:151 +msgid "" +"Navigate to the menu:System Details[Properties] tab, enable the " +"[guimenu]``Add-on System Type`` [guimenu]``OS Image Build Host``. Confirm " +"with btn:[Update Properties]." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:43 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:152 #, no-wrap -msgid "Procedure: Adding a Filter to a Project" +msgid "os-image-build-host.png" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:45 +#: modules/administration/pages/image-management.adoc:153 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects] " -"and select a project from the list." +"Navigate to menu:System Details[Software > Software Channels], and enable " +"the required software channels depending on the build host version." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:46 -msgid "Click btn:[Attach/Detach Filters] link to see all available filters" +#: modules/administration/pages/image-management.adoc:154 +msgid "" +"{sles}{nbsp}11 build hosts require {productname} Client tools (``SLE-Manager-" +"Tools11-Pool`` and ``SLE-Manager-Tools11-Updates``)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:47 -msgid "Select the new [guimenu]``Exclude patches by date`` filter." +#: modules/administration/pages/image-management.adoc:155 +msgid "" +"{sles}{nbsp}12 build hosts require {productname} Client tools (``SLE-Manager-" +"Tools12-Pool`` and ``SLE-Manager-Tools12-Updates``)." msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:52 -#, no-wrap -msgid "Applying the Filter to a new Project Build" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:156 +msgid "" +"{sles}{nbsp}15 build hosts require {sles} modules ``SLE-Module-DevTools15-" +"SP2-Pool`` and ``SLE-Module-DevTools15-SP2-Updates``. Schedule and click " +"btn:[Confirm]." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:56 +#: modules/administration/pages/image-management.adoc:157 msgid "" -"The new filter is added to your filter list, but it still needs to be " -"applied to the project. To apply the filter you need to build the first " -"environment." +"Install Kiwi and all required packages by applying `Highstate`. From the " +"system details page select menu:States[Highstate] and click btn:[Apply " +"Highstate]. Alternatively, apply Highstate from the {productname} Server " +"command line:" msgstr "" #. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:57 +#: modules/administration/pages/image-management.adoc:159 #, no-wrap -msgid "Procedure: Using the Filter" +msgid "{productname} Web Server Public Certificate RPM" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:59 -msgid "Click btn:[Build] to build the first environment." +#: modules/administration/pages/image-management.adoc:160 +msgid "" +"Build host provisioning copies the {productname} certificate RPM to the " +"build host. This certificate is used for accessing repositories provided by " +"{productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:61 +#: modules/administration/pages/image-management.adoc:161 msgid "" -"OPTIONAL: Add a message. You can use messages to help track the build " -"history." +"The certificate is packaged in RPM by the `mgr-package-rpm-certificate-" +"osimage` package script. The package script is called automatically during " +"a new {productname} installation." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:62 +#: modules/administration/pages/image-management.adoc:162 msgid "" -"Check that the filter has worked correctly by using the new channels on a " -"test server." +"When you upgrade the `spacewalk-certs-tools` package, the upgrade scenario " +"will call the package script using the default values. However if the " +"certificate path was changed or unavailable, you will need to call the " +"package script manually using `--ca-cert-full-path ` " +"after the upgrade procedure has finished." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:64 -msgid "" -"Click btn:[Promote] to move the content to the next environment. The build " -"will take longer if you have a large number of filters, or they are very " -"complex." +#. type: Block title +#: modules/administration/pages/image-management.adoc:163 +#, no-wrap +msgid "Package script call example" msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:68 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:164 #, no-wrap -msgid "Excluding a Patch from the Project" +msgid "/usr/sbin/mgr-package-rpm-certificate-osimage --ca-cert-full-path /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:72 +#: modules/administration/pages/image-management.adoc:165 msgid "" -"Tests may help you discover issues. When an issue is found, exclude the " -"problem patch released before the `by date` filter." +"The RPM package with the certificate is stored in a salt-accessible " +"directory such as:" msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:73 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:166 #, no-wrap -msgid "Procedure: Excluding a Patch" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:78 -msgid "" -"In the [guimenu]``Filter Name`` field, enter a name for the filter. For " -"example, [systemitem]``Exclude openjdk patch``." +msgid "/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-osimage-1.0-1.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:79 -#: modules/administration/pages/content-lifecycle-examples.adoc:109 +#: modules/administration/pages/image-management.adoc:167 msgid "" -"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Advisory " -"Name)``." +"The RPM package with the certificate is provided in the local build host " +"repository:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:80 -#: modules/administration/pages/content-lifecycle-examples.adoc:110 -msgid "In the [guimenu]``Matcher`` field, select [guimenu]``equals``." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:168 +#, no-wrap +msgid "/var/lib/Kiwi/repo\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:82 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:169 msgid "" -"In the [guimenu]``Advisory Name`` field, type a name for the advisory. For " -"example, [systemitem]``SUSE-15-2019-1807``." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:84 -#: modules/administration/pages/content-lifecycle-examples.adoc:177 -#: modules/administration/pages/content-lifecycle-examples.adoc:255 -msgid "Navigate to menu:Content Lifecycle[Projects] and select your project." +"Specify the RPM package with the {productname} SSL certificate in the build " +"source, and make sure your Kiwi configuration contains ``rhn-org-trusted-ssl-" +"cert-osimage`` as a required package in the ``bootstrap`` section." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:85 -msgid "" -"Click btn:[Attach/Detach Filters] link, select [guimenu]``Exclude openjdk " -"patch``, and click btn:[Save]." +#. type: Block title +#: modules/administration/pages/image-management.adoc:170 +#, no-wrap +msgid "config.xml" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:87 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:171 +#, no-wrap msgid "" -"When you rebuild the project with the btn:[Build] button, the new filter is " -"used together with the [guimenu]``by date`` filter we added before." +"...\n" +" \n" +" ...\n" +" \n" +" \n" +"...\n" msgstr "" #. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:91 +#: modules/administration/pages/image-management.adoc:172 #, no-wrap -msgid "Including a Patch in the Project" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:97 -msgid "" -"In this example, you have received a security alert. An important security " -"patch was released several days after the first of the month you are " -"currently working on. The name of the new patch is ``SUSE-15-2019-2071``. " -"You need to include this new patch into your environment." +msgid "Create an Activation Key for OS Images" msgstr "" #. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:102 +#: modules/administration/pages/image-management.adoc:173 msgid "" -"The [guimenu]``Allow`` filters rule overrides the exclude function of the " -"[guimenu]``Deny`` filter rule. For more information, see xref:" -"administration:content-lifecycle.adoc[]." +"Create an activation key associated with the channel that your OS Images " +"will use as repositories when building the image." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:104 -#, no-wrap -msgid "Procedure: Including a Patch in a Project" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:174 +msgid "Activation keys are mandatory for OS Image building." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:108 +#: modules/administration/pages/image-management.adoc:175 msgid "" -"In the [guimenu]``Filter Name`` field, type a name for the filter. For " -"example, [systemitem]``Include kernel security fix``." +"To build OS Images, you will need an activation key that is associated with " +"a channel other than `SUSE Manager Default`." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:111 -msgid "" -"In the [guimenu]``Advisory Name`` field, type " -"[guimenu]``SUSE-15-2019-2071``, and check [guimenu]``Allow``." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:177 +msgid "In the {webui}, select menu:Systems[Activation Keys]." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:112 -#: modules/administration/pages/content-lifecycle-examples.adoc:176 -msgid "Click btn:[Save] to store the filter." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:178 +msgid "Click [guimenu]``Create Key``." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:113 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:179 msgid "" -"Navigate to menu:Content Lifecycle[Projects] and select your project from " -"the list." +"Enter a [guimenu]``Description``, a [guimenu]``Key`` name, and use the drop-" +"down box to select a [guimenu]``Base Channel`` to associate with the key." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:183 +msgid "" +"OS Images can require a significant amount of storage space. Therefore, we " +"recommended that the OS Image store is located on a partition of its own or " +"on a Btrfs subvolume, separate from the root partition. By default, the " +"image store will be located at [path]``/srv/www/os-images``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:114 +#: modules/administration/pages/image-management.adoc:184 msgid "" -"Click btn:[Attach/Detach Filters], and select [guimenu]``Include kernel " -"security patch``." +"Image stores for Kiwi build type, used to build system, virtual, and other " +"images, are not supported yet." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:116 -msgid "Click btn:[Build] to rebuild the environment." +#: modules/administration/pages/image-management.adoc:185 +msgid "" +"Images are always stored in [path]``/srv/www/os-images/`` " +"and are accessible via HTTP/HTTPS [url]``https:///os-" +"images/``." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:120 -#, no-wrap -msgid "Update an Existing Monthly Patch Cycle" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:187 +msgid "Manage image profiles using the {webui}." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:123 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:190 msgid "" -"When a monthly patch cycle is complete, you can update the patch cycle for " -"the next month." +"To create an image profile select from menu:Images[Profiles] and click btn:" +"[Create]." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:124 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:191 #, no-wrap -msgid "Procedure: Updating a Monthly Patch Cycle" +msgid "images_image_create_profile_kiwi.png" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:127 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:192 msgid "" -"In the [guimenu]``by date`` field, change the date of the filter to the next " -"month. Alternatively, create a new filter and change the assignment to the " -"project." +"In the [guimenu]``Label`` field, provide a name for the `Image Profile`." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:129 -msgid "" -"Check if the exclude filter for ``SUSE-15-2019-1807`` can be detached from " -"the project. There may be a new patch available to fix this issue." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:193 +msgid "Use `Kiwi` as the [guimenu]``Image Type``." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:131 -msgid "" -"Detach the ``allow`` filter you added previously. The patch is included by " -"default." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:194 +msgid "Image store is automatically selected." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:132 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:195 msgid "" -"Rebuild the project to create a new environment with patches for the next " -"month." +"Enter a [guimenu]``Config URL`` to the directory containing the Kiwi " +"configuration files:" msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:136 -#, no-wrap -msgid "Enhance a Project with Live Patching" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:196 +msgid "git URI" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:139 -msgid "" -"This section covers setting up filters to create environments for live " -"patching." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:197 +msgid "HTTPS tarball" msgstr "" #. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:143 -msgid "" -"When you are preparing to use live patching, there are some important " -"considerations" +#: modules/administration/pages/image-management.adoc:198 +msgid "Path to build host local directory" msgstr "" #. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:146 +#: modules/administration/pages/image-management.adoc:199 +msgid "" +"Select an [guimenu]``Activation Key``. Activation keys ensure that images " +"using a profile are assigned to the correct channel and packages." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:200 msgid "" -"Only ever use one kernel version on your systems. The live patching " -"packages are installed with a specific kernel." +"Associate an activation key with an image profile to ensure the image " +"profile uses the correct software channel, and any packages." msgstr "" #. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:147 -msgid "Live patching updates are shipped as one patch." +#: modules/administration/pages/image-management.adoc:201 +msgid "Confirm with the btn:[Create] button." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:150 -msgid "" -"Each kernel patch that begins a new series of live patching kernels will " -"display the ``required reboot`` flag. These kernel patches come with live " -"patching tools. When you have installed them, you will need to reboot the " -"system at least once before the next year." +#. type: Block title +#: modules/administration/pages/image-management.adoc:202 +#, no-wrap +msgid "Source format options" msgstr "" #. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:151 -msgid "" -"Only install live patch updates that match the installed kernel version." +#: modules/administration/pages/image-management.adoc:203 +msgid "git/HTTP(S) URL to the repository" msgstr "" #. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:153 +#: modules/administration/pages/image-management.adoc:204 msgid "" -"Live patches are provided as stand-alone patches. You must exclude all " -"regular kernel patches with higher kernel version than the currently " -"installed one." +"URL to the git repository containing the sources of the image to be built. " +"Depending on the layout of the repository the URL can be:" msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:158 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:205 #, no-wrap -msgid "Exclude Packages with a Higher Kernel Version" +msgid "https://github.com/SUSE/manager-build-profiles\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:162 +#: modules/administration/pages/image-management.adoc:206 msgid "" -"In this example you update your systems with the ``SUSE-15-2019-1244`` " -"patch. This patch contains ``kernel-default-4.12.14-150.17.1-x86_64``." +"You can specify a branch after the `#` character in the URL. In this " +"example, we use the `master` branch:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:207 +#, no-wrap +msgid "https://github.com/SUSE/manager-build-profiles#master\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:164 +#: modules/administration/pages/image-management.adoc:208 msgid "" -"You need to exclude all patches which contain a higher version of ``kernel-" -"default``." +"You can specify a directory that contains the image sources after the `:` " +"character. In this example, we use `OSImage/POS_Image-JeOS6`:" msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:165 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:209 #, no-wrap -msgid "Procedure: Excluding Packages with a Higher Kernel Version" +msgid "https://github.com/SUSE/manager-build-profiles#master:OSImage/POS_Image-JeOS6\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:167 -msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters], " -"and click btn:[Create Filter]." +#: modules/administration/pages/image-management.adoc:210 +msgid "HTTP(S) URL to the tarball" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:169 +#: modules/administration/pages/image-management.adoc:211 msgid "" -"In the [guimenu]``Filter Name`` field, type a name for your filter. For " -"example, [systemitem]``Exclude kernel greater than 4.12.14-150.17.1``." +"URL to the tar archive, compressed or uncompressed, hosted on the webserver." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:170 -msgid "" -"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Contains " -"Package)``." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:212 +#, no-wrap +msgid "https://myimagesourceserver.example.org/MyKiwiImage.tar.gz\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:171 -msgid "" -"In the [guimenu]``Matcher`` field, select [guimenu]``version greater than``." +#: modules/administration/pages/image-management.adoc:213 +msgid "Path to the directory on the build host" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:172 +#: modules/administration/pages/image-management.adoc:214 msgid "" -"In the [guimenu]``Package Name`` field, type [systemitem]``kernel-default``." +"Enter the path to the directory with the Kiwi build system sources. This " +"directory must be present on the selected build host." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:173 -msgid "Leave the the [guimenu]``Epoch`` field empty." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:215 +#, no-wrap +msgid "/var/lib/Kiwi/MyKiwiImage\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:174 -msgid "In the [guimenu]``Version`` field, type [systemitem]``4.12.14``." +#. type: Title ==== +#: modules/administration/pages/image-management.adoc:216 +#, no-wrap +msgid "Example of Kiwi Sources" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:175 -msgid "In the [guimenu]``Release`` field, type [systemitem]``150.17.1``." +#: modules/administration/pages/image-management.adoc:217 +msgid "" +"Kiwi sources consist at least of `config.xml`. Usually, `config.sh` and " +"`images.sh` are present as well. Sources can also contain files to be " +"installed in the final image under the `root` subdirectory." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:179 +#: modules/administration/pages/image-management.adoc:218 msgid "" -"Select [guimenu]``Exclude kernel greater than 4.12.14-150.17.1``, and click " -"btn:[Save]." +"For information about the Kiwi build system, see the https://doc.opensuse." +"org/projects/kiwi/doc/[Kiwi documentation]." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:183 +#: modules/administration/pages/image-management.adoc:219 msgid "" -"When you click btn:[Build], a new environment is created. The new " -"environment contains all the kernel patches up to the version you installed." +"{suse} provides examples of fully functional image sources at the https://" +"github.com/SUSE/manager-build-profiles[SUSE/manager-build-profiles] public " +"GitHub repository." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:186 -msgid "" -"All kernel patches with higher kernel versions are removed. Live patching " -"kernels will stay available as long as they are not the first in a series." +#. type: Block title +#: modules/administration/pages/image-management.adoc:220 +#, no-wrap +msgid "Example of JeOS config.xml" msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:202 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:221 #, no-wrap -msgid "Switch to a New Kernel Version for Live Patching" +msgid "\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:207 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:222 +#, no-wrap msgid "" -"Live Patching for a specific kernel version is only available for one year. " -"After one year you must update the kernel on your systems. Execute these " -"environment changes:" +"\n" +" \n" +" Admin User\n" +" noemail@example.com\n" +" SUSE Linux Enterprise 12 SP3 JeOS\n" +" \n" +" \n" +" 6.0.0\n" +" zypper\n" +" SLE\n" +" SLE\n" msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:208 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:223 #, no-wrap -msgid "Procedure: Switch to a New Kernel Version" +msgid "" +" en_US\n" +" us.map.gz\n" +" Europe/Berlin\n" +" utc\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:211 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:224 +#, no-wrap msgid "" -"Decide which kernel version you will upgrade to. For example: " -"`4.12.14-150.32.1`" +" true\n" +" \n" +" \n" +" \n" +" \n" +" \n" +" \n" +" \n" +" \n" +" ...\n" +" \n" +" \n" +" ...\n" +" \n" +" \n" +" \n" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:212 -msgid "Create a new kernel version Filter." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:225 +#, no-wrap +msgid "" +" \n" +" \n" +" \n" +" \n" +" ...\n" +" \n" +"\n" msgstr "" +#. ianew: admin/image-management.adoc +#. iawho: lana 2019-02-27 #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:213 +#: modules/administration/pages/image-management.adoc:227 msgid "" -"Detach the previous filter **Exclude kernel greater than 4.12.14-150.17.1** " -"and attach the new filter." +"There are two ways to build an image using the {webui}. Either select menu:" +"Images[Build], or click the build icon in the menu:Images[Profiles] list." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:220 +#: modules/administration/pages/image-management.adoc:231 msgid "" -"Click btn:[Build] to rebuild the environment. The new environment contains " -"all kernel patches up to the new kernel version you selected. Systems using " -"these channels will have the kernel update available for installation. You " -"will need to reboot systems after they have performed the upgrade. The new " -"kernel will remain valid for one year. All packages installed during the " -"year will match the current live patching kernel filter." +"Add a different tag name if you want a version other than the default " +"``latest`` (applies only to containers)." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:223 -#, no-wrap -msgid "Appstream Filters" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:232 +msgid "Select the [guimenu]``Image Profile`` and a [guimenu]``Build Host``." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:229 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:233 msgid "" -"If you are using {rhel}{nbsp}8 clients, you cannot perform package " -"operations such as installing or upgrading directly from modular " -"repositories like the {rhel} Appstream repository. You can use the " -"Appstream filter to transform modular repositories into regular " -"repositories. It does this by keeping the packages in the repository and " -"stripping away the module metadata. The resulting repository can be used in " -"{productname} in the same way as a regular repository." +"A [guimenu]``Profile Summary`` is displayed to the right of the build " +"fields. When you have selected a build profile, detailed information about " +"the selected profile will show up in this area." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:232 -msgid "" -"The AppStream filter selects a single module stream to be included in the " -"target repository. You can add multiple filters to select multiple module " -"streams." +#: modules/administration/pages/image-management.adoc:234 +msgid "To schedule a build, click the btn:[Build] button." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:235 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:235 msgid "" -"If you do not use an AppStream filter in your CLM project, the module " -"metadata in the modular sources remains intact, and the target repositories " -"contain the same module metadata. As long as at least one AppStream filter " -"is enabled in the CLM project, all target repositories are transformed into " -"regular repositories." +"The build server cannot run any form of automounter during the image " +"building process. If applicable, ensure that you do not have your Gnome " +"session running as root. If an automounter is running, the image build will " +"finish successfully, but the checksum of the image will be different and " +"will fail later." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:238 +#: modules/administration/pages/image-management.adoc:236 msgid "" -"To use the AppStream filter, you need a CLM project with a modular " -"repository such as ``{rhel} AppStream``. Ensure that you included the " -"module you need as a source before you begin." +"After the image is successfully built, the inspection phase begins. During " +"the inspection phase {susemgr} collects information about the image:" msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:241 -#, no-wrap -msgid "Procedure: Using Appstream Filters" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:237 +msgid "List of packages installed in the image" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:244 -#: modules/administration/pages/content-lifecycle-examples.adoc:263 -msgid "" -"In the {productname} {webui}, navigate to your {rhel}{nbsp}8 CLM project. " -"Ensure that you have included the AppStream channels for your project." +#: modules/administration/pages/image-management.adoc:238 +msgid "Checksum of the image" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:245 -#: modules/administration/pages/content-lifecycle-examples.adoc:264 -msgid "Click btn:``Create Filter`` and use these parameters:" +#: modules/administration/pages/image-management.adoc:239 +msgid "Image type and other image details" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:247 -#: modules/administration/pages/content-lifecycle-examples.adoc:266 -msgid "In the [guimenu]``Filter Name`` field, type a name for the new filter." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:240 +msgid "" +"If the built image type is `PXE`, a Salt pillar will also be generated. " +"Image pillars are stored in the `/srv/susemanager/pillar_data/images/` " +"directory and the Salt subsystem can access details about the generated " +"image. Details include where the pillar is located and provided, image " +"checksums, information needed for network boot, and more." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:241 +msgid "The generated pillar is available to all connected clients." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:248 -#: modules/administration/pages/content-lifecycle-examples.adoc:267 +#: modules/administration/pages/image-management.adoc:243 msgid "" -"In the [guimenu]``Filter Type`` field, select [parameter]``Module (Stream)``." +"Building an image requires several dependent steps. When the build fails, " +"investigating Salt states results can help identify the source of the " +"failure. You can carry out these checks when the build fails:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:250 -msgid "" -"In the [guimenu]``Module Name`` field, type a module name. For example, " -"[parameter]``postgresql``." +#: modules/administration/pages/image-management.adoc:244 +msgid "The build host can access the build sources" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:253 +#: modules/administration/pages/image-management.adoc:245 msgid "" -"In the [guimenu]``Stream`` field, type the name of the desired stream. For " -"example, [parameter]``10``. If you leave this field blank, the default " -"stream for the module is selected." +"There is enough disk space for the image on both the build host and the " +"{productname} server" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:254 -msgid "Click btn:[Save] to create the new filter." +#: modules/administration/pages/image-management.adoc:246 +msgid "The activation key has the correct channels associated with it" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:256 -msgid "" -"Click btn:``Attach/Detach Filters``, select your new Appstream filter, and " -"click btn:[Save]." +#: modules/administration/pages/image-management.adoc:247 +msgid "The build sources used are valid" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:259 +#: modules/administration/pages/image-management.adoc:248 msgid "" -"You can use the browse function in the ``Create/Edit Filter`` form to select " -"a module from a list of available module streams for a modular channel." +"The RPM package with the {productname} public certificate is up to date and " +"available at `/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-" +"osimage-1.0-1.noarch.rpm`. For more on how to refresh a public certificate " +"RPM, see <>." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:260 +#. type: Title === +#: modules/administration/pages/image-management.adoc:249 #, no-wrap -msgid "Procedure: Browsing Available Module Streams" +msgid "Limitations" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:268 -msgid "Click ``Browse available modules`` to see all modular channels." +#: modules/administration/pages/image-management.adoc:250 +msgid "The section contains some known issues when working with images." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:269 -msgid "Select a channel to browse the modules and streams:" +#: modules/administration/pages/image-management.adoc:251 +msgid "" +"HTTPS certificates used to access the HTTP sources or git repositories " +"should be deployed to the client by a custom state file, or configured " +"manually." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:271 -msgid "" -"In the [guimenu]``Module Name`` field, start typing a module name to search, " -"or select from the list." +#: modules/administration/pages/image-management.adoc:252 +msgid "Importing Kiwi-based images is not supported." +msgstr "" + +#. type: Title == +#: modules/administration/pages/image-management.adoc:253 +#, no-wrap +msgid "List Image Profiles Available for Building" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:272 +#: modules/administration/pages/image-management.adoc:254 msgid "" -"In the [guimenu]``Stream`` field, start typing a stream name to search, or " -"select from the list." +"To list images available for building select menu:Images[Image List]. A " +"list of all images will be displayed." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:278 -msgid "" -"Channel selection is only for browsing modules. The selected channel will " -"not be saved with the filter, and will not affect the CLM process in any way." +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:255 +#, no-wrap +msgid "images_list_images.png" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:282 +#: modules/administration/pages/image-management.adoc:256 msgid "" -"You can create additional AppStream filters for any other module stream to " -"be included in the target repository. Any module streams that the selected " -"stream depends on will be automatically included." +"Displayed data about images includes an image [guimenu]``Name``, its " +"[guimenu]``Version`` and the build [guimenu]``Status``. You will also see " +"the image update status with a listing of possible patch and package updates " +"that are available for the image." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:289 +#. type: Plain text +#: modules/administration/pages/image-management.adoc:257 msgid "" -"Be careful not to specify conflicting, incompatible, or missing module " -"streams. For example, selecting two streams from the same module is invalid." +"Clicking the btn:[Details] button on an image will provide a detailed view. " +"The detailed view includes an exact list of relevant patches and a list of " +"all packages installed within the image." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:292 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:258 msgid "" -"When you build your CLM project using the btn:[Build] button in the {webui}, " -"the target repository is a regular repository without any modules, that " -"contains packages from the selected module streams." +"The patch and the package list is only available if the inspect state after " +"a build was successful." msgstr "" #. type: Title = -#: modules/administration/pages/tshoot-osadjabberd.adoc:2 -#, no-wrap -msgid "Troubleshooting OSAD and jabberd" -msgstr "" - -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step -#. type: Title == -#: modules/administration/pages/tshoot-osadjabberd.adoc:24 +#: modules/administration/pages/iss.adoc:1 #, no-wrap -msgid "Open File Count Exceeded" +msgid "Inter-Server Synchronization" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:27 +#: modules/administration/pages/iss.adoc:2 msgid "" -"In some cases, the maximum number of files that jabber can open is lower " -"than the number of connected OSAD clients." +"If you have more than one {productname} installation, you need to ensure " +"that they stay aligned on content and permissions. Inter-Server " +"Synchronization (ISS) allows you to connect two or more {productname} " +"Servers and keep them up-to-date." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:29 +#: modules/administration/pages/iss.adoc:3 msgid "" -"If this occurs, OSAD clients cannot contact the SUSE Manager Server, and " -"jabberd will take an excessive amount of time to respond on port 5222." +"To set up ISS, you need to define one {productname} Server as a master, with " +"the other as a slave. If conflicting configurations exist, the system will " +"prioritize the master configuration." msgstr "" #. type: delimited block = -#: modules/administration/pages/tshoot-osadjabberd.adoc:35 -msgid "" -"This fix is only required if you have more than 8192 clients connected using " -"OSAD. In this case, we recommend you consider using Salt clients instead. " -"For more information about tuning large scale installations, see xref:salt:" -"large-scale.adoc[]." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:39 +#: modules/administration/pages/iss.adoc:4 msgid "" -"You can increase the number of files available to jabber by editing the " -"jabberd local configuration file. By default, the file is located at " -"[path]``/etc/systemd/system/jabberd.service.d/override.conf``." +"ISS Masters are masters only because they have slaves attached to them. " +"This means that you need to set up the ISS Master first, by defining its " +"slaves. You can then set up the ISS Slaves, by attaching them to a master." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-osadjabberd.adoc:42 +#: modules/administration/pages/iss.adoc:5 #, no-wrap -msgid "Procedure: Adjusting the Maximum File Count" +msgid "Procedure: Setting up an ISS Master" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:45 +#: modules/administration/pages/iss.adoc:6 msgid "" -"At the command prompt, as root, open the local configuration file for " -"editing:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tshoot-osadjabberd.adoc:48 -#, no-wrap -msgid "systemctl edit jabberd\n" +"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " +"Master Setup], and click btn:[Add new slave]." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:50 -msgid "Add or edit this section:" +#: modules/administration/pages/iss.adoc:7 +msgid "" +"In the [guimenu]``Edit Slave Details`` dialog, provide these details for the " +"ISS Master's first slave:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-osadjabberd.adoc:54 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/iss.adoc:8 msgid "" -"[Service]\n" -"LimitNOFILE=:\n" +"In the [guimenu]``Slave Fully-Qualified Domain Name`` field, enter the FQDN " +"of the ISS Slave." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:58 -msgid "" -"The value you choose will vary depending on your environment. For example, " -"if you have 9500 clients, increase the soft value by 100 to 9600, and the " -"hard value by 1000 to 10500:" +#: modules/administration/pages/iss.adoc:9 +msgid "For example: [systemitem]``server2.example.com``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-osadjabberd.adoc:63 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/iss.adoc:10 msgid "" -"[Unit]\n" -"LimitNOFILE=\n" -"LimitNOFILE=9600:10500\n" +"Check the [guimenu]``Allow Slave to Sync?`` checkbox to enable the slave to " +"synchronize with the master." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:65 -msgid "Save the file and exit the editor." +#: modules/administration/pages/iss.adoc:11 +msgid "" +"Check the [guimenu]``Sync All Orgs to Slave?`` checkbox to synchronize all " +"organizations to this slave." msgstr "" -#. type: delimited block = -#: modules/administration/pages/tshoot-osadjabberd.adoc:70 -msgid "" -"The default editor for systemctl files is vim. To save the file and exit, " -"press kbd:[Esc] to enter ``normal`` mode, type kbd:[:wq] and press kbd:" -"[Enter]." +#. type: Plain text +#: modules/administration/pages/iss.adoc:12 +msgid "Click btn:[Create] to add the ISS slave." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:74 +#: modules/administration/pages/iss.adoc:13 msgid "" -"Ensure you also update the `max_fds` parameter in [path]``/etc/jabberd/c2s." -"xml``. For example: `10500`" +"In the [guimenu]``Allow Export of the Selected Organizations`` section, " +"check the organizations you want to allow this slave to export to the " +"master, and click btn:[Allow Orgs]." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:79 +#: modules/administration/pages/iss.adoc:14 msgid "" -"The soft file limit is the maximum number of open files for a single " -"process. In {productname} the highest consuming process is ``c2s``, which " -"opens a connection per client. 100 additional files are added, here, to " -"accommodate for any non-connection file that ``c2s`` requires to work " -"correctly. The hard limit applies to all processes belonging to jabber, and " -"also accounts for open files from the router, ``c2s`` and ``sm`` processes." +"Before you set up the ISS Slave, you will need to ensure you have the " +"appropriate CA certificate." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-hostname-rename.adoc:2 +#. type: Block title +#: modules/administration/pages/iss.adoc:15 #, no-wrap -msgid "Troubleshooting Renaming {productname} Server" -msgstr "" - -# -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step -#. Showing my working. --LKB 2020-06-22 -#. Cause: Renaming the hostname -#. Consequence: Changes not picked up by db, clients and proxies -#. Fix: Use the [command]``spacewalk-hostname-rename`` script to update the settings in the PostgreSQL database and the internal structures of {productname}. -#. Result: Renaming is successfully propagated -#. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:33 -msgid "" -"If you change the hostname of the {productname} Server locally, your " -"{productname} installation will cease to work properly. This is because the " -"changes have not been made in the database, which prevents the changes from " -"propagating out your clients and any proxies." +msgid "Procedure: Copying the Master CA Certificate to an ISS Slave" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:36 +#: modules/administration/pages/iss.adoc:16 msgid "" -"If you need to change the hostname of the {productname} Server, you can do " -"so using the [command]``spacewalk-hostname-rename`` script. This script " -"updates the settings in the PostgreSQL database and the internal structures " -"of {productname}." +"On the ISS Master, locate the CA Certificate at ``/srv/www/htdocs/pub/RHN-" +"ORG-TRUSTED-SSL-CERT`` and create a copy that can be transferred to the " +"ISS Slave." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:38 +#: modules/administration/pages/iss.adoc:17 msgid "" -"The [command]``spacewalk-hostname-rename`` script is part of the " -"[package]``spacewalk-utils`` package." +"On the ISS Slave, save the CA certificate file to the ``/etc/pki/trust/" +"anchors/`` directory." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:40 -msgid "" -"The only mandatory parameter for the script is the newly configured IP " -"address of the {productname} Server." +#: modules/administration/pages/iss.adoc:18 +msgid "When you have copied the certificate, you can set up the ISS Slave." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-hostname-rename.adoc:43 +#: modules/administration/pages/iss.adoc:19 #, no-wrap -msgid "Procedure: Renaming {productname} Server" +msgid "Procedure: Setting up an ISS Slave" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:47 +#: modules/administration/pages/iss.adoc:20 msgid "" -"Change the network settings of the server on the system level locally and " -"remotely at the DNS server. You will also need to provide configuration " -"settings for reverse name resolution. Changing network settings is done in " -"the same way as with renaming any other system." +"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " +"Slave Setup], and click btn:[Add new master]." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:48 +#: modules/administration/pages/iss.adoc:21 msgid "" -"Reboot the {productname} Server to use the new network configuration and to " -"ensure the hostname has changed." +"In the [guimenu]``Details for new Master`` dialog, provide these details for " +"the server to use as the ISS master:" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:50 +#: modules/administration/pages/iss.adoc:22 msgid "" -"Run the script [command]``spacewalk-hostname-rename`` script with the public " -"IP address of the server. If the server is not using the new hostname, the " -"script will fail." +"In the [guimenu]``Master Fully-Qualified Domain Name`` field, enter the FQDN " +"of the ISS Master for this slave." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:51 -msgid "" -"Re-configure your clients to make your environment aware of the new hostname " -"and IP address." +#: modules/administration/pages/iss.adoc:23 +msgid "For example: ``server1.example.com``." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:53 +#: modules/administration/pages/iss.adoc:24 msgid "" -"In the Salt minion configuration file [path]``/etc/salt/minion``, you must " -"make sure to specify the name of the new Salt master ({productname} Server):" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tshoot-hostname-rename.adoc:56 -#, no-wrap -msgid "master: \n" +"In the [guimenu]``Filename of this Master's CA Certificate`` field, enter " +"the absolute path to the CA certificate on the ISS master." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:61 -msgid "" -"Traditional clients have the [path]``/etc/sysconfig/rhn/up2date`` " -"configuration file that must be changed. With a re-activation key you can " -"re-register traditional clients (if there are any). For more information, " -"see xref:client-configuration:registration-cli.adoc[]." +#: modules/administration/pages/iss.adoc:25 +msgid "This should be ``/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT``." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:63 -msgid "" -"OPTIONAL: If you use PXE boot through a {productname} Proxy, you must check " -"the configuration settings of the proxy. On the proxy, run the " -"[command]``configure-tftpsync.sh`` setup script and enter the requested " -"information. For more information, see xref:installation:proxy-setup.adoc[]." +#: modules/administration/pages/iss.adoc:26 +msgid "Click btn:[Add new master] to add the ISS Slave to this master." msgstr "" -#. type: Title = -#: modules/administration/pages/maintenance-window-tasks.adoc:2 +#. type: Block title +#: modules/administration/pages/iss.adoc:27 #, no-wrap -msgid "Maintenance Window Tasks" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:6 -msgid "" -"If you work with scheduled maintenance windows, you might find it difficult " -"to remember all the things that you need to do before, during, and after " -"that critical downtime of the {productname} Server. {productname} Server " -"related systems such as Inter-Server Synchronization Slave Servers or " -"{productname} Proxies are also affected and have to be considered." -msgstr "" - -#. It's similar to zypper at the package level: -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:11 -msgid "" -"{suse} recommends you always keep your {productname} infrastructure " -"updated. That includes servers, proxies, and build hosts. If you do not " -"keep the {productname} Server updated, you might not be able to update some " -"parts of your environment when you need to." +msgid "Procedure: Completing ISS Setup" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:13 +#: modules/administration/pages/iss.adoc:28 msgid "" -"This section contains a checklist for your maintenance window, with links to " -"further information on performing each of the steps." +"At the command prompt on the ISS Slave, synchronize with the ISS Master:" msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:16 +#. type: delimited block - +#: modules/administration/pages/iss.adoc:29 #, no-wrap -msgid "Server" +msgid "mgr-inter-sync\n" msgstr "" -#. ke, 2019-09-30: we'll stop spacewalk during the update -#. . Stop spacewalk services. -#. You will need to stop the spacewalk, SAP, and database services, along with any others you have running. -#. . Check if the configuration is still correct. #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:24 -msgid "Apply the latest updates. See xref:upgrade:server-intro.adoc[]." +#: modules/administration/pages/iss.adoc:30 +msgid "OPTIONAL: To synchronize a single channel, use this command:" msgstr "" -#. We reboot during the above listed procedures. -#. . Reboot the server. -#. . Check if the configuration is still correct. -#. . Start any stopped services. -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:29 -msgid "Upgrade to the latest service pack, if required." +#. type: delimited block - +#: modules/administration/pages/iss.adoc:31 +#, no-wrap +msgid "mgr-inter-sync -c \n" msgstr "" +#. Need to double check this against the UI. --LKB 2020-04-08 #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:30 +#: modules/administration/pages/iss.adoc:32 msgid "" -"Run [command]``spacewalk-service status`` and check whether all required " -"services are up and running." +"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " +"Configure Master-to-Slave Mappings] and select the organizations you want to " +"synchronize." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:32 -msgid "" -"For information about database schema upgrades and PostgreSQL migrations, " -"see xref:upgrade:db-intro.adoc[]." +#. type: Title = +#: modules/administration/pages/live-patching-channel-setup.adoc:1 +#, no-wrap +msgid "Set up Channels for Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:36 +#: modules/administration/pages/live-patching-channel-setup.adoc:2 msgid "" -"You can install updates using your package manager. For information on " -"using {yast}, see https://documentation.suse.com/sles/15-SP1/html/SLES-all/" -"cha-onlineupdate-you.html. For information on using zypper, see https://" -"documentation.suse.com/sles/15-SP1/html/SLES-all/cha-sw-cl.html#sec-zypper." +"A reboot is required every time you update the full kernel package. " +"Therefore, it is important that clients using Live Patching do not have " +"newer kernels available in the channels they are assigned to. Clients using " +"live patching have updates for the running kernel in the live patching " +"channels." msgstr "" -# -# -#. Preferable, you will run such a tool within a maintenance window; for more information, see xref:administration:maintenance-window.adoc#maintenance-window[]. -#. complete procedure, also see above: -#. 1. Log in as root user to the SUSE Manager server. -#. 2. Stop the Spacewalk service: -#. spacewalk-service stop -#. 3. Apply the patch using either zypper patch or YaST Online Update. -#. 4. Upgrade the database schema: -#. spacewalk-schema-upgrade -#. 5. Start the Spacewalk service: -#. spacewalk-service start #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:54 -msgid "" -"By default, several update channels are configured and enabled for the " -"{productname} Server. New and updated packages will become available " -"automatically." +#: modules/administration/pages/live-patching-channel-setup.adoc:3 +msgid "There are two ways to manage channels for live patching:" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:58 +#: modules/administration/pages/live-patching-channel-setup.adoc:4 msgid "" -"To keep {susemgr} up to date, either connect it directly to {scc} or use " -"{rmtool} (RMT). You can use RMT as a local installation source for " -"disconnected environments." +"Use content lifecycle management to clone the product tree and remove kernel " +"versions newer than the running one. This procedure is explained in the " +"xref:content-lifecycle-examples.adoc#enhance-project-with-" +"livepatching[Content Livecycle Management Examples]. This is the " +"recommended solution." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:62 +#: modules/administration/pages/live-patching-channel-setup.adoc:5 msgid "" -"You can check that the update channels are available on your system with " -"this command:" +"Alternatively, use the `spacewalk-manage-channel-lifecycle` tool. This " +"procedure is more manual and requires command line tools as well as the " +"{webui}. This procedure is explained in this section for SLES{nbsp}15 SP1, " +"but it also works for SLE{nbsp}12 SP4 or later." msgstr "" -#. type: delimited block - -#: modules/administration/pages/maintenance-window-tasks.adoc:65 +#. type: Title == +#: modules/administration/pages/live-patching-channel-setup.adoc:6 #, no-wrap -msgid "zypper lr\n" +msgid "Use spacewalk-manage-channel-lifecycle for Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:68 -msgid "The output will look similar to this:" +#: modules/administration/pages/live-patching-channel-setup.adoc:7 +msgid "" +"Cloned vendor channels should be prefixed by ``dev`` for development, " +"``testing``, or ``prod`` for production. In this procedure, you will create " +"a ``dev`` cloned channel and then promote the channel to ``testing``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/maintenance-window-tasks.adoc:84 +#. type: Block title +#: modules/administration/pages/live-patching-channel-setup.adoc:8 #, no-wrap -msgid "" -"Name | Enabled | GPG Check | Refresh\n" -"-------------------------------------------------------+---------+-----------+--------\n" -"SLE-Module-Basesystem15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Basesystem15-SP1-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-Python2-15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Python2-15-SP1-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Product-SUSE-Manager-Server-4.0-Pool | Yes | (r ) Yes | No\n" -"SLE-Product-SUSE-Manager-Server-4.0-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-SUSE-Manager-Server-4.0-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-SUSE-Manager-Server-4.0-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-Server-Applications15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Server-Applications15-SP1-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-Web-Scripting15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Web-Scripting15-SP1-Updates | Yes | (r ) Yes | Yes\n" +msgid "Procedure: Cloning Live Patching Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:92 +#: modules/administration/pages/live-patching-channel-setup.adoc:9 msgid "" -"{productname} releases maintenance updates (MUs) to provide newer packages. " -"Maintenance updates are indicated with a new version number. For example, " -"the major release 4.0 will be incremented to 4.0.1 when an MU is released." +"At the command prompt on the client, as root, obtain the current package " +"channel tree:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:95 +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:10 +#, no-wrap msgid "" -"You can verify which version you are running by looking at the bottom of the " -"navigation bar in the {webui}. You can also fetch the version number with " -"the [literal]``api.getVersion()`` XMLRPC API call." +"# spacewalk-manage-channel-lifecycle --list-channels\n" +"Spacewalk Username: admin\n" +"Spacewalk Password:\n" +"Channel tree:\n" msgstr "" -#. type: Title === -#: modules/administration/pages/maintenance-window-tasks.adoc:107 +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:11 #, no-wrap -msgid "Client Tools" +msgid "" +" 1. sles15-{sp-vert}-pool-x86_64\n" +" \\__ sle-live-patching15-pool-x86_64-{sp-vert}\n" +" \\__ sle-live-patching15-updates-x86_64-{sp-vert}\n" +" \\__ sle-manager-tools15-pool-x86_64-{sp-vert}\n" +" \\__ sle-manager-tools15-updates-x86_64-{sp-vert}\n" +" \\__ sles15-{sp-vert}-updates-x86_64\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:115 +#: modules/administration/pages/live-patching-channel-setup.adoc:12 msgid "" -"When the server is updated consider to update some tools on the clients, " -"too. Updating [package]``salt-minion``, [package]``zypper``, and other " -"related management package on clients is not a strict requirement, but it is " -"a best practice in general. For example, a maintenance update on the server " -"might introduce a major new Salt version. Then minions will continue to " -"work but might experience problems later on. To avoid this always update " -"the salt-minion package when available. {suse} makes sure that " -"[package]``salt-minion`` can always be updated safely." +"Use the [command]``spacewalk-manage-channel`` command with the " +"[option]``init`` argument to automatically create a new development clone of " +"the original vendor channel:" msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:118 +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:13 #, no-wrap -msgid "Inter-Server Synchronization Slave Server" +msgid "spacewalk-manage-channel-lifecycle --init -c sles15-{sp-vert}-pool-x86_64\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:121 +#: modules/administration/pages/live-patching-channel-setup.adoc:14 msgid "" -"If you are using an inter-server synchronization slave server, update it " -"after the {productname} Server update is complete." +"Check that [systemitem]``dev-sles15-{sp-vert}-updates-x86_64`` is available " +"in your channel list." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:123 +#: modules/administration/pages/live-patching-channel-setup.adoc:15 msgid "" -"For more in inter-server synchronization, see xref:administration:iss.adoc[]." +"Check the ``dev`` cloned channel you created, and remove any kernel updates " +"that require a reboot." msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:126 +#. type: Block title +#: modules/administration/pages/live-patching-channel-setup.adoc:16 #, no-wrap -msgid "Monitoring Server" +msgid "Procedure: Removing Non-Live Kernel Patches from Cloned Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:129 +#: modules/administration/pages/live-patching-channel-setup.adoc:17 msgid "" -"If you are using a monitoring server for Prometheus, update it after the " -"{productname} Server update is complete." +"Check the current kernel version by selecting the client from menu:" +"Systems[System List], and taking note of the version displayed in the " +"[guimenu]``Kernel`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:131 +#: modules/administration/pages/live-patching-channel-setup.adoc:18 msgid "" -"For more information on monitoring, see xref:administration:monitoring." -"adoc[]." +"In the {productname} {webui}, select the client from menu:Systems[Overview], " +"navigate to the menu:Software[Manage > Channels] tab, and select " +"[systemitem]``dev-sles15-sp{sp-vert}-updates-x86_64``." msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:134 -#, no-wrap -msgid "Proxy" +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:19 +msgid "" +"Navigate to the [guimenu]``Patches`` tab, and click btn:[List/Remove " +"Patches]." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:137 +#: modules/administration/pages/live-patching-channel-setup.adoc:20 msgid "" -"Proxies should be updated as soon as {productname} Server updates are " -"complete." +"In the search bar, type [systemitem]``kernel`` and identify the kernel " +"version that matches the kernel currently used by your client." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:140 +#: modules/administration/pages/live-patching-channel-setup.adoc:21 msgid "" -"In general, running a proxy connected to a server on a different version is " -"not supported. The only exception is for the duration of updates where it " -"is expected that the server is updated first, so the proxy could run the " -"previous version temporarily." +"Remove all kernel versions that are newer than the currently installed " +"kernel." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:142 +#: modules/administration/pages/live-patching-channel-setup.adoc:22 msgid "" -"Especially if you are migrating from version 3.2 to 4.0, upgrade the server " -"first, then any proxy." +"Your channel is now set up for live patching, and can be promoted to " +"``testing``. In this procedure, you will also add the live patching child " +"channels to your client, ready to be applied." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:143 -msgid "For more information, see xref:upgrade:proxy-intro.adoc[]." +#. type: Block title +#: modules/administration/pages/live-patching-channel-setup.adoc:23 +#, no-wrap +msgid "Procedure: Promoting Live Patching Channels" msgstr "" -#. type: Title = -#: modules/administration/pages/maintenance-windows.adoc:2 +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:24 +msgid "" +"At the command prompt on the client, as `root`, promote and clone the `dev-" +"sles15-{sp-vert}-pool-x86_64` channel to a new ``testing`` channel:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:25 #, no-wrap -msgid "Maintenance Windows" +msgid "# spacewalk-manage-channel-lifecycle --promote -c dev-sles15-{sp-vert}-pool-x86_64\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:6 +#: modules/administration/pages/live-patching-channel-setup.adoc:26 msgid "" -"The maintenance windows feature in {productname} allows you to schedule " -"actions to occur during a scheduled maintenance window period. When you " -"have created your maintenance window schedule, and applied it to a client, " -"you are prevented from executing some actions outside of the specified " -"period." +"In the {productname} {webui}, select the client from menu:Systems[Overview], " +"and navigate to the menu:Software[Software Channels] tab." msgstr "" -#. type: delimited block = -#: modules/administration/pages/maintenance-windows.adoc:14 +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:27 msgid "" -"Maintenance windows operate in a different way to system locking. System " -"locks are switched on or off as required, while maintenance windows define " -"periods of time when actions are allowed. Additionally, the allowed and " -"restricted actions differ. For more information about system locks, see " -"xref:client-configuration:system-locking.adoc[]." +"Check the new [systemitem]``test-sles15-sp{sp-vert}-pool-x86_64`` custom " +"channel to change the base channel, and check both corresponding live " +"patching child channels." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:21 +#: modules/administration/pages/live-patching-channel-setup.adoc:28 msgid "" -"Maintenance windows require both a calendar, and a schedule. The calendar " -"defines the date and time of your maintenance window events, including " -"recurring events, and must be in [path]``ical`` format. The schedule uses " -"the events defined in the calendar to create the maintenance windows. You " -"must create an [path]``ical`` file for upload, or link to an [path]``ical`` " -"file to create the calendar, before you can create the schedule." +"Click btn:[Next], confirm that the details are correct, and click btn:" +"[Confirm] to save the changes." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:24 +#: modules/administration/pages/live-patching-channel-setup.adoc:29 msgid "" -"When you have created the schedule, you can assign it to clients that are " -"registered to the {productname} Server. Clients that have a maintenance " -"schedule assigned cannot run restricted actions outside of maintenance " -"windows." +"You can now select and view available CVE patches, and apply these important " +"kernel updates with Live Patching." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:27 -msgid "" -"Restricted actions significantly modify the client, and could potentially " -"cause the client to stop running. Some examples of restricted actions are:" +#. type: Title = +#: modules/administration/pages/live-patching-sles12.adoc:1 +#, no-wrap +msgid "Live Patching on SLES{nbsp}12" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:29 -msgid "Package installation" +#: modules/administration/pages/live-patching-sles12.adoc:2 +msgid "" +"On SLES{nbsp}12 systems, live patching is managed by kGraft. For in depth " +"information covering kGraft use, see https://documentation.suse.com/sles/12-" +"SP4/html/SLES-all/cha-kgraft.html." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:30 -msgid "Client upgrade" +#: modules/administration/pages/live-patching-sles12.adoc:3 +#: modules/administration/pages/live-patching-sles15.adoc:3 +msgid "Before you begin, ensure:" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:31 -msgid "Service pack migration" +#: modules/administration/pages/live-patching-sles12.adoc:4 +#: modules/administration/pages/live-patching-sles15.adoc:4 +msgid "{productname} is fully updated." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:32 -msgid "Highstate application (for Salt clients)" +#: modules/administration/pages/live-patching-sles12.adoc:5 +msgid "You have one or more Salt clients running SLES{nbsp}12 (SP1 or later)." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:35 -msgid "" -"Unrestricted actions are minor actions that are considered safe and are " -"unlikely to cause problems on the client. Some examples of unrestricted " -"actions are:" +#: modules/administration/pages/live-patching-sles12.adoc:6 +msgid "Your SLES{nbsp}12 Salt clients are registered with {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:37 -msgid "Package profile update" +#: modules/administration/pages/live-patching-sles12.adoc:7 +msgid "" +"You have access to the SLES{nbsp}12 channels appropriate for your " +"architecture, including the live patching child channel (or channels)." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:38 -msgid "Hardware refresh" +#: modules/administration/pages/live-patching-sles12.adoc:8 +#: modules/administration/pages/live-patching-sles15.adoc:8 +msgid "The clients are fully synchronized." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:39 -msgid "Subscribing to software channels" +#: modules/administration/pages/live-patching-sles12.adoc:9 +#: modules/administration/pages/live-patching-sles15.adoc:9 +msgid "Assign the clients to the cloned channels prepared for live patching." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:43 +#: modules/administration/pages/live-patching-sles12.adoc:10 +#: modules/administration/pages/live-patching-sles15.adoc:10 msgid "" -"Before you begin, you must create an [path]``ical`` file for upload, or link " -"to an [path]``ical`` file to create the calendar. You can create " -"[path]``ical`` files in your preferred calendaring tool, such as Microsoft " -"Outlook, Google Calendar, or KOrganizer." +"For more information on preparation, see xref:administration:live-patching-" +"channel-setup.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:46 +#: modules/administration/pages/live-patching-sles12.adoc:11 +#: modules/administration/pages/live-patching-sles15.adoc:11 #, no-wrap -msgid "Procedure: Uploading a New Maintenance Calendar" +msgid "Procedure: Setting up for Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:48 +#: modules/administration/pages/live-patching-sles12.adoc:12 msgid "" -"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " -"> Calendars], and click btn:[Create]." +"Select the client you want to manage with Live Patching from menu:" +"Systems[Overview], and on the system details page navigate to the menu:" +"Software[Packages > Install] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:49 -msgid "" -"In the [guimenu]``Calendar Name`` section, type a name for your calendar." +#: modules/administration/pages/live-patching-sles12.adoc:13 +msgid "Search for the [systemitem]``kgraft`` package, and install it." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:50 -msgid "" -"Either provide a URL to your [path]``ical`` file, or upload the file " -"directly." +#. type: Target for macro image +#: modules/administration/pages/live-patching-sles12.adoc:14 +#, no-wrap +msgid "enable_live_patching_kgraft_install.png" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:51 -msgid "Click btn:[Create Calendar] to save your calendar." +#: modules/administration/pages/live-patching-sles12.adoc:15 +#: modules/administration/pages/live-patching-sles15.adoc:15 +msgid "Apply the highstate to enable Live Patching, and reboot the client." msgstr "" -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:54 -#, no-wrap -msgid "Procedure: Creating a New Schedule" +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:16 +#: modules/administration/pages/live-patching-sles15.adoc:16 +msgid "Repeat for each client that you want to manage with Live Patching." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:56 -#: modules/administration/pages/maintenance-windows.adoc:108 +#: modules/administration/pages/live-patching-sles12.adoc:17 msgid "" -"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " -"> Schedules], and click btn:[Create]." +"To check that live patching has been enabled correctly, select the client " +"from menu:Systems[System List], and ensure that [systemitem]``Live " +"Patching`` appears in the [guimenu]``Kernel`` field." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:57 -msgid "" -"In the [guimenu]``Schedule Name`` section, type a name for your schedule." +#. type: Block title +#: modules/administration/pages/live-patching-sles12.adoc:18 +#: modules/administration/pages/live-patching-sles15.adoc:18 +#, no-wrap +msgid "Procedure: Applying Live Patches to a Kernel" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:58 +#: modules/administration/pages/live-patching-sles12.adoc:19 +#: modules/administration/pages/live-patching-sles15.adoc:19 msgid "" -"OPTIONAL: If your [path]``ical`` file contains events that apply to more " -"than one schedule, check [guimenu]``Multi``." +"In the {productname} {webui}, select the client from menu:Systems[Overview]." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:59 -#: modules/administration/pages/maintenance-windows.adoc:112 -msgid "Select the calendar to assign to this schedule." +#: modules/administration/pages/live-patching-sles12.adoc:20 +#: modules/administration/pages/live-patching-sles15.adoc:20 +msgid "" +"You will see a banner at the top of the screen showing the number of " +"critical and non-critical packages available for the client:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:60 -#: modules/administration/pages/maintenance-windows.adoc:113 -#: modules/administration/pages/maintenance-windows.adoc:118 -msgid "Click btn:[Create Schedule] to save your schedule." +#. type: Target for macro image +#: modules/administration/pages/live-patching-sles12.adoc:21 +#: modules/administration/pages/live-patching-sles15.adoc:21 +#, no-wrap +msgid "live_patching_criticalupdates.png" msgstr "" -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:63 -#, no-wrap -msgid "Procedure: Assigning a Schedule to a Client" +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:22 +#: modules/administration/pages/live-patching-sles15.adoc:22 +msgid "Click btn:[Critical] to see a list of the available critical patches." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:66 +#: modules/administration/pages/live-patching-sles12.adoc:23 +#: modules/administration/pages/live-patching-sles15.adoc:23 msgid "" -"In the {productname} {webui}, navigate to menu:Systems[Systems List], select " -"the client to be assigned to a schedule, locate the [guimenu]``System " -"Properties`` panel, and click btn:[Edit These Properties]. Alternatively, " -"you can assign clients through the system set manager by navigating to menu:" -"Systems[System Set Manager] and using the menu:Misc[Maintenance Windows] tab." +"Select any patch with a synopsis reading [guimenu]``Important: Security " +"update for the Linux kernel``." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:67 -msgid "" -"In the [guimenu]``Edit System Details`` page, locate the " -"[guimenu]``Maintenance Schedule`` field, and select the name of the schedule " -"to be assigned." +#: modules/administration/pages/live-patching-sles12.adoc:24 +#: modules/administration/pages/live-patching-sles15.adoc:24 +msgid "Security bugs will also include their CVE number, where applicable." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:68 -msgid "Click btn:[Update Properties] to assign the maintenance schedule." +#: modules/administration/pages/live-patching-sles12.adoc:25 +#: modules/administration/pages/live-patching-sles15.adoc:25 +msgid "" +"OPTIONAL: If you know the CVE number of a patch you want to apply, you can " +"search for it in menu:Audit[CVE Audit], and apply the patch to any clients " +"that require it." msgstr "" #. type: delimited block = -#: modules/administration/pages/maintenance-windows.adoc:75 +#: modules/administration/pages/live-patching-sles12.adoc:26 +#: modules/administration/pages/live-patching-sles15.adoc:26 msgid "" -"When you assign a new maintenance schedule to a client, it is possible that " -"the client might already have some restricted actions scheduled, and that " -"these might now conflict with the new maintenance schedule. If this occurs, " -"the {webui} will display an error and you will not be able to assign the " -"schedule to the client. To resolve this, check the btn:[Cancel affected " -"actions] option when you assign the schedule. This will cancel any " -"previously scheduled actions that conflict with the new maintenance schedule." +"Not all kernel patches are Live Patches! Non-Live kernel patches are " +"represented by a `Reboot Required` icon located next to the `Security` " +"shield icon. These patches will always require a reboot." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:79 +#. type: delimited block = +#: modules/administration/pages/live-patching-sles12.adoc:27 +#: modules/administration/pages/live-patching-sles15.adoc:27 msgid "" -"When you have created your maintenance windows, you can schedule restricted " -"actions, such as package upgrades, to be performed during the maintenance " -"window." +"Not all security issues can be fixed by applying a live patch. Some " +"security issues can only be fixed by applying a full kernel update and will " +"require a reboot. The assigned CVE numbers for these issues are not " +"included in live patches. A CVE audit will display this requirement." msgstr "" -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:82 +#. type: Title = +#: modules/administration/pages/live-patching-sles15.adoc:1 #, no-wrap -msgid "Procedure: Scheduling a Package Upgrade" +msgid "Live Patching on SLES{nbsp}15" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:84 +#: modules/administration/pages/live-patching-sles15.adoc:2 msgid "" -"In the {productname} {webui}, navigate to menu:Systems[System List], select " -"the client you want to upgrade, and go to the menu:Software[Packages > " -"Upgrade] tab." +"On SLES{nbsp}15 systems and newer, live patching is managed by the " +"[systemitem]``klp livepatch`` tool." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:85 -msgid "" -"Select the package to upgrade from the list, and click btn:[Upgrade " -"Packages]." +#: modules/administration/pages/live-patching-sles15.adoc:5 +msgid "You have one or more Salt clients running SLES{nbsp}15 (SP1 or later)." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:86 -msgid "" -"In the [guimenu]``Maintenance Window`` field, select which maintenance " -"window the client should use to perform the upgrade." +#: modules/administration/pages/live-patching-sles15.adoc:6 +msgid "Your SLES{nbsp}15 Salt clients are registered with {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:87 -msgid "Click btn:[Confirm] to schedule the package upgrade." +#: modules/administration/pages/live-patching-sles15.adoc:7 +msgid "" +"You have access to the SLES{nbsp}15 channels appropriate for your " +"architecture, including the live patching child channel (or channels)." msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-windows.adoc:90 -#, no-wrap -msgid "Maintenance Schedule Types" +#. type: Plain text +#: modules/administration/pages/live-patching-sles15.adoc:12 +msgid "" +"Select the client you want to manage with Live Patching from menu:" +"Systems[Overview], and navigate to the menu:Software[Packages > Install] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:95 +#: modules/administration/pages/live-patching-sles15.adoc:13 msgid "" -"When you create a calendar, it contains a number of events, which can be " -"either one-time events, or recurring events. Each event contains a " -"``summary`` field. If you want to create multiple maintenance schedules for " -"one calendar, you can specify events for each using the ``summary`` field." +"Search for the [systemitem]``kernel-livepatch`` package, and install it." +msgstr "" + +#. type: Target for macro image +#: modules/administration/pages/live-patching-sles15.adoc:14 +#, no-wrap +msgid "enable_live_patching_kernel_live_install.png" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:98 +#: modules/administration/pages/live-patching-sles15.adoc:17 msgid "" -"For example, you might like to create a schedule for production servers, and " -"a different schedule for testing servers. In this case, you would specify " -"``SUMMARY: Production Servers`` on events for the production servers, and " -"``SUMMARY: Testing Servers`` on events for the testing servers." +"To check that live patching has been enabled correctly, select the client " +"from menu:Systems[System List], and ensure that [systemitem]``Live Patch`` " +"appears in the [guimenu]``Kernel`` field." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/maintenance-windows.adoc:99 +#. type: Title = +#: modules/administration/pages/maintenance-window-tasks.adoc:1 #, no-wrap -msgid "maint_windows_multi.png" +msgid "Maintenance Window Tasks" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:2 +msgid "" +"If you work with scheduled maintenance windows, you might find it difficult " +"to remember all the things that you need to do before, during, and after " +"that critical downtime of the {productname} Server. {productname} Server " +"related systems such as Inter-Server Synchronization Slave Servers or " +"{productname} Proxies are also affected and have to be considered." msgstr "" +#. It's similar to zypper at the package level: #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:103 +#: modules/administration/pages/maintenance-window-tasks.adoc:3 msgid "" -"There are two types of schedule: single, or multi. If your calendar " -"contains events that apply to more than one schedule, then you must select " -"``multi``, and ensure you name the schedule according to the ``summary`` " -"field you used in the calendar file." +"{suse} recommends you always keep your {productname} infrastructure " +"updated. That includes servers, proxies, and build hosts. If you do not " +"keep the {productname} Server updated, you might not be able to update some " +"parts of your environment when you need to." msgstr "" -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:106 +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:4 +msgid "" +"This section contains a checklist for your maintenance window, with links to " +"further information on performing each of the steps." +msgstr "" + +#. type: Title == +#: modules/administration/pages/maintenance-window-tasks.adoc:5 #, no-wrap -msgid "Procedure: Creating a Multi Schedule" +msgid "Server" msgstr "" +#. ke, 2019-09-30: we'll stop spacewalk during the update +#. . Stop spacewalk services. +#. You will need to stop the spacewalk, SAP, and database services, along with any others you have running. +#. . Check if the configuration is still correct. #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:110 -msgid "" -"In the [guimenu]``Schedule Name`` section, type the name for your schedule. " -"Ensure it matches the ``summary`` field of the calendar." +#: modules/administration/pages/maintenance-window-tasks.adoc:6 +msgid "Apply the latest updates." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:111 -#: modules/administration/pages/maintenance-windows.adoc:117 -msgid "Check the [guimenu]``Multi`` option." +#: modules/administration/pages/maintenance-window-tasks.adoc:7 +msgid "See xref:upgrade:server-intro.adoc[]." msgstr "" +#. We reboot during the above listed procedures. +#. . Reboot the server. +#. . Check if the configuration is still correct. +#. . Start any stopped services. #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:114 -msgid "To create the next schedule, click btn:[Create]." +#: modules/administration/pages/maintenance-window-tasks.adoc:8 +msgid "Upgrade to the latest service pack, if required." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:116 +#: modules/administration/pages/maintenance-window-tasks.adoc:9 msgid "" -"In the [guimenu]``Schedule Name`` section, type the name for your second " -"schedule. Ensure it matches the ``summary`` field of the second calendar." +"Run [command]``spacewalk-service status`` and check whether all required " +"services are up and running." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:119 -msgid "Repeat for each schedule you need to create." -msgstr "" - -#. type: Title == -#: modules/administration/pages/maintenance-windows.adoc:122 -#, no-wrap -msgid "Restricted and Unrestricted Actions" +#: modules/administration/pages/maintenance-window-tasks.adoc:10 +msgid "" +"For information about database schema upgrades and PostgreSQL migrations, " +"see xref:upgrade:db-intro.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:125 +#: modules/administration/pages/maintenance-window-tasks.adoc:11 msgid "" -"This sections contains a complete list of restricted and unrestricted " -"actions." +"You can install updates using your package manager. For information on " +"using {yast}, see https://documentation.suse.com/sles/15-SP2/html/SLES-all/" +"cha-onlineupdate-you.html. For information on using zypper, see https://" +"documentation.suse.com/sles/15-SP2/html/SLES-all/cha-sw-cl.html#sec-zypper." msgstr "" +# +# +#. Preferable, you will run such a tool within a maintenance window; for more information, see xref:administration:maintenance-window.adoc#maintenance-window[]. +#. complete procedure, also see above: +#. 1. Log in as root user to the SUSE Manager server. +#. 2. Stop the Spacewalk service: +#. spacewalk-service stop +#. 3. Apply the patch using either zypper patch or YaST Online Update. +#. 4. Upgrade the database schema: +#. spacewalk-schema-upgrade +#. 5. Start the Spacewalk service: +#. spacewalk-service start #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:129 +#: modules/administration/pages/maintenance-window-tasks.adoc:12 msgid "" -"Restricted actions significantly modify the client, and could potentially " -"cause the client to stop running. Restricted actions can only be run during " -"a maintenance window. The restricted actions are:" +"By default, several update channels are configured and enabled for the " +"{productname} Server. New and updated packages will become available " +"automatically." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:131 +#: modules/administration/pages/maintenance-window-tasks.adoc:13 msgid "" -"Package operations (for example, installing, updating, or removing packages)" +"To keep {susemgr} up to date, either connect it directly to {scc} or use " +"{rmtool} (RMT). You can use RMT as a local installation source for " +"disconnected environments." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:132 -msgid "Patch updates" +#: modules/administration/pages/maintenance-window-tasks.adoc:14 +msgid "" +"You can check that the update channels are available on your system with " +"this command:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:133 -msgid "Rebooting a client" +#. type: delimited block - +#: modules/administration/pages/maintenance-window-tasks.adoc:15 +#, no-wrap +msgid "zypper lr\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:134 -msgid "Rolling back transactions" +#: modules/administration/pages/maintenance-window-tasks.adoc:16 +msgid "The output will look similar to this:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:135 -msgid "Configuration management changing tasks" +#. type: delimited block - +#: modules/administration/pages/maintenance-window-tasks.adoc:17 +#, no-wrap +msgid "" +"Name | Enabled | GPG Check | Refresh\n" +"-------------------------------------------------------+---------+-----------+--------\n" +"SLE-Module-Basesystem15-SP2-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-Basesystem15-SP2-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Module-Python2-15-SP2-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-Python2-15-SP2-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Product-SUSE-Manager-Server-4.1-Pool | Yes | (r ) Yes | No\n" +"SLE-Product-SUSE-Manager-Server-4.1-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Module-SUSE-Manager-Server-4.1-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-SUSE-Manager-Server-4.1-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Module-Server-Applications15-SP2-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-Server-Applications15-SP2-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Module-Web-Scripting15-SP2-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-Web-Scripting15-SP2-Updates | Yes | (r ) Yes | Yes\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:136 -msgid "Applying a highstate (for Salt clients)" +#: modules/administration/pages/maintenance-window-tasks.adoc:18 +msgid "" +"{productname} releases maintenance updates (MUs) to provide newer packages. " +"Maintenance updates are indicated with a new version number. For example, " +"the major release 4.1 will be incremented to 4.1.1 when an MU is released." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:137 -msgid "Autoinstallation and reinstallation" +#: modules/administration/pages/maintenance-window-tasks.adoc:19 +msgid "" +"You can verify which version you are running by looking at the bottom of the " +"navigation bar in the {webui}. You can also fetch the version number with " +"the [literal]``api.getVersion()`` XMLRPC API call." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:138 -msgid "Remote commands" +#. type: Title === +#: modules/administration/pages/maintenance-window-tasks.adoc:20 +#, no-wrap +msgid "Client Tools" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:139 -msgid "Service pack migrations" +#: modules/administration/pages/maintenance-window-tasks.adoc:21 +msgid "" +"When the server is updated consider to update some tools on the clients, " +"too. Updating [package]``salt-minion``, [package]``zypper``, and other " +"related management package on clients is not a strict requirement, but it is " +"a best practice in general. For example, a maintenance update on the server " +"might introduce a major new Salt version. Then minions will continue to " +"work but might experience problems later on. To avoid this always update " +"the salt-minion package when available. {suse} makes sure that " +"[package]``salt-minion`` can always be updated safely." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:140 -msgid "Cluster operations" +#. type: Title == +#: modules/administration/pages/maintenance-window-tasks.adoc:22 +#, no-wrap +msgid "Inter-Server Synchronization Slave Server" msgstr "" -#. type: delimited block = -#: modules/administration/pages/maintenance-windows.adoc:146 +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:23 msgid "" -"For Salt clients, it is possible to run remote commands directly at any time " -"by navigating to menu:Salt[Remote Commands]. This applies whether or not " -"the Salt client is in a maintenance window. For more information about " -"remote commands, see xref:administration:actions.adoc[]." +"If you are using an inter-server synchronization slave server, update it " +"after the {productname} Server update is complete." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:149 +#: modules/administration/pages/maintenance-window-tasks.adoc:24 msgid "" -"Unrestricted actions are minor actions that are considered safe and are " -"unlikely to cause problems on the client. If an action is not restricted it " -"is, by definition, unrestricted, and can be be run at any time." +"For more in inter-server synchronization, see xref:administration:iss.adoc[]." msgstr "" -#. type: Title = -#: modules/administration/pages/admin-overview.adoc:2 +#. type: Title == +#: modules/administration/pages/maintenance-window-tasks.adoc:25 #, no-wrap -msgid "Administration Guide Overview" +msgid "Monitoring Server" msgstr "" #. type: Plain text -#: modules/administration/pages/admin-overview.adoc:5 -#, no-wrap -msgid "**Publication Date:** {docdate}\n" +#: modules/administration/pages/maintenance-window-tasks.adoc:26 +msgid "" +"If you are using a monitoring server for Prometheus, update it after the " +"{productname} Server update is complete." msgstr "" #. type: Plain text -#: modules/administration/pages/admin-overview.adoc:6 +#: modules/administration/pages/maintenance-window-tasks.adoc:27 msgid "" -"This book provides guidance on performing administration tasks on the " -"{productname} Server." +"For more information on monitoring, see xref:administration:monitoring." +"adoc[]." msgstr "" -#. type: Title = -#: modules/administration/pages/actions.adoc:2 +#. type: Title == +#: modules/administration/pages/maintenance-window-tasks.adoc:28 #, no-wrap -msgid "Actions" +msgid "Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:5 -msgid "You can manage actions on your clients in a number of different ways." +#: modules/administration/pages/maintenance-window-tasks.adoc:29 +msgid "" +"Proxies should be updated as soon as {productname} Server updates are " +"complete." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:8 +#: modules/administration/pages/maintenance-window-tasks.adoc:30 msgid "" -"For Salt clients, you can schedule automated recurring actions to apply the " -"highstate to clients on a specified schedule. You can apply recurring " -"actions to individual clients, to all clients in a system group, or to an " -"entire organization." +"In general, running a proxy connected to a server on a different version is " +"not supported. The only exception is for the duration of updates where it " +"is expected that the server is updated first, so the proxy could run the " +"previous version temporarily." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:11 +#: modules/administration/pages/maintenance-window-tasks.adoc:31 msgid "" -"On both Salt and traditional clients, you can set actions to be performed in " -"a particular order by creating action chains. Action chains can be created " -"and edited ahead of time, and scheduled to run at a time that suits you." +"Especially if you are migrating from version 4.0 to 4.1, upgrade the server " +"first, then any proxy." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:14 -msgid "" -"You can also perform remote commands on one or more of your Salt clients. " -"Remote commands allows you to issue commands to individual Salt clients, or " -"to all clients that match a search term." +#: modules/administration/pages/maintenance-window-tasks.adoc:32 +msgid "For more information, see xref:upgrade:proxy-intro.adoc[]." msgstr "" -#. type: Title == -#: modules/administration/pages/actions.adoc:17 +#. type: Title = +#: modules/administration/pages/maintenance-windows.adoc:1 #, no-wrap -msgid "Recurring Actions" +msgid "Maintenance Windows" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:20 +#: modules/administration/pages/maintenance-windows.adoc:2 msgid "" -"You can apply recurring actions on individual Salt clients, or to all " -"clients in an organization." +"The maintenance windows feature in {productname} allows you to schedule " +"actions to occur during a scheduled maintenance window period. When you " +"have created your maintenance window schedule, and applied it to a client, " +"you are prevented from executing some actions outside of the specified " +"period." msgstr "" -#. type: Block title -#: modules/administration/pages/actions.adoc:23 -#, no-wrap -msgid "Procedure: Creating a New Recurring Action" +#. type: delimited block = +#: modules/administration/pages/maintenance-windows.adoc:3 +msgid "" +"Maintenance windows operate in a different way to system locking. System " +"locks are switched on or off as required, while maintenance windows define " +"periods of time when actions are allowed. Additionally, the allowed and " +"restricted actions differ. For more information about system locks, see " +"xref:client-configuration:system-locking.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:25 +#: modules/administration/pages/maintenance-windows.adoc:4 msgid "" -"To apply a recurring action to an individual client, navigate to " -"[guimenu]``Systems``, click the client to configure schedules for, and " -"navigate to the menu:States[Recurring States] tab." +"Maintenance windows require both a calendar, and a schedule. The calendar " +"defines the date and time of your maintenance window events, including " +"recurring events, and must be in [path]``ical`` format. The schedule uses " +"the events defined in the calendar to create the maintenance windows. You " +"must create an [path]``ical`` file for upload, or link to an [path]``ical`` " +"file to create the calendar, before you can create the schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:26 +#: modules/administration/pages/maintenance-windows.adoc:5 msgid "" -"To apply a recurring action to a system group, navigate to menu:" -"Systems[System Groups], select the group to configure schedules for, and " -"navigate to menu:States[Recurring States] tab." +"When you have created the schedule, you can assign it to clients that are " +"registered to the {productname} Server. Clients that have a maintenance " +"schedule assigned cannot run restricted actions outside of maintenance " +"windows." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:27 -msgid "Click btn:[Create]." +#: modules/administration/pages/maintenance-windows.adoc:6 +msgid "" +"Restricted actions significantly modify the client, and could potentially " +"cause the client to stop running. Some examples of restricted actions are:" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:28 -msgid "Type a name for the new schedule." +#: modules/administration/pages/maintenance-windows.adoc:7 +msgid "Package installation" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:29 -msgid "Choose the frequency of the recurring action:" +#: modules/administration/pages/maintenance-windows.adoc:8 +msgid "Client upgrade" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:32 -msgid "" -"[guimenu]``Hourly:`` Type the minute of each hour. For example, " -"[parameter]``15`` will run the action at fifteen minutes past every hour." +#: modules/administration/pages/maintenance-windows.adoc:9 +msgid "Service pack migration" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:34 -msgid "" -"[guimenu]``Daily:`` Select the time of each day. For example, " -"[parameter]``01:00`` will run the action at 0100 every day, in the timezone " -"of the {productname} Server." +#: modules/administration/pages/maintenance-windows.adoc:10 +msgid "Highstate application (for Salt clients)" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:35 +#: modules/administration/pages/maintenance-windows.adoc:11 msgid "" -"[guimenu]``Weekly:`` Select the day of the week and the time of the day, to " -"execute the action every week at the specified time." +"Unrestricted actions are minor actions that are considered safe and are " +"unlikely to cause problems on the client. Some examples of unrestricted " +"actions are:" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:36 -msgid "" -"[guimenu]``Monthly:`` Select the day of the month and the time of the day, " -"to execute the action every month at the specified time." +#: modules/administration/pages/maintenance-windows.adoc:12 +msgid "Package profile update" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:13 +msgid "Hardware refresh" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:38 +#: modules/administration/pages/maintenance-windows.adoc:14 +msgid "Subscribing to software channels" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:15 msgid "" -"[guimenu]``Custom Quartz format:`` For more detailed options, enter a custom " -"quartz string. For example, to run a recurring action at 0215 every " -"Saturday of every month, enter:" +"Before you begin, you must create an [path]``ical`` file for upload, or link " +"to an [path]``ical`` file to create the calendar. You can create " +"[path]``ical`` files in your preferred calendaring tool, such as Microsoft " +"Outlook, Google Calendar, or KOrganizer." msgstr "" -#. type: delimited block - -#: modules/administration/pages/actions.adoc:41 +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:16 #, no-wrap -msgid "0 15 2 ? * 7\n" +msgid "Procedure: Uploading a New Maintenance Calendar" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:43 +#: modules/administration/pages/maintenance-windows.adoc:17 msgid "" -"OPTIONAL: Toggle the [guimenu]``Test mode`` switch on to run the schedule in " -"test mode." +"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " +"> Calendars], and click btn:[Create]." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:44 +#: modules/administration/pages/maintenance-windows.adoc:18 msgid "" -"Click btn:[Create Schedule] to save, and see the complete list of existing " -"schedules." +"In the [guimenu]``Calendar Name`` section, type a name for your calendar." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:48 +#: modules/administration/pages/maintenance-windows.adoc:19 msgid "" -"Organization Administrators can set and edit recurring actions for all " -"clients in the organization. Navigate to menu:Home[My Organization > " -"Recurring States] to see all recurring actions that apply to the entire " -"organization." +"Either provide a URL to your [path]``ical`` file, or upload the file " +"directly." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:51 -msgid "" -"{productname} Administrators can set and edit recurring actions for all " -"clients in all organizations. Navigate to menu:Admin[Organizations], select " -"the organization to manage, and navigate to the menu:States[Recurring " -"States] tab." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/actions.adoc:56 -msgid "" -"Recurring actions can only be used with Salt clients. Traditional clients " -"in your group or organization are ignored." +#: modules/administration/pages/maintenance-windows.adoc:20 +msgid "Click btn:[Create Calendar] to save your calendar." msgstr "" -#. type: Title == -#: modules/administration/pages/actions.adoc:60 +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:21 #, no-wrap -msgid "Action Chains" +msgid "Procedure: Creating a New Schedule" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:63 +#: modules/administration/pages/maintenance-windows.adoc:22 +#: modules/administration/pages/maintenance-windows.adoc:45 msgid "" -"If you need to perform a number of sequential actions on your clients, you " -"can create an action chain to ensure the order is respected." +"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " +"> Schedules], and click btn:[Create]." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:68 +#: modules/administration/pages/maintenance-windows.adoc:23 msgid "" -"By default, most clients will execute an action as soon as the command is " -"issued. In some case, actions will take a long time, which could mean that " -"actions issued afterwards fail. For example, if you instruct a client to " -"reboot, then issue a second command, the second action could fail because " -"the reboot is still occurring. To ensure that actions occur in the correct " -"order, use action chains." +"In the [guimenu]``Schedule Name`` section, type a name for your schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:71 +#: modules/administration/pages/maintenance-windows.adoc:24 msgid "" -"You can use action chains on both traditional and Salt clients. Action " -"chains can include any number of these actions, in any order:" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/actions.adoc:73 -msgid "menu:System Details[Remote Command]" +"OPTIONAL: If your [path]``ical`` file contains events that apply to more " +"than one schedule, check [guimenu]``Multi``." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:74 -msgid "menu:System Details[Schedule System Reboot]" +#: modules/administration/pages/maintenance-windows.adoc:25 +#: modules/administration/pages/maintenance-windows.adoc:49 +msgid "Select the calendar to assign to this schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:75 -msgid "menu:System Details[States > Highstate]" +#: modules/administration/pages/maintenance-windows.adoc:26 +#: modules/administration/pages/maintenance-windows.adoc:50 +#: modules/administration/pages/maintenance-windows.adoc:55 +msgid "Click btn:[Create Schedule] to save your schedule." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:76 -msgid "menu:System Details[Software > Packages > List/Remove]" +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:27 +#, no-wrap +msgid "Procedure: Assigning a Schedule to a Client" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:77 -msgid "menu:System Details[Software > Packages > Install]" +#: modules/administration/pages/maintenance-windows.adoc:28 +msgid "" +"In the {productname} {webui}, navigate to menu:Systems[Systems List], select " +"the client to be assigned to a schedule, locate the [guimenu]``System " +"Properties`` panel, and click btn:[Edit These Properties]." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:78 -msgid "menu:System Details[Software > Packages > Upgrade]" +#: modules/administration/pages/maintenance-windows.adoc:29 +msgid "" +"Alternatively, you can assign clients through the system set manager by " +"navigating to menu:Systems[System Set Manager] and using the menu:" +"Misc[Maintenance Windows] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:79 -msgid "menu:System Details[Software > Patches]" +#: modules/administration/pages/maintenance-windows.adoc:30 +msgid "" +"In the [guimenu]``Edit System Details`` page, locate the " +"[guimenu]``Maintenance Schedule`` field, and select the name of the schedule " +"to be assigned." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:80 -msgid "menu:System Details[Software > Software Channels]" +#: modules/administration/pages/maintenance-windows.adoc:31 +msgid "Click btn:[Update Properties] to assign the maintenance schedule." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:81 -msgid "menu:System Details[Configuration]" +#. type: delimited block = +#: modules/administration/pages/maintenance-windows.adoc:32 +msgid "" +"When you assign a new maintenance schedule to a client, it is possible that " +"the client might already have some restricted actions scheduled, and that " +"these might now conflict with the new maintenance schedule. If this occurs, " +"the {webui} will display an error and you will not be able to assign the " +"schedule to the client. To resolve this, check the btn:[Cancel affected " +"actions] option when you assign the schedule. This will cancel any " +"previously scheduled actions that conflict with the new maintenance schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:82 -msgid "menu:Images[Build]" +#: modules/administration/pages/maintenance-windows.adoc:33 +msgid "" +"When you have created your maintenance windows, you can schedule restricted " +"actions, such as package upgrades, to be performed during the maintenance " +"window." msgstr "" #. type: Block title -#: modules/administration/pages/actions.adoc:85 +#: modules/administration/pages/maintenance-windows.adoc:34 #, no-wrap -msgid "Procedure: Creating a New Action Chain" +msgid "Procedure: Scheduling a Package Upgrade" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:88 +#: modules/administration/pages/maintenance-windows.adoc:35 msgid "" -"In the {productname} {webui}, navigate to the first action you want to " -"perform in the action chain. For example, navigate to [guimenu]``System " -"Details`` for a client, and click btn:[Schedule System Reboot]." +"In the {productname} {webui}, navigate to menu:Systems[System List], select " +"the client you want to upgrade, and go to the menu:Software[Packages > " +"Upgrade] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:89 -msgid "Check the [guimenu]``Add to`` field and select ``new action chain``." +#: modules/administration/pages/maintenance-windows.adoc:36 +msgid "" +"Select the package to upgrade from the list, and click btn:[Upgrade " +"Packages]." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:91 +#: modules/administration/pages/maintenance-windows.adoc:37 msgid "" -"Confirm the action. This will not perform the action immediately, it will " -"instead create the new action chain, and a blue bar confirming this appears " -"at the top of the screen." +"In the [guimenu]``Maintenance Window`` field, select which maintenance " +"window the client should use to perform the upgrade." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:92 -msgid "" -"Continue adding actions to your action chain by checking the [guimenu]``Add " -"to`` field and selecting the name of the action chain to add them to." +#: modules/administration/pages/maintenance-windows.adoc:38 +msgid "Click btn:[Confirm] to schedule the package upgrade." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:93 -msgid "" -"When you have finished adding actions, navigate to menu:Schedule[Action " -"Chains] and selecting the action chain from the list." +#. type: Title == +#: modules/administration/pages/maintenance-windows.adoc:39 +#, no-wrap +msgid "Maintenance Schedule Types" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:96 +#: modules/administration/pages/maintenance-windows.adoc:40 msgid "" -"Re-order actions by dragging them and dropping them into the correct " -"position. Click the blue plus sign to see the clients an action will be " -"performed on. Click btn:[Save] to save your changes." +"When you create a calendar, it contains a number of events, which can be " +"either one-time events, or recurring events. Each event contains a " +"``summary`` field. If you want to create multiple maintenance schedules for " +"one calendar, you can specify events for each using the ``summary`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:98 +#: modules/administration/pages/maintenance-windows.adoc:41 msgid "" -"Schedule a time for your action chain to run, and click btn:[Save and " -"Schedule]. If you leave the page without clicking either btn:[Save] or btn:" -"[Save and Schedule] all unsaved changes will be discarded." +"For example, you might like to create a schedule for production servers, and " +"a different schedule for testing servers. In this case, you would specify " +"``SUMMARY: Production Servers`` on events for the production servers, and " +"``SUMMARY: Testing Servers`` on events for the testing servers." msgstr "" -#. type: delimited block = -#: modules/administration/pages/actions.adoc:102 -msgid "" -"If one action in an action chain fails, the action chain stops, and no " -"further actions are executed." +#. type: Target for macro image +#: modules/administration/pages/maintenance-windows.adoc:42 +#, no-wrap +msgid "maint_windows_multi.png" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:105 +#: modules/administration/pages/maintenance-windows.adoc:43 msgid "" -"You can see scheduled actions from action chains by navigating to menu:" -"Schedule[Pending Actions]." +"There are two types of schedule: single, or multi. If your calendar " +"contains events that apply to more than one schedule, then you must select " +"``multi``, and ensure you name the schedule according to the ``summary`` " +"field you used in the calendar file." msgstr "" -#. type: Title == -#: modules/administration/pages/actions.adoc:108 +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:44 #, no-wrap -msgid "Remote Commands" +msgid "Procedure: Creating a Multi Schedule" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:112 +#: modules/administration/pages/maintenance-windows.adoc:46 msgid "" -"You can configure clients to run commands remotely. This allows you to " -"issue scripts or individual commands to a client, without having access to " -"the client directly." +"In the [guimenu]``Schedule Name`` section, type the name for your schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:116 -msgid "" -"This feature is automatically enabled on Salt clients, and you do not need " -"to perform any further configuration. For traditional clients, the feature " -"is enabled if you have registered the client using a bootstrap script and " -"have enabled remote commands. You can use this procedure to enable it " -"manually, instead." +#: modules/administration/pages/maintenance-windows.adoc:47 +msgid "Ensure it matches the ``summary`` field of the calendar." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:119 -msgid "" -"Before you begin, ensure your client is subscribed to the appropriate tools " -"child channel for its installed operating system. For more information " -"about subscribing to software channels, see xref:client-configuration:" -"channels.adoc[]." +#: modules/administration/pages/maintenance-windows.adoc:48 +#: modules/administration/pages/maintenance-windows.adoc:54 +msgid "Check the [guimenu]``Multi`` option." msgstr "" -#. type: Block title -#: modules/administration/pages/actions.adoc:122 -#, no-wrap -msgid "Procedure: Configuring Traditional Clients to Accept Remote Commands" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:51 +msgid "To create the next schedule, click btn:[Create]." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:125 +#: modules/administration/pages/maintenance-windows.adoc:52 msgid "" -"On the client, at the command prompt, use the package manager to install the " -"[systemitem]``rhncfg``, [systemitem]``rhncfg-client``, and " -"[systemitem]``rhncfg-actions`` packages, if not already installed. For " -"example:" +"In the [guimenu]``Schedule Name`` section, type the name for your second " +"schedule." msgstr "" -#. type: delimited block - -#: modules/administration/pages/actions.adoc:128 -#, no-wrap -msgid "zypper in rhncfg rhncfg-client rhncfg-actions\n" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:53 +msgid "Ensure it matches the ``summary`` field of the second calendar." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:130 -msgid "" -"On the client, at the command prompt, as root, create a path in the local " -"configuration directory:" +#: modules/administration/pages/maintenance-windows.adoc:56 +msgid "Repeat for each schedule you need to create." msgstr "" -#. type: delimited block - -#: modules/administration/pages/actions.adoc:133 +#. type: Title == +#: modules/administration/pages/maintenance-windows.adoc:57 #, no-wrap -msgid "mkdir -p /etc/sysconfig/rhn/allowed-actions/script\n" +msgid "Restricted and Unrestricted Actions" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:137 +#: modules/administration/pages/maintenance-windows.adoc:58 msgid "" -"Create an empty file called [path]``run`` in the new directory. This file " -"grants the {productname} Server permission to run remote commands:" +"This sections contains a complete list of restricted and unrestricted " +"actions." msgstr "" -#. type: delimited block - -#: modules/administration/pages/actions.adoc:140 -#, no-wrap -msgid "touch /etc/sysconfig/rhn/allowed-actions/script/run\n" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:59 +msgid "" +"Restricted actions significantly modify the client, and could potentially " +"cause the client to stop running. Restricted actions can only be run during " +"a maintenance window. The restricted actions are:" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:145 +#: modules/administration/pages/maintenance-windows.adoc:60 msgid "" -"For Salt clients, remote commands are run from the [path]``/tmp/`` directory " -"on the client. To ensure that remote commands work accurately, do not mount " -"``/tmp`` with the [parameter]``noexec`` option." +"Package operations (for example, installing, updating, or removing packages)" msgstr "" -#. type: delimited block = -#: modules/administration/pages/actions.adoc:151 -msgid "" -"All commands run from the [guimenu]``Remote Commands`` page are executed as " -"{rootuser} on clients. Wildcards can be used to run commands across any " -"number of systems. Always take extra care to check your commands before " -"issuing them." +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:61 +msgid "Patch updates" msgstr "" -#. type: Block title -#: modules/administration/pages/actions.adoc:155 -#, no-wrap -msgid "Procedure: Running Remote Commands on Traditional Clients" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:62 +msgid "Rebooting a client" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:157 -msgid "" -"In the {productname} {webui}, navigate to [guimenu]``Systems``, click the " -"client to run a remote command on, and navigate to the menu:Details[Remote " -"Command] tab." +#: modules/administration/pages/maintenance-windows.adoc:63 +msgid "Rolling back transactions" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:159 -msgid "" -"In the [guimenu]``Run as user`` field, type the user ID (UID) of the user on " -"the client that you want to run the command. Alternatively, you can specify " -"a group to run the command, using the group ID (GID) in the [guimenu]``Run " -"as group`` field." +#: modules/administration/pages/maintenance-windows.adoc:64 +msgid "Configuration management changing tasks" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:161 -msgid "" -"OPTIONAL: In the [guimenu]``Timeout`` field, type a timeout period for the " -"command, in seconds. If the command is not executed within this period, it " -"will not be run." +#: modules/administration/pages/maintenance-windows.adoc:65 +msgid "Applying a highstate (for Salt clients)" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:162 -msgid "In the [guimenu]``Command label`` field, type a name for your command." +#: modules/administration/pages/maintenance-windows.adoc:66 +msgid "Autoinstallation and reinstallation" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:163 -msgid "" -"In the [guimenu]``Script`` field, type the command or script to execute." +#: modules/administration/pages/maintenance-windows.adoc:67 +msgid "Remote commands" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:164 -msgid "" -"Select a date and time to execute the command, or add the remote command to " -"an action chain." +#: modules/administration/pages/maintenance-windows.adoc:68 +msgid "Service pack migrations" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:165 -msgid "Click btn:[Schedule] to schedule the remote command." +#: modules/administration/pages/maintenance-windows.adoc:69 +msgid "Cluster operations" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/maintenance-windows.adoc:70 +msgid "" +"For Salt clients, it is possible to run remote commands directly at any time " +"by navigating to menu:Salt[Remote Commands]. This applies whether or not " +"the Salt client is in a maintenance window. For more information about " +"remote commands, see xref:administration:actions.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:167 +#: modules/administration/pages/maintenance-windows.adoc:71 msgid "" -"For more information about action chains, see xref:reference:schedule/action-" -"chains.adoc[]." +"Unrestricted actions are minor actions that are considered safe and are " +"unlikely to cause problems on the client. If an action is not restricted it " +"is, by definition, unrestricted, and can be be run at any time." msgstr "" -#. type: Block title -#: modules/administration/pages/actions.adoc:171 +#. type: Title = +#: modules/administration/pages/monitoring.adoc:1 #, no-wrap -msgid "Procedure: Running Remote Commands on Salt Clients" +msgid "Monitoring with Prometheus and Grafana" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:173 -msgid "Navigate to menu:Salt[Remote Commands]." +#: modules/administration/pages/monitoring.adoc:2 +msgid "" +"You can monitor your {productname} environment using Prometheus and " +"Grafana. {productname} Server and Proxy are able to provide self-health " +"metrics. You can also install and manage a number of Prometheus exporters " +"on Salt clients." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:174 +#: modules/administration/pages/monitoring.adoc:3 msgid "" -"In the first field, before the ``@`` symbol, type the command you want to " -"issue." +"Prometheus and Grafana packages are included in the {productname} Client " +"Tools for:" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:176 -msgid "" -"In the second field, after the ``@`` symbol, type the client you want to " -"issue the command on. You can type the ``minion-id`` of an individual " -"client, or you can use wildcards to target a range of clients." +#: modules/administration/pages/monitoring.adoc:4 +#: modules/administration/pages/monitoring.adoc:10 +msgid "{sle}{nbsp}12" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:177 -msgid "" -"Click btn:[Find targets] to check which clients you have targeted, and " -"confirm that you have used the correct details." +#: modules/administration/pages/monitoring.adoc:5 +#: modules/administration/pages/monitoring.adoc:11 +msgid "{sle}{nbsp}15" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:177 -msgid "Click btn:[Run command] to issue the command to the target clients." +#: modules/administration/pages/monitoring.adoc:6 +msgid "{rhel}{nbsp} 6" msgstr "" -#. type: Title = -#: modules/administration/pages/custom-channels.adoc:2 -#, no-wrap -msgid "Custom Channels" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:7 +msgid "{rhel}{nbsp} 7" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:6 -msgid "" -"Custom channels give you the ability to create your own software packages " -"and repositories, which you can use to update your clients. They also allow " -"you to use software provided by third party vendors in your environment." +#: modules/administration/pages/monitoring.adoc:8 +msgid "{rhel}{nbsp} 8" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:8 -msgid "" -"You must have administrator privileges to be able to create and manage " -"custom channels." +#: modules/administration/pages/monitoring.adoc:9 +msgid "openSUSE 15.x" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:10 -msgid "" -"Before you create a custom channel, determine which base channel you want to " -"associate it with, and which repositories you want to use for content." +#: modules/administration/pages/monitoring.adoc:12 +msgid "{centos}{nbsp} 6" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:12 -msgid "" -"This section gives more detail on how to create, administer, and delete " -"custom channels." +#: modules/administration/pages/monitoring.adoc:13 +msgid "{centos}{nbsp} 7" msgstr "" -#. type: Title == -#: modules/administration/pages/custom-channels.adoc:15 -#, no-wrap -msgid "Creating Custom Channels and Repositories" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:14 +msgid "{centos}{nbsp} 8" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:19 -msgid "" -"If you have custom software packages that you need to install on your " -"{productname} systems, you can create a custom child channel to manage " -"them. You will need to create the channel in the {productname} {webui} and " -"create a repository for the packages, before assigning the channel to your " -"systems." +#: modules/administration/pages/monitoring.adoc:15 +msgid "and openSUSE 15.x" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:22 +#: modules/administration/pages/monitoring.adoc:16 msgid "" -"You can select a vendor channel as the base channel if you want to use " -"packages provided by a vendor. Alternatively, select ``none`` to make your " -"custom channel a base channel." +"You need to install Prometheus and Grafana on a machine separate from the " +"{productname} Server. We recommend you use a managed Salt client as your " +"monitoring server." msgstr "" -#. We need to create a section on importing GPG keys and change this to point there: https://github.com/SUSE/spacewalk/issues/9474 LKB 2019-09-18 #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:29 +#: modules/administration/pages/monitoring.adoc:17 msgid "" -"Custom channels will sometimes require additional security settings. Many " -"third party vendors secure packages with GPG. If you want to use GPG-" -"protected packages in your custom channel, you will need to trust the GPG " -"key which has been used to sign the metadata. You can then check the " -"[guimenu]``Has Signed Metadata?`` check box to match the package metadata " -"against the trusted GPG keys. For more information on importing GPG keys, " -"see xref:reference:systems/autoinst-gpg-and-ssl-keys.adoc[]." +"Prometheus fetches metrics using a pull mechanism, so the server must be " +"able to establish TCP connections to monitored clients. Clients must have " +"corresponding open ports and be reachable over the network. Alternatively, " +"you can use reverse proxies to establish a connection." msgstr "" #. type: delimited block = -#: modules/administration/pages/custom-channels.adoc:35 +#: modules/administration/pages/monitoring.adoc:18 msgid "" -"Do not create child channels containing packages that are not compatible " -"with the client system." +"You must have a monitoring add-on subscription for each client you want to " +"monitor. Visit the {scc} to manage your {productname} subscriptions." +msgstr "" + +#. type: Title == +#: modules/administration/pages/monitoring.adoc:19 +#, no-wrap +msgid "Prometheus and Grafana" msgstr "" #. type: Block title -#: modules/administration/pages/custom-channels.adoc:39 +#: modules/administration/pages/monitoring.adoc:20 #, no-wrap -msgid "Procedure: Creating a Custom Channel" +msgid "Prometheus" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:41 +#: modules/administration/pages/monitoring.adoc:21 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and click btn:[Create Channel]." +"Prometheus is an open-source monitoring tool that is used to record real-" +"time metrics in a time-series database. Metrics are pulled via HTTP, " +"enabling high performance and scalability." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:43 +#: modules/administration/pages/monitoring.adoc:22 msgid "" -"On the [guimenu]``Create Software Channel`` page, give your channel a name " -"(for example, [systemitem]``My Tools SLES 15 SP1 x86_64``) and a label (for " -"example, [systemitem]``my-tools-sles15sp1-x86_64``). Labels must not " -"contain spaces or uppercase letters." +"Prometheus metrics are time series data, or timestamped values belonging to " +"the same group or dimension. A metric is uniquely identified by its name " +"and set of labels." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:45 +#. TODO:: This should be an actual image. +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:23 +#, no-wrap msgid "" -"In the [guimenu]``Parent Channel`` drop down, choose the relevant base " -"channel (for example, [systemitem]``SLE-Product-SLES15-SP1-Pool for " -"x86_64``). Ensure that you choose the compatible parent channel for your " -"packages." +" metric name labels timestamp value\n" +"┌────────┴───────┐ ┌───────────┴───────────┐ ┌──────┴──────┐ ┌─┴─┐\n" +"http_requests_total{status=\"200\", method=\"GET\"} @1557331801.111 42236\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:46 +#: modules/administration/pages/monitoring.adoc:24 msgid "" -"In the [guimenu]``Architecture`` drop down, choose the appropriate hardware " -"architecture (for example, [systemitem]``x86_64``)." +"Each application or system being monitored must expose metrics in the format " +"above, either through code instrumentation or Prometheus exporters." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:47 -msgid "" -"Provide any additional information in the contact details, channel access " -"control, and GPG fields, as required for your environment." +#. type: Block title +#: modules/administration/pages/monitoring.adoc:25 +#, no-wrap +msgid "Prometheus Exporters" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:48 -msgid "Click btn:[Create Channel]." +#: modules/administration/pages/monitoring.adoc:26 +msgid "" +"Exporters are libraries that help with exporting metrics from third-party " +"systems as Prometheus metrics. Exporters are useful whenever it is not " +"feasible to instrument a given application or system with Prometheus metrics " +"directly. Multiple exporters can run on a monitored host to export local " +"metrics." msgstr "" -#. type: delimited block = -#: modules/administration/pages/custom-channels.adoc:55 +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:27 msgid "" -"By default, the ``Enable GPG Check`` field is checked when you create a new " -"channel. If you would like to add custom packages and applications to your " -"channel, make sure you uncheck this field to be able to install unsigned " -"packages. Disabling the GPG check is a security risk if packages are from " -"an untrusted source." +"The Prometheus community provides a list of official exporters, and more can " +"be found as community contributions. For more information and an extensive " +"list of exporters, see https://prometheus.io/docs/instrumenting/exporters/." msgstr "" #. type: Block title -#: modules/administration/pages/custom-channels.adoc:59 +#: modules/administration/pages/monitoring.adoc:28 #, no-wrap -msgid "Procedure: Creating a Software Repository" +msgid "Grafana" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:61 +#: modules/administration/pages/monitoring.adoc:29 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > " -"Repositories], and click btn:[Create Repository]." +"Grafana is a tool for data visualization, monitoring, and analysis. It is " +"used to create dashboards with panels representing specific metrics over a " +"set period of time. Grafana is commonly used together with Prometheus, but " +"also supports other data sources such as ElasticSearch, MySQL, PostgreSQL, " +"and Influx DB. For more information about Grafana, see https://grafana.com/" +"docs/." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:62 -msgid "" -"On the [guimenu]``Create Repository`` page, give your repository a label " -"(for example, [systemitem]``my-tools-sles15sp1-x86_64-repo``)." +#. type: Title == +#: modules/administration/pages/monitoring.adoc:30 +#, no-wrap +msgid "Set up the Monitoring Server" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:64 +#: modules/administration/pages/monitoring.adoc:31 msgid "" -"In the [guimenu]``Repository URL`` field, provide the path to the directory " -"that contains the [path]``repodata`` file (for example, " -"[systemitem]``file:///opt/mytools/``). You can use any valid addressing " -"protocol in this field." +"To set up your monitoring server, you need to install Prometheus and " +"Grafana, and configure them." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:65 -msgid "Uncheck the [guimenu]``Has Signed Metadata?`` check box." +#. type: Title === +#: modules/administration/pages/monitoring.adoc:32 +#, no-wrap +msgid "Install Prometheus" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:66 +#: modules/administration/pages/monitoring.adoc:33 msgid "" -"OPTIONAL: Complete the SSL fields if your repository requires client " -"certificate authentication." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:67 -msgid "Click btn:[Create Repository]." +"If your monitoring server is a {productname} Salt client, you can install " +"the Prometheus package using the {productname} {webui}. Otherwise you can " +"download and install the package on your monitoring server manually." msgstr "" #. type: Block title -#: modules/administration/pages/custom-channels.adoc:70 +#: modules/administration/pages/monitoring.adoc:34 #, no-wrap -msgid "Procedure: Assigning the Repository to a Channel" +msgid "Procedure: Installing Prometheus Using the {webui}" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:72 +#: modules/administration/pages/monitoring.adoc:35 msgid "" -"Assign your new repository to your custom channel by navigating to menu:" -"Software[Manage > Channels], clicking the name of your newly created custom " -"channel, and navigating to the [guimenu]``Repositories`` tab." +"In the {productname} {webui}, open the details page of the system where " +"Prometheus is to be installed, and navigate to the [guimenu]``Formulas`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:73 +#: modules/administration/pages/monitoring.adoc:36 msgid "" -"Ensure the repository you want to assign to the channel is checked, and " -"click btn:[Update Repositories]." +"Check the [guimenu]``Prometheus`` checkbox to enable monitoring formulas, " +"and click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:75 +#: modules/administration/pages/monitoring.adoc:37 +msgid "Navigate to the ``Prometheus`` tab in the top menu." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:38 msgid "" -"Navigate to the [guimenu]``Sync`` tab and click btn:[Sync Now] to " -"synchronize immediately. You can also set an automated synchronization " -"schedule on this tab." +"In the ``{productname} Server`` section, enter valid {productname} API " +"credentials." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:78 +#: modules/administration/pages/monitoring.adoc:39 msgid "" -"There are several ways to check if a channel has finished synchronizing:" +"Make sure that the credentials you have entered allow access to the set of " +"systems you want to monitor." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:81 -msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Setup Wizard] and " -"select the [guimenu]``Products`` tab. This dialog displays a completion bar " -"for each product when they are being synchronized." +#: modules/administration/pages/monitoring.adoc:40 +#: modules/administration/pages/monitoring.adoc:68 +msgid "Customize any other configuration options according to your needs." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:84 -msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"then click the channel associated to the repository. Navigate to the menu:" -"[Repositories > Sync] tab. The [guimenu]``Sync Status`` is shown next to " -"the repository name.." +#: modules/administration/pages/monitoring.adoc:41 +#: modules/administration/pages/monitoring.adoc:69 +#: modules/administration/pages/monitoring.adoc:129 +#: modules/administration/pages/monitoring.adoc:154 +msgid "Click btn:[Save Formula]." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:85 -msgid "Check the synchronization log file at the command prompt:" +#: modules/administration/pages/monitoring.adoc:42 +#: modules/administration/pages/monitoring.adoc:70 +#: modules/administration/pages/monitoring.adoc:155 +msgid "Apply the highstate and confirm that it completes successfully." msgstr "" -#. type: delimited block - -#: modules/administration/pages/custom-channels.adoc:88 -#, no-wrap -msgid "tail -f /var/log/rhn/reposync/.log\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:43 +msgid "" +"Check that the Prometheus interface loads correctly. In your browser, " +"navigate to the URL of the server where Prometheus is installed, on " +"port 9090 (for example, [literal]``http://example.com:9090``)." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:92 +#: modules/administration/pages/monitoring.adoc:44 +#: modules/administration/pages/monitoring.adoc:73 +#: modules/administration/pages/monitoring.adoc:133 +#: modules/administration/pages/monitoring.adoc:156 msgid "" -"Each child channel will generate its own log during the synchronization " -"progress. You will need to check all the base and child channel log files " -"to be sure that the synchronization is complete." +"For more information about the monitoring formulas, see xref:salt:formula-" +"monitoring.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/custom-channels.adoc:95 +#: modules/administration/pages/monitoring.adoc:45 #, no-wrap -msgid "Procedure: Adding Custom Channels to an Activation Key" +msgid "Procedure: Manually Installing and Configuring Prometheus" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:97 +#: modules/administration/pages/monitoring.adoc:46 msgid "" -"In the {productname} {webui}, navigate to menu:Systems[Activation Keys], and " -"select the key you want to add the custom channel to." +"On the monitoring server, install the [package]``golang-github-prometheus-" +"prometheus`` package:" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:99 -msgid "" -"On the [guiemnu]``Details`` tab, in the [guimenu]``Child Channels`` listing, " -"select the channel to associate. You can select multiple channels, if you " -"need to." +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:47 +#, no-wrap +msgid "zypper in golang-github-prometheus-prometheus\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:100 -msgid "Click btn:[Update Activation Key]." +#: modules/administration/pages/monitoring.adoc:48 +msgid "Enable the Prometheus service:" msgstr "" -#. type: Title == -#: modules/administration/pages/custom-channels.adoc:103 +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:49 #, no-wrap -msgid "Add Packages and Patches to Custom Channels" +msgid "systemctl enable --now prometheus\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:107 -msgid "" -"When you create a new custom channel without cloning it from an existing " -"channel, it will not contain any packages or patches. You can add the " -"packages and patches you require using the {productname} {webui}." +#: modules/administration/pages/monitoring.adoc:50 +msgid "Check that the Prometheus interface loads correctly." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:110 +#: modules/administration/pages/monitoring.adoc:51 msgid "" -"Custom channels can only include packages or patches that are cloned or " -"custom, and they must match the base architecture of the channel. Patches " -"added to custom channels must apply to a package that exists in the channel." -msgstr "" - -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:112 -#, no-wrap -msgid "Procedure: Adding Packages to Custom Channels" +"In your browser, navigate to the URL of the server where Prometheus is " +"installed, on port 9090 (for example, [literal]``http://example.com:9090``)." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:114 +#: modules/administration/pages/monitoring.adoc:52 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and go to the [guimenu]``Packages`` tab." +"Open the configuration file at [path]``/etc/prometheus/prometheus.yml`` and " +"add this configuration information." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:115 +#: modules/administration/pages/monitoring.adoc:53 msgid "" -"OPTIONAL: See all packages currently in the channel by navigating to the " -"[guimenu]``List/Remove`` tab." +"Replace `server.url` with your {productname} server URL and adjust " +"`username` and `password` fields to match your {productname} credentials." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:116 +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:54 +#, no-wrap msgid "" -"Add new packages to the channel by navigating to the [guimenu]``Add`` tab." +"# {productname} self-health metrics\n" +"scrape_configs:\n" +"- job_name: 'mgr-server'\n" +" static_configs:\n" +" - targets:\n" +" - 'server.url:9100' # Node exporter\n" +" - 'server.url:9187' # PostgreSQL exporter\n" +" - 'server.url:5556' # JMX exporter (Tomcat)\n" +" - 'server.url:5557' # JMX exporter (Taskomatic)\n" +" - 'server.url:9800' # Taskomatic\n" +" - targets:\n" +" - 'server.url:80' # Message queue\n" +" labels:\n" +" __metrics_path__: /rhn/metrics\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:117 +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:55 +#, no-wrap msgid "" -"Select the parent channel to provide packages, and click btn:[View Packages] " -"to populate the list." +"# Managed systems metrics:\n" +"- job_name: 'mgr-clients'\n" +" uyuni_sd_configs:\n" +" - host: \"http://server.url\"\n" +" username: \"admin\"\n" +" password: \"admin\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:118 -msgid "" -"Check the packages to add to the custom channel, and click btn:[Add " -"Packages]." +#: modules/administration/pages/monitoring.adoc:56 +msgid "Save the configuration file." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:119 -msgid "" -"When you are satisfied with the selection, click btn:[Confirm Addition] to " -"add the packages to the channel." +#: modules/administration/pages/monitoring.adoc:57 +msgid "Restart the Prometheus service:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:58 +#, no-wrap +msgid "systemctl restart prometheus\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:121 +#: modules/administration/pages/monitoring.adoc:59 msgid "" -"OPTIONAL: You can compare the packages in the current channel with those in " -"a different channel by navigating to menu:Software[Manage > Channels], and " -"going to the menu:Packages[Compare] tab. To make the two channels the same, " -"click the btn:[Merge Differences] button, and resolve any conflicts." +"For more information about the Prometheus configuration options, see the " +"official Prometheus documentation at https://prometheus.io/docs/prometheus/" +"latest/configuration/configuration/" msgstr "" -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:124 +#. type: Title === +#: modules/administration/pages/monitoring.adoc:60 #, no-wrap -msgid "Procedure: Adding Patches to a Custom Channel" +msgid "Install Grafana" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:126 +#: modules/administration/pages/monitoring.adoc:61 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and go to the [guimenu]``Patches`` tab." +"If your monitoring server is a {productname} Salt client, you can install " +"the Grafana package using the {productname} {webui}. Otherwise you can " +"download and install the package on your monitoring server manually." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:127 -msgid "" -"OPTIONAL: See all patches currently in the channel by navigating to the " -"[guimenu]``List/Remove`` tab." +#. type: Block title +#: modules/administration/pages/monitoring.adoc:62 +#, no-wrap +msgid "Procedure: Installing Grafana Using the {webui}" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:128 +#: modules/administration/pages/monitoring.adoc:63 msgid "" -"Add new patches to the channel by navigating to the [guimenu]``Add`` tab, " -"and selecting what kind of patches you want to add." +"In the {productname} {webui}, open the details page of the system where " +"Grafana is to be installed, and navigate to the [guimenu]``Formulas`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:129 +#: modules/administration/pages/monitoring.adoc:64 msgid "" -"Select the parent channel to provide patches, and click btn:[View Associated " -"Patches] to populate the list." +"Check the [guimenu]``Grafana`` checkbox to enable monitoring formulas, and " +"click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:130 -msgid "" -"Check the patches to add to the custom channel, and click btn:[Confirm]." +#: modules/administration/pages/monitoring.adoc:65 +msgid "Navigate to the ``Grafana`` tab in the top menu." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:131 +#: modules/administration/pages/monitoring.adoc:66 msgid "" -"When you are satisfied with the selection, click btn:[Confirm] to add the " -"patches to the channel." -msgstr "" - -#. type: Title == -#: modules/administration/pages/custom-channels.adoc:134 -#, no-wrap -msgid "Manage Custom Channels" +"In the ``Enable and configure Grafana`` section, enter the admin credentials " +"you want to use to log in Grafana." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:137 +#: modules/administration/pages/monitoring.adoc:67 msgid "" -"{productname} administrators and channel administrators can alter or delete " -"any channel." +"On the ``Datasources`` section, make sure that the Prometheus URL field " +"points to the system where Prometheus is running." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:141 +#: modules/administration/pages/monitoring.adoc:71 msgid "" -"To grant other users rights to alter or delete a channel, navigate to menu:" -"Software[Manage > Channels] and select the channel you want to edit. " -"Navigate to the [guimenu]``Managers`` tab, and check the user to grant " -"permissions. Click btn:[Update] to save the changes." +"Check that the Grafana interface is loading correctly. In your browser, " +"navigate to the URL of the server where Grafana is installed, on port 3000 " +"(for example, [literal]``http://example.com:3000``)." msgstr "" #. type: delimited block = -#: modules/administration/pages/custom-channels.adoc:147 +#: modules/administration/pages/monitoring.adoc:72 msgid "" -"If you delete a channel that has been assigned to a set of clients, it will " -"trigger an immediate update of the channel state for any clients associated " -"with the deleted channel. This is to ensure that the changes are reflected " -"accurately in the repository file." +"{productname} provides pre-built dashboards for server self-health, basic " +"client monitoring, and more. You can choose which dashboards to provision " +"in the formula configuration page." +msgstr "" + +#. type: Block title +#: modules/administration/pages/monitoring.adoc:74 +#, no-wrap +msgid "Procedure: Manually Installing Grafana" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:153 -msgid "" -"You cannot delete {productname} channels with the {webui}. Only custom " -"channels can be deleted." +#: modules/administration/pages/monitoring.adoc:75 +msgid "Install the [package]``grafana`` package:" msgstr "" -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:156 +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:76 #, no-wrap -msgid "Procedure: Deleting Custom Channels" +msgid "zypper in grafana\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:158 -msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and select the channel you want to delete." +#: modules/administration/pages/monitoring.adoc:77 +msgid "Enable the Grafana service:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:78 +#, no-wrap +msgid "systemctl enable --now grafana-server\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:159 -msgid "Click btn:[Delete software channel]." +#: modules/administration/pages/monitoring.adoc:79 +msgid "Check that the Grafana interface is loading correctly." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:160 +#: modules/administration/pages/monitoring.adoc:80 msgid "" -"On the [guimenu]``Delete Channel`` page, check the details of the channel " -"you are deleting, and check the [guimenu]``Unsubscribe Systems`` checkbox to " -"remove the custom channel from any systems that might still be subscribed." +"In your browser, navigate to the URL of the server where Grafana is " +"installed, on port 3000 (for example, [literal]``http://example.com:3000``)." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:161 -msgid "Click btn:[Delete Channel]." +#. type: Target for macro image +#: modules/administration/pages/monitoring.adoc:81 +#, no-wrap +msgid "monitoring_grafana_example.png" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:164 +#: modules/administration/pages/monitoring.adoc:82 msgid "" -"When channels are deleted, the packages that are part of the deleted channel " -"are not automatically removed. You will not be able to update packages that " -"have had their channel deleted." +"For more information on how to manually install and configure Grafana, see " +"https://grafana.com/docs." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:166 +#: modules/administration/pages/monitoring.adoc:83 msgid "" -"You can delete packages that are not associated with a channel in the " -"{productname} {webui}. Navigate to menu:Software[Manage > Packages], check " -"the packages to remove, and click btn:[Delete Packages]." -msgstr "" - -#. type: Title = -#: modules/administration/pages/image-management.adoc:2 -#, no-wrap -msgid "Image Building and Management" +"For more information about the monitoring formulas with forms, see xref:salt:" +"formula-monitoring.adoc[]." msgstr "" #. type: Title == -#: modules/administration/pages/image-management.adoc:7 +#: modules/administration/pages/monitoring.adoc:84 #, no-wrap -msgid "Image Building Overview" +msgid "Configure {productname} Monitoring" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:11 +#: modules/administration/pages/monitoring.adoc:85 msgid "" -"{productname} enables system administrators to build containers and OS " -"Images and push the result in image stores. The workflow looks like this:" +"With {productname}{nbsp}4 and higher, you can enable the server to expose " +"Prometheus self-health metrics, and also install and configure exporters on " +"client systems." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:13 -msgid "Define an image store" +#. type: Title === +#: modules/administration/pages/monitoring.adoc:86 +#, no-wrap +msgid "Server Self Monitoring" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:14 +#: modules/administration/pages/monitoring.adoc:87 msgid "" -"Define an image profile and associate it with a source (either a git " -"repository or a directory)" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/image-management.adoc:15 -msgid "Build the image" +"The Server self-health metrics cover hardware, operating system and " +"{productname} internals. These metrics are made available by " +"instrumentation of the Java application, combined with Prometheus exporters." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:16 -msgid "Push the image to the image store" +#: modules/administration/pages/monitoring.adoc:88 +msgid "These exporter packages are shipped with {productname} Server:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:18 -msgid "" -"{productname} supports two distinct build types: dockerfile, and the Kiwi " -"image system." +#: modules/administration/pages/monitoring.adoc:89 +#: modules/administration/pages/monitoring.adoc:98 +#: modules/administration/pages/monitoring.adoc:115 +msgid "Node exporter: [systemitem]``golang-github-prometheus-node_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:23 -msgid "" -"The Kiwi build type is used to build system, virtual, and other images. The " -"image store for the Kiwi build type is pre-defined as a file system " -"directory at [path]``/srv/www/os-images`` on the server. {productname} " -"serves the image store over HTTPS from [literal]``///os-images/" -"``. The image store location is unique and is not customizable." +#: modules/administration/pages/monitoring.adoc:90 +#: modules/administration/pages/monitoring.adoc:99 +#: modules/administration/pages/monitoring.adoc:116 +msgid "See https://github.com/prometheus/node_exporter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:25 +#: modules/administration/pages/monitoring.adoc:91 +#: modules/administration/pages/monitoring.adoc:117 msgid "" -"Images are always stored in [path]``/srv/www/os-image/``." +"PostgreSQL exporter: [systemitem]``golang-github-wrouesnel-" +"postgres_exporter``." msgstr "" -#. type: Title == -#: modules/administration/pages/image-management.adoc:29 -#, no-wrap -msgid "Container Images" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:92 +#: modules/administration/pages/monitoring.adoc:118 +msgid "See https://github.com/wrouesnel/postgres_exporter." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:31 -#, no-wrap -msgid "image-building.png" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:93 +msgid "JMX exporter: [systemitem]``prometheus-jmx_exporter``." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:36 -#: modules/administration/pages/image-management.adoc:396 -#, no-wrap -msgid "Requirements" -msgstr "Requisitos" - #. type: Plain text -#: modules/administration/pages/image-management.adoc:41 -msgid "" -"The containers feature is available for Salt clients running {sles} 12 or " -"later. Before you begin, ensure your environment meets these requirements:" +#: modules/administration/pages/monitoring.adoc:94 +msgid "See https://github.com/prometheus/jmx_exporter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:44 +#: modules/administration/pages/monitoring.adoc:95 +#: modules/administration/pages/monitoring.adoc:119 msgid "" -"A published git repository containing a dockerfile and configuration " -"scripts. The repository can be public or private, and should be hosted on " -"GitHub, GitLab, or BitBucket." +"Apache exporter: [systemitem]``golang-github-lusitaniae-apache_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:45 -msgid "A properly configured image store, such as a Docker registry." +#: modules/administration/pages/monitoring.adoc:96 +#: modules/administration/pages/monitoring.adoc:120 +msgid "See https://github.com/Lusitaniae/apache_exporter." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:51 -msgid "" -"If you require a private image registry you can use an open source solution " -"such as ``Portus``. For additional information on setting up Portus as a " -"registry provider, see the http://port.us.org/[Portus Documentation]." +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:97 +msgid "These exporter packages are shipped with {productname} Proxy:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:55 -msgid "For more information on Containers or {caasp}, see:" +#: modules/administration/pages/monitoring.adoc:100 +msgid "Squid exporter: [systemitem]``golang-github-boynux-squid_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:58 -msgid "" -"https://documentation.suse.com/sles/15-SP1/html/SLES-all/book-sles-docker." -"html" +#: modules/administration/pages/monitoring.adoc:101 +msgid "See https://github.com/boynux/squid-exporter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:59 -msgid "https://documentation.suse.com/suse-caasp/4/" +#: modules/administration/pages/monitoring.adoc:102 +msgid "" +"The exporter packages are pre-installed in {productname} Server and Proxy, " +"but their respective systemd daemons are disabled by default." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:63 -#: modules/administration/pages/image-management.adoc:425 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:103 #, no-wrap -msgid "Create a Build Host" +msgid "Procedure: Enabling Self Monitoring" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:69 +#: modules/administration/pages/monitoring.adoc:104 msgid "" -"To build images with {productname}, you will need to create and configure a " -"build host. Container build hosts are Salt clients running {sle} 12 or " -"later. This section guides you through the initial configuration for a " -"build host." +"In the {productname} {webui}, navigate to menu:Admin[Manager Configuration > " +"Monitoring]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:71 -msgid "" -"From the {productname} {webui}, perform these steps to configure a build " -"host:" +#: modules/administration/pages/monitoring.adoc:105 +msgid "Click btn:[Enable services]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:74 -msgid "" -"Select a Salt client to be designated as a build host from the menu:" -"Systems[Overview] page." +#: modules/administration/pages/monitoring.adoc:106 +msgid "Restart Tomcat and Taskomatic." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:77 +#: modules/administration/pages/monitoring.adoc:107 msgid "" -"From the [guimenu]``System Details`` page of the selected client assign the " -"containers modules. Go to menu:Software[Software Channels] and enable the " -"containers module (for example, [guimenu]``SLE-Module-Containers15-Pool`` " -"and [guimenu]``SLE-Module-Containers15-Updates``). Confirm by clicking btn:" -"[Change Subscriptions]." +"Navigate to the URL of your Prometheus server, on port 9090 (for example, " +"[literal]``http://example.com:9090``)" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:78 +#: modules/administration/pages/monitoring.adoc:108 msgid "" -"From the menu:System Details[Properties] page, enable ``Container Build " -"Host`` from the [guimenu]``Add-on System Types`` list and confirm by " -"clicking btn:[Update Properties]." +"In the Prometheus UI, navigate to menu:[Status > Targets] and confirm that " +"all the endpoints on the ``mgr-server`` group are up." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:81 +#: modules/administration/pages/monitoring.adoc:109 msgid "" -"Install all required packages by applying ``Highstate``. From the system " -"details page select menu:States[Highstate] and click [guimenu]``Apply " -"Highstate``. Alternatively, apply Highstate from the {productname} Server " -"command line:" +"If you have also installed Grafana with the {webui}, the server insights " +"will be visible on the {productname} Server dashboard." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:84 -#: modules/administration/pages/image-management.adoc:462 +#. type: Target for macro image +#: modules/administration/pages/monitoring.adoc:110 #, no-wrap -msgid "salt '$your_client' state.highstate\n" +msgid "monitoring_enable_services.png" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/monitoring.adoc:111 +msgid "" +"Only server self-health monitoring can be enabled using the {webui}. " +"Metrics for a proxy are not automatically collected by Prometheus. To " +"enable self-health monitoring on a proxy, you will need to manually install " +"exporters and enable them." msgstr "" #. type: Title === -#: modules/administration/pages/image-management.adoc:89 +#: modules/administration/pages/monitoring.adoc:112 #, no-wrap -msgid "Create an Activation Key for Containers" +msgid "Monitoring Managed Systems" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:93 +#: modules/administration/pages/monitoring.adoc:113 msgid "" -"The containers built using {productname} will use channel(s) associated to " -"the activation key as repositories when building the image. This section " -"will guide you into creating an ad-hoc activation key for this purpose." +"Prometheus metrics exporters can be installed and configured on Salt clients " +"using formulas. The packages are available from the {productname} client " +"tools channels, and can be enabled and configured directly in the " +"{productname} {webui}." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:97 +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:114 +msgid "These exporters can be installed on managed systems:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:121 msgid "" -"To build a container, you will need an activation key that is associated " -"with a channel other than `SUSE Manager Default`." +"When you have the exporters installed and configured, you can start using " +"Prometheus to collect metrics from monitored systems. If you have " +"configured your monitoring server with the {webui}, metrics collection will " +"happen automatically." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:99 -#: modules/administration/pages/image-management.adoc:521 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:122 #, no-wrap -msgid "systems_create_activation_key.png" +msgid "Procedure: Configuring Prometheus Exporters on a Client" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:102 -msgid "Select menu:Systems[Activation Keys]." +#: modules/administration/pages/monitoring.adoc:123 +msgid "" +"In the {productname} {webui}, open the details page of the client to be " +"monitored, and navigate to the menu:Formulas tab." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:103 -msgid "Click btn:[Create Key]." +#: modules/administration/pages/monitoring.adoc:124 +msgid "" +"Check the [guimenu]``Enabled`` checkbox on the ``Prometheus Exporters`` " +"formula." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:105 +#: modules/administration/pages/monitoring.adoc:126 +msgid "Navigate to the menu:Formulas[Prometheus Exporters] tab." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:127 msgid "" -"Enter a [guimenu]``Description`` and a [guimenu]``Key`` name. Use the drop-" -"down menu to select the [guimenu]``Base Channel`` to associate with this key." +"Select the exporters you want to enable and customize arguments according to " +"your needs." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:106 -#: modules/administration/pages/image-management.adoc:527 -msgid "Confirm with btn:[Create Activation Key]." +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:128 +msgid "" +"The [guimenu]``Address`` field accepts either a port number preceded by a " +"colon (``:9100``), or a fully resolvable address (``example:9100``)." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:130 +msgid "Apply the highstate." +msgstr "" + +#. type: Target for macro image +#: modules/administration/pages/monitoring.adoc:131 +#, no-wrap +msgid "monitoring_configure_formula.png" msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:108 -#: modules/administration/pages/image-management.adoc:529 -msgid "For more information, see <>." +#: modules/administration/pages/monitoring.adoc:132 +msgid "" +"Monitoring formulas can also be configured for System Groups, by applying " +"the same configuration used for individual systems inside the corresponding " +"group." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:112 -#: modules/administration/pages/image-management.adoc:533 +#. type: Title == +#: modules/administration/pages/monitoring.adoc:134 #, no-wrap -msgid "Create an Image Store" +msgid "Network Boundaries" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:117 +#: modules/administration/pages/monitoring.adoc:135 msgid "" -"All built images are pushed to an image store. This section contains " -"information about creating an image store." +"Prometheus fetches metrics using a pull mechanism, so the server must be " +"able to establish TCP connections to monitored clients. By default, " +"Prometheus uses these ports:" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:118 -#, no-wrap -msgid "images_image_stores.png" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:136 +msgid "Node exporter: 9100" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:121 -msgid "Select menu:Images[Stores]." +#: modules/administration/pages/monitoring.adoc:137 +msgid "PostgreSQL exporter: 9187" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:122 -msgid "Click [guimenu]``Create`` to create a new store." +#: modules/administration/pages/monitoring.adoc:138 +msgid "Apache exporter: 9117" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:124 -#, no-wrap -msgid "images_image_stores_create.png" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:139 +msgid "" +"Additionally, if you are running the alert manager on a different host than " +"where you run Prometheus, you will also need to open port 9093." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:127 -msgid "Define a name for the image store in the [guimenu]``Label`` field." +#: modules/administration/pages/monitoring.adoc:140 +msgid "" +"For clients installed on cloud instances, you can add the required ports to " +"a security group that has access to the monitoring server." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:128 +#: modules/administration/pages/monitoring.adoc:141 msgid "" -"Provide the path to your image registry by filling in the [guimenu]``URI`` " -"field, as a fully qualified domain name (FQDN) for the container registry " -"host (whether internal or external)." +"Alternatively, you can deploy a Prometheus instance in the exporters' local " +"network, and configure federation. This allows the main monitoring server " +"to scrape the time series from the local Prometheus instance. If you use " +"this method, you only need to open the Prometheus API port, which is 9090." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:132 -#, no-wrap -msgid "registry.example.com\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:142 +msgid "" +"For more information on Prometheus federation, see https://prometheus.io/" +"docs/prometheus/latest/federation/." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:136 +#: modules/administration/pages/monitoring.adoc:143 msgid "" -"The Registry URI can also be used to specify an image store on a registry " -"that is already in use." +"You can also proxy requests through the network boundary. Tools like " +"PushProx deploy a proxy and a client on both sides of the network barrier " +"and allow Prometheus to work across network topologies such as NAT." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:140 +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:144 +msgid "" +"For more information on PushProx, see https://github.com/RobustPerception/" +"PushProx." +msgstr "" + +#. type: Title === +#: modules/administration/pages/monitoring.adoc:145 #, no-wrap -msgid "registry.example.com:5000/myregistry/myproject\n" +msgid "Reverse Proxy Setup" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:143 -msgid "Click btn:[Create] to add the new image store." +#: modules/administration/pages/monitoring.adoc:146 +msgid "" +"Prometheus fetches metrics using a pull mechanism, so the server must be " +"able to establish TCP connections to each exporter on the monitored " +"clients. To simplify your firewall configuration, you can use reverse proxy " +"for your exporters to expose all metrics on a single port." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:147 -#: modules/administration/pages/image-management.adoc:550 +#. Probably a diagram here. --LKB 2020-08-11 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:147 #, no-wrap -msgid "Create an Image Profile" +msgid "Procedure: Installing Prometheus Exporters with Reverse Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:152 +#: modules/administration/pages/monitoring.adoc:148 msgid "" -"All container images are built using an image profile, which contains the " -"building instructions. This section contains information about creating an " -"image profile with the {productname} {webui}." +"In the {productname} {webui}, open the details page of the system to be " +"monitored, and navigate to the [guimenu]``Formulas`` tab." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:153 -#: modules/administration/pages/image-management.adoc:555 -#, no-wrap -msgid "images_image_profiles.png" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:149 +msgid "" +"Check the [guimenu]``Prometheus Exporters`` checkbox to enable the exporters " +"formula, and click btn:[Save]." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:155 -#: modules/administration/pages/image-management.adoc:557 -#, no-wrap -msgid "Procedure: Create an Image Profile" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:150 +msgid "Navigate to the ``Prometheus Exporters`` tab in the top menu." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:157 +#: modules/administration/pages/monitoring.adoc:151 msgid "" -"To create an image profile select menu:Images[Profiles] and click btn:" -"[Create]." +"Check the [guimenu]``Enable reverse proxy`` option, and enter a valid " +"reverse proxy port number." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:159 -#, no-wrap -msgid "images_image_create_profile.png" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:152 +msgid "For example, ``9999``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:162 -msgid "" -"Provide a name for the image profile by filling in the [guimenu]``Label`` " -"field." +#: modules/administration/pages/monitoring.adoc:153 +msgid "Customize the other exporters according to your needs." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:167 +#. type: Title = +#: modules/administration/pages/organizations.adoc:1 +#, no-wrap +msgid "Organizations" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/organizations.adoc:2 msgid "" -"If your container image tag is in a format such as `myproject/myimage`, make " -"sure your image store registry URI contains the `/myproject` suffix." +"Organizations are used to manage user access and permissions within " +"{productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:170 -msgid "Use a dockerfile as the `Image Type`." +#: modules/administration/pages/organizations.adoc:3 +msgid "" +"For most environments, a single organization is enough. However, more " +"complicated environments might need several organizations. You might like " +"to have an organization for each physical location within your business, or " +"for different business functions." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:172 +#: modules/administration/pages/organizations.adoc:4 msgid "" -"Use the drop-down menu to select your registry from the `Target Image Store` " -"field." +"When you have created your organizations, you can create and assign users to " +"your organizations. You can then assign permissions on an organization " +"level, which applies by default to every user assigned to the organization." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:176 +#: modules/administration/pages/organizations.adoc:5 msgid "" -"In the [guimenu]``Path`` field, type a GitHub, GitLab or BitBucket " -"repository URL. The URL should be be http, https, or a token authentication " -"URL. Use one of these formats:" +"You can also configure authentication methods for your new organization, " +"including PAM and single sign-on. For more information about " +"authentication, see xref:administration:auth-methods.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/image-management.adoc:177 +#: modules/administration/pages/organizations.adoc:7 #, no-wrap -msgid "GitHub Path Options" +msgid "Procedure: Creating a New Organization" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:179 -msgid "GitHub single user project repository" +#: modules/administration/pages/organizations.adoc:8 +msgid "" +"In the {productname} {webui}, navigate to menu:Admin[Organizations], and " +"click btn:[Create Organization]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:182 -#, no-wrap -msgid "https://github.com/USER/project.git#branchname:folder\n" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:9 +msgid "In the [guimenu]``Create Organization`` dialog, complete these fields:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:185 -msgid "GitHub organization project repository" +#: modules/administration/pages/organizations.adoc:10 +msgid "" +"In the [guimenu]``Organization Name`` field, type a name for your new " +"organization." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:188 -#, no-wrap -msgid "https://github.com/ORG/project.git#branchname:folder\n" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:11 +msgid "The name should be between 3 and 128 characters long." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:191 -msgid "GitHub token authentication" +#: modules/administration/pages/organizations.adoc:12 +msgid "" +"In the [guimenu]``Desired Login`` field, type the login name you want to use " +"for the organization's administrator." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:195 +#: modules/administration/pages/organizations.adoc:13 msgid "" -"If your git repository is private, modify the profile's URL to include " -"authentication. Use this URL format to authenticate with a GitHub token:" +"This must be a new administrator account, you will not be able to use an " +"existing administrator account to sign in to the new organization, including " +"the one you are currently signed in with." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:199 -#, no-wrap -msgid "https://USER:@github.com/USER/project.git#master:/container/\n" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:14 +msgid "" +"In the [guimenu]``Desired Password`` field, type a password for the new " +"organization's administrator." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:201 -#, no-wrap -msgid "GitLab Path Options" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:15 +msgid "" +"Confirm the password by typing it again in the [guimenu]``Confirm Password`` " +"field. Password strength is indicated by the colored bar beneath the " +"password fields." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:203 -msgid "GitLab single user project repository" +#: modules/administration/pages/organizations.adoc:16 +msgid "" +"In the [guimenu]``Email`` field, type an email address for the new " +"organization's administrator." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:207 -#, no-wrap -msgid "https://gitlab.example.com/USER/project.git#master:/container/\n" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:17 +msgid "" +"In the [guimenu]``First Name`` field, select a salutation, and type a given " +"name for the new organization's administrator." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:210 -msgid "GitLab groups project repository" +#: modules/administration/pages/organizations.adoc:18 +msgid "" +"In the [guimenu]``Last Name`` field, type a surname for the new " +"organization's administrator." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:214 -#, no-wrap -msgid "https://gitlab.example.com/GROUP/project.git#master:/container/\n" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:19 +msgid "Click btn:[Create Organization]." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:217 -msgid "GitLab token authentication" +#. type: Title == +#: modules/administration/pages/organizations.adoc:20 +#, no-wrap +msgid "Manage Organizations" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:221 +#: modules/administration/pages/organizations.adoc:21 msgid "" -"If your git repository is private and not publicly accessible, you need to " -"modify the profile's git URL to include authentication. Use this URL format " -"to authenticate with a GitLab token:" +"In the {productname} {webui}, navigate to menu:Admin[Organizations] to see a " +"list of available organizations. Click the name of an organization to " +"manage it." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:225 -#, no-wrap -msgid "https://gitlab-ci-token:@gitlab.example.com/USER/project.git#master:/container/\n" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:22 +msgid "" +"From the menu:Admin[Organizations] section, you can access tabs to manage " +"users, trusts, configuration, and states for your organization." msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:232 +#: modules/administration/pages/organizations.adoc:23 msgid "" -"If you do not specify a git branch, the `master` branch will be used by " -"default. If a `folder` is not specified, the image sources (dockerfile " -"sources) are expected to be in the root directory of the GitHub or GitLab " -"checkout." +"Organizations can only be managed by their administrators. To manage an " +"organization, ensure you are signed in as the correct administrator for the " +"organization you want to change." +msgstr "" + +#. type: Title === +#: modules/administration/pages/organizations.adoc:24 +#, no-wrap +msgid "Organization Users" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:236 +#: modules/administration/pages/organizations.adoc:25 msgid "" -"Select an `Activation Key`. Activation keys ensure that images using a " -"profile are assigned to the correct channel and packages." +"Navigate to the [guimenu]``Users`` tab to view the list of all users " +"associated with the organization, and their role. Clicking a username takes " +"you to the [guimenu]``Users`` menu to add, change, or delete users." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:241 -msgid "" -"When you associate an activation key with an image profile you are ensuring " -"any image using the profile will use the correct software channel and any " -"packages in the channel." +#. type: Title === +#: modules/administration/pages/organizations.adoc:26 +#, no-wrap +msgid "Trusted Organizations" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:244 -msgid "Click the btn:[Create] button." +#: modules/administration/pages/organizations.adoc:27 +msgid "" +"Navigate to the [guimenu]``Trusts`` tab to add or remove trusted " +"organizations. Establishing trust between organizations allow them to share " +"content between them, and gives you the ability to migrate clients from one " +"organization to another." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:248 +#. type: Title === +#: modules/administration/pages/organizations.adoc:28 #, no-wrap -msgid "Example Dockerfile Sources" +msgid "Configure Organizations" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:252 +#: modules/administration/pages/organizations.adoc:29 msgid "" -"An Image Profile that can be reused is published at https://github.com/SUSE/" -"manager-build-profiles" +"Navigate to the [guimenu]``Configuration`` tab to manage the configuration " +"of your organization. This includes the use of staged contents, setting up " +"crash reporting, and the use of SCAP files." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:257 +#. type: Plain text +#: modules/administration/pages/organizations.adoc:30 msgid "" -"The [option]``ARG`` parameters ensure that the built image is associated " -"with the desired repository served by {productname}. The [option]``ARG`` " -"parameters also allow you to build image versions of {sles} which may differ " -"from the version of {sles} used by the build host itself." +"For more information about content staging, see xref:administration:content-" +"staging.adoc[]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:259 +#. type: Plain text +#: modules/administration/pages/organizations.adoc:31 msgid "" -"For example: The [command]``ARG repo`` parameter and the [command]``echo`` " -"command pointing to the repository file, creates and then injects the " -"correct path into the repository file for the desired channel version." +"For more information about OpenSCAP, see xref:reference:audit/audit-openscap-" +"overview.adoc[]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:261 +#. type: Title == +#: modules/administration/pages/organizations.adoc:32 +#, no-wrap +msgid "Manage States" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/organizations.adoc:33 msgid "" -"The repository is determined by the activation key that you assigned to your " -"image profile." +"Navigate to the [guimenu]``States`` tab to manage Salt states for all " +"clients in your organization. States allow you to define global security " +"policies, or add a common admin user to all clients." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:268 +#. type: Plain text +#: modules/administration/pages/organizations.adoc:34 msgid "" -"The [package]#python# and [package]#python-xml# packages must be installed " -"in the container. They are required for inspecting images, and for " -"providing the package and product list of a container to the {productname} " -"{webui}. If you do not install them, images will still build but the " -"package and product list will not available in the {webui}." +"For more information about Salt States, see xref:salt:salt-states.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:273 +#. type: Title === +#: modules/administration/pages/organizations.adoc:35 #, no-wrap +msgid "Manage Configuration Channels" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/organizations.adoc:36 msgid "" -"FROM registry.example.com/sles12sp2\n" -"MAINTAINER Tux Administrator \"tux@example.com\"\n" +"You can select which configuration channels should be applied across your " +"organization. Configuration channels can be created in the {productname} " +"{webui} by navigating to menu:Configuration[Channels]. Apply configuration " +"channels to your organization using the {productname} {webui}." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:275 +#. type: Block title +#: modules/administration/pages/organizations.adoc:37 #, no-wrap -msgid "### Begin: These lines Required for use with {productname}\n" +msgid "Procedure: Applying Configuration Channels to an Organization" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:278 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/organizations.adoc:38 msgid "" -"ARG repo\n" -"ARG cert\n" +"In the {productname} {webui}, navigate to menu:Home[My Organization > " +"Configuration Channels]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:281 -#, no-wrap -msgid "" -"# Add the correct certificate\n" -"RUN echo \"$cert\" > /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT.pem\n" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:39 +msgid "Use the search feature to locate a channel by name." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:284 -#, no-wrap -msgid "" -"# Update certificate trust store\n" -"RUN update-ca-certificates\n" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:40 +msgid "Check the channel to be applied and click btn:[Save Changes]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:287 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/organizations.adoc:41 msgid "" -"# Add the repository path to the image\n" -"RUN echo \"$repo\" > /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" +"This saves to the database, but does not apply the changes to the channel." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:289 -#, no-wrap -msgid "### End: These lines required for use with {productname}\n" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:42 +msgid "Apply the changes by clicking btn:[Apply]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:292 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/organizations.adoc:43 msgid "" -"# Add the package script\n" -"ADD add_packages.sh /root/add_packages.sh\n" +"This schedules the task to apply the changes to all clients within the " +"organization." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:295 +#. type: Title = +#: modules/administration/pages/public-cloud.adoc:1 #, no-wrap -msgid "" -"# Run the package script\n" -"RUN /root/add_packages.sh\n" +msgid "Public Cloud" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:298 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:2 msgid "" -"# After building remove the repository path from image\n" -"RUN rm -f /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" +"Some public cloud environments provide images for {productname} Server and " +"Proxy. This section discusses what you will need for running {productname} " +"in a public cloud, and how to set up your installation." msgstr "" -#. TODO: Replace the "custom-system-info" link -#. type: Block title -#: modules/administration/pages/image-management.adoc:301 -#, no-wrap -msgid "Using Custom Info Key-value Pairs as Docker Buildargs" +#. type: delimited block = +#: modules/administration/pages/public-cloud.adoc:3 +msgid "" +"Public clouds provide {productname} under a Bring Your Own Subscription " +"(BYOS) model. This means that you must register them with the {scc}. For " +"more information about registering {productname} with {scc}, see xref:" +"installation:general-requirements.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:304 +#: modules/administration/pages/public-cloud.adoc:4 msgid "" -"You can assign custom info key-value pairs to attach information to the " -"image profiles. Additionally, these key-value pairs are passed to the " -"Docker build command as `buildargs`." +"Depending on the public cloud network you are using, you can locate the " +"{productname} installation images by searching for the keywords " +"[package]``suse``, [package]``manager``, [package]``proxy``, or " +"[package]``BYOS``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:306 +#: modules/administration/pages/public-cloud.adoc:5 msgid "" -"For more information about the available custom info keys and creating " -"additional ones, see xref:reference:systems/custom-system-info.adoc[]." +"For ``SUSE Manager Server in Azure``, see xref:administration:public-cloud-" +"azure.adoc[]." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:309 -#: modules/administration/pages/image-management.adoc:701 +#. type: Title == +#: modules/administration/pages/public-cloud.adoc:6 #, no-wrap -msgid "Build an Image" +msgid "Instance Requirements" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:314 +#: modules/administration/pages/public-cloud.adoc:7 msgid "" -"There are two ways to build an image. You can select menu:Images[Build] " -"from the left navigation bar, or click the build icon in the menu:" -"Images[Profiles] list." +"Select a public cloud instance that meets the hardware requirements in xref:" +"installation:hardware-requirements.adoc[]." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:315 -#: modules/administration/pages/image-management.adoc:708 -#, no-wrap -msgid "images_image_build.png" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:8 +msgid "In addition, be aware of these considerations:" msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:317 -#: modules/administration/pages/image-management.adoc:710 -#, no-wrap -msgid "Procedure: Building an Image" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:9 +msgid "" +"The {productname} setup procedure performs a forward-confirmed reverse DNS " +"lookup." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:319 -#: modules/administration/pages/image-management.adoc:712 -msgid "Select menu:Images[Build]." +#: modules/administration/pages/public-cloud.adoc:10 +msgid "" +"This must succeed in order for the setup procedure to complete successfully " +"and for {productname} to operate as expected. Therefore, it is important to " +"perform hostname and IP configuration prior to running the {productname} " +"setup procedure." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:320 +#: modules/administration/pages/public-cloud.adoc:11 msgid "" -"Add a different tag name if you want a version other than the default " -"``latest`` (only relevant to containers)." +"{productname} Server and Proxy instances are expected to run in a network " +"configuration that provides you control over DNS entries, but cannot access " +"the wider internet." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:321 -msgid "Select [guimenu]``Build Profile`` and [guimenu]``Build Host``." +#: modules/administration/pages/public-cloud.adoc:12 +msgid "" +"Within this network configuration DNS resolution must be provided: `hostname " +"-f` must return the fully-qualified domain name (FQDN). DNS resolution is " +"also important for connecting clients. DNS is dependent on the cloud " +"framework you choose, refer to the cloud service provider documentation for " +"detailed instructions." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:327 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:13 msgid "" -"Notice the [guimenu]``Profile Summary`` to the right of the build fields. " -"When you have selected a build profile, detailed information about the " -"selected profile will be displayed in this area." +"We recommend that you locate software repositories, the server database, and " +"the proxy squid cache on an external virtual disk." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:330 -msgid "To schedule a build click the btn:[Build] button." +#: modules/administration/pages/public-cloud.adoc:14 +msgid "" +"This prevents data loss if the instance is unexpectedly terminated. " +"Instructions for setting up an external virtual disk are contained in this " +"section." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:334 +#. type: Title == +#: modules/administration/pages/public-cloud.adoc:15 #, no-wrap -msgid "Import an Image" +msgid "Network Setup" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:341 +#: modules/administration/pages/public-cloud.adoc:16 msgid "" -"You can import and inspect arbitrary images. Select menu:Images[Image List] " -"from the left navigation bar. Complete the text boxes of the " -"[guimenu]``Import`` dialog. When it has processed, the imported image will " -"be listed on the [guimenu]``Image List`` page." +"On a public cloud service, you must run {productname} within a restricted " +"network, such as VPC private subnet with an appropriate firewall setting. " +"The instance must only be able to be accessed by machines in your specified " +"IP ranges." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:342 -#, no-wrap -msgid "Procedure: Importing an Image" +#. type: delimited block = +#: modules/administration/pages/public-cloud.adoc:17 +msgid "" +"A world-accessible {productname} instance violates the terms of the " +"{productname} EULA, and it will not be supported by {suse}." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:344 +#: modules/administration/pages/public-cloud.adoc:18 msgid "" -"From menu:Images[Image list] click btn:[Import] to open the " -"[guimenu]``Import Image`` dialog." +"To access the {productname} {webui}, allow HTTPS when you set up your " +"networking environment." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:345 -msgid "In the [guimenu]``Import Image`` dialog complete these fields:" +#. type: Title === +#: modules/administration/pages/public-cloud.adoc:19 +#, no-wrap +msgid "Set the Hostname" msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:347 -#, no-wrap -msgid "Image store:" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:20 +msgid "" +"{productname} requires a stable and reliable hostname. Changing the " +"hostname at a later point can create errors." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:349 -msgid "The registry from where the image will be pulled for inspection." +#: modules/administration/pages/public-cloud.adoc:21 +msgid "" +"In most public cloud environments, the method shown in this section will " +"work correctly. However, you will have to perform the same modification for " +"every client." msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:350 -#, no-wrap -msgid "Image name:" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:22 +msgid "" +"You might prefer to manage DNS resolution by creating a DNS entry in your " +"network environment instead." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:352 -msgid "The name of the image in the registry." +#: modules/administration/pages/public-cloud.adoc:23 +msgid "" +"You can also manage hostname resolution by editing the [path]``/etc/resolv." +"conf`` file. Depending on the order of your setup, if you start the " +"{productname} instance prior to setting up DNS services the file may not " +"contain the appropriate [systemitem]``search`` directive. Check that the " +"proper search directive exists in [path]``/etc/resolv.conf`` and add it if " +"it is missing." msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:353 +#. type: Block title +#: modules/administration/pages/public-cloud.adoc:24 #, no-wrap -msgid "Image version:" +msgid "Procedure: Setting the hostname locally" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:355 -msgid "The version of the image in the registry." +#: modules/administration/pages/public-cloud.adoc:25 +msgid "" +"Disable hostname setup by editing the DHCP configuration file at [path]``/" +"etc/sysconfig/network/dhcp``, and adding this line:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:356 -#, no-wrap -msgid "Build host:" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:27 +msgid "Set the hostname locally with the [command]``hostnamectl`` command." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:358 -msgid "The build host that will pull and inspect the image." +#: modules/administration/pages/public-cloud.adoc:28 +msgid "" +"Ensure you use the system name, not the FQDN. For example, if the FQDN is " +"[path]``system_name.example.com``, the system name is [path]``system_name``, " +"and the domain name is [path]``example.com``." msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:359 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:29 #, no-wrap -msgid "Activation key:" +msgid "# hostnamectl set-hostname system_name\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:361 +#: modules/administration/pages/public-cloud.adoc:30 msgid "" -"The activation key that provides the path to the software channel that the " -"image will be inspected with." +"Create a DNS entry in your network environment for domain name resolution, " +"or force correct resolution by editing the [path]``/etc/hosts`` file." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:363 -msgid "For confirmation, click btn:[Import]." +#: modules/administration/pages/public-cloud.adoc:31 +msgid "" +"You can find the IP address by checking your public cloud web console, or " +"from the command line:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:365 -msgid "" -"The entry for the image is created in the database, and an ``Inspect Image`` " -"action on {productname} is scheduled." +#: modules/administration/pages/public-cloud.adoc:32 +msgid "Amazon EC2 instance:" msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:369 -msgid "" -"When it has been processed, you can find the imported image in the ``Image " -"List``. It has a different icon in the ``Build`` column, to indicate that " -"the image is imported. The status icon for the imported image can also be " -"seen on the ``Overview`` tab for the image." +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:33 +#, no-wrap +msgid "# ec2metadata --local-ipv4\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:377 -msgid "These are some known problems when working with images:" +#: modules/administration/pages/public-cloud.adoc:34 +msgid "Google Compute Engine:" msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:379 -msgid "" -"HTTPS certificates to access the registry or the git repositories should be " -"deployed to the client by a custom state file." +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:35 +#, no-wrap +msgid "# gcemetadata --query instance --network-interfaces --ip\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:380 -msgid "SSH git access using Docker is currently unsupported." +#: modules/administration/pages/public-cloud.adoc:36 +msgid "Microsoft Azure:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:37 +#, no-wrap +msgid "# azuremetadata --internal-ip\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:382 +#: modules/administration/pages/public-cloud.adoc:38 msgid "" -"If the [package]#python# and [package]#python-xml# packages are not " -"installed in your images during the build process, reporting of installed " -"packages or products will fail. This will result in an ``unknown`` update " -"status." +"In the following command, replace [literal]```` with IP address " +"you retrieve from the command line above:" msgstr "" -#. type: Title == -#: modules/administration/pages/image-management.adoc:386 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:39 #, no-wrap -msgid "OS Images" +msgid "# echo \" suma.cloud.net suma\" >> /etc/hosts\n" +msgstr "" + +#. type: Title === +#: modules/administration/pages/public-cloud.adoc:40 +#, no-wrap +msgid "Set up DNS Resolution" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:390 +#: modules/administration/pages/public-cloud.adoc:41 msgid "" -"OS Images are built by the Kiwi image system. The output image is " -"customizable and can be PXE, QCOW2, LiveCD, or other types of images." +"You will need to update the DNS records for the instance within the DNS " +"service of your network environment. Refer to the cloud service provider " +"documentation for detailed instructions:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:392 +#: modules/administration/pages/public-cloud.adoc:42 msgid "" -"For more information about the Kiwi build system, see the https://doc." -"opensuse.org/projects/kiwi/doc/[Kiwi documentation]." +"http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html[DNS setup " +"on Amazon EC2]" msgstr "" -#. SLE15 images support is not yet released for SUMA4, will be part of SUMA4.0.4 as tech preview -#. From {sles}{nbsp}15, ``kiwi-ng`` is used instead of the legacy Kiwi. #. type: Plain text -#: modules/administration/pages/image-management.adoc:401 +#: modules/administration/pages/public-cloud.adoc:43 msgid "" -"The Kiwi image building feature is available for Salt clients running {sles}" -"{nbsp}12 and {sles}{nbsp}11." +"https://cloud.google.com/compute/docs/networking[DNS setup on Google Compute " +"Engine]" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:403 +#: modules/administration/pages/public-cloud.adoc:44 msgid "" -"Kiwi image configuration files and configuration scripts must be accessible " -"in one of these locations:" +"https://azure.microsoft.com/en-us/documentation/articles/dns-operations-" +"recordsets[DNS setup on Microsoft Azure]" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:405 -msgid "Git repository" +#: modules/administration/pages/public-cloud.adoc:45 +msgid "" +"If you run a {productname} Server instance, ensure the external storage is " +"attached and prepared correctly, and that DNS resolution is set up as " +"described. Start the ``susemanager_setup`` with {yast}:" msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:406 -msgid "HTTP hosted tarball" +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:46 +#, no-wrap +msgid "# /sbin/yast2 susemanager_setup\n" msgstr "" +#. No need to duplicate this, since it exists within the docs suite. LKB 2019-05-29 +#. Uncommenting, as it turns out some of this content is unique. Will need a more surgical look. LKB 2019-08-02 #. type: Plain text -#: modules/administration/pages/image-management.adoc:407 -msgid "Local build host directory" +#: modules/administration/pages/public-cloud.adoc:47 +msgid "" +"The {productname} setup procedure in YaST is designed as a one pass process " +"with no rollback or cleanup capability. Therefore, if the setup procedure " +"is interrupted or ends with an error, it is not recommended that you repeat " +"the setup process or attempts to manually fix the configuration. These " +"methods are likely to result in a faulty {productname} installation. If you " +"experience errors during setup, start a new instance, and begin the setup " +"procedure again on a clean system." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:409 +#: modules/administration/pages/public-cloud.adoc:48 msgid "" -"For an example of a complete Kiwi repository served by git, see https://" -"github.com/SUSE/manager-build-profiles/tree/master/OSImage" +"If you receive a message that there is not enough space available for setup, " +"ensure that your root volume is at least 20 GB and double check that the " +"instructions in <> have been completed " +"correctly." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:415 +# +# +# +# +#. REMARK check this; will it still work for sle 15? +#. Commented out per https://github.com/SUSE/spacewalk/issues/8951 LKB 2019-08-06 +#. {productname} Server for the public cloud comes with a bootstrap data module pre-installed. +#. The bootstrap module contains optimized package lists for bootstrapping instances started from {sle} images published by {suse}. +#. If you intend to register such an instance, when you create the bootstrap repository run the [command]``mgr-create-bootstrap-repo`` script using this command, to create a bootstrap repository suitable for {sle} 12 SP1 instances. +#. ---- +#. $ mgr-create-bootstrap-repo --datamodule=mgr_pubcloud_bootstrap_data -c SLE-12-SP1-x86_64 +#. ---- +#. See xref:client-configuration:creating-a-tools-repository.adoc[] for more information on bootstrapping. +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:49 msgid "" -"You will need at least 1{nbsp}GB of RAM available for Hosts running OS " -"Images built with Kiwi. Disk space depends on the actual size of the " -"image. For more information, see the documentation of the underlying system." +"Prior to registering instances started from on demand images remove the " +"following packages from the instance to be registered:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:421 -msgid "" -"The build host must be a Salt client. Do not install the build host as a " -"traditional client." +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:50 +msgid "cloud-regionsrv-client" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:430 -msgid "" -"To build all kinds of images with {productname}, create and configure a " -"build host. OS Image build hosts are Salt clients running on {sles}{nbsp}15 " -"SP2, {sles}{nbsp}12 (SP3 or later) or {sles}{nbsp}11 SP4." +#: modules/administration/pages/public-cloud.adoc:51 +#, no-wrap +msgid "*For Amazon EC2*\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:432 -msgid "" -"This procedure will guide you through the initial configuration for a build " -"host." +#: modules/administration/pages/public-cloud.adoc:52 +msgid "regionServiceClientConfigEC2" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:436 -msgid "" -"The operating system on the build host must match the operating system on " -"the targeted image." +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:53 +msgid "regionServiceCertsEC2" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:440 -msgid "" -"For example, build {sles}{nbsp}15 based images on a build host running {sles}" -"{nbsp}15 SP2 OS version. Build {sles}{nbsp}12 based images on a build host " -"running {sles}{nbsp}12 SP4 or {sles}{nbsp}12 SP3 OS version. Build {sles}" -"{nbsp}11 based images on a build host running {sles}{nbsp}11 SP4 OS version." +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:54 +#, no-wrap +msgid "*For Google Compute Engine*\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:444 -msgid "Configure the build host in the {productname} {webui}:" +#: modules/administration/pages/public-cloud.adoc:55 +msgid "cloud-regionsrv-client-plugin-gce" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:446 -msgid "" -"Select a client that will be designated as a build host from the menu:" -"Systems[Overview] page." +#: modules/administration/pages/public-cloud.adoc:56 +msgid "regionServiceClientConfigGCE" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:447 -msgid "" -"Navigate to the menu:System Details[Properties] tab, enable the " -"[guimenu]``Add-on System Type`` [guimenu]``OS Image Build Host``. Confirm " -"with btn:[Update Properties]." +#: modules/administration/pages/public-cloud.adoc:57 +msgid "regionServiceCertsGCE" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:448 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:58 #, no-wrap -msgid "os-image-build-host.png" +msgid "*For Microsoft Azure*\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:451 -msgid "" -"Navigate to menu:System Details[Software > Software Channels], and enable " -"the required software channels depending on the build host version." +#: modules/administration/pages/public-cloud.adoc:59 +msgid "regionServiceClientConfigAzure" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:453 -msgid "" -"{sles}{nbsp}11 build hosts require {productname} Client tools (``SLE-Manager-" -"Tools11-Pool`` and ``SLE-Manager-Tools11-Updates``)." +#: modules/administration/pages/public-cloud.adoc:60 +msgid "regionServiceCertsAzure" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:454 +#: modules/administration/pages/public-cloud.adoc:61 msgid "" -"{sles}{nbsp}12 build hosts require {productname} Client tools (``SLE-Manager-" -"Tools12-Pool`` and ``SLE-Manager-Tools12-Updates``)." +"If these packages are not removed it is possible to create interference " +"between the repositories provided by {productname} and the repositories " +"provided by the SUSE operated update infrastructure." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:456 +#: modules/administration/pages/public-cloud.adoc:62 msgid "" -"{sles}{nbsp}15 build hosts require {sles} modules ``SLE-Module-DevTools15-" -"SP2-Pool`` and ``SLE-Module-DevTools15-SP2-Updates``. Schedule and click " -"btn:[Confirm]." +"Additionally remove the line from the [path]``/etc/hosts`` file that " +"contains the *susecloud.net* reference." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:459 +#: modules/administration/pages/public-cloud.adoc:63 +msgid "If you run a {productname} Proxy instance" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:64 msgid "" -"Install Kiwi and all required packages by applying `Highstate`. From the " -"system details page select menu:States[Highstate] and click btn:[Apply " -"Highstate]. Alternatively, apply Highstate from the {productname} Server " -"command line:" +"Launch the instance, optionally with external storage configured. If you " +"use external storage (recommended), prepare it according to <>. It is recommended but not required to prepare the storage " +"before configuring {productname} proxy, as the suma-storage script will " +"migrate any existing cached data to the external storage. After preparing " +"the instance, register the system with the parent SUSE Manager, which could " +"be a {productname} Server or another {productname} Proxy. See the xref:" +"installation:proxy-setup.adoc[] for details. When registered, configure " +"your {productname} Proxy instance with this script:" msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:464 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:65 #, no-wrap -msgid "{productname} Web Server Public Certificate RPM" +msgid "/usr/sbin/configure-proxy.sh\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:467 +#: modules/administration/pages/public-cloud.adoc:66 msgid "" -"Build host provisioning copies the {productname} certificate RPM to the " -"build host. This certificate is used for accessing repositories provided by " -"{productname}." +"When the script has completed, {productname} should be functional and " +"running." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:470 +#: modules/administration/pages/public-cloud.adoc:67 msgid "" -"The certificate is packaged in RPM by the `mgr-package-rpm-certificate-" -"osimage` package script. The package script is called automatically during " -"a new {productname} installation." +"For {productname} Server, the setup process created an administrator user " +"with this user name:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:473 -msgid "" -"When you upgrade the `spacewalk-certs-tools` package, the upgrade scenario " -"will call the package script using the default values. However if the " -"certificate path was changed or unavailable, you will need to call the " -"package script manually using `--ca-cert-full-path ` " -"after the upgrade procedure has finished." +#: modules/administration/pages/public-cloud.adoc:68 +msgid "User name: `admin`" msgstr "" #. type: Block title -#: modules/administration/pages/image-management.adoc:475 +#: modules/administration/pages/public-cloud.adoc:69 #, no-wrap -msgid "Package script call example" +msgid "Account credentials for admin user" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:479 +#. type: Table +#: modules/administration/pages/public-cloud.adoc:70 #, no-wrap -msgid "/usr/sbin/mgr-package-rpm-certificate-osimage --ca-cert-full-path /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" +msgid "" +"|\n" +" Amazon EC2\n" +"\n" +"|\n" +" Google Compute Engine\n" +"\n" +"|\n" +" Microsoft Azure\n" +"\n" +"\n" +"|\n" +"\n" +"[replaceable]``Instance-ID``\n" +"|\n" +"\n" +"[replaceable]``Instance-ID``\n" +"|\n" +"\n" +"[replaceable]``Instance-Name``**-suma**\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:482 +#: modules/administration/pages/public-cloud.adoc:71 msgid "" -"The RPM package with the certificate is stored in a salt-accessible " -"directory such as:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:484 -#, no-wrap -msgid "/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-osimage-1.0-1.noarch.rpm\n" +"The current value for the [replaceable]``Instance-ID`` or " +"[replaceable]``Instance-Name`` in case of the Azure Cloud, can be obtained " +"from the public cloud Web console or from within a terminal session as " +"follows:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:487 -msgid "" -"The RPM package with the certificate is provided in the local build host " -"repository:" +#: modules/administration/pages/public-cloud.adoc:72 +msgid "Obtain instance id from within Amazon EC2 instance" msgstr "" #. type: delimited block - -#: modules/administration/pages/image-management.adoc:489 -#, no-wrap -msgid "/var/lib/Kiwi/repo\n" -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:494 -msgid "" -"Specify the RPM package with the {productname} SSL certificate in the build " -"source, and make sure your Kiwi configuration contains ``rhn-org-trusted-ssl-" -"cert-osimage`` as a required package in the ``bootstrap`` section." -msgstr "" - -#. type: Block title -#: modules/administration/pages/image-management.adoc:495 +#: modules/administration/pages/public-cloud.adoc:73 #, no-wrap -msgid "config.xml" +msgid "$ ec2metadata --instance-id\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:504 -#, no-wrap -msgid "" -"...\n" -" \n" -" ...\n" -" \n" -" \n" -"...\n" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:74 +msgid "Obtain instance id from within Google Compute Engine instance" msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:510 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:75 #, no-wrap -msgid "Create an Activation Key for OS Images" +msgid "$ gcemetadata --query instance --id\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:513 -msgid "" -"Create an activation key associated with the channel that your OS Images " -"will use as repositories when building the image." +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:76 +msgid "Obtain instance name from within Microsoft Azure instance" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:515 -msgid "Activation keys are mandatory for OS Image building." +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:77 +#, no-wrap +msgid "$ azuremetadata --instance-name\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:519 +#: modules/administration/pages/public-cloud.adoc:78 msgid "" -"To build OS Images, you will need an activation key that is associated with " -"a channel other than `SUSE Manager Default`." +"After logging in through the {productname} Server {webui}, *change* the " +"default password." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:524 -msgid "In the {webui}, select menu:Systems[Activation Keys]." +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:79 +msgid "" +"{productname} Proxy does not have administration access to the {webui}. It " +"can be managed through its parent {productname} Server." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:525 -msgid "Click [guimenu]``Create Key``." +#. type: Title === +#: modules/administration/pages/public-cloud.adoc:80 +#, no-wrap +msgid "Using Separate Storage Volume" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:526 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:81 msgid "" -"Enter a [guimenu]``Description``, a [guimenu]``Key`` name, and use the drop-" -"down box to select a [guimenu]``Base Channel`` to associate with the key." +"We recommend that the repositories and the database for {productname} be " +"stored on a virtual storage device. This best practice will avoid data loss " +"in cases where the {productname} instance may need to be terminated. These " +"steps *must* be performed *prior* to running the YaST {productname} setup " +"procedure." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:539 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:82 msgid "" -"OS Images can require a significant amount of storage space. Therefore, we " -"recommended that the OS Image store is located on a partition of its own or " -"on a Btrfs subvolume, separate from the root partition. By default, the " -"image store will be located at [path]``/srv/www/os-images``." +"Provision a disk device in the public cloud environment, refer to the cloud " +"service provider documentation for detailed instructions. The size of the " +"disk is dependent on the number of distributions and channels you intend to " +"manage with {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:543 +#: modules/administration/pages/public-cloud.adoc:83 msgid "" -"Image stores for Kiwi build type, used to build system, virtual, and other " -"images, are not supported yet." +"For sizing information refer to https://www.suse.com/support/kb/doc.php?" +"id=7015050[SUSE Manager sizing examples]. A rule of thumb is 25 GB per " +"distribution per channel." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:545 +#: modules/administration/pages/public-cloud.adoc:84 msgid "" -"Images are always stored in [path]``/srv/www/os-images/`` " -"and are accessible via HTTP/HTTPS [url]``https:///os-" -"images/``." +"Once attached the device appears as Unix device node in your instance. For " +"the following command to work this device node name is required. In many " +"cases the attached storage appears as **/dev/sdb**. In order to check which " +"disk devices exists on your system, call the following command:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:554 -msgid "Manage image profiles using the {webui}." +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:85 +#, no-wrap +msgid "$ hwinfo --disk | grep -E \"Device File:\"\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:559 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:86 msgid "" -"To create an image profile select from menu:Images[Profiles] and click btn:" -"[Create]." +"With the device name at hand the process of re-linking the directories in " +"the file system {productname} uses to store data is handled by the suma-" +"storage script. In the following example we use [path]``/dev/sdb`` as the " +"device name." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:561 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:87 #, no-wrap -msgid "images_image_create_profile_kiwi.png" +msgid "$ /usr/bin/suma-storage /dev/sdb\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:564 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:88 msgid "" -"In the [guimenu]``Label`` field, provide a name for the `Image Profile`." +"After the call all database and repository files used by SUSE Manager Server " +"are moved to the newly created xfs based storage. In case your instance is " +"a {productname} Proxy, the script will move the Squid cache, which caches " +"the software packages, to the newly created storage. The xfs partition is " +"mounted below the path [path]``/manager_storage``. ." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:565 -msgid "Use `Kiwi` as the [guimenu]``Image Type``." +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:89 +msgid "Create an entry in /etc/fstab (optional)" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:566 -msgid "Image store is automatically selected." +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:90 +msgid "" +"Different cloud frameworks treat the attachment of external storage devices " +"differently at instance boot time. Please refer to the cloud environment " +"documentation for guidance about the fstab entry." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:567 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:91 msgid "" -"Enter a [guimenu]``Config URL`` to the directory containing the Kiwi " -"configuration files:" +"If your cloud framework recommends to add an fstab entry, add the following " +"line to the */etc/fstab* file." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:568 -msgid "git URI" +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:92 +#, no-wrap +msgid "/dev/sdb1 /manager_storage xfs defaults,nofail 1 1\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:569 -msgid "HTTPS tarball" +#. type: Title == +#: modules/administration/pages/public-cloud.adoc:93 +#, no-wrap +msgid "Registration of Cloned Systems" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:570 -msgid "Path to build host local directory" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:94 +msgid "" +"{productname} cannot distinguish between different instances that use the " +"same system ID. If you register a second instance with the same system ID " +"as a previous instance, {productname} will overwrite the original system " +"data with the new system data. This can occur when you launch multiple " +"instances from the same image, or when an image is created from a running " +"instance. However, it is possible to clone systems and register them " +"successfully by deleting the cloned system's ID, and generating a new ID." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:572 -msgid "" -"Select an [guimenu]``Activation Key``. Activation keys ensure that images " -"using a profile are assigned to the correct channel and packages." +#. type: Block title +#: modules/administration/pages/public-cloud.adoc:95 +#, no-wrap +msgid "Procedure: Registering Cloned Systems" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:577 -msgid "" -"Associate an activation key with an image profile to ensure the image " -"profile uses the correct software channel, and any packages." +#: modules/administration/pages/public-cloud.adoc:96 +msgid "Clone the system using your preferred hypervisor's cloning mechanism." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:581 -msgid "Confirm with the btn:[Create] button." +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:97 +msgid "" +"On the cloned system, change the hostname and IP addresses, and check the " +"[path]``/etc/hosts`` file to ensure you have the right host entries." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:583 -#, no-wrap -msgid "Source format options" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:98 +msgid "" +"On traditional clients, stop the [command]``rhnsd`` daemon with [command]``/" +"etc/init.d/rhnsd stop`` or, on newer systemd-based systems, with " +"[command]``service rhnsd stop``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:585 -msgid "git/HTTP(S) URL to the repository" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:99 +msgid "Then [command]``service osad stop``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:589 -msgid "" -"URL to the git repository containing the sources of the image to be built. " -"Depending on the layout of the repository the URL can be:" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:100 +msgid "For SLES 11 or {rhel} 5 or 6 clients, run these commands:" msgstr "" #. type: delimited block - -#: modules/administration/pages/image-management.adoc:592 +#: modules/administration/pages/public-cloud.adoc:101 +#: modules/administration/pages/tshoot-registerclones.adoc:13 #, no-wrap -msgid "https://github.com/SUSE/manager-build-profiles\n" +msgid "" +"# rm /var/lib/dbus/machine-id\n" +"# dbus-uuidgen --ensure\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:597 -msgid "" -"You can specify a branch after the `#` character in the URL. In this " -"example, we use the `master` branch:" +#: modules/administration/pages/public-cloud.adoc:102 +msgid "For SLES 12, SLES 15, or {rhel} 7 clients, run these commands:" msgstr "" #. type: delimited block - -#: modules/administration/pages/image-management.adoc:600 +#: modules/administration/pages/public-cloud.adoc:103 +#: modules/administration/pages/tshoot-registerclones.adoc:11 +#: modules/administration/pages/tshoot-registerclones.adoc:37 #, no-wrap -msgid "https://github.com/SUSE/manager-build-profiles#master\n" +msgid "" +"# rm /etc/machine-id\n" +"# rm /var/lib/dbus/machine-id\n" +"# dbus-uuidgen --ensure\n" +"# systemd-machine-id-setup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:605 -msgid "" -"You can specify a directory that contains the image sources after the `:` " -"character. In this example, we use `OSImage/POS_Image-JeOS6`:" +#: modules/administration/pages/public-cloud.adoc:104 +msgid "If you are using Salt, then you will also need to run these commands:" msgstr "" #. type: delimited block - -#: modules/administration/pages/image-management.adoc:608 +#: modules/administration/pages/public-cloud.adoc:105 #, no-wrap -msgid "https://github.com/SUSE/manager-build-profiles#master:OSImage/POS_Image-JeOS6\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/image-management.adoc:611 -msgid "HTTP(S) URL to the tarball" +msgid "" +"# service salt-minion stop\n" +"# rm -rf /var/cache/salt\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:614 -msgid "" -"URL to the tar archive, compressed or uncompressed, hosted on the webserver." +#: modules/administration/pages/public-cloud.adoc:106 +msgid "If you are using a traditional client, clean up the working files with:" msgstr "" #. type: delimited block - -#: modules/administration/pages/image-management.adoc:617 +#: modules/administration/pages/public-cloud.adoc:107 +#: modules/administration/pages/tshoot-registerclones.adoc:34 #, no-wrap -msgid "https://myimagesourceserver.example.org/MyKiwiImage.tar.gz\n" +msgid "# rm -f /etc/sysconfig/rhn/{osad-auth.conf,systemid}\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:620 -msgid "Path to the directory on the build host" +#: modules/administration/pages/public-cloud.adoc:108 +msgid "" +"The bootstrap should now run with a new system ID, rather than a duplicate." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:624 +#: modules/administration/pages/public-cloud.adoc:109 msgid "" -"Enter the path to the directory with the Kiwi build system sources. This " -"directory must be present on the selected build host." +"If you are onboarding Salt client clones, then you will also need to check " +"if they have the same Salt minion ID. You will need to delete the minion ID " +"on each cloned client, using the [command]``rm`` command. Each operating " +"system type stores this file in a slightly different location, check the " +"table for the appropriate command." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:628 +#. type: Block title +#: modules/administration/pages/public-cloud.adoc:110 #, no-wrap -msgid "/var/lib/Kiwi/MyKiwiImage\n" +msgid "Minion ID File Location" msgstr "" -#. type: Title ==== -#: modules/administration/pages/image-management.adoc:633 -#, no-wrap -msgid "Example of Kiwi Sources" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:111 +msgid "" +"Each operating system stores the minion ID file in a slightly different " +"location, check the table for the appropriate command." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:639 +#. type: Table +#: modules/administration/pages/public-cloud.adoc:112 +#, no-wrap msgid "" -"Kiwi sources consist at least of `config.xml`. Usually, `config.sh` and " -"`images.sh` are present as well. Sources can also contain files to be " -"installed in the final image under the `root` subdirectory." +"| Operating System | Commands\n" +"| SLES 15 | [command]``rm /etc/salt/minion_id``\n" +"\n" +" [command]``rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" +"| SLES 12 | [command]``rm /etc/salt/minion_id``\n" +"\n" +" [command]``rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" +"| SLES 11 | [command]``rm /etc/salt/minion_id``\n" +"\n" +" [command]``suse_register -E``\n" +"| SLES 10 | [command]``rm -rf /etc/{zmd,zypp}``\n" +"\n" +" [command]``rm -rf /var/lib/zypp/``\n" +" Do not delete [path]``/var/lib/zypp/db/products/``\n" +"\n" +" [command]``rm -rf /var/lib/zmd/``\n" +"| {rhel} 5, 6, 7 | [command]`` rm -f /etc/NCCcredentials``\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:641 +#: modules/administration/pages/public-cloud.adoc:113 msgid "" -"For information about the Kiwi build system, see the https://doc.opensuse." -"org/projects/kiwi/doc/[Kiwi documentation]." +"When you have deleted the minion ID file, re-run the bootstrap script, and " +"restart the client to see the cloned system in {productname} with the new ID." +msgstr "" + +#. type: Title = +#: modules/administration/pages/repo-metadata.adoc:1 +#, no-wrap +msgid "Signing Repository Metadata" msgstr "" +#. TODO:: Explain why repository metadata should/would be signed. #. type: Plain text -#: modules/administration/pages/image-management.adoc:643 +#: modules/administration/pages/repo-metadata.adoc:2 msgid "" -"{suse} provides examples of fully functional image sources at the https://" -"github.com/SUSE/manager-build-profiles[SUSE/manager-build-profiles] public " -"GitHub repository." +"You will require a custom GPG key to be able to sign repository metadata." msgstr "" #. type: Block title -#: modules/administration/pages/image-management.adoc:644 +#: modules/administration/pages/repo-metadata.adoc:3 #, no-wrap -msgid "Example of JeOS config.xml" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:649 -#, no-wrap -msgid "\n" +msgid "Procedure: Generating a Custom GPG Key" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:661 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:4 msgid "" -"\n" -" \n" -" Admin User\n" -" noemail@example.com\n" -" SUSE Linux Enterprise 12 SP3 JeOS\n" -" \n" -" \n" -" 6.0.0\n" -" zypper\n" -" SLE\n" -" SLE\n" +"As the root user, use the [command]``gpg`` command to generate a new key:" msgstr "" #. type: delimited block - -#: modules/administration/pages/image-management.adoc:666 +#: modules/administration/pages/repo-metadata.adoc:5 #, no-wrap -msgid "" -" en_US\n" -" us.map.gz\n" -" Europe/Berlin\n" -" utc\n" +msgid "gpg --gen-key\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:688 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:6 msgid "" -" true\n" -" \n" -" \n" -" \n" -" \n" -" \n" -" \n" -" \n" -" \n" -" ...\n" -" \n" -" \n" -" ...\n" -" \n" -" \n" -" \n" +"At the prompts, select [systemitem]``RSA`` as the key type, with a size of " +"2048 bits, and select an appropriate expiry date for your key." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:696 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:7 msgid "" -" \n" -" \n" -" \n" -" \n" -" ...\n" -" \n" -"\n" +"Check the details for your new key, and type [systemitem]``y`` to confirm." msgstr "" -#. ianew: admin/image-management.adoc -#. iawho: lana 2019-02-27 #. type: Plain text -#: modules/administration/pages/image-management.adoc:707 +#: modules/administration/pages/repo-metadata.adoc:8 msgid "" -"There are two ways to build an image using the {webui}. Either select menu:" -"Images[Build], or click the build icon in the menu:Images[Profiles] list." +"At the prompts, enter a name and email address to be associated with your " +"key." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:713 +#: modules/administration/pages/repo-metadata.adoc:9 msgid "" -"Add a different tag name if you want a version other than the default " -"``latest`` (applies only to containers)." +"You can also add a comment to help you identify the key, if desired. When " +"you are happy with the user identity, type [systemitem]``O`` to confirm." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:714 -msgid "Select the [guimenu]``Image Profile`` and a [guimenu]``Build Host``." +#: modules/administration/pages/repo-metadata.adoc:10 +msgid "At the prompt, enter a passphrase to protect your key." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:720 -msgid "" -"A [guimenu]``Profile Summary`` is displayed to the right of the build " -"fields. When you have selected a build profile, detailed information about " -"the selected profile will show up in this area." +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:11 +msgid "The key should be automatically added to your keyring." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:724 -msgid "To schedule a build, click the btn:[Build] button." +#: modules/administration/pages/repo-metadata.adoc:12 +msgid "You can check by listing the keys in your keyring:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:731 -msgid "" -"The build server cannot run any form of automounter during the image " -"building process. If applicable, ensure that you do not have your Gnome " -"session running as root. If an automounter is running, the image build will " -"finish successfully, but the checksum of the image will be different and " -"will fail later." +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:13 +#, no-wrap +msgid "gpg --list-keys\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:738 +#: modules/administration/pages/repo-metadata.adoc:14 msgid "" -"After the image is successfully built, the inspection phase begins. During " -"the inspection phase {susemgr} collects information about the image:" +"Add the password for your keyring to the [filename]``/etc/rhn/signing.conf`` " +"configuration file, by opening the file in your text editor and adding this " +"line:" msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:740 -msgid "List of packages installed in the image" +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:15 +#, no-wrap +msgid "GPGPASS=\"password\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:741 -msgid "Checksum of the image" +#: modules/administration/pages/repo-metadata.adoc:16 +msgid "" +"You can manage metadata signing on the command line using the [command]``mgr-" +"sign-metadata-ctl`` command." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:742 -msgid "Image type and other image details" +#. type: Block title +#: modules/administration/pages/repo-metadata.adoc:17 +#, no-wrap +msgid "Procedure: Enabling Metadata Signing" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:748 -msgid "" -"If the built image type is `PXE`, a Salt pillar will also be generated. " -"Image pillars are stored in the `/srv/susemanager/pillar_data/images/` " -"directory and the Salt subsystem can access details about the generated " -"image. Details include where the pillar is located and provided, image " -"checksums, information needed for network boot, and more." +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:18 +msgid "You will need to know the short identifier for the key to use." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:750 -msgid "The generated pillar is available to all connected clients." +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:19 +msgid "You can list your available public keys in short format:" msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:761 +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:20 +#, no-wrap msgid "" -"Building an image requires several dependent steps. When the build fails, " -"investigating Salt states results can help identify the source of the " -"failure. You can carry out these checks when the build fails:" +"gpg --keyid-format short --list-keys\n" +"...\n" +"pub rsa2048/3E7BFE0A 2019-04-02 [SC] [expires: 2021-04-01]\n" +" A43F9EC645ED838ED3014B035CFA51BF3E7BFE0A\n" +"uid [ultimate] SUSE Manager\n" +"sub rsa2048/118DE7FF 2019-04-02 [E] [expires: 2021-04-01]\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:763 -msgid "The build host can access the build sources" +#: modules/administration/pages/repo-metadata.adoc:21 +msgid "" +"Enable metadata signing with the [command]``mgr-sign-metadata-ctl`` command:" msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:764 +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:22 +#, no-wrap msgid "" -"There is enough disk space for the image on both the build host and the " -"{productname} server" +"mgr-sign-metadata-ctl enable 3E7BFE0A\n" +"OK. Found key 3E7BFE0A in keyring.\n" +"DONE. Set key 3E7BFE0A in /etc/rhn/signing.conf.\n" +"DONE. Enabled metadata signing in /etc/rhn/rhn.conf.\n" +"DONE. Exported key 4E2C3DD8 to /srv/susemanager/salt/gpg/mgr-keyring.gpg.\n" +"DONE. Exported key 4E2C3DD8 to /srv/www/htdocs/pub/mgr-gpg-pub.key.\n" +"NOTE. For the changes to become effective run:\n" +" mgr-sign-metadata-ctl regen-metadata\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:765 -msgid "The activation key has the correct channels associated with it" +#: modules/administration/pages/repo-metadata.adoc:23 +msgid "You can check that your configuration is correct with this command:" msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:766 -msgid "The build sources used are valid" +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:24 +#, no-wrap +msgid "mgr-sign-metadata-ctl check-config\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:768 +#: modules/administration/pages/repo-metadata.adoc:25 msgid "" -"The RPM package with the {productname} public certificate is up to date and " -"available at `/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-" -"osimage-1.0-1.noarch.rpm`. For more on how to refresh a public certificate " -"RPM, see <>." +"Restart the services and schedule metadata regeneration to pick up the " +"changes:" msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:772 +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:26 #, no-wrap -msgid "Limitations" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/image-management.adoc:775 -msgid "The section contains some known issues when working with images." +msgid "mgr-sign-metadata-ctl regen-metadata\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:777 +#: modules/administration/pages/repo-metadata.adoc:27 msgid "" -"HTTPS certificates used to access the HTTP sources or git repositories " -"should be deployed to the client by a custom state file, or configured " -"manually." +"You can also use the [command]``mgr-sign-metadata-ctl`` command to perform " +"other tasks. Use [command]``mgr-sign-metadata-ctl --help`` to see the " +"complete list." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:778 -msgid "Importing Kiwi-based images is not supported." +#: modules/administration/pages/repo-metadata.adoc:28 +msgid "" +"Repository metadata signing is a global option. When it is enabled, it is " +"enabled on all software channels on the server. This means that all clients " +"connected to the server will need to trust the new GPG key to be able to " +"install or update packages." msgstr "" -#. type: Title == -#: modules/administration/pages/image-management.adoc:782 +#. type: Block title +#: modules/administration/pages/repo-metadata.adoc:29 #, no-wrap -msgid "List Image Profiles Available for Building" +msgid "Procedure: Importing GPG keys on Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:787 -msgid "" -"To list images available for building select menu:Images[Image List]. A " -"list of all images will be displayed." +#: modules/administration/pages/repo-metadata.adoc:30 +msgid "For RPM-based client systems, use these remote commands:" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:788 +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:31 #, no-wrap -msgid "images_list_images.png" +msgid "rpm --import http://server.example.com/pub/mgr-gpg-pub.key\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:792 +#: modules/administration/pages/repo-metadata.adoc:32 msgid "" -"Displayed data about images includes an image [guimenu]``Name``, its " -"[guimenu]``Version`` and the build [guimenu]``Status``. You will also see " -"the image update status with a listing of possible patch and package updates " -"that are available for the image." +"For Ubuntu clients, you will need to reassign the channels, which will " +"automatically pick up the new GPG key." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:795 +#: modules/administration/pages/repo-metadata.adoc:33 msgid "" -"Clicking the btn:[Details] button on an image will provide a detailed view. " -"The detailed view includes an exact list of relevant patches and a list of " -"all packages installed within the image." +"You can do this through the {productname} {webui}, or from the command line " +"on the server with this command:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:799 +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:34 +#, no-wrap +msgid "salt state.apply channels\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/repo-metadata.adoc:35 msgid "" -"The patch and the package list is only available if the inspect state after " -"a build was successful." +"OPTIONAL: For Salt clients, you might prefer to use a state to manage your " +"GPG keys." msgstr "" #. type: Title = -#: modules/administration/pages/monitoring.adoc:2 +#: modules/administration/pages/reports.adoc:1 #, no-wrap -msgid "Monitoring with Prometheus and Grafana" +msgid "Generate Reports" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:7 +#: modules/administration/pages/reports.adoc:2 msgid "" -"You can monitor your {productname} environment using Prometheus and " -"Grafana. {productname} Server and Proxy are able to provide self-health " -"metrics. You can also install and manage a number of Prometheus exporters " -"on Salt clients." +"The [command]``spacewalk-report`` command is used to produce a variety of " +"reports. These reports can be helpful for taking inventory of your " +"subscribed systems, users, and organizations. Using reports is often " +"simpler than gathering information manually from the {susemgr} {webui}, " +"especially if you have many systems under management." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:9 +#: modules/administration/pages/reports.adoc:3 msgid "" -"Prometheus and Grafana packages are included in the {productname} Client " -"Tools for" +"To generate reports, you must have the [package]``spacewalk-reports`` " +"package installed." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:11 -#, no-wrap -msgid " {sle}{nbsp}12, {sle}{nbsp}15, {rhel}{nbsp} 6, {rhel}{nbsp} 7, {rhel}{nbsp} 8 and openSUSE 15.x.\n" +#: modules/administration/pages/reports.adoc:4 +msgid "" +"The [command]``spacewalk-report`` command allows you to organize and display " +"reports about content, systems, and user resources across {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:14 -#, no-wrap -msgid " {sle}{nbsp}12, {sle}{nbsp}15, {centos}{nbsp} 6, {centos}{nbsp} 7, {centos}{nbsp} 8 and openSUSE 15.x.\n" +#: modules/administration/pages/reports.adoc:5 +msgid "You can generate reports on:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:6 +msgid "System Inventory: list all the systems registered to {productname}." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:7 +msgid "Patches: list all the patches relevant to the registered systems." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:18 +#: modules/administration/pages/reports.adoc:8 msgid "" -"You need to install Prometheus and Grafana on a machine separate from the " -"{productname} Server. We recommend you use a managed Salt client as your " -"monitoring server." +"You can sort patches by severity, as well as the systems that apply to a " +"particular patch." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:22 +#: modules/administration/pages/reports.adoc:9 msgid "" -"Prometheus fetches metrics using a pull mechanism, so the server must be " -"able to establish TCP connections to monitored clients. Clients must have " -"corresponding open ports and be reachable over the network. Alternatively, " -"you can use reverse proxies to establish a connection." +"Users: list all registered users and any systems associated with a " +"particular user." msgstr "" -#. type: delimited block = -#: modules/administration/pages/monitoring.adoc:29 +#. type: Plain text +#: modules/administration/pages/reports.adoc:10 msgid "" -"You must have a monitoring add-on subscription for each client you want to " -"monitor. Visit the {scc} to manage your {productname} subscriptions." +"To get the report in CSV format, run this command at the command prompt on " +"the server:" msgstr "" -#. type: Title == -#: modules/administration/pages/monitoring.adoc:34 +#. type: delimited block - +#: modules/administration/pages/reports.adoc:11 #, no-wrap -msgid "Prometheus and Grafana" +msgid "spacewalk-report \n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/reports.adoc:12 +msgid "This table lists the available reports:" msgstr "" #. type: Block title -#: modules/administration/pages/monitoring.adoc:37 +#: modules/administration/pages/reports.adoc:13 #, no-wrap -msgid "Prometheus" +msgid "[command]``spacewalk-report`` Reports" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:41 +#. type: Table +#: modules/administration/pages/reports.adoc:14 +#, no-wrap msgid "" -"Prometheus is an open-source monitoring tool that is used to record real-" -"time metrics in a time-series database. Metrics are pulled via HTTP, " -"enabling high performance and scalability." +"|Report | Invoked as | Description\n" +"| Actions | [command]``actions`` | All actions.\n" +"| Activation Keys | [command]``activation-keys`` | All activation keys, and the entitlements, channels, configuration channels, system groups, and packages associated with them.\n" +"| Activation Keys: Channels | [command]``activation-keys-channels`` | All activation keys and the entities associated with each key.\n" +"| Activation Keys: Configuration | [command]``activation-keys-config`` | All activation keys and the configuration channels associated with each key.\n" +"| Activation Keys: Server Groups | [command]``activation-keys-groups`` | All activation keys and the system groups associated with each key.\n" +"| Activation Keys: Packages | [command]``activation-keys-packages`` | All activation keys and the packages each key can deploy.\n" +"| Channel Packages | [command]``channel-packages`` | All packages in a channel.\n" +"| Channel Report | [command]``channels`` | Detailed report of a given channel.\n" +"| Cloned Channel Report | [command]``cloned-channels`` | Detailed report of cloned channels.\n" +"| Configuration Files | [command]``config-files`` | All configuration file revisions for all organizations, including file contents and file information.\n" +"| Latest Configuration Files | [command]``config-files-latest`` | The most recent configuration file revisions for all organizations, including file contents and file information.\n" +"| Custom Channels | [command]``custom-channels`` | Channel metadata for all channels owned by specific organizations.\n" +"| Custom Info | [command]``custom-info`` | Client custom information.\n" +"| Patches in Channels | [command]``errata-channels`` | All patches in channels.\n" +"| Patches Details | [command]``errata-list`` | All patches that affect registered clients.\n" +"| All patches | [command]``errata-list-all`` | All patches.\n" +"| Patches for Clients | [command]``errata-systems`` | Applicable patches and any registered clients that are affected.\n" +"| Host Guests | [command]``host-guests`` | Host and guests mapping.\n" +"| Inactive Clients | [command]``inactive-systems`` | Inactive clients.\n" +"| System Inventory | [command]``inventory`` | Clients registered to the server, together with hardware and software information.\n" +"| Kickstart Scripts | [command]``kickstart-scripts`` | All kickstart scripts, with details.\n" +"| Kickstart Trees | [command]``kickstartable-trees`` | Kickstartable trees.\n" +"| All Upgradable Versions | [command]``packages-updates-all`` | All newer package versions that can be upgraded.\n" +"| Newest Upgradable Version | [command]``packages-updates-newest`` | Newest package versions that can be upgraded.\n" +"| Proxy Overview | [command]``proxies-overview`` | All proxies and the clients registered to each.\n" +"| Repositories | [command]``repositories`` | All repositories, with their associated SSL details, and any filters.\n" +"| Result of SCAP | [command]``scap-scan`` | Result of OpenSCAP ``sccdf`` evaluations.\n" +"| Result of SCAP | [command]``scap-scan-results`` | Result of OpenSCAP ``sccdf`` evaluations, in a different format.\n" +"| System Data | [command]``splice-export`` | Client data needed for splice integration.\n" +"| System Crash: Count | [command]``system-crash-count`` | The total number of client crashes.\n" +"| System Crash: Details | [command]``system-crash-details`` | Crash details for all clients.\n" +"| System Currency | [command]``system-currency`` | Number of available patches for each registered client.\n" +"| System Extra Packages | [command]``system-extra-packages`` | All packages installed on all clients that are not available from channels the client is subscribed to.\n" +"| System Groups | [command]``system-groups`` | System groups.\n" +"| Activation Keys for System Groups | [command]``system-groups-keys`` | Activation keys for system groups.\n" +"| Systems in System Groups | [command]``system-groups-systems`` | Clients in system groups.\n" +"| System Groups Users | [command]``system-groups-users`` | System groups and users that have permissions on them.\n" +"| History: System | [command]``system-history`` | Event history for each client.\n" +"| History: Channels | [command]``system-history-channels`` | Channel event history.\n" +"| History: Configuration | [command]``system-history-configuration`` | Configuration event history.\n" +"| History: Entitlements | [command]``system-history-entitlements`` | System entitlement event history.\n" +"| History: Errata | [command]``system-history-errata`` | Errata event history.\n" +"| History: Kickstart | [command]``system-history-kickstart`` | Kickstart event history.\n" +"| History: Packages | [command]``system-history-packages`` | Package event history.\n" +"| History: SCAP | [command]``system-history-scap`` | OpenSCAP event history.\n" +"| MD5 Certificates | [command]``system-md5-certificates`` | All registered clients using certificates with an MD5 checksum.\n" +"| Installed Packages | [command]``system-packages-installed`` | Packages installed on clients.\n" +"| System Profiles | [command]``system-profiles`` | All clients registered to the server, with software and system group information.\n" +"| Users | [command]``users`` | All users registered to {productname}.\n" +"| MD5 Users | [command]``users-md5`` | All users for all organizations using MD5 encrypted passwords, with their details and roles.\n" +"| Systems administered | [command]``users-systems`` | Clients that individual users can administer.\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:44 -msgid "" -"Prometheus metrics are time series data, or timestamped values belonging to " -"the same group or dimension. A metric is uniquely identified by its name " -"and set of labels." -msgstr "" - -#. TODO:: This should be an actual image. -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:51 -#, no-wrap +#: modules/administration/pages/reports.adoc:15 msgid "" -" metric name labels timestamp value\n" -"┌────────┴───────┐ ┌───────────┴───────────┐ ┌──────┴──────┐ ┌─┴─┐\n" -"http_requests_total{status=\"200\", method=\"GET\"} @1557331801.111 42236\n" +"For more information about an individual report, run [command]``spacewalk-" +"report`` with the option [option]``--info`` or [option]``--list-fields-" +"info`` and the report name. The description and list of possible fields in " +"the report will be shown." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:54 +#: modules/administration/pages/reports.adoc:16 msgid "" -"Each application or system being monitored must expose metrics in the format " -"above, either through code instrumentation or Prometheus exporters." +"For further information on program invocation and options, see the " +"[literal]``spacewalk-report(8)`` man page as well as the [option]``--" +"help``parameter of the [command]``spacewalk-report`` command." msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:56 +#. type: Title = +#: modules/administration/pages/ssl-certs-selfsigned.adoc:1 #, no-wrap -msgid "Prometheus Exporters" +msgid "Self-Signed SSL Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:61 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:2 msgid "" -"Exporters are libraries that help with exporting metrics from third-party " -"systems as Prometheus metrics. Exporters are useful whenever it is not " -"feasible to instrument a given application or system with Prometheus metrics " -"directly. Multiple exporters can run on a monitored host to export local " -"metrics." +"By default, {productname} uses a self-signed certificate. In this case, the " +"certificate is created and signed by {productname}. This method does not " +"use an independent certificate authority to guarantee that the details of " +"the certificate are correct. Third party CAs perform checks to ensure that " +"the information contained in the certificate is correct. For more on third " +"party CAs, see xref:administration:ssl-certs-imported.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:64 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:3 msgid "" -"The Prometheus community provides a list of official exporters, and more can " -"be found as community contributions. For more information and an extensive " -"list of exporters, see https://prometheus.io/docs/instrumenting/exporters/." -msgstr "" - -#. type: Block title -#: modules/administration/pages/monitoring.adoc:66 -#, no-wrap -msgid "Grafana" +"This section covers how to re-create your self-signed certificates on an " +"existing installation. It also covers how to create new self-signed " +"certificates and authenticate your existing clients to the new certificate, " +"using an intermediate certificate. Intermediate certificates merge the " +"intermediate and root CA certificates into one file. Ensure that the " +"intermediate certificate comes first in the combined file." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:72 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:4 msgid "" -"Grafana is a tool for data visualization, monitoring, and analysis. It is " -"used to create dashboards with panels representing specific metrics over a " -"set period of time. Grafana is commonly used together with Prometheus, but " -"also supports other data sources such as ElasticSearch, MySQL, PostgreSQL, " -"and Influx DB. For more information about Grafana, see https://grafana.com/" -"docs/." +"The host name of the SSL keys and certificates must match the fully " +"qualified host name of the machine you deploy them on." msgstr "" #. type: Title == -#: modules/administration/pages/monitoring.adoc:75 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:5 #, no-wrap -msgid "Set up the Monitoring Server" +msgid "Re-Create Existing Server Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:78 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:6 msgid "" -"To set up your monitoring server, you need to install Prometheus and " -"Grafana, and configure them." +"If your existing certificates have expired or stopped working for any " +"reason, you can generate a new server certificate from the existing CA." msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:81 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:7 #, no-wrap -msgid "Install Prometheus" +msgid "Procedure: Re-Creating an Existing Server Certificate" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:85 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:8 msgid "" -"If your monitoring server is a {productname} Salt client, you can install " -"the Prometheus package using the {productname} {webui}. Otherwise you can " -"download and install the package on your monitoring server manually." +"On the {productname} Server, at the command prompt, regenerate the server " +"certificate:" msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:88 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:9 #, no-wrap -msgid "Procedure: Installing Prometheus Using the {webui}" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:90 msgid "" -"In the {productname} {webui}, open the details page of the system where " -"Prometheus is to be installed, and navigate to the [guimenu]``Formulas`` tab." +"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" +"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" +"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" +"--set-hostname=\"susemanager.example.com\" --set-cname=\"example.com\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:91 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:10 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:26 msgid "" -"Check the [guimenu]``Prometheus`` checkbox to enable monitoring formulas, " -"and click btn:[Save]." +"Ensure that the [systemitem]``set-cname`` parameter is the fully-qualified " +"domain name of your {productname} Server. You can use the the " +"[systemitem]``set-cname`` parameter multiple times if you require multiple " +"aliases." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:92 -msgid "Navigate to the ``Prometheus`` tab in the top menu." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:11 +msgid "Install the RPM that contains the newly generated certificate." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:94 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:12 msgid "" -"In the ``{productname} Server`` section, enter valid {productname} API " -"credentials. Make sure that the credentials you have entered allow access " -"to the set of systems you want to monitor." +"Check that you have the latest version of the RPM before running this " +"command. The version number is incremented every time you re-create the " +"certificates." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:95 -#: modules/administration/pages/monitoring.adoc:167 -msgid "Customize any other configuration options according to your needs." +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:13 +#, no-wrap +msgid "rpm -Uhv /root/ssl-build/lnx0259a/rhn-org-httpd-ssl-key-pair-lnx0259a-1.0-2.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:96 -#: modules/administration/pages/monitoring.adoc:168 -#: modules/administration/pages/monitoring.adoc:284 -#: modules/administration/pages/monitoring.adoc:342 -msgid "Click btn:[Save Formula]." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:14 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:61 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:73 +msgid "Restart services to pick up the changes:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:97 -#: modules/administration/pages/monitoring.adoc:169 -#: modules/administration/pages/monitoring.adoc:343 -msgid "Apply the highstate and confirm that it completes successfully." +#. type: Title == +#: modules/administration/pages/ssl-certs-selfsigned.adoc:16 +#, no-wrap +msgid "Create and Replace CA and Server Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:98 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:17 msgid "" -"Check that the Prometheus interface loads correctly. In your browser, " -"navigate to the URL of the server where Prometheus is installed, on " -"port 9090 (for example, [literal]``http://example.com:9090``)." +"If you need to create entirely new certificates for an existing " +"installation, you need to create a combined certificate first. Clients will " +"authenticate to the certificate with both the old and new details. Then you " +"can go ahead and remove the old details. This maintains the chain of trust." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:100 -#: modules/administration/pages/monitoring.adoc:178 -#: modules/administration/pages/monitoring.adoc:296 -#: modules/administration/pages/monitoring.adoc:344 +#. type: delimited block = +#: modules/administration/pages/ssl-certs-selfsigned.adoc:18 msgid "" -"For more information about the monitoring formulas, see xref:salt:formula-" -"monitoring.adoc[]." +"Be careful with this procedure! It is possible to break the trust chain " +"between the server and clients using this procedure. If that happens, you " +"will need an administrative user to log in to every client and deploy the CA " +"directly." msgstr "" #. type: Block title -#: modules/administration/pages/monitoring.adoc:103 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:19 #, no-wrap -msgid "Procedure: Manually Installing and Configuring Prometheus" +msgid "Procedure: Creating New Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:105 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:20 msgid "" -"On the monitoring server, install the [package]``golang-github-prometheus-" -"prometheus`` package:" +"On the {productname} Server, at the command prompt, move the old certificate " +"directory to a new location:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:22 +msgid "Generate a new CA certificate and create an RPM:" msgstr "" #. type: delimited block - -#: modules/administration/pages/monitoring.adoc:108 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:23 #, no-wrap -msgid "zypper in golang-github-prometheus-prometheus\n" +msgid "" +"rhn-ssl-tool --gen-ca --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" +"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" +"--set-org-unit=\"ORGANIZATION UNIT\" --set-common-name=\"SUSE Manager CA Certificate\" \\\n" +"--set-email=\"name@example.com\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:110 -msgid "Enable the Prometheus service:" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:24 +msgid "Generate a new server certificate and create an RPM:" msgstr "" #. type: delimited block - -#: modules/administration/pages/monitoring.adoc:113 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:25 #, no-wrap -msgid "systemctl enable --now prometheus\n" +msgid "" +"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" +"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" +"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" +"--set-hostname=\"susemanager.example.top\" --set-cname=\"example.com\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:116 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:27 msgid "" -"Check that the Prometheus interface loads correctly. In your browser, " -"navigate to the URL of the server where Prometheus is installed, on " -"port 9090 (for example, [literal]``http://example.com:9090``)." +"You will need to generate a server certificate RPM for each proxy, using " +"their host names and cnames." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:118 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:28 msgid "" -"Open the configuration file at [path]``/etc/prometheus/prometheus.yml`` and " -"add this configuration information. Replace `server.url` with your " -"{productname} server URL and adjust `username` and `password` fields to " -"match your {productname} credentials." +"When you have new certificates, you can create the combined RPMs to " +"authenticate the clients." msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:134 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:29 #, no-wrap +msgid "Procedure: Create Combined Certificate RPMs" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:30 msgid "" -"# {productname} self-health metrics\n" -"scrape_configs:\n" -"- job_name: 'mgr-server'\n" -" static_configs:\n" -" - targets:\n" -" - 'server.url:9100' # Node exporter\n" -" - 'server.url:9187' # PostgreSQL exporter\n" -" - 'server.url:5556' # JMX exporter (Tomcat)\n" -" - 'server.url:5557' # JMX exporter (Taskomatic)\n" -" - 'server.url:9800' # Taskomatic\n" -" - targets:\n" -" - 'server.url:80' # Message queue\n" -" labels:\n" -" __metrics_path__: /rhn/metrics\n" +"Create a new CA file that combines the old and new certificate details, and " +"generate a new RPM:" msgstr "" #. type: delimited block - -#: modules/administration/pages/monitoring.adoc:141 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:31 #, no-wrap msgid "" -"# Managed systems metrics:\n" -"- job_name: 'mgr-clients'\n" -" uyuni_sd_configs:\n" -" - host: \"http://server.url\"\n" -" username: \"admin\"\n" -" password: \"admin\"\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:143 -msgid "Save the configuration file." +"mkdir /root/combined-ssl-build\n" +"cp /root/old-ssl-build/RHN-ORG-TRUSTED-SSL-CERT /root/combined-ssl-build/\n" +"cat /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT >> /root/combined-ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" +"cp /root/old-ssl-build/*.rpm /root/combined-ssl-build/\n" +"rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/combined-ssl-build\"\n" msgstr "" +#. I would like to split up these steps, I think. LKB 2019-09-10 #. type: Plain text -#: modules/administration/pages/monitoring.adoc:144 -msgid "Restart the Prometheus service:" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:32 +msgid "Deploy the CA certificate on the server:" msgstr "" #. type: delimited block - -#: modules/administration/pages/monitoring.adoc:147 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:33 #, no-wrap -msgid "systemctl restart prometheus\n" +msgid "" +"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/combined-ssl-build \\\n" +"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:150 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:34 msgid "" -"For more information about the Prometheus configuration options, see the " -"official Prometheus documentation at https://prometheus.io/docs/prometheus/" -"latest/configuration/configuration/" +"When you have the combined RPMs, you can deploy the combined CA certificates " +"to your clients." msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:153 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:35 #, no-wrap -msgid "Install Grafana" +msgid "Procedure: Deploying Combined Certificates on Traditional Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:157 -msgid "" -"If your monitoring server is a {productname} Salt client, you can install " -"the Grafana package using the {productname} {webui}. Otherwise you can " -"download and install the package on your monitoring server manually." -msgstr "" - -#. type: Block title -#: modules/administration/pages/monitoring.adoc:160 -#, no-wrap -msgid "Procedure: Installing Grafana Using the {webui}" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:36 +msgid "On the client, create a new custom channel using these details:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:162 -msgid "" -"In the {productname} {webui}, open the details page of the system where " -"Grafana is to be installed, and navigate to the [guimenu]``Formulas`` tab." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:37 +msgid "Name: SSL-CA-Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:163 -msgid "" -"Check the [guimenu]``Grafana`` checkbox to enable monitoring formulas, and " -"click btn:[Save]." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:38 +msgid "Label: ssl-ca-channel" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:164 -msgid "Navigate to the ``Grafana`` tab in the top menu." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:39 +msgid "Parent Channel: " msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:165 -msgid "" -"In the ``Enable and configure Grafana`` section, enter the admin credentials " -"you want to use to log in Grafana." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:40 +msgid "Summary: SSL-CA-Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:166 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:41 msgid "" -"On the ``Datasources`` section, make sure that the Prometheus URL field " -"points to the system where Prometheus is running." +"For more on creating custom channels, see xref:administration:channel-" +"management.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:170 -msgid "" -"Check that the Grafana interface is loading correctly. In your browser, " -"navigate to the URL of the server where Grafana is installed, on port 3000 " -"(for example, [literal]``http://example.com:3000``)." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:42 +msgid "Upload the CA certificate RPM to the channel:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/monitoring.adoc:175 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:43 +#, no-wrap msgid "" -"{productname} provides pre-built dashboards for server self-health, basic " -"client monitoring, and more. You can choose which dashboards to provision " -"in the formula configuration page." +"rhnpush -c ssl-ca-channel --nosig \\\n" +"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" +"/root/combined-ssl-build/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm\n" msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:180 -#, no-wrap -msgid "Procedure: Manually Installing Grafana" +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:44 +msgid "Subscribe all clients to the new ``SSL-CA-Channel`` channel." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:183 -msgid "Install the [package]``grafana`` package:" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:45 +msgid "Install the CA certificate RPM on all clients by updating the channel." msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:186 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:46 #, no-wrap -msgid "zypper in grafana\n" +msgid "Procedure: Deploying Combined Certificates on Salt Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:188 -msgid "Enable the Grafana service:" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:47 +msgid "In the {productname} {webui}, navigate to menu:Systems[Overview]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:191 -#, no-wrap -msgid "systemctl enable --now grafana-server\n" +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:48 +msgid "Check all your Salt Clients to add them to the system set manager." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:194 -msgid "" -"Check that the Grafana interface is loading correctly. In your browser, " -"navigate to the URL of the server where Grafana is installed, on port 3000 " -"(for example, [literal]``http://example.com:3000``)." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:49 +msgid "Navigate to menu:Systems[System Set Manager > Overview]." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/monitoring.adoc:195 -#, no-wrap -msgid "monitoring_grafana_example.png" +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:50 +msgid "" +"In the [guimenu]``States`` field, click btn:[Apply] to apply the system " +"states." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:198 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:51 msgid "" -"For more information on how to manually install and configure Grafana, see " -"https://grafana.com/docs." +"In the [guimenu]``Highstate`` page, click btn:[Apply Highstate] to propagate " +"the changes to the clients." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:200 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:52 msgid "" -"For more information about the monitoring formulas with forms, see xref:salt:" -"formula-monitoring.adoc[]." +"When you have every client trusting both the old and new certificates, you " +"can go ahead and replace the server certificate on the {productname} Server " +"and Proxies." msgstr "" -#. type: Title == -#: modules/administration/pages/monitoring.adoc:203 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:53 #, no-wrap -msgid "Configure {productname} Monitoring" +msgid "Procedure: Replace Server Certificate on the Server" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:206 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:54 msgid "" -"With {productname}{nbsp}4, you can enable the server to expose Prometheus " -"self-health metrics, and also install and configure exporters on client " -"systems." +"On the {productname} Server, at the command prompt, install the RPM from the " +"[path]``ssl-build`` directory:" msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:209 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:55 #, no-wrap -msgid "Server Self Monitoring" +msgid "rpm -Uhv ssl-build/susemanager/rhn-org-httpd-ssl-key-pair-susemanager-1.0-2.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:213 -msgid "" -"The Server self-health metrics cover hardware, operating system and " -"{productname} internals. These metrics are made available by " -"instrumentation of the Java application, combined with Prometheus exporters." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:56 +msgid "Restart services to pick the changes:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:215 -msgid "These exporter packages are shipped with {productname} Server:" +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:58 +#, no-wrap +msgid "Procedure: Replace Server Certificate on the Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:218 -#: modules/administration/pages/monitoring.adoc:229 -#: modules/administration/pages/monitoring.adoc:265 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:59 msgid "" -"Node exporter: [systemitem]``golang-github-prometheus-node_exporter``. See " -"https://github.com/prometheus/node_exporter." +"On the {productname} Proxy, at the command prompt, install the RPM from the " +"[path]``ssl-build`` directory:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:60 +#, no-wrap +msgid "rpm -Uhv ssl-build/susemanager-proxy/rhn-org-httpd-ssl-key-pair-susemanager-proxy-1.0-2.noarch.rpm\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:62 +#, no-wrap +msgid "rhn-proxy restart\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:220 -#: modules/administration/pages/monitoring.adoc:267 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:63 msgid "" -"PostgreSQL exporter: [systemitem]``golang-github-wrouesnel-" -"postgres_exporter``. See https://github.com/wrouesnel/postgres_exporter." +"Test that all clients still operate as expected and can use SSL to reach the " +"{productname} Server and any proxies." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:222 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:64 msgid "" -"JMX exporter: [systemitem]``prometheus-jmx_exporter``. See https://github." -"com/prometheus/jmx_exporter." +"When you have replaced the server certificates on your server and any " +"proxies, you need to update the certificate with only the new details on all " +"the clients. This is done by adding it to the client channels you set up " +"previously." +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:65 +#, no-wrap +msgid "Procedure: Adding the New Certificates to the Client Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:224 -#: modules/administration/pages/monitoring.adoc:269 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:66 msgid "" -"Apache exporter: [systemitem]``golang-github-lusitaniae-apache_exporter``. " -"See https://github.com/Lusitaniae/apache_exporter." +"Copy the combined certificate RPM into the [path]``/root/ssl-build/`` " +"directory:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:226 -msgid "These exporter packages are shipped with {productname} Proxy:" +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:67 +#, no-wrap +msgid "cp /root/combined-ssl-build/*.rpm /root/ssl-build/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:231 -msgid "" -"Squid exporter: [systemitem]``golang-github-boynux-squid_exporter``. See " -"https://github.com/boynux/squid-exporter." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:68 +msgid "Generate a new RPM with from the new certificates." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:233 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:69 msgid "" -"The exporter packages are pre-installed in {productname} Server and Proxy, " -"but their respective systemd daemons are disabled by default." +"Check the release number carefully to ensure you have the right certificate " +"file:" msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:236 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:70 #, no-wrap -msgid "Procedure: Enabling Self Monitoring" +msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:239 -msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Manager Configuration > " -"Monitoring]." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:71 +msgid "Install the new local certificates on the {productname} Server:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:240 -msgid "Click btn:[Enable services]." +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:72 +#, no-wrap +msgid "" +"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/ssl-build \\\n" +"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:241 -msgid "Restart Tomcat and Taskomatic." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:75 +msgid "Upload the new RPM into the channel:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:242 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:76 +#, no-wrap msgid "" -"Navigate to the URL of your Prometheus server, on port 9090 (for example, " -"[literal]``http://example.com:9090``)" +"rhnpush -c ssl-ca-channel --nosig \\\n" +"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" +"/root/ssl-build/rhn-org-trusted-ssl-cert-1.0-3.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:243 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:77 msgid "" -"In the Prometheus UI, navigate to menu:[Status > Targets] and confirm that " -"all the endpoints on the ``mgr-server`` group are up." +"When you have the new certificate in the channel, you can use the " +"{productname} {webui} to update it on all clients and proxies, by " +"synchronizing them with the channel. Alternatively, for Salt clients, you " +"can use menu:Salt[Remote Commands], or apply the highstate." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:244 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:78 msgid "" -"If you have also installed Grafana with the {webui}, the server insights " -"will be visible on the {productname} Server dashboard." +"You will also need to update your proxies to remove the copy of the " +"certificate and the associated RPM. Your proxies must have the same " +"certificate content as the server. Check the [path]``/srv/www/htdocs/pub/`` " +"directory and ensure it contains:" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/monitoring.adoc:245 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:79 #, no-wrap -msgid "monitoring_enable_services.png" +msgid "" +"RHN-ORG-TRUSTED-SSL-CERT\n" +"rhn-org-trusted-ssl-cert-*.noarch.rpm\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/monitoring.adoc:252 +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:80 msgid "" -"Only server self-health monitoring can be enabled using the {webui}. " -"Metrics for a proxy are not automatically collected by Prometheus. To " -"enable self-health monitoring on a proxy, you will need to manually install " -"exporters and enable them." +"To complete the process, you need to update the database with this command:" msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:256 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:81 #, no-wrap -msgid "Monitoring Managed Systems" +msgid "/usr/bin/rhn-ssl-dbstore --ca-cert=/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:260 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:82 msgid "" -"Prometheus metrics exporters can be installed and configured on Salt clients " -"using formulas. The packages are available from the {productname} client " -"tools channels, and can be enabled and configured directly in the " -"{productname} {webui}." +"If you use bootstrap, remember to also update your bootstrap scripts to " +"reflect the new certificate information." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:262 -msgid "These exporters can be installed on managed systems:" +#. type: Title = +#: modules/administration/pages/tshoot-corruptrepo.adoc:1 +#, no-wrap +msgid "Troubleshooting Corrupt Repositories" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/monitoring.adoc:272 +#: modules/administration/pages/tshoot-corruptrepo.adoc:2 msgid "" -"When you have the exporters installed and configured, you can start using " -"Prometheus to collect metrics from monitored systems. If you have " -"configured your monitoring server with the {webui}, metrics collection will " -"happen automatically." +"The information in the repository metadata files can become corrupt or out " +"of date. This can create problems with updating clients. You can fix this " +"by removing the files and regenerating it. With an new repository data " +"file, updates should operate as expected." msgstr "" #. type: Block title -#: modules/administration/pages/monitoring.adoc:275 +#: modules/administration/pages/tshoot-corruptrepo.adoc:3 #, no-wrap -msgid "Procedure: Configuring Prometheus Exporters on a Client" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:278 -msgid "" -"In the {productname} {webui}, open the details page of the client to be " -"monitored, and navigate to the menu:Formulas tab." +msgid "Procedure: Resolving Corrupt Repository Data" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:279 +#: modules/administration/pages/tshoot-corruptrepo.adoc:4 msgid "" -"Check the [guimenu]``Enabled`` checkbox on the ``Prometheus Exporters`` " -"formula." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:281 -msgid "Navigate to the menu:Formulas[Prometheus Exporters] tab." +"Remove all files from [path]``/var/cache/rhn/repodata/-" +"updates-x86_64``." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:283 +#: modules/administration/pages/tshoot-corruptrepo.adoc:5 msgid "" -"Select the exporters you want to enable and customize arguments according to " -"your needs. The [guimenu]``Address`` field accepts either a port number " -"preceded by a colon (``:9100``), or a fully resolvable address " -"(``example:9100``)." +"If you do not know the channel label, you can find it in the {productname} " +"{webui}, by navigating to menu:Software[Channels > Channel Label]." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:285 -msgid "Apply the highstate." +#: modules/administration/pages/tshoot-corruptrepo.adoc:6 +msgid "Regenerate the file from the command line:" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/monitoring.adoc:286 +#. type: delimited block - +#: modules/administration/pages/tshoot-corruptrepo.adoc:7 #, no-wrap -msgid "monitoring_configure_formula.png" -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/monitoring.adoc:291 -msgid "" -"Monitoring formulas can also be configured for System Groups, by applying " -"the same configuration used for individual systems inside the corresponding " -"group." +msgid "spacecmd softwarechannel_regenerateyumcache -updates-x86_64\n" msgstr "" -#. type: Title == -#: modules/administration/pages/monitoring.adoc:299 +#. type: Title = +#: modules/administration/pages/tshoot-firewalls.adoc:1 #, no-wrap -msgid "Network Boundaries" +msgid "Troubleshooting Firewalls" msgstr "" +# +# +# +# +# +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step +#. Cause: User firewall is set to block outgoing traffic by dropping the packet request. During sync with SCC, SUMA waits for an answer on each URL until it times out, eventually causing the entire refresh of the product list to timeout. Applies only to third party (non-SUSE) products, as sync with SCC needs to access locations other than SCC to verify if the if the download location is valid. +#. Consequence: The sync to SCC fails, and the third party products are not shown in the product list. +#. Fix: Configure the firewall to reject requests from SUMA instead of drop (preferred), or configure a firewall on the server (if no ability to change firewall settings) +#. Result: Sync to SCC will either be able to reach the URLs required, or will have request rejected so that the request fails rather than times out. #. type: Plain text -#: modules/administration/pages/monitoring.adoc:303 +#: modules/administration/pages/tshoot-firewalls.adoc:2 msgid "" -"Prometheus fetches metrics using a pull mechanism, so the server must be " -"able to establish TCP connections to monitored clients. By default, " -"Prometheus uses these ports:" +"If you are using a firewall that blocks outgoing traffic, it will either " +"``REJECT`` or ``DROP`` network requests. If it is set to ``DROP`` then you " +"might find that synchronizing with the {scc} times out." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:305 -msgid "Node exporter: 9100" +#: modules/administration/pages/tshoot-firewalls.adoc:3 +msgid "" +"This occurs because the synchronization process needs to access third-party " +"repositories that provide packages for non-{suse} clients, and not just the " +"{scc}. When the {productname} Server attempts to reach these repositories " +"to check that they are valid, the firewall drops the requests, and the " +"synchronization continues to wait for the response until it times out." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:306 -msgid "PostgreSQL exporter: 9187" +#: modules/administration/pages/tshoot-firewalls.adoc:4 +msgid "" +"If this occurs, you will notice that the synchronization will take a long " +"time before it fails, and that your non-{suse} products are not shown in the " +"product list." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:307 -msgid "Apache exporter: 9117" +#: modules/administration/pages/tshoot-firewalls.adoc:5 +msgid "You can fix this problem in several different ways." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:309 +#: modules/administration/pages/tshoot-firewalls.adoc:6 msgid "" -"Additionally, if you are running the alert manager on a different host than " -"where you run Prometheus, you will also need to open port 9093." +"The simplest method is to configure your firewall to allow access to the " +"URLs required by non-{suse} repositories. This allows the synchronization " +"process to reach the URLs and complete successfully." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:311 +#: modules/administration/pages/tshoot-firewalls.adoc:7 msgid "" -"For clients installed on cloud instances, you can add the required ports to " -"a security group that has access to the monitoring server." +"If allowing external traffic is not possible, configure your firewall to " +"``REJECT`` requests from {productname} instead of ``DROP``. This rejects " +"requests to third-party URLs, so that the synchronization fails early rather " +"than times out, and the products are not shown in the list." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:315 +#: modules/administration/pages/tshoot-firewalls.adoc:8 msgid "" -"Alternatively, you can deploy a Prometheus instance in the exporters' local " -"network, and configure federation. This allows the main monitoring server " -"to scrape the time series from the local Prometheus instance. If you use " -"this method, you only need to open the Prometheus API port, which is 9090." +"If you do not have configuration access to the firewall, you can consider " +"setting up a separate firewall on the {productname} Server instead." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:317 -msgid "" -"For more information on Prometheus federation, see https://prometheus.io/" -"docs/prometheus/latest/federation/." +#. type: Title = +#: modules/administration/pages/tshoot-hostname-rename.adoc:1 +#, no-wrap +msgid "Troubleshooting Renaming {productname} Server" msgstr "" +# +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step +#. Showing my working. --LKB 2020-06-22 +#. Cause: Renaming the hostname +#. Consequence: Changes not picked up by db, clients and proxies +#. Fix: Use the [command]``spacewalk-hostname-rename`` script to update the settings in the PostgreSQL database and the internal structures of {productname}. +#. Result: Renaming is successfully propagated #. type: Plain text -#: modules/administration/pages/monitoring.adoc:320 +#: modules/administration/pages/tshoot-hostname-rename.adoc:2 msgid "" -"You can also proxy requests through the network boundary. Tools like " -"PushProx deploy a proxy and a client on both sides of the network barrier " -"and allow Prometheus to work across network topologies such as NAT." +"If you change the hostname of the {productname} Server locally, your " +"{productname} installation will cease to work properly. This is because the " +"changes have not been made in the database, which prevents the changes from " +"propagating out your clients and any proxies." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:322 +#: modules/administration/pages/tshoot-hostname-rename.adoc:3 msgid "" -"For more information on PushProx, see https://github.com/RobustPerception/" -"PushProx." +"If you need to change the hostname of the {productname} Server, you can do " +"so using the [command]``spacewalk-hostname-rename`` script. This script " +"updates the settings in the PostgreSQL database and the internal structures " +"of {productname}." msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:325 -#, no-wrap -msgid "Reverse Proxy Setup" +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:4 +msgid "" +"The [command]``spacewalk-hostname-rename`` script is part of the " +"[package]``spacewalk-utils`` package." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:329 +#: modules/administration/pages/tshoot-hostname-rename.adoc:5 msgid "" -"Prometheus fetches metrics using a pull mechanism, so the server must be " -"able to establish TCP connections to each exporter on the monitored " -"clients. To simplify your firewall configuration, you can use reverse proxy " -"for your exporters. This way all metrics will be exposed on a single port." +"The only mandatory parameter for the script is the newly configured IP " +"address of the {productname} Server." msgstr "" -#. Probably a diagram here. --LKB 2020-08-11 #. type: Block title -#: modules/administration/pages/monitoring.adoc:334 +#: modules/administration/pages/tshoot-hostname-rename.adoc:6 #, no-wrap -msgid "Procedure: Installing Prometheus Exporters with Reverse Proxy" +msgid "Procedure: Renaming {productname} Server" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:336 +#: modules/administration/pages/tshoot-hostname-rename.adoc:7 msgid "" -"In the {productname} {webui}, open the details page of the system to be " -"monitored, and navigate to the [guimenu]``Formulas`` tab." +"Change the network settings of the server on the system level locally and " +"remotely at the DNS server." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:337 +#: modules/administration/pages/tshoot-hostname-rename.adoc:8 msgid "" -"Check the [guimenu]``Prometheus Exporters`` checkbox to enable the exporters " -"formula, and click btn:[Save]." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:338 -msgid "Navigate to the ``Prometheus Exporters`` tab in the top menu." +"You will also need to provide configuration settings for reverse name " +"resolution. Changing network settings is done in the same way as with " +"renaming any other system." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:340 +#: modules/administration/pages/tshoot-hostname-rename.adoc:9 msgid "" -"Check the [guimenu]``Enable reverse proxy`` option, and enter a valid " -"reverse proxy port number. For example, ``9999``." +"Reboot the {productname} Server to use the new network configuration and to " +"ensure the hostname has changed." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:341 -msgid "Customize the other exporters according to your needs." +#: modules/administration/pages/tshoot-hostname-rename.adoc:10 +msgid "Remove the old [package]``rhn-org-httpd-ssl-key-pair`` package:" msgstr "" -#. type: Title = -#: modules/administration/pages/openscap.adoc:2 +#. type: delimited block - +#: modules/administration/pages/tshoot-hostname-rename.adoc:11 #, no-wrap -msgid "System Security with OpenSCAP" +msgid "zypper rm package rhn-org-httpd-ssl-key-pair\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:7 +#: modules/administration/pages/tshoot-hostname-rename.adoc:12 msgid "" -"{productname} uses OpenSCAP to audit clients. It allows you to schedule and " -"view compliance scans for any client." +"Run the script [command]``spacewalk-hostname-rename`` script with the public " +"IP address of the server." msgstr "" -#. type: delimited block = -#: modules/administration/pages/openscap.adoc:11 -msgid "OpenSCAP auditing is not available on Salt SSH clients." +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:13 +msgid "If the server is not using the new hostname, the script will fail." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:14 +#: modules/administration/pages/tshoot-hostname-rename.adoc:14 msgid "" -"To use openSCAP, you will need the [systemitem]``spacewalk-oscap`` package " -"installed on the clients you want to audit." -msgstr "" - -#. type: Title == -#: modules/administration/pages/openscap.adoc:17 -#, no-wrap -msgid "About SCAP" +"Re-configure your clients to make your environment aware of the new hostname " +"and IP address." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:21 +#: modules/administration/pages/tshoot-hostname-rename.adoc:15 msgid "" -"The Security Certification and Authorization Package (SCAP) is a " -"standardized compliance checking solution for enterprise-level Linux " -"infrastructures. It is a line of specifications maintained by the National " -"Institute of Standards and Technology (NIST) for maintaining system security " -"for enterprise systems." +"In the Salt minion configuration file [path]``/etc/salt/minion``, you must " +"make sure to specify the name of the new Salt master ({productname} Server):" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-hostname-rename.adoc:16 +#, no-wrap +msgid "master: \n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:25 +#: modules/administration/pages/tshoot-hostname-rename.adoc:17 msgid "" -"SCAP was created to provide a standardized approach to maintaining system " -"security, and the standards that are used will therefore continually change " -"to meet the needs of the community and enterprise businesses. New " -"specifications are governed by NIST's SCAP Release cycle to provide a " -"consistent and repeatable revision work flow. For more information, see " -"http://scap.nist.gov/timeline.html." +"Traditional clients have the [path]``/etc/sysconfig/rhn/up2date`` " +"configuration file that must be changed. With a re-activation key you can " +"re-register traditional clients (if there are any). For more information, " +"see xref:client-configuration:registration-cli.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:30 -msgid "" -"{productname} uses OpenSCAP to implement the SCAP specifications. OpenSCAP " -"is an auditing tool that utilizes the Extensible Configuration Checklist " -"Description Format (XCCDF). XCCDF is a standard way of expressing checklist " -"content and defines security checklists. It also combines with other " -"specifications such as Common Platform Enumeration (CPE), Common " -"Configuration Enumeration (CCE), and Open Vulnerability and Assessment " -"Language (OVAL), to create a SCAP-expressed checklist that can be processed " -"by SCAP-validated products." +#: modules/administration/pages/tshoot-hostname-rename.adoc:18 +msgid "" +"OPTIONAL: If you use PXE boot through a {productname} Proxy, you must check " +"the configuration settings of the proxy." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:34 +#: modules/administration/pages/tshoot-hostname-rename.adoc:19 msgid "" -"OpenSCAP verifies the presence of patches by using content produced by the " -"{suse} Security Team. OpenSCAP checks system security configuration " -"settings and examines systems for signs of compromise by using rules based " -"on standards and specifications. For more information about the {suse} " -"Security Team, see https://www.suse.com/support/security." +"On the proxy, run the [command]``configure-tftpsync.sh`` setup script and " +"enter the requested information. For more information, see xref:" +"installation:proxy-setup.adoc[]." msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:37 +#. type: Title = +#: modules/administration/pages/tshoot-inactiveclients.adoc:1 #, no-wrap -msgid "Prepare Clients for an SCAP Scan" +msgid "Troubleshooting Inactive clients" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/openscap.adoc:41 +#: modules/administration/pages/tshoot-inactiveclients.adoc:2 msgid "" -"Before you begin, you need to prepare your client systems for SCAP " -"scanning. Ensure clients have the ``openscap-content`` and ``openscap-" -"utils`` packages installed before you begin." +"A Taskomatic job periodically pings clients to ensure they are connected. " +"Clients are considered inactive if they have not responded to a Taskomatic " +"check in for 24 hours or more. To see a list of inactive clients in the " +"{webui}, navigate to menu:Systems[System List > Inactive]." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:45 -msgid "" -"Use this command to determine the location of the appropriate SCAP files. " -"Take a note of these paths for performing the scan:" +#: modules/administration/pages/tshoot-inactiveclients.adoc:3 +msgid "Clients can become inactive for a number of reasons:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/openscap.adoc:48 -#, no-wrap -msgid "rpm -ql openscap-content\n" +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:4 +msgid "The client is not entitled to any {productname} service." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:51 -msgid "The output should include these files:" +#: modules/administration/pages/tshoot-inactiveclients.adoc:5 +msgid "" +"If the client remains unentitled for 180 days (6 months), it is removed." msgstr "" -#. type: delimited block - -#: modules/administration/pages/openscap.adoc:57 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:6 msgid "" -"/usr/share/openscap/scap-oval.xml\n" -"/usr/share/openscap/scap-xccdf.xml\n" -"/usr/share/openscap/scap-yast2sec-oval.xml\n" -"/usr/share/openscap/scap-yast2sec-xccdf.xml\n" +"On traditional clients, the [clientitem]``rhnsd`` service has been disabled." msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:61 -#, no-wrap -msgid "OpenSCAP Content Files" +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:7 +msgid "The client is behind a firewall that does not allow HTTPS connections." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:8 +msgid "The client is behind a proxy that is misconfigured." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:68 +#: modules/administration/pages/tshoot-inactiveclients.adoc:9 msgid "" -"OpenSCAP uses SCAP content files to define test rules. These content files " -"are created based on the XCCDF or OVAL standards. You can download publicly " -"available content files and customize it to your requirements. You can " -"install the ``openscap-content`` package for default content file " -"templates. Alternatively, if you are familiar with XCCDF or OVAL, you can " -"create your own content files." +"The client is communicating with a different {productname} Server, or the " +"connection has been misconfigured." msgstr "" -#. type: delimited block = -#: modules/administration/pages/openscap.adoc:75 +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:10 msgid "" -"We recommend you use templates to create your SCAP content files. If you " -"create and use your own custom content files, you do so at your own risk. " -"If your system becomes damaged through the use of custom content files, you " -"might not be supported by {suse}." +"The client is not in a network that can communicate with the " +"{productname} Server." msgstr "" -#. ke 2013-08-28: Do we have SCAP content providers? Such as: The United States Government -#. Configuration Baseline (USGCB) for RHEL5 Desktop or Community-provided content (openscap-content -#. package)? For more info, see -#. https://access.redhat.com/site/documentation/en-US/Red_Hat_Network_Satellite/5.5/html/User_Guide/chap-Red_Hat_Network_Satellite-User_Guide-OpenSCAP.html # -#. I think this question is still valid. Who should we contact? LKB 2020-02-06 #. type: Plain text -#: modules/administration/pages/openscap.adoc:88 +#: modules/administration/pages/tshoot-inactiveclients.adoc:11 msgid "" -"When you have created your content files, you need to transfer the file to " -"the client. You can do this in the same way as you move any other file, " -"using physical storage media, or across a network with [command]``ftp`` or " -"[command]``scp``." +"A firewall is blocking traffic between the client and the {productname} " +"Server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:12 +msgid "Taskomatic is misconfigured." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:92 +#: modules/administration/pages/tshoot-inactiveclients.adoc:13 msgid "" -"We recommend that you create a package to distribute content files to " -"clients that you are managing with {productname}. Packages can be signed " -"and verified to ensure their integrity. For more information, see xref:" -"administration:custom-channels.adoc[]." +"For more information about client connections to the server, see xref:client-" +"configuration:contact-methods-intro.adoc[]." msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:95 -#, no-wrap -msgid "Perform an Audit Scan" +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:14 +msgid "" +"For more information about configuring ports, see xref:installation:ports." +"adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:100 +#: modules/administration/pages/tshoot-inactiveclients.adoc:15 msgid "" -"When you have transferred your content files, you can perform audit scans. " -"Audit scans can be triggered using the {productname} {webui}. You can also " -"use the {productname} API to schedule regular scans." +"For more information about troubleshooting firewalls, see xref:" +"administration:tshoot-firewalls.adoc[]." msgstr "" -#. type: Block title -#: modules/administration/pages/openscap.adoc:101 +#. type: Title = +#: modules/administration/pages/tshoot-registerclones.adoc:1 #, no-wrap -msgid "Procedure: Running an Audit Scan from the {webui}" +msgid "Troubleshooting Registering Cloned Clients" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/openscap.adoc:103 +#: modules/administration/pages/tshoot-registerclones.adoc:2 msgid "" -"In the {productname} {webui}, navigate to menu:Systems[Systems List] and " -"select the client you want to scan." +"If you are using {productname} to manage virtual machines, you might find it " +"useful to create clones of your VMs. A clone is a VM that uses a primary " +"disk that is an exact copy of an existing disk." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:104 +#: modules/administration/pages/tshoot-registerclones.adoc:3 msgid "" -"Navigate to the [guimenu]``Audit`` tab, and the [guimenu]``Schedule`` subtab." +"While cloning VMs can save you a lot of time, the duplicated identifying " +"information on the disk can sometimes cause problems." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:106 +#: modules/administration/pages/tshoot-registerclones.adoc:4 msgid "" -"In the [guimenu]``Path to XCCDF Document`` field, enter the path to the " -"XCCDF content file on the client. For example: [path]``/usr/share/openscap/" -"scap-yast2sec-xccdf.xml``" +"If you have a client that is already registered, you create a clone of that " +"client, and then try and register the clone, you probably want {productname} " +"to register them as two separate clients. However, if the machine ID in " +"both the original client and the clone is the same, {productname} will " +"register both clients as one system, and the existing client data will be " +"over-written with that of the clone." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:107 -msgid "The scan will run at the client's next scheduled synchronization." +#: modules/administration/pages/tshoot-registerclones.adoc:5 +msgid "" +"This can be resolved by changing the machine ID of the clone, so that " +"{productname} recognizes them as two different clients." msgstr "" #. type: delimited block = -#: modules/administration/pages/openscap.adoc:113 +#: modules/administration/pages/tshoot-registerclones.adoc:6 msgid "" -"The XCCDF content file is validated before it is run on the remote system. " -"If the content file includes invalid arguments, the test will fail." +"Each step of this procedure is performed on the cloned client. This " +"procedure does not manipulate the original client, which will still be " +"registered to {productname}." msgstr "" #. type: Block title -#: modules/administration/pages/openscap.adoc:117 +#: modules/administration/pages/tshoot-registerclones.adoc:7 #, no-wrap -msgid "Procedure: Running an Audit Scan from the API" +msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Salt Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:119 -msgid "" -"Before you begin, ensure that the client to be scanned has Python and XML-" -"RPC libraries installed." +#: modules/administration/pages/tshoot-registerclones.adoc:8 +#: modules/administration/pages/tshoot-registerclones.adoc:21 +msgid "On the cloned machine, change the hostname and IP addresses." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:121 -msgid "" -"Choose an existing script or create a script for scheduling a system scan " -"through ``system.scap.scheduleXccdfScan``. For example:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/openscap.adoc:129 -#, no-wrap +#: modules/administration/pages/tshoot-registerclones.adoc:9 +#: modules/administration/pages/tshoot-registerclones.adoc:22 msgid "" -"#!/usr/bin/python\n" -"client = xmlrpclib.Server('https://spacewalk.example.com/rpc/api')\n" -"key = client.auth.login('username', 'password')\n" -"client.system.scap.scheduleXccdfScan(key, <1000010001>,\n" -" '',\n" -" '--profile ')\n" +"Make sure [path]``/etc/hosts`` contains the changes you made and the correct " +"host entries." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:132 -msgid "In this example:" +#: modules/administration/pages/tshoot-registerclones.adoc:10 +msgid "" +"For distributions that support systemd: If your machines have the same " +"machine ID, delete the file on each duplicated client and re-create it:" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:133 -msgid "``<1000010001>`` is the system ID (sid)." +#: modules/administration/pages/tshoot-registerclones.adoc:12 +msgid "" +"For distributions that do not support systemd: Generate a machine ID from " +"dbus:" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:135 +#: modules/administration/pages/tshoot-registerclones.adoc:14 msgid "" -"```` is the path to the content file location on the " -"client. For example, [path]``/usr/local/share/scap/usgcb-sled15desktop-" -"xccdf.xml``." +"If your clients still have the same Salt client ID, delete the " +"[path]``minion_id`` file on each client (FQDN will be used when it is " +"regenerated on client restart):" msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:137 -msgid "" -"```` is an additional argument for the [command]``oscap`` " -"command. For example, use " -"``united_states_government_configuration_baseline`` (USGCB)." +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:15 +#, no-wrap +msgid "# rm /etc/salt/minion_id\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:138 -msgid "Run the script on the client you want to scan, from the command prompt." +#: modules/administration/pages/tshoot-registerclones.adoc:16 +msgid "" +"Delete accepted keys from the onboarding page and the system profile from " +"{productname}, and restart the client with:" msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:141 +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:17 #, no-wrap -msgid "Scan Results" +msgid "# service salt-minion restart\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:147 -msgid "" -"Information about the scans you have run is in the {productname} {webui}. " -"Navigate to to menu:Audit[OpenSCAP > All Scans] for a table of results. For " -"more information about the data in this table, see xref:reference:audit/" -"openscap-all-scans.adoc[]." +#: modules/administration/pages/tshoot-registerclones.adoc:18 +msgid "Re-register the clients." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:153 +#: modules/administration/pages/tshoot-registerclones.adoc:19 msgid "" -"To ensure that detailed information about scans is available, you need to " -"enable it on the client. In the {productname} {webui}, navigate to menu:" -"Admin[Organizations] and click on the organization the client is a part of. " -"Navigate to the [guimenu]``Configuration`` tab, and check the " -"[guimenu]``Enable Upload of Detailed SCAP Files`` option. When enabled, " -"this generates an additional HTML file on every scan, which contains extra " -"information. The results will show an extra line similar to this:" +"Each client will now have a different [path]``/etc/machine-id`` and should " +"be correctly displayed on the [guimenu]``System Overview`` page." msgstr "" -#. type: delimited block - -#: modules/administration/pages/openscap.adoc:156 +#. type: Block title +#: modules/administration/pages/tshoot-registerclones.adoc:20 #, no-wrap -msgid "Detailed Results: xccdf-report.html xccdf-results.xml scap-yast2sec-oval.xml.result.xml\n" +msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Traditional Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:160 +#: modules/administration/pages/tshoot-registerclones.adoc:23 msgid "" -"To retrieve scan information from the command line, use the " -"[command]``spacewalk-report`` command:" +"Stop the [systemitem]``rhnsd`` daemon, on {rhnminrelease6} and {sle} 11 with:" msgstr "" #. type: delimited block - -#: modules/administration/pages/openscap.adoc:165 +#: modules/administration/pages/tshoot-registerclones.adoc:24 #, no-wrap -msgid "" -"spacewalk-report system-history-scap\n" -"spacewalk-report scap-scan\n" -"spacewalk-report scap-scan-results\n" +msgid "# /etc/init.d/rhnsd stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:169 -msgid "" -"You can also use the {productname} API to view results, with the ``system." -"scap`` handler." +#: modules/administration/pages/tshoot-registerclones.adoc:25 +msgid "or, on newer systemd-based systems, with:" msgstr "" -#. type: Title = -#: modules/administration/pages/public-cloud.adoc:2 +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:26 #, no-wrap -msgid "Public Cloud" +msgid "# service rhnsd stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:7 -msgid "" -"Some public cloud environments provide images for {productname} Server and " -"Proxy. This section discusses what you will need for running {productname} " -"in a public cloud, and how to set up your installation." +#: modules/administration/pages/tshoot-registerclones.adoc:27 +msgid "Stop [systemitem]``osad`` with:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/public-cloud.adoc:13 -msgid "" -"Public clouds provide {productname} under a Bring Your Own Subscription " -"(BYOS) model. This means that you must register them with the {scc}. For " -"more information about registering {productname} with {scc}, see xref:" -"installation:general-requirements.adoc[]." +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:28 +#, no-wrap +msgid "# /etc/init.d/osad stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:16 -msgid "" -"Depending on the public cloud network you are using, you can locate the " -"{productname} installation images by searching for the keywords " -"[package]``suse``, [package]``manager``, [package]``proxy``, or " -"[package]``BYOS``." +#: modules/administration/pages/tshoot-registerclones.adoc:29 +#: modules/administration/pages/tshoot-registerclones.adoc:31 +msgid "or:" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:18 -msgid "" -"For ``SUSE Manager Server in Azure``, see xref:administration:public-cloud-" -"azure.adoc[]." +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:30 +#, no-wrap +msgid "# service osad stop\n" msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud.adoc:21 +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:32 #, no-wrap -msgid "Instance Requirements" +msgid "# rcosad stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:24 +#: modules/administration/pages/tshoot-registerclones.adoc:33 msgid "" -"Select a public cloud instance that meets the hardware requirements in xref:" -"installation:hardware-requirements.adoc[]." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:26 -msgid "In addition, be aware of these considerations:" +"Remove the [systemitem]``osad`` authentication configuration file and the " +"system ID:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:30 -msgid "" -"The {productname} setup procedure performs a forward-confirmed reverse DNS " -"lookup. This must succeed in order for the setup procedure to complete " -"successfully and for {productname} to operate as expected. Therefore, it is " -"important to perform hostname and IP configuration prior to running the " -"{productname} setup procedure." +#: modules/administration/pages/tshoot-registerclones.adoc:35 +msgid "Delete the files containing the machine IDs:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:34 -msgid "" -"{productname} Server and Proxy instances are expected to run in a network " -"configuration that provides you control over DNS entries, but cannot access " -"the wider internet. Within this network configuration DNS resolution must " -"be provided: `hostname -f` must return the fully-qualified domain name " -"(FQDN). DNS resolution is also important for connecting clients. DNS is " -"dependent on the cloud framework you choose, refer to the cloud service " -"provider documentation for detailed instructions." +#: modules/administration/pages/tshoot-registerclones.adoc:36 +msgid "SLES{nbsp}12:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:37 -msgid "" -"We recommend that you locate software repositories, the server database, and " -"the proxy squid cache on an external virtual disk. This prevents data loss " -"if the instance is unexpectedly terminated. Instructions for setting up an " -"external virtual disk are contained in this section." +#: modules/administration/pages/tshoot-registerclones.adoc:38 +msgid "SLES{nbsp}11:" msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud.adoc:40 +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:39 #, no-wrap -msgid "Network Setup" +msgid "# suse_register -E\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:44 -msgid "" -"On a public cloud service, you must run {productname} within a restricted " -"network, such as VPC private subnet with an appropriate firewall setting. " -"The instance must only be able to be accessed by machines in your specified " -"IP ranges." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/public-cloud.adoc:48 -msgid "" -"A world-accessible {productname} instance violates the terms of the " -"{productname} EULA, and it will not be supported by {suse}." +#: modules/administration/pages/tshoot-registerclones.adoc:40 +msgid "Remove the credential files:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:51 -msgid "" -"To access the {productname} {webui}, allow HTTPS when you set up your " -"networking environment." +#: modules/administration/pages/tshoot-registerclones.adoc:41 +msgid "SLES clients:" msgstr "" -#. type: Title === -#: modules/administration/pages/public-cloud.adoc:54 +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:42 #, no-wrap -msgid "Set the Hostname" +msgid "# rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:58 -msgid "" -"{productname} requires a stable and reliable hostname. Changing the " -"hostname at a later point can create errors." +#: modules/administration/pages/tshoot-registerclones.adoc:43 +msgid "{rhel} clients:" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:61 -msgid "" -"In most public cloud environments, the method shown in this section will " -"work correctly. However, you will have to perform the same modification for " -"every client." +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:44 +#, no-wrap +msgid "# rm -f /etc/NCCcredentials\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:63 -msgid "" -"You might prefer to manage DNS resolution by creating a DNS entry in your " -"network environment instead." +#: modules/administration/pages/tshoot-registerclones.adoc:45 +msgid "Re-run the bootstrap script." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:67 +#: modules/administration/pages/tshoot-registerclones.adoc:46 msgid "" -"You can also manage hostname resolution by editing the [path]``/etc/resolv." -"conf`` file. Depending on the order of your setup, if you start the " -"{productname} instance prior to setting up DNS services the file may not " -"contain the appropriate [systemitem]``search`` directive. Check that the " -"proper search directive exists in [path]``/etc/resolv.conf`` and add it if " -"it is missing." +"You should now see the cloned system in {productname} without overriding the " +"system it was cloned from." msgstr "" -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:68 +#. type: Title = +#: modules/administration/pages/tshoot-saltboot.adoc:1 #, no-wrap -msgid "Procedure: Setting the hostname locally" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:71 -msgid "" -"Disable hostname setup by editing the DHCP configuration file at [path]``/" -"etc/sysconfig/network/dhcp``, and adding this line:" +msgid "Troubleshooting the Saltboot Formula" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:78 +#: modules/administration/pages/tshoot-saltboot.adoc:2 msgid "" -"Set the hostname locally with the [command]``hostnamectl`` command. Ensure " -"you use the system name, not the FQDN. For example, if the FQDN is " -"[path]``system_name.example.com``, the system name is [path]``system_name``, " -"and the domain name is [path]``example.com``." +"Because of a problem in the computed partition size value, the saltboot " +"formula can sometimes fail when it is created on SLE{nbsp}11 SP3 clients, " +"with an error like this:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:81 +#: modules/administration/pages/tshoot-saltboot.adoc:3 #, no-wrap -msgid "# hostnamectl set-hostname system_name\n" +msgid "" +" ID: disk1_partitioned\n" +" Function: saltboot.partitioned\n" +" Name: disk1\n" +" Result: false\n" +" Comment: An exception occurred in this state: Traceback (most recent call last):\n" +" File \"/usr/lib/python2.6/site-packages/salt/state.py\", line 1767, in call\n" +" **cdata['kwargs'])\n" +" File \"/usr/lib/python2.6/site-packages/salt/loader.py\", line 1705, in wrapper\n" +" return f(*args, **kwargs)\n" +" File \"/var/cache/salt/minion/extmods/states/saltboot.py\", line 393, in disk_partitioned\n" +" existing = __salt__['partition.list'](device, unit='MiB')\n" +" File \"/usr/lib/python2.6/site-packages/salt/modules/parted.py\", line 177, in list_\n" +" 'Problem encountered while parsing output from parted')\n" +"CommandExecutionError: Problem encountered while parsing output from parted\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:84 +#: modules/administration/pages/tshoot-saltboot.adoc:4 msgid "" -"Create a DNS entry in your network environment for domain name resolution, " -"or force correct resolution by editing the [path]``/etc/hosts`` file. You " -"can find the IP address by checking your public cloud web console, or from " -"the command line:" +"This problem can be resolved by manually configuring the size of the " +"partition containing the operating system. When the size is set correctly, " +"formula creation will work as expected." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:87 -msgid "Amazon EC2 instance:" +#. type: Block title +#: modules/administration/pages/tshoot-saltboot.adoc:5 +#, no-wrap +msgid "Procedure: Manually Configuring the Partition Size in the Saltboot Formula" msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:90 -#, no-wrap -msgid "# ec2metadata --local-ipv4\n" +#. type: Plain text +#: modules/administration/pages/tshoot-saltboot.adoc:6 +msgid "" +"In the {productname} {webui}, navigate to menu:Systems[System Groups] and " +"select the ``Hardware Type Group`` that contains the SLE{nbsp}11 SP3 client " +"that is causing the error." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:92 -msgid "Google Compute Engine:" +#: modules/administration/pages/tshoot-saltboot.adoc:7 +msgid "" +"In the [guimenu]``Formulas`` tab, navigate to the [guimenu]``Saltboot`` " +"subtab." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:95 -#, no-wrap -msgid "# gcemetadata --query instance --network-interfaces --ip\n" +#. type: Plain text +#: modules/administration/pages/tshoot-saltboot.adoc:8 +msgid "" +"Locate the partition that contains the operating system, and in the " +"[guimenu]``Partition Size`` field, type the appropriate size (in MiB)." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:97 -msgid "Microsoft Azure:" +#: modules/administration/pages/tshoot-saltboot.adoc:9 +msgid "Click btn:[Save Formula], and apply the highstate to save your changes." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:100 +#. type: Title = +#: modules/administration/pages/openscap.adoc:1 #, no-wrap -msgid "# azuremetadata --internal-ip\n" +msgid "System Security with OpenSCAP" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:104 +#: modules/administration/pages/openscap.adoc:2 msgid "" -"In the following command, replace [literal]```` with IP address " -"you retrieve from the command line above:" +"{productname} uses OpenSCAP to audit clients. It allows you to schedule and " +"view compliance scans for any client." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:108 -#, no-wrap -msgid "# echo \" suma.cloud.net suma\" >> /etc/hosts\n" +#. type: delimited block = +#: modules/administration/pages/openscap.adoc:3 +msgid "OpenSCAP auditing is not available on Salt SSH clients." msgstr "" -#. type: Title === -#: modules/administration/pages/public-cloud.adoc:111 -#, no-wrap -msgid "Set up DNS Resolution" +#. type: delimited block = +#: modules/administration/pages/openscap.adoc:4 +msgid "" +"Scanning clients can consume a lot of memory and compute power on the client " +"being scanned. For {redhat} clients, ensure you have at least 2{nbsp}GB of " +"RAM available on each client to be scanned." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:115 -msgid "" -"You will need to update the DNS records for the instance within the DNS " -"service of your network environment. Refer to the cloud service provider " -"documentation for detailed instructions:" +#. type: Title == +#: modules/administration/pages/openscap.adoc:5 +#, no-wrap +msgid "About SCAP" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:117 +#: modules/administration/pages/openscap.adoc:6 msgid "" -"http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html[DNS setup " -"on Amazon EC2]" +"The Security Certification and Authorization Package (SCAP) is a " +"standardized compliance checking solution for enterprise-level Linux " +"infrastructures. It is a line of specifications maintained by the National " +"Institute of Standards and Technology (NIST) for maintaining system security " +"for enterprise systems." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:118 +#: modules/administration/pages/openscap.adoc:7 msgid "" -"https://cloud.google.com/compute/docs/networking[DNS setup on Google Compute " -"Engine]" +"SCAP was created to provide a standardized approach to maintaining system " +"security, and the standards that are used will therefore continually change " +"to meet the needs of the community and enterprise businesses. New " +"specifications are governed by NIST's SCAP Release cycle to provide a " +"consistent and repeatable revision work flow. For more information, see " +"http://scap.nist.gov/timeline.html." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:119 +#: modules/administration/pages/openscap.adoc:8 msgid "" -"https://azure.microsoft.com/en-us/documentation/articles/dns-operations-" -"recordsets[DNS setup on Microsoft Azure]" +"{productname} uses OpenSCAP to implement the SCAP specifications. OpenSCAP " +"is an auditing tool that utilizes the Extensible Configuration Checklist " +"Description Format (XCCDF). XCCDF is a standard way of expressing checklist " +"content and defines security checklists. It also combines with other " +"specifications such as Common Platform Enumeration (CPE), Common " +"Configuration Enumeration (CCE), and Open Vulnerability and Assessment " +"Language (OVAL), to create a SCAP-expressed checklist that can be processed " +"by SCAP-validated products." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:122 +#: modules/administration/pages/openscap.adoc:9 msgid "" -"If you run a {productname} Server instance, ensure the external storage is " -"attached and prepared correctly, and that DNS resolution is set up as " -"described. Start the ``susemanager_setup`` with {yast}:" +"OpenSCAP verifies the presence of patches by using content produced by the " +"{suse} Security Team. OpenSCAP checks system security configuration " +"settings and examines systems for signs of compromise by using rules based " +"on standards and specifications. For more information about the {suse} " +"Security Team, see https://www.suse.com/support/security." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:125 +#. type: Title == +#: modules/administration/pages/openscap.adoc:10 #, no-wrap -msgid "# /sbin/yast2 susemanager_setup\n" +msgid "Prepare Clients for an SCAP Scan" msgstr "" -#. No need to duplicate this, since it exists within the docs suite. LKB 2019-05-29 -#. Uncommenting, as it turns out some of this content is unique. Will need a more surgical look. LKB 2019-08-02 #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:136 +#: modules/administration/pages/openscap.adoc:11 msgid "" -"The {productname} setup procedure in YaST is designed as a one pass process " -"with no rollback or cleanup capability. Therefore, if the setup procedure " -"is interrupted or ends with an error, it is not recommended that you repeat " -"the setup process or attempts to manually fix the configuration. These " -"methods are likely to result in a faulty {productname} installation. If you " -"experience errors during setup, start a new instance, and begin the setup " -"procedure again on a clean system." +"Before you begin, you need to prepare your client systems for SCAP scanning." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:138 +#: modules/administration/pages/openscap.adoc:12 msgid "" -"If you receive a message that there is not enough space available for setup, " -"ensure that your root volume is at least 20 GB and double check that the " -"instructions in <> have been completed " -"correctly." +"For scanning {sles} clients, install the ``openscap-content`` and ``openscap-" +"utils`` packages before you begin. Use this command to determine the " +"location of the appropriate SCAP files. Take a note of the file paths for " +"performing the scan:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/openscap.adoc:13 +#, no-wrap +msgid "rpm -ql openscap-content\n" msgstr "" -# -# -# -# -#. REMARK check this; will it still work for sle 15? -#. Commented out per https://github.com/SUSE/spacewalk/issues/8951 LKB 2019-08-06 -#. {productname} Server for the public cloud comes with a bootstrap data module pre-installed. -#. The bootstrap module contains optimized package lists for bootstrapping instances started from {sle} images published by {suse}. -#. If you intend to register such an instance, when you create the bootstrap repository run the [command]``mgr-create-bootstrap-repo`` script using this command, to create a bootstrap repository suitable for {sle} 12 SP1 instances. -#. ---- -#. $ mgr-create-bootstrap-repo --datamodule=mgr_pubcloud_bootstrap_data -c SLE-12-SP1-x86_64 -#. ---- -#. See xref:client-configuration:creating-a-tools-repository.adoc[] for more information on bootstrapping. #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:156 +#: modules/administration/pages/openscap.adoc:14 msgid "" -"Prior to registering instances started from on demand images remove the " -"following packages from the instance to be registered:" +"For scanning {redhat} clients, install the ``scap-security-guide`` and " +"``openscap-utils`` packages before you begin. Use this command to determine " +"the location of the appropriate SCAP files. Take a note of the file paths " +"for performing the scan:" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:157 -msgid "cloud-regionsrv-client" +#. type: delimited block - +#: modules/administration/pages/openscap.adoc:15 +#, no-wrap +msgid "rpm -ql scap-security-guide\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:158 +#. type: Title == +#: modules/administration/pages/openscap.adoc:16 #, no-wrap -msgid "*For Amazon EC2*\n" +msgid "OpenSCAP Content Files" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:160 -msgid "regionServiceClientConfigEC2" +#: modules/administration/pages/openscap.adoc:17 +msgid "" +"OpenSCAP uses SCAP content files to define test rules. These content files " +"are created based on the XCCDF or OVAL standards. You can download publicly " +"available content files and customize it to your requirements. You can " +"install the ``openscap-content`` package for default content file " +"templates. Alternatively, if you are familiar with XCCDF or OVAL, you can " +"create your own content files." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:162 -msgid "regionServiceCertsEC2" +#. type: delimited block = +#: modules/administration/pages/openscap.adoc:18 +msgid "" +"We recommend you use templates to create your SCAP content files. If you " +"create and use your own custom content files, you do so at your own risk. " +"If your system becomes damaged through the use of custom content files, you " +"might not be supported by {suse}." msgstr "" +#. ke 2013-08-28: Do we have SCAP content providers? Such as: The United States Government +#. Configuration Baseline (USGCB) for RHEL5 Desktop or Community-provided content (openscap-content +#. package)? For more info, see +#. https://access.redhat.com/site/documentation/en-US/Red_Hat_Network_Satellite/5.5/html/User_Guide/chap-Red_Hat_Network_Satellite-User_Guide-OpenSCAP.html # +#. I think this question is still valid. Who should we contact? LKB 2020-02-06 #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:163 -#, no-wrap -msgid "*For Google Compute Engine*\n" +#: modules/administration/pages/openscap.adoc:19 +msgid "" +"When you have created your content files, you need to transfer the file to " +"the client. You can do this in the same way as you move any other file, " +"using physical storage media, or across a network with [command]``ftp`` or " +"[command]``scp``." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:165 -msgid "cloud-regionsrv-client-plugin-gce" +#: modules/administration/pages/openscap.adoc:20 +msgid "" +"We recommend that you create a package to distribute content files to " +"clients that you are managing with {productname}. Packages can be signed " +"and verified to ensure their integrity. For more information, see xref:" +"administration:custom-channels.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:167 -msgid "regionServiceClientConfigGCE" +#. type: Title == +#: modules/administration/pages/openscap.adoc:21 +#, no-wrap +msgid "Perform an Audit Scan" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:169 -msgid "regionServiceCertsGCE" +#: modules/administration/pages/openscap.adoc:22 +msgid "" +"When you have transferred your content files, you can perform audit scans. " +"Audit scans can be triggered using the {productname} {webui}. You can also " +"use the {productname} API to schedule regular scans." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:170 +#. type: Block title +#: modules/administration/pages/openscap.adoc:23 #, no-wrap -msgid "*For Microsoft Azure*\n" +msgid "Procedure: Running an Audit Scan from the {webui}" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:172 -msgid "regionServiceClientConfigAzure" +#: modules/administration/pages/openscap.adoc:24 +msgid "" +"In the {productname} {webui}, navigate to menu:Systems[Systems List] and " +"select the client you want to scan." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:174 -msgid "regionServiceCertsAzure" +#: modules/administration/pages/openscap.adoc:25 +msgid "" +"Navigate to the [guimenu]``Audit`` tab, and the [guimenu]``Schedule`` subtab." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:177 +#: modules/administration/pages/openscap.adoc:26 msgid "" -"If these packages are not removed it is possible to create interference " -"between the repositories provided by {productname} and the repositories " -"provided by the SUSE operated update infrastructure." +"In the [guimenu]``Path to XCCDF Document`` field, enter the path to the " +"XCCDF content file on the client. For example: [path]``/usr/share/openscap/" +"scap-yast2sec-xccdf.xml``" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:180 +#: modules/administration/pages/openscap.adoc:27 +msgid "The scan will run at the client's next scheduled synchronization." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/openscap.adoc:28 msgid "" -"Additionally remove the line from the [path]``/etc/hosts`` file that " -"contains the *susecloud.net* reference." +"The XCCDF content file is validated before it is run on the remote system. " +"If the content file includes invalid arguments, the test will fail." +msgstr "" + +#. type: Block title +#: modules/administration/pages/openscap.adoc:29 +#, no-wrap +msgid "Procedure: Running an Audit Scan from the API" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:181 -msgid "If you run a {productname} Proxy instance" +#: modules/administration/pages/openscap.adoc:30 +msgid "" +"Before you begin, ensure that the client to be scanned has Python and XML-" +"RPC libraries installed." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:188 +#: modules/administration/pages/openscap.adoc:31 msgid "" -"Launch the instance, optionally with external storage configured. If you " -"use external storage (recommended), prepare it according to <>. It is recommended but not required to prepare the storage " -"before configuring {productname} proxy, as the suma-storage script will " -"migrate any existing cached data to the external storage. After preparing " -"the instance, register the system with the parent SUSE Manager, which could " -"be a {productname} Server or another {productname} Proxy. See the xref:" -"installation:proxy-setup.adoc[] for details. When registered, configure " -"your {productname} Proxy instance with this script:" +"Choose an existing script or create a script for scheduling a system scan " +"through ``system.scap.scheduleXccdfScan``. For example:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:191 +#: modules/administration/pages/openscap.adoc:32 #, no-wrap -msgid "/usr/sbin/configure-proxy.sh\n" +msgid "" +"#!/usr/bin/python\n" +"client = xmlrpclib.Server('https://spacewalk.example.com/rpc/api')\n" +"key = client.auth.login('username', 'password')\n" +"client.system.scap.scheduleXccdfScan(key, <1000010001>,\n" +" '',\n" +" '--profile ')\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/openscap.adoc:33 +msgid "In this example:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/openscap.adoc:34 +msgid "``<1000010001>`` is the system ID (sid)." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:194 +#: modules/administration/pages/openscap.adoc:35 msgid "" -"When the script has completed, {productname} should be functional and " -"running. For {productname} Server, the setup process created an " -"administrator user with this user name:" +"```` is the path to the content file location on the " +"client. For example, [path]``/usr/local/share/scap/usgcb-sled15desktop-" +"xccdf.xml``." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:196 -msgid "User name: `admin`" +#: modules/administration/pages/openscap.adoc:36 +msgid "" +"```` is an additional argument for the [command]``oscap`` " +"command. For example, use " +"``united_states_government_configuration_baseline`` (USGCB)." msgstr "" -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:198 -#, no-wrap -msgid "Account credentials for admin user" +#. type: Plain text +#: modules/administration/pages/openscap.adoc:37 +msgid "Run the script on the client you want to scan, from the command prompt." msgstr "" -#. type: Table -#: modules/administration/pages/public-cloud.adoc:220 +#. type: Title == +#: modules/administration/pages/openscap.adoc:38 #, no-wrap -msgid "" -"|\n" -" Amazon EC2\n" -"\n" -"|\n" -" Google Compute Engine\n" -"\n" -"|\n" -" Microsoft Azure\n" -"\n" -"\n" -"|\n" -"\n" -"[replaceable]``Instance-ID``\n" -"|\n" -"\n" -"[replaceable]``Instance-ID``\n" -"|\n" -"\n" -"[replaceable]``Instance-Name``**-suma**\n" +msgid "Scan Results" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:223 +#: modules/administration/pages/openscap.adoc:39 msgid "" -"The current value for the [replaceable]``Instance-ID`` or " -"[replaceable]``Instance-Name`` in case of the Azure Cloud, can be obtained " -"from the public cloud Web console or from within a terminal session as " -"follows:" +"Information about the scans you have run is in the {productname} {webui}. " +"Navigate to to menu:Audit[OpenSCAP > All Scans] for a table of results. For " +"more information about the data in this table, see xref:reference:audit/" +"openscap-all-scans.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:224 -msgid "Obtain instance id from within Amazon EC2 instance" +#: modules/administration/pages/openscap.adoc:40 +msgid "" +"To ensure that detailed information about scans is available, you need to " +"enable it on the client. In the {productname} {webui}, navigate to menu:" +"Admin[Organizations] and click on the organization the client is a part of. " +"Navigate to the [guimenu]``Configuration`` tab, and check the " +"[guimenu]``Enable Upload of Detailed SCAP Files`` option. When enabled, " +"this generates an additional HTML file on every scan, which contains extra " +"information. The results will show an extra line similar to this:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:228 +#: modules/administration/pages/openscap.adoc:41 #, no-wrap -msgid "$ ec2metadata --instance-id\n" +msgid "Detailed Results: xccdf-report.html xccdf-results.xml scap-yast2sec-oval.xml.result.xml\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:230 -msgid "Obtain instance id from within Google Compute Engine instance" +#: modules/administration/pages/openscap.adoc:42 +msgid "" +"To retrieve scan information from the command line, use the " +"[command]``spacewalk-report`` command:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:234 +#: modules/administration/pages/openscap.adoc:43 #, no-wrap -msgid "$ gcemetadata --query instance --id\n" +msgid "" +"spacewalk-report system-history-scap\n" +"spacewalk-report scap-scan\n" +"spacewalk-report scap-scan-results\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:236 -msgid "Obtain instance name from within Microsoft Azure instance" +#: modules/administration/pages/openscap.adoc:44 +msgid "" +"You can also use the {productname} API to view results, with the ``system." +"scap`` handler." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:240 +#. Old content that has come across from the Reference Guide starts here. Pretty much all of this now exists in the right locations, but I'm leaving it here for posterity on the chance that there is yelling. --LKB 2020-08-05 +#. [[sm-audit-page]] +#. = Systems Audit Page +#. To display a system's audit page, click menu:Systems[system_name > Audit]. +#. Use this page to schedule and view compliance scans for a particular system. +#. Scans are performed by the OpenSCAP tool, which implements NIST's standard Security Content Automation Protocol (SCAP). +#. Before you scan a system, make sure that the SCAP content is prepared and all prerequisites in +#. xref:reference:audit/audit-openscap-overview.adoc#s1-openscap-suma-prerq[Prerequisites for Using OpenSCAP in {productname}] are met. +#. == List Scans +#. This subtab lists a summary of all scans completed on the system. +#. The following columns are displayed: +#. XCCDF Test Result:: +#. The scan test result name, which provides a link to the detailed results of the scan. +#. Completed:: +#. The exact time the scan finished. +#. Compliance:: +#. The unweighted pass/fail ratio of compliance based on the Standard used. +#. P:: +#. Number of checks that passed. +#. F:: +#. Number of checks that failed. +#. E:: +#. Number of errors that occurred during the scan. +#. U:: +#. Unknown. +#. N:: +#. Not applicable to the machine. +#. K:: +#. Not checked. +#. S:: +#. Not Selected. +#. I:: +#. Informational. +#. X:: +#. Fixed. +#. Total:: +#. Total number of checks. +#. Each entry starts with an icon indicating the results of a comparison to a previous similar scan. +#. The icons indicate the following: +#. * "RHN List Checked" Icon -- no difference between the compared scans. +#. * "RHN List Alert" Icon -- arbitrary differences between the compared scans. +#. * "RHN List Error" Icon -- major differences between the compared scans. Either there are more failures than the previous scan or less passes +#. * "RHN List Check In" Icon -- no comparable scan was found, therefore, no comparison was made. +#. To find out what has changed between two scans in more detail, select the ones you are interested in and click menu:Compare Selected Scans[] +#. . +#. To delete scans that are no longer relevant, select those and click on menu:Remove Selected Scans[] +#. . +#. Scan results can also be downloaded in CSV format. +#. == Scan Details +#. The Scan Details page contains the results of a single scan. +#. The page is divided into two sections: +#. Details of the XCCDF Scan:: +#. This section displays various details about the scan, including: +#. ** File System Path: the path to the XCCDF file used for the scan. +#. ** Command-line Arguments: any additional command-line arguments that were used. +#. ** Profile Identifier: the profile identifier used for the scan. +#. ** Profile Title: the title of the profile used for the scan. +#. ** Scan's Error output: any errors encountered during the scan. +#. XCCDF Rule Results:: +#. The rule results provide the full list of XCCDF rule identifiers, identifying tags, and the result for each of these rule checks. +#. This list can be filtered by a specific result. +#. [[sm-audit-schedule]] +#. == Schedule Audit +#. Use the Schedule New XCCDF Scan page to schedule new scans for specific machines. +#. Scans occur at the system's next scheduled check-in that occurs after the date and time specified. +#. The following fields can be configured: +#. Command-line Arguments::: +#. Optional arguments to the [command]``oscap`` command, either: +#. ** ``--profile PROFILE``: Specifies a particular profile from the XCCDF document. +#. + +#. Profiles are determined by the Profile tag in the XCCDF XML file. +#. Use the [command]``oscap`` command to see a list of profiles within a given XCCDF file, for example: +#. + +#. ---- +#. # oscap info /usr/local/share/scap/dist_sles12_scap-sles12-oval.xml +#. Document type: XCCDF Checklist +#. Checklist version: 1.1 +#. Status: draft +#. Generated: 2015-12-12 +#. Imported: 2016-02-15T22:09:33 +#. Resolved: false +#. Profiles: SLES12-Default +#. ---- +#. + +#. If not specified, the default profile is used. +#. Some early versions of OpenSCAP in require that you use the `--profile` option or the scan will fail. +#. ** ``--skip-valid``: Do not validate input and output files. You can use this option to bypass the file validation process if you do not have well-formed XCCDF content. +#. Path to XCCDF Document::: +#. This is a required field. +#. The path parameter points to the XCCDF content location on the client system. +#. For example: [path]``/usr/local/share/scap/dist_sles12_scap-sles12-oval.xml`` +#. + +#. WARNING: The XCCDF content is validated before it is run on the remote system. +#. Specifying invalid arguments can cause [command]``spacewalk-oscap`` to fail to validate or run. +#. Due to security concerns, the [command]``oscap xccdf eval`` command only accepts a limited set of parameters. +#. + +#. For information about how to schedule scans using the {webui} +#. , refer to: +#. xref:reference:audit/audit-openscap-overview.adoc#pro-os-suma-audit-scans-webui[Procedure: Scans via the Web Interface] +#. type: Title = +#: modules/administration/pages/tshoot-osadjabberd.adoc:1 #, no-wrap -msgid "$ azuremetadata --instance-name\n" +msgid "Troubleshooting OSAD and jabberd" msgstr "" +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:244 +#: modules/administration/pages/tshoot-osadjabberd.adoc:2 msgid "" -"After logging in through the {productname} Server {webui}, *change* the " -"default password." +"In some cases, the maximum number of files that jabber can open is lower " +"than the number of connected OSAD clients." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:247 +#: modules/administration/pages/tshoot-osadjabberd.adoc:3 msgid "" -"{productname} Proxy does not have administration access to the {webui}. It " -"can be managed through its parent {productname} Server." +"If this occurs, OSAD clients cannot contact the SUSE Manager Server, and " +"jabberd will take an excessive amount of time to respond on port 5222." msgstr "" -#. type: Title === -#: modules/administration/pages/public-cloud.adoc:251 -#, no-wrap -msgid "Using Separate Storage Volume" +#. type: delimited block = +#: modules/administration/pages/tshoot-osadjabberd.adoc:4 +msgid "" +"This fix is only required if you have more than 8192 clients connected using " +"OSAD. In this case, we recommend you consider using Salt clients instead. " +"For more information about tuning large scale installations, see xref:salt:" +"large-scale.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:257 +#: modules/administration/pages/tshoot-osadjabberd.adoc:5 msgid "" -"We recommend that the repositories and the database for {productname} be " -"stored on a virtual storage device. This best practice will avoid data loss " -"in cases where the {productname} instance may need to be terminated. These " -"steps *must* be performed *prior* to running the YaST {productname} setup " -"procedure." +"You can increase the number of files available to jabber by editing the " +"jabberd local configuration file. By default, the file is located at " +"[path]``/etc/systemd/system/jabberd.service.d/override.conf``." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:261 -msgid "" -"Provision a disk device in the public cloud environment, refer to the cloud " -"service provider documentation for detailed instructions. The size of the " -"disk is dependent on the number of distributions and channels you intend to " -"manage with {productname}. For sizing information refer to https://www.suse." -"com/support/kb/doc.php?id=7015050[SUSE Manager sizing examples]. A rule of " -"thumb is 25 GB per distribution per channel." +#. type: Block title +#: modules/administration/pages/tshoot-osadjabberd.adoc:6 +#, no-wrap +msgid "Procedure: Adjusting the Maximum File Count" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:262 +#: modules/administration/pages/tshoot-osadjabberd.adoc:7 msgid "" -"Once attached the device appears as Unix device node in your instance. For " -"the following command to work this device node name is required. In many " -"cases the attached storage appears as **/dev/sdb**. In order to check which " -"disk devices exists on your system, call the following command:" +"At the command prompt, as root, open the local configuration file for " +"editing:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-osadjabberd.adoc:8 +#, no-wrap +msgid "systemctl edit jabberd\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-osadjabberd.adoc:9 +msgid "Add or edit this section:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:266 +#: modules/administration/pages/tshoot-osadjabberd.adoc:10 #, no-wrap -msgid "$ hwinfo --disk | grep -E \"Device File:\"\n" +msgid "" +"[Service]\n" +"LimitNOFILE=:\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:268 +#: modules/administration/pages/tshoot-osadjabberd.adoc:11 msgid "" -"With the device name at hand the process of re-linking the directories in " -"the file system {productname} uses to store data is handled by the suma-" -"storage script. In the following example we use [path]``/dev/sdb`` as the " -"device name." +"The value you choose will vary depending on your environment. For example, " +"if you have 9500 clients, increase the soft value by 100 to 9600, and the " +"hard value by 1000 to 10500:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:272 +#: modules/administration/pages/tshoot-osadjabberd.adoc:12 #, no-wrap -msgid "$ /usr/bin/suma-storage /dev/sdb\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:278 msgid "" -"After the call all database and repository files used by SUSE Manager Server " -"are moved to the newly created xfs based storage. In case your instance is " -"a {productname} Proxy, the script will move the Squid cache, which caches " -"the software packages, to the newly created storage. The xfs partition is " -"mounted below the path [path]``/manager_storage``. ." +"[Unit]\n" +"LimitNOFILE=\n" +"LimitNOFILE=9600:10500\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:279 -msgid "Create an entry in /etc/fstab (optional)" +#: modules/administration/pages/tshoot-osadjabberd.adoc:13 +msgid "Save the file and exit the editor." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:282 +#. type: delimited block = +#: modules/administration/pages/tshoot-osadjabberd.adoc:14 msgid "" -"Different cloud frameworks treat the attachment of external storage devices " -"differently at instance boot time. Please refer to the cloud environment " -"documentation for guidance about the fstab entry." +"The default editor for systemctl files is vim. To save the file and exit, " +"press kbd:[Esc] to enter ``normal`` mode, type kbd:[:wq] and press kbd:" +"[Enter]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:284 +#: modules/administration/pages/tshoot-osadjabberd.adoc:15 msgid "" -"If your cloud framework recommends to add an fstab entry, add the following " -"line to the */etc/fstab* file." -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:288 -#, no-wrap -msgid "/dev/sdb1 /manager_storage xfs defaults,nofail 1 1\n" -msgstr "" - -#. type: Title == -#: modules/administration/pages/public-cloud.adoc:292 -#, no-wrap -msgid "Registration of Cloned Systems" +"Ensure you also update the `max_fds` parameter in [path]``/etc/jabberd/c2s." +"xml``. For example: `10500`" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:298 +#: modules/administration/pages/tshoot-osadjabberd.adoc:16 msgid "" -"{productname} cannot distinguish between different instances that use the " -"same system ID. If you register a second instance with the same system ID " -"as a previous instance, {productname} will overwrite the original system " -"data with the new system data. This can occur when you launch multiple " -"instances from the same image, or when an image is created from a running " -"instance. However, it is possible to clone systems and register them " -"successfully by deleting the cloned system's ID, and generating a new ID." +"The soft file limit is the maximum number of open files for a single " +"process. In {productname} the highest consuming process is ``c2s``, which " +"opens a connection per client. 100 additional files are added, here, to " +"accommodate for any non-connection file that ``c2s`` requires to work " +"correctly. The hard limit applies to all processes belonging to jabber, and " +"also accounts for open files from the router, ``c2s`` and ``sm`` processes." msgstr "" -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:300 +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +#. Delinking per https://github.com/SUSE/spacewalk/issues/9516 LKB 2019-09-23 +#. == jabberd Database Corruption +#. ``SYMPTOMS``: After _a disk is full error_ or a _disk crash event_, the [systemitem]``jabberd`` database may have become corrupted. +#. [systemitem]``jabberd`` may then fail starting Spacewalk services: +#. ---- +#. Starting spacewalk services... +#. Initializing jabberd processes... +#. Starting router done +#. Starting sm startproc: exit status of parent of /usr/bin/sm: 2 failed +#. Terminating jabberd processes... +#. ---- +#. [path]``/var/log/messages`` shows more details: +#. ---- +#. jabberd/sm[31445]: starting up +#. jabberd/sm[31445]: process id is 31445, written to /var/lib/jabberd/pid/sm.pid +#. jabberd/sm[31445]: loading 'db' storage module +#. jabberd/sm[31445]: db: corruption detected! close all jabberd processes and run db_recover +#. jabberd/router[31437]: shutting down +#. ---- +#. ``CURE``: Remove the [systemitem]``jabberd`` database and restart. +#. [systemitem]``jabberd`` will automatically re-create the database. +#. Enter at the command prompt: +#. ---- +#. spacewalk-service stop +#. rm -rf /var/lib/jabberd/db/* +#. spacewalk-service start +#. ---- +#. ke, 2019-08-08: not sure whether we want this here: +#. An alternative approach would be to test another database, but SUSE Manager does not deliver drivers for this: +#. ---- +#. rcosa-dispatcher stop +#. rcjabberd stop +#. cd /var/lib/jabberd/db +#. rm * +#. cp /usr/share/doc/packages/jabberd/db-setup.sqlite . +#. sqlite3 sqlite.db < db-setup.sqlite +#. chown jabber:jabber * +#. rcjabberd start +#. rcosa-dispatcher start +#. ---- +#. Delinking per https://github.com/SUSE/spacewalk/issues/9516 LKB 2019-09-23 +#. == Capturing XMPP Network Data for Debugging Purposes +#. If you are experiencing bugs regarding OSAD, it can be useful to dump network messages to help with debugging. +#. The following procedures provide information on capturing data from both the client and server side. +#. .Procedure: Server Side Capture +#. . Install the [package]#tcpdump# package on the server as root: +#. + +#. ---- +#. zypper in tcpdump +#. ---- +#. . Stop the OSA dispatcher and Jabber processes: +#. + +#. ---- +#. rcosa-dispatcher stop +#. rcjabberd stop +#. ---- +#. . Start data capture on port 5222: +#. + +#. ---- +#. tcpdump -s 0 port 5222 -w server_dump.pcap +#. ---- +#. . Open a second terminal and start the OSA dispatcher and Jabber processes: +#. + +#. ---- +#. rcosa-dispatcher start +#. rcjabberd start +#. ---- +#. . Operate the server and clients so the bug you formerly experienced is reproduced. +#. . When you have finished your capture re-open the first terminal and stop the data capture with kbd:[CTRL+c]. +#. .Procedure: Client Side Capture +#. . Install the tcpdump package on your client as root: +#. + +#. ---- +#. zypper in tcpdump +#. ---- +#. . Stop the OSA process: +#. + +#. ---- +#. rcosad stop +#. ---- +#. . Begin data capture on port 5222: +#. + +#. ---- +#. tcpdump -s 0 port 5222 -w client_client_dump.pcap +#. ---- +#. . Open a second terminal and start the OSA process: +#. + +#. ---- +#. rcosad start +#. ---- +#. . Operate the server and clients so the bug you formerly experienced is reproduced. +#. . When you have finished your capture re-open the first terminal and stop the data capture with kbd:[CTRL+c]. +#. type: Title = +#: modules/administration/pages/tshoot-sync.adoc:1 #, no-wrap -msgid "Procedure: Registering Cloned Systems" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:302 -msgid "Clone the system using your preferred hypervisor's cloning mechanism." +msgid "Troubleshooting Synchronization" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:303 +#: modules/administration/pages/tshoot-sync.adoc:2 msgid "" -"On the cloned system, change the hostname and IP addresses, and check the " -"[path]``/etc/hosts`` file to ensure you have the right host entries." +"Synchronization can fail for a number of reasons. To get more information " +"about a connection problem, run this command:" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:305 +#. type: delimited block - +#: modules/administration/pages/tshoot-sync.adoc:3 +#, no-wrap msgid "" -"On traditional clients, stop the [command]``rhnsd`` daemon with [command]``/" -"etc/init.d/rhnsd stop`` or, on newer systemd-based systems, with " -"[command]``service rhnsd stop``. Then [command]``service osad stop``." +"export URLGRABBER_DEBUG=DEBUG\n" +"spacewalk-repo-sync -c > /var/log/spacewalk-repo-sync-$(date +%F-%R).log 2>&1\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:306 -msgid "For SLES 11 or {rhel} 5 or 6 clients, run these commands:" +#: modules/administration/pages/tshoot-sync.adoc:4 +msgid "" +"You can also check logs created by Zypper at [path]``/var/log/zypper.log``" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:313 -msgid "For SLES 12, SLES 15, or {rhel} 7 clients, run these commands:" +#. type: Labeled list +#: modules/administration/pages/tshoot-sync.adoc:5 +#, no-wrap +msgid "GPG Key Mismatch" msgstr "" +# +# +# #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:322 -msgid "If you are using Salt, then you will also need to run these commands:" +#: modules/administration/pages/tshoot-sync.adoc:6 +msgid "" +"{productname} does not automatically trust third party GPG keys. If package " +"synchronization fails, it could be because of an untrusted GPG key. You can " +"find out if this is the case by opening [path]``/var/log/rhn/reposync`` and " +"looking for an error like this:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:326 +#: modules/administration/pages/tshoot-sync.adoc:7 #, no-wrap msgid "" -"# service salt-minion stop\n" -"# rm -rf /var/cache/salt\n" +"['/usr/bin/spacewalk-repo-sync', '--channel', 'sle-12-sp1-ga-desktop-\n" +"nvidia-driver-x86_64', '--type', 'yum', '--non-interactive']\n" +"RepoMDError: Cannot access repository. Maybe repository GPG keys are not imported\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:329 -msgid "If you are using a traditional client, clean up the working files with:" +#: modules/administration/pages/tshoot-sync.adoc:8 +msgid "" +"To resolve the problem, you need to import the GPG key to {productname}. " +"For more on importing GPG keys, see xref:administration:repo-metadata.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:335 -msgid "" -"The bootstrap should now run with a new system ID, rather than a duplicate." +#. type: Labeled list +#: modules/administration/pages/tshoot-sync.adoc:9 +#, no-wrap +msgid "Checksum Mismatch" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:340 +#: modules/administration/pages/tshoot-sync.adoc:10 msgid "" -"If you are onboarding Salt client clones, then you will also need to check " -"if they have the same Salt minion ID. You will need to delete the minion ID " -"on each cloned client, using the [command]``rm`` command. Each operating " -"system type stores this file in a slightly different location, check the " -"table for the appropriate command." +"If a checksum has failed, you might see an error like this in the [path]``/" +"var/log/rhn/reposync/*.log`` log file:" msgstr "" -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:342 +#. type: delimited block - +#: modules/administration/pages/tshoot-sync.adoc:11 #, no-wrap -msgid "Minion ID File Location" +msgid "" +"Repo Sync Errors: (50, u'checksums did not match\n" +"326a904c2fbd7a0e20033c87fc84ebba6b24d937 vs\n" +"afd8c60d7908b2b0e2d95ad0b333920aea9892eb', 'Invalid information uploaded\n" +"to the server')\n" +"The package microcode_ctl-1.17-102.57.62.1.x86_64 which is referenced by\n" +"patch microcode_ctl-8413 was not found in the database. This patch has\n" +"been skipped.\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:344 +#: modules/administration/pages/tshoot-sync.adoc:12 msgid "" -"Each operating system stores the minion ID file in a slightly different " -"location, check the table for the appropriate command." +"You can resolve this error by running the synchronization from the command " +"prompt with the [command]``-Y`` option:" msgstr "" -#. type: Table -#: modules/administration/pages/public-cloud.adoc:364 +#. type: delimited block - +#: modules/administration/pages/tshoot-sync.adoc:13 #, no-wrap -msgid "" -"| Operating System | Commands\n" -"| SLES 15 | [command]``rm /etc/salt/minion_id``\n" -"\n" -" [command]``rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" -"| SLES 12 | [command]``rm /etc/salt/minion_id``\n" -"\n" -" [command]``rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" -"| SLES 11 | [command]``rm /etc/salt/minion_id``\n" -"\n" -" [command]``suse_register -E``\n" -"| SLES 10 | [command]``rm -rf /etc/{zmd,zypp}``\n" -"\n" -" [command]``rm -rf /var/lib/zypp/``\n" -" Do not delete [path]``/var/lib/zypp/db/products/``\n" -"\n" -" [command]``rm -rf /var/lib/zmd/``\n" -"| {rhel} 5, 6, 7 | [command]`` rm -f /etc/NCCcredentials``\n" +msgid "spacewalk-repo-sync --channel -Y\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:367 +#: modules/administration/pages/tshoot-sync.adoc:14 msgid "" -"When you have deleted the minion ID file, re-run the bootstrap script, and " -"restart the client to see the cloned system in {productname} with the new ID." +"This option verifies the repository data before the synchronization, rather " +"than relying on locally cached checksums." msgstr "" #. type: Title = -#: modules/administration/pages/ssl-certs.adoc:2 +#: modules/administration/pages/users.adoc:1 #, no-wrap -msgid "SSL Certificates" +msgid "Users" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:5 +#: modules/administration/pages/users.adoc:2 msgid "" -"{productname} uses SSL certificates to ensure that clients are registered to " -"the correct server." +"{productname} Administrators can add new users, grant permissions, and " +"deactivate or delete users. If you are managing a large number of users, " +"you can assign users to system groups to manage permissions at a group level." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/users.adoc:3 +msgid "" +"The [guimenu]``Users`` menu is only available if you are logged in with a " +"{productname} administrator account." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:8 +#: modules/administration/pages/users.adoc:4 msgid "" -"Every client that uses SSL to register to the {productname} Server checks " -"that it is connecting to the right server by validating against a server " -"certificate. This process is called an SSL handshake." +"To manage {productname} users, navigate to menu:Users[User List > All] to " +"see all users in your {productname} Server. Each user in the list shows the " +"username, real name, assigned roles, the date the user last signed in, and " +"the current status of the user. Click btn:``Create User`` to create a new " +"user account. Click the username to go to the [guimenu]``User Details`` " +"page." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:11 +#: modules/administration/pages/users.adoc:5 msgid "" -"During the SSL handshake, the client will check that the hostname in the " -"server certificate matches what it expects. The client also needs to check " -"if the server certificate is trusted." +"To add new users to your organization, click btn:[Create User], complete the " +"details for the new user, and click btn:[Create Login]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:14 +#: modules/administration/pages/users.adoc:6 msgid "" -"Every {productname} Server that uses SSL requires an SSL server " -"certificate. Provide the path to the server certificate using the " -"``SERVER_CERT`` environment variable during setup, or with the ``--from-" -"server-cert`` option of the [command]``rhn-ssl-tool`` command." +"You can deactivate or delete user accounts if they are no longer required. " +"Deactivated user accounts can be reactivated at any time. Deleted user " +"accounts are not visible, and cannot be retrieved." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:17 +#: modules/administration/pages/users.adoc:7 msgid "" -"Certificate authorities (CAs) are certificates that are used to sign other " -"certificates. All certificates must be signed by a certificate authority " -"(CA) in order for them to be considered valid, and for clients to be able to " -"successfully match against them." +"Users can deactivate their own accounts. However, if users have an " +"administrator role, the role must be removed before the account can be " +"deactivated." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:23 +#: modules/administration/pages/users.adoc:8 msgid "" -"When an organization signs its own certificate, the certificate is " -"considered self-signed. A self-signed certificate is straight-forward to " -"set up, and does not cost any money, but they are considered less secure. " -"If you are using a self-signed certificate, you will have a root CA that is " -"signed with itself. When you look at the details of a root CA, you will see " -"that the subject has the same value as the issuer. Provide the path to your " -"root CA certificate using the ``CA_CERT`` environment variable during setup, " -"or with the ``--ca-cert`` option of the [command]``rhn-ssl-tool`` command." +"Deactivated users cannot log in to the {productname} {webui} or schedule any " +"actions. Actions scheduled by a user prior to their deactivation remain in " +"the action queue. Deactivated users can be reactivated by {productname} " +"administrators." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:26 +#: modules/administration/pages/users.adoc:9 msgid "" -"In order for SSL authentication to work correctly, the client must trust the " -"root CA. This means that the root CA must be installed on every client." +"Users can hold multiple administrator roles, and there can be more than one " +"user holding any administrator role at any time. There must always be at " +"least one active {productname} Administrator." msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:29 +#. type: Block title +#: modules/administration/pages/users.adoc:10 +#, no-wrap +msgid "User Administrator Role Permissions" +msgstr "" + +#. type: Table +#: modules/administration/pages/users.adoc:11 +#, no-wrap msgid "" -"The default method of SSL authentication is for {productname} to use self-" -"signed certificates. In this case, {productname} has generated all the " -"certificates, and the root CA has signed the server certificate directly." +"| Role Name | Description\n" +"| System Group User | Standard role associated with all users.\n" +"| {productname} Administrator | Can perform all functions, including changing privileges of other users.\n" +"| Organization Administrator | Manages activation keys, configurations, channels, and system groups.\n" +"| Activation Key Administrator | Manages activation keys.\n" +"| Image Administrator | Manages image profiles, builds, and stores.\n" +"| Configuration Administrator | Manages system configuration.\n" +"| Channel Administrator | Manages software channels, including making channels globally subscribable, and creating new channels.\n" +"| System Group Administrator | Manages systems groups, including creating and deleting system groups, adding clients to existing groups, and managing user access to groups.\n" +msgstr "" + +#. type: Title == +#: modules/administration/pages/users.adoc:12 +#, no-wrap +msgid "User Permissions and Systems" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:34 +#: modules/administration/pages/users.adoc:13 msgid "" -"An alternative method is to use an intermediate CA. In this case, the root " -"CA signs the intermediate CA. The intermediate CA can then sign any number " -"of other intermediate CAs, and the final one signs the server certificate. " -"This is referred to as a chained certificate." +"If you have created system groups to manage your clients, you can assign " +"groups to users for them to manage." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:37 +#: modules/administration/pages/users.adoc:14 msgid "" -"If you are using intermediate CAs in a chained certificate, the root CA is " -"installed on the client, and the server certificate is installed on the " -"server. During the SSL handshake, clients must be able to verify the entire " -"chain of intermediate certificates between the root CA and the server " -"certificate, so they must be able to access all the intermediate " -"certificates." +"To assign a user to a system group, navigate to menu:Users[User List], click " +"the username to edit, and go to the [guimenu]``System Groups`` tab. Check " +"the groups to assign, and click btn:``Update Defaults``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:42 +#: modules/administration/pages/users.adoc:15 msgid "" -"There are two main ways of achieving this. In {productname}, by default, " -"all the intermediate CAs are installed on the client. However, you could " -"also configure your services on the server to provide them to the client. " -"In this case, during the SSL handshake, the server presents the server " -"certificate as well as all the intermediate CAs." +"You can also select one or more default system groups for a user. When the " +"user registers a new client, it is assigned to the chosen system group by " +"default. This allows the user to immediately access the newly-registered " +"client." msgstr "" +#. I really don't understand what this is. Need a sentence or two to explain it. --LKB 2020-04-29 #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:46 +#: modules/administration/pages/users.adoc:16 msgid "" -"Whichever method you choose, you must ensure that the ``CA_CERT`` " -"environment variable points to the root CA, and all intermediate CAs. It " -"should not contain the server certificate. The server certificate must be " -"defined at the ``SERVER_CERT`` environment variable." +"To manage external groups, navigate to menu:Users[System Group " +"Configuration], and go to the [guimenu]``External Authentication`` tab. " +"Click btn:[Create External Group] to create a new external group. Give the " +"group a name, and assign it to the appropriate system group." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:53 +#: modules/administration/pages/users.adoc:17 msgid "" -"By default, {productname} uses a self-signed certificate. For additional " -"security, you can arrange a third party CA to sign your certificates. Third " -"party CAs perform checks to ensure that the information contained in the " -"certificate is correct. They will usually charge an annual fee for this " -"service. Using a third party CA makes certificates harder to spoof, and " -"will provide additional protection for your installation. If you have " -"certificates signed by a third party CA, you can import them to your " -"{productname} installation." +"For more information about system groups, see xref:reference:systems/system-" +"groups.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:55 +#: modules/administration/pages/users.adoc:18 msgid "" -"For more on self-signed certificates, see xref:administration:ssl-certs-" -"selfsigned.adoc[]." +"To see the individual clients a user can administer, navigate to menu:" +"Users[User List], click the username to edit, and go to the " +"[guimenu]``Systems`` tab. To carry out bulk tasks, you can select clients " +"from the list to add them to the system set manager." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:55 +#: modules/administration/pages/users.adoc:19 msgid "" -"For more on imported certificates, see xref:administration:ssl-certs-" -"imported.adoc[]." +"For more information about the system set manager, see xref:client-" +"configuration:system-set-manager.adoc[]." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-taskomatic.adoc:2 +#. type: Title == +#: modules/administration/pages/users.adoc:20 #, no-wrap -msgid "Troubleshooting Taskomatic" +msgid "Users and Channel Permissions" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:23 +#: modules/administration/pages/users.adoc:21 msgid "" -"Repository metadata regeneration is a relatively intensive process, so " -"Taskomatic can take several minutes to complete. Additionally, if " -"Taskomatic crashes, repository metadata regeneration can be interrupted." +"You can assign users to software channels within your organization either as " +"a subscriber that consumes content from channels, or as an administrator, " +"who can manage the channels themselves." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:26 +#: modules/administration/pages/users.adoc:22 msgid "" -"If Taskomatic is still running, or if the process has crashed, package " -"updates can seem available in the {webui}, but will not appear on the " -"client, and attempts to update the client will fail. In this case, the " -"[command]``zypper ref`` command will show an error like this:" +"To subscribe a user to a channel, navigate to menu:Users[User List], click " +"the username to edit, and go to the menu:Channel Permissions[Subscription] " +"tab. Check the channels to assign, and click btn:``Update Permissions``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:29 -#, no-wrap -msgid "Valid metadata not found at specified URL\n" +#. type: Plain text +#: modules/administration/pages/users.adoc:23 +msgid "" +"To grant a user channel management permissions, navigate to menu:Users[User " +"List], click the username to edit, and go to the menu:Channel " +"Permissions[Management] tab. Check the channels to assign, and click btn:" +"``Update Permissions``." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:33 +#: modules/administration/pages/users.adoc:24 msgid "" -"To correct this, determine if Taskomatic is still in the process of " -"generating repository metadata, or if a crash could have occurred. Wait for " -"metadata regeneration to complete or restart Taskomatic after a crash in " -"order for client updates to be carried out correctly." +"Some channels in the list might not be subscribable. This is usually " +"because of the users administrator status, or the channels global settings." msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-taskomatic.adoc:36 +#. type: Title == +#: modules/administration/pages/users.adoc:25 #, no-wrap -msgid "Procedure: Resolving Taskomatic Problems" +msgid "User Language" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:39 +#: modules/administration/pages/users.adoc:26 msgid "" -"On the {productname} Server, check the [path]``/var/log/rhn/" -"rhn_taskomatic_daemon.log`` file to determine if any metadata regeneration " -"processes are still running, or if a crash occurred." +"When you create a new user, you can choose which language to use for the " +"{webui}. After a user has been created, you can change the language by " +"navigating to menu:Home[My Preferences]." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:40 -msgid "Restart taskomatic:" +#: modules/administration/pages/users.adoc:27 +msgid "" +"The default language is set in the ``rhn.conf`` configuration file. To " +"change the default language, open the [path]``/etc/rhn/rhn.conf`` file and " +"add or edit this line:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:43 +#: modules/administration/pages/users.adoc:28 #, no-wrap -msgid "service taskomatic restart\n" +msgid "web.locale = \n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:47 -msgid "" -"In the Taskomatic log files, you can identify the section related to " -"metadata regeneration by looking for opening and closing lines that look " -"like this:" +#: modules/administration/pages/users.adoc:29 +msgid "If the parameter is not set, the default language is ``en_US``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:50 +#. type: Plain text +#: modules/administration/pages/users.adoc:30 +msgid "These languages are available in {productname}:" +msgstr "" + +#. type: Block title +#: modules/administration/pages/users.adoc:31 +#: modules/administration/pages/users.adoc:33 #, no-wrap -msgid " ,174 [Thread-584] INFO com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Generating new repository metadata for channel 'cloned-2018-q1-sles12-sp3-updates-x86_64'(sha256) 550 packages, 140 errata\n" +msgid "Available Language Codes" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:52 +#. type: Table +#: modules/administration/pages/users.adoc:32 #, no-wrap -msgid "...\n" +msgid "" +"| Language code | Language | Dialect\n" +"| ``en_US`` | English | United States\n" +"| ``zh_CN`` | Chinese | Mainland, Simplified\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:54 +#. type: Table +#: modules/administration/pages/users.adoc:34 #, no-wrap -msgid " ,704 [Thread-584] INFO com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Repository metadata generation for 'cloned-2018-q1-sles12-sp3-updates-x86_64' finished in 4 seconds\n" +msgid "" +"| Language code | Language | Dialect\n" +"| ``bn_IN`` | Bangla | India\n" +"| ``ca`` | Catalan |\n" +"| ``de`` | German |\n" +"| ``en_US`` | English | United States\n" +"| ``es`` | Spanish |\n" +"| ``fr`` | French |\n" +"| ``gu`` | Gujarati |\n" +"| ``hi`` | Hindi |\n" +"| ``it`` | Italian |\n" +"| ``ja`` | Japanese |\n" +"| ``ko`` | Korean |\n" +"| ``pa`` | Punjabi |\n" +"| ``pt`` | Portuguese |\n" +"| ``pt_BR`` | Portuguese | Brazil\n" +"| ``ru`` | Russian |\n" +"| ``ta`` | Tamil |\n" +"| ``zh_CN`` | Chinese | Mainland, Simplified\n" +"| ``zh_TW`` | Chinese | Taiwan, Traditional\n" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/users.adoc:35 +msgid "" +"Translations in {uyuni} are provided by the community, and could be " +"incorrect or incomplete. Where a translation is not available, the {webui} " +"will default to English (``en_US``)." msgstr "" #. type: Title = -#: modules/administration/nav-administration-guide.adoc:4 +#: modules/administration/nav-administration-guide.adoc:1 #, no-wrap msgid "Administration Guide: {productname} {productnumber}" msgstr "" #. Image Management #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:11 +#: modules/administration/nav-administration-guide.adoc:2 msgid "xref:admin-overview.adoc[Administration Guide Overview]" msgstr "" #. Channel Management #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:13 +#: modules/administration/nav-administration-guide.adoc:3 msgid "xref:image-management.adoc[Image Management]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:14 +#: modules/administration/nav-administration-guide.adoc:4 msgid "xref:channel-management.adoc[Channel Management]" msgstr "" #. Subscription Matching #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:16 +#: modules/administration/nav-administration-guide.adoc:5 msgid "xref:custom-channels.adoc[Custom Channels]" msgstr "" #. Live Patching #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:18 +#: modules/administration/nav-administration-guide.adoc:6 msgid "xref:subscription-matching.adoc[Subscription Matching]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:19 +#: modules/administration/nav-administration-guide.adoc:7 msgid "xref:live-patching.adoc[Live Patching]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:20 +#: modules/administration/nav-administration-guide.adoc:8 msgid "xref:live-patching-channel-setup.adoc[Channel Setup for Live Patching]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:21 +#: modules/administration/nav-administration-guide.adoc:9 msgid "xref:live-patching-sles15.adoc[Live Patching on SLES 15]" msgstr "" #. Monitoring #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:23 +#: modules/administration/nav-administration-guide.adoc:10 msgid "xref:live-patching-sles12.adoc[Live Patching on SLES 12]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:24 +#: modules/administration/nav-administration-guide.adoc:11 msgid "xref:monitoring.adoc[Monitoring]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:25 +#: modules/administration/nav-administration-guide.adoc:12 msgid "xref:organizations.adoc[Organizations]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:26 +#: modules/administration/nav-administration-guide.adoc:13 msgid "xref:content-staging.adoc[Content Staging]" msgstr "" #. Content Lifecycle #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:28 +#: modules/administration/nav-administration-guide.adoc:14 msgid "xref:disconnected-setup.adoc[Disconnected Setup]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:29 +#: modules/administration/nav-administration-guide.adoc:15 msgid "xref:content-lifecycle.adoc[Content Lifecycle Management]" msgstr "" #. Authentication Methods #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:31 +#: modules/administration/nav-administration-guide.adoc:16 msgid "" "xref:content-lifecycle-examples.adoc[Content Lifecycle Management Examples]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:32 +#: modules/administration/nav-administration-guide.adoc:17 msgid "xref:auth-methods.adoc[Authentication Methods]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:33 +#: modules/administration/nav-administration-guide.adoc:18 msgid "xref:auth-methods-sso.adoc[Authentication With SSO]" msgstr "" #. SSL Certificates #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:35 +#: modules/administration/nav-administration-guide.adoc:19 msgid "xref:auth-methods-pam.adoc[Authentication With PAM]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:36 +#: modules/administration/nav-administration-guide.adoc:20 msgid "xref:ssl-certs.adoc[SSL Certificates]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:37 +#: modules/administration/nav-administration-guide.adoc:21 msgid "xref:ssl-certs-selfsigned.adoc[Self-Signed SSL Certificates]" msgstr "" #. ISS #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:39 +#: modules/administration/nav-administration-guide.adoc:22 msgid "xref:ssl-certs-imported.adoc[Imported SSL Certificates]" msgstr "" #. Tasks, Actions, & Maintenance Windows #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:41 +#: modules/administration/nav-administration-guide.adoc:23 msgid "xref:iss.adoc[Inter-Server Synchronization]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:42 +#: modules/administration/nav-administration-guide.adoc:24 msgid "xref:actions.adoc[Actions]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:43 +#: modules/administration/nav-administration-guide.adoc:25 msgid "xref:task-schedules.adoc[Task Schedules]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:44 +#: modules/administration/nav-administration-guide.adoc:26 +msgid "xref:crash-reporting.adoc[Crash Reporting]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:27 msgid "xref:maintenance-windows.adoc[Maintenance Windows]" msgstr "" -#. Backing up +#. Users #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:46 +#: modules/administration/nav-administration-guide.adoc:28 msgid "xref:maintenance-window-tasks.adoc[Maintenance Window Tasks]" msgstr "" +#. Backing up #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:47 +#: modules/administration/nav-administration-guide.adoc:29 +msgid "xref:users.adoc[Users]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:30 msgid "xref:backup-restore.adoc[Backing Up and Restoring]" msgstr "" #. mgr-sync #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:49 +#: modules/administration/nav-administration-guide.adoc:31 msgid "xref:space-management.adoc[Managing Disk Space]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:50 +#: modules/administration/nav-administration-guide.adoc:32 msgid "xref:mgr-sync.adoc[Using mgr-sync]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:51 +#: modules/administration/nav-administration-guide.adoc:33 msgid "Security" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:52 +#: modules/administration/nav-administration-guide.adoc:34 msgid "xref:master-fingerprint.adoc[Master Fingerprint]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:53 +#: modules/administration/nav-administration-guide.adoc:35 msgid "xref:repo-metadata.adoc[Repository Metadata]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:54 +#: modules/administration/nav-administration-guide.adoc:36 msgid "xref:mirror-sources.adoc[Mirror Sources]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:55 +#: modules/administration/nav-administration-guide.adoc:37 msgid "xref:openscap.adoc[OpenSCAP]" msgstr "" #. Spacewalk Reports #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:57 +#: modules/administration/nav-administration-guide.adoc:38 msgid "xref:auditing.adoc[Auditing Packages]" msgstr "" #. Tuning #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:59 +#: modules/administration/nav-administration-guide.adoc:39 msgid "xref:reports.adoc[Generate Reports]" msgstr "" #. Troubleshooting #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:61 +#: modules/administration/nav-administration-guide.adoc:40 msgid "xref:tuning-changelogs.adoc[Tuning Changelogs]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:62 +#: modules/administration/nav-administration-guide.adoc:41 msgid "xref:tshoot-intro.adoc[Troubleshooting]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:63 +#: modules/administration/nav-administration-guide.adoc:42 msgid "xref:tshoot-corruptrepo.adoc[Troubleshooting Corrupt Repositories]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:64 +#: modules/administration/nav-administration-guide.adoc:43 msgid "xref:tshoot-diskspace.adoc[Troubleshooting Disk Space]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:65 +#: modules/administration/nav-administration-guide.adoc:44 +msgid "xref:tshoot-firewalls.adoc[Troubleshooting Firewalls]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:45 +msgid "xref:tshoot-inactiveclients.adoc[Troubleshooting Inactive Clients]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:46 msgid "xref:tshoot-localcert.adoc[Troubleshooting Local Certificates]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:66 +#: modules/administration/nav-administration-guide.adoc:47 msgid "xref:tshoot-logintimeout.adoc[Troubleshooting Login Timeout]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:67 +#: modules/administration/nav-administration-guide.adoc:48 msgid "xref:tshoot-notifications.adoc[Troubleshooting Notifications]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:68 +#: modules/administration/nav-administration-guide.adoc:49 msgid "xref:tshoot-osadjabberd.adoc[Troubleshooting OSAD and jabberd]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:69 +#: modules/administration/nav-administration-guide.adoc:50 msgid "xref:tshoot-packages.adoc[Troubleshooting Packages]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:70 +#: modules/administration/nav-administration-guide.adoc:51 msgid "" "xref:tshoot-registerclones.adoc[Troubleshooting Registering Cloned Clients]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:71 +#: modules/administration/nav-administration-guide.adoc:52 msgid "xref:tshoot-hostname-rename.adoc[Troubleshooting Renaming the Server]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:72 +#: modules/administration/nav-administration-guide.adoc:53 msgid "xref:tshoot-rpctimeout.adoc[Troubleshooting RPC Timeouts]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:73 +#: modules/administration/nav-administration-guide.adoc:54 msgid "xref:tshoot-saltboot.adoc[Troubleshooting Saltboot]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:74 -msgid "xref:tshoot-sync.adoc[Troubleshooting Product Synchronization]" +#: modules/administration/nav-administration-guide.adoc:55 +msgid "xref:tshoot-sync.adoc[Troubleshooting Synchronization]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:75 +#: modules/administration/nav-administration-guide.adoc:56 msgid "xref:tshoot-taskomatic.adoc[Troubleshooting Taskomatic]" msgstr "" diff --git a/l10n-weblate/administration/zh_CN.po b/l10n-weblate/administration/zh_CN.po index 98144983a1b..b382ab196b4 100644 --- a/l10n-weblate/administration/zh_CN.po +++ b/l10n-weblate/administration/zh_CN.po @@ -1,14 +1,14 @@ -# Chinese translations for l package -# l 软件包的简体中文翻译 +# Chinese translations for PACKAGE package +# PACKAGE �������ļ������ķ��� # Copyright (C) 2020 Free Software Foundation, Inc. -# This file is distributed under the same license as the l package. +# This file is distributed under the same license as the PACKAGE package. # Automatically generated, 2020. # msgid "" msgstr "" -"Project-Id-Version: l 10n\n" -"POT-Creation-Date: 2020-08-24 02:23+0200\n" -"PO-Revision-Date: 2020-08-23 23:30+0200\n" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2020-09-30 10:38+0200\n" +"PO-Revision-Date: 2020-09-30 09:41+0200\n" "Last-Translator: Automatically generated\n" "Language-Team: none\n" "Language: zh_CN\n" @@ -17,14098 +17,15561 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" #. type: Title = -#: modules/administration/pages/backup-restore.adoc:2 +#: modules/administration/pages/live-patching.adoc:1 #, no-wrap -msgid "Backup and Restore" +msgid "Live Patching with SUSE Manager" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:8 +#: modules/administration/pages/live-patching.adoc:2 msgid "" -"Back up your {productname} installation regularly, in order to prevent data " -"loss. Because {productname} relies on a database as well as the installed " -"program and configurations, it is important to back up all components of " -"your installation. This chapter contains information on the files you need " -"to back up, and introduces the [command]``smdba`` tool to manage database " -"backups. It also contains information about restoring from your backups in " -"the case of a system failure." -msgstr "" - -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:9 -#, no-wrap -msgid "Backup Space Requirements" +"Performing a kernel update usually requires a system reboot. Common " +"vulnerability and exposure (CVE) patches should be applied as soon as " +"possible, but if you cannot afford the downtime, you can use Live Patching " +"to inject these important updates and skip the need to reboot." msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:14 +#. type: Plain text +#: modules/administration/pages/live-patching.adoc:3 msgid "" -"Regardless of the backup method you use, you must have available at least " -"three times the amount of space your current installation uses. Running out " -"of space can result in backups failing, so check this often." +"The procedure for setting up Live Patching is slightly different for " +"SLES{nbsp}12 and SLES{nbsp}15. Both procedures are documented in this " +"section." msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:19 +#. type: Title = +#: modules/administration/pages/master-fingerprint.adoc:1 #, no-wrap -msgid "Backing up {productname}" +msgid "Set up a Client to Master Validation Fingerprint" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:24 -msgid "" -"The most comprehensive method for backing up your {productname} installation " -"is to back up the relevant files and directories. This can save you time in " -"administering your backup, and can be faster to reinstall and re-synchronize " -"in the case of failure. However, this method requires significant disk " -"space and could take a long time to perform the backup." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:30 +#: modules/administration/pages/master-fingerprint.adoc:2 msgid "" -"If you want to only back up the required files and directories, use the " -"following list. To make this process simpler, and more comprehensive, we " -"recommend backing up the entire [path]``/etc`` and [path]``/root`` " -"directories, not just the ones specified here. Some files only exist if you " -"are actually using the related {susemgr} feature." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:34 -msgid "[path]``/etc/cobbler/``" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:35 -msgid "[path]``/etc/dhcp.conf``" +"In highly secure network configurations you may wish to ensure your Salt " +"clients are connecting a specific master. To set up validation from client " +"to master enter the master's fingerprint within the [path]``/etc/salt/" +"minion`` configuration file." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:36 -msgid "[path]``/etc/fstab`` and any ISO mountpoints you require." +#: modules/administration/pages/master-fingerprint.adoc:3 +msgid "See the following procedure:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:37 -msgid "[path]``/etc/rhn/``" +#: modules/administration/pages/master-fingerprint.adoc:4 +msgid "" +"On the master, at the command prompt, as root, use this command to find the " +"``master.pub`` fingerprint:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:38 -msgid "[path]``/etc/salt``" +#. type: delimited block - +#: modules/administration/pages/master-fingerprint.adoc:5 +#, no-wrap +msgid "salt-key -F master\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:39 -msgid "[path]``/etc/sudoers``" +#: modules/administration/pages/master-fingerprint.adoc:6 +msgid "" +"On your client, open the [path]``/etc/salt/minion`` configuration file. " +"Uncomment the following line and enter the master's fingerprint replacing " +"the example fingerprint:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:40 -msgid "[path]``/etc/sysconfig/rhn/``" +#. type: delimited block - +#: modules/administration/pages/master-fingerprint.adoc:7 +#, no-wrap +msgid "master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:41 -msgid "[path]``/root/.gnupg/``" +#: modules/administration/pages/master-fingerprint.adoc:8 +msgid "Restart the salt-minion service:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:42 -msgid "[path]``/root/.ssh``" +#. type: delimited block - +#: modules/administration/pages/master-fingerprint.adoc:9 +#, no-wrap +msgid "# systemctl restart salt-minion\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:46 +#: modules/administration/pages/master-fingerprint.adoc:10 msgid "" -"This file exists if you are using an SSH tunnel or SSH [command]``push``. " -"You will also need to have saved a copy of the ``id-susemanager`` key." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:47 -msgid "[path]``/root/ssl-build/``" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:48 -msgid "[path]``/srv/formula_metadata``" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:49 -msgid "[path]``/srv/pillar``" +"For information on configuring security from a client, see https://docs." +"saltstack.com/en/latest/ref/configuration/minion.html." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:50 -msgid "[path]``/srv/salt``" +#. type: Title = +#: modules/administration/pages/mirror-sources.adoc:1 +#, no-wrap +msgid "Mirror Source Packages" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:51 -msgid "[path]``/srv/susemanager``" +#: modules/administration/pages/mirror-sources.adoc:2 +msgid "" +"If you build your own packages locally, or if you require the source code " +"for your packages for legal reasons, it is possible to mirror the source " +"packages on {productname} Server." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:52 -msgid "[path]``/srv/tftpboot/``" +#. type: delimited block = +#: modules/administration/pages/mirror-sources.adoc:3 +msgid "" +"Mirroring source packages can consume a significant amount of disk space." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:53 -msgid "[path]``/srv/www/cobbler``" +#. type: Block title +#: modules/administration/pages/mirror-sources.adoc:4 +#, no-wrap +msgid "Procedure: Mirroring Source Packages" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:54 -msgid "[path]``/srv/www/htdocs/pub/``" +#: modules/administration/pages/mirror-sources.adoc:5 +msgid "" +"Open the [filename]``/etc/rhn/rhn.conf`` configuration file, and add this " +"line:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:55 -msgid "[path]``/srv/www/os-images``" +#. type: delimited block - +#: modules/administration/pages/mirror-sources.adoc:6 +#, no-wrap +msgid "server.sync_source_packages = 1\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:56 -msgid "[path]``/var/cache/rhn``" +#: modules/administration/pages/mirror-sources.adoc:7 +msgid "Restart the Spacewalk service to pick up the changes:" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:57 -msgid "[path]``/var/cache/salt``" +#. type: delimited block - +#: modules/administration/pages/mirror-sources.adoc:8 +#: modules/administration/pages/auth-methods-sso.adoc:42 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:15 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:57 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:74 +#, no-wrap +msgid "spacewalk-service restart\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:58 -msgid "[path]``/var/lib/cobbler/``" +#: modules/administration/pages/mirror-sources.adoc:9 +msgid "" +"Currently, this feature can only be enabled globally for all repositories. " +"It is not possible to select individual repositories for mirroring." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:59 +#: modules/administration/pages/mirror-sources.adoc:10 msgid "" -"[path]``/var/lib/cobbler/templates/`` (before version 4.0 it was [path]``/" -"var/lib/rhn/kickstarts/``)" +"When this feature has been activated, the source packages will become " +"available in the {productname} {webui} after the next repository " +"synchronization. They will be shown as sources for the binary package, and " +"can be downloaded directly from the {webui}. Source packages cannot be " +"installed on clients using the {webui}." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:60 -msgid "[path]``/var/lib/Kiwi``" +#. type: Title = +#: modules/administration/pages/tshoot-diskspace.adoc:1 +#, no-wrap +msgid "Troubleshooting Disk Space" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:61 -msgid "[path]``/var/lib/rhn/``" +#: modules/administration/pages/tshoot-diskspace.adoc:2 +msgid "" +"Running out of disk space can have a severe impact on the {productname} " +"database and file structure which, in most cases, is not recoverable." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:62 -msgid "[path]``/var/spacewalk/``" +#: modules/administration/pages/tshoot-diskspace.adoc:3 +msgid "" +"{productname} monitors free space in specific directories, and has " +"configurable alerts. For more on space management, see xref:administration:" +"space-management.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:63 +#: modules/administration/pages/tshoot-diskspace.adoc:4 msgid "" -"Plus any directories containing custom data such as scripts, Kickstart or " -"AutoYaST profiles, and custom RPMs." +"You can recover disk space by removing unused custom channels and redundant " +"database entries before you run out of space entirely." msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:68 +#. type: Plain text +#: modules/administration/pages/tshoot-diskspace.adoc:5 msgid "" -"You will also need to back up your database, which you can do with the " -"[command]``smdba`` tool. For more information about the [command]``smdba`` " -"tool, see xref:administration:backup-restore.adoc[]." +"For instructions on how to delete custom channels, see xref:administration:" +"channel-management.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/backup-restore.adoc:70 +#: modules/administration/pages/tshoot-diskspace.adoc:6 #, no-wrap -msgid "Procedure: Restore from a Manual Backup" +msgid "Procedure: Resolving redundant database entries" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:73 +#: modules/administration/pages/tshoot-diskspace.adoc:7 msgid "" -"Re-install {productname}. For more information about recovering from a " -"backup, see xref:administration:backup-restore.adoc[]." +"Use the [command]``spacewalk-data-fsck`` command to list any redundant " +"database entries." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:75 +#: modules/administration/pages/tshoot-diskspace.adoc:8 msgid "" -"Re-synchronize your {productname} repositories with the [command]``mgr-" -"sync`` tool. For more information about the [command]``mgr-sync`` tool, see " -"<>." +"Use the [command]``spacewalk-data-fsck --remove`` command to delete them." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:76 -msgid "" -"You can choose to re-register your product, or skip the registration and SSL " -"certificate generation sections." +#. type: Title === +#: modules/administration/pages/tshoot-intro.adoc:1 +#: modules/administration/pages/image-management.adoc:127 +#: modules/administration/pages/image-management.adoc:242 +#, no-wrap +msgid "Troubleshooting" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:77 +#: modules/administration/pages/tshoot-intro.adoc:2 msgid "" -"Re-install the [path]``/root/ssl-build/rhn-org-httpd-ssl-key-pair-" -"MACHINE_NAME-VER-REL.noarch.rpm`` package." +"This section contains some common problems you might encounter with " +"{productname}, and solutions to resolving them." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:78 -msgid "" -"Schedule the re-creation of search indexes next time the [command]``rhn-" -"search`` service is started:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:81 +#. type: Title = +#: modules/administration/pages/tshoot-localcert.adoc:1 #, no-wrap -msgid "rhn-search cleanindex\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:85 -msgid "" -"This command produces only debug messages. It does not produce error " -"messages." +msgid "Troubleshooting Local Issuer Certificates" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:88 +#: modules/administration/pages/tshoot-localcert.adoc:2 msgid "" -"Check whether you need to restore [path]``/var/spacewalk/packages/``. If " -"[path]``/var/spacewalk/packages/`` was not in your backup, you will need to " -"restore it. If the source repository is available, you can restore [path]``/" -"var/spacewalk/packages/`` with a complete channel synchronization:" +"Some older bootstrap scripts create a link to the local certificate in the " +"wrong place. This results in zypper returning an ``Unrecognized error`` " +"about the local issuer certificate. You can ensure that the link to the " +"local issuer certificate has been created correctly by checking the [path]``/" +"etc/ssl/certs/`` directory. If you come across this problem, you should " +"consider updating your bootstrap scripts to ensure that zypper operates as " +"expected." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:91 +#. type: Title = +#: modules/administration/pages/tshoot-logintimeout.adoc:1 #, no-wrap -msgid "mgr-sync refresh --refresh-channels\n" +msgid "Troubleshooting Login Timeouts" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:94 +#: modules/administration/pages/tshoot-logintimeout.adoc:2 msgid "" -"Check the progress by running [command]``tail -f /var/log/rhn/reposync/" -"````.log`` as _root_." -msgstr "" - -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:98 -#, no-wrap -msgid "Administering the Database with smdba" +"By default, the {productname} {webui} will require users to log in again " +"after 30{nbsp}minutes. Depending on your environment, you might want to " +"adjust the login timeout value." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:103 +#: modules/administration/pages/tshoot-logintimeout.adoc:3 msgid "" -"The [command]``smdba`` tool is used for managing a local PostgreSQL " -"database. It allows you to back up and restore your database, and manage " -"backups. It can also be used to check the status of your database, and " -"perform administration tasks, such as restarting." +"To adjust the value, you will need to make the change in both [path]``rhn." +"conf`` and [path]``web.xml``. Ensure you set the value in seconds in " +"[path]``/etc/rhn/rhn.conf``, and in minutes in [path]``web.xml``. The two " +"values must equal the same amount of time." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:105 -msgid "" -"The [command]``smdba`` tool works with local PostgreSQL databases only, it " -"will not work with remotely accessed databases, or Oracle databases." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:110 +#: modules/administration/pages/tshoot-logintimeout.adoc:4 msgid "" -"The [command]``smdba`` tool requires [command]``sudo`` access, in order to " -"execute system changes. Ensure you have enabled [command]``sudo`` access " -"for the [username]``admin`` user before you begin, by checking the [path]``/" -"etc/sudoers`` file for this line:" +"For example, to change the timeout value to one hour, set the value in " +"[path]``rhn.conf`` to 3600 seconds, and the value in [path]``web.xml`` to 60 " +"minutes." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:113 +#. type: Block title +#: modules/administration/pages/tshoot-logintimeout.adoc:5 #, no-wrap -msgid "admin ALL=(postgres) /usr/bin/smdba\n" +msgid "Procedure: Adjusting the {webui} Login Timeout Value" msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:118 -msgid "Check the runtime status of your database with:" +#. type: Plain text +#: modules/administration/pages/tshoot-logintimeout.adoc:6 +msgid "Stop services:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:121 +#: modules/administration/pages/tshoot-logintimeout.adoc:7 +#: modules/administration/pages/backup-restore.adoc:133 #, no-wrap -msgid "smdba db-status\n" +msgid "spacewalk-service stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:124 -msgid "This command will return either ``online`` or ``offline``, for example:" +#: modules/administration/pages/tshoot-logintimeout.adoc:8 +msgid "" +"Open [path]``/etc/rhn/rhn.conf`` and add or edit this line to include the " +"new timeout value in seconds:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:127 +#: modules/administration/pages/tshoot-logintimeout.adoc:9 #, no-wrap -msgid "Checking database core... online\n" +msgid "web.session_database_lifetime = \n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:130 -msgid "Starting and stopping the database can be performed with:" +#: modules/administration/pages/tshoot-logintimeout.adoc:10 +#: modules/administration/pages/tshoot-logintimeout.adoc:13 +msgid "Save and close the file." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-logintimeout.adoc:11 +msgid "" +"Open [path]``/srv/tomcat/webapps/rhn/WEB-INF/web.xml`` and add or edit this " +"line to include the new timeout value in minutes:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:133 -#: modules/administration/pages/backup-restore.adoc:279 +#: modules/administration/pages/tshoot-logintimeout.adoc:12 #, no-wrap -msgid "smdba db-start\n" +msgid "Timeout_Value_in_Minutes\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:136 -msgid "And:" +#: modules/administration/pages/tshoot-logintimeout.adoc:14 +msgid "Restart services:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:139 -#: modules/administration/pages/backup-restore.adoc:266 +#: modules/administration/pages/tshoot-logintimeout.adoc:15 +#: modules/administration/pages/backup-restore.adoc:149 #, no-wrap -msgid "smdba db-stop\n" +msgid "spacewalk-service start\n" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:144 +#. type: Title = +#: modules/administration/pages/tshoot-packages.adoc:1 #, no-wrap -msgid "Database Backup with smdba" +msgid "Troubleshooting Package Inconsistencies" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:150 +#: modules/administration/pages/tshoot-packages.adoc:2 msgid "" -"The [command]``smdba`` tool performs a continuous archiving backup. This " -"backup method combines a log of every change made to the database during the " -"current session, with a series of more traditional backup files. When a " -"crash occurs, the database state is first restored from the most recent " -"backup file on disk, then the log of the current session is replayed " -"exactly, to bring the database back to a current state. A continuous " -"archiving backup with [command]``smdba`` is performed with the database " -"running, so there is no need for downtime." +"When packages on a client are locked, {productname} Server may not be able " +"to correctly determine the set of applicable patches. When this occurs, " +"package updates will be available in the {webui}, but will not appear on the " +"client, and attempts to update the client will fail. Check package locks " +"and exclude lists to determine if packages are locked or excluded on the " +"client." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:154 +#: modules/administration/pages/tshoot-packages.adoc:3 msgid "" -"This method of backing up is stable and generally creates consistent " -"snapshots, however it can take up a lot of storage space. Ensure you have " -"at least three times the current database size of space available for " -"backups. You can check your current database size by navigating to [path]``/" -"var/lib/pgsql/`` and running [command]``df -h``." +"On the client, check package locks and exclude lists to determine if " +"packages are locked or excluded:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:159 +#: modules/administration/pages/tshoot-packages.adoc:4 msgid "" -"The [command]``smdba`` tool also manages your archives, keeping only the " -"most recent backup, and the current archive of logs. The log files can only " -"be a maximum file size of 16{nbsp}MB, so a new log file will be created when " -"the files reach this size. Every time you create a new backup, previous " -"backups will be purged to release disk space. We recommend you use " -"[command]``cron`` to schedule your [command]``smdba`` backups to ensure that " -"your storage is managed effectively, and you always have a backup ready in " -"case of failure." +"On an Expanded Support Platform, check [path]``/etc/yum.conf`` and search " +"for ``exclude=``." msgstr "" -#. type: Title === -#: modules/administration/pages/backup-restore.adoc:162 -#, no-wrap -msgid "Performing a Manual Database Backup" +#. type: Plain text +#: modules/administration/pages/tshoot-packages.adoc:5 +msgid "On {sle} and {opensuse}, use the [command]``zypper locks`` command." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:166 -msgid "" -"The [command]``smdba`` tool can be run directly from the command line. We " -"recommend you run a manual database backup immediately after installation, " -"or if you have made any significant changes to your configuration." +#. type: Title = +#: modules/administration/pages/tshoot-rpctimeout.adoc:1 +#, no-wrap +msgid "Troubleshooting RPC Connection Timeouts" msgstr "" -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:172 +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step +#. type: Plain text +#: modules/administration/pages/tshoot-rpctimeout.adoc:2 msgid "" -"When [command]``smdba`` is run for the first time, or if you have changed " -"the location of the backup, it will need to restart your database before " -"performing the archive. This will result in a small amount of downtime. " -"Regular database backups will not require any downtime." +"RPC connections can sometimes time out due to slow networks or a network " +"link going down. This results in package downloads or batch jobs hanging or " +"taking longer than expected. You can adjust the maximum time that an RPC " +"connection can take by editing the configuration file. While this will not " +"resolve networking problems, it will cause a process to fail rather than " +"hang." msgstr "" #. type: Block title -#: modules/administration/pages/backup-restore.adoc:174 +#: modules/administration/pages/tshoot-rpctimeout.adoc:3 #, no-wrap -msgid "Procedure: Performing a Manual Database Backup" +msgid "Procedure: Resolving RPC connection timeouts" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:178 +#: modules/administration/pages/tshoot-rpctimeout.adoc:4 msgid "" -"Allocate permanent storage space for your backup. This example uses a " -"directory located at [path]``/var/spacewalk/``. This will become a " -"permanent target for your backup, so ensure it will remain accessible by " -"your server at all times." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:179 -msgid "In your backup location, create a directory for the backup:" +"On the {productname} Server, open the [filename]``/etc/rhn/rhn.conf`` file " +"and set a maximum timeout value (in seconds):" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:183 +#: modules/administration/pages/tshoot-rpctimeout.adoc:5 #, no-wrap -msgid "sudo -u postgres mkdir /var/spacewalk/db-backup\n" +msgid "server.timeout =`number`\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:187 -msgid "Or, as root:" +#: modules/administration/pages/tshoot-rpctimeout.adoc:6 +msgid "" +"On the {productname} Proxy, open the [filename]``/etc/rhn/rhn.conf`` file " +"and set a maximum timeout value (in seconds):" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:191 +#: modules/administration/pages/tshoot-rpctimeout.adoc:7 #, no-wrap -msgid "install -d -o postgres -g postgres -m 700 /var/spacewalk/db-backup\n" +msgid "proxy.timeout =`number`\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:194 -msgid "Ensure you have the correct permissions set on the backup location:" +#: modules/administration/pages/tshoot-rpctimeout.adoc:8 +msgid "" +"On a {sles} client that uses zypper, open the [filename]``/etc/zypp/zypp." +"conf`` file and set a maximum timeout value (in seconds):" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:198 +#: modules/administration/pages/tshoot-rpctimeout.adoc:9 #, no-wrap -msgid "chown postgres:postgres /var/spacewalk/db-backup\n" +msgid "" +"## Valid values: [0,3600]\n" +"## Default value: 180\n" +"download.transfer_timeout = 180\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:203 +#: modules/administration/pages/tshoot-rpctimeout.adoc:10 msgid "" -"To create a backup for the first time, run the [command]``smdba backup-hot`` " -"command with the [option]``enable`` option set. This will create the backup " -"in the specified directory, and, if necessary, restart the database:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:207 -#, no-wrap -msgid "smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:211 -msgid "" -"This command produces debug messages and finishes sucessfully with the " -"output:" +"On a {rhel} client that uses yum, open the [filename]``/etc/yum.conf`` file " +"and set a maximum timeout value (in seconds):" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:215 +#: modules/administration/pages/tshoot-rpctimeout.adoc:11 #, no-wrap -msgid "INFO: Finished\n" +msgid "timeout =`number`\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:219 +#. type: delimited block = +#: modules/administration/pages/tshoot-rpctimeout.adoc:12 msgid "" -"Check that the backup files exist in the [path]``/var/spacewalk/db-backup`` " -"directory, to ensure that your backup has been successful." +"If you limit RPC timeouts to less than `180` seconds, you risk aborting " +"perfectly normal operations." msgstr "" -#. type: Title === -#: modules/administration/pages/backup-restore.adoc:223 +#. type: Title = +#: modules/administration/pages/tuning-changelogs.adoc:1 #, no-wrap -msgid "Scheduling Automatic Backups" +msgid "Tuning Changelogs" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:229 -msgid "" -"You do not need to shut down your system in order to perform a database " -"backup with [command]``smdba``. However, because it is a large operation, " -"database performance can slow down while the backup is running. We " -"recommend you schedule regular database backups for a low-traffic period, to " -"minimize disruption." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/backup-restore.adoc:234 +#: modules/administration/pages/tuning-changelogs.adoc:2 msgid "" -"Ensure you have at least three times the current database size of space " -"available for backups. You can check your current database size by " -"navigating to [path]``/var/lib/pgsql/`` and running [command]``df -h``." -msgstr "" - -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:236 -#, no-wrap -msgid "Procedure: Scheduling Automatic Backups" +"Some packages have a long list of changelog entries. This data is " +"downloaded by default, but it is not always useful information to keep. In " +"order to limit the amount of changelog metadata which is downloaded and to " +"save disk space, you can put a limit on how many entries to keep on disk." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:238 +#: modules/administration/pages/tuning-changelogs.adoc:3 msgid "" -"Create a directory for the backup, and set the appropriate permissions (as " -"root):" +"This configuration option is in the [filename]``/etc/rhn/rhn.conf`` " +"configuration file. The parameter defaults to [systemitem]``0``, which " +"means unlimited." msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:242 +#: modules/administration/pages/tuning-changelogs.adoc:4 #, no-wrap -msgid "install -m 700 -o postgres -g postgres /var/spacewalk/db-backup\n" +msgid "java.max_changelog_entries = 0\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:245 +#: modules/administration/pages/tuning-changelogs.adoc:5 msgid "" -"Open [path]``/etc/cron.d/db-backup-mgr``, or create it if it does not exist, " -"and add the following line to create the cron job:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:249 -#, no-wrap -msgid "0 2 * * * root /usr/bin/smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" +"If you set this parameter, it will come into effect only for new packages " +"when they are synchronized." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:252 +#: modules/administration/pages/tuning-changelogs.adoc:6 msgid "" -"Check the backup directory regularly to ensure the backups are working as " -"expected." -msgstr "" - -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:256 -#, no-wrap -msgid "Restoring from Backup" +"After changing this parameter, restart services with ``spacewalk-service " +"restart``." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:259 +#: modules/administration/pages/tuning-changelogs.adoc:7 msgid "" -"The [command]``smdba`` tool can be used to restore from backup in the case " -"of failure." -msgstr "" - -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:260 -#, no-wrap -msgid "Procedure: Restoring from Backup" +"You might like to delete and regenerate the cached data to remove older data." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:262 -msgid "Shut down the database:" +#. type: delimited block = +#: modules/administration/pages/tuning-changelogs.adoc:8 +msgid "" +"Deleting and regenerating cached data can take a long time. Depending on " +"the number of channels you have and the amount of data to be deleted, it can " +"potentially take several hours. The task is run in the background by " +"Taskomatic, so you can continue to use {productname} while the operation " +"completes, however you should expect some performance loss." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:268 -msgid "Start the restore process and wait for it to complete:" +#: modules/administration/pages/tuning-changelogs.adoc:9 +msgid "" +"You can delete and request a regeneration of cached data from the command " +"line:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:272 +#: modules/administration/pages/tuning-changelogs.adoc:10 #, no-wrap -msgid "smdba backup-restore start\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:275 -msgid "Restart the database:" +msgid "spacewalk-sql -i\n" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:282 -msgid "Check if there are differences between the RPMs and the database." +#: modules/administration/pages/tuning-changelogs.adoc:11 +msgid "Then on the SQL database prompt, enter:" msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:286 +#: modules/administration/pages/tuning-changelogs.adoc:12 #, no-wrap -msgid "spacewalk-data-fsck\n" +msgid "" +"DELETE FROM rhnPackageRepodata;\n" +"INSERT INTO rhnRepoRegenQueue (id, CHANNEL_LABEL, REASON, FORCE)\n" +"(SELECT sequence_nextval('rhn_repo_regen_queue_id_seq'),\n" +" C.label,\n" +" 'cached data regeneration',\n" +" 'Y'\n" +" FROM rhnChannel C);\n" +"\\q\n" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:291 +#. type: Title = +#: modules/administration/pages/space-management.adoc:1 #, no-wrap -msgid "Archive Log Settings" +msgid "Managing Disk Space" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:295 +#: modules/administration/pages/space-management.adoc:2 msgid "" -"Archive logging allows the database management tool [command]``smdba`` to " -"perform hot backups. In {productname} with an embedded database, archive " -"logging is enabled by default." +"Running out of disk space can have a severe impact on the {productname} " +"database and file structure which, in some cases, is not recoverable." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:299 +#: modules/administration/pages/space-management.adoc:3 msgid "" -"PostgreSQL maintains a limited number of archive logs. Using the default " -"configuration, approximately 64 files with a size of 16 MiB are stored." +"{productname} monitors some directories for free disk space. You can modify " +"which directories are monitored, and the warnings that are created. All " +"settings are configured in the [path]``/etc/rhn/rhn.conf`` configuration " +"file." +msgstr "" + +#. type: Title == +#: modules/administration/pages/space-management.adoc:4 +#, no-wrap +msgid "Monitored Directories" msgstr "" -#. FIXME: Use sle 15 channels as an example #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:302 -msgid "Creating a user and syncing the channels:" +#: modules/administration/pages/space-management.adoc:5 +msgid "By default, {productname} monitors these directories:" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:304 -msgid "SLES12-SP2-Pool-x86_64" +#: modules/administration/pages/space-management.adoc:6 +msgid "[path]``/var/lib/pgsql``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:305 -msgid "SLES12-SP2-Updates-x86_64" +#: modules/administration/pages/space-management.adoc:7 +msgid "[path]``/var/spacewalk``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:306 -msgid "SLE-Manager-Tools12-Pool-x86_64-SP2" +#: modules/administration/pages/space-management.adoc:8 +msgid "[path]``/var/cache``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:307 -msgid "SLE-Manager-Tools12-Updates-x86_64-SP2" +#: modules/administration/pages/space-management.adoc:9 +msgid "[path]``/srv``" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:311 +#: modules/administration/pages/space-management.adoc:10 msgid "" -"PostgreSQL will generate an additional roughly 1 GB of data. So it is " -"important to think about a backup strategy and create a backups in a regular " -"way." +"You can change which directories are monitored with the " +"[systemitem]``spacecheck_dirs`` parameter. You can specify multiple " +"directories by separating them with a space." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:313 -msgid "" -"Archive logs are stored at [path]``/var/lib/pgsql/data/pg_xlog/`` " -"(postgresql)." +#: modules/administration/pages/space-management.adoc:11 +#: modules/administration/pages/space-management.adoc:16 +#: modules/administration/pages/space-management.adoc:21 +#: modules/administration/pages/actions.adoc:62 +#: modules/administration/pages/backup-restore.adoc:135 +msgid "For example:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/space-management.adoc:12 +#, no-wrap +msgid "spacecheck_dirs = /var/lib/pgsql /var/spacewalk /var/cache /srv\n" msgstr "" #. type: Title == -#: modules/administration/pages/backup-restore.adoc:317 +#: modules/administration/pages/space-management.adoc:13 #, no-wrap -msgid "Retrieving an Overview of Occupied Database Space" +msgid "Thresholds" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:321 +#: modules/administration/pages/space-management.adoc:14 msgid "" -"Database administrators may use the subcommand [command]``space-overview`` " -"to get a report about occupied table spaces, for example:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:324 -#, no-wrap -msgid "smdba space-overview\n" +"By default, {productname} will create a warning mail when a monitored " +"directory has less than 10% of total space available. A critical alert is " +"created when a monitored directory falls below 5% space available." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:327 -#: modules/administration/pages/backup-restore.adoc:349 -msgid "outputs:" +#: modules/administration/pages/space-management.adoc:15 +msgid "" +"You can change these alert thresholds with the " +"[systemitem]``spacecheck_free_alert`` and " +"[systemitem]``spacecheck_free_critical`` parameters." msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:331 -#: modules/administration/pages/backup-restore.adoc:353 +#: modules/administration/pages/space-management.adoc:17 #, no-wrap msgid "" -"SUSE Manager Database Control. Version 1.5.2\n" -"Copyright (c) 2012 by SUSE Linux Products GmbH\n" +"spacecheck_free_alert = 10\n" +"spacecheck_free_critical = 5\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:337 +#. type: Title == +#: modules/administration/pages/space-management.adoc:18 #, no-wrap -msgid "" -"Tablespace | Size (Mb) | Avail (Mb) | Use %\n" -"------------+-----------+------------+------\n" -"postgres | 7 | 49168 | 0.013\n" -"susemanager | 776 | 48399 | 1.602\n" +msgid "Shut Down Services" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:343 +#: modules/administration/pages/space-management.adoc:19 msgid "" -"The [command]``smdba`` command is available for PostgreSQL. For a more " -"detailed report, use the [command]``space-tables`` subcommand. It lists the " -"table and its size, for example:" +"By default, {productname} will shut down the spacewalk services when the " +"critical alert threshold is reached." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:346 -#, no-wrap -msgid "smdba space-tables\n" +#. type: Plain text +#: modules/administration/pages/space-management.adoc:20 +msgid "" +"You can change this behavior with the [systemitem]``spacecheck_shutdown`` " +"parameter. A value of ``true`` will enable the shut down feature. Any " +"other value will disable it." msgstr "" #. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:365 +#: modules/administration/pages/space-management.adoc:22 #, no-wrap -msgid "" -"Table | Size\n" -"--------------------------------------+-----------\n" -"public.all_primary_keys | 0 bytes\n" -"public.all_tab_columns | 0 bytes\n" -"public.allserverkeywordsincereboot | 0 bytes\n" -"public.dblink_pkey_results | 0 bytes\n" -"public.dual | 8192 bytes\n" -"public.evr_t | 0 bytes\n" -"public.log | 32 kB\n" -"...\n" +msgid "spacecheck_shutdown = true\n" msgstr "" #. type: Title == -#: modules/administration/pages/backup-restore.adoc:369 +#: modules/administration/pages/space-management.adoc:23 #, no-wrap -msgid "Moving the Database" +msgid "Disable Space Checking" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:375 +#: modules/administration/pages/space-management.adoc:24 msgid "" -"It is possible to move the database to another location. For example, move " -"the database if the database storage space is running low. The following " -"procedure will guide you through moving the database to a new location for " -"use by {productname}." +"The space checking tool is enabled by default. You can disable it entirely " +"with these commands:" msgstr "" -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:376 +#. type: delimited block - +#: modules/administration/pages/space-management.adoc:25 #, no-wrap -msgid "Procedure: Moving the Database" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:378 msgid "" -"The default storage location for {productname} is [path]``/var/lib/pgsql/``. " -"If you would like to move it, for example to [path]``/storage/postgres/``, " -"proceed as follows." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:380 -msgid "Stop the running database with (as root):" +"systemctl stop spacewalk-diskcheck.timer\n" +"systemctl disable spacewalk-diskcheck.timer\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:384 +#. type: Title = +#: modules/administration/pages/task-schedules.adoc:1 #, no-wrap -msgid "rcpostgresql stop\n" +msgid "Task Schedules" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:387 -msgid "Shut down the running Spacewalk services with:" +#: modules/administration/pages/task-schedules.adoc:2 +msgid "" +"Under menu:Admin[Task Schedules] all predefined task bunches are listed." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:391 +#. type: Target for macro image +#: modules/administration/pages/task-schedules.adoc:3 #, no-wrap -msgid "spacewalk-service stop\n" +msgid "admin_task_schedules.png" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:394 +#: modules/administration/pages/task-schedules.adoc:4 msgid "" -"Copy the current working directory structure with [command]``cp`` using the " -"[option]``-a, --archive`` option. For example:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:398 -#, no-wrap -msgid "cp --archive /var/lib/pgsql/ /storage/postgres/\n" +"Click a menu:SUSE Manager Schedules[Schedule name] to open its menu:Schedule " +"Name[Basic Schedule Details] where you can disable it or change the " +"frequency. Click btn:[Edit Schedule] to update the schedule with your " +"settings. To delete a schedule, click btn:[Delete Schedule] in the upper " +"right-hand corner." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:402 +#. type: delimited block = +#: modules/administration/pages/task-schedules.adoc:5 msgid "" -"This command will copy the contents of [path]``/var/lib/pgsql/`` to [path]``/" -"storage/postgres/pgsql/``." +"Only disable or delete a schedule if you are absolutely certain this is " +"necessary as they are essential for {productname} to work properly." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:405 +#: modules/administration/pages/task-schedules.adoc:6 msgid "" -"The contents of the [path]``/var/lib/pgsql`` directory needs to remain the " -"same, otherwise the {productname} database may malfunction. You also should " -"ensure that there is enough available disk space." +"If you click a bunch name, a list of runs of that bunch type and their " +"status will be displayed. Clicking the start time links takes you back to " +"the menu:Schedule Name[Basic Schedule Details]." msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:408 -msgid "Mount the new database directory with:" +#: modules/administration/pages/task-schedules.adoc:7 +msgid "" +"For example, the following predefined task bunches are scheduled by default " +"and can be configured:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:412 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:8 #, no-wrap -msgid "mount /storage/postgres/pgsql\n" +msgid "menu:channel-repodata-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:414 -msgid "" -"Make sure ownership is `postgres:postgres` and not `root:root` by changing " -"to the new directory and running the following commands:" +#: modules/administration/pages/task-schedules.adoc:9 +msgid "(Re)generates repository metadata files." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:419 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:10 #, no-wrap -msgid "" -"cd /storage/postgres/pgsql/\n" -"ls -l\n" +msgid "menu:cleanup-data-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:423 -msgid "Outputs:" +#: modules/administration/pages/task-schedules.adoc:11 +msgid "" +"Cleans up stale package change log and monitoring time series data from the " +"database." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:428 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:12 #, no-wrap -msgid "" -"total 8\n" -"drwxr-x--- 4 postgres postgres 47 Jun 2 14:35 ./\n" +msgid "menu:clear-taskologs-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:430 +#: modules/administration/pages/task-schedules.adoc:13 msgid "" -"Add the new database mount location to your servers fstab by editing " -"[path]``etc/fstab``." +"Clears task engine (taskomatic) history data older than a specified number " +"of days, depending on the job type, from the database." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:14 +#, no-wrap +msgid "menu:cobbler-sync-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:431 -msgid "Start the database with:" +#: modules/administration/pages/task-schedules.adoc:15 +msgid "" +"Synchronizes distribution and profile data from {productname} to Cobbler. " +"For more information, see xref:client-configuration:cobbler.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:435 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:16 #, no-wrap -msgid "rcpostgresql start\n" +msgid "menu:compare-configs-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:438 -msgid "Start the Spacewalk services with:" +#: modules/administration/pages/task-schedules.adoc:17 +msgid "" +"Compares configuration files as stored in configuration channels with the " +"files stored on all configuration-enabled servers. To review comparisons, " +"click menu:Systems[] tab and select the system of interest. Go to menu:" +"Configuration[Compare Files]. For more information, see xref:reference:" +"systems/system-details/sd-configuration.adoc#sd-config-compare-files[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:442 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:18 #, no-wrap -msgid "spacewalk-service start\n" +msgid "menu:cve-server-channels-default:[]" msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:446 +#. type: Plain text +#: modules/administration/pages/task-schedules.adoc:19 +msgid "" +"Updates internal pre-computed CVE data that is used to display results on " +"the menu:Audit[CVE Audit] page. Search results in the menu:Audit[CVE Audit] " +"page are updated to the last run of this schedule). For more information, " +"see xref:reference:audit/audit-cve-audit.adoc[]." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:20 #, no-wrap -msgid "Recovering from a Crashed Root Partition" +msgid "menu:daily-status-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:451 +#: modules/administration/pages/task-schedules.adoc:21 msgid "" -"This section provides guidance on restoring your server after its root " -"partition has crashed. This section assumes you have setup your server " -"similar to the procedure explained in Installation guide with separate " -"partitions for the database and for channels mounted at [path]``/var/lib/" -"pgsql`` and [path]``/var/spacewalk/``." +"Sends daily report e-mails to relevant addresses. To learn more about how " +"to configure notifications for specific users, see xref:reference:users/user-" +"details.adoc[]." msgstr "" -#. type: Block title -#: modules/administration/pages/backup-restore.adoc:452 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:22 #, no-wrap -msgid "Procedure: Recovering from a Crashed Root Partition" +msgid "menu:errata-cache-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:456 +#: modules/administration/pages/task-schedules.adoc:23 msgid "" -"Install {productname}. Do not mount the [path]``/var/spacewalk`` and " -"[path]``/var/lib/pgsql`` partitions. Wait for the installation to complete " -"before going on to the next step." +"Updates internal patch cache database tables, which are used to look up " +"packages that need updates for each server. Also, this sends notification " +"emails to users that might be interested in certain patches. For more " +"information about patches, see xref:reference:patches/patches-menu.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:457 -msgid "Shut down the services with [command]``spacewalk-service shutdown``." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:24 +#, no-wrap +msgid "menu:errata-queue-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:458 -msgid "Shut down the database with [command]``rcpostgresql stop``." +#: modules/administration/pages/task-schedules.adoc:25 +msgid "" +"Queues automatic updates (patches) for servers that are configured to " +"receive them." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:459 -msgid "Mount [path]``/var/spacewalk`` and [path]``/var/lib/pgsql`` partitions." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:26 +#, no-wrap +msgid "menu:kickstart-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:460 -msgid "Restore the directories listed in <>." +#: modules/administration/pages/task-schedules.adoc:27 +msgid "Cleans up stale kickstart session data." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:28 +#, no-wrap +msgid "menu:kickstartfile-sync-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:461 +#: modules/administration/pages/task-schedules.adoc:29 msgid "" -"Start the Spacewalk services with [command]``spacewalk-services start``." +"Generates Cobbler files corresponding to Kickstart profiles created by the " +"configuration wizard." msgstr "" -#. type: Plain text -#: modules/administration/pages/backup-restore.adoc:462 -msgid "Start the database with [command]``rcpostgresql start``." +#. we probably no longer want to reference NCC; I do not know whether it works the same way with SCC (if at all) +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:30 +#, no-wrap +msgid "menu:mgr-register-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:464 +#: modules/administration/pages/task-schedules.adoc:31 msgid "" -"{productname} should now operate normally without loss of your database or " -"synced channels." +"Calls the [command]``mgr-register`` command, which synchronizes client " +"registration data with NCC (new, changed or deleted clients' data are " +"forwarded)." msgstr "" -#. type: Title == -#: modules/administration/pages/backup-restore.adoc:467 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:32 #, no-wrap -msgid "Database Connection Information" +msgid "menu:mgr-sync-refresh-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/backup-restore.adoc:470 +#: modules/administration/pages/task-schedules.adoc:33 msgid "" -"The information for connecting to the {productname} database is located in " -"[path]``/etc/rhn/rhn.conf``:" +"The default time at which the start of synchronization with SUSE Customer " +"Center (SCC) takes place (``mgr-sync-refresh``)." msgstr "" -#. There are no such default, they are user-spcified, though -#. type: delimited block - -#: modules/administration/pages/backup-restore.adoc:480 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:34 #, no-wrap +msgid "menu:minion-action-cleanup-default:[]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/task-schedules.adoc:35 msgid "" -"db_backend = postgresql\n" -"db_user = susemanager\n" -"db_password = susemanager\n" -"db_name = susemanager\n" -"db_host = localhost\n" -"db_port = 5432\n" -"db_ssl_enabled =\n" +"Deletes stale client action data from the file system. First it tries to " +"complete any possibly unfinished actions by looking up the corresponding " +"results; these results are stored in the Salt job cache. An unfinished " +"action can occur if the server has missed the results of the action. For " +"successfully completed actions it removes artifacts such as executed script " +"files." msgstr "" -#. type: Title = -#: modules/administration/pages/disconnected-setup.adoc:2 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:36 #, no-wrap -msgid "Disconnected Setup" +msgid "menu:package-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:5 -msgid "" -"When it is not possible to connect {productname} to the internet, you can " -"use it within a disconnected environment." +#: modules/administration/pages/task-schedules.adoc:37 +msgid "Deletes stale package files from the file system." msgstr "" -#. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:8 -msgid "" -"The repository mirroring tool (RMT) is available on {sle}{nbsp}15 and " -"later. RMT replaces the subscription management tool (SMT), which can be " -"used on older {sle} installations." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:38 +#, no-wrap +msgid "menu:reboot-action-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:12 +#: modules/administration/pages/task-schedules.adoc:39 msgid "" -"In a disconnected {productname} setup, RMT or SMT uses an external network " -"to connect to {scc}. All software channels and repositories are " -"synchronized to a removable storage device. The storage device can then be " -"used to update the disconnected {productname} installation." +"Any reboot actions pending for more than six hours are marked as failed and " +"associated data is cleaned up in the database. For more information on " +"scheduling reboot actions, see xref:reference:systems/system-details/sd-" +"provisioning.adoc#sd-power-management[]." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:40 +#, no-wrap +msgid "menu:sandbox-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:14 +#: modules/administration/pages/task-schedules.adoc:41 msgid "" -"This setup allows your {productname} installation to remain in an offline, " -"disconnected environment." +"Cleans up Sandbox configuration files and channels that are older than the " +"__sandbox_lifetime__ configuration parameter (3 days by default). Sandbox " +"files are those imported from systems or files under development. For more " +"information, see xref:reference:systems/system-details/sd-configuration." +"adoc#sd-config-add-files[]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:19 -msgid "" -"Your RMT or SMT instance must be used to managed a {productname} Server " -"directly. It cannot be used to manage a second RMT or SMT instance, in a " -"cascade." +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:42 +#, no-wrap +msgid "menu:session-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:22 +#: modules/administration/pages/task-schedules.adoc:43 msgid "" -"For more information on RMT, see https://documentation.suse.com/sles/15-SP1/" -"html/SLES-all/book-rmt.html." +"Cleans up stale Web interface sessions, typically data that is temporarily " +"stored when a user logs in and then closes the browser before logging out." msgstr "" -#. type: Title == -#: modules/administration/pages/disconnected-setup.adoc:24 +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:44 #, no-wrap -msgid "Synchronize RMT" +msgid "menu:ssh-push-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:27 +#: modules/administration/pages/task-schedules.adoc:45 msgid "" -"You can use RMT on {sle} 15 installations to manage clients running {sle} 12 " -"or later." +"Prompts clients to check in with {productname} via SSH if they are " +"configured with a `SSH Push` contact method." msgstr "" -#. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:29 -msgid "" -"We recommend you set up a dedicated RMT instance for each {productname} " -"installation." -msgstr "" - -#. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:30 -#, no-wrap -msgid "Procedure: Setting up RMT" +#. type: Labeled list +#: modules/administration/pages/task-schedules.adoc:46 +#, no-wrap +msgid "menu:token-cleanup-default:[]" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:32 -msgid "On the RMT instance, install the RMT package:" +#: modules/administration/pages/task-schedules.adoc:47 +msgid "" +"Deletes expired repository tokens that are used by Salt clients to download " +"packages and metadata." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:35 +#. type: Title = +#: modules/administration/pages/subscription-matching.adoc:1 #, no-wrap -msgid "zypper in rmt-server\n" +msgid "Subscription Matching" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:37 -msgid "Configure RMT using {yast}:" +#: modules/administration/pages/subscription-matching.adoc:2 +msgid "" +"Your {suse} products require subscriptions, which are managed by the {scc} " +"(SCC). {productname} runs a nightly report checking the subscription status " +"of all your registered clients against your SCC account. The report gives " +"you information about which clients consume which subscriptions, how many " +"subscriptions you have remaining and available to use, and which clients do " +"not have a current subscription." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:40 -#, no-wrap -msgid "yast2 rmt\n" +#. type: Plain text +#: modules/administration/pages/subscription-matching.adoc:3 +msgid "Navigate to menu:Audit[Subscription Matching] to see the report." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:43 +#: modules/administration/pages/subscription-matching.adoc:4 msgid "" -"Follow the prompts to complete installation. For more information on " -"setting up RMT, see https://documentation.suse.com/sles/15-SP1/html/SLES-all/" -"book-rmt.html." +"The [guimenu]``Subscriptions Report`` tab gives information about current " +"and expiring subscriptions." msgstr "" -#. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:44 -#, no-wrap -msgid "Procedure: Synchronizing RMT with SCC" +#. type: Plain text +#: modules/administration/pages/subscription-matching.adoc:5 +msgid "" +"The [guimenu]``Unmatched Products Report`` tab gives a list of clients that " +"do not have a current subscription. This includes clients that could not be " +"matched, or that are not currently registered with {productname}. The " +"report includes product names and the number of systems that remain " +"unmatched." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:46 +#: modules/administration/pages/subscription-matching.adoc:6 msgid "" -"On the RMT instance, list all available products and repositories for your " -"organization:" +"The [guimenu]``Pins`` tab allows you to associate individual clients to the " +"relevant subscription. This is especially useful if the subscription " +"manager is not automatically associating clients to subscriptions " +"successfully." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:50 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/subscription-matching.adoc:7 msgid "" -"rmt-cli products list --all\n" -"rmt-cli repos list --all\n" +"The [guimenu]``Messages`` tab shows any errors that occurred during the " +"matching process." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:52 -msgid "Synchronize all available updates for your organization:" +#: modules/administration/pages/subscription-matching.adoc:8 +msgid "" +"You can also download the reports in .csv format, or access them from that " +"command prompt in the [path]``/var/lib/spacewalk/subscription-matcher/`` " +"directory." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:55 -#, no-wrap -msgid "rmt-cli sync\n" +#. type: Plain text +#: modules/administration/pages/subscription-matching.adoc:9 +msgid "" +"By default, the subscription matcher runs daily, at midnight. To change " +"this, navigate to menu:Admin[Task Schedules] and click ``gatherer-matcher-" +"default``. Change the schedule as required, and click btn:[Update Schedule]." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:57 -msgid "You can also configure RMT to synchronize regularly using systemd." +#: modules/administration/pages/subscription-matching.adoc:10 +msgid "" +"Because the report can only match current clients with current " +"subscriptions, you might find that the matches change over time. The same " +"client will not always match the same subscription. This can be due to new " +"clients being registered or unregistered, or because of the addition or " +"expiration of subscriptions." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:59 -msgid "Enable the products you require. For example, to enable SLES 15:" +#: modules/administration/pages/subscription-matching.adoc:11 +msgid "" +"The subscription matcher will automatically attempt to reduce the number of " +"unmatched products, limited by the terms and conditions of the subscriptions " +"in your account. However, if you have incomplete hardware information, " +"unknown virtual machine host assignments, or clients running in unknown " +"public clouds, the matcher might show that you do not have enough " +"subscriptions available. Always ensure you have complete data about your " +"clients included in {productname}, to help ensure accuracy." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:62 +#. type: delimited block = +#: modules/administration/pages/subscription-matching.adoc:12 +msgid "" +"The subscription matcher will not always match clients and subscriptions " +"accurately. It is not intended to be a replacement for auditing." +msgstr "" + +#. type: Title == +#: modules/administration/pages/subscription-matching.adoc:13 #, no-wrap -msgid "rmt-cli product enable sles/15/x86_64\n" +msgid "Pin Clients to Subscriptions" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:65 -#: modules/administration/pages/disconnected-setup.adoc:99 +#: modules/administration/pages/subscription-matching.adoc:14 msgid "" -"Export the synchronized data to your removable storage. In this example, " -"the storage medium is mounted at [path]``/mnt/usb``:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:68 -#, no-wrap -msgid "rmt-cli export data /mnt/usb\n" +"If the subscription matcher is not automatically matching a particular " +"client with the correct subscription, you can manually pin them. When you " +"have created a pin, the subscription matcher favors matching a specific " +"subscription with a given system or group of systems." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:70 -#: modules/administration/pages/disconnected-setup.adoc:106 -msgid "Export the enabled repositories to your removable storage:" +#: modules/administration/pages/subscription-matching.adoc:15 +msgid "" +"However, the matcher will not always respect a pin. It depends on the " +"subscription being available, and whether or not the subscription can be " +"applied to the client. Additionally, pins will be ignored if they result in " +"a match that violates the terms and conditions of the subscription, or if " +"the matcher detects a more accurate match if the pin is ignored." msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:72 -#: modules/administration/pages/disconnected-setup.adoc:108 -#, no-wrap -msgid "rmt-cli export settings /mnt/usb\n" +#. type: Plain text +#: modules/administration/pages/subscription-matching.adoc:16 +msgid "To add a new pin, click btn:[Add a Pin], and select the client to pin." msgstr "" #. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:78 +#: modules/administration/pages/subscription-matching.adoc:17 msgid "" -"Ensure that the external storage is mounted to a directory that is writeable " -"by the RMT user. You can change RMT user settings in the `cli` section of " -"[path]``/etc/rmt.conf``." +"We do not recommend using pinning regularly, or for a large number of " +"clients. The subscription matcher tool is generally accurate enough for " +"most installations." msgstr "" -#. type: Title == -#: modules/administration/pages/disconnected-setup.adoc:82 +#. type: Title = +#: modules/administration/pages/ssl-certs-imported.adoc:1 #, no-wrap -msgid "Synchronize SMT" +msgid "Import SSL Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:86 +#: modules/administration/pages/ssl-certs-imported.adoc:2 msgid "" -"SMT is included with {sle} 12, and can be used to manage clients running " -"{sle} 10 or later." +"By default, {productname} uses a self-signed certificate. For additional " +"security, you can import a custom certificate, signed by a third party " +"certificate authority (CA)." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:88 +#: modules/administration/pages/ssl-certs-imported.adoc:3 msgid "" -"SMT requires you to create a local mirror directory on the SMT instance in " -"order to synchronize repositories and packages." +"This section covers how to use an imported SSL certificate with a new " +"{productname} installation, and how to replace existing self-signed " +"certificates with imported certificates." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:90 -msgid "" -"For more details on installing and configuring SMT, see https://" -"documentation.suse.com/sles/12-SP4/html/SLES-all/book-smt.html." +#: modules/administration/pages/ssl-certs-imported.adoc:4 +msgid "Before you begin, ensure you have:" msgstr "" -#. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:91 -#, no-wrap -msgid "Procedure: Synchronizing SMT with SCC" +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:5 +msgid "A certificate authority (CA) SSL public certificate" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:93 -msgid "On the SMT instance, create a database replacement file:" +#: modules/administration/pages/ssl-certs-imported.adoc:6 +msgid "An SSL server key" msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:96 -#, no-wrap -msgid "smt-sync --createdbreplacementfile /tmp/dbrepl.xml\n" +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:7 +msgid "An SSL server certificate" msgstr "" -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:104 -#, no-wrap -msgid "" -"smt-sync --todir /mnt/usb\n" -"smt-mirror --dbreplfile /tmp/dbrepl.xml --directory /mnt/usb \\\n" -" --fromlocalsmt -L /var/log/smt/smt-mirror-export.log\n" +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:8 +msgid "Your key and certificate files must be in PEM format." msgstr "" -#. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:114 +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:9 msgid "" -"Ensure that the external storage is mounted to a directory that is writeable " -"by the RMT user. You can change SMT user settings in [path]``/etc/smt." -"conf``." +"The host name of the SSL keys and certificates must match the fully " +"qualified host name of the machine you deploy them on. You can set the host " +"names in the ``X509v3 Subject Alternative Name`` section of the " +"certificate. You can also list multiple host names if your environment " +"requires it." msgstr "" #. type: Title == -#: modules/administration/pages/disconnected-setup.adoc:118 +#: modules/administration/pages/ssl-certs-imported.adoc:10 #, no-wrap -msgid "Synchronize a Disconnected Server" +msgid "Import Certificates for New Installations" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:121 +#: modules/administration/pages/ssl-certs-imported.adoc:11 msgid "" -"When you have removable media loaded with your {scc} data, you can use it to " -"synchronize your disconnected server." +"By default, {productname} uses a self-signed certificate. After you have " +"completed the initial setup, you can replace the default certificate with an " +"imported certificate." msgstr "" #. type: Block title -#: modules/administration/pages/disconnected-setup.adoc:122 +#: modules/administration/pages/ssl-certs-imported.adoc:12 #, no-wrap -msgid "Procedure: Synchronizing a Disconnected Server" +msgid "Procedure: Import Certificates on a New {productname} Server" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:125 +#: modules/administration/pages/ssl-certs-imported.adoc:13 msgid "" -"Mount your removable media device to the {productname} server. In this " -"example, the mount point is [path]``/media/disk``." +"Install the {productname} Server according to the instructions in xref:" +"installation:install-intro.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:126 +#: modules/administration/pages/ssl-certs-imported.adoc:14 msgid "" -"Open ``/etc/rhn/rhn.conf`` and define the mount point by adding or editing " -"this line:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:129 -#, no-wrap -msgid "server.susemanager.fromdir = /media/disk\n" +"Complete the initial setup according to xref:installation:server-setup." +"adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:132 -msgid "Restart the Tomcat service:" +#: modules/administration/pages/ssl-certs-imported.adoc:15 +msgid "" +"At the command prompt, point the SSL environment variables to the " +"certificate file locations:" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:135 +#: modules/administration/pages/ssl-certs-imported.adoc:16 #, no-wrap -msgid "systemctl restart tomcat\n" +msgid "" +"export CA_CERT=\n" +"export SERVER_KEY=\n" +"export SERVER_CERT=\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:137 -msgid "Refresh the local data:" +#: modules/administration/pages/ssl-certs-imported.adoc:17 +msgid "Complete {productname} setup:" msgstr "" #. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:140 +#: modules/administration/pages/ssl-certs-imported.adoc:18 #, no-wrap -msgid "mgr-sync refresh\n" +msgid "yast susemanager_setup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/disconnected-setup.adoc:142 -msgid "Perform a synchronization:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/disconnected-setup.adoc:146 -#, no-wrap +#: modules/administration/pages/ssl-certs-imported.adoc:19 msgid "" -"mgr-sync list channels\n" -"mgr-sync add channel channel-label\n" +"When you are prompted for certificate details during setup, fill in random " +"values. The values will be overridden by the values you specified at the " +"command prompt." msgstr "" #. type: delimited block = -#: modules/administration/pages/disconnected-setup.adoc:153 +#: modules/administration/pages/ssl-certs-imported.adoc:20 msgid "" -"The removable disk that you use for synchronization must always be available " -"at the same mount point. Do not trigger a synchronization, if the storage " -"medium is not mounted. This will result in data corruption." +"Execute the [command]``yast susemanager_setup`` command from the same shell " +"you exported the environment variables from." msgstr "" -#. type: Title = -#: modules/administration/pages/live-patching.adoc:2 +#. type: Title == +#: modules/administration/pages/ssl-certs-imported.adoc:21 #, no-wrap -msgid "Live Patching with SUSE Manager" +msgid "Import Certificates for New Proxy Installations" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching.adoc:7 +#: modules/administration/pages/ssl-certs-imported.adoc:22 msgid "" -"Performing a kernel update usually requires a system reboot. Common " -"vulnerability and exposure (CVE) patches should be applied as soon as " -"possible, but if you cannot afford the downtime, you can use Live Patching " -"to inject these important updates and skip the need to reboot." +"By default, {productname} Proxy uses a self-signed certificate. After you " +"have completed the initial setup, you can replace the default certificate " +"with an imported certificate." +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-imported.adoc:23 +#, no-wrap +msgid "Procedure: Import Certificates on a New {productname} Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching.adoc:9 +#: modules/administration/pages/ssl-certs-imported.adoc:24 msgid "" -"The procedure for setting up Live Patching is slightly different for " -"SLES{nbsp}12 and SLES{nbsp}15. Both procedures are documented in this " -"section." +"Install the {productname} Proxy according to the instructions in xref:" +"installation:install-intro.adoc[]." msgstr "" -#. type: Title = -#: modules/administration/pages/master-fingerprint.adoc:2 +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:25 +msgid "" +"Complete the initial setup according to xref:installation:proxy-setup.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:26 +msgid "At the command prompt, run:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:27 #, no-wrap -msgid "Set up a Client to Master Validation Fingerprint" +msgid "configure-proxy.sh\n" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:6 +#: modules/administration/pages/ssl-certs-imported.adoc:28 msgid "" -"In highly secure network configurations you may wish to ensure your Salt " -"clients are connecting a specific master. To set up validation from client " -"to master enter the master's fingerprint within the [path]``/etc/salt/" -"minion`` configuration file." +"At the ``Do you want to import existing certificates?`` prompt, type kbd:[y]." msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:8 -msgid "See the following procedure:" +#: modules/administration/pages/ssl-certs-imported.adoc:29 +msgid "Follow the prompts to complete setup." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/ssl-certs-imported.adoc:30 +msgid "" +"Use the same certificate authority to sign all server certificates for " +"servers and proxies. Certificates signed with different CAs will not match." +msgstr "" + +#. type: Title == +#: modules/administration/pages/ssl-certs-imported.adoc:31 +#, no-wrap +msgid "Replace Certificates with a Third Party Certificate" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:10 +#: modules/administration/pages/ssl-certs-imported.adoc:32 msgid "" -"On the master, at the command prompt, as root, use this command to find the " -"``master.pub`` fingerprint:" +"You can replace active certificates on your {productname} installation with " +"a new third party certificate. To replace the certificates, you can replace " +"the installed CA certificate RPM with a new RPM containing the third party " +"certificate, and then update the database." msgstr "" -#. type: delimited block - -#: modules/administration/pages/master-fingerprint.adoc:14 +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:33 +msgid "" +"This procedure is similar to the one described in xref:administration:ssl-" +"certs-selfsigned.adoc#ssl-certs-selfsigned-create-replace[]. The difference " +"is that we import the certificates generated by an external PKI." +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-imported.adoc:34 #, no-wrap -msgid "salt-key -F master\n" +msgid "Procedure: Replacing Existing Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:19 +#: modules/administration/pages/ssl-certs-imported.adoc:35 msgid "" -"On your client, open the [path]``/etc/salt/minion`` configuration file. " -"Uncomment the following line and enter the master's fingerprint replacing " -"the example fingerprint:" +"On the {productname} Server, at the command prompt, move the old certificate " +"directory to a backup location:" msgstr "" #. type: delimited block - -#: modules/administration/pages/master-fingerprint.adoc:23 +#: modules/administration/pages/ssl-certs-imported.adoc:36 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:21 #, no-wrap -msgid "master_finger: 'ba:30:65:2a:d6:9e:20:4f:d8:b2:f3:a7:d4:65:11:13'\n" +msgid "mv /root/ssl-build /root/old-ssl-build\n" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:26 -msgid "Restart the salt-minion service:" +#: modules/administration/pages/ssl-certs-imported.adoc:37 +msgid "Generate a CA certificate RPM from the new certificate:" msgstr "" #. type: delimited block - -#: modules/administration/pages/master-fingerprint.adoc:30 +#: modules/administration/pages/ssl-certs-imported.adoc:38 #, no-wrap -msgid "# systemctl restart salt-minion\n" +msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\" --from-ca-cert=\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:39 +msgid "Generate a new server certificate RPM:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:40 +#, no-wrap +msgid "rhn-ssl-tool --gen-server --rpm-only --dir=\"/root/ssl-build\" --from-server-key= --from-server-cert=\n" msgstr "" #. type: Plain text -#: modules/administration/pages/master-fingerprint.adoc:32 +#: modules/administration/pages/ssl-certs-imported.adoc:41 msgid "" -"For information on configuring security from a client, see https://docs." -"saltstack.com/en/latest/ref/configuration/minion.html." +"When you create the new server certificate RPM, you might get a warning that " +"server certificate request file could not be found. This file is not " +"required, and the procedure will complete correctly without it. However, if " +"you want to avoid the error, you can copy the file into the server " +"directory, and name it [path]``server.csr``:" msgstr "" -#. type: Title = -#: modules/administration/pages/mirror-sources.adoc:2 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-imported.adoc:42 #, no-wrap -msgid "Mirror Source Packages" +msgid "cp .csr /root/ssl-build//server.csr\n" msgstr "" #. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:5 +#: modules/administration/pages/ssl-certs-imported.adoc:43 msgid "" -"If you build your own packages locally, or if you require the source code " -"for your packages for legal reasons, it is possible to mirror the source " -"packages on {productname} Server." +"When you have created the new [path]``ssl-build`` directory, you can create " +"combined certificate RPMs and deploy them on the clients. For the " +"procedures to do this, see xref:administration:ssl-certs-selfsigned.adoc[]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/mirror-sources.adoc:9 +#. type: Plain text +#: modules/administration/pages/ssl-certs-imported.adoc:44 msgid "" -"Mirroring source packages can consume a significant amount of disk space." +"If you are using a proxy, you will need to generate a server certificate RPM " +"for each proxy, using their host names and cnames." msgstr "" -#. type: Block title -#: modules/administration/pages/mirror-sources.adoc:11 +#. type: Title = +#: modules/administration/pages/tshoot-notifications.adoc:1 #, no-wrap -msgid "Procedure: Mirroring Source Packages" +msgid "Troubleshooting Notifications" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:13 +#: modules/administration/pages/tshoot-notifications.adoc:2 msgid "" -"Open the [filename]``/etc/rhn/rhn.conf`` configuration file, and add this " -"line:" +"The default lifetime of notification messages is 30 days, after which " +"messages are deleted from the database, regardless of read status. To " +"change this value, add or edit this line in [path]``/etc/rhn/rhn.conf``:" msgstr "" #. type: delimited block - -#: modules/administration/pages/mirror-sources.adoc:17 +#: modules/administration/pages/tshoot-notifications.adoc:3 #, no-wrap -msgid "server.sync_source_packages = 1\n" +msgid "java.notifications_lifetime = 30\n" msgstr "" #. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:19 -msgid "Restart the Spacewalk service to pick up the changes:" +#: modules/administration/pages/tshoot-notifications.adoc:4 +msgid "" +"All notification types are enabled by default. To disable a notification " +"type, add or edit this line in [path]``/etc/rhn/rhn.conf``:" msgstr "" #. type: delimited block - -#: modules/administration/pages/mirror-sources.adoc:23 +#: modules/administration/pages/tshoot-notifications.adoc:5 #, no-wrap -msgid "spacewalk-service restart\n" +msgid "java.notifications_type_disabled = OnboardingFailed,ChannelSyncFailed,ChannelSyncFinished\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:27 -msgid "" -"Currently, this feature can only be enabled globally for all repositories. " -"It is not possible to select individual repositories for mirroring." +#. type: Title = +#: modules/administration/pages/auth-methods.adoc:1 +#, no-wrap +msgid "Authentication Methods" msgstr "" #. type: Plain text -#: modules/administration/pages/mirror-sources.adoc:31 +#: modules/administration/pages/auth-methods.adoc:2 msgid "" -"When this feature has been activated, the source packages will become " -"available in the {productname} {webui} after the next repository " -"synchronization. They will be shown as sources for the binary package, and " -"can be downloaded directly from the {webui}. Source packages cannot be " -"installed on clients using the {webui}." +"{productname} supports several different authentication methods. This " +"section discusses pluggable authentication modules (PAM) and single sign-on " +"(SSO)." msgstr "" #. type: Title = -#: modules/administration/pages/reports.adoc:2 +#: modules/administration/pages/public-cloud-azure.adoc:1 #, no-wrap -msgid "Generate Reports" +msgid "{productname} with Azure" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:7 +#: modules/administration/pages/public-cloud-azure.adoc:2 msgid "" -"The [command]``spacewalk-report`` command is used to produce a variety of " -"reports. These reports can be helpful for taking inventory of your " -"subscribed systems, users, and organizations. Using reports is often " -"simpler than gathering information manually from the {susemgr} {webui}, " -"especially if you have many systems under management." +"You can use {productname} Server and Proxy with the Microsoft Azure public " +"cloud. This section discusses what you will need for running {productname} " +"in Azure, and how to set up your installation." +msgstr "" + +#. type: Title == +#: modules/administration/pages/public-cloud-azure.adoc:3 +#, no-wrap +msgid "Configure the Azure Cloud Instance" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:9 +#: modules/administration/pages/public-cloud-azure.adoc:4 msgid "" -"To generate reports, you must have the [package]``spacewalk-reports`` " -"package installed." +"Use the ``SUSE Manager Server 4 BYOS`` image. The image is a pre-built " +"image created by {suse}. It is based on JeoS, and SUSE Manager is pre-" +"installed but not configured. Configuring SUSE Manager has to be done " +"manually with {yast}." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:11 +#: modules/administration/pages/public-cloud-azure.adoc:5 msgid "" -"The [command]``spacewalk-report`` command allows you to organize and display " -"reports about content, systems, and user resources across {productname}." +"When you create your Azure virtual machine, choose something `like d8s_v3` " +"with 8{nbsp}vCPUs and 32{nbsp}GB RAM." msgstr "" +#. * Up to 4 data disks +#. * Max IOPS 2400 +#. * Temporary storage disk of 16{nbsp}GB. +#. Data on this disk will be destroyed after the guest has been switched off. #. type: Plain text -#: modules/administration/pages/reports.adoc:13 -msgid "You can generate reports on:" +#: modules/administration/pages/public-cloud-azure.adoc:6 +msgid "When you are setting up disk partitioning, we recommend:" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:15 -msgid "System Inventory: list all the systems registered to {productname}." +#: modules/administration/pages/public-cloud-azure.adoc:7 +msgid "30{nbsp}GB for the disk running the operating system" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:17 -msgid "" -"Patches: list all the patches relevant to the registered systems. You can " -"sort patches by severity, as well as the systems that apply to a particular " -"patch." +#: modules/administration/pages/public-cloud-azure.adoc:8 +msgid "Select `Standard HDD` for the storage account type" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:9 +msgid "You will also require three additional data disks:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:10 +msgid "Disk 0: 64{nbsp}GB on Premium SSD, mounted at [path]``/var/lib/pgsql``" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:18 +#: modules/administration/pages/public-cloud-azure.adoc:11 msgid "" -"Users: list all registered users and any systems associated with a " -"particular user." +"Disk 1: 512{nbsp}GB on Standard SSD, mounted at [path]``/var/spacewalk``" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:20 +#: modules/administration/pages/public-cloud-azure.adoc:12 +msgid "Disk 2: 128{nbsp}GB on Standard SSD, mounted at [path]``/var/cache``" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/public-cloud-azure.adoc:13 msgid "" -"To get the report in CSV format, run this command at the command prompt on " -"the server:" +"Do not use LVM with Azure. If you need more disk space, extend a disk in " +"the Azure portal, then extend the file system with [command]``xfs_growfs``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/reports.adoc:23 -#, no-wrap -msgid "spacewalk-report \n" +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:14 +msgid "Partition the disks like this:" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:26 -msgid "This table lists the available reports:" +#: modules/administration/pages/public-cloud-azure.adoc:15 +msgid "[path]``/dev/sda``: 4 partitions containing the OS" msgstr "" -#. type: Block title -#: modules/administration/pages/reports.adoc:29 -#, no-wrap -msgid "[command]``spacewalk-report`` Reports" +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:16 +msgid "[path]``/dev/sdb``: temporary storage disk, do not use" msgstr "" -#. type: Table -#: modules/administration/pages/reports.adoc:84 +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:17 +msgid "[path]``/dev/sdc``: contains [path]``/var/lib/pgsql``" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:18 +msgid "[path]``/dev/sdd``: contains [path]``/var/spacewalk``" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:19 +msgid "[path]``/dev/sde``: contains [path]``/var/cache``" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:20 +msgid "You can use these commands to create the disks:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:21 #, no-wrap msgid "" -"|Report | Invoked as | Description\n" -"| Actions | [command]``actions`` | All actions.\n" -"| Activation Keys | [command]``activation-keys`` | All activation keys, and the entitlements, channels, configuration channels, system groups, and packages associated with them.\n" -"| Activation Keys: Channels | [command]``activation-keys-channels`` | All activation keys and the entities associated with each key.\n" -"| Activation Keys: Configuration | [command]``activation-keys-config`` | All activation keys and the configuration channels associated with each key.\n" -"| Activation Keys: Server Groups | [command]``activation-keys-groups`` | All activation keys and the system groups associated with each key.\n" -"| Activation Keys: Packages | [command]``activation-keys-packages`` | All activation keys and the packages each key can deploy.\n" -"| Channel Packages | [command]``channel-packages`` | All packages in a channel.\n" -"| Channel Report | [command]``channels`` | Detailed report of a given channel.\n" -"| Cloned Channel Report | [command]``cloned-channels`` | Detailed report of cloned channels.\n" -"| Configuration Files | [command]``config-files`` | All configuration file revisions for all organizations, including file contents and file information.\n" -"| Latest Configuration Files | [command]``config-files-latest`` | The most recent configuration file revisions for all organizations, including file contents and file information.\n" -"| Custom Channels | [command]``custom-channels`` | Channel metadata for all channels owned by specific organizations.\n" -"| Custom Info | [command]``custom-info`` | Client custom information.\n" -"| Patches in Channels | [command]``errata-channels`` | All patches in channels.\n" -"| Patches Details | [command]``errata-list`` | All patches that affect registered clients.\n" -"| All patches | [command]``errata-list-all`` | All patches.\n" -"| Patches for Clients | [command]``errata-systems`` | Applicable patches and any registered clients that are affected.\n" -"| Host Guests | [command]``host-guests`` | Host and guests mapping.\n" -"| Inactive Clients | [command]``inactive-systems`` | Inactive clients.\n" -"| System Inventory | [command]``inventory`` | Clients registered to the server, together with hardware and software information.\n" -"| Kickstart Scripts | [command]``kickstart-scripts`` | All kickstart scripts, with details.\n" -"| Kickstart Trees | [command]``kickstartable-trees`` | Kickstartable trees.\n" -"| All Upgradable Versions | [command]``packages-updates-all`` | All newer package versions that can be upgraded.\n" -"| Newest Upgradable Version | [command]``packages-updates-newest`` | Newest package versions that can be upgraded.\n" -"| Proxy Overview | [command]``proxies-overview`` | All proxies and the clients registered to each.\n" -"| Repositories | [command]``repositories`` | All repositories, with their associated SSL details, and any filters.\n" -"| Result of SCAP | [command]``scap-scan`` | Result of OpenSCAP ``sccdf`` evaluations.\n" -"| Result of SCAP | [command]``scap-scan-results`` | Result of OpenSCAP ``sccdf`` evaluations, in a different format.\n" -"| System Data | [command]``splice-export`` | Client data needed for splice integration.\n" -"| System Crash: Count | [command]``system-crash-count`` | The total number of client crashes.\n" -"| System Crash: Details | [command]``system-crash-details`` | Crash details for all clients.\n" -"| System Currency | [command]``system-currency`` | Number of available patches for each registered client.\n" -"| System Extra Packages | [command]``system-extra-packages`` | All packages installed on all clients that are not available from channels the client is subscribed to.\n" -"| System Groups | [command]``system-groups`` | System groups.\n" -"| Activation Keys for System Groups | [command]``system-groups-keys`` | Activation keys for system groups.\n" -"| Systems in System Groups | [command]``system-groups-systems`` | Clients in system groups.\n" -"| System Groups Users | [command]``system-groups-users`` | System groups and users that have permissions on them.\n" -"| History: System | [command]``system-history`` | Event history for each client.\n" -"| History: Channels | [command]``system-history-channels`` | Channel event history.\n" -"| History: Configuration | [command]``system-history-configuration`` | Configuration event history.\n" -"| History: Entitlements | [command]``system-history-entitlements`` | System entitlement event history.\n" -"| History: Errata | [command]``system-history-errata`` | Errata event history.\n" -"| History: Kickstart | [command]``system-history-kickstart`` | Kickstart event history.\n" -"| History: Packages | [command]``system-history-packages`` | Package event history.\n" -"| History: SCAP | [command]``system-history-scap`` | OpenSCAP event history.\n" -"| MD5 Certificates | [command]``system-md5-certificates`` | All registered clients using certificates with an MD5 checksum.\n" -"| Installed Packages | [command]``system-packages-installed`` | Packages installed on clients.\n" -"| System Profiles | [command]``system-profiles`` | All clients registered to the server, with software and system group information.\n" -"| Users | [command]``users`` | All users registered to {productname}.\n" -"| MD5 Users | [command]``users-md5`` | All users for all organizations using MD5 encrypted passwords, with their details and roles.\n" -"| Systems administered | [command]``users-systems`` | Clients that individual users can administer.\n" +"for d in sdc sdd sde; do\n" +" parted --script /dev/$d mklabel gpt mkpart primary xfs 0% 100%\n" +" mkfs.xfs /dev/${d}1\n" +"done\n" +"mkdir /cachetmp\n" +"mount /dev/sde1 /cachetmp\n" +"cp -a /var/cache/* /cachetmp/\n" +"umount /cachetmp\n" +"echo \"$(blkid /dev/sdc1|awk -F \" \" '{ print $2 }') /var/lib/pgsql xfs defaults,noatime 0 0\" >> /etc/fstab\n" +"echo \"$(blkid /dev/sdd1|awk -F \" \" '{ print $2 }') /var/spacewalk xfs defaults,noatime 0 0\" >> /etc/fstab\n" +"echo \"$(blkid /dev/sde1|awk -F \" \" '{ print $2 }') /var/cache xfs defaults,noatime 0 0\" >> /etc/fstab\n" +"mkdir -p /var/spacewalk\n" +"mount /var/spacewalk\n" +"chown -R wwwrun:root /var/spacewalk\n" +"mount /var/lib/pgsql\n" +"chown -R postgres:postgres /var/lib/pgsql\n" +"mv /var/cache /var/cache.old\n" +"mkdir /var/cache\n" +"mount /var/cache\n" +"rm -r /var/cache.old\n" +msgstr "" + +#. REMARK: I guess you do this in your Azure instance +#. REMARK: Where do you configure this? +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:22 +msgid "" +"When you are setting up networking, we recommend that you create a separate " +"private network, with the IP range `10.0.0.0/24`." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:23 +msgid "" +"Configure the {productname} Server to use the internal IP address " +"`10.0.0.4`. Ensure it is also accessible from outside the network with a " +"fixed IP address." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:24 +msgid "" +"Configure the firewall to only allow inbound traffic on ports `22`, `80`, " +"and `443` to IP address `10.0.0.4`. In this environment, if other servers " +"are added to the network they cannot be reached from outside the network." +msgstr "" + +#. REMARK: Was does this mean? +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:25 +msgid "" +"Outbound is open from the private network. This should be restricted for " +"other servers in this private network." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:26 +msgid "" +"You will need to set the DNS zones in Azure before you can configure the " +"{productname} Server. For more information on setting DNS zones, see the " +"Azure documentation." +msgstr "" + +#. type: Title == +#: modules/administration/pages/public-cloud-azure.adoc:27 +#, no-wrap +msgid "Configure {productname} Server" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:28 +msgid "Ensure that your {productname} Server is registered with {scc}." +msgstr "" + +#. I wonder why we do even need spacecmd +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:29 +msgid "When your server is registered, install these extra packages:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:30 +#, no-wrap +msgid "zypper -n in spacecmd mlocate sysstat\n" +msgstr "" + +#. spacecmd will be installed by default next time +#. ^ How is so? +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:31 +msgid "Apply the latest updates and reboot the server:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:32 +#, no-wrap +msgid "" +"zypper -n up -l\n" +"reboot\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:33 +msgid "Check that all file systems are mounted and that PostgreSQL is running:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:34 +#, no-wrap +msgid "" +"mount\n" +"service postgresql status\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:35 +msgid "" +"Complete {productname} Server installation and configuration. For more " +"information, see xref:installation:server-setup.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:36 +msgid "" +"We recommend you configure the {productname} Server so that DHCP does not " +"set the host name. Check [path]``/etc/sysconfig/network/dhcp`` and ensure " +"that `DHCLIENT_SET_HOSTNAME` is set to [literal]``no``:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:37 +#: modules/administration/pages/public-cloud.adoc:26 +#, no-wrap +msgid "DHCLIENT_SET_HOSTNAME=\"no\"\n" +msgstr "" + +#. REMARK: hostname -i? +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:38 +msgid "" +"Add the Azure client to the [path]``/etc/hosts`` file. At the command " +"prompt, replace [literal]```` with the IP address of the server:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:39 +#, no-wrap +msgid "echo \" $(hostname -f) $(hostname)\" >> /etc/hosts\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:40 +msgid "" +"{productname} Server has a default administration user. In Azure, the " +"system administrator user is called [literal]``admin``. The `admin` user's " +"password is built with two parts. The first part can be found by using this " +"command:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud-azure.adoc:41 +#, no-wrap +msgid "azuremetadata --instance-name\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:42 +msgid "The second part of the password is [literal]``-suma``" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud-azure.adoc:43 +msgid "" +"Alternatively, you can check the [path]``/var/log/susemanager_firstuser." +"log`` file." +msgstr "" + +# +# +# +# +# +#. REMARK: Do we want to list the details here? Or is such a general xref good enough? +#. For the SUSE Manager setup configuration in general, see xref:installation:server-setup.adoc[], _procedure "{productname} Setup"_. +#. Pay special attention to the following settings: +#. * In the first dialog, select [guimenu]``Set up SUSE Manager from scratch`` +#. * In the next dialog, enter a valid mail address for the administrator +#. * It is very important to remember the password given for SSL. +#. Without this password no SUSE Manager Proxy Server can be installed and no other changes can be made to the certificate. +#. For example, this certificate is eg used on all registered systems to communicate with SUSE Manager Server. +#. * In the [guimenu]``Database Settings`` dialog, it is enough to provide a password. +#. Make sure also to remember this password. +#. With these settings the installation can be started. +#. The installation will finish without further input. +#. type: Title = +#: modules/administration/pages/mgr-sync.adoc:1 +#, no-wrap +msgid "Using ``mgr-sync``" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:2 +msgid "" +"The ``mgr-sync`` tool is used at the command prompt. It provides functions " +"for using {productname} that are not always available in the {webui}. The " +"primary use of ``mgr-sync`` is to connect to the {scc}, retrieve product and " +"package information, and prepare channels for synchronization with the " +"{productname} Server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:3 +msgid "" +"This tool is designed for use with a {suse} support subscription. It is not " +"required for open source distributions, including {opensuse}, {centos}, and " +"{ubuntu}." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:4 +msgid "" +"The available commands and arguments for ``mgr-sync`` are listed in this " +"table. Use this syntax for ``mgr-sync`` commands:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/mgr-sync.adoc:5 +#, no-wrap +msgid "mgr-sync [-h] [--version] [-v] [-s] [-d {1,2,3}] {list,add,refresh,delete}\n" +msgstr "" + +#. type: Block title +#: modules/administration/pages/mgr-sync.adoc:6 +#, no-wrap +msgid "mgr-sync Commands" +msgstr "" + +#. type: Table +#: modules/administration/pages/mgr-sync.adoc:7 +#, no-wrap +msgid "" +"| Command | Description | Example Use\n" +"| list | List channels, organization credentials, or products | ``mgr-sync list channels``\n" +"| add | Add channels, organization credentials, or products | ``mgr-sync add channel ``\n" +"| refresh | Refresh the local copy of products, channels, and subscriptions | ``mgr-sync refresh``\n" +"| delete | Delete existing SCC organization credentials from the local system | ``mgr-sync delete credentials``\n" +"| sync | Synchronize specified channel or ask for it when left blank| ``mgr-sync sync channel ``\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:8 +msgid "" +"To see the full list of options specific to a command, use this command:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/mgr-sync.adoc:9 +#, no-wrap +msgid "mgr-sync --help\n" +msgstr "" + +#. type: Block title +#: modules/administration/pages/mgr-sync.adoc:10 +#, no-wrap +msgid "mgr-sync Optional Arguments" +msgstr "" + +#. type: Table +#: modules/administration/pages/mgr-sync.adoc:11 +#, no-wrap +msgid "" +"| Option | Abbreviated option | Description | Example Use\n" +"| help | ``h`` | Display the command usage and options | ``mgr-sync --help``\n" +"| version | N/A | Display the currently installed version of ``mgr-sync`` | ``mgr-sync --version``\n" +"| verbose | ``v`` | Provide verbose output | ``mgr-sync --verbose refresh``\n" +"| store-credentials | ``s`` | Store credentials a local hidden file | ``mgr-sync --store-credentials``\n" +"| debug | ``d`` | Log additional debugging information. Requires a level of 1, 2, 3. 3 provides the highest amnount of debugging information | ``mgr-sync -d 3 refresh``\n" +"| no-sync | N/A | Use with the ``add`` command to add products or channels without beginning a synchronization | ``mgr-sync --no-sync add ``\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:12 +msgid "Logs for ``mgr-sync`` are located in:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:13 +msgid "[path]``/var/log/rhn/mgr-sync.log``" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/mgr-sync.adoc:14 +msgid "[path]``/var/log/rhn/rhn_web_api.log``" +msgstr "" + +#. type: Title = +#: modules/administration/pages/ssl-certs.adoc:1 +#, no-wrap +msgid "SSL Certificates" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:2 +msgid "" +"{productname} uses SSL certificates to ensure that clients are registered to " +"the correct server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:3 +msgid "" +"Every client that uses SSL to register to the {productname} Server checks " +"that it is connecting to the right server by validating against a server " +"certificate. This process is called an SSL handshake." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:4 +msgid "" +"During the SSL handshake, the client will check that the hostname in the " +"server certificate matches what it expects. The client also needs to check " +"if the server certificate is trusted." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:5 +msgid "" +"Every {productname} Server that uses SSL requires an SSL server " +"certificate. Provide the path to the server certificate using the " +"``SERVER_CERT`` environment variable during setup, or with the ``--from-" +"server-cert`` option of the [command]``rhn-ssl-tool`` command." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:6 +msgid "" +"Certificate authorities (CAs) are certificates that are used to sign other " +"certificates. All certificates must be signed by a certificate authority " +"(CA) in order for them to be considered valid, and for clients to be able to " +"successfully match against them." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:7 +msgid "" +"When an organization signs its own certificate, the certificate is " +"considered self-signed. A self-signed certificate is straight-forward to " +"set up, and does not cost any money, but they are considered less secure. " +"If you are using a self-signed certificate, you will have a root CA that is " +"signed with itself. When you look at the details of a root CA, you will see " +"that the subject has the same value as the issuer. Provide the path to your " +"root CA certificate using the ``CA_CERT`` environment variable during setup, " +"or with the ``--ca-cert`` option of the [command]``rhn-ssl-tool`` command." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:8 +msgid "" +"In order for SSL authentication to work correctly, the client must trust the " +"root CA. This means that the root CA must be installed on every client." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:9 +msgid "" +"The default method of SSL authentication is for {productname} to use self-" +"signed certificates. In this case, {productname} has generated all the " +"certificates, and the root CA has signed the server certificate directly." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:10 +msgid "" +"An alternative method is to use an intermediate CA. In this case, the root " +"CA signs the intermediate CA. The intermediate CA can then sign any number " +"of other intermediate CAs, and the final one signs the server certificate. " +"This is referred to as a chained certificate." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:11 +msgid "" +"If you are using intermediate CAs in a chained certificate, the root CA is " +"installed on the client, and the server certificate is installed on the " +"server. During the SSL handshake, clients must be able to verify the entire " +"chain of intermediate certificates between the root CA and the server " +"certificate, so they must be able to access all the intermediate " +"certificates." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:12 +msgid "" +"There are two main ways of achieving this. In {productname}, by default, " +"all the intermediate CAs are installed on the client. However, you could " +"also configure your services on the server to provide them to the client. " +"In this case, during the SSL handshake, the server presents the server " +"certificate as well as all the intermediate CAs." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:13 +msgid "" +"Whichever method you choose, you must ensure that the ``CA_CERT`` " +"environment variable points to the root CA, and all intermediate CAs. It " +"should not contain the server certificate. The server certificate must be " +"defined at the ``SERVER_CERT`` environment variable." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:14 +msgid "" +"By default, {productname} uses a self-signed certificate. For additional " +"security, you can arrange a third party CA to sign your certificates. Third " +"party CAs perform checks to ensure that the information contained in the " +"certificate is correct. They will usually charge an annual fee for this " +"service. Using a third party CA makes certificates harder to spoof, and " +"will provide additional protection for your installation. If you have " +"certificates signed by a third party CA, you can import them to your " +"{productname} installation." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:15 +msgid "" +"For more on self-signed certificates, see xref:administration:ssl-certs-" +"selfsigned.adoc[]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/ssl-certs.adoc:16 +msgid "" +"For more on imported certificates, see xref:administration:ssl-certs-" +"imported.adoc[]." +msgstr "" + +#. type: Title = +#: modules/administration/pages/tshoot-taskomatic.adoc:1 +#, no-wrap +msgid "Troubleshooting Taskomatic" +msgstr "" + +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step +#. type: Plain text +#: modules/administration/pages/tshoot-taskomatic.adoc:2 +msgid "" +"Repository metadata regeneration is a relatively intensive process, so " +"Taskomatic can take several minutes to complete. Additionally, if " +"Taskomatic crashes, repository metadata regeneration can be interrupted." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-taskomatic.adoc:3 +msgid "" +"If Taskomatic is still running, or if the process has crashed, package " +"updates can seem available in the {webui}, but will not appear on the " +"client, and attempts to update the client will fail. In this case, the " +"[command]``zypper ref`` command will show an error like this:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:4 +#, no-wrap +msgid "Valid metadata not found at specified URL\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-taskomatic.adoc:5 +msgid "" +"To correct this, determine if Taskomatic is still in the process of " +"generating repository metadata, or if a crash could have occurred. Wait for " +"metadata regeneration to complete or restart Taskomatic after a crash in " +"order for client updates to be carried out correctly." +msgstr "" + +#. type: Block title +#: modules/administration/pages/tshoot-taskomatic.adoc:6 +#, no-wrap +msgid "Procedure: Resolving Taskomatic Problems" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-taskomatic.adoc:7 +msgid "" +"On the {productname} Server, check the [path]``/var/log/rhn/" +"rhn_taskomatic_daemon.log`` file to determine if any metadata regeneration " +"processes are still running, or if a crash occurred." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-taskomatic.adoc:8 +msgid "Restart taskomatic:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:9 +#, no-wrap +msgid "service taskomatic restart\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-taskomatic.adoc:10 +msgid "" +"In the Taskomatic log files, you can identify the section related to " +"metadata regeneration by looking for opening and closing lines that look " +"like this:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:11 +#, no-wrap +msgid " ,174 [Thread-584] INFO com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Generating new repository metadata for channel 'cloned-2018-q1-sles12-sp3-updates-x86_64'(sha256) 550 packages, 140 errata\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:12 +#, no-wrap +msgid "...\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-taskomatic.adoc:13 +#, no-wrap +msgid " ,704 [Thread-584] INFO com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Repository metadata generation for 'cloned-2018-q1-sles12-sp3-updates-x86_64' finished in 4 seconds\n" +msgstr "" + +#. type: Title = +#: modules/administration/pages/actions.adoc:1 +#, no-wrap +msgid "Actions" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:2 +msgid "You can manage actions on your clients in a number of different ways." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:3 +msgid "" +"For Salt clients, you can schedule automated recurring actions to apply the " +"highstate to clients on a specified schedule. You can apply recurring " +"actions to individual clients, to all clients in a system group, or to an " +"entire organization." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:4 +msgid "" +"On both Salt and traditional clients, you can set actions to be performed in " +"a particular order by creating action chains. Action chains can be created " +"and edited ahead of time, and scheduled to run at a time that suits you." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:5 +msgid "" +"You can also perform remote commands on one or more of your Salt clients. " +"Remote commands allows you to issue commands to individual Salt clients, or " +"to all clients that match a search term." +msgstr "" + +#. type: Title == +#: modules/administration/pages/actions.adoc:6 +#, no-wrap +msgid "Recurring Actions" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:7 +msgid "" +"You can apply recurring actions on individual Salt clients, or to all " +"clients in an organization." +msgstr "" + +#. type: Block title +#: modules/administration/pages/actions.adoc:8 +#, no-wrap +msgid "Procedure: Creating a New Recurring Action" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:9 +msgid "" +"To apply a recurring action to an individual client, navigate to " +"[guimenu]``Systems``, click the client to configure schedules for, and " +"navigate to the menu:States[Recurring States] tab." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:10 +msgid "" +"To apply a recurring action to a system group, navigate to menu:" +"Systems[System Groups], select the group to configure schedules for, and " +"navigate to menu:States[Recurring States] tab." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:11 +msgid "Click btn:[Create]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:12 +msgid "Type a name for the new schedule." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:13 +msgid "Choose the frequency of the recurring action:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:14 +msgid "[guimenu]``Hourly:`` Type the minute of each hour." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:15 +msgid "" +"For example, [parameter]``15`` will run the action at fifteen minutes past " +"every hour." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:16 +msgid "[guimenu]``Daily:`` Select the time of each day." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:17 +msgid "" +"For example, [parameter]``01:00`` will run the action at 0100 every day, in " +"the timezone of the {productname} Server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:18 +msgid "" +"[guimenu]``Weekly:`` Select the day of the week and the time of the day, to " +"execute the action every week at the specified time." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:19 +msgid "" +"[guimenu]``Monthly:`` Select the day of the month and the time of the day, " +"to execute the action every month at the specified time." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:20 +msgid "" +"[guimenu]``Custom Quartz format:`` For more detailed options, enter a custom " +"quartz string." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:21 +msgid "" +"For example, to run a recurring action at 0215 every Saturday of every " +"month, enter:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/actions.adoc:22 +#, no-wrap +msgid "0 15 2 ? * 7\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:23 +msgid "" +"OPTIONAL: Toggle the [guimenu]``Test mode`` switch on to run the schedule in " +"test mode." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:24 +msgid "" +"Click btn:[Create Schedule] to save, and see the complete list of existing " +"schedules." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:25 +msgid "" +"Organization Administrators can set and edit recurring actions for all " +"clients in the organization. Navigate to menu:Home[My Organization > " +"Recurring States] to see all recurring actions that apply to the entire " +"organization." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:26 +msgid "" +"{productname} Administrators can set and edit recurring actions for all " +"clients in all organizations. Navigate to menu:Admin[Organizations], select " +"the organization to manage, and navigate to the menu:States[Recurring " +"States] tab." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/actions.adoc:27 +msgid "" +"Recurring actions can only be used with Salt clients. Traditional clients " +"in your group or organization are ignored." +msgstr "" + +#. type: Title == +#: modules/administration/pages/actions.adoc:28 +#, no-wrap +msgid "Action Chains" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:29 +msgid "" +"If you need to perform a number of sequential actions on your clients, you " +"can create an action chain to ensure the order is respected." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:30 +msgid "" +"By default, most clients will execute an action as soon as the command is " +"issued. In some case, actions will take a long time, which could mean that " +"actions issued afterwards fail. For example, if you instruct a client to " +"reboot, then issue a second command, the second action could fail because " +"the reboot is still occurring. To ensure that actions occur in the correct " +"order, use action chains." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:31 +msgid "" +"You can use action chains on both traditional and Salt clients. Action " +"chains can include any number of these actions, in any order:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:32 +msgid "menu:System Details[Remote Command]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:33 +msgid "menu:System Details[Schedule System Reboot]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:34 +msgid "menu:System Details[States > Highstate]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:35 +msgid "menu:System Details[Software > Packages > List/Remove]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:36 +msgid "menu:System Details[Software > Packages > Install]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:37 +msgid "menu:System Details[Software > Packages > Upgrade]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:38 +msgid "menu:System Details[Software > Patches]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:39 +msgid "menu:System Details[Software > Software Channels]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:40 +msgid "menu:System Details[Configuration]" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:41 +msgid "menu:Images[Build]" +msgstr "" + +#. type: Block title +#: modules/administration/pages/actions.adoc:42 +#, no-wrap +msgid "Procedure: Creating a New Action Chain" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:43 +msgid "" +"In the {productname} {webui}, navigate to the first action you want to " +"perform in the action chain." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:44 +msgid "" +"For example, navigate to [guimenu]``System Details`` for a client, and click " +"btn:[Schedule System Reboot]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:45 +msgid "Check the [guimenu]``Add to`` field and select ``new action chain``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:46 +msgid "Confirm the action." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:47 +msgid "" +"This will not perform the action immediately, it will instead create the new " +"action chain, and a blue bar confirming this appears at the top of the " +"screen." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:48 +msgid "" +"Continue adding actions to your action chain by checking the [guimenu]``Add " +"to`` field and selecting the name of the action chain to add them to." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:49 +msgid "" +"When you have finished adding actions, navigate to menu:Schedule[Action " +"Chains] and selecting the action chain from the list." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:50 +msgid "" +"Re-order actions by dragging them and dropping them into the correct " +"position." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:51 +msgid "" +"Click the blue plus sign to see the clients an action will be performed on. " +"Click btn:[Save] to save your changes." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:52 +msgid "" +"Schedule a time for your action chain to run, and click btn:[Save and " +"Schedule]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:53 +msgid "" +"If you leave the page without clicking either btn:[Save] or btn:[Save and " +"Schedule] all unsaved changes will be discarded." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/actions.adoc:54 +msgid "" +"If one action in an action chain fails, the action chain stops, and no " +"further actions are executed." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:55 +msgid "" +"You can see scheduled actions from action chains by navigating to menu:" +"Schedule[Pending Actions]." +msgstr "" + +#. type: Title == +#: modules/administration/pages/actions.adoc:56 +#, no-wrap +msgid "Remote Commands" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:57 +msgid "" +"You can configure clients to run commands remotely. This allows you to " +"issue scripts or individual commands to a client, without having access to " +"the client directly." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:58 +msgid "" +"This feature is automatically enabled on Salt clients, and you do not need " +"to perform any further configuration. For traditional clients, the feature " +"is enabled if you have registered the client using a bootstrap script and " +"have enabled remote commands. You can use this procedure to enable it " +"manually, instead." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:59 +msgid "" +"Before you begin, ensure your client is subscribed to the appropriate tools " +"child channel for its installed operating system. For more information " +"about subscribing to software channels, see xref:client-configuration:" +"channels.adoc[]." +msgstr "" + +#. type: Block title +#: modules/administration/pages/actions.adoc:60 +#, no-wrap +msgid "Procedure: Configuring Traditional Clients to Accept Remote Commands" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:61 +msgid "" +"On the client, at the command prompt, use the package manager to install the " +"[systemitem]``rhncfg``, [systemitem]``rhncfg-client``, and " +"[systemitem]``rhncfg-actions`` packages, if not already installed." +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/actions.adoc:63 +#, no-wrap +msgid "zypper in rhncfg rhncfg-client rhncfg-actions\n" msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:88 +#: modules/administration/pages/actions.adoc:64 msgid "" -"For more information about an individual report, run [command]``spacewalk-" -"report`` with the option [option]``--info`` or [option]``--list-fields-" -"info`` and the report name. The description and list of possible fields in " -"the report will be shown." +"On the client, at the command prompt, as root, create a path in the local " +"configuration directory:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/actions.adoc:65 +#, no-wrap +msgid "mkdir -p /etc/sysconfig/rhn/allowed-actions/script\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:66 +msgid "Create an empty file called [path]``run`` in the new directory." msgstr "" #. type: Plain text -#: modules/administration/pages/reports.adoc:89 +#: modules/administration/pages/actions.adoc:67 msgid "" -"For further information on program invocation and options, see the " -"[literal]``spacewalk-report(8)`` man page as well as the [option]``--" -"help``parameter of the [command]``spacewalk-report`` command." +"This file grants the {productname} Server permission to run remote commands:" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-corruptrepo.adoc:2 +#. type: delimited block - +#: modules/administration/pages/actions.adoc:68 #, no-wrap -msgid "Troubleshooting Corrupt Repositories" +msgid "touch /etc/sysconfig/rhn/allowed-actions/script/run\n" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-corruptrepo.adoc:26 +#: modules/administration/pages/actions.adoc:69 msgid "" -"The information in the repository metadata files can become corrupt or out " -"of date. This can create problems with updating clients. You can fix this " -"by removing the files and regenerating it. With an new repository data " -"file, updates should operate as expected." +"For Salt clients, remote commands are run from the [path]``/tmp/`` directory " +"on the client. To ensure that remote commands work accurately, do not mount " +"``/tmp`` with the [parameter]``noexec`` option." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/actions.adoc:70 +msgid "" +"All commands run from the [guimenu]``Remote Commands`` page are executed as " +"{rootuser} on clients. Wildcards can be used to run commands across any " +"number of systems. Always take extra care to check your commands before " +"issuing them." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-corruptrepo.adoc:27 +#: modules/administration/pages/actions.adoc:71 #, no-wrap -msgid "Procedure: Resolving Corrupt Repository Data" +msgid "Procedure: Running Remote Commands on Traditional Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-corruptrepo.adoc:30 +#: modules/administration/pages/actions.adoc:72 msgid "" -"Remove all files from [path]``/var/cache/rhn/repodata/-" -"updates-x86_64``. If you do not know the channel label, you can find it in " -"the {productname} {webui}, by navigating to menu:Software[Channels > Channel " -"Label]." +"In the {productname} {webui}, navigate to [guimenu]``Systems``, click the " +"client to run a remote command on, and navigate to the menu:Details[Remote " +"Command] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-corruptrepo.adoc:31 -msgid "Regenerate the file from the command line:" +#: modules/administration/pages/actions.adoc:73 +msgid "" +"In the [guimenu]``Run as user`` field, type the user ID (UID) of the user on " +"the client that you want to run the command." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-corruptrepo.adoc:34 -#, no-wrap -msgid "spacecmd softwarechannel_regenerateyumcache -updates-x86_64\n" +#. type: Plain text +#: modules/administration/pages/actions.adoc:74 +msgid "" +"Alternatively, you can specify a group to run the command, using the group " +"ID (GID) in the [guimenu]``Run as group`` field." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-diskspace.adoc:2 -#, no-wrap -msgid "Troubleshooting Disk Space" +#. type: Plain text +#: modules/administration/pages/actions.adoc:75 +msgid "" +"OPTIONAL: In the [guimenu]``Timeout`` field, type a timeout period for the " +"command, in seconds." msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:23 -msgid "" -"Running out of disk space can have a severe impact on the {productname} " -"database and file structure which, in most cases, is not recoverable." +#: modules/administration/pages/actions.adoc:76 +msgid "If the command is not executed within this period, it will not be run." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:77 +msgid "In the [guimenu]``Command label`` field, type a name for your command." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:26 +#: modules/administration/pages/actions.adoc:78 msgid "" -"{productname} monitors free space in specific directories, and has " -"configurable alerts. For more on space management, see xref:administration:" -"space-management.adoc[]." +"In the [guimenu]``Script`` field, type the command or script to execute." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:28 +#: modules/administration/pages/actions.adoc:79 msgid "" -"You can recover disk space by removing unused custom channels and redundant " -"database entries before you run out of space entirely." +"Select a date and time to execute the command, or add the remote command to " +"an action chain." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:80 +msgid "Click btn:[Schedule] to schedule the remote command." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:30 +#: modules/administration/pages/actions.adoc:81 msgid "" -"For instructions on how to delete custom channels, see xref:administration:" -"channel-management.adoc[]." +"For more information about action chains, see xref:reference:schedule/action-" +"chains.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-diskspace.adoc:31 +#: modules/administration/pages/actions.adoc:82 #, no-wrap -msgid "Procedure: Resolving redundant database entries" +msgid "Procedure: Running Remote Commands on Salt Clients" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:83 +msgid "Navigate to menu:Salt[Remote Commands]." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:33 +#: modules/administration/pages/actions.adoc:84 msgid "" -"Use the [command]``spacewalk-data-fsck`` command to list any redundant " -"database entries." +"In the first field, before the ``@`` symbol, type the command you want to " +"issue." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-diskspace.adoc:33 +#: modules/administration/pages/actions.adoc:85 msgid "" -"Use the [command]``spacewalk-data-fsck --remove`` command to delete them." +"In the second field, after the ``@`` symbol, type the client you want to " +"issue the command on." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-intro.adoc:2 -#, no-wrap -msgid "Troubleshooting" +#. type: Plain text +#: modules/administration/pages/actions.adoc:86 +msgid "" +"You can type the ``minion-id`` of an individual client, or you can use " +"wildcards to target a range of clients." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-intro.adoc:4 +#: modules/administration/pages/actions.adoc:87 msgid "" -"This section contains some common problems you might encounter with " -"{productname}, and solutions to resolving them." +"Click btn:[Find targets] to check which clients you have targeted, and " +"confirm that you have used the correct details." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/actions.adoc:88 +msgid "Click btn:[Run command] to issue the command to the target clients." msgstr "" #. type: Title = -#: modules/administration/pages/tshoot-localcert.adoc:2 +#: modules/administration/pages/admin-overview.adoc:1 #, no-wrap -msgid "Troubleshooting Local Issuer Certificates" +msgid "Administration Guide Overview" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/admin-overview.adoc:2 +#, no-wrap +msgid "**Publication Date:** {docdate}\n" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-localcert.adoc:25 +#: modules/administration/pages/admin-overview.adoc:3 msgid "" -"Some older bootstrap scripts create a link to the local certificate in the " -"wrong place. This results in zypper returning an ``Unrecognized error`` " -"about the local issuer certificate. You can ensure that the link to the " -"local issuer certificate has been created correctly by checking the [path]``/" -"etc/ssl/certs/`` directory. If you come across this problem, you should " -"consider updating your bootstrap scripts to ensure that zypper operates as " -"expected." +"This book provides guidance on performing administration tasks on the " +"{productname} Server." msgstr "" #. type: Title = -#: modules/administration/pages/tshoot-logintimeout.adoc:2 +#: modules/administration/pages/auditing.adoc:1 #, no-wrap -msgid "Troubleshooting Login Timeouts" +msgid "Auditing" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:24 +#: modules/administration/pages/auditing.adoc:2 msgid "" -"By default, the {productname} {webui} will require users to log in again " -"after 30{nbsp}minutes. Depending on your environment, you might want to " -"adjust the login timeout value." +"In {productname}, you can keep track of your clients through a series of " +"auditing tasks. You can check that your clients are up to date with all " +"public security patches (CVEs), perform subscription matching, and use " +"OpenSCAP to check for specification compliance." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:28 +#: modules/administration/pages/auditing.adoc:3 msgid "" -"To adjust the value, you will need to make the change in both [path]``rhn." -"conf`` and [path]``web.xml``. Ensure you set the value in seconds in " -"[path]``/etc/rhn/rhn.conf``, and in minutes in [path]``web.xml``. The two " -"values must equal the same amount of time." +"In the {productname} {webui}, navigate to [guimenu]``Audit`` to perform " +"auditing tasks." +msgstr "" + +#. This will probably need to be broken into sub-sections. --LKB 20200205 +#. type: Title == +#: modules/administration/pages/auditing.adoc:4 +#, no-wrap +msgid "CVE Audits" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:30 +#: modules/administration/pages/auditing.adoc:5 msgid "" -"For example, to change the timeout value to one hour, set the value in " -"[path]``rhn.conf`` to 3600 seconds, and the value in [path]``web.xml`` to 60 " -"minutes." +"A CVE (common vulnerabilities and exposures) is a fix for a publicly known " +"security vulnerability." msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-logintimeout.adoc:33 -#, no-wrap -msgid "Procedure: Adjusting the {webui} Login Timeout Value" +#. type: delimited block = +#: modules/administration/pages/auditing.adoc:6 +msgid "You must apply CVEs to your clients as soon as they become available." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:35 -msgid "Stop services:" +#: modules/administration/pages/auditing.adoc:7 +msgid "" +"Each CVE contains an identification number, a description of the " +"vulnerability, and links to further information. CVE identification numbers " +"use the form ``CVE-YEAR-XXXX``." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:40 +#: modules/administration/pages/auditing.adoc:8 msgid "" -"Open [path]``/etc/rhn/rhn.conf`` and add or edit this line to include the " -"new timeout value in seconds:" +"In the {productname} {webui}, navigate to menu:Audit[CVE Audit] to see a " +"list of all clients and their current patch status." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-logintimeout.adoc:43 +#. type: Plain text +#: modules/administration/pages/auditing.adoc:9 +msgid "" +"By default, the CVE data is updated at 2300 every day. We recommend that " +"before you begin a CVE audit you refresh the data to ensure you have the " +"latest patches." +msgstr "" + +#. type: Block title +#: modules/administration/pages/auditing.adoc:10 #, no-wrap -msgid "web.session_database_lifetime = \n" +msgid "Procedure: Updating CVE Data" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:45 -#: modules/administration/pages/tshoot-logintimeout.adoc:51 -msgid "Save and close the file." +#: modules/administration/pages/auditing.adoc:11 +msgid "" +"In the {productname} {webui}, navigate to menu:Admin[Task Schedules] and " +"select the ``cve-server-channels-default`` schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:46 -msgid "" -"Open [path]``/srv/tomcat/webapps/rhn/WEB-INF/web.xml`` and add or edit this " -"line to include the new timeout value in minutes:" +#: modules/administration/pages/auditing.adoc:12 +msgid "Click btn:[cve-server-channels-bunch]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-logintimeout.adoc:49 -#, no-wrap -msgid "Timeout_Value_in_Minutes\n" +#. type: Plain text +#: modules/administration/pages/auditing.adoc:13 +msgid "Click btn:[Single Run Schedule] to schedule the task." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-logintimeout.adoc:52 -msgid "Restart services:" +#: modules/administration/pages/auditing.adoc:14 +msgid "Allow the task to complete before continuing with the CVE audit." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-packages.adoc:2 +#. type: Block title +#: modules/administration/pages/auditing.adoc:15 #, no-wrap -msgid "Troubleshooting Package Inconsistencies" +msgid "Procedure: Verifying Patch Status" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:25 -msgid "" -"When packages on a client are locked, {productname} Server may not be able " -"to correctly determine the set of applicable patches. When this occurs, " -"package updates will be available in the {webui}, but will not appear on the " -"client, and attempts to update the client will fail. Check package locks " -"and exclude lists to determine if packages are locked or excluded on the " -"client." +#: modules/administration/pages/auditing.adoc:16 +msgid "In the {productname} {webui}, navigate to menu:Audit[CVE Audit]." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:27 +#: modules/administration/pages/auditing.adoc:17 msgid "" -"On the client, check package locks and exclude lists to determine if " -"packages are locked or excluded:" +"OPTIONAL: To check the patch status for a particular CVE, type the CVE " +"identifier in the [guimenu]``CVE Number`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:29 +#: modules/administration/pages/auditing.adoc:18 msgid "" -"On an Expanded Support Platform, check [path]``/etc/yum.conf`` and search " -"for ``exclude=``." +"Select the patch statuses you want to look for, or leave all statuses " +"checked to look for all." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-packages.adoc:29 -msgid "On {sle} and {opensuse}, use the [command]``zypper locks`` command." -msgstr "" - -#. type: Title = -#: modules/administration/pages/tshoot-registerclones.adoc:2 -#, no-wrap -msgid "Troubleshooting Registering Cloned Clients" +#: modules/administration/pages/auditing.adoc:19 +msgid "" +"Click btn:[Audit Servers] to check all systems, or click btn:[Audit Images] " +"to check all images." msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:25 +#: modules/administration/pages/auditing.adoc:20 msgid "" -"If you are using {productname} to manage virtual machines, you might find it " -"useful to create clones of your VMs. A clone is a VM that uses a primary " -"disk that is an exact copy of an existing disk." +"For more information about the patch status icons used on this page, see " +"xref:reference:audit/audit-cve-audit.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:27 +#: modules/administration/pages/auditing.adoc:21 msgid "" -"While cloning VMs can save you a lot of time, the duplicated identifying " -"information on the disk can sometimes cause problems." +"For each system, the [guimenu]``Next Action`` column provides information " +"about what you need to do to address vulnerabilities. If applicable, a list " +"of candidate channels or patches is also given. You can also assign systems " +"to a [guimenu]``System Set`` for further batch processing." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:30 +#: modules/administration/pages/auditing.adoc:22 msgid "" -"If you have a client that is already registered, you create a clone of that " -"client, and then try and register the clone, you probably want {productname} " -"to register them as two separate clients. However, if the machine ID in " -"both the original client and the clone is the same, {productname} will " -"register both clients as one system, and the existing client data will be " -"over-written with that of the clone." +"You can use the {productname} API to verify the patch status of your " +"clients. Use the ``audit.listSystemsByPatchStatus`` API method. For more " +"information about this method, see the {productname} API Guide." +msgstr "" + +#. type: Title == +#: modules/administration/pages/auditing.adoc:23 +#, no-wrap +msgid "CVE Status" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:32 +#: modules/administration/pages/auditing.adoc:24 msgid "" -"This can be resolved by changing the machine ID of the clone, so that " -"{productname} recognizes them as two different clients." +"The CVE status of clients is usually either ``affected``, ``not affected``, " +"or ``patched``. These statuses are based only on the information that is " +"available to {productname}." msgstr "" -#. type: delimited block = -#: modules/administration/pages/tshoot-registerclones.adoc:37 -msgid "" -"Each step of this procedure is performed on the cloned client. This " -"procedure does not manipulate the original client, which will still be " -"registered to {productname}." +#. type: Plain text +#: modules/administration/pages/auditing.adoc:25 +msgid "Within {productname}, these definitions apply:" msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-registerclones.adoc:41 +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:26 #, no-wrap -msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Salt Clients" +msgid "System affected by a certain vulnerability" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:45 -#: modules/administration/pages/tshoot-registerclones.adoc:79 +#: modules/administration/pages/auditing.adoc:27 msgid "" -"On the cloned machine, change the hostname and IP addresses. Make sure " -"[path]``/etc/hosts`` contains the changes you made and the correct host " -"entries." +"A system which has an installed package with version lower than the version " +"of the same package in a relevant patch marked for the vulnerability." +msgstr "" + +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:28 +#, no-wrap +msgid "System not affected by a certain vulnerability" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:46 +#: modules/administration/pages/auditing.adoc:29 msgid "" -"For distributions that support systemd: If your machines have the same " -"machine ID, delete the file on each duplicated client and re-create it:" +"A system which has no installed package that is also in a relevant patch " +"marked for the vulnerability." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:52 -#: modules/administration/pages/tshoot-registerclones.adoc:121 +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:30 #, no-wrap -msgid "" -"# rm /etc/machine-id\n" -"# rm /var/lib/dbus/machine-id\n" -"# dbus-uuidgen --ensure\n" -"# systemd-machine-id-setup\n" +msgid "System patched for a certain vulnerability" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:55 +#: modules/administration/pages/auditing.adoc:31 msgid "" -"For distributions that do not support systemd: Generate a machine ID from " -"dbus:" +"A system which has an installed package with version equal to or greater " +"than the version of the same package in a relevant patch marked for the " +"vulnerability." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:59 +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:32 #, no-wrap -msgid "" -"# rm /var/lib/dbus/machine-id\n" -"# dbus-uuidgen --ensure\n" +msgid "Relevant patch" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:61 -msgid "" -"If your clients still have the same Salt client ID, delete the " -"[path]``minion_id`` file on each client (FQDN will be used when it is " -"regenerated on client restart):" +#: modules/administration/pages/auditing.adoc:33 +msgid "A patch known by {productname} in a relevant channel." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:64 +#. type: Labeled list +#: modules/administration/pages/auditing.adoc:34 #, no-wrap -msgid "# rm /etc/salt/minion_id\n" +msgid "Relevant channel" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:66 +#: modules/administration/pages/auditing.adoc:35 msgid "" -"Delete accepted keys from the onboarding page and the system profile from " -"{productname}, and restart the client with:" +"A channel managed by {productname}, which is either assigned to the system, " +"the original of a cloned channel which is assigned to the system, a channel " +"linked to a product which is installed on the system or a past or future " +"service pack channel for the system." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:69 +#. type: delimited block = +#: modules/administration/pages/auditing.adoc:36 +msgid "" +"Because of the definitions used within {productname}, CVE audit results " +"might be incorrect in some circumstances. For example, unmanaged channels, " +"unmanaged packages, or non-compliant systems might report incorrectly." +msgstr "" + +#. type: Title = +#: modules/administration/pages/auth-methods-pam.adoc:1 #, no-wrap -msgid "# service salt-minion restart\n" +msgid "Authentication With PAM" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:72 +#: modules/administration/pages/auth-methods-pam.adoc:2 msgid "" -"Re-register the clients. Each client will now have a different [path]``/etc/" -"machine-id`` and should be correctly displayed on the [guimenu]``System " -"Overview`` page." +"{productname} supports network-based authentication systems using pluggable " +"authentication modules (PAM). PAM is a suite of libraries that allows you " +"to integrate {productname} with a centralized authentication mechanism, " +"eliminating the need to remember multiple passwords. {productname} supports " +"LDAP, Kerberos, and other network-based authentication systems using PAM." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-registerclones.adoc:75 +#: modules/administration/pages/auth-methods-pam.adoc:3 #, no-wrap -msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Traditional Clients" +msgid "Procedure: Enabling PAM" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:80 +#: modules/administration/pages/auth-methods-pam.adoc:4 +msgid "Create a PAM service file at [path]``/etc/pam.d/susemanager``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:5 msgid "" -"Stop the [systemitem]``rhnsd`` daemon, on {rhnminrelease6} and {sle} 11 with:" +"A standard [path]``/etc/pam.d/susemanager`` file should look like this. It " +"configures {productname} to use the system wide PAM configuration:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:83 +#: modules/administration/pages/auth-methods-pam.adoc:6 #, no-wrap -msgid "# /etc/init.d/rhnsd stop\n" +msgid "" +"#%PAM-1.0\n" +"auth include common-auth\n" +"account include common-account\n" +"password include common-password\n" +"session include common-session\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:86 -msgid "or, on newer systemd-based systems, with:" +#: modules/administration/pages/auth-methods-pam.adoc:7 +msgid "" +"Enforce the use of the service file by adding this line to [path]``/etc/rhn/" +"rhn.conf``:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:89 +#: modules/administration/pages/auth-methods-pam.adoc:8 #, no-wrap -msgid "# service rhnsd stop\n" +msgid "pam_auth_service = susemanager\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:91 -msgid "Stop [systemitem]``osad`` with:" +#: modules/administration/pages/auth-methods-pam.adoc:9 +#, no-wrap +msgid " In this example, the PAM service file is called [systemitem]``susemanager``.\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:94 +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:10 #, no-wrap -msgid "# /etc/init.d/osad stop\n" +msgid "Restart the {productname} services after a configuration change.\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:97 -#: modules/administration/pages/tshoot-registerclones.adoc:103 -msgid "or:" +#: modules/administration/pages/auth-methods-pam.adoc:11 +#, no-wrap +msgid "In the {productname} {webui}, navigate to menu:Users[Create User] and enable a new or existing user to authenticate with PAM.\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:100 +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:12 #, no-wrap -msgid "# service osad stop\n" +msgid "Check the [guimenu]``Pluggable Authentication Modules (PAM)`` checkbox.\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:106 +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:13 #, no-wrap -msgid "# rcosad stop\n" +msgid "It is below the password and password confirmation fields.\n" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/auth-methods-pam.adoc:14 +msgid "" +"Changing the password in the {productname} {webui} changes only the local " +"password on the {productname} Server. If PAM is enabled for that user, the " +"local password might not be used at all. In the above example, for " +"instance, the Kerberos password will not be changed. Use the password " +"change mechanism of your network service to change the password for these " +"users." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:108 +#: modules/administration/pages/auth-methods-pam.adoc:15 msgid "" -"Remove the [systemitem]``osad`` authentication configuration file and the " -"system ID:" +"To configure system-wide authentication you can use YaST. You will need to " +"install the [package]``yast2-ldap-client`` and [package]``yast2-kerberos-" +"client`` packages." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:111 +#. type: Plain text +#: modules/administration/pages/auth-methods-pam.adoc:16 +msgid "" +"For more information about configuring PAM, the SUSE Linux Enterprise Server " +"Security Guide contains a generic example that will also work for other " +"network-based authentication methods. It also describes how to configure an " +"active directory service. For more information, see https://documentation." +"suse.com/sles/15-SP2/html/SLES-all/part-auth.html." +msgstr "" + +#. type: Title = +#: modules/administration/pages/auth-methods-sso-example.adoc:1 #, no-wrap -msgid "# rm -f /etc/sysconfig/rhn/{osad-auth.conf,systemid}\n" +msgid "Example SSO Implementation" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:113 -msgid "Delete the files containing the machine IDs:" +#: modules/administration/pages/auth-methods-sso-example.adoc:2 +msgid "" +"In this example, SSO is implemented by exposing three endpoints with " +"{productname}, and using Keycloak as the identity service provider (IdP)." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:115 -msgid "SLES{nbsp}12:" +#: modules/administration/pages/auth-methods-sso-example.adoc:3 +msgid "" +"Start by setting up the {productname} Server, and the Keycloak IdP. Then " +"you can add the endpoints as clients, and create users." msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:123 -msgid "SLES{nbsp}11:" +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso-example.adoc:4 +msgid "" +"This example is provided for illustrative purposes only. {suse} does not " +"recommend or support third-party identity service providers, and is not " +"affiliated with Keycloak. For Keycloak support, see https://www.keycloak." +"org/." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:126 +#. type: Block title +#: modules/administration/pages/auth-methods-sso-example.adoc:5 #, no-wrap -msgid "# suse_register -E\n" +msgid "Procedure: Setting Up the {productname} Server" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:128 -msgid "Remove the credential files:" +#: modules/administration/pages/auth-methods-sso-example.adoc:6 +msgid "" +"On the {productname} Server, open the [path]``/etc/rhn/rhn.conf`` " +"configuration file and edit these parameters." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:129 -msgid "SLES clients:" +#: modules/administration/pages/auth-methods-sso-example.adoc:7 +msgid "" +"Replace ```` with the fully-qualified domain name of your " +"{productname} installation:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:132 +#: modules/administration/pages/auth-methods-sso-example.adoc:8 #, no-wrap -msgid "# rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}\n" +msgid "" +"java.sso.onelogin.saml2.sp.entityid = /rhn/manager/sso/metadata\n" +"java.sso.onelogin.saml2.sp.assertion_consumer_service.url = /rhn/manager/sso/acs\n" +"java.sso.onelogin.saml2.sp.single_logout_service.url = /rhn/manager/sso/sls\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:134 -msgid "{rhel} clients:" +#: modules/administration/pages/auth-methods-sso-example.adoc:9 +msgid "In the configuration file, determine the three endpoints to expose:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-registerclones.adoc:137 +#: modules/administration/pages/auth-methods-sso-example.adoc:10 #, no-wrap -msgid "# rm -f /etc/NCCcredentials\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/tshoot-registerclones.adoc:139 msgid "" -"Re-run the bootstrap script. You should now see the cloned system in " -"{productname} without overriding the system it was cloned from." +"java.sso.onelogin.saml2.idp.entityid\n" +"java.sso.onelogin.saml2.idp.single_sign_on_service.url\n" +"java.sso.onelogin.saml2.idp.single_logout_service.url\n" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-rpctimeout.adoc:2 -#, no-wrap -msgid "Troubleshooting RPC Connection Timeouts" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:11 +msgid "In the IdP metadata, locate the public x509 certificate." msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:26 +#: modules/administration/pages/auth-methods-sso-example.adoc:12 msgid "" -"RPC connections can sometimes time out due to slow networks or a network " -"link going down. This results in package downloads or batch jobs hanging or " -"taking longer than expected. You can adjust the maximum time that an RPC " -"connection can take by editing the configuration file. While this will not " -"resolve networking problems, it will cause a process to fail rather than " -"hang." +"It uses this format: ``/auth/realms//protocol/saml/" +"descriptor``. In the configuration file, specify the public x509 " +"certificate of the IdP:" msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-rpctimeout.adoc:28 +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso-example.adoc:13 #, no-wrap -msgid "Procedure: Resolving RPC connection timeouts" +msgid "java.sso.onelogin.saml2.idp.x509cert\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:31 +#: modules/administration/pages/auth-methods-sso-example.adoc:14 msgid "" -"On the {productname} Server, open the [filename]``/etc/rhn/rhn.conf`` file " -"and set a maximum timeout value (in seconds):" +"When you have prepared the {productname} Server, you can install Keycloak. " +"You can install Keycloak directly on your machine, or run it in a " +"container. In this example, we run Keycloak in a Docker container. For " +"more information about installing Keycloak, see the Keycloak documentation " +"at https://www.keycloak.org/getting-started/getting-started-docker." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:34 +#. type: Block title +#: modules/administration/pages/auth-methods-sso-example.adoc:15 #, no-wrap -msgid "server.timeout =`number`\n" +msgid "Procedure: Setting Up the Identity Service Provider" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:36 +#: modules/administration/pages/auth-methods-sso-example.adoc:16 msgid "" -"On the {productname} Proxy, open the [filename]``/etc/rhn/rhn.conf`` file " -"and set a maximum timeout value (in seconds):" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:39 -#, no-wrap -msgid "proxy.timeout =`number`\n" +"Install Keycloak in a Docker container, according to the Keycloak " +"documentation." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:41 +#: modules/administration/pages/auth-methods-sso-example.adoc:17 msgid "" -"On a {sles} client that uses zypper, open the [filename]``/etc/zypp/zypp." -"conf`` file and set a maximum timeout value (in seconds):" +"Run the container using the ``-td`` argument to ensure the process remains " +"running:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:46 +#: modules/administration/pages/auth-methods-sso-example.adoc:18 #, no-wrap -msgid "" -"## Valid values: [0,3600]\n" -"## Default value: 180\n" -"download.transfer_timeout = 180\n" +msgid "docker run -td --name=idp -p 8080:8080 -e KEYCLOAK_USER= -e KEYCLOAK_PASSWORD= quay.io/keycloak/keycloak:9.0.2\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-rpctimeout.adoc:48 +#: modules/administration/pages/auth-methods-sso-example.adoc:19 msgid "" -"On a {rhel} client that uses yum, open the [filename]``/etc/yum.conf`` file " -"and set a maximum timeout value (in seconds):" +"Sign in the Keycloak {webui} as a privileged user, and create a realm using " +"these details:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-rpctimeout.adoc:51 -#, no-wrap -msgid "timeout =`number`\n" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:20 +msgid "In the ``Name`` field, enter a name for the realm." msgstr "" -#. type: delimited block = -#: modules/administration/pages/tshoot-rpctimeout.adoc:56 -msgid "" -"If you limit RPC timeouts to less than `180` seconds, you risk aborting " -"perfectly normal operations." +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:21 +msgid "For example, ``SUMA``." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-saltboot.adoc:2 -#, no-wrap -msgid "Troubleshooting the Saltboot Formula" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:22 +msgid "Toggle the ``Enabled`` switch to ``On``." msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:23 +#: modules/administration/pages/auth-methods-sso-example.adoc:23 msgid "" -"Because of a problem in the computed partition size value, the saltboot " -"formula can sometimes fail when it is created on SLE{nbsp}11 SP3 clients, " -"with an error like this:" +"In the ``Endpoints`` field, type ``SAML 2.0 Identity Provider Metadata``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-saltboot.adoc:39 -#, no-wrap +#. Probably needs more explanation here. --LKB 20200415 +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:24 msgid "" -" ID: disk1_partitioned\n" -" Function: saltboot.partitioned\n" -" Name: disk1\n" -" Result: false\n" -" Comment: An exception occurred in this state: Traceback (most recent call last):\n" -" File \"/usr/lib/python2.6/site-packages/salt/state.py\", line 1767, in call\n" -" **cdata['kwargs'])\n" -" File \"/usr/lib/python2.6/site-packages/salt/loader.py\", line 1705, in wrapper\n" -" return f(*args, **kwargs)\n" -" File \"/var/cache/salt/minion/extmods/states/saltboot.py\", line 393, in disk_partitioned\n" -" existing = __salt__['partition.list'](device, unit='MiB')\n" -" File \"/usr/lib/python2.6/site-packages/salt/modules/parted.py\", line 177, in list_\n" -" 'Problem encountered while parsing output from parted')\n" -"CommandExecutionError: Problem encountered while parsing output from parted\n" +"This endpoint is ``/auth/realms//protocol/saml/" +"descriptor`` which describes the endpoints and certificate in the " +"{productname} configuration file." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:43 +#: modules/administration/pages/auth-methods-sso-example.adoc:25 msgid "" -"This problem can be resolved by manually configuring the size of the " -"partition containing the operating system. When the size is set correctly, " -"formula creation will work as expected." +"When you have Keycloak running and set up, you can add the endpoints. " +"Keycloak refers to endpoints as clients." msgstr "" #. type: Block title -#: modules/administration/pages/tshoot-saltboot.adoc:45 +#: modules/administration/pages/auth-methods-sso-example.adoc:26 #, no-wrap -msgid "Procedure: Manually Configuring the Partition Size in the Saltboot Formula" +msgid "Procedure: Adding Endpoints as Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:49 -msgid "" -"In the {productname} {webui}, navigate to menu:Systems[System Groups] and " -"select the ``Hardware Type Group`` that contains the SLE{nbsp}11 SP3 client " -"that is causing the error. In the [guimenu]``Formulas`` tab, navigate to " -"the [guimenu]``Saltboot`` subtab." +#: modules/administration/pages/auth-methods-sso-example.adoc:27 +msgid "In the Keycloak {webui}, create a new client using these details:" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:50 +#: modules/administration/pages/auth-methods-sso-example.adoc:28 msgid "" -"Locate the partition that contains the operating system, and in the " -"[guimenu]``Partition Size`` field, type the appropriate size (in MiB)." +"In the ``Client ID`` field, enter the endpoint specified in the server " +"configuration file as ``java.sso.onelogin.saml2.idp.entityid``." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-saltboot.adoc:50 -msgid "Click btn:[Save Formula], and apply the highstate to save your changes." -msgstr "" - -#. type: Title = -#: modules/administration/pages/tuning-changelogs.adoc:2 -#, no-wrap -msgid "Tuning Changelogs" +#: modules/administration/pages/auth-methods-sso-example.adoc:29 +msgid "For example, ``https:///rhn/manager/sso/metadata``." msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:7 -msgid "" -"Some packages have a long list of changelog entries. This data is " -"downloaded by default, but it is not always useful information to keep. In " -"order to limit the amount of changelog metadata which is downloaded and to " -"save disk space, you can put a limit on how many entries to keep on disk." +#: modules/administration/pages/auth-methods-sso-example.adoc:30 +msgid "In the ``Client Protocol`` field, select ``SAML``." msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:10 -msgid "" -"This configuration option is in the [filename]``/etc/rhn/rhn.conf`` " -"configuration file. The parameter defaults to [systemitem]``0``, which " -"means unlimited." -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tuning-changelogs.adoc:13 -#, no-wrap -msgid "java.max_changelog_entries = 0\n" +#: modules/administration/pages/auth-methods-sso-example.adoc:31 +msgid "Toggle the ``Include AuthnStatement`` switch to ``On``." msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:16 -msgid "" -"If you set this parameter, it will come into effect only for new packages " -"when they are synchronized." +#: modules/administration/pages/auth-methods-sso-example.adoc:32 +msgid "Toggle the ``Sign Assertions`` switch to ``On``." msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:18 -msgid "" -"After changing this parameter, restart services with ``spacewalk-service " -"restart``." +#: modules/administration/pages/auth-methods-sso-example.adoc:33 +msgid "In the ``Signature Algorithm`` field, select ``RSA_SHA1``." msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:20 -msgid "" -"You might like to delete and regenerate the cached data to remove older data." +#: modules/administration/pages/auth-methods-sso-example.adoc:34 +msgid "In the ``SAML Signature Key Name`` field, select the key." msgstr "" -#. type: delimited block = -#: modules/administration/pages/tuning-changelogs.adoc:26 -msgid "" -"Deleting and regenerating cached data can take a long time. Depending on " -"the number of channels you have and the amount of data to be deleted, it can " -"potentially take several hours. The task is run in the background by " -"Taskomatic, so you can continue to use {productname} while the operation " -"completes, however you should expect some performance loss." +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:35 +msgid "In the ``Canonicalization Method`` field, select ``Exclusive``." msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:29 +#: modules/administration/pages/auth-methods-sso-example.adoc:36 msgid "" -"You can delete and request a regeneration of cached data from the command " -"line:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tuning-changelogs.adoc:32 -#, no-wrap -msgid "spacewalk-sql -i\n" +"In the ``Fine Grain SAML Endpoint Configuration`` section, add the two " +"endpoints using these details:" msgstr "" #. type: Plain text -#: modules/administration/pages/tuning-changelogs.adoc:34 -msgid "Then on the SQL database prompt, enter:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tuning-changelogs.adoc:43 -#, no-wrap +#: modules/administration/pages/auth-methods-sso-example.adoc:37 msgid "" -"DELETE FROM rhnPackageRepodata;\n" -"INSERT INTO rhnRepoRegenQueue (id, CHANNEL_LABEL, REASON, FORCE)\n" -"(SELECT sequence_nextval('rhn_repo_regen_queue_id_seq'),\n" -" C.label,\n" -" 'cached data regeneration',\n" -" 'Y'\n" -" FROM rhnChannel C);\n" -"\\q\n" +"In both the ``Assertion Consumer Service`` fields, enter the endpoint " +"specified in the server configuration file as ``java.sso.onelogin.saml2.sp." +"assertion_consumer_service.url``." msgstr "" -#. type: Title = -#: modules/administration/pages/repo-metadata.adoc:2 -#, no-wrap -msgid "Signing Repository Metadata" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:38 +msgid "For example, ``https:///rhn/manager/sso/acs``." msgstr "" -#. TODO:: Explain why repository metadata should/would be signed. #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:7 +#: modules/administration/pages/auth-methods-sso-example.adoc:39 msgid "" -"You will require a custom GPG key to be able to sign repository metadata." +"In both the ``Logout Service`` fields, enter the endpoint specified in the " +"server configuration file as ``java.sso.onelogin.saml2.sp." +"single_logout_service.url``." msgstr "" -#. type: Block title -#: modules/administration/pages/repo-metadata.adoc:8 -#, no-wrap -msgid "Procedure: Generating a Custom GPG Key" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:40 +msgid "For example, ``https:///rhn/manager/sso/sls``." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:11 +#: modules/administration/pages/auth-methods-sso-example.adoc:41 msgid "" -"As the root user, use the [command]``gpg`` command to generate a new key:" +"When you have added the endpoints as clients, you can configure the client " +"scope, and map the users between Keycloak and {productname}." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:14 +#. type: Block title +#: modules/administration/pages/auth-methods-sso-example.adoc:42 #, no-wrap -msgid "gpg --gen-key\n" +msgid "Procedure: Configuring Client Scope and Mappers" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:18 +#: modules/administration/pages/auth-methods-sso-example.adoc:43 msgid "" -"At the prompts, select [systemitem]``RSA`` as the key type, with a size of " -"2048 bits, and select an appropriate expiry date for your key. Check the " -"details for your new key, and type [systemitem]``y`` to confirm." +"In the Keycloak {webui}, navigate to the menu:Clients[Client Scopes] tab and " +"assign ``role_list`` as the default client scope." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:21 +#: modules/administration/pages/auth-methods-sso-example.adoc:44 msgid "" -"At the prompts, enter a name and email address to be associated with your " -"key. You can also add a comment to help you identify the key, if desired. " -"When you are happy with the user identity, type [systemitem]``O`` to confirm." +"Navigate to the menu:Clients[Mappers] tab and add a user attribute ``Uid`` " +"mapper, using the default values." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:22 -msgid "At the prompt, enter a passphrase to protect your key." +#: modules/administration/pages/auth-methods-sso-example.adoc:45 +msgid "This SAML attribute is expected by {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:24 +#: modules/administration/pages/auth-methods-sso-example.adoc:46 msgid "" -"The key should be automatically added to your keyring. You can check by " -"listing the keys in your keyring:" +"Navigate to the menu:Users[Admin] section and create an administrative user." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:27 -#, no-wrap -msgid "gpg --list-keys\n" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso-example.adoc:47 +msgid "This user does not need to match the {productname} administrative user." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:30 +#: modules/administration/pages/auth-methods-sso-example.adoc:48 msgid "" -"Add the password for your keyring to the [filename]``/etc/rhn/signing.conf`` " -"configuration file, by opening the file in your text editor and adding this " -"line:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:33 -#, no-wrap -msgid "GPGPASS=\"password\"\n" +"Navigate to the menu:Users[Role Mappings] tab, add a ``uid`` attribute with " +"a value that matches the username of the {productname} administrative user." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:37 +#: modules/administration/pages/auth-methods-sso-example.adoc:49 msgid "" -"You can manage metadata signing on the command line using the [command]``mgr-" -"sign-metadata-ctl`` command." +"Navigate to the menu:Users[Credentials] tab, and set the same password as " +"used by the {productname} administrative user." msgstr "" #. type: Block title -#: modules/administration/pages/repo-metadata.adoc:39 +#: modules/administration/pages/auth-methods-sso-example.adoc:50 #, no-wrap -msgid "Procedure: Enabling Metadata Signing" +msgid " Save your changes." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:42 +#: modules/administration/pages/auth-methods-sso-example.adoc:51 msgid "" -"You will need to know the short identifier for the key to use. You can list " -"your available public keys in short format:" +"When you have completed configuration, you can test that the installation is " +"working as expected. Restart the {productname} Server to pick up your " +"changes, and navigate to the {productname} {webui}. If your installation is " +"working correctly, you are redirected to the Keycloak SSO page, where you " +"can authenticate successfully." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:50 +#. type: Title = +#: modules/administration/pages/auth-methods-sso.adoc:1 #, no-wrap -msgid "" -"gpg --keyid-format short --list-keys\n" -"...\n" -"pub rsa2048/3E7BFE0A 2019-04-02 [SC] [expires: 2021-04-01]\n" -" A43F9EC645ED838ED3014B035CFA51BF3E7BFE0A\n" -"uid [ultimate] SUSE Manager\n" -"sub rsa2048/118DE7FF 2019-04-02 [E] [expires: 2021-04-01]\n" +msgid "Authentication With Single Sign-On (SSO)" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:53 +#: modules/administration/pages/auth-methods-sso.adoc:2 msgid "" -"Enable metadata signing with the [command]``mgr-sign-metadata-ctl`` command:" +"{productname} supports single sign-on (SSO) by implementing the Security " +"Assertion Markup Language (SAML){nbsp}2 protocol." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:63 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:3 msgid "" -"mgr-sign-metadata-ctl enable 3E7BFE0A\n" -"OK. Found key 3E7BFE0A in keyring.\n" -"DONE. Set key 3E7BFE0A in /etc/rhn/signing.conf.\n" -"DONE. Enabled metadata signing in /etc/rhn/rhn.conf.\n" -"DONE. Exported key 4E2C3DD8 to /srv/susemanager/salt/gpg/mgr-keyring.gpg.\n" -"DONE. Exported key 4E2C3DD8 to /srv/www/htdocs/pub/mgr-gpg-pub.key.\n" -"NOTE. For the changes to become effective run:\n" -" mgr-sign-metadata-ctl regen-metadata\n" +"Single sign-on is an authentication process that allows a user to access " +"multiple applications with one set of credentials. SAML is an XML-based " +"standard for exchanging authentication and authorization data. A SAML " +"identity service provider (IdP) provides authentication and authorization " +"services to service providers (SP), such as {productname}. {productname} " +"exposes three endpoints which must be enabled for single sign-on." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:65 -msgid "You can check that your configuration is correct with this command:" +#: modules/administration/pages/auth-methods-sso.adoc:4 +msgid "SSO in {productname} supports:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:68 -#, no-wrap -msgid "mgr-sign-metadata-ctl check-config\n" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:5 +msgid "Log in with SSO." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:70 +#: modules/administration/pages/auth-methods-sso.adoc:6 msgid "" -"Restart the services and schedule metadata regeneration to pick up the " -"changes:" +"Log out with service provider-initiated single logout (SLO), and Identity " +"service provider single logout service (SLS)." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:73 -#, no-wrap -msgid "mgr-sign-metadata-ctl regen-metadata\n" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:7 +msgid "Assertion and nameId encryption." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:77 -msgid "" -"You can also use the [command]``mgr-sign-metadata-ctl`` command to perform " -"other tasks. Use [command]``mgr-sign-metadata-ctl --help`` to see the " -"complete list." +#: modules/administration/pages/auth-methods-sso.adoc:8 +msgid "Assertion signatures." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:81 +#: modules/administration/pages/auth-methods-sso.adoc:9 msgid "" -"Repository metadata signing is a global option. When it is enabled, it is " -"enabled on all software channels on the server. This means that all clients " -"connected to the server will need to trust the new GPG key to be able to " -"install or update packages." -msgstr "" - -#. type: Block title -#: modules/administration/pages/repo-metadata.adoc:82 -#, no-wrap -msgid "Procedure: Importing GPG keys on Clients" +"Message signatures with AuthNRequest, LogoutRequest, and LogoutResponses." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:85 -msgid "For RPM-based client systems, use these remote commands:" +#: modules/administration/pages/auth-methods-sso.adoc:10 +msgid "Enable an Assertion consumer service endpoint." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:88 -#, no-wrap -msgid "rpm --import http://server.example.com/pub/mgr-gpg-pub.key\n" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:11 +msgid "Enable a single logout service endpoint." msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:91 -msgid "" -"For Ubuntu clients, you will need to reassign the channels, which will " -"automatically pick up the new GPG key. You can do this through the " -"{productname} {webui}, or from the command line on the server with this " -"command:" +#: modules/administration/pages/auth-methods-sso.adoc:12 +msgid "Publish the SP metadata (which can be signed)." msgstr "" -#. type: delimited block - -#: modules/administration/pages/repo-metadata.adoc:94 -#, no-wrap -msgid "salt state.apply channels\n" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:13 +msgid "SSO in {productname} does not support:" msgstr "" #. type: Plain text -#: modules/administration/pages/repo-metadata.adoc:95 +#: modules/administration/pages/auth-methods-sso.adoc:14 msgid "" -"OPTIONAL: For Salt clients, you might prefer to use a state to manage your " -"GPG keys." +"Product choosing and implementation for the identity service provider (IdP)." msgstr "" -#. type: Title = -#: modules/administration/pages/space-management.adoc:2 -#, no-wrap -msgid "Managing Disk Space" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:15 +msgid "" +"SAML support for other products (check with the respective product " +"documentation)." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:5 +#: modules/administration/pages/auth-methods-sso.adoc:16 msgid "" -"Running out of disk space can have a severe impact on the {productname} " -"database and file structure which, in some cases, is not recoverable." +"For an example implementation of SSO, see xref:administration:auth-methods-" +"sso-example.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/space-management.adoc:9 +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso.adoc:17 msgid "" -"{productname} monitors some directories for free disk space. You can modify " -"which directories are monitored, and the warnings that are created. All " -"settings are configured in the [path]``/etc/rhn/rhn.conf`` configuration " -"file." +"If you change from the default authentication method to single sign-on, the " +"new SSO credentials apply only to the {webui}. Client tools such as ``mgr-" +"sync`` or ``spacecmd`` will continue to work with the default authentication " +"method only." msgstr "" #. type: Title == -#: modules/administration/pages/space-management.adoc:12 +#: modules/administration/pages/auth-methods-sso.adoc:18 #, no-wrap -msgid "Monitored Directories" +msgid "Prerequisites" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:15 -msgid "By default, {productname} monitors these directories:" +#: modules/administration/pages/auth-methods-sso.adoc:19 +msgid "" +"Before you begin, you need to have configured an external identity service " +"provider with these parameters. Check your IdP documentation for " +"instructions." msgstr "" -#. type: Plain text -#: modules/administration/pages/space-management.adoc:17 -msgid "[path]``/var/lib/pgsql``" +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso.adoc:20 +msgid "" +"Your IdP must have a SAML:Attribute containing the username of the IdP user " +"domain, called ``uid``. The ``uid`` attribute passed in the SAML:Attribute " +"must be created in the {productname} user base before you activate single " +"sign-on." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:18 -msgid "[path]``/var/spacewalk``" +#: modules/administration/pages/auth-methods-sso.adoc:21 +msgid "You will need these endpoints:" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:19 -msgid "[path]``/var/cache``" +#: modules/administration/pages/auth-methods-sso.adoc:22 +msgid "" +"Assertion consumer service (or ACS): an endpoint to accept SAML messages to " +"establish a session into the Service Provider." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:20 -msgid "[path]``/srv``" +#: modules/administration/pages/auth-methods-sso.adoc:23 +msgid "" +"The endpoint for ACS in {productname} is: https://server.example.com/rhn/" +"manager/sso/acs" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:23 +#: modules/administration/pages/auth-methods-sso.adoc:24 msgid "" -"You can change which directories are monitored with the " -"[systemitem]``spacecheck_dirs`` parameter. You can specify multiple " -"directories by separating them with a space." +"Single logout service (or SLS): an endpoint to initiate a logout request " +"from the IdP." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:25 -#: modules/administration/pages/space-management.adoc:40 -#: modules/administration/pages/space-management.adoc:57 -msgid "For example:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/space-management.adoc:28 -#, no-wrap -msgid "spacecheck_dirs = /var/lib/pgsql /var/spacewalk /var/cache /srv\n" +#: modules/administration/pages/auth-methods-sso.adoc:25 +msgid "" +"The endpoint for SLS in {productname} is: https://server.example.com/rhn/" +"manager/sso/sls" msgstr "" -#. type: Title == -#: modules/administration/pages/space-management.adoc:32 -#, no-wrap -msgid "Thresholds" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:26 +msgid "Metadata: an endpoint to retrieve {productname} metadata for SAML." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:36 +#: modules/administration/pages/auth-methods-sso.adoc:27 msgid "" -"By default, {productname} will create a warning mail when a monitored " -"directory has less than 10% of total space available. A critical alert is " -"created when a monitored directory falls below 5% space available." +"The endpoint for metadata in {productname} is: https://server.example.com/" +"rhn/manager/sso/metadata" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:38 +#: modules/administration/pages/auth-methods-sso.adoc:28 msgid "" -"You can change these alert thresholds with the " -"[systemitem]``spacecheck_free_alert`` and " -"[systemitem]``spacecheck_free_critical`` parameters." +"After the authentication with the IdP using the user ``orgadmin`` is " +"successful, you will be logged in into {productname} as the ``orgadmin`` " +"user, provided that the ``orgadmin`` user exists in {productname}." msgstr "" -#. type: delimited block - -#: modules/administration/pages/space-management.adoc:44 +#. type: Title == +#: modules/administration/pages/auth-methods-sso.adoc:29 #, no-wrap +msgid "Enable SSO" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/auth-methods-sso.adoc:30 msgid "" -"spacecheck_free_alert = 10\n" -"spacecheck_free_critical = 5\n" +"Using SSO is mutually exclusive with other types of authentication: it is " +"either enabled or disabled. SSO is disabled by default." msgstr "" -#. type: Title == -#: modules/administration/pages/space-management.adoc:48 +#. type: Block title +#: modules/administration/pages/auth-methods-sso.adoc:31 #, no-wrap -msgid "Shut Down Services" +msgid "Procedure: Enabling SSO" msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:51 -msgid "" -"By default, {productname} will shut down the spacewalk services when the " -"critical alert threshold is reached." +#: modules/administration/pages/auth-methods-sso.adoc:32 +msgid "If your users do not yet exist in {productname}, create them first." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:55 +#: modules/administration/pages/auth-methods-sso.adoc:33 msgid "" -"You can change this behavior with the [systemitem]``spacecheck_shutdown`` " -"parameter. A value of ``true`` will enable the shut down feature. Any " -"other value will disable it." +"Edit [path]``/etc/rhn/rhn.conf`` and add this line at the end of the file:" msgstr "" #. type: delimited block - -#: modules/administration/pages/space-management.adoc:59 +#: modules/administration/pages/auth-methods-sso.adoc:34 #, no-wrap -msgid "spacecheck_shutdown = true\n" +msgid "java.sso = true\n" msgstr "" -#. type: Title == -#: modules/administration/pages/space-management.adoc:62 -#, no-wrap -msgid "Disable Space Checking" +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:35 +msgid "" +"Find the parameters you want to customize in [path]``/usr/share/rhn/config-" +"defaults/rhn_java_sso.conf``." msgstr "" #. type: Plain text -#: modules/administration/pages/space-management.adoc:66 +#: modules/administration/pages/auth-methods-sso.adoc:36 msgid "" -"The space checking tool is enabled by default. You can disable it entirely " -"with these commands:" +"Insert the parameters you want to customize into [path]``/etc/rhn/rhn.conf`` " +"and prefix them with [literal]``java.sso``. For example, in [path]``/usr/" +"share/rhn/config-defaults/rhn_java_sso.conf`` find:" msgstr "" #. type: delimited block - -#: modules/administration/pages/space-management.adoc:70 +#: modules/administration/pages/auth-methods-sso.adoc:37 #, no-wrap +msgid "onelogin.saml2.sp.assertion_consumer_service.url = https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/auth-methods-sso.adoc:38 msgid "" -"systemctl stop spacewalk-diskcheck.timer\n" -"systemctl disable spacewalk-diskcheck.timer\n" +"To customize it, create the corresponding option in [path]``/etc/rhn/rhn." +"conf`` by prefixing the option name with ``java.sso.``:" msgstr "" -#. type: Title = -#: modules/administration/pages/live-patching-channel-setup.adoc:2 +#. type: delimited block - +#: modules/administration/pages/auth-methods-sso.adoc:39 #, no-wrap -msgid "Set up Channels for Live Patching" +msgid "java.sso.onelogin.saml2.sp.assertion_consumer_service.url = https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:7 +#: modules/administration/pages/auth-methods-sso.adoc:40 msgid "" -"A reboot is required every time you update the full kernel package. " -"Therefore, it is important that clients using Live Patching do not have " -"newer kernels available in the channels they are assigned to. Clients using " -"live patching have updates for the running kernel in the live patching " -"channels." +"To find all the occurrences you need to change, search in the file for the " +"placeholders [literal]``YOUR-PRODUCT`` and [literal]``YOUR-IDP-ENTITY``. " +"Every parameter comes with a brief explanation of what it is meant for." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:9 -msgid "There are two ways to manage channels for live patching:" +#: modules/administration/pages/auth-methods-sso.adoc:41 +msgid "Restart the spacewalk service to pick up the changes:" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:13 +#: modules/administration/pages/auth-methods-sso.adoc:43 msgid "" -"Use content lifecycle management to clone the product tree and remove kernel " -"versions newer than the running one. This procedure is explained in the " -"xref:content-lifecycle-examples.adoc#enhance-project-with-" -"livepatching[Content Livecycle Management Examples]. This is the " -"recommended solution." +"When you visit the {productname} URL, you will be redirected to the IdP for " +"SSO where you will be requested to authenticate. Upon successful " +"authentication, you will be redirected to the {productname} {webui}, logged " +"in as the authenticated user. If you encounter problems with logging in " +"using SSO, check the {productname} logs for more information." +msgstr "" + +#. type: Title = +#: modules/administration/pages/backup-restore.adoc:1 +#, no-wrap +msgid "Backup and Restore" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:17 +#: modules/administration/pages/backup-restore.adoc:2 msgid "" -"Use the `spacewalk-manage-channel-lifecycle` tool. This procedure is more " -"manual and requires command line tools as well as the {webui}. This " -"procedure is explained in this section for SLES{nbsp}15 SP1, but it also " -"works for SLE{nbsp}12 SP4 or later." +"Back up your {productname} installation regularly, to prevent data loss. " +"Because {productname} relies on a database as well as the installed program " +"and configurations, it is important to back up all components of your " +"installation. This chapter contains information on the files you need to " +"back up, and introduces the [command]``smdba`` tool to manage database " +"backups. It also contains information about restoring from your backups in " +"the case of a system failure." msgstr "" -#. type: Title == -#: modules/administration/pages/live-patching-channel-setup.adoc:18 +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:3 #, no-wrap -msgid "Use spacewalk-manage-channel-lifecycle for Live Patching" +msgid "Backup Space Requirements" msgstr "" -#. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:22 +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:4 msgid "" -"Cloned vendor channels should be prefixed by ``dev`` for development, " -"``testing``, or ``prod`` for production. In this procedure, you will create " -"a ``dev`` cloned channel and then promote the channel to ``testing``." +"Regardless of the backup method you use, you must have available at least " +"three times the amount of space your current installation uses. Running out " +"of space can result in backups failing, so check this often." msgstr "" -#. type: Block title -#: modules/administration/pages/live-patching-channel-setup.adoc:23 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:5 #, no-wrap -msgid "Procedure: Cloning Live Patching Channels" +msgid "Backing up {productname}" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:26 +#: modules/administration/pages/backup-restore.adoc:6 msgid "" -"At the command prompt on the client, as root, obtain the current package " -"channel tree:" +"The most comprehensive method for backing up your {productname} installation " +"is to back up the relevant files and directories. This can save you time in " +"administering your backup, and can be faster to reinstall and re-synchronize " +"in the case of failure. However, this method requires significant disk " +"space and could take a long time to perform the backup." msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:34 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:7 msgid "" -"# spacewalk-manage-channel-lifecycle --list-channels\n" -"Spacewalk Username: admin\n" -"Spacewalk Password:\n" -"Channel tree:\n" +"If you want to only back up the required files and directories, use the " +"following list. To make this process simpler, and more comprehensive, we " +"recommend backing up the entire [path]``/etc`` and [path]``/root`` " +"directories, not just the ones specified here. Some files only exist if you " +"are actually using the related {susemgr} feature." msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:41 -#, no-wrap -msgid "" -" 1. sles15-{sp-vert}-pool-x86_64\n" -" \\__ sle-live-patching15-pool-x86_64-{sp-vert}\n" -" \\__ sle-live-patching15-updates-x86_64-{sp-vert}\n" -" \\__ sle-manager-tools15-pool-x86_64-{sp-vert}\n" -" \\__ sle-manager-tools15-updates-x86_64-{sp-vert}\n" -" \\__ sles15-{sp-vert}-updates-x86_64\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:8 +msgid "[path]``/etc/cobbler/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:44 -msgid "" -"Use the [command]``spacewalk-manage-channel`` command with the " -"[option]``init`` argument to automatically create a new development clone of " -"the original vendor channel:" +#: modules/administration/pages/backup-restore.adoc:9 +msgid "[path]``/etc/dhcp.conf``" msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:48 -#, no-wrap -msgid "spacewalk-manage-channel-lifecycle --init -c sles15-{sp-vert}-pool-x86_64\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:10 +msgid "[path]``/etc/fstab`` and any ISO mountpoints you require." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:51 -msgid "" -"Check that [systemitem]``dev-sles15-{sp-vert}-updates-x86_64`` is available " -"in your channel list." +#: modules/administration/pages/backup-restore.adoc:11 +msgid "[path]``/etc/rhn/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:53 -msgid "" -"Check the ``dev`` cloned channel you created, and remove any kernel updates " -"that require a reboot." +#: modules/administration/pages/backup-restore.adoc:12 +msgid "[path]``/etc/salt``" msgstr "" -#. type: Block title -#: modules/administration/pages/live-patching-channel-setup.adoc:54 -#, no-wrap -msgid "Procedure: Removing Non-Live Kernel Patches from Cloned Channels" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:13 +msgid "[path]``/etc/sudoers``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:57 -msgid "" -"Check the current kernel version by selecting the client from menu:" -"Systems[System List], and taking note of the version displayed in the " -"[guimenu]``Kernel`` field." +#: modules/administration/pages/backup-restore.adoc:14 +msgid "[path]``/etc/sysconfig/rhn/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:59 -msgid "" -"In the {productname} {webui}, select the client from menu:Systems[Overview], " -"navigate to the menu:Software[Manage > Channels] tab, and select " -"[systemitem]``dev-sles15-sp{sp-vert}-updates-x86_64``. Navigate to the " -"[guimenu]``Patches`` tab, and click btn:[List/Remove Patches]." +#: modules/administration/pages/backup-restore.adoc:15 +msgid "[path]``/root/.gnupg/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:60 -msgid "" -"In the search bar, type [systemitem]``kernel`` and identify the kernel " -"version that matches the kernel currently used by your client." +#: modules/administration/pages/backup-restore.adoc:16 +msgid "[path]``/root/.ssh``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:61 +#: modules/administration/pages/backup-restore.adoc:17 msgid "" -"Remove all kernel versions that are newer than the currently installed " -"kernel." +"This file exists if you are using an SSH tunnel or SSH [command]``push``. " +"You will also need to have saved a copy of the ``id-susemanager`` key." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:64 -msgid "" -"Your channel is now set up for live patching, and can be promoted to " -"``testing``. In this procedure, you will also add the live patching child " -"channels to your client, ready to be applied." +#: modules/administration/pages/backup-restore.adoc:18 +msgid "[path]``/root/ssl-build/``" msgstr "" -#. type: Block title -#: modules/administration/pages/live-patching-channel-setup.adoc:65 -#, no-wrap -msgid "Procedure: Promoting Live Patching Channels" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:19 +msgid "[path]``/srv/formula_metadata``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:68 -msgid "" -"At the command prompt on the client, as `root`, promote and clone the `dev-" -"sles15-{sp-vert}-pool-x86_64` channel to a new ``testing`` channel:" +#: modules/administration/pages/backup-restore.adoc:20 +msgid "[path]``/srv/pillar``" msgstr "" -#. type: delimited block - -#: modules/administration/pages/live-patching-channel-setup.adoc:72 -#, no-wrap -msgid "# spacewalk-manage-channel-lifecycle --promote -c dev-sles15-{sp-vert}-pool-x86_64\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:21 +msgid "[path]``/srv/salt``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:74 -msgid "" -"In the {productname} {webui}, select the client from menu:Systems[Overview], " -"and navigate to the menu:Software[Software Channels] tab." +#: modules/administration/pages/backup-restore.adoc:22 +msgid "[path]``/srv/susemanager``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:75 -msgid "" -"Check the new [systemitem]``test-sles15-sp{sp-vert}-pool-x86_64`` custom " -"channel to change the base channel, and check both corresponding live " -"patching child channels." +#: modules/administration/pages/backup-restore.adoc:23 +msgid "[path]``/srv/tftpboot/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:76 -msgid "" -"Click btn:[Next], confirm that the details are correct, and click btn:" -"[Confirm] to save the changes." +#: modules/administration/pages/backup-restore.adoc:24 +msgid "[path]``/srv/www/cobbler``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-channel-setup.adoc:77 -msgid "" -"You can now select and view available CVE patches, and apply these important " -"kernel updates with Live Patching." +#: modules/administration/pages/backup-restore.adoc:25 +msgid "[path]``/srv/www/htdocs/pub/``" msgstr "" -#. type: Title = -#: modules/administration/pages/live-patching-sles12.adoc:2 -#, no-wrap -msgid "Live Patching on SLES{nbsp}12" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:26 +msgid "[path]``/srv/www/os-images``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:7 -msgid "" -"On SLES{nbsp}12 systems, live patching is managed by kGraft. For in depth " -"information covering kGraft use, see https://documentation.suse.com/sles/12-" -"SP4/html/SLES-all/cha-kgraft.html." +#: modules/administration/pages/backup-restore.adoc:27 +msgid "[path]``/var/cache/rhn``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:9 -msgid "Before you begin, ensure:" +#: modules/administration/pages/backup-restore.adoc:28 +msgid "[path]``/var/cache/salt``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:11 -msgid "{productname} is fully updated." +#: modules/administration/pages/backup-restore.adoc:29 +msgid "[path]``/var/lib/cobbler/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:12 -msgid "You have one or more Salt clients running SLES{nbsp}12 (SP1 or later)." +#: modules/administration/pages/backup-restore.adoc:30 +msgid "" +"[path]``/var/lib/cobbler/templates/`` (before version 4.0 it was [path]``/" +"var/lib/rhn/kickstarts/``)" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:13 -msgid "Your SLES{nbsp}12 Salt clients are registered with {productname}." +#: modules/administration/pages/backup-restore.adoc:31 +msgid "[path]``/var/lib/Kiwi``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:14 -msgid "" -"You have access to the SLES{nbsp}12 channels appropriate for your " -"architecture, including the live patching child channel (or channels)." +#: modules/administration/pages/backup-restore.adoc:32 +msgid "[path]``/var/lib/rhn/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:15 -msgid "The clients are fully synchronized." +#: modules/administration/pages/backup-restore.adoc:33 +msgid "[path]``/var/spacewalk/``" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:17 +#: modules/administration/pages/backup-restore.adoc:34 msgid "" -"Assign the clients to the cloned channels prepared for live patching. For " -"more information on preparation, see xref:administration:live-patching-" -"channel-setup.adoc[]." +"Plus any directories containing custom data such as scripts, Kickstart or " +"AutoYaST profiles, and custom RPMs." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:35 +msgid "" +"You will also need to back up your database, which you can do with the " +"[command]``smdba`` tool. For more information about the [command]``smdba`` " +"tool, see xref:administration:backup-restore.adoc[]." msgstr "" #. type: Block title -#: modules/administration/pages/live-patching-sles12.adoc:20 +#: modules/administration/pages/backup-restore.adoc:36 #, no-wrap -msgid "Procedure: Setting up for Live Patching" +msgid "Procedure: Restore from a Manual Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:24 -msgid "" -"Select the client you want to manage with Live Patching from menu:" -"Systems[Overview], and on the system details page navigate to the menu:" -"Software[Packages > Install] tab. Search for the [systemitem]``kgraft`` " -"package, and install it." +#: modules/administration/pages/backup-restore.adoc:37 +msgid "Re-install {productname}." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/live-patching-sles12.adoc:25 -#, no-wrap -msgid "enable_live_patching_kgraft_install.png" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:38 +msgid "" +"For more information about recovering from a backup, see xref:administration:" +"backup-restore.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:27 -msgid "Apply the highstate to enable Live Patching, and reboot the client." +#: modules/administration/pages/backup-restore.adoc:39 +msgid "" +"Re-synchronize your {productname} repositories with the [command]``mgr-" +"sync`` tool." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:28 -msgid "Repeat for each client that you want to manage with Live Patching." +#: modules/administration/pages/backup-restore.adoc:40 +msgid "" +"For more information about the [command]``mgr-sync`` tool, see <>." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:29 +#: modules/administration/pages/backup-restore.adoc:41 msgid "" -"To check that live patching has been enabled correctly, select the client " -"from menu:Systems[System List], and ensure that [systemitem]``Live " -"Patching`` appears in the [guimenu]``Kernel`` field." +"You can choose to re-register your product, or skip the registration and SSL " +"certificate generation sections." msgstr "" -#. type: Block title -#: modules/administration/pages/live-patching-sles12.adoc:32 -#, no-wrap -msgid "Procedure: Applying Live Patches to a Kernel" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:42 +msgid "" +"Re-install the [path]``/root/ssl-build/rhn-org-httpd-ssl-key-pair-" +"MACHINE_NAME-VER-REL.noarch.rpm`` package." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:36 +#: modules/administration/pages/backup-restore.adoc:43 msgid "" -"In the {productname} {webui}, select the client from menu:" -"Systems[Overview]. You will see a banner at the top of the screen showing " -"the number of critical and non-critical packages available for the client:" +"Schedule the re-creation of search indexes next time the [command]``rhn-" +"search`` service is started:" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/live-patching-sles12.adoc:37 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:44 #, no-wrap -msgid "live_patching_criticalupdates.png" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:40 -msgid "Click btn:[Critical] to see a list of the available critical patches." +msgid "rhn-search cleanindex\n" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:42 +#: modules/administration/pages/backup-restore.adoc:45 msgid "" -"Select any patch with a synopsis reading [guimenu]``Important: Security " -"update for the Linux kernel``. Security bugs will also include their CVE " -"number, where applicable." +"This command produces only debug messages. It does not produce error " +"messages." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles12.adoc:43 -msgid "" -"OPTIONAL: If you know the CVE number of a patch you want to apply, you can " -"search for it in menu:Audit[CVE Audit], and apply the patch to any clients " -"that require it." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/live-patching-sles12.adoc:49 -msgid "" -"Not all kernel patches are Live Patches! Non-Live kernel patches are " -"represented by a `Reboot Required` icon located next to the `Security` " -"shield icon. These patches will always require a reboot." +#: modules/administration/pages/backup-restore.adoc:46 +msgid "Check whether you need to restore [path]``/var/spacewalk/packages/``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/live-patching-sles12.adoc:58 +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:47 msgid "" -"Not all security issues can be fixed by applying a live patch. Some " -"security issues can only be fixed by applying a full kernel update and will " -"require a reboot. The assigned CVE numbers for these issues are not " -"included in live patches. A CVE audit will display this requirement." +"If [path]``/var/spacewalk/packages/`` was not in your backup, you will need " +"to restore it. If the source repository is available, you can restore " +"[path]``/var/spacewalk/packages/`` with a complete channel synchronization:" msgstr "" -#. type: Title = -#: modules/administration/pages/live-patching-sles15.adoc:2 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:48 #, no-wrap -msgid "Live Patching on SLES{nbsp}15" +msgid "mgr-sync refresh --refresh-channels\n" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:5 +#: modules/administration/pages/backup-restore.adoc:49 msgid "" -"On SLES{nbsp}15 systems and newer, live patching is managed by the " -"[systemitem]``klp livepatch`` tool." +"Check the progress by running [command]``tail -f /var/log/rhn/reposync/" +"````.log`` as _root_." msgstr "" -#. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:10 -msgid "You have one or more Salt clients running SLES{nbsp}15 (SP1 or later)." +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:50 +#, no-wrap +msgid "Administering the Database with smdba" msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:11 -msgid "Your SLES{nbsp}15 Salt clients are registered with {productname}." +#: modules/administration/pages/backup-restore.adoc:51 +msgid "" +"The [command]``smdba`` tool is used for managing a local PostgreSQL " +"database. It allows you to back up and restore your database, and manage " +"backups. It can also be used to check the status of your database, and " +"perform administration tasks, such as restarting." msgstr "" #. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:12 +#: modules/administration/pages/backup-restore.adoc:52 msgid "" -"You have access to the SLES{nbsp}15 channels appropriate for your " -"architecture, including the live patching child channel (or channels)." +"The [command]``smdba`` tool works with local PostgreSQL databases only, it " +"will not work with remotely accessed databases, or Oracle databases." msgstr "" -#. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:22 +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:53 msgid "" -"Select the client you want to manage with Live Patching from menu:" -"Systems[Overview], and navigate to the menu:Software[Packages > Install] " -"tab. Search for the [systemitem]``kernel-livepatch`` package, and install " -"it." +"The [command]``smdba`` tool requires [command]``sudo`` access, to execute " +"system changes. Ensure you have enabled [command]``sudo`` access for the " +"[username]``admin`` user before you begin, by checking the [path]``/etc/" +"sudoers`` file for this line:" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/live-patching-sles15.adoc:23 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:54 #, no-wrap -msgid "enable_live_patching_kernel_live_install.png" +msgid "admin ALL=(postgres) /usr/bin/smdba\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/live-patching-sles15.adoc:27 -msgid "" -"To check that live patching has been enabled correctly, select the client " -"from menu:Systems[System List], and ensure that [systemitem]``Live Patch`` " -"appears in the [guimenu]``Kernel`` field." +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:55 +msgid "Check the runtime status of your database with:" msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-sync.adoc:2 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:56 #, no-wrap -msgid "Troubleshooting Package Synchronization" +msgid "smdba db-status\n" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-sync.adoc:25 -msgid "" -"{productname} does not automatically trust third party GPG keys. If package " -"synchronization fails, it could be because of an untrusted GPG key. You can " -"find out if this is the case by opening [path]``/var/log/rhn/reposync`` and " -"looking for an error like this:" +#: modules/administration/pages/backup-restore.adoc:57 +msgid "This command will return either ``online`` or ``offline``, for example:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-sync.adoc:31 +#: modules/administration/pages/backup-restore.adoc:58 #, no-wrap -msgid "" -"['/usr/bin/spacewalk-repo-sync', '--channel', 'sle-12-sp1-ga-desktop-\n" -"nvidia-driver-x86_64', '--type', 'yum', '--non-interactive']\n" -"ChannelException: The GPG key for this repository is not part of the keyring.\n" -"Please run spacewalk-repo-sync in interactive mode to import it.\n" +msgid "Checking database core... online\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-sync.adoc:34 -msgid "" -"To resolve the problem, you need to import the GPG key to {productname}. " -"For more on importing GPG keys, see xref:administration:repo-metadata.adoc[]." +#: modules/administration/pages/backup-restore.adoc:59 +msgid "Starting and stopping the database can be performed with:" msgstr "" -#. type: Title = -#: modules/administration/pages/auditing.adoc:2 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:60 +#: modules/administration/pages/backup-restore.adoc:102 #, no-wrap -msgid "Auditing" +msgid "smdba db-start\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:6 -msgid "" -"In {productname}, you can keep track of your clients through a series of " -"auditing tasks. You can check that your clients are up to date with all " -"public security patches (CVEs), perform subscription matching, and use " -"OpenSCAP to check for specification compliance." +#: modules/administration/pages/backup-restore.adoc:61 +msgid "And:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:8 -msgid "" -"In the {productname} {webui}, navigate to [guimenu]``Audit`` to perform " -"auditing tasks." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:62 +#: modules/administration/pages/backup-restore.adoc:98 +#, no-wrap +msgid "smdba db-stop\n" msgstr "" -#. This will probably need to be broken into sub-sections. --LKB 20200205 #. type: Title == -#: modules/administration/pages/auditing.adoc:14 +#: modules/administration/pages/backup-restore.adoc:63 #, no-wrap -msgid "CVE Audits" +msgid "Database Backup with smdba" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:17 +#: modules/administration/pages/backup-restore.adoc:64 msgid "" -"A CVE (common vulnerabilities and exposures) is a fix for a publicly known " -"security vulnerability." +"The [command]``smdba`` tool performs a continuous archiving backup. This " +"backup method combines a log of every change made to the database during the " +"current session, with a series of more traditional backup files. When a " +"crash occurs, the database state is first restored from the most recent " +"backup file on disk, then the log of the current session is replayed " +"exactly, to bring the database back to a current state. A continuous " +"archiving backup with [command]``smdba`` is performed with the database " +"running, so there is no need for downtime." msgstr "" -#. type: delimited block = -#: modules/administration/pages/auditing.adoc:21 -msgid "You must apply CVEs to your clients as soon as they become available." +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:65 +msgid "" +"This method of backing up is stable and generally creates consistent " +"snapshots, however it can take up a lot of storage space. Ensure you have " +"at least three times the current database size of space available for " +"backups. You can check your current database size by navigating to [path]``/" +"var/lib/pgsql/`` and running [command]``df -h``." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:25 +#: modules/administration/pages/backup-restore.adoc:66 msgid "" -"Each CVE contains an identification number, a description of the " -"vulnerability, and links to further information. CVE identification numbers " -"use the form ``CVE-YEAR-XXXX``." +"The [command]``smdba`` tool also manages your archives, keeping only the " +"most recent backup, and the current archive of logs. The log files can only " +"be a maximum file size of 16{nbsp}MB, so a new log file will be created when " +"the files reach this size. Every time you create a new backup, previous " +"backups will be purged to release disk space. We recommend you use " +"[command]``cron`` to schedule your [command]``smdba`` backups to ensure that " +"your storage is managed effectively, and you always have a backup ready in " +"case of failure." +msgstr "" + +#. type: Title === +#: modules/administration/pages/backup-restore.adoc:67 +#, no-wrap +msgid "Performing a Manual Database Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:27 +#: modules/administration/pages/backup-restore.adoc:68 msgid "" -"In the {productname} {webui}, navigate to menu:Audit[CVE Audit] to see a " -"list of all clients and their current patch status." +"The [command]``smdba`` tool can be run directly from the command line. We " +"recommend you run a manual database backup immediately after installation, " +"or if you have made any significant changes to your configuration." msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:30 +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:69 msgid "" -"By default, the CVE data is updated at 2300 every day. We recommend that " -"before you begin a CVE audit you refresh the data to ensure you have the " -"latest patches." +"When [command]``smdba`` is run for the first time, or if you have changed " +"the location of the backup, it will need to restart your database before " +"performing the archive. This will result in a small amount of downtime. " +"Regular database backups will not require any downtime." msgstr "" #. type: Block title -#: modules/administration/pages/auditing.adoc:33 +#: modules/administration/pages/backup-restore.adoc:70 #, no-wrap -msgid "Procedure: Updating CVE Data" +msgid "Procedure: Performing a Manual Database Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:35 +#: modules/administration/pages/backup-restore.adoc:71 +msgid "Allocate permanent storage space for your backup." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:72 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Task Schedules] and " -"select the ``cve-server-channels-default`` schedule." +"This example uses a directory located at [path]``/var/spacewalk/``. This " +"will become a permanent target for your backup, so ensure it will remain " +"accessible by your server at all times." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:36 -msgid "Click btn:[cve-server-channels-bunch]." +#: modules/administration/pages/backup-restore.adoc:73 +msgid "In your backup location, create a directory for the backup:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:74 +#, no-wrap +msgid "sudo -u postgres mkdir /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:38 -msgid "" -"Click btn:[Single Run Schedule] to schedule the task. Allow the task to " -"complete before continuing with the CVE audit." +#: modules/administration/pages/backup-restore.adoc:75 +msgid "Or, as root:" msgstr "" -#. type: Block title -#: modules/administration/pages/auditing.adoc:41 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:76 #, no-wrap -msgid "Procedure: Verifying Patch Status" +msgid "install -d -o postgres -g postgres -m 700 /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:43 -msgid "In the {productname} {webui}, navigate to menu:Audit[CVE Audit]." +#: modules/administration/pages/backup-restore.adoc:77 +msgid "Ensure you have the correct permissions set on the backup location:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:78 +#, no-wrap +msgid "chown postgres:postgres /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:44 +#: modules/administration/pages/backup-restore.adoc:79 msgid "" -"OPTIONAL: To check the patch status for a particular CVE, type the CVE " -"identifier in the [guimenu]``CVE Number`` field." +"To create a backup for the first time, run the [command]``smdba backup-hot`` " +"command with the [option]``enable`` option set." msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:45 +#: modules/administration/pages/backup-restore.adoc:80 msgid "" -"Select the patch statuses you want to look for, or leave all statuses " -"checked to look for all." +"This will create the backup in the specified directory, and, if necessary, " +"restart the database:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:46 -msgid "" -"Click btn:[Audit Servers] to check all systems, or click btn:[Audit Images] " -"to check all images." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:81 +#, no-wrap +msgid "smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:48 +#: modules/administration/pages/backup-restore.adoc:82 msgid "" -"For more information about the patch status icons used on this page, see " -"xref:reference:audit/audit-cve-audit.adoc[]." +"This command produces debug messages and finishes sucessfully with the " +"output:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:53 -msgid "" -"For each system, the [guimenu]``Next Action`` column provides information " -"about what you need to do to address vulnerabilities. If applicable, a list " -"of candidate channels or patches is also given. You can also assign systems " -"to a [guimenu]``System Set`` for further batch processing." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:83 +#, no-wrap +msgid "INFO: Finished\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:58 +#: modules/administration/pages/backup-restore.adoc:84 msgid "" -"You can use the {productname} API to verify the patch status of your " -"clients. Use the ``audit.listSystemsByPatchStatus`` API method. For more " -"information about this method, see the {productname} API Guide." +"Check that the backup files exist in the [path]``/var/spacewalk/db-backup`` " +"directory, to ensure that your backup has been successful." msgstr "" -#. type: Title == -#: modules/administration/pages/auditing.adoc:61 +#. type: Title === +#: modules/administration/pages/backup-restore.adoc:85 #, no-wrap -msgid "CVE Status" +msgid "Scheduling Automatic Backups" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:65 +#: modules/administration/pages/backup-restore.adoc:86 msgid "" -"The CVE status of clients is usually either ``affected``, ``not affected``, " -"or ``patched``. These statuses are based only on the information that is " -"available to {productname}." +"You do not need to shut down your system to perform a database backup with " +"[command]``smdba``. However, because it is a large operation, database " +"performance can slow down while the backup is running. We recommend you " +"schedule regular database backups for a low-traffic period, to minimize " +"disruption." msgstr "" -#. type: Plain text -#: modules/administration/pages/auditing.adoc:67 -msgid "Within {productname}, these definitions apply:" +#. type: delimited block = +#: modules/administration/pages/backup-restore.adoc:87 +msgid "" +"Ensure you have at least three times the current database size of space " +"available for backups. You can check your current database size by " +"navigating to [path]``/var/lib/pgsql/`` and running [command]``df -h``." msgstr "" -#. type: Labeled list -#: modules/administration/pages/auditing.adoc:68 +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:88 #, no-wrap -msgid "System affected by a certain vulnerability" +msgid "Procedure: Scheduling Automatic Backups" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:70 +#: modules/administration/pages/backup-restore.adoc:89 msgid "" -"A system which has an installed package with version lower than the version " -"of the same package in a relevant patch marked for the vulnerability." +"Create a directory for the backup, and set the appropriate permissions (as " +"root):" msgstr "" -#. type: Labeled list -#: modules/administration/pages/auditing.adoc:71 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:90 #, no-wrap -msgid "System not affected by a certain vulnerability" +msgid "install -m 700 -o postgres -g postgres /var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:73 +#: modules/administration/pages/backup-restore.adoc:91 msgid "" -"A system which has no installed package that is also in a relevant patch " -"marked for the vulnerability." +"Open [path]``/etc/cron.d/db-backup-mgr``, or create it if it does not exist, " +"and add the following line to create the cron job:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/auditing.adoc:74 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:92 #, no-wrap -msgid "System patched for a certain vulnerability" +msgid "0 2 * * * root /usr/bin/smdba backup-hot --enable=on --backup-dir=/var/spacewalk/db-backup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:76 +#: modules/administration/pages/backup-restore.adoc:93 msgid "" -"A system which has an installed package with version equal to or greater " -"than the version of the same package in a relevant patch marked for the " -"vulnerability." +"Check the backup directory regularly to ensure the backups are working as " +"expected." msgstr "" -#. type: Labeled list -#: modules/administration/pages/auditing.adoc:77 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:94 #, no-wrap -msgid "Relevant patch" +msgid "Restoring from Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:79 -msgid "A patch known by {productname} in a relevant channel." +#: modules/administration/pages/backup-restore.adoc:95 +msgid "" +"The [command]``smdba`` tool can be used to restore from backup in the case " +"of failure." msgstr "" -#. type: Labeled list -#: modules/administration/pages/auditing.adoc:80 +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:96 #, no-wrap -msgid "Relevant channel" +msgid "Procedure: Restoring from Backup" msgstr "" #. type: Plain text -#: modules/administration/pages/auditing.adoc:82 -msgid "" -"A channel managed by {productname}, which is either assigned to the system, " -"the original of a cloned channel which is assigned to the system, a channel " -"linked to a product which is installed on the system or a past or future " -"service pack channel for the system." +#: modules/administration/pages/backup-restore.adoc:97 +msgid "Shut down the database:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/auditing.adoc:87 -msgid "" -"Because of the definitions used within {productname}, CVE audit results " -"might be incorrect in some circumstances. For example, unmanaged channels, " -"unmanaged packages, or non-compliant systems might report incorrectly." +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:99 +msgid "Start the restore process and wait for it to complete:" msgstr "" -#. type: Title = -#: modules/administration/pages/content-staging.adoc:2 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:100 #, no-wrap -msgid "Content Staging" +msgid "smdba backup-restore start\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:7 -msgid "" -"Staging is used by clients to download packages in advance, before they are " -"installed. This allows package installation to begin as soon as it is " -"scheduled, which can reduce the amount of time required for a maintenance " -"window." +#: modules/administration/pages/backup-restore.adoc:101 +msgid "Restart the database:" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:103 +msgid "Check if there are differences between the RPMs and the database." +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:104 +#, no-wrap +msgid "spacewalk-data-fsck\n" msgstr "" #. type: Title == -#: modules/administration/pages/content-staging.adoc:9 +#: modules/administration/pages/backup-restore.adoc:105 #, no-wrap -msgid "Enable Content Staging" +msgid "Archive Log Settings" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:14 +#: modules/administration/pages/backup-restore.adoc:106 msgid "" -"You can manage content staging across your entire organization. In the " -"{productname} {webui}, navigate to menu:Admin[Organizations] to see a list " -"of available organizations. Click the name of an organization, and check " -"the [guimenu]``Enable Staging Contents`` box to allow clients in this " -"organization to stage package data." +"Archive logging allows the database management tool [command]``smdba`` to " +"perform hot backups. In {productname} with an embedded database, archive " +"logging is enabled by default." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-staging.adoc:18 +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:107 msgid "" -"You must be logged in as a {productname} administrator to create and manage " -"organizations." +"PostgreSQL maintains a limited number of archive logs. Using the default " +"configuration, approximately 64 files with a size of 16 MiB are stored." msgstr "" +#. FIXME: Use sle 15 channels as an example #. type: Plain text -#: modules/administration/pages/content-staging.adoc:21 -msgid "" -"You can also enable staging at the command prompt by editing [path]``/etc/" -"sysconfig/rhn/up2date``, and adding or editing these lines:" +#: modules/administration/pages/backup-restore.adoc:108 +msgid "Creating a user and syncing the channels:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/content-staging.adoc:25 -#, no-wrap -msgid "" -"stagingContent=1\n" -"stagingContentWindow=24\n" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:109 +msgid "SLES12-SP2-Pool-x86_64" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:110 +msgid "SLES12-SP2-Updates-x86_64" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:111 +msgid "SLE-Manager-Tools12-Pool-x86_64-SP2" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:112 +msgid "SLE-Manager-Tools12-Updates-x86_64-SP2" msgstr "" -#. 2018-12-10, ke: /etc/sysconfig/rhn/up2date still exists. @renner confirmed some tools use it (at least, trad. client). To be renamed in the future. #. type: Plain text -#: modules/administration/pages/content-staging.adoc:36 +#: modules/administration/pages/backup-restore.adoc:113 msgid "" -"The ``stagingContentWindow`` parameter is a time value expressed in hours " -"and determines when downloading will start. It is the number of hours " -"before the scheduled installation or update time. In this example, content " -"will be downloaded 24 hours before the installation time. The start time " -"for download depends on the selected contact method for a system. The " -"assigned contact method sets the time for when the next " -"[command]``mgr_check`` will be executed." +"PostgreSQL will generate an additional roughly 1 GB of data. So it is " +"important to think about a backup strategy and create a backups in a regular " +"way." msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:39 +#: modules/administration/pages/backup-restore.adoc:114 msgid "" -"Next time an action is scheduled, packages are automatically downloaded, but " -"not installed. At the scheduled time, the staged packages are installed." +"Archive logs are stored at [path]``/var/lib/pgsql/data/pg_xlog/`` " +"(postgresql)." msgstr "" #. type: Title == -#: modules/administration/pages/content-staging.adoc:42 +#: modules/administration/pages/backup-restore.adoc:115 #, no-wrap -msgid "Configure Content Staging" +msgid "Retrieving an Overview of Occupied Database Space" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:45 -msgid "There are two parameters used to configure content staging:" +#: modules/administration/pages/backup-restore.adoc:116 +msgid "" +"Database administrators may use the subcommand [command]``space-overview`` " +"to get a report about occupied table spaces, for example:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:117 +#, no-wrap +msgid "smdba space-overview\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:48 +#: modules/administration/pages/backup-restore.adoc:118 +#: modules/administration/pages/backup-restore.adoc:123 +msgid "outputs:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:119 +#: modules/administration/pages/backup-restore.adoc:124 +#, no-wrap msgid "" -"[parameter]``salt_content_staging_advance`` is the advance time for the " -"content staging window to open, in hours. This is the number of hours " -"before installation starts, that package downloads can begin." +"SUSE Manager Database Control. Version 1.5.2\n" +"Copyright (c) 2012 by SUSE Linux Products GmbH\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-staging.adoc:50 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:120 +#, no-wrap msgid "" -"[parameter]``salt_content_staging_window`` is the duration of the content " -"staging window, in hours. This is the amount of time clients have to stage " -"packages before installation begins." +"Tablespace | Size (Mb) | Avail (Mb) | Use %\n" +"------------+-----------+------------+------\n" +"postgres | 7 | 49168 | 0.013\n" +"susemanager | 776 | 48399 | 1.602\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:53 +#: modules/administration/pages/backup-restore.adoc:121 msgid "" -"For example, if [parameter]``salt_content_staging_advance`` is set to six " -"hours, and [parameter]``salt_content_staging_window`` is set to two hours, " -"the staging window will open six hours before the installation time, and " -"remain open for two hours. No packages will be downloaded in the four " -"remaining hours until installation starts." +"The [command]``smdba`` command is available for PostgreSQL. For a more " +"detailed report, use the [command]``space-tables`` subcommand. It lists the " +"table and its size, for example:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-staging.adoc:55 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:122 +#, no-wrap +msgid "smdba space-tables\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:125 +#, no-wrap msgid "" -"If you set the same value for both " -"[parameter]``salt_content_staging_advance`` and " -"[parameter]``salt_content_staging_window`` packages will be able to be " -"downloaded until installation begins." +"Table | Size\n" +"--------------------------------------+-----------\n" +"public.all_primary_keys | 0 bytes\n" +"public.all_tab_columns | 0 bytes\n" +"public.allserverkeywordsincereboot | 0 bytes\n" +"public.dblink_pkey_results | 0 bytes\n" +"public.dual | 8192 bytes\n" +"public.evr_t | 0 bytes\n" +"public.log | 32 kB\n" +"...\n" +msgstr "" + +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:126 +#, no-wrap +msgid "Moving the Database" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:57 +#: modules/administration/pages/backup-restore.adoc:127 msgid "" -"Configure the content staging parameters in [path]``/usr/share/rhn/config-" -"defaults/rhn_java.conf``." +"It is possible to move the database to another location. For example, move " +"the database if the database storage space is running low. The following " +"procedure will guide you through moving the database to a new location for " +"use by {productname}." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-staging.adoc:59 -msgid "Default values:" +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:128 +#, no-wrap +msgid "Procedure: Moving the Database" msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:61 -msgid "[path]``salt_content_staging_advance: 8 hours``" +#: modules/administration/pages/backup-restore.adoc:129 +msgid "" +"The default storage location for {productname} is [path]``/var/lib/pgsql/``. " +"If you would like to move it, for example to [path]``/storage/postgres/``, " +"proceed as follows." msgstr "" #. type: Plain text -#: modules/administration/pages/content-staging.adoc:62 -msgid "[path]``salt_content_staging_window: 8 hours``" +#: modules/administration/pages/backup-restore.adoc:130 +msgid "Stop the running database with (as root):" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-staging.adoc:67 -msgid "Content staging must be enabled for these parameters to work correctly." +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:131 +#, no-wrap +msgid "rcpostgresql stop\n" msgstr "" -#. type: Title = -#: modules/administration/pages/task-schedules.adoc:2 -#, no-wrap -msgid "Task Schedules" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:132 +msgid "Shut down the running Spacewalk services with:" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:5 +#: modules/administration/pages/backup-restore.adoc:134 msgid "" -"Under menu:Admin[Task Schedules] all predefined task bunches are listed." +"Copy the current working directory structure with [command]``cp`` using the " +"[option]``-a, --archive`` option." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/task-schedules.adoc:6 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:136 #, no-wrap -msgid "admin_task_schedules.png" +msgid "cp --archive /var/lib/pgsql/ /storage/postgres/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:11 -msgid "" -"Click a menu:SUSE Manager Schedules[Schedule name] to open its menu:Schedule " -"Name[Basic Schedule Details] where you can disable it or change the " -"frequency. Click btn:[Edit Schedule] to update the schedule with your " -"settings. To delete a schedule, click btn:[Delete Schedule] in the upper " -"right-hand corner." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/task-schedules.adoc:15 +#: modules/administration/pages/backup-restore.adoc:137 msgid "" -"Only disable or delete a schedule if you are absolutely certain this is " -"necessary as they are essential for {productname} to work properly." +"This command will copy the contents of [path]``/var/lib/pgsql/`` to [path]``/" +"storage/postgres/pgsql/``." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:19 +#: modules/administration/pages/backup-restore.adoc:138 msgid "" -"If you click a bunch name, a list of runs of that bunch type and their " -"status will be displayed. Clicking the start time links takes you back to " -"the menu:Schedule Name[Basic Schedule Details]." +"The contents of the [path]``/var/lib/pgsql`` directory needs to remain the " +"same, otherwise the {productname} database may malfunction. You also should " +"ensure that there is enough available disk space." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:21 -msgid "" -"For example, the following predefined task bunches are scheduled by default " -"and can be configured:" +#: modules/administration/pages/backup-restore.adoc:139 +msgid "Mount the new database directory with:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:22 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:140 #, no-wrap -msgid "menu:channel-repodata-default:[]" +msgid "mount /storage/postgres/pgsql\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:24 -msgid "(Re)generates repository metadata files." +#: modules/administration/pages/backup-restore.adoc:141 +msgid "" +"Make sure ownership is `postgres:postgres` and not `root:root` by changing " +"to the new directory and running the following commands:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:26 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:142 #, no-wrap -msgid "menu:cleanup-data-default:[]" +msgid "" +"cd /storage/postgres/pgsql/\n" +"ls -l\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:28 -msgid "" -"Cleans up stale package change log and monitoring time series data from the " -"database." +#: modules/administration/pages/backup-restore.adoc:143 +msgid "Outputs:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:30 +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:144 #, no-wrap -msgid "menu:clear-taskologs-default:[]" +msgid "" +"total 8\n" +"drwxr-x--- 4 postgres postgres 47 Jun 2 14:35 ./\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:32 +#: modules/administration/pages/backup-restore.adoc:145 msgid "" -"Clears task engine (taskomatic) history data older than a specified number " -"of days, depending on the job type, from the database." +"Add the new database mount location to your servers fstab by editing " +"[path]``etc/fstab``." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:34 +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:146 +msgid "Start the database with:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:147 #, no-wrap -msgid "menu:cobbler-sync-default:[]" +msgid "rcpostgresql start\n" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:37 -msgid "" -"Synchronizes distribution and profile data from {productname} to Cobbler. " -"For more information, see xref:client-configuration:cobbler.adoc[]." +#: modules/administration/pages/backup-restore.adoc:148 +msgid "Start the Spacewalk services with:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:39 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:150 #, no-wrap -msgid "menu:compare-configs-default:[]" +msgid "Recovering from a Crashed Root Partition" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:44 +#: modules/administration/pages/backup-restore.adoc:151 msgid "" -"Compares configuration files as stored in configuration channels with the " -"files stored on all configuration-enabled servers. To review comparisons, " -"click menu:Systems[] tab and select the system of interest. Go to menu:" -"Configuration[Compare Files]. For more information, see xref:reference:" -"systems/system-details/sd-configuration.adoc#sd-config-compare-files[]." +"This section provides guidance on restoring your server after its root " +"partition has crashed. This section assumes you have setup your server " +"similar to the procedure explained in Installation guide with separate " +"partitions for the database and for channels mounted at [path]``/var/lib/" +"pgsql`` and [path]``/var/spacewalk/``." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:46 +#. type: Block title +#: modules/administration/pages/backup-restore.adoc:152 #, no-wrap -msgid "menu:cve-server-channels-default:[]" +msgid "Procedure: Recovering from a Crashed Root Partition" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:50 -msgid "" -"Updates internal pre-computed CVE data that is used to display results on " -"the menu:Audit[CVE Audit] page. Search results in the menu:Audit[CVE Audit] " -"page are updated to the last run of this schedule). For more information, " -"see xref:reference:audit/audit-cve-audit.adoc[]." +#: modules/administration/pages/backup-restore.adoc:153 +msgid "Install {productname}." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:52 -#, no-wrap -msgid "menu:daily-status-default:[]" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:154 +msgid "" +"Do not mount the [path]``/var/spacewalk`` and [path]``/var/lib/pgsql`` " +"partitions. Wait for the installation to complete before going on to the " +"next step." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:56 -msgid "" -"Sends daily report e-mails to relevant addresses. To learn more about how " -"to configure notifications for specific users, see xref:reference:users/user-" -"details.adoc[]." +#: modules/administration/pages/backup-restore.adoc:155 +msgid "Shut down the services with [command]``spacewalk-service shutdown``." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:58 -#, no-wrap -msgid "menu:errata-cache-default:[]" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:156 +msgid "Shut down the database with [command]``rcpostgresql stop``." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:62 -msgid "" -"Updates internal patch cache database tables, which are used to look up " -"packages that need updates for each server. Also, this sends notification " -"emails to users that might be interested in certain patches. For more " -"information about patches, see xref:reference:patches/patches-menu.adoc[]." +#: modules/administration/pages/backup-restore.adoc:157 +msgid "Mount [path]``/var/spacewalk`` and [path]``/var/lib/pgsql`` partitions." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:64 -#, no-wrap -msgid "menu:errata-queue-default:[]" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:158 +msgid "Restore the directories listed in <>." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:66 +#: modules/administration/pages/backup-restore.adoc:159 msgid "" -"Queues automatic updates (patches) for servers that are configured to " -"receive them." +"Start the Spacewalk services with [command]``spacewalk-services start``." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:68 -#, no-wrap -msgid "menu:kickstart-cleanup-default:[]" +#. type: Plain text +#: modules/administration/pages/backup-restore.adoc:160 +msgid "Start the database with [command]``rcpostgresql start``." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:70 -msgid "Cleans up stale kickstart session data." +#: modules/administration/pages/backup-restore.adoc:161 +msgid "" +"{productname} should now operate normally without loss of your database or " +"synced channels." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:72 +#. type: Title == +#: modules/administration/pages/backup-restore.adoc:162 #, no-wrap -msgid "menu:kickstartfile-sync-default:[]" +msgid "Database Connection Information" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:74 +#: modules/administration/pages/backup-restore.adoc:163 msgid "" -"Generates Cobbler files corresponding to Kickstart profiles created by the " -"configuration wizard." +"The information for connecting to the {productname} database is located in " +"[path]``/etc/rhn/rhn.conf``:" msgstr "" -#. we probably no longer want to reference NCC; I do not know whether it works the same way with SCC (if at all) -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:77 +#. There are no such default, they are user-spcified, though +#. type: delimited block - +#: modules/administration/pages/backup-restore.adoc:164 #, no-wrap -msgid "menu:mgr-register-default:[]" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/task-schedules.adoc:79 msgid "" -"Calls the [command]``mgr-register`` command, which synchronizes client " -"registration data with NCC (new, changed or deleted clients' data are " -"forwarded)." +"db_backend = postgresql\n" +"db_user = susemanager\n" +"db_password = susemanager\n" +"db_name = susemanager\n" +"db_host = localhost\n" +"db_port = 5432\n" +"db_ssl_enabled =\n" msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:81 +#. type: Title = +#: modules/administration/pages/channel-management.adoc:1 #, no-wrap -msgid "menu:mgr-sync-refresh-default:[]" +msgid "Channel Management" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/channel-management.adoc:2 +msgid "Channels are a method of grouping software packages." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:83 +#: modules/administration/pages/channel-management.adoc:3 msgid "" -"The default time at which the start of synchronization with SUSE Customer " -"Center (SCC) takes place (``mgr-sync-refresh``)." +"In {productname}, channels are grouped into base and child channels, with " +"base channels grouped by operating system type, version, and architecture, " +"and child channels being compatible with their related base channel. When a " +"client has been assigned to a base channel, it is only possible for that " +"system to install the related child channels. Organizing channels in this " +"way ensures that only compatible packages are installed on each system." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:84 -#, no-wrap -msgid "menu:minion-action-cleanup-default:[]" +#. type: Plain text +#: modules/administration/pages/channel-management.adoc:4 +msgid "" +"Software channels use repositories to provide packages. The channels mirror " +"the repositories in {productname}, and the package names and other data are " +"stored in the {productname} database. You can have any number of " +"repositories associated with a channel. The software from those " +"repositories can then be installed on clients by subscribing the client to " +"the appropriate channel." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:89 +#: modules/administration/pages/channel-management.adoc:5 msgid "" -"Deletes stale client action data from the file system. First it tries to " -"complete any possibly unfinished actions by looking up the corresponding " -"results; these results are stored in the Salt job cache. An unfinished " -"action can occur if the server has missed the results of the action. For " -"successfully completed actions it removes artifacts such as executed script " -"files." +"Clients can only be assigned to one base channel. The client can then " +"install or update packages from the repositories associated with that base " +"channel and any of its child channels." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:91 -#, no-wrap -msgid "menu:package-cleanup-default:[]" +#. type: Plain text +#: modules/administration/pages/channel-management.adoc:6 +msgid "" +"{productname} provides a number of vendor channels, which provide you " +"everything you need to run {productname}. {productname} Administrators and " +"Channel Administrators have channel management authority, which gives them " +"the ability to create and manage their own custom channels. If you want to " +"use your own packages in your environment, you can create custom channels. " +"Custom channels can be used as a base channel, or you can associate them " +"with a vendor base channel." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:93 -msgid "Deletes stale package files from the file system." +#: modules/administration/pages/channel-management.adoc:7 +msgid "" +"For more on creating custom channels, see xref:administration:custom-" +"channels.adoc[]." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:94 +#. type: Title == +#: modules/administration/pages/channel-management.adoc:8 #, no-wrap -msgid "menu:reboot-action-cleanup-default:[]" +msgid "Channel Administration" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:97 +#: modules/administration/pages/channel-management.adoc:9 msgid "" -"Any reboot actions pending for more than six hours are marked as failed and " -"associated data is cleaned up in the database. For more information on " -"scheduling reboot actions, see xref:reference:systems/system-details/sd-" -"provisioning.adoc#sd-power-management[]." +"By default, any user can subscribe channels to a system. You can implement " +"restrictions on the channel using the {webui}." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:99 +#. type: Block title +#: modules/administration/pages/channel-management.adoc:10 #, no-wrap -msgid "menu:sandbox-cleanup-default:[]" +msgid "Procedure: Restricting Subscriber Access to a Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:104 +#: modules/administration/pages/channel-management.adoc:11 msgid "" -"Cleans up Sandbox configuration files and channels that are older than the " -"__sandbox_lifetime__ configuration parameter (3 days by default). Sandbox " -"files are those imported from systems or files under development. For more " -"information, see xref:reference:systems/system-details/sd-configuration." -"adoc#sd-config-add-files[]." +"In the {productname} {webui}, navigate to menu:Software[Channel List], and " +"select the channel to edit." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:106 -#, no-wrap -msgid "menu:session-cleanup-default:[]" +#. type: Plain text +#: modules/administration/pages/channel-management.adoc:12 +msgid "" +"Locate the [guimenu]``Per-User Subscription Restrictions`` section and check " +"[guimenu]``Only selected users within your organization may subscribe to " +"this channel``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/channel-management.adoc:13 +msgid "Click btn:[Update] to save the changes." msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:108 +#: modules/administration/pages/channel-management.adoc:14 msgid "" -"Cleans up stale Web interface sessions, typically data that is temporarily " -"stored when a user logs in and then closes the browser before logging out." +"Navigate to the [guimenu]``Subscribers`` tab and select or deselect users as " +"required." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:110 +#. type: Title = +#: modules/administration/pages/content-lifecycle-examples.adoc:1 #, no-wrap -msgid "menu:ssh-push-default:[]" +msgid "Content Lifecycle Management Examples" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:112 +#: modules/administration/pages/content-lifecycle-examples.adoc:2 msgid "" -"Prompts clients to check in with {productname} via SSH if they are " -"configured with a `SSH Push` contact method." +"This section contains some common examples of how you can use content " +"lifecycle management. Use these examples to build your own personalized " +"implementation." msgstr "" -#. type: Labeled list -#: modules/administration/pages/task-schedules.adoc:113 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:3 #, no-wrap -msgid "menu:token-cleanup-default:[]" +msgid "Creating a Project for a Monthly Patch Cycle" msgstr "" #. type: Plain text -#: modules/administration/pages/task-schedules.adoc:114 -msgid "" -"Deletes expired repository tokens that are used by Salt clients to download " -"packages and metadata." +#: modules/administration/pages/content-lifecycle-examples.adoc:4 +msgid "An example project for a monthly patch cycle consists of:" msgstr "" -#. type: Title = -#: modules/administration/pages/organizations.adoc:2 +#. type: Title === +#: modules/administration/pages/content-lifecycle-examples.adoc:5 +#: modules/administration/pages/content-lifecycle-examples.adoc:10 #, no-wrap -msgid "Organizations" +msgid "Creating a `By Date` filter" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:6 -msgid "" -"Organizations are used to manage user access and permissions within " -"{productname}." +#: modules/administration/pages/content-lifecycle-examples.adoc:6 +msgid "Adding the filter to the project" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:10 -msgid "" -"For most environments, a single organization is enough. However, more " -"complicated environments might need several organizations. You might like " -"to have an organization for each physical location within your business, or " -"for different business functions." +#: modules/administration/pages/content-lifecycle-examples.adoc:7 +msgid "Applying the filter to a new project build" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:13 -msgid "" -"When you have created your organizations, you can create and assign users to " -"your organizations. You can then assign permissions on an organization " -"level, which applies by default to every user assigned to the organization." +#: modules/administration/pages/content-lifecycle-examples.adoc:8 +msgid "Excluding a patch from the project" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:16 +#: modules/administration/pages/content-lifecycle-examples.adoc:9 +msgid "Including a patch in the project" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:11 msgid "" -"You can also configure authentication methods for your new organization, " -"including PAM and single sign-on. For more information about " -"authentication, see xref:administration:auth-methods.adoc[]." +"The ``By Date`` filter excludes all patches released after a specified " +"date. This filter is useful for your content lifecycle projects that follow " +"a monthly patch cycle." msgstr "" #. type: Block title -#: modules/administration/pages/organizations.adoc:24 +#: modules/administration/pages/content-lifecycle-examples.adoc:12 #, no-wrap -msgid "Procedure: Creating a New Organization" +msgid "Procedure: Creating the ``By Date`` Filter" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:26 +#: modules/administration/pages/content-lifecycle-examples.adoc:13 +#: modules/administration/pages/content-lifecycle-examples.adoc:38 +#: modules/administration/pages/content-lifecycle-examples.adoc:53 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Organizations], and " -"click btn:[Create Organization]." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/organizations.adoc:27 -msgid "In the [guimenu]``Create Organization`` dialog, complete these fields:" +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters] " +"and click btn:[Create Filter]." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:29 -msgid "" -"In the [guimenu]``Organization Name`` field, type a name for your new " -"organization. The name should be between 3 and 128 characters long." +#: modules/administration/pages/content-lifecycle-examples.adoc:14 +#: modules/administration/pages/content-lifecycle-examples.adoc:90 +msgid "In the [guimenu]``Filter Name`` field, type a name for your filter." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:31 -msgid "" -"In the [guimenu]``Desired Login`` field, type the login name you want to use " -"for the organization's administrator. This must be a new administrator " -"account, you will not be able to use an existing administrator account to " -"sign in to the new organization, including the one you are currently signed " -"in with." +#: modules/administration/pages/content-lifecycle-examples.adoc:15 +msgid "For example, [systemitem]``Exclude patches by date``." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:34 +#: modules/administration/pages/content-lifecycle-examples.adoc:16 msgid "" -"In the [guimenu]``Desired Password`` field, type a password for the new " -"organization's administrator. Confirm the password by typing it again in " -"the [guimenu]``Confirm Password`` field. Password strength is indicated by " -"the colored bar beneath the password fields." +"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Issue " +"date)``." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:35 +#: modules/administration/pages/content-lifecycle-examples.adoc:17 msgid "" -"In the [guimenu]``Email`` field, type an email address for the new " -"organization's administrator." +"In the [guimenu]``Matcher`` field, [guimenu]``later or equal`` is " +"autoselected." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:36 -msgid "" -"In the [guimenu]``First Name`` field, select a salutation, and type a given " -"name for the new organization's administrator." +#: modules/administration/pages/content-lifecycle-examples.adoc:18 +msgid "Select the date and time." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:37 -msgid "" -"In the [guimenu]``Last Name`` field, type a surname for the new " -"organization's administrator." +#: modules/administration/pages/content-lifecycle-examples.adoc:19 +#: modules/administration/pages/content-lifecycle-examples.adoc:25 +#: modules/administration/pages/content-lifecycle-examples.adoc:45 +#: modules/administration/pages/content-lifecycle-examples.adoc:62 +#: modules/administration/pages/monitoring.adoc:125 +msgid "Click btn:[Save]." msgstr "" -#. type: Plain text -#: modules/administration/pages/organizations.adoc:38 -msgid "Click btn:[Create Organization]." +#. type: Title === +#: modules/administration/pages/content-lifecycle-examples.adoc:20 +#, no-wrap +msgid "Adding the Filter to the Project" msgstr "" -#. type: Title == -#: modules/administration/pages/organizations.adoc:41 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:21 #, no-wrap -msgid "Manage Organizations" +msgid "Procedure: Adding a Filter to a Project" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:45 +#: modules/administration/pages/content-lifecycle-examples.adoc:22 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Organizations] to see a " -"list of available organizations. Click the name of an organization to " -"manage it." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects] " +"and select a project from the list." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:47 -msgid "" -"From the menu:Admin[Organizations] section, you can access tabs to manage " -"users, trusts, configuration, and states for your organization." +#: modules/administration/pages/content-lifecycle-examples.adoc:23 +msgid "Click btn:[Attach/Detach Filters] link to see all available filters" msgstr "" -#. type: delimited block = -#: modules/administration/pages/organizations.adoc:52 -msgid "" -"Organizations can only be managed by their administrators. To manage an " -"organization, ensure you are signed in as the correct administrator for the " -"organization you want to change." +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:24 +msgid "Select the new [guimenu]``Exclude patches by date`` filter." msgstr "" #. type: Title === -#: modules/administration/pages/organizations.adoc:56 +#: modules/administration/pages/content-lifecycle-examples.adoc:26 #, no-wrap -msgid "Organization Users" +msgid "Applying the Filter to a new Project Build" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:60 +#: modules/administration/pages/content-lifecycle-examples.adoc:27 msgid "" -"Navigate to the [guimenu]``Users`` tab to view the list of all users " -"associated with the organization, and their role. Clicking a username takes " -"you to the [guimenu]``Users`` menu to add, change, or delete users." +"The new filter is added to your filter list, but it still needs to be " +"applied to the project. To apply the filter you need to build the first " +"environment." msgstr "" -#. type: Title === -#: modules/administration/pages/organizations.adoc:63 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:28 #, no-wrap -msgid "Trusted Organizations" +msgid "Procedure: Using the Filter" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:67 -msgid "" -"Navigate to the [guimenu]``Trusts`` tab to add or remove trusted " -"organizations. Establishing trust between organizations allow them to share " -"content between them, and gives you the ability to migrate clients from one " -"organization to another." -msgstr "" - -#. type: Title === -#: modules/administration/pages/organizations.adoc:70 -#, no-wrap -msgid "Configure Organizations" +#: modules/administration/pages/content-lifecycle-examples.adoc:29 +msgid "Click btn:[Build] to build the first environment." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:74 -msgid "" -"Navigate to the [guimenu]``Configuration`` tab to manage the configuration " -"of your organization. This includes the use of staged contents, setting up " -"crash reporting, and the use of SCAP files." +#: modules/administration/pages/content-lifecycle-examples.adoc:30 +msgid "OPTIONAL: Add a message." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:76 -msgid "" -"For more information about content staging, see xref:administration:content-" -"staging.adoc[]." +#: modules/administration/pages/content-lifecycle-examples.adoc:31 +msgid "You can use messages to help track the build history." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:78 +#: modules/administration/pages/content-lifecycle-examples.adoc:32 msgid "" -"For more information about OpenSCAP, see xref:reference:audit/audit-openscap-" -"overview.adoc[]." -msgstr "" - -#. type: Title == -#: modules/administration/pages/organizations.adoc:81 -#, no-wrap -msgid "Manage States" +"Check that the filter has worked correctly by using the new channels on a " +"test server." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:86 -msgid "" -"Navigate to the [guimenu]``States`` tab to manage Salt states for all " -"clients in your organization. States allow you to define global security " -"policies, or add a common admin user to all clients." +#: modules/administration/pages/content-lifecycle-examples.adoc:33 +msgid "Click btn:[Promote] to move the content to the next environment." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:88 +#: modules/administration/pages/content-lifecycle-examples.adoc:34 msgid "" -"For more information about Salt States, see xref:salt:salt-states.adoc[]." +"The build will take longer if you have a large number of filters, or they " +"are very complex." msgstr "" #. type: Title === -#: modules/administration/pages/organizations.adoc:91 +#: modules/administration/pages/content-lifecycle-examples.adoc:35 #, no-wrap -msgid "Manage Configuration Channels" +msgid "Excluding a Patch from the Project" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:96 +#: modules/administration/pages/content-lifecycle-examples.adoc:36 msgid "" -"You can select which configuration channels should be applied across your " -"organization. Configuration channels can be created in the {productname} " -"{webui} by navigating to menu:Configuration[Channels]. Apply configuration " -"channels to your organization using the {productname} {webui}." +"Tests may help you discover issues. When an issue is found, exclude the " +"problem patch released before the `by date` filter." msgstr "" #. type: Block title -#: modules/administration/pages/organizations.adoc:97 +#: modules/administration/pages/content-lifecycle-examples.adoc:37 #, no-wrap -msgid "Procedure: Applying Configuration Channels to an Organization" +msgid "Procedure: Excluding a Patch" msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:99 -msgid "" -"In the {productname} {webui}, navigate to menu:Home[My Organization > " -"Configuration Channels]." +#: modules/administration/pages/content-lifecycle-examples.adoc:39 +msgid "In the [guimenu]``Filter Name`` field, enter a name for the filter." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:100 -msgid "Use the search feature to locate a channel by name." +#: modules/administration/pages/content-lifecycle-examples.adoc:40 +msgid "For example, [systemitem]``Exclude openjdk patch``." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:102 +#: modules/administration/pages/content-lifecycle-examples.adoc:41 +#: modules/administration/pages/content-lifecycle-examples.adoc:56 msgid "" -"Check the channel to be applied and click btn:[Save Changes]. This saves to " -"the database, but does not apply the changes to the channel." +"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Advisory " +"Name)``." msgstr "" #. type: Plain text -#: modules/administration/pages/organizations.adoc:103 -msgid "" -"Apply the changes by clicking btn:[Apply]. This schedules the task to apply " -"the changes to all clients within the organization." -msgstr "" - -#. type: Title = -#: modules/administration/pages/subscription-matching.adoc:2 -#, no-wrap -msgid "Subscription Matching" +#: modules/administration/pages/content-lifecycle-examples.adoc:42 +#: modules/administration/pages/content-lifecycle-examples.adoc:57 +msgid "In the [guimenu]``Matcher`` field, select [guimenu]``equals``." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:7 -msgid "" -"Your {suse} products require subscriptions, which are managed by the {scc} " -"(SCC). {productname} runs a nightly report checking the subscription status " -"of all your registered clients against your SCC account. The report gives " -"you information about which clients consume which subscriptions, how many " -"subscriptions you have remaining and available to use, and which clients do " -"not have a current subscription." +#: modules/administration/pages/content-lifecycle-examples.adoc:43 +msgid "In the [guimenu]``Advisory Name`` field, type a name for the advisory." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:9 -msgid "Navigate to menu:Audit[Subscription Matching] to see the report." +#: modules/administration/pages/content-lifecycle-examples.adoc:44 +msgid "For example, [systemitem]``SUSE-15-2019-1807``." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:11 -msgid "" -"The [guimenu]``Subscriptions Report`` tab gives information about current " -"and expiring subscriptions." +#: modules/administration/pages/content-lifecycle-examples.adoc:46 +#: modules/administration/pages/content-lifecycle-examples.adoc:99 +#: modules/administration/pages/content-lifecycle-examples.adoc:128 +msgid "Navigate to menu:Content Lifecycle[Projects] and select your project." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:15 +#: modules/administration/pages/content-lifecycle-examples.adoc:47 msgid "" -"The [guimenu]``Unmatched Products Report`` tab gives a list of clients that " -"do not have a current subscription. This includes clients that could not be " -"matched, or that are not currently registered with {productname}. The " -"report includes product names and the number of systems that remain " -"unmatched." +"Click btn:[Attach/Detach Filters] link, select [guimenu]``Exclude openjdk " +"patch``, and click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:18 +#: modules/administration/pages/content-lifecycle-examples.adoc:48 msgid "" -"The [guimenu]``Pins`` tab allows you to associate individual clients to the " -"relevant subscription. This is especially useful if the subscription " -"manager is not automatically associating clients to subscriptions " -"successfully." +"When you rebuild the project with the btn:[Build] button, the new filter is " +"used together with the [guimenu]``by date`` filter we added before." msgstr "" -#. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:20 -msgid "" -"The [guimenu]``Messages`` tab shows any errors that occurred during the " -"matching process." +#. type: Title === +#: modules/administration/pages/content-lifecycle-examples.adoc:49 +#, no-wrap +msgid "Including a Patch in the Project" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:22 +#: modules/administration/pages/content-lifecycle-examples.adoc:50 msgid "" -"You can also download the reports in .csv format, or access them from that " -"command prompt in the [path]``/var/lib/spacewalk/subscription-matcher/`` " -"directory." +"In this example, you have received a security alert. An important security " +"patch was released several days after the first of the month you are " +"currently working on. The name of the new patch is ``SUSE-15-2019-2071``. " +"You need to include this new patch into your environment." msgstr "" -#. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:26 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:51 msgid "" -"By default, the subscription matcher runs daily, at midnight. To change " -"this, navigate to menu:Admin[Task Schedules] and click ``gatherer-matcher-" -"default``. Change the schedule as required, and click btn:[Update Schedule]." +"The [guimenu]``Allow`` filters rule overrides the exclude function of the " +"[guimenu]``Deny`` filter rule. For more information, see xref:" +"administration:content-lifecycle.adoc[]." +msgstr "" + +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:52 +#, no-wrap +msgid "Procedure: Including a Patch in a Project" msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:30 -msgid "" -"Because the report can only match current clients with current " -"subscriptions, you might find that the matches change over time. The same " -"client will not always match the same subscription. This can be due to new " -"clients being registered or unregistered, or because of the addition or " -"expiration of subscriptions." +#: modules/administration/pages/content-lifecycle-examples.adoc:54 +msgid "In the [guimenu]``Filter Name`` field, type a name for the filter." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:34 -msgid "" -"The subscription matcher will automatically attempt to reduce the number of " -"unmatched products, limited by the terms and conditions of the subscriptions " -"in your account. However, if you have incomplete hardware information, " -"unknown virtual machine host assignments, or clients running in unknown " -"public clouds, the matcher might show that you do not have enough " -"subscriptions available. Always ensure you have complete data about your " -"clients included in {productname}, to help ensure accuracy." +#: modules/administration/pages/content-lifecycle-examples.adoc:55 +msgid "For example, [systemitem]``Include kernel security fix``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/subscription-matching.adoc:40 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:58 msgid "" -"The subscription matcher will not always match clients and subscriptions " -"accurately. It is not intended to be a replacement for auditing." +"In the [guimenu]``Advisory Name`` field, type " +"[guimenu]``SUSE-15-2019-2071``, and check [guimenu]``Allow``." msgstr "" -#. type: Title == -#: modules/administration/pages/subscription-matching.adoc:44 -#, no-wrap -msgid "Pin Clients to Subscriptions" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:59 +#: modules/administration/pages/content-lifecycle-examples.adoc:98 +msgid "Click btn:[Save] to store the filter." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:49 +#: modules/administration/pages/content-lifecycle-examples.adoc:60 msgid "" -"If the subscription matcher is not automatically matching a particular " -"client with the correct subscription, you can manually pin them. When you " -"have created a pin, the subscription matcher favors matching a specific " -"subscription with a given system or group of systems." +"Navigate to menu:Content Lifecycle[Projects] and select your project from " +"the list." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:53 +#: modules/administration/pages/content-lifecycle-examples.adoc:61 msgid "" -"However, the matcher will not always respect a pin. It depends on the " -"subscription being available, and whether or not the subscription can be " -"applied to the client. Additionally, pins will be ignored if they result in " -"a match that violates the terms and conditions of the subscription, or if " -"the matcher detects a more accurate match if the pin is ignored." +"Click btn:[Attach/Detach Filters], and select [guimenu]``Include kernel " +"security patch``." msgstr "" #. type: Plain text -#: modules/administration/pages/subscription-matching.adoc:55 -msgid "To add a new pin, click btn:[Add a Pin], and select the client to pin." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/subscription-matching.adoc:60 -msgid "" -"We do not recommend using pinning regularly, or for a large number of " -"clients. The subscription matcher tool is generally accurate enough for " -"most installations." +#: modules/administration/pages/content-lifecycle-examples.adoc:63 +msgid "Click btn:[Build] to rebuild the environment." msgstr "" -#. type: Title = -#: modules/administration/pages/ssl-certs-imported.adoc:2 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:64 #, no-wrap -msgid "Import SSL Certificates" +msgid "Update an Existing Monthly Patch Cycle" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:6 +#: modules/administration/pages/content-lifecycle-examples.adoc:65 msgid "" -"By default, {productname} uses a self-signed certificate. For additional " -"security, you can import a custom certificate, signed by a third party " -"certificate authority (CA)." +"When a monthly patch cycle is complete, you can update the patch cycle for " +"the next month." +msgstr "" + +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:66 +#, no-wrap +msgid "Procedure: Updating a Monthly Patch Cycle" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:8 +#: modules/administration/pages/content-lifecycle-examples.adoc:67 msgid "" -"This section covers how to use an imported SSL certificate with a new " -"{productname} installation, and how to replace existing self-signed " -"certificates with imported certificates." +"In the [guimenu]``by date`` field, change the date of the filter to the next " +"month." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:10 -msgid "Before you begin, ensure you have:" +#: modules/administration/pages/content-lifecycle-examples.adoc:68 +msgid "" +"Alternatively, create a new filter and change the assignment to the project." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:12 -msgid "A certificate authority (CA) SSL public certificate" +#: modules/administration/pages/content-lifecycle-examples.adoc:69 +msgid "" +"Check if the exclude filter for ``SUSE-15-2019-1807`` can be detached from " +"the project." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:13 -msgid "An SSL server key" +#: modules/administration/pages/content-lifecycle-examples.adoc:70 +msgid "There may be a new patch available to fix this issue." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:14 -msgid "An SSL server certificate" +#: modules/administration/pages/content-lifecycle-examples.adoc:71 +msgid "Detach the ``allow`` filter you added previously." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:16 -msgid "Your key and certificate files must be in PEM format." +#: modules/administration/pages/content-lifecycle-examples.adoc:72 +msgid "The patch is included by default." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:20 +#: modules/administration/pages/content-lifecycle-examples.adoc:73 msgid "" -"The host name of the SSL keys and certificates must match the fully " -"qualified host name of the machine you deploy them on. You can set the host " -"names in the ``X509v3 Subject Alternative Name`` section of the " -"certificate. You can also list multiple host names if your environment " -"requires it." +"Rebuild the project to create a new environment with patches for the next " +"month." msgstr "" #. type: Title == -#: modules/administration/pages/ssl-certs-imported.adoc:23 +#: modules/administration/pages/content-lifecycle-examples.adoc:74 #, no-wrap -msgid "Import Certificates for New Installations" +msgid "Enhance a Project with Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:27 +#: modules/administration/pages/content-lifecycle-examples.adoc:75 msgid "" -"By default, {productname} uses a self-signed certificate. After you have " -"completed the initial setup, you can replace the default certificate with an " -"imported certificate." +"This section covers setting up filters to create environments for live " +"patching." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-imported.adoc:30 -#, no-wrap -msgid "Procedure: Import Certificates on a New {productname} Server" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:76 +msgid "" +"When you are preparing to use live patching, there are some important " +"considerations" msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:33 -msgid "" -"Install the {productname} Server according to the instructions in xref:" -"installation:install-intro.adoc[]." +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:77 +msgid "Only ever use one kernel version on your systems." msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:34 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:78 +msgid "The live patching packages are installed with a specific kernel." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:79 +msgid "Live patching updates are shipped as one patch." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:80 msgid "" -"Complete the initial setup according to xref:installation:server-setup." -"adoc[]." +"Each kernel patch that begins a new series of live patching kernels will " +"display the ``required reboot`` flag." msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:35 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:81 msgid "" -"At the command prompt, point the SSL environment variables to the " -"certificate file locations:" +"These kernel patches come with live patching tools. When you have installed " +"them, you will need to reboot the system at least once before the next year." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:40 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:82 msgid "" -"export CA_CERT=\n" -"export SERVER_KEY=\n" -"export SERVER_CERT=\n" +"Only install live patch updates that match the installed kernel version." msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:42 -msgid "Complete {productname} setup:" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:83 +msgid "Live patches are provided as stand-alone patches." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:45 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:84 +msgid "" +"You must exclude all regular kernel patches with higher kernel version than " +"the currently installed one." +msgstr "" + +#. type: Title === +#: modules/administration/pages/content-lifecycle-examples.adoc:85 #, no-wrap -msgid "yast susemanager_setup\n" +msgid "Exclude Packages with a Higher Kernel Version" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:49 +#: modules/administration/pages/content-lifecycle-examples.adoc:86 msgid "" -"When you are prompted for certificate details during setup, fill in random " -"values. The values will be overridden by the values you specified at the " -"command prompt." +"In this example you update your systems with the ``SUSE-15-2019-1244`` " +"patch. This patch contains ``kernel-default-4.12.14-150.17.1-x86_64``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/ssl-certs-imported.adoc:53 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:87 msgid "" -"Execute the [command]``yast susemanager_setup`` command from the same shell " -"you exported the environment variables from." +"You need to exclude all patches which contain a higher version of ``kernel-" +"default``." msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-imported.adoc:57 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:88 #, no-wrap -msgid "Import Certificates for New Proxy Installations" +msgid "Procedure: Excluding Packages with a Higher Kernel Version" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:61 +#: modules/administration/pages/content-lifecycle-examples.adoc:89 msgid "" -"By default, {productname} Proxy uses a self-signed certificate. After you " -"have completed the initial setup, you can replace the default certificate " -"with an imported certificate." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters], " +"and click btn:[Create Filter]." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-imported.adoc:65 -#, no-wrap -msgid "Procedure: Import Certificates on a New {productname} Proxy" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:91 +msgid "" +"For example, [systemitem]``Exclude kernel greater than 4.12.14-150.17.1``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:92 +msgid "" +"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Contains " +"Package)``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:93 +msgid "" +"In the [guimenu]``Matcher`` field, select [guimenu]``version greater than``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:68 +#: modules/administration/pages/content-lifecycle-examples.adoc:94 msgid "" -"Install the {productname} Proxy according to the instructions in xref:" -"installation:install-intro.adoc[]." +"In the [guimenu]``Package Name`` field, type [systemitem]``kernel-default``." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:69 -msgid "" -"Complete the initial setup according to xref:installation:proxy-setup.adoc[]." +#: modules/administration/pages/content-lifecycle-examples.adoc:95 +msgid "Leave the the [guimenu]``Epoch`` field empty." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:70 -msgid "At the command prompt, run:" +#: modules/administration/pages/content-lifecycle-examples.adoc:96 +msgid "In the [guimenu]``Version`` field, type [systemitem]``4.12.14``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:73 -#, no-wrap -msgid "configure-proxy.sh\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:97 +msgid "In the [guimenu]``Release`` field, type [systemitem]``150.17.1``." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:100 +#: modules/administration/pages/content-lifecycle.adoc:20 +msgid "Click btn:[Attach/Detach Filters]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:75 +#: modules/administration/pages/content-lifecycle-examples.adoc:101 msgid "" -"At the ``Do you want to import existing certificates?`` prompt, type kbd:[y]." +"Select [guimenu]``Exclude kernel greater than 4.12.14-150.17.1``, and click " +"btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:76 -msgid "Follow the prompts to complete setup." +#: modules/administration/pages/content-lifecycle-examples.adoc:102 +msgid "" +"When you click btn:[Build], a new environment is created. The new " +"environment contains all the kernel patches up to the version you installed." msgstr "" -#. type: delimited block = -#: modules/administration/pages/ssl-certs-imported.adoc:82 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:103 msgid "" -"Use the same certificate authority to sign all server certificates for " -"servers and proxies. Certificates signed with different CAs will not match." +"All kernel patches with higher kernel versions are removed. Live patching " +"kernels will stay available as long as they are not the first in a series." msgstr "" #. type: Title == -#: modules/administration/pages/ssl-certs-imported.adoc:86 +#: modules/administration/pages/content-lifecycle-examples.adoc:104 #, no-wrap -msgid "Replace Certificates with a Third Party Certificate" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:90 -msgid "" -"You can replace active certificates on your {productname} installation with " -"a new third party certificate. To replace the certificates, you can replace " -"the installed CA certificate RPM with a new RPM containing the third party " -"certificate, and then update the database." +msgid "Switch to a New Kernel Version for Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:93 +#: modules/administration/pages/content-lifecycle-examples.adoc:105 msgid "" -"This procedure is similar to the one described in xref:administration:ssl-" -"certs-selfsigned.adoc#ssl-certs-selfsigned-create-replace[]. The difference " -"is that we import the certificates generated by an external PKI." +"Live Patching for a specific kernel version is only available for one year. " +"After one year you must update the kernel on your systems. Execute these " +"environment changes:" msgstr "" #. type: Block title -#: modules/administration/pages/ssl-certs-imported.adoc:96 +#: modules/administration/pages/content-lifecycle-examples.adoc:106 #, no-wrap -msgid "Procedure: Replacing Existing Certificates" +msgid "Procedure: Switch to a New Kernel Version" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:99 -msgid "" -"On the {productname} Server, at the command prompt, move the old certificate " -"directory to a backup location:" +#: modules/administration/pages/content-lifecycle-examples.adoc:107 +msgid "Decide which kernel version you will upgrade to." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:102 -#, no-wrap -msgid "mv /root/ssl-build /root/old-ssl-build\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:108 +msgid "For example: `4.12.14-150.32.1`" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:105 -msgid "Generate a CA certificate RPM from the new certificate:" +#: modules/administration/pages/content-lifecycle-examples.adoc:109 +msgid "Create a new kernel version Filter." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:108 -#, no-wrap -msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\" --from-ca-cert=\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:110 +msgid "" +"Detach the previous filter **Exclude kernel greater than 4.12.14-150.17.1** " +"and attach the new filter." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:111 -msgid "Generate a new server certificate RPM:" +#: modules/administration/pages/content-lifecycle-examples.adoc:111 +msgid "" +"Click btn:[Build] to rebuild the environment. The new environment contains " +"all kernel patches up to the new kernel version you selected. Systems using " +"these channels will have the kernel update available for installation. You " +"will need to reboot systems after they have performed the upgrade. The new " +"kernel will remain valid for one year. All packages installed during the " +"year will match the current live patching kernel filter." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:114 +#. type: Title == +#: modules/administration/pages/content-lifecycle-examples.adoc:112 #, no-wrap -msgid "rhn-ssl-tool --gen-server --rpm-only --dir=\"/root/ssl-build\" --from-server-key= --from-server-cert=\n" +msgid "AppStream Filters" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:120 +#: modules/administration/pages/content-lifecycle-examples.adoc:113 msgid "" -"When you create the new server certificate RPM, you might get a warning that " -"server certificate request file could not be found. This file is not " -"required, and the procedure will complete correctly without it. However, if " -"you want to avoid the error, you can copy the file into the server " -"directory, and name it [path]``server.csr``:" +"If you are using {rhel}{nbsp}8 clients, you cannot perform package " +"operations such as installing or upgrading directly from modular " +"repositories like the {rhel} AppStream repository. You can use the " +"AppStream filter to transform modular repositories into regular " +"repositories. It does this by keeping the packages in the repository and " +"stripping away the module metadata. The resulting repository can be used in " +"{productname} in the same way as a regular repository." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-imported.adoc:123 -#, no-wrap -msgid "cp .csr /root/ssl-build//server.csr\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:114 +msgid "" +"The AppStream filter selects a single module stream to be included in the " +"target repository. You can add multiple filters to select multiple module " +"streams." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:128 +#: modules/administration/pages/content-lifecycle-examples.adoc:115 msgid "" -"When you have created the new [path]``ssl-build`` directory, you can create " -"combined certificate RPMs and deploy them on the clients. For the " -"procedures to do this, see xref:administration:ssl-certs-selfsigned.adoc[]." +"If you do not use an AppStream filter in your CLM project, the module " +"metadata in the modular sources remains intact, and the target repositories " +"contain the same module metadata. As long as at least one AppStream filter " +"is enabled in the CLM project, all target repositories are transformed into " +"regular repositories." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-imported.adoc:130 +#: modules/administration/pages/content-lifecycle-examples.adoc:116 msgid "" -"If you are using a proxy, you will need to generate a server certificate RPM " -"for each proxy, using their host names and cnames." +"To use the AppStream filter, you need a CLM project with a modular " +"repository such as ``{rhel} AppStream``. Ensure that you included the " +"module you need as a source before you begin." msgstr "" -#. type: Title = -#: modules/administration/pages/ssl-certs-selfsigned.adoc:2 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:117 #, no-wrap -msgid "Self-Signed SSL Certificates" +msgid "Procedure: Using AppStream Filters" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:9 +#: modules/administration/pages/content-lifecycle-examples.adoc:118 +#: modules/administration/pages/content-lifecycle-examples.adoc:132 msgid "" -"By default, {productname} uses a self-signed certificate. In this case, the " -"certificate is created and signed by {productname}. This method does not " -"use an independent certificate authority to guarantee that the details of " -"the certificate are correct. Third party CAs perform checks to ensure that " -"the information contained in the certificate is correct. For more on third " -"party CAs, see xref:administration:ssl-certs-imported.adoc[]." +"In the {productname} {webui}, navigate to your {rhel}{nbsp}8 CLM project." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:14 -msgid "" -"This section covers how to re-create your self-signed certificates on an " -"existing installation. It also covers how to create new self-signed " -"certificates and authenticate your existing clients to the new certificate, " -"using an intermediate certificate. Intermediate certificates merge the " -"intermediate and root CA certificates into one file. Ensure that the " -"intermediate certificate comes first in the combined file." +#: modules/administration/pages/content-lifecycle-examples.adoc:119 +#: modules/administration/pages/content-lifecycle-examples.adoc:133 +msgid "Ensure that you have included the AppStream channels for your project." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:16 -msgid "" -"The host name of the SSL keys and certificates must match the fully " -"qualified host name of the machine you deploy them on." +#: modules/administration/pages/content-lifecycle-examples.adoc:120 +#: modules/administration/pages/content-lifecycle-examples.adoc:134 +msgid "Click btn:``Create Filter`` and use these parameters:" msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-selfsigned.adoc:19 -#, no-wrap -msgid "Re-Create Existing Server Certificates" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:121 +#: modules/administration/pages/content-lifecycle-examples.adoc:135 +msgid "In the [guimenu]``Filter Name`` field, type a name for the new filter." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:22 +#: modules/administration/pages/content-lifecycle-examples.adoc:122 +#: modules/administration/pages/content-lifecycle-examples.adoc:136 msgid "" -"If your existing certificates have expired or stopped working for any " -"reason, you can generate a new server certificate from the existing CA." +"In the [guimenu]``Filter Type`` field, select [parameter]``Module (Stream)``." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:23 -#, no-wrap -msgid "Procedure: Re-Creating an Existing Server Certificate" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:123 +msgid "In the [guimenu]``Module Name`` field, type a module name." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:26 -msgid "" -"On the {productname} Server, at the command prompt, regenerate the server " -"certificate:" +#: modules/administration/pages/content-lifecycle-examples.adoc:124 +msgid "For example, [parameter]``postgresql``." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:32 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:125 +msgid "In the [guimenu]``Stream`` field, type the name of the desired stream." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:126 msgid "" -"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" -"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" -"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" -"--set-hostname=\"susemanager.example.com\" --set-cname=\"example.com\"\n" +"For example, [parameter]``10``. If you leave this field blank, the default " +"stream for the module is selected." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:35 -#: modules/administration/pages/ssl-certs-selfsigned.adoc:92 +#: modules/administration/pages/content-lifecycle-examples.adoc:127 +msgid "Click btn:[Save] to create the new filter." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:129 msgid "" -"Ensure that the [systemitem]``set-cname`` parameter is the fully-qualified " -"domain name of your {productname} Server. You can use the the " -"[systemitem]``set-cname`` parameter multiple times if you require multiple " -"aliases." +"Click btn:``Attach/Detach Filters``, select your new AppStream filter, and " +"click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:38 +#: modules/administration/pages/content-lifecycle-examples.adoc:130 msgid "" -"Install the RPM that contains the newly generated certificate. Check that " -"you have the latest version of the RPM before running this command. The " -"version number is incremented every time you re-create the certificates." +"You can use the browse function in the ``Create/Edit Filter`` form to select " +"a module from a list of available module streams for a modular channel." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:41 +#. type: Block title +#: modules/administration/pages/content-lifecycle-examples.adoc:131 #, no-wrap -msgid "rpm -Uhv /root/ssl-build/lnx0259a/rhn-org-httpd-ssl-key-pair-lnx0259a-1.0-2.noarch.rpm\n" +msgid "Procedure: Browsing Available Module Streams" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:43 -#: modules/administration/pages/ssl-certs-selfsigned.adoc:180 -#: modules/administration/pages/ssl-certs-selfsigned.adoc:212 -msgid "Restart services to pick up the changes:" +#: modules/administration/pages/content-lifecycle-examples.adoc:137 +msgid "Click ``Browse available modules`` to see all modular channels." msgstr "" -#. type: Title == -#: modules/administration/pages/ssl-certs-selfsigned.adoc:51 -#, no-wrap -msgid "Create and Replace CA and Server Certificates" +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:138 +msgid "Select a channel to browse the modules and streams:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:57 +#: modules/administration/pages/content-lifecycle-examples.adoc:139 msgid "" -"If you need to create entirely new certificates for an existing " -"installation, you need to create a combined certificate first. Clients will " -"authenticate to the certificate with both the old and new details. Then you " -"can go ahead and remove the old details. This maintains the chain of trust." +"In the [guimenu]``Module Name`` field, start typing a module name to search, " +"or select from the list." msgstr "" -#. type: delimited block = -#: modules/administration/pages/ssl-certs-selfsigned.adoc:63 +#. type: Plain text +#: modules/administration/pages/content-lifecycle-examples.adoc:140 msgid "" -"Be careful with this procedure! It is possible to break the trust chain " -"between the server and clients using this procedure. If that happens, you " -"will need an administrative user to log in to every client and deploy the CA " -"directly." -msgstr "" - -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:67 -#, no-wrap -msgid "Procedure: Creating New Certificates" +"In the [guimenu]``Stream`` field, start typing a stream name to search, or " +"select from the list." msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:70 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:141 msgid "" -"On the {productname} Server, at the command prompt, move the old certificate " -"directory to a new location:" +"Channel selection is only for browsing modules. The selected channel will " +"not be saved with the filter, and will not affect the CLM process in any way." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:75 -msgid "Generate a new CA certificate and create an RPM:" +#: modules/administration/pages/content-lifecycle-examples.adoc:142 +msgid "" +"You can create additional AppStream filters for any other module stream to " +"be included in the target repository. Any module streams that the selected " +"stream depends on will be automatically included." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:81 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/content-lifecycle-examples.adoc:143 msgid "" -"rhn-ssl-tool --gen-ca --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" -"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" -"--set-org-unit=\"ORGANIZATION UNIT\" --set-common-name=\"SUSE Manager CA Certificate\" \\\n" -"--set-email=\"name@example.com\"\n" +"Be careful not to specify conflicting, incompatible, or missing module " +"streams. For example, selecting two streams from the same module is invalid." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:83 -msgid "Generate a new server certificate and create an RPM:" +#: modules/administration/pages/content-lifecycle-examples.adoc:144 +msgid "" +"When you build your CLM project using the btn:[Build] button in the {webui}, " +"the target repository is a regular repository without any modules, that " +"contains packages from the selected module streams." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:89 +#. This feature is mandatory to make RHEL/CentOS 8 modular repositories work +#. in the SUMA UI. Otherwise, even though modular repositories can be synced +#. and assigned to clients, they cannot be used for package operations +#. (install, update, etc.) from SUMA UI (An info message is shown in the UI if +#. that's the case). In that case, the package operations can only be done +#. from the client's CLI manually. +#. type: Title = +#: modules/administration/pages/content-lifecycle.adoc:1 #, no-wrap -msgid "" -"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" -"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" -"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" -"--set-hostname=\"susemanager.example.top\" --set-cname=\"example.com\"\n" +msgid "Content Lifecycle Management" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:94 +#: modules/administration/pages/content-lifecycle.adoc:2 msgid "" -"You will need to generate a server certificate RPM for each proxy, using " -"their host names and cnames." +"Content lifecycle management allows you to customize and test packages " +"before updating production clients. This is especially useful if you need " +"to apply updates during a limited maintenance window." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:97 +#: modules/administration/pages/content-lifecycle.adoc:3 msgid "" -"When you have new certificates, you can create the combined RPMs to " -"authenticate the clients." -msgstr "" - -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:100 -#, no-wrap -msgid "Procedure: Create Combined Certificate RPMs" +"Content lifecycle management allows you to select software channels as " +"sources, adjust them as required for your environment, and thoroughly test " +"them before installing onto your production clients." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:102 +#: modules/administration/pages/content-lifecycle.adoc:4 msgid "" -"Create a new CA file that combines the old and new certificate details, and " -"generate a new RPM:" +"While you cannot directly modify vendor channels, you can clone them and " +"then modify the clones by adding or removing packages and custom patches. " +"You can assign these cloned channels to test clients to ensure they work as " +"expected. Then, when all tests pass, you can promote them to production " +"servers." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:109 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:5 msgid "" -"mkdir /root/combined-ssl-build\n" -"cp /root/old-ssl-build/RHN-ORG-TRUSTED-SSL-CERT /root/combined-ssl-build/\n" -"cat /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT >> /root/combined-ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" -"cp /root/old-ssl-build/*.rpm /root/combined-ssl-build/\n" -"rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/combined-ssl-build\"\n" +"This is achieved through a series of environments that your software " +"channels can move through on their lifecycle. Most environment lifecycles " +"include at least test and production environments, but you can have as many " +"environments as you require." msgstr "" -#. I would like to split up these steps, I think. LKB 2019-09-10 #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:112 -msgid "Deploy the CA certificate on the server:" +#: modules/administration/pages/content-lifecycle.adoc:6 +msgid "" +"This section covers the basic content lifecycle procedures, and the filters " +"available. For more specific examples, see xref:administration:content-" +"lifecycle-examples.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:116 +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:7 #, no-wrap -msgid "" -"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/combined-ssl-build \\\n" -"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" +msgid "Create a Content Lifecycle Project" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:119 +#: modules/administration/pages/content-lifecycle.adoc:8 msgid "" -"When you have the combined RPMs, you can deploy the combined CA certificates " -"to your clients." +"To set up a content lifecycle, you need to begin with a project. The " +"project defines the software channel sources, the filters used to find " +"packages, and the build environments." msgstr "" #. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:122 +#: modules/administration/pages/content-lifecycle.adoc:9 #, no-wrap -msgid "Procedure: Deploying Combined Certificates on Traditional Clients" +msgid "Procedure: Creating a Content Lifecycle Project" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:125 -msgid "On the client, create a new custom channel using these details:" +#: modules/administration/pages/content-lifecycle.adoc:10 +msgid "" +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " +"and click btn:[Create Project]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:127 -msgid "Name: SSL-CA-Channel" +#: modules/administration/pages/content-lifecycle.adoc:11 +msgid "In the [guimenu]``Label`` field, enter a label for your project." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:128 -msgid "Label: ssl-ca-channel" +#: modules/administration/pages/content-lifecycle.adoc:12 +msgid "" +"The [guimenu]``Label`` field only accepts lowercase letters, numbers, " +"periods, hyphens, and underscores." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:129 -msgid "Parent Channel: " +#: modules/administration/pages/content-lifecycle.adoc:13 +msgid "" +"In the [guimenu]``Name`` field, enter a descriptive name for your project." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:130 -msgid "Summary: SSL-CA-Channel" +#: modules/administration/pages/content-lifecycle.adoc:14 +msgid "" +"Click the btn:[Create] button to create your project and return to the " +"project page." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:133 -msgid "" -"For more on creating custom channels, see xref:administration:channel-" -"management.adoc[]." +#: modules/administration/pages/content-lifecycle.adoc:15 +msgid "Click btn:[Attach/Detach Sources]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:134 -msgid "Upload the CA certificate RPM to the channel:" +#: modules/administration/pages/content-lifecycle.adoc:16 +msgid "" +"In the [guimenu]``Sources`` dialog, select the source type, and select a " +"base channel for your project." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:139 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:17 msgid "" -"rhnpush -c ssl-ca-channel --nosig \\\n" -"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" -"/root/combined-ssl-build/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm\n" +"The available child channels for the selected base channel are displayed, " +"including information on whether the channel is mandatory or recommended." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:141 -msgid "Subscribe all clients to the new ``SSL-CA-Channel`` channel." +#: modules/administration/pages/content-lifecycle.adoc:18 +msgid "" +"Check the child channels you require, and click btn:[Save] to return to the " +"project page." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:142 -msgid "Install the CA certificate RPM on all clients by updating the channel." +#: modules/administration/pages/content-lifecycle.adoc:19 +msgid "The software channels you selected should now be showing." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:145 -#, no-wrap -msgid "Procedure: Deploying Combined Certificates on Salt Clients" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:21 +msgid "" +"In the [guimenu]``Filters`` dialog, select the filters you want to attach to " +"the project." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:148 -msgid "In the {productname} {webui}, navigate to menu:Systems[Overview]." +#: modules/administration/pages/content-lifecycle.adoc:22 +msgid "To create a new filter, click btn:[Create new Filter]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:149 -msgid "" -"Check all your Salt Clients to add them to the System Set Manager (SSM)." +#: modules/administration/pages/content-lifecycle.adoc:23 +msgid "Click btn:[Add Environment]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:150 -msgid "Navigate to menu:Systems[System Set Manager > Overview]." +#: modules/administration/pages/content-lifecycle.adoc:24 +msgid "" +"In the [guimenu]``Environment Lifecycle`` dialog, give the first environment " +"a name and a description, and click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:151 +#: modules/administration/pages/content-lifecycle.adoc:25 msgid "" -"In the [guimenu]``States`` field, click btn:[Apply] to apply the system " -"states." +"The [guimenu]``Name`` field only accepts lowercase letters, numbers, " +"periods, hyphens, and underscores." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:152 +#: modules/administration/pages/content-lifecycle.adoc:26 msgid "" -"In the [guimenu]``Highstate`` page, click btn:[Apply Highstate] to propagate " -"the changes to the clients." +"Continue creating environments until you have all the environments for your " +"lifecycle completed." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:154 +#: modules/administration/pages/content-lifecycle.adoc:27 msgid "" -"When you have every client trusting both the old and new certificates, you " -"can go ahead and replace the server certificate on the {productname} Server " -"and Proxies." +"You can select the order of the environments in the lifecycle by selecting " +"an environment in the [guimenu]``Insert before`` field when you create it." msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:157 +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:28 #, no-wrap -msgid "Procedure: Replace Server Certificate on the Server" +msgid "Filter Types" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:160 +#: modules/administration/pages/content-lifecycle.adoc:29 msgid "" -"On the {productname} Server, at the command prompt, install the RPM from the " -"[path]``ssl-build`` directory:" +"{productname} allows you to create various types of filters to control the " +"content used for building the project. Filters allow you to select which " +"packages will be included or excluded from the build. For example, you " +"could exclude all kernel packages, or include only specific releases of some " +"packages." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:163 -#, no-wrap -msgid "rpm -Uhv ssl-build/susemanager/rhn-org-httpd-ssl-key-pair-susemanager-1.0-2.noarch.rpm\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:30 +msgid "The supported filters are:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:165 -msgid "Restart services to pick the changes:" +#: modules/administration/pages/content-lifecycle.adoc:31 +msgid "package filtering" msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:172 -#, no-wrap -msgid "Procedure: Replace Server Certificate on the Proxy" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:32 +msgid "by name" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:175 -msgid "" -"On the {productname} Proxy, at the command prompt, install the RPM from the " -"[path]``ssl-build`` directory:" +#: modules/administration/pages/content-lifecycle.adoc:33 +msgid "by name, epoch, version, release, and architecture" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:178 -#, no-wrap -msgid "rpm -Uhv ssl-build/susemanager-proxy/rhn-org-httpd-ssl-key-pair-susemanager-proxy-1.0-2.noarch.rpm\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:34 +msgid "patch filtering" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:183 -#, no-wrap -msgid "rhn-proxy restart\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:35 +msgid "by advisory name" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:185 -msgid "" -"Test that all clients still operate as expected and can use SSL to reach the " -"{productname} Server and any proxies." +#: modules/administration/pages/content-lifecycle.adoc:36 +msgid "by advisory type" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:189 -msgid "" -"When you have replaced the server certificates on your server and any " -"proxies, you need to update the certificate with only the new details on all " -"the clients. This is done by adding it to the client channels you set up " -"previously." +#: modules/administration/pages/content-lifecycle.adoc:37 +msgid "by synopsis" msgstr "" -#. type: Block title -#: modules/administration/pages/ssl-certs-selfsigned.adoc:192 -#, no-wrap -msgid "Procedure: Adding the New Certificates to the Client Channel" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:38 +msgid "by keyword" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:195 -msgid "" -"Copy the combined certificate RPM into the [path]``/root/ssl-build/`` " -"directory:" +#: modules/administration/pages/content-lifecycle.adoc:39 +msgid "by date" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:198 -#, no-wrap -msgid "cp /root/combined-ssl-build/*.rpm /root/ssl-build/\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:40 +msgid "by affected package" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:41 +msgid "module" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:42 +msgid "by stream" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:43 +msgid "Package dependencies are not resolved during content filtering." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:201 +#: modules/administration/pages/content-lifecycle.adoc:44 msgid "" -"Generate a new RPM with from the new certificates. Check the release number " -"carefully to ensure you have the right certificate file:" +"There are multiple matchers you can use with the filter. Which ones are " +"available will depend on the filter type you choose." msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:204 -#, no-wrap -msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\"\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:45 +msgid "The available matchers are:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:206 -msgid "Install the new local certificates on the {productname} Server:" +#: modules/administration/pages/content-lifecycle.adoc:46 +msgid "contains" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:210 -#, no-wrap -msgid "" -"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/ssl-build \\\n" -"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:47 +msgid "matches (must take the form of a regular expression)" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:217 -msgid "Upload the new RPM into the channel:" +#: modules/administration/pages/content-lifecycle.adoc:48 +msgid "equals" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:222 -#, no-wrap -msgid "" -"rhnpush -c ssl-ca-channel --nosig \\\n" -"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" -"/root/ssl-build/rhn-org-trusted-ssl-cert-1.0-3.noarch.rpm\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:49 +msgid "greater" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:227 -msgid "" -"When you have the new certificate in the channel, you can use the " -"{productname} {webui} to update it on all clients and proxies, by " -"synchronizing them with the channel. Alternatively, for Salt clients, you " -"can use menu:Salt[Remote Commands], or apply the highstate." +#: modules/administration/pages/content-lifecycle.adoc:50 +msgid "greater or equal" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:232 -msgid "" -"You will also need to update your proxies to remove the copy of the " -"certificate and the associated RPM. Your proxies must have the same " -"certificate content as the server. Check the [path]``/srv/www/htdocs/pub/`` " -"directory and ensure it contains:" +#: modules/administration/pages/content-lifecycle.adoc:51 +msgid "lower or equal" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:236 -#, no-wrap -msgid "" -"RHN-ORG-TRUSTED-SSL-CERT\n" -"rhn-org-trusted-ssl-cert-*.noarch.rpm\n" +#. type: Plain text +#: modules/administration/pages/content-lifecycle.adoc:52 +msgid "lower" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:239 -msgid "" -"To complete the process, you need to update the database with this command:" +#: modules/administration/pages/content-lifecycle.adoc:53 +msgid "later or equal" msgstr "" -#. type: delimited block - -#: modules/administration/pages/ssl-certs-selfsigned.adoc:242 +#. type: Title === +#: modules/administration/pages/content-lifecycle.adoc:54 #, no-wrap -msgid "/usr/bin/rhn-ssl-dbstore --ca-cert=/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" +msgid "Filter ``rule`` Parameter" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs-selfsigned.adoc:244 +#: modules/administration/pages/content-lifecycle.adoc:55 msgid "" -"If you use bootstrap, remember to also update your bootstrap scripts to " -"reflect the new certificate information." -msgstr "" - -#. type: Title = -#: modules/administration/pages/content-lifecycle.adoc:2 -#, no-wrap -msgid "Content Lifecycle Management" +"Each filter has a ``rule`` parameter that can be set to either ``Allow`` or " +"``Deny``. The filters are processed like this:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:6 +#: modules/administration/pages/content-lifecycle.adoc:56 msgid "" -"Content lifecycle management allows you to customize and test packages " -"before updating production clients. This is especially useful if you need " -"to apply updates during a limited maintenance window." +"If a package or patch satisfies a ``Deny`` filter, it will be excluded from " +"the result." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:8 +#: modules/administration/pages/content-lifecycle.adoc:57 msgid "" -"Content lifecycle management allows you to select software channels as " -"sources, adjust them as required for your environment, and thoroughly test " -"them before installing onto your production clients." +"If a package or patch satisfies an ``Allow`` filter, it will be included in " +"the result (even if it was excluded by a ``Deny`` filter)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:12 +#: modules/administration/pages/content-lifecycle.adoc:58 msgid "" -"While you cannot directly modify vendor channels, you can clone them and " -"then modify the clones by adding or removing packages and custom patches. " -"You can assign these cloned channels to test clients to ensure they work as " -"expected. Then, when all tests pass, you can promote them to production " -"servers." +"This behavior is useful when you want to exclude large number of packages or " +"patches using a general ``Deny`` filter and \"cherry-pick\" specific " +"packages or patches with specific ``Allow`` filters." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:15 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:59 msgid "" -"This is achieved through a series of environments that your software " -"channels can move through on their lifecycle. Most environment lifecycles " -"include at least test and production environments, but you can have as many " -"environments as you require." +"Content filters are global in your organization and can be shared between " +"projects." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:18 +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:60 msgid "" -"This section covers the basic content lifecycle procedures, and the filters " -"available. For more specific examples, see xref:administration:content-" -"lifecycle-examples.adoc[]." +"If your project already contains built sources, when you add an environment " +"it will automatically populate with the existing content. Content will be " +"drawn from the previous environment of the cycle if it had one. If there is " +"no previous environment, it will be left empty until the project sources are " +"built again." msgstr "" #. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:21 +#: modules/administration/pages/content-lifecycle.adoc:61 #, no-wrap -msgid "Create a Content Lifecycle Project" +msgid "Build a Content Lifecycle Project" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:25 +#: modules/administration/pages/content-lifecycle.adoc:62 msgid "" -"To set up a content lifecycle, you need to begin with a project. The " -"project defines the software channel sources, the filters used to find " -"packages, and the build environments." -msgstr "" - -#. type: Block title -#: modules/administration/pages/content-lifecycle.adoc:26 -#, no-wrap -msgid "Procedure: Creating a Content Lifecycle Project" +"When you have created your project, defined environments, and attached " +"sources and filters, you can build the project for the first time." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:28 +#: modules/administration/pages/content-lifecycle.adoc:63 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " -"and click btn:[Create Project]." +"Building applies filters to the attached sources and clones them to the " +"first environment in the project." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:30 -msgid "" -"In the [guimenu]``Label`` field, enter a label for your project. The " -"[guimenu]``Label`` field only accepts lowercase letters, numbers, periods, " -"hyphens, and underscores." +#. type: Block title +#: modules/administration/pages/content-lifecycle.adoc:64 +#, no-wrap +msgid "Procedure: Building a Content Lifecycle Project" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:31 +#: modules/administration/pages/content-lifecycle.adoc:65 msgid "" -"In the [guimenu]``Name`` field, enter a descriptive name for your project." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " +"and select the project you want to build." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:32 -msgid "" -"Click the btn:[Create] button to create your project and return to the " -"project page." +#: modules/administration/pages/content-lifecycle.adoc:66 +msgid "Review the attached sources and filters, and click btn:[Build]." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:33 -msgid "Click btn:[Attach/Detach Sources]." +#: modules/administration/pages/content-lifecycle.adoc:67 +msgid "" +"Provide a version message to describe the changes or updates in this build." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:35 +#: modules/administration/pages/content-lifecycle.adoc:68 +#: modules/administration/pages/content-lifecycle.adoc:75 msgid "" -"In the [guimenu]``Sources`` dialog, select the source type, and select a " -"base channel for your project. The available child channels for the " -"selected base channel are displayed, including information on whether the " -"channel is mandatory or recommended." +"You can monitor build progress in the [guimenu]``Environment Lifecycle`` " +"section." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:37 +#: modules/administration/pages/content-lifecycle.adoc:69 msgid "" -"Check the child channels you require, and click btn:[Save] to return to the " -"project page. The software channels you selected should now be showing." +"After the build is finished, the environment version is increased by one and " +"the built sources, such as software channels, can be assigned to your " +"clients." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:38 -msgid "Click btn:[Attach/Detach Filters]." +#. type: Title == +#: modules/administration/pages/content-lifecycle.adoc:70 +#, no-wrap +msgid "Promote Environments" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:40 +#: modules/administration/pages/content-lifecycle.adoc:71 msgid "" -"In the [guimenu]``Filters`` dialog, select the filters you want to attach to " -"the project. To create a new filter, click btn:[Create new Filter]." +"When the project has been built, the built sources can be sequentially " +"promoted to the environments." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:41 -msgid "Click btn:[Add Environment]." +#. type: Block title +#: modules/administration/pages/content-lifecycle.adoc:72 +#, no-wrap +msgid "Procedure: Promoting Environments" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:43 +#: modules/administration/pages/content-lifecycle.adoc:73 msgid "" -"In the [guimenu]``Environment Lifecycle`` dialog, give the first environment " -"a name and a description, and click btn:[Save]. The [guimenu]``Name`` field " -"only accepts lowercase letters, numbers, periods, hyphens, and underscores." +"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " +"and select the project you want to work with." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:45 +#: modules/administration/pages/content-lifecycle.adoc:74 msgid "" -"Continue creating environments until you have all the environments for your " -"lifecycle completed. You can select the order of the environments in the " -"lifecycle by selecting an environment in the [guimenu]``Insert before`` " -"field when you create it." +"In the [guimenu]``Environment Lifecycle`` section, locate the environment to " +"promote to its successor, and click btn:[Promote]." msgstr "" #. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:48 +#: modules/administration/pages/content-lifecycle.adoc:76 #, no-wrap -msgid "Filter Types" +msgid "Assign Clients to Environments" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:53 +#: modules/administration/pages/content-lifecycle.adoc:77 msgid "" -"{productname} allows you to create various types of filters to control the " -"content used for building the project. Filters allow you to select which " -"packages will be included or excluded from the build. For example, you " -"could exclude all kernel packages, or include only specific releases of some " -"packages." +"When you build and promote content lifecycle projects, {productname} creates " +"a tree of software channels. To add clients to the environment, assign the " +"base and child software channels to your client using menu:Software[Software " +"Channels] in the [guimenu]``System Details`` page for the client." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:55 -msgid "The supported filters are:" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:78 +msgid "" +"Newly added cloned channels are not assigned to clients automatically. If " +"you add or promote sources you will need to manually check and update your " +"channel assignments." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:57 -msgid "package filtering" +#. type: delimited block = +#: modules/administration/pages/content-lifecycle.adoc:79 +msgid "" +"Automatic assignment is intended to be added to {productname} in a future " +"version." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:58 -msgid "by name" +#. type: Title = +#: modules/administration/pages/content-staging.adoc:1 +#, no-wrap +msgid "Content Staging" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:59 -msgid "by name, epoch, version, release, and architecture" +#: modules/administration/pages/content-staging.adoc:2 +msgid "" +"Staging is used by clients to download packages in advance, before they are " +"installed. This allows package installation to begin as soon as it is " +"scheduled, which can reduce the amount of time required for a maintenance " +"window." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:60 -msgid "patch filtering" +#. type: Title == +#: modules/administration/pages/content-staging.adoc:3 +#, no-wrap +msgid "Enable Content Staging" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:61 -msgid "by advisory name" +#: modules/administration/pages/content-staging.adoc:4 +msgid "" +"You can manage content staging across your entire organization. In the " +"{productname} {webui}, navigate to menu:Admin[Organizations] to see a list " +"of available organizations. Click the name of an organization, and check " +"the [guimenu]``Enable Staging Contents`` box to allow clients in this " +"organization to stage package data." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:62 -msgid "by advisory type" +#. type: delimited block = +#: modules/administration/pages/content-staging.adoc:5 +#: modules/administration/pages/organizations.adoc:6 +msgid "" +"You must be logged in as a {productname} administrator to create and manage " +"organizations." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:63 -msgid "by synopsis" +#: modules/administration/pages/content-staging.adoc:6 +msgid "" +"You can also enable staging at the command prompt by editing [path]``/etc/" +"sysconfig/rhn/up2date``, and adding or editing these lines:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:64 -msgid "by keyword" +#. type: delimited block - +#: modules/administration/pages/content-staging.adoc:7 +#, no-wrap +msgid "" +"stagingContent=1\n" +"stagingContentWindow=24\n" msgstr "" +#. 2018-12-10, ke: /etc/sysconfig/rhn/up2date still exists. @renner confirmed some tools use it (at least, trad. client). To be renamed in the future. #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:65 -msgid "by date" +#: modules/administration/pages/content-staging.adoc:8 +msgid "" +"The ``stagingContentWindow`` parameter is a time value expressed in hours " +"and determines when downloading will start. It is the number of hours " +"before the scheduled installation or update time. In this example, content " +"will be downloaded 24 hours before the installation time. The start time " +"for download depends on the selected contact method for a system. The " +"assigned contact method sets the time for when the next " +"[command]``mgr_check`` will be executed." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:66 -msgid "by affected package" +#: modules/administration/pages/content-staging.adoc:9 +msgid "" +"Next time an action is scheduled, packages are automatically downloaded, but " +"not installed. At the scheduled time, the staged packages are installed." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:67 -msgid "module" +#. type: Title == +#: modules/administration/pages/content-staging.adoc:10 +#, no-wrap +msgid "Configure Content Staging" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:68 -msgid "by stream" -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:73 -msgid "Package dependencies are not resolved during content filtering." +#: modules/administration/pages/content-staging.adoc:11 +msgid "There are two parameters used to configure content staging:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:78 +#: modules/administration/pages/content-staging.adoc:12 msgid "" -"There are multiple matchers you can use with the filter. Which ones are " -"available will depend on the filter type you choose." +"[parameter]``salt_content_staging_advance`` is the advance time for the " +"content staging window to open, in hours." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:80 -msgid "The available matchers are:" +#: modules/administration/pages/content-staging.adoc:13 +msgid "" +"This is the number of hours before installation starts, that package " +"downloads can begin." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:82 -msgid "contains" +#: modules/administration/pages/content-staging.adoc:14 +msgid "" +"[parameter]``salt_content_staging_window`` is the duration of the content " +"staging window, in hours." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:83 -msgid "matches (must take the form of a regular expression)" +#: modules/administration/pages/content-staging.adoc:15 +msgid "" +"This is the amount of time clients have to stage packages before " +"installation begins." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:84 -msgid "equals" +#: modules/administration/pages/content-staging.adoc:16 +msgid "" +"For example, if [parameter]``salt_content_staging_advance`` is set to six " +"hours, and [parameter]``salt_content_staging_window`` is set to two hours, " +"the staging window will open six hours before the installation time, and " +"remain open for two hours. No packages will be downloaded in the four " +"remaining hours until installation starts." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:85 -msgid "greater" +#: modules/administration/pages/content-staging.adoc:17 +msgid "" +"If you set the same value for both " +"[parameter]``salt_content_staging_advance`` and " +"[parameter]``salt_content_staging_window`` packages will be able to be " +"downloaded until installation begins." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:86 -msgid "greater or equal" +#: modules/administration/pages/content-staging.adoc:18 +msgid "" +"Configure the content staging parameters in [path]``/usr/share/rhn/config-" +"defaults/rhn_java.conf``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:87 -msgid "lower or equal" +#: modules/administration/pages/content-staging.adoc:19 +msgid "Default values:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:88 -msgid "lower" +#: modules/administration/pages/content-staging.adoc:20 +msgid "[path]``salt_content_staging_advance: 8 hours``" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:89 -msgid "later or equal" +#: modules/administration/pages/content-staging.adoc:21 +msgid "[path]``salt_content_staging_window: 8 hours``" msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle.adoc:92 +#. type: delimited block = +#: modules/administration/pages/content-staging.adoc:22 +msgid "Content staging must be enabled for these parameters to work correctly." +msgstr "" + +#. type: Title = +#: modules/administration/pages/crash-reporting.adoc:1 #, no-wrap -msgid "Filter ``rule`` Parameter" +msgid "Crash Reporting" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:96 +#: modules/administration/pages/crash-reporting.adoc:2 msgid "" -"Each filter has a ``rule`` parameter that can be set to either ``Allow`` or " -"``Deny``. The filters are processed like this:" +"Crash reporting is used to automatically monitor and report on traditional " +"{redhat} clients that have experienced a crash." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:98 +#: modules/administration/pages/crash-reporting.adoc:3 msgid "" -"If a package or patch satisfies a ``Deny`` filter, it will be excluded from " -"the result." +"Clients that have crash reporting enabled report any crashes to the " +"{productname} Server. This allows you to see what crashes have occurred, " +"manage crash reports, and add custom notes to crashes from within the " +"{productname} {webui}. You can also run reports on crashes." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:99 +#. type: delimited block = +#: modules/administration/pages/crash-reporting.adoc:4 msgid "" -"If a package or patch satisfies an ``Allow`` filter, it will be included in " -"the result (even if it was excluded by a ``Deny`` filter)." +"Crash reporting works only with traditional {redhat} clients. It does not " +"work with Salt clients, or with traditional clients running any other " +"operating system." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:101 +#: modules/administration/pages/crash-reporting.adoc:5 msgid "" -"This behavior is useful when you want to exclude large number of packages or " -"patches using a general ``Deny`` filter and \"cherry-pick\" specific " -"packages or patches with specific ``Allow`` filters." +"Crash reporting requires the ``spacewalk-abrt`` package installed on the " +"client you want to monitor. To manage crash reports in the {webui}, " +"navigate to menu:Systems[Software Crashes]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:105 -msgid "" -"Content filters are global in your organization and can be shared between " -"projects." +#. type: Title == +#: modules/administration/pages/crash-reporting.adoc:6 +#, no-wrap +msgid "Crash Notes" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:112 +#. type: Plain text +#: modules/administration/pages/crash-reporting.adoc:7 msgid "" -"If your project already contains built sources, when you add an environment " -"it will automatically populate with the existing content. Content will be " -"drawn from the previous environment of the cycle if it had one. If there is " -"no previous environment, it will be left empty until the project sources are " -"built again." +"You can create custom notes for each crash report using the {productname} " +"{webui}. Navigate to menu:Systems[Systems List] and select the client that " +"crashed. Navigate to the menu:Software[Software Crashes] tab to see a list " +"of all current crashes for the selected client. Click the crash to see more " +"information, and navigate to the [guimenu]``Crash Notes`` tab to add or edit " +"notes." msgstr "" #. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:116 +#: modules/administration/pages/crash-reporting.adoc:8 #, no-wrap -msgid "Build a Content Lifecycle Project" +msgid "Organization Crash Configuration" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:119 +#: modules/administration/pages/crash-reporting.adoc:9 msgid "" -"When you have created your project, defined environments, and attached " -"sources and filters, you can build the project for the first time." +"You can manage crash reporting for your entire organization, turning the " +"feature on or off, changing whether crash files are uploaded, and setting a " +"size limit for file upload sizes. Navigate to menu:Admin[Organizations] and " +"select the organization you want to manage. Navigate to the " +"[guimenu]``Configuration`` tab and change the settings as required. Click " +"btn:[Update Organization] to save the changes." +msgstr "" + +#. type: Title == +#: modules/administration/pages/crash-reporting.adoc:10 +#, no-wrap +msgid "Reporting" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:121 +#: modules/administration/pages/crash-reporting.adoc:11 msgid "" -"Building applies filters to the attached sources and clones them to the " -"first environment in the project." +"{productname} allows you to use the following crash-related reports with the " +"spacewalk-report tool:" msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle.adoc:124 +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:12 #, no-wrap -msgid "Procedure: Building a Content Lifecycle Project" +msgid "" +"system-crash-count\n" +"system-crash-details\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:127 +#: modules/administration/pages/crash-reporting.adoc:13 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " -"and select the project you want to build." +"For more information about reports, see xref:administration:reports.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:128 -msgid "Review the attached sources and filters, and click btn:[Build]." +#. type: Title == +#: modules/administration/pages/crash-reporting.adoc:14 +#, no-wrap +msgid "Managing Crash Reports with the API" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:129 +#: modules/administration/pages/crash-reporting.adoc:15 +msgid "Use these API calls to manage reported software crashes:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:16 +#, no-wrap msgid "" -"Provide a version message to describe the changes or updates in this build." +"system.crash.getLastReportDate()\n" +"system.crash.getUniqueCrashCount()\n" +"system.crash.getTotalCrashCount()\n" +"system.crash.listSystemCrashes()\n" +"system.crash.listSystemCrashFiles()\n" +"system.crash.deleteCrash()\n" +"system.crash.getCrashFileUrl()\n" +"system.crash.getCrashFile()\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:130 -#: modules/administration/pages/content-lifecycle.adoc:145 +#: modules/administration/pages/crash-reporting.adoc:17 +msgid "Use these API calls to manage notes on crashes:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:18 +#, no-wrap msgid "" -"You can monitor build progress in the [guimenu]``Environment Lifecycle`` " -"section." +"system.crash.createCrashNote()\n" +"system.crash.deleteCrashNote()\n" +"system.crash.getCrashNotesForCrash()\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:132 +#: modules/administration/pages/crash-reporting.adoc:19 msgid "" -"After the build is finished, the environment version is increased by one and " -"the built sources, such as software channels, can be assigned to your " -"clients." +"Use these API calls to manage organization settings for crash reporting:" msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:135 +#. type: delimited block - +#: modules/administration/pages/crash-reporting.adoc:20 #, no-wrap -msgid "Promote Environments" +msgid "" +"org.getCrashFileSizeLimit()\n" +"org.setCrashFileSizeLimit()\n" +"org.isCrashReportingEnabled()\n" +"org.setCrashReporting()\n" +"org.isCrashfileUploadEnabled()\n" +"org.setCrashfileUpload()\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:138 +#: modules/administration/pages/crash-reporting.adoc:21 msgid "" -"When the project has been built, the built sources can be sequentially " -"promoted to the environments." +"For more information about the API, see the latest API documentation " +"available from https://documentation.suse.com/suma." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle.adoc:141 +#. type: Title = +#: modules/administration/pages/custom-channels.adoc:1 #, no-wrap -msgid "Procedure: Promoting Environments" +msgid "Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:143 +#: modules/administration/pages/custom-channels.adoc:2 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects], " -"and select the project you want to work with." +"Custom channels give you the ability to create your own software packages " +"and repositories, which you can use to update your clients. They also allow " +"you to use software provided by third party vendors in your environment." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:144 +#: modules/administration/pages/custom-channels.adoc:3 msgid "" -"In the [guimenu]``Environment Lifecycle`` section, locate the environment to " -"promote to its successor, and click btn:[Promote]." +"You must have administrator privileges to be able to create and manage " +"custom channels." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:4 +msgid "" +"Before you create a custom channel, determine which base channel you want to " +"associate it with, and which repositories you want to use for content." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:5 +msgid "" +"This section gives more detail on how to create, administer, and delete " +"custom channels." msgstr "" #. type: Title == -#: modules/administration/pages/content-lifecycle.adoc:148 +#: modules/administration/pages/custom-channels.adoc:6 #, no-wrap -msgid "Assign Clients to Environments" +msgid "Creating Custom Channels and Repositories" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle.adoc:152 +#: modules/administration/pages/custom-channels.adoc:7 msgid "" -"When you build and promote content lifecycle projects, {productname} creates " -"a tree of software channels. To add clients to the environment, assign the " -"base and child software channels to your client using menu:Software[Software " -"Channels] in the [guimenu]``System Details`` page for the client." +"If you have custom software packages that you need to install on your " +"{productname} systems, you can create a custom child channel to manage " +"them. You will need to create the channel in the {productname} {webui} and " +"create a repository for the packages, before assigning the channel to your " +"systems." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:157 +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:8 msgid "" -"Newly added cloned channels are not assigned to clients automatically. If " -"you add or promote sources you will need to manually check and update your " -"channel assignments." +"You can select a vendor channel as the base channel if you want to use " +"packages provided by a vendor. Alternatively, select ``none`` to make your " +"custom channel a base channel." +msgstr "" + +#. We need to create a section on importing GPG keys and change this to point there: https://github.com/SUSE/spacewalk/issues/9474 LKB 2019-09-18 +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:9 +msgid "" +"Custom channels will sometimes require additional security settings. Many " +"third party vendors secure packages with GPG. If you want to use GPG-" +"protected packages in your custom channel, you will need to trust the GPG " +"key which has been used to sign the metadata. You can then check the " +"[guimenu]``Has Signed Metadata?`` check box to match the package metadata " +"against the trusted GPG keys. For more information on importing GPG keys, " +"see xref:reference:systems/autoinst-gpg-and-ssl-keys.adoc[]." msgstr "" #. type: delimited block = -#: modules/administration/pages/content-lifecycle.adoc:159 +#: modules/administration/pages/custom-channels.adoc:10 msgid "" -"Automatic assignment is intended to be added to {productname} in a future " -"version." +"Do not create child channels containing packages that are not compatible " +"with the client system." msgstr "" -#. type: Title = -#: modules/administration/pages/iss.adoc:2 +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:11 #, no-wrap -msgid "Inter-Server Synchronization" +msgid "Procedure: Creating a Custom Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:6 +#: modules/administration/pages/custom-channels.adoc:12 msgid "" -"If you have more than one {productname} installation, you need to ensure " -"that they stay aligned on content and permissions. Inter-Server " -"Synchronization (ISS) allows you to connect two or more {productname} " -"Servers and keep them up-to-date." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and click btn:[Create Channel]." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:9 +#: modules/administration/pages/custom-channels.adoc:13 msgid "" -"To set up ISS, you need to define one {productname} Server as a master, with " -"the other as a slave. If conflicting configurations exist, the system will " -"prioritize the master configuration." +"On the [guimenu]``Create Software Channel`` page, give your channel a name " +"(for example, [systemitem]``My Tools SLES 15 SP1 x86_64``) and a label (for " +"example, [systemitem]``my-tools-sles15sp1-x86_64``)." msgstr "" -#. type: delimited block = -#: modules/administration/pages/iss.adoc:16 +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:14 +msgid "Labels must not contain spaces or uppercase letters." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:15 msgid "" -"ISS Masters are masters only because they have slaves attached to them. " -"This means that you need to set up the ISS Master first, by defining its " -"slaves. You can then set up the ISS Slaves, by attaching them to a master." +"In the [guimenu]``Parent Channel`` drop down, choose the relevant base " +"channel (for example, [systemitem]``SLE-Product-SLES15-SP1-Pool for " +"x86_64``)." msgstr "" -#. type: Block title -#: modules/administration/pages/iss.adoc:20 -#, no-wrap -msgid "Procedure: Setting up an ISS Master" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:16 +msgid "Ensure that you choose the compatible parent channel for your packages." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:23 +#: modules/administration/pages/custom-channels.adoc:17 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " -"Master Setup], and click btn:[Add new slave]." +"In the [guimenu]``Architecture`` drop down, choose the appropriate hardware " +"architecture (for example, [systemitem]``x86_64``)." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:24 +#: modules/administration/pages/custom-channels.adoc:18 msgid "" -"In the [guimenu]``Edit Slave Details`` dialog, provide these details for the " -"ISS Master's first slave:" +"Provide any additional information in the contact details, channel access " +"control, and GPG fields, as required for your environment." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:26 +#: modules/administration/pages/custom-channels.adoc:19 +msgid "Click btn:[Create Channel]." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/custom-channels.adoc:20 msgid "" -"In the [guimenu]``Slave Fully-Qualified Domain Name`` field, enter the FQDN " -"of the ISS Slave. For example: [systemitem]``server2.example.com``." +"By default, the ``Enable GPG Check`` field is checked when you create a new " +"channel. If you would like to add custom packages and applications to your " +"channel, make sure you uncheck this field to be able to install unsigned " +"packages. Disabling the GPG check is a security risk if packages are from " +"an untrusted source." +msgstr "" + +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:21 +#, no-wrap +msgid "Procedure: Creating a Software Repository" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:27 +#: modules/administration/pages/custom-channels.adoc:22 msgid "" -"Check the [guimenu]``Allow Slave to Sync?`` checkbox to enable the slave to " -"synchronize with the master." +"In the {productname} {webui}, navigate to menu:Software[Manage > " +"Repositories], and click btn:[Create Repository]." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:28 +#: modules/administration/pages/custom-channels.adoc:23 msgid "" -"Check the [guimenu]``Sync All Orgs to Slave?`` checkbox to synchronize all " -"organizations to this slave." +"On the [guimenu]``Create Repository`` page, give your repository a label " +"(for example, [systemitem]``my-tools-sles15sp1-x86_64-repo``)." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:29 -msgid "Click btn:[Create] to add the ISS slave." +#: modules/administration/pages/custom-channels.adoc:24 +msgid "" +"In the [guimenu]``Repository URL`` field, provide the path to the directory " +"that contains the [path]``repodata`` file (for example, " +"[systemitem]``file:///opt/mytools/``)." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:25 +msgid "You can use any valid addressing protocol in this field." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:26 +msgid "Uncheck the [guimenu]``Has Signed Metadata?`` check box." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:30 +#: modules/administration/pages/custom-channels.adoc:27 msgid "" -"In the [guimenu]``Allow Export of the Selected Organizations`` section, " -"check the organizations you want to allow this slave to export to the " -"master, and click btn:[Allow Orgs]." +"OPTIONAL: Complete the SSL fields if your repository requires client " +"certificate authentication." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:34 -msgid "" -"Before you set up the ISS Slave, you will need to ensure you have the " -"appropriate CA certificate." +#: modules/administration/pages/custom-channels.adoc:28 +msgid "Click btn:[Create Repository]." msgstr "" #. type: Block title -#: modules/administration/pages/iss.adoc:37 +#: modules/administration/pages/custom-channels.adoc:29 #, no-wrap -msgid "Procedure: Copying the Master CA Certificate to an ISS Slave" +msgid "Procedure: Assigning the Repository to a Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:39 +#: modules/administration/pages/custom-channels.adoc:30 msgid "" -"On the ISS Master, locate the CA Certificate at ``/srv/www/htdocs/pub/RHN-" -"ORG-TRUSTED-SSL-CERT`` and create a copy that can be transferred to the " -"ISS Slave." +"Assign your new repository to your custom channel by navigating to menu:" +"Software[Manage > Channels], clicking the name of your newly created custom " +"channel, and navigating to the [guimenu]``Repositories`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:40 +#: modules/administration/pages/custom-channels.adoc:31 msgid "" -"On the ISS Slave, save the CA certificate file to the ``/etc/pki/trust/" -"anchors/`` directory." +"Ensure the repository you want to assign to the channel is checked, and " +"click btn:[Update Repositories]." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:43 -msgid "When you have copied the certificate, you can set up the ISS Slave." +#: modules/administration/pages/custom-channels.adoc:32 +msgid "" +"Navigate to the [guimenu]``Sync`` tab and click btn:[Sync Now] to " +"synchronize immediately." msgstr "" -#. type: Block title -#: modules/administration/pages/iss.adoc:46 -#, no-wrap -msgid "Procedure: Setting up an ISS Slave" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:33 +msgid "You can also set an automated synchronization schedule on this tab." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:49 +#: modules/administration/pages/custom-channels.adoc:34 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " -"Slave Setup], and click btn:[Add new master]." +"There are several ways to check if a channel has finished synchronizing:" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:50 +#: modules/administration/pages/custom-channels.adoc:35 msgid "" -"In the [guimenu]``Details for new Master`` dialog, provide these details for " -"the server to use as the ISS master:" +"In the {productname} {webui}, navigate to menu:Admin[Setup Wizard] and " +"select the [guimenu]``Products`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:52 +#: modules/administration/pages/custom-channels.adoc:36 msgid "" -"In the [guimenu]``Master Fully-Qualified Domain Name`` field, enter the FQDN " -"of the ISS Master for this slave. For example: ``server1.example.com``." +"This dialog displays a completion bar for each product when they are being " +"synchronized." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:54 +#: modules/administration/pages/custom-channels.adoc:37 msgid "" -"In the [guimenu]``Filename of this Master's CA Certificate`` field, enter " -"the absolute path to the CA certificate on the ISS master. This should be " -"``/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT``." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"then click the channel associated to the repository." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:55 -msgid "Click btn:[Add new master] to add the ISS Slave to this master." -msgstr "" - -#. type: Block title -#: modules/administration/pages/iss.adoc:58 -#, no-wrap -msgid "Procedure: Completing ISS Setup" +#: modules/administration/pages/custom-channels.adoc:38 +msgid "" +"Navigate to the menu:[Repositories > Sync] tab. The [guimenu]``Sync " +"Status`` is shown next to the repository name.." msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:60 -msgid "" -"At the command prompt on the ISS Slave, synchronize with the ISS Master:" +#: modules/administration/pages/custom-channels.adoc:39 +msgid "Check the synchronization log file at the command prompt:" msgstr "" #. type: delimited block - -#: modules/administration/pages/iss.adoc:63 +#: modules/administration/pages/custom-channels.adoc:40 #, no-wrap -msgid "mgr-inter-sync\n" +msgid "tail -f /var/log/rhn/reposync/.log\n" msgstr "" #. type: Plain text -#: modules/administration/pages/iss.adoc:65 -msgid "OPTIONAL: To synchronize a single channel, use this command:" +#: modules/administration/pages/custom-channels.adoc:41 +msgid "" +"Each child channel will generate its own log during the synchronization " +"progress. You will need to check all the base and child channel log files " +"to be sure that the synchronization is complete." msgstr "" -#. type: delimited block - -#: modules/administration/pages/iss.adoc:68 +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:42 #, no-wrap -msgid "mgr-inter-sync -c \n" +msgid "Procedure: Adding Custom Channels to an Activation Key" msgstr "" -#. Need to double check this against the UI. --LKB 2020-04-08 #. type: Plain text -#: modules/administration/pages/iss.adoc:70 +#: modules/administration/pages/custom-channels.adoc:43 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " -"Configure Master-to-Slave Mappings] and select the organizations you want to " -"synchronize." +"In the {productname} {webui}, navigate to menu:Systems[Activation Keys], and " +"select the key you want to add the custom channel to." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-notifications.adoc:2 -#, no-wrap -msgid "Troubleshooting Notifications" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:44 +msgid "" +"On the [guiemnu]``Details`` tab, in the [guimenu]``Child Channels`` listing, " +"select the channel to associate." msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-notifications.adoc:26 -msgid "" -"The default lifetime of notification messages is 30 days, after which " -"messages are deleted from the database, regardless of read status. To " -"change this value, add or edit this line in [path]``/etc/rhn/rhn.conf``:" +#: modules/administration/pages/custom-channels.adoc:45 +msgid "You can select multiple channels, if you need to." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-notifications.adoc:29 +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:46 +msgid "Click btn:[Update Activation Key]." +msgstr "" + +#. type: Title == +#: modules/administration/pages/custom-channels.adoc:47 #, no-wrap -msgid "java.notifications_lifetime = 30\n" +msgid "Add Packages and Patches to Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-notifications.adoc:33 +#: modules/administration/pages/custom-channels.adoc:48 msgid "" -"All notification types are enabled by default. To disable a notification " -"type, add or edit this line in [path]``/etc/rhn/rhn.conf``:" +"When you create a new custom channel without cloning it from an existing " +"channel, it will not contain any packages or patches. You can add the " +"packages and patches you require using the {productname} {webui}." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-notifications.adoc:36 -#, no-wrap -msgid "java.notifications_type_disabled = OnboardingFailed,ChannelSyncFailed,ChannelSyncFinished\n" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:49 +msgid "" +"Custom channels can only include packages or patches that are cloned or " +"custom, and they must match the base architecture of the channel. Patches " +"added to custom channels must apply to a package that exists in the channel." msgstr "" -#. type: Title = -#: modules/administration/pages/users.adoc:2 +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:50 #, no-wrap -msgid "Users" +msgid "Procedure: Adding Packages to Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:6 +#: modules/administration/pages/custom-channels.adoc:51 msgid "" -"{productname} Administrators can add new users, grant permissions, and " -"deactivate or delete users. If you are managing a large number of users, " -"you can assign users to system groups to manage permissions at a group level." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and go to the [guimenu]``Packages`` tab." msgstr "" -#. type: delimited block = -#: modules/administration/pages/users.adoc:11 +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:52 msgid "" -"The [guimenu]``Users`` menu is only available if you are logged in with a " -"{productname} administrator account." +"OPTIONAL: See all packages currently in the channel by navigating to the " +"[guimenu]``List/Remove`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:18 +#: modules/administration/pages/custom-channels.adoc:53 msgid "" -"To manage {productname} users, navigate to menu:Users[User List > All] to " -"see all users in your {productname} Server. Each user in the list shows the " -"username, real name, assigned roles, the date the user last signed in, and " -"the current status of the user. Click btn:``Create User`` to create a new " -"user account. Click the username to go to the [guimenu]``User Details`` " -"page." +"Add new packages to the channel by navigating to the [guimenu]``Add`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:20 +#: modules/administration/pages/custom-channels.adoc:54 msgid "" -"To add new users to your organization, click btn:[Create User], complete the " -"details for the new user, and click btn:[Create Login]." +"Select the parent channel to provide packages, and click btn:[View Packages] " +"to populate the list." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:24 +#: modules/administration/pages/custom-channels.adoc:55 msgid "" -"You can deactivate or delete user accounts if they are no longer required. " -"Deactivated user accounts can be reactivated at any time. Deleted user " -"accounts are not visible, and cannot be retrieved." +"Check the packages to add to the custom channel, and click btn:[Add " +"Packages]." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:27 +#: modules/administration/pages/custom-channels.adoc:56 msgid "" -"Users can deactivate their own accounts. However, if users have an " -"administrator role, the role must be removed before the account can be " -"deactivated." +"When you are satisfied with the selection, click btn:[Confirm Addition] to " +"add the packages to the channel." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:31 +#: modules/administration/pages/custom-channels.adoc:57 msgid "" -"Deactivated users cannot log in to the {productname} {webui} or schedule any " -"actions. Actions scheduled by a user prior to their deactivation remain in " -"the action queue. Deactivated users can be reactivated by {productname} " -"administrators." +"OPTIONAL: You can compare the packages in the current channel with those in " +"a different channel by navigating to menu:Software[Manage > Channels], and " +"going to the menu:Packages[Compare] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:34 +#: modules/administration/pages/custom-channels.adoc:58 msgid "" -"Users can hold multiple administrator roles, and there can be more than one " -"user holding any administrator role at any time. There must always be at " -"least one active {productname} Administrator." +"To make the two channels the same, click the btn:[Merge Differences] button, " +"and resolve any conflicts." msgstr "" #. type: Block title -#: modules/administration/pages/users.adoc:37 +#: modules/administration/pages/custom-channels.adoc:59 #, no-wrap -msgid "User Administrator Role Permissions" +msgid "Procedure: Adding Patches to a Custom Channel" msgstr "" -#. type: Table -#: modules/administration/pages/users.adoc:48 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:60 msgid "" -"| Role Name | Description\n" -"| System Group User | Standard role associated with all users.\n" -"| {productname} Administrator | Can perform all functions, including changing privileges of other users.\n" -"| Organization Administrator | Manages activation keys, configurations, channels, and system groups.\n" -"| Activation Key Administrator | Manages activation keys.\n" -"| Image Administrator | Manages image profiles, builds, and stores.\n" -"| Configuration Administrator | Manages system configuration.\n" -"| Channel Administrator | Manages software channels, including making channels globally subscribable, and creating new channels.\n" -"| System Group Administrator | Manages systems groups, including creating and deleting system groups, adding clients to existing groups, and managing user access to groups.\n" +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and go to the [guimenu]``Patches`` tab." msgstr "" -#. type: Title == -#: modules/administration/pages/users.adoc:52 -#, no-wrap -msgid "User Permissions and Systems" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:61 +msgid "" +"OPTIONAL: See all patches currently in the channel by navigating to the " +"[guimenu]``List/Remove`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:55 +#: modules/administration/pages/custom-channels.adoc:62 msgid "" -"If you have created system groups to manage your clients, you can assign " -"groups to users for them to manage." +"Add new patches to the channel by navigating to the [guimenu]``Add`` tab, " +"and selecting what kind of patches you want to add." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:58 +#: modules/administration/pages/custom-channels.adoc:63 msgid "" -"To assign a user to a system group, navigate to menu:Users[User List], click " -"the username to edit, and go to the [guimenu]``System Groups`` tab. Check " -"the groups to assign, and click btn:``Update Defaults``." +"Select the parent channel to provide patches, and click btn:[View Associated " +"Patches] to populate the list." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:62 +#: modules/administration/pages/custom-channels.adoc:64 msgid "" -"You can also select one or more default system groups for a user. When the " -"user registers a new client, it is assigned to the chosen system group by " -"default. This allows the user to immediately access the newly-registered " -"client." +"Check the patches to add to the custom channel, and click btn:[Confirm]." msgstr "" -#. I really don't understand what this is. Need a sentence or two to explain it. --LKB 2020-04-29 #. type: Plain text -#: modules/administration/pages/users.adoc:67 +#: modules/administration/pages/custom-channels.adoc:65 msgid "" -"To manage external groups, navigate to menu:Users[System Group " -"Configuration], and go to the [guimenu]``External Authentication`` tab. " -"Click btn:[Create External Group] to create a new external group. Give the " -"group a name, and assign it to the appropriate system group." +"When you are satisfied with the selection, click btn:[Confirm] to add the " +"patches to the channel." +msgstr "" + +#. type: Title == +#: modules/administration/pages/custom-channels.adoc:66 +#, no-wrap +msgid "Manage Custom Channels" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:67 +msgid "" +"{productname} administrators and channel administrators can alter or delete " +"any channel." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:68 +msgid "" +"To grant other users rights to alter or delete a channel, navigate to menu:" +"Software[Manage > Channels] and select the channel you want to edit. " +"Navigate to the [guimenu]``Managers`` tab, and check the user to grant " +"permissions. Click btn:[Update] to save the changes." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/custom-channels.adoc:69 +msgid "" +"If you delete a channel that has been assigned to a set of clients, it will " +"trigger an immediate update of the channel state for any clients associated " +"with the deleted channel. This is to ensure that the changes are reflected " +"accurately in the repository file." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:69 +#: modules/administration/pages/custom-channels.adoc:70 msgid "" -"For more information about system groups, see xref:reference:systems/system-" -"groups.adoc[]." +"You cannot delete {productname} channels with the {webui}. Only custom " +"channels can be deleted." msgstr "" -#. type: Plain text -#: modules/administration/pages/users.adoc:73 -msgid "" -"To see the individual clients a user can administer, navigate to menu:" -"Users[User List], click the username to edit, and go to the " -"[guimenu]``Systems`` tab. To carry out bulk tasks, you can select clients " -"from the list to add them to the system set manager." +#. type: Block title +#: modules/administration/pages/custom-channels.adoc:71 +#, no-wrap +msgid "Procedure: Deleting Custom Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:75 +#: modules/administration/pages/custom-channels.adoc:72 msgid "" -"For more information about the system set manager, see xref:client-" -"configuration:using-ssm.adoc[]." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"and select the channel you want to delete." msgstr "" -#. type: Title == -#: modules/administration/pages/users.adoc:78 -#, no-wrap -msgid "Users and Channel Permissions" +#. type: Plain text +#: modules/administration/pages/custom-channels.adoc:73 +msgid "Click btn:[Delete software channel]." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:81 +#: modules/administration/pages/custom-channels.adoc:74 msgid "" -"You can assign users to software channels within your organization either as " -"a subscriber that consumes content from channels, or as an administrator, " -"who can manage the channels themselves." +"On the [guimenu]``Delete Channel`` page, check the details of the channel " +"you are deleting, and check the [guimenu]``Unsubscribe Systems`` checkbox to " +"remove the custom channel from any systems that might still be subscribed." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:84 -msgid "" -"To subscribe a user to a channel, navigate to menu:Users[User List], click " -"the username to edit, and go to the menu:Channel Permissions[Subscription] " -"tab. Check the channels to assign, and click btn:``Update Permissions``." +#: modules/administration/pages/custom-channels.adoc:75 +msgid "Click btn:[Delete Channel]." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:87 +#: modules/administration/pages/custom-channels.adoc:76 msgid "" -"To grant a user channel management permissions, navigate to menu:Users[User " -"List], click the username to edit, and go to the menu:Channel " -"Permissions[Management] tab. Check the channels to assign, and click btn:" -"``Update Permissions``." +"When channels are deleted, the packages that are part of the deleted channel " +"are not automatically removed. You will not be able to update packages that " +"have had their channel deleted." msgstr "" #. type: Plain text -#: modules/administration/pages/users.adoc:89 +#: modules/administration/pages/custom-channels.adoc:77 msgid "" -"Some channels in the list might not be subscribable. This is usually " -"because of the users administrator status, or the channels global settings." +"You can delete packages that are not associated with a channel in the " +"{productname} {webui}. Navigate to menu:Software[Manage > Packages], check " +"the packages to remove, and click btn:[Delete Packages]." msgstr "" #. type: Title = -#: modules/administration/pages/auth-methods-sso-example.adoc:2 +#: modules/administration/pages/disconnected-setup.adoc:1 #, no-wrap -msgid "Example SSO Implementation" +msgid "Disconnected Setup" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:5 +#: modules/administration/pages/disconnected-setup.adoc:2 msgid "" -"In this example, SSO is implemented by exposing three endpoints with " -"{productname}, and using Keycloak as the identity service provider (IdP)." +"When it is not possible to connect {productname} to the internet, you can " +"use it within a disconnected environment." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:8 +#: modules/administration/pages/disconnected-setup.adoc:3 msgid "" -"Start by setting up the {productname} Server, and the Keycloak IdP. Then " -"you can add the endpoints as clients, and create users." +"The repository mirroring tool (RMT) is available on {sle}{nbsp}15 and " +"later. RMT replaces the subscription management tool (SMT), which can be " +"used on older {sle} installations." msgstr "" -#. type: delimited block = -#: modules/administration/pages/auth-methods-sso-example.adoc:15 +#. type: Plain text +#: modules/administration/pages/disconnected-setup.adoc:4 msgid "" -"This example is provided for illustrative purposes only. {suse} does not " -"recommend or support third-party identity service providers, and is not " -"affiliated with Keycloak. For Keycloak support, see https://www.keycloak." -"org/." -msgstr "" - -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:19 -#, no-wrap -msgid "Procedure: Setting Up the {productname} Server" +"In a disconnected {productname} setup, RMT or SMT uses an external network " +"to connect to {scc}. All software channels and repositories are " +"synchronized to a removable storage device. The storage device can then be " +"used to update the disconnected {productname} installation." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:22 +#: modules/administration/pages/disconnected-setup.adoc:5 msgid "" -"On the {productname} Server, open the [path]``/etc/rhn/rhn.conf`` " -"configuration file and edit these parameters. Replace ```` with the " -"fully-qualified domain name of your {productname} installation:" +"This setup allows your {productname} installation to remain in an offline, " +"disconnected environment." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:27 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/disconnected-setup.adoc:6 msgid "" -"java.sso.onelogin.saml2.sp.entityid = /rhn/manager/sso/metadata\n" -"java.sso.onelogin.saml2.sp.assertion_consumer_service.url = /rhn/manager/sso/acs\n" -"java.sso.onelogin.saml2.sp.single_logout_service.url = /rhn/manager/sso/sls\n" +"Your RMT or SMT instance must be used to managed a {productname} Server " +"directly. It cannot be used to manage a second RMT or SMT instance, in a " +"cascade." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:29 -msgid "In the configuration file, determine the three endpoints to expose:" +#: modules/administration/pages/disconnected-setup.adoc:7 +msgid "" +"For more information on RMT, see https://documentation.suse.com/sles/15-SP2/" +"html/SLES-all/book-rmt.html." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:34 +#. type: Title == +#: modules/administration/pages/disconnected-setup.adoc:8 #, no-wrap -msgid "" -"java.sso.onelogin.saml2.idp.entityid\n" -"java.sso.onelogin.saml2.idp.single_sign_on_service.url\n" -"java.sso.onelogin.saml2.idp.single_logout_service.url\n" +msgid "Synchronize RMT" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:39 +#: modules/administration/pages/disconnected-setup.adoc:9 msgid "" -"In the IdP metadata, locate the public x509 certificate. It uses this " -"format: ``/auth/realms//protocol/saml/" -"descriptor``. In the configuration file, specify the public x509 " -"certificate of the IdP:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:42 -#, no-wrap -msgid "java.sso.onelogin.saml2.idp.x509cert\n" +"You can use RMT on {sle} 15 installations to manage clients running {sle} 12 " +"or later." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:49 +#: modules/administration/pages/disconnected-setup.adoc:10 msgid "" -"When you have prepared the {productname} Server, you can install Keycloak. " -"You can install Keycloak directly on your machine, or run it in a " -"container. In this example, we run Keycloak in a Docker container. For " -"more information about installing Keycloak, see the Keycloak documentation " -"at https://www.keycloak.org/getting-started/getting-started-docker." +"We recommend you set up a dedicated RMT instance for each {productname} " +"installation." msgstr "" #. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:52 +#: modules/administration/pages/disconnected-setup.adoc:11 #, no-wrap -msgid "Procedure: Setting Up the Identity Service Provider" +msgid "Procedure: Setting up RMT" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:54 -msgid "" -"Install Keycloak in a Docker container, according to the Keycloak " -"documentation." +#: modules/administration/pages/disconnected-setup.adoc:12 +msgid "On the RMT instance, install the RMT package:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:13 +#, no-wrap +msgid "zypper in rmt-server\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:55 -msgid "" -"Run the container using the ``-td`` argument to ensure the process remains " -"running:" +#: modules/administration/pages/disconnected-setup.adoc:14 +msgid "Configure RMT using {yast}:" msgstr "" #. type: delimited block - -#: modules/administration/pages/auth-methods-sso-example.adoc:58 +#: modules/administration/pages/disconnected-setup.adoc:15 #, no-wrap -msgid "docker run -td --name=idp -p 8080:8080 -e KEYCLOAK_USER= -e KEYCLOAK_PASSWORD= quay.io/keycloak/keycloak:9.0.2\n" +msgid "yast2 rmt\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:60 -msgid "" -"Sign in the Keycloak {webui} as a privileged user, and create a realm using " -"these details:" +#: modules/administration/pages/disconnected-setup.adoc:16 +msgid "Follow the prompts to complete installation." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:63 +#: modules/administration/pages/disconnected-setup.adoc:17 msgid "" -"In the ``Name`` field, enter a name for the realm. For example, ``SUMA``." +"For more information on setting up RMT, see https://documentation.suse.com/" +"sles/15-SP2/html/SLES-all/book-rmt.html." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:64 -msgid "Toggle the ``Enabled`` switch to ``On``." +#. type: Block title +#: modules/administration/pages/disconnected-setup.adoc:18 +#, no-wrap +msgid "Procedure: Synchronizing RMT with SCC" msgstr "" -#. Probably needs more explanation here. --LKB 20200415 #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:67 +#: modules/administration/pages/disconnected-setup.adoc:19 msgid "" -"In the ``Endpoints`` field, type ``SAML 2.0 Identity Provider Metadata``. " -"This endpoint is ``/auth/realms//protocol/saml/" -"descriptor`` which describes the endpoints and certificate in the " -"{productname} configuration file." +"On the RMT instance, list all available products and repositories for your " +"organization:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:72 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:20 +#, no-wrap msgid "" -"When you have Keycloak running and set up, you can add the endpoints. " -"Keycloak refers to endpoints as clients." +"rmt-cli products list --all\n" +"rmt-cli repos list --all\n" msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:75 +#. type: Plain text +#: modules/administration/pages/disconnected-setup.adoc:21 +msgid "Synchronize all available updates for your organization:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:22 #, no-wrap -msgid "Procedure: Adding Endpoints as Clients" +msgid "rmt-cli sync\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:77 -msgid "In the Keycloak {webui}, create a new client using these details:" +#: modules/administration/pages/disconnected-setup.adoc:23 +msgid "You can also configure RMT to synchronize regularly using systemd." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:80 -msgid "" -"In the ``Client ID`` field, enter the endpoint specified in the server " -"configuration file as ``java.sso.onelogin.saml2.idp.entityid``. For " -"example, ``https:///rhn/manager/sso/metadata``." +#: modules/administration/pages/disconnected-setup.adoc:24 +msgid "Enable the products you require." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:81 -msgid "In the ``Client Protocol`` field, select ``SAML``." +#: modules/administration/pages/disconnected-setup.adoc:25 +msgid "For example, to enable SLES 15:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:82 -msgid "Toggle the ``Include AuthnStatement`` switch to ``On``." +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:26 +#, no-wrap +msgid "rmt-cli product enable sles/15/x86_64\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:83 -msgid "Toggle the ``Sign Assertions`` switch to ``On``." +#: modules/administration/pages/disconnected-setup.adoc:27 +#: modules/administration/pages/disconnected-setup.adoc:40 +msgid "Export the synchronized data to your removable storage." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:84 -msgid "In the ``Signature Algorithm`` field, select ``RSA_SHA1``." +#: modules/administration/pages/disconnected-setup.adoc:28 +#: modules/administration/pages/disconnected-setup.adoc:41 +msgid "In this example, the storage medium is mounted at [path]``/mnt/usb``:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:85 -msgid "In the ``SAML Signature Key Name`` field, select the key." +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:29 +#, no-wrap +msgid "rmt-cli export data /mnt/usb\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:86 -msgid "In the ``Canonicalization Method`` field, select ``Exclusive``." +#: modules/administration/pages/disconnected-setup.adoc:30 +#: modules/administration/pages/disconnected-setup.adoc:43 +msgid "Export the enabled repositories to your removable storage:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:87 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:31 +#: modules/administration/pages/disconnected-setup.adoc:44 +#, no-wrap +msgid "rmt-cli export settings /mnt/usb\n" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/disconnected-setup.adoc:32 msgid "" -"In the ``Fine Grain SAML Endpoint Configuration`` section, add the two " -"endpoints using these details:" +"Ensure that the external storage is mounted to a directory that is writeable " +"by the RMT user. You can change RMT user settings in the `cli` section of " +"[path]``/etc/rmt.conf``." +msgstr "" + +#. type: Title == +#: modules/administration/pages/disconnected-setup.adoc:33 +#, no-wrap +msgid "Synchronize SMT" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:90 +#: modules/administration/pages/disconnected-setup.adoc:34 msgid "" -"In both the ``Assertion Consumer Service`` fields, enter the endpoint " -"specified in the server configuration file as ``java.sso.onelogin.saml2.sp." -"assertion_consumer_service.url``. For example, ``https:///rhn/manager/" -"sso/acs``." +"SMT is included with {sle} 12, and can be used to manage clients running " +"{sle} 10 or later." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:92 +#: modules/administration/pages/disconnected-setup.adoc:35 msgid "" -"In both the ``Logout Service`` fields, enter the endpoint specified in the " -"server configuration file as ``java.sso.onelogin.saml2.sp." -"single_logout_service.url``. For example, ``https:///rhn/manager/sso/" -"sls``." +"SMT requires you to create a local mirror directory on the SMT instance to " +"synchronize repositories and packages." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:96 +#: modules/administration/pages/disconnected-setup.adoc:36 msgid "" -"When you have added the endpoints as clients, you can configure the client " -"scope, and map the users between Keycloak and {productname}." +"For more details on installing and configuring SMT, see https://" +"documentation.suse.com/sles/12-SP5/html/SLES-all/book-smt.html." msgstr "" #. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:99 +#: modules/administration/pages/disconnected-setup.adoc:37 #, no-wrap -msgid "Procedure: Configuring Client Scope and Mappers" +msgid "Procedure: Synchronizing SMT with SCC" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:101 -msgid "" -"In the Keycloak {webui}, navigate to the menu:Clients[Client Scopes] tab and " -"assign ``role_list`` as the default client scope." +#: modules/administration/pages/disconnected-setup.adoc:38 +msgid "On the SMT instance, create a database replacement file:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:103 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:39 +#, no-wrap +msgid "smt-sync --createdbreplacementfile /tmp/dbrepl.xml\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:42 +#, no-wrap msgid "" -"Navigate to the menu:Clients[Mappers] tab and add a user attribute ``Uid`` " -"mapper, using the default values. This SAML attribute is expected by " -"{productname}." +"smt-sync --todir /mnt/usb\n" +"smt-mirror --dbreplfile /tmp/dbrepl.xml --directory /mnt/usb \\\n" +" --fromlocalsmt -L /var/log/smt/smt-mirror-export.log\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:105 +#. type: delimited block = +#: modules/administration/pages/disconnected-setup.adoc:45 msgid "" -"Navigate to the menu:Users[Admin] section and create an administrative " -"user. This user does not need to match the {productname} administrative " -"user." +"Ensure that the external storage is mounted to a directory that is writeable " +"by the RMT user. You can change SMT user settings in [path]``/etc/smt." +"conf``." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:106 -msgid "" -"Navigate to the menu:Users[Role Mappings] tab, add a ``uid`` attribute with " -"a value that matches the username of the {productname} administrative user." +#. type: Title == +#: modules/administration/pages/disconnected-setup.adoc:46 +#, no-wrap +msgid "Synchronize a Disconnected Server" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:107 +#: modules/administration/pages/disconnected-setup.adoc:47 msgid "" -"Navigate to the menu:Users[Credentials] tab, and set the same password as " -"used by the {productname} administrative user." +"When you have removable media loaded with your {scc} data, you can use it to " +"synchronize your disconnected server." msgstr "" #. type: Block title -#: modules/administration/pages/auth-methods-sso-example.adoc:107 +#: modules/administration/pages/disconnected-setup.adoc:48 #, no-wrap -msgid " Save your changes." +msgid "Procedure: Synchronizing a Disconnected Server" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso-example.adoc:113 -msgid "" -"When you have completed configuration, you can test that the installation is " -"working as expected. Restart the {productname} Server to pick up your " -"changes, and navigate to the {productname} {webui}. If your installation is " -"working correctly, you are redirected to the Keycloak SSO page, where you " -"can authenticate successfully." +#: modules/administration/pages/disconnected-setup.adoc:49 +msgid "Mount your removable media device to the {productname} server." msgstr "" -#. type: Title = -#: modules/administration/pages/auth-methods.adoc:2 -#, no-wrap -msgid "Authentication Methods" +#. type: Plain text +#: modules/administration/pages/disconnected-setup.adoc:50 +msgid "In this example, the mount point is [path]``/media/disk``." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods.adoc:5 +#: modules/administration/pages/disconnected-setup.adoc:51 msgid "" -"{productname} supports several different authentication methods. This " -"section discusses pluggable authentication modules (PAM) and single sign-on " -"(SSO)." +"Open ``/etc/rhn/rhn.conf`` and define the mount point by adding or editing " +"this line:" msgstr "" -#. type: Title = -#: modules/administration/pages/channel-management.adoc:2 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:52 #, no-wrap -msgid "Channel Management" +msgid "server.susemanager.fromdir = /media/disk\n" msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:5 -msgid "Channels are a method of grouping software packages." +#: modules/administration/pages/disconnected-setup.adoc:53 +msgid "Restart the Tomcat service:" msgstr "" -#. type: Plain text -#: modules/administration/pages/channel-management.adoc:9 -msgid "" -"In {productname}, channels are grouped into base and child channels, with " -"base channels grouped by operating system type, version, and architecture, " -"and child channels being compatible with their related base channel. When a " -"client has been assigned to a base channel, it is only possible for that " -"system to install the related child channels. Organizing channels in this " -"way ensures that only compatible packages are installed on each system." +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:54 +#, no-wrap +msgid "systemctl restart tomcat\n" msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:14 -msgid "" -"Software channels use repositories to provide packages. The channels mirror " -"the repositories in {productname}, and the package names and other data are " -"stored in the {productname} database. You can have any number of " -"repositories associated with a channel. The software from those " -"repositories can then be installed on clients by subscribing the client to " -"the appropriate channel." +#: modules/administration/pages/disconnected-setup.adoc:55 +msgid "Refresh the local data:" msgstr "" -#. type: Plain text -#: modules/administration/pages/channel-management.adoc:17 -msgid "" -"Clients can only be assigned to one base channel. The client can then " -"install or update packages from the repositories associated with that base " -"channel and any of its child channels." +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:56 +#, no-wrap +msgid "mgr-sync refresh\n" msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:22 -msgid "" -"{productname} provides a number of vendor channels, which provide you " -"everything you need to run {productname}. {productname} Administrators and " -"Channel Administrators have channel management authority, which gives them " -"the ability to create and manage their own custom channels. If you want to " -"use your own packages in your environment, you can create custom channels. " -"Custom channels can be used as a base channel, or you can associate them " -"with a vendor base channel." +#: modules/administration/pages/disconnected-setup.adoc:57 +msgid "Perform a synchronization:" msgstr "" -#. type: Plain text -#: modules/administration/pages/channel-management.adoc:24 +#. type: delimited block - +#: modules/administration/pages/disconnected-setup.adoc:58 +#, no-wrap msgid "" -"For more on creating custom channels, see xref:administration:custom-" -"channels.adoc[]." +"mgr-sync list channels\n" +"mgr-sync add channel channel-label\n" msgstr "" -#. type: Title == -#: modules/administration/pages/channel-management.adoc:27 -#, no-wrap -msgid "Channel Administration" +#. type: delimited block = +#: modules/administration/pages/disconnected-setup.adoc:59 +msgid "" +"The removable disk that you use for synchronization must always be available " +"at the same mount point. Do not trigger a synchronization, if the storage " +"medium is not mounted. This will result in data corruption." msgstr "" -#. type: Plain text -#: modules/administration/pages/channel-management.adoc:32 -msgid "" -"By default, any user can subscribe channels to a system. You can implement " -"restrictions on the channel using the {webui}." +#. type: Title = +#: modules/administration/pages/image-management.adoc:1 +#, no-wrap +msgid "Image Building and Management" msgstr "" -#. type: Block title -#: modules/administration/pages/channel-management.adoc:35 +#. type: Title == +#: modules/administration/pages/image-management.adoc:2 #, no-wrap -msgid "Procedure: Restricting Subscriber Access to a Channel" +msgid "Image Building Overview" msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:37 +#: modules/administration/pages/image-management.adoc:3 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Channel List], and " -"select the channel to edit." +"{productname} enables system administrators to build containers and OS " +"Images and push the result in image stores. The workflow looks like this:" msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:39 -msgid "" -"Locate the [guimenu]``Per-User Subscription Restrictions`` section and check " -"[guimenu]``Only selected users within your organization may subscribe to " -"this channel``. Click btn:[Update] to save the changes." +#: modules/administration/pages/image-management.adoc:4 +msgid "Define an image store" msgstr "" #. type: Plain text -#: modules/administration/pages/channel-management.adoc:39 +#: modules/administration/pages/image-management.adoc:5 msgid "" -"Navigate to the [guimenu]``Subscribers`` tab and select or deselect users as " -"required." -msgstr "" - -#. type: Title = -#: modules/administration/pages/public-cloud-azure.adoc:2 -#, no-wrap -msgid "{productname} with Azure" +"Define an image profile and associate it with a source (either a git " +"repository or a directory)" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:6 -msgid "" -"You can use {productname} Server and Proxy with the Microsoft Azure public " -"cloud. This section discusses what you will need for running {productname} " -"in Azure, and how to set up your installation." +#: modules/administration/pages/image-management.adoc:6 +msgid "Build the image" msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud-azure.adoc:8 -#, no-wrap -msgid "Configure the Azure Cloud Instance" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:7 +msgid "Push the image to the image store" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:14 +#: modules/administration/pages/image-management.adoc:8 msgid "" -"Use the ``SUSE Manager Server 4 BYOS`` image. The image is a pre-built " -"image created by {suse}. It is based on JeoS, and SUSE Manager is pre-" -"installed but not configured. Configuring SUSE Manager has to be done " -"manually with {yast}." +"{productname} supports two distinct build types: dockerfile, and the Kiwi " +"image system." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:16 +#: modules/administration/pages/image-management.adoc:9 msgid "" -"When you create your Azure virtual machine, choose something `like d8s_v3` " -"with 8{nbsp}vCPUs and 32{nbsp}GB RAM." +"The Kiwi build type is used to build system, virtual, and other images. The " +"image store for the Kiwi build type is pre-defined as a file system " +"directory at [path]``/srv/www/os-images`` on the server. {productname} " +"serves the image store over HTTPS from [literal]``///os-images/" +"``. The image store location is unique and is not customizable." msgstr "" -#. * Up to 4 data disks -#. * Max IOPS 2400 -#. * Temporary storage disk of 16{nbsp}GB. -#. Data on this disk will be destroyed after the guest has been switched off. #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:24 -msgid "When you are setting up disk partitioning, we recommend:" +#: modules/administration/pages/image-management.adoc:10 +msgid "" +"Images are always stored in [path]``/srv/www/os-image/``." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:26 -msgid "30{nbsp}GB for the disk running the operating system" +#. type: Title == +#: modules/administration/pages/image-management.adoc:11 +#, no-wrap +msgid "Container Images" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:27 -msgid "Select `Standard HDD` for the storage account type" +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:12 +#, no-wrap +msgid "image-building.png" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:29 -msgid "You will also require three additional data disks:" +#. type: Title === +#: modules/administration/pages/image-management.adoc:13 +#: modules/administration/pages/image-management.adoc:135 +#, no-wrap +msgid "Requirements" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:31 -msgid "Disk 0: 64{nbsp}GB on Premium SSD, mounted at [path]``/var/lib/pgsql``" +#: modules/administration/pages/image-management.adoc:14 +msgid "" +"The containers feature is available for Salt clients running {sles} 12 or " +"later. Before you begin, ensure your environment meets these requirements:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:32 +#: modules/administration/pages/image-management.adoc:15 msgid "" -"Disk 1: 512{nbsp}GB on Standard SSD, mounted at [path]``/var/spacewalk``" +"A published git repository containing a dockerfile and configuration " +"scripts. The repository can be public or private, and should be hosted on " +"GitHub, GitLab, or BitBucket." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:33 -msgid "Disk 2: 128{nbsp}GB on Standard SSD, mounted at [path]``/var/cache``" +#: modules/administration/pages/image-management.adoc:16 +msgid "A properly configured image store, such as a Docker registry." msgstr "" #. type: delimited block = -#: modules/administration/pages/public-cloud-azure.adoc:38 +#: modules/administration/pages/image-management.adoc:17 msgid "" -"Do not use LVM with Azure. If you need more disk space, extend a disk in " -"the Azure portal, then extend the file system with [command]``xfs_growfs``." +"If you require a private image registry you can use an open source solution " +"such as ``Portus``. For additional information on setting up Portus as a " +"registry provider, see the http://port.us.org/[Portus Documentation]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:41 -msgid "Partition the disks like this:" +#: modules/administration/pages/image-management.adoc:18 +msgid "For more information on Containers or {caasp}, see:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:43 -msgid "[path]``/dev/sda``: 4 partitions containing the OS" +#: modules/administration/pages/image-management.adoc:19 +msgid "" +"https://documentation.suse.com/sles/15-SP2/html/SLES-all/book-sles-docker." +"html" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:44 -msgid "[path]``/dev/sdb``: temporary storage disk, do not use" +#: modules/administration/pages/image-management.adoc:20 +msgid "https://documentation.suse.com/suse-caasp/4/" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:45 -msgid "[path]``/dev/sdc``: contains [path]``/var/lib/pgsql``" +#. type: Title === +#: modules/administration/pages/image-management.adoc:21 +#: modules/administration/pages/image-management.adoc:144 +#, no-wrap +msgid "Create a Build Host" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:46 -msgid "[path]``/dev/sdd``: contains [path]``/var/spacewalk``" +#: modules/administration/pages/image-management.adoc:22 +msgid "" +"To build images with {productname}, you will need to create and configure a " +"build host. Container build hosts are Salt clients running {sle} 12 or " +"later. This section guides you through the initial configuration for a " +"build host." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:47 -msgid "[path]``/dev/sde``: contains [path]``/var/cache``" +#: modules/administration/pages/image-management.adoc:23 +msgid "" +"From the {productname} {webui}, perform these steps to configure a build " +"host:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:49 -msgid "You can use these commands to create the disks:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:71 -#, no-wrap +#: modules/administration/pages/image-management.adoc:24 msgid "" -"for d in sdc sdd sde; do\n" -" parted --script /dev/$d mklabel gpt mkpart primary xfs 0% 100%\n" -" mkfs.xfs /dev/${d}1\n" -"done\n" -"mkdir /cachetmp\n" -"mount /dev/sde1 /cachetmp\n" -"cp -a /var/cache/* /cachetmp/\n" -"umount /cachetmp\n" -"echo \"$(blkid /dev/sdc1|awk -F \" \" '{ print $2 }') /var/lib/pgsql xfs defaults,noatime 0 0\" >> /etc/fstab\n" -"echo \"$(blkid /dev/sdd1|awk -F \" \" '{ print $2 }') /var/spacewalk xfs defaults,noatime 0 0\" >> /etc/fstab\n" -"echo \"$(blkid /dev/sde1|awk -F \" \" '{ print $2 }') /var/cache xfs defaults,noatime 0 0\" >> /etc/fstab\n" -"mkdir -p /var/spacewalk\n" -"mount /var/spacewalk\n" -"chown -R wwwrun:root /var/spacewalk\n" -"mount /var/lib/pgsql\n" -"chown -R postgres:postgres /var/lib/pgsql\n" -"mv /var/cache /var/cache.old\n" -"mkdir /var/cache\n" -"mount /var/cache\n" -"rm -r /var/cache.old\n" +"Select a Salt client to be designated as a build host from the menu:" +"Systems[Overview] page." msgstr "" -#. REMARK: I guess you do this in your Azure instance -#. REMARK: Where do you configure this? #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:77 +#: modules/administration/pages/image-management.adoc:25 msgid "" -"When you are setting up networking, we recommend that you create a separate " -"private network, with the IP range `10.0.0.0/24`." +"From the [guimenu]``System Details`` page of the selected client assign the " +"containers modules. Go to menu:Software[Software Channels] and enable the " +"containers module (for example, [guimenu]``SLE-Module-Containers15-Pool`` " +"and [guimenu]``SLE-Module-Containers15-Updates``). Confirm by clicking btn:" +"[Change Subscriptions]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:80 +#: modules/administration/pages/image-management.adoc:26 msgid "" -"Configure the {productname} Server to use the internal IP address " -"`10.0.0.4`. Ensure it is also accessible from outside the network with a " -"fixed IP address." +"From the menu:System Details[Properties] page, enable ``Container Build " +"Host`` from the [guimenu]``Add-on System Types`` list and confirm by " +"clicking btn:[Update Properties]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:83 +#: modules/administration/pages/image-management.adoc:27 msgid "" -"Configure the firewall to only allow inbound traffic on ports `22`, `80`, " -"and `443` to IP address `10.0.0.4`. In this environment, if other servers " -"are added to the network they cannot be reached from outside the network." +"Install all required packages by applying ``Highstate``. From the system " +"details page select menu:States[Highstate] and click [guimenu]``Apply " +"Highstate``. Alternatively, apply Highstate from the {productname} Server " +"command line:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:28 +#: modules/administration/pages/image-management.adoc:158 +#, no-wrap +msgid "salt '$your_client' state.highstate\n" +msgstr "" + +#. type: Title === +#: modules/administration/pages/image-management.adoc:29 +#, no-wrap +msgid "Create an Activation Key for Containers" msgstr "" -#. REMARK: Was does this mean? #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:87 +#: modules/administration/pages/image-management.adoc:30 msgid "" -"Outbound is open from the private network. This should be restricted for " -"other servers in this private network." +"The containers built using {productname} will use channel(s) associated to " +"the activation key as repositories when building the image. This section " +"will guide you into creating an ad-hoc activation key for this purpose." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:90 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:31 msgid "" -"You will need to set the DNS zones in Azure before you can configure the " -"{productname} Server. For more information on setting DNS zones, see the " -"Azure documentation." +"To build a container, you will need an activation key that is associated " +"with a channel other than `SUSE Manager Default`." msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud-azure.adoc:93 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:32 +#: modules/administration/pages/image-management.adoc:176 #, no-wrap -msgid "Configure {productname} Server" +msgid "systems_create_activation_key.png" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:96 -msgid "Ensure that your {productname} Server is registered with {scc}." +#: modules/administration/pages/image-management.adoc:33 +msgid "Select menu:Systems[Activation Keys]." msgstr "" -#. I wonder why we do even need spacecmd #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:99 -msgid "When your server is registered, install these extra packages:" +#: modules/administration/pages/image-management.adoc:34 +msgid "Click btn:[Create Key]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:101 -#, no-wrap -msgid "zypper -n in spacecmd mlocate sysstat\n" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:35 +msgid "" +"Enter a [guimenu]``Description`` and a [guimenu]``Key`` name. Use the drop-" +"down menu to select the [guimenu]``Base Channel`` to associate with this key." msgstr "" -#. spacecmd will be installed by default next time -#. ^ How is so? -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:106 -msgid "Apply the latest updates and reboot the server:" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:36 +#: modules/administration/pages/image-management.adoc:180 +msgid "Confirm with btn:[Create Activation Key]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:109 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:37 +#: modules/administration/pages/image-management.adoc:181 +msgid "For more information, see <>." +msgstr "" + +#. type: Title === +#: modules/administration/pages/image-management.adoc:38 +#: modules/administration/pages/image-management.adoc:182 #, no-wrap -msgid "" -"zypper -n up -l\n" -"reboot\n" +msgid "Create an Image Store" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:112 -msgid "Check that all file systems are mounted and that PostgreSQL is running:" +#: modules/administration/pages/image-management.adoc:39 +msgid "" +"All built images are pushed to an image store. This section contains " +"information about creating an image store." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:115 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:40 #, no-wrap -msgid "" -"mount\n" -"service postgresql status\n" +msgid "images_image_stores.png" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:119 -msgid "" -"Complete {productname} Server installation and configuration. For more " -"information, see xref:installation:server-setup.adoc[]." +#: modules/administration/pages/image-management.adoc:41 +msgid "Select menu:Images[Stores]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:122 -msgid "" -"We recommend you configure the {productname} Server so that DHCP does not " -"set the host name. Check [path]``/etc/sysconfig/network/dhcp`` and ensure " -"that `DHCLIENT_SET_HOSTNAME` is set to [literal]``no``:" +#: modules/administration/pages/image-management.adoc:42 +msgid "Click [guimenu]``Create`` to create a new store." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:124 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:43 #, no-wrap -msgid "DHCLIENT_SET_HOSTNAME=\"no\"\n" +msgid "images_image_stores_create.png" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:44 +msgid "Define a name for the image store in the [guimenu]``Label`` field." msgstr "" -#. REMARK: hostname -i? #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:129 +#: modules/administration/pages/image-management.adoc:45 msgid "" -"Add the Azure client to the [path]``/etc/hosts`` file. At the command " -"prompt, replace [literal]```` with the IP address of the server:" +"Provide the path to your image registry by filling in the [guimenu]``URI`` " +"field, as a fully qualified domain name (FQDN) for the container registry " +"host (whether internal or external)." msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:131 +#: modules/administration/pages/image-management.adoc:46 #, no-wrap -msgid "echo \" $(hostname -f) $(hostname)\" >> /etc/hosts\n" +msgid "registry.example.com\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:138 +#: modules/administration/pages/image-management.adoc:47 msgid "" -"{productname} Server has a default administration user. In Azure, the " -"system administrator user is called [literal]``admin``. The `admin` user's " -"password is built with two parts. The first part can be found by using this " -"command:" +"The Registry URI can also be used to specify an image store on a registry " +"that is already in use." msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud-azure.adoc:140 +#: modules/administration/pages/image-management.adoc:48 #, no-wrap -msgid "azuremetadata --instance-name\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:143 -msgid "The second part of the password is [literal]``-suma``" +msgid "registry.example.com:5000/myregistry/myproject\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud-azure.adoc:145 -msgid "" -"Alternatively, you can check the [path]``/var/log/susemanager_firstuser." -"log`` file." +#: modules/administration/pages/image-management.adoc:49 +msgid "Click btn:[Create] to add the new image store." msgstr "" -#. type: Title = -#: modules/administration/pages/public-cloud.adoc:2 +#. type: Title === +#: modules/administration/pages/image-management.adoc:50 +#: modules/administration/pages/image-management.adoc:186 #, no-wrap -msgid "Public Cloud" +msgid "Create an Image Profile" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:7 +#: modules/administration/pages/image-management.adoc:51 msgid "" -"Some public cloud environments provide images for {productname} Server and " -"Proxy. This section discusses what you will need for running {productname} " -"in a public cloud, and how to set up your installation." +"All container images are built using an image profile, which contains the " +"building instructions. This section contains information about creating an " +"image profile with the {productname} {webui}." msgstr "" -#. type: delimited block = -#: modules/administration/pages/public-cloud.adoc:13 -msgid "" -"Public clouds provide {productname} under a Bring Your Own Subscription " -"(BYOS) model. This means that you must register them with the {scc}. For " -"more information about registering {productname} with {scc}, see xref:" -"installation:general-requirements.adoc[]." +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:52 +#: modules/administration/pages/image-management.adoc:188 +#, no-wrap +msgid "images_image_profiles.png" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:16 -msgid "" -"Depending on the public cloud network you are using, you can locate the " -"{productname} installation images by searching for the keywords " -"[package]``suse``, [package]``manager``, [package]``proxy``, or " -"[package]``BYOS``." +#. type: Block title +#: modules/administration/pages/image-management.adoc:53 +#: modules/administration/pages/image-management.adoc:189 +#, no-wrap +msgid "Procedure: Create an Image Profile" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:18 +#: modules/administration/pages/image-management.adoc:54 msgid "" -"For ``SUSE Manager Server in Azure``, see xref:administration:public-cloud-" -"azure.adoc[]." +"To create an image profile select menu:Images[Profiles] and click btn:" +"[Create]." msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud.adoc:21 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:55 #, no-wrap -msgid "Instance Requirements" +msgid "images_image_create_profile.png" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:24 +#: modules/administration/pages/image-management.adoc:56 msgid "" -"Select a public cloud instance that meets the hardware requirements in xref:" -"installation:hardware-requirements.adoc[]." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:26 -msgid "In addition, be aware of these considerations:" +"Provide a name for the image profile by filling in the [guimenu]``Label`` " +"field." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:30 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:57 msgid "" -"The {productname} setup procedure performs a forward-confirmed reverse DNS " -"lookup. This must succeed in order for the setup procedure to complete " -"successfully and for {productname} to operate as expected. Therefore, it is " -"important to perform hostname and IP configuration prior to running the " -"{productname} setup procedure." +"If your container image tag is in a format such as `myproject/myimage`, make " +"sure your image store registry URI contains the `/myproject` suffix." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:34 -msgid "" -"{productname} Server and Proxy instances are expected to run in a network " -"configuration that provides you control over DNS entries, but cannot access " -"the wider internet. Within this network configuration DNS resolution must " -"be provided: `hostname -f` must return the fully-qualified domain name " -"(FQDN). DNS resolution is also important for connecting clients. DNS is " -"dependent on the cloud framework you choose, refer to the cloud service " -"provider documentation for detailed instructions." +#: modules/administration/pages/image-management.adoc:58 +msgid "Use a dockerfile as the `Image Type`." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:37 +#: modules/administration/pages/image-management.adoc:59 msgid "" -"We recommend that you locate software repositories, the server database, and " -"the proxy squid cache on an external virtual disk. This prevents data loss " -"if the instance is unexpectedly terminated. Instructions for setting up an " -"external virtual disk are contained in this section." -msgstr "" - -#. type: Title == -#: modules/administration/pages/public-cloud.adoc:40 -#, no-wrap -msgid "Network Setup" +"Use the drop-down menu to select your registry from the `Target Image Store` " +"field." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:44 +#: modules/administration/pages/image-management.adoc:60 msgid "" -"On a public cloud service, you must run {productname} within a restricted " -"network, such as VPC private subnet with an appropriate firewall setting. " -"The instance must only be able to be accessed by machines in your specified " -"IP ranges." +"In the [guimenu]``Path`` field, type a GitHub, GitLab or BitBucket " +"repository URL. The URL should be be http, https, or a token authentication " +"URL. Use one of these formats:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/public-cloud.adoc:48 -msgid "" -"A world-accessible {productname} instance violates the terms of the " -"{productname} EULA, and it will not be supported by {suse}." +#. type: Block title +#: modules/administration/pages/image-management.adoc:61 +#, no-wrap +msgid "GitHub Path Options" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:51 -msgid "" -"To access the {productname} {webui}, allow HTTPS when you set up your " -"networking environment." +#: modules/administration/pages/image-management.adoc:62 +msgid "GitHub single user project repository" msgstr "" -#. type: Title === -#: modules/administration/pages/public-cloud.adoc:54 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:63 #, no-wrap -msgid "Set the Hostname" +msgid "https://github.com/USER/project.git#branchname:folder\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:58 -msgid "" -"{productname} requires a stable and reliable hostname. Changing the " -"hostname at a later point can create errors." +#: modules/administration/pages/image-management.adoc:64 +msgid "GitHub organization project repository" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:61 -msgid "" -"In most public cloud environments, the method shown in this section will " -"work correctly. However, you will have to perform the same modification for " -"every client." +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:65 +#, no-wrap +msgid "https://github.com/ORG/project.git#branchname:folder\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:63 -msgid "" -"You might prefer to manage DNS resolution by creating a DNS entry in your " -"network environment instead." +#: modules/administration/pages/image-management.adoc:66 +msgid "GitHub token authentication" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:67 +#: modules/administration/pages/image-management.adoc:67 msgid "" -"You can also manage hostname resolution by editing the [path]``/etc/resolv." -"conf`` file. Depending on the order of your setup, if you start the " -"{productname} instance prior to setting up DNS services the file may not " -"contain the appropriate [systemitem]``search`` directive. Check that the " -"proper search directive exists in [path]``/etc/resolv.conf`` and add it if " -"it is missing." +"If your git repository is private, modify the profile's URL to include " +"authentication. Use this URL format to authenticate with a GitHub token:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:68 +#, no-wrap +msgid "https://USER:@github.com/USER/project.git#master:/container/\n" msgstr "" #. type: Block title -#: modules/administration/pages/public-cloud.adoc:68 +#: modules/administration/pages/image-management.adoc:69 #, no-wrap -msgid "Procedure: Setting the hostname locally" +msgid "GitLab Path Options" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:71 -msgid "" -"Disable hostname setup by editing the DHCP configuration file at [path]``/" -"etc/sysconfig/network/dhcp``, and adding this line:" +#: modules/administration/pages/image-management.adoc:70 +msgid "GitLab single user project repository" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:71 +#, no-wrap +msgid "https://gitlab.example.com/USER/project.git#master:/container/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:78 -msgid "" -"Set the hostname locally with the [command]``hostnamectl`` command. Ensure " -"you use the system name, not the FQDN. For example, if the FQDN is " -"[path]``system_name.example.com``, the system name is [path]``system_name``, " -"and the domain name is [path]``example.com``." +#: modules/administration/pages/image-management.adoc:72 +msgid "GitLab groups project repository" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:81 +#: modules/administration/pages/image-management.adoc:73 #, no-wrap -msgid "# hostnamectl set-hostname system_name\n" +msgid "https://gitlab.example.com/GROUP/project.git#master:/container/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:84 -msgid "" -"Create a DNS entry in your network environment for domain name resolution, " -"or force correct resolution by editing the [path]``/etc/hosts`` file. You " -"can find the IP address by checking your public cloud web console, or from " -"the command line:" +#: modules/administration/pages/image-management.adoc:74 +msgid "GitLab token authentication" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:87 -msgid "Amazon EC2 instance:" +#: modules/administration/pages/image-management.adoc:75 +msgid "" +"If your git repository is private and not publicly accessible, you need to " +"modify the profile's git URL to include authentication. Use this URL format " +"to authenticate with a GitLab token:" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:90 +#: modules/administration/pages/image-management.adoc:76 #, no-wrap -msgid "# ec2metadata --local-ipv4\n" +msgid "https://gitlab-ci-token:@gitlab.example.com/USER/project.git#master:/container/\n" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:77 +msgid "" +"If you do not specify a git branch, the `master` branch will be used by " +"default. If a `folder` is not specified, the image sources (dockerfile " +"sources) are expected to be in the root directory of the GitHub or GitLab " +"checkout." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:92 -msgid "Google Compute Engine:" +#: modules/administration/pages/image-management.adoc:78 +msgid "" +"Select an `Activation Key`. Activation keys ensure that images using a " +"profile are assigned to the correct channel and packages." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:95 -#, no-wrap -msgid "# gcemetadata --query instance --network-interfaces --ip\n" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:79 +msgid "" +"When you associate an activation key with an image profile you are ensuring " +"any image using the profile will use the correct software channel and any " +"packages in the channel." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:97 -msgid "Microsoft Azure:" +#: modules/administration/pages/image-management.adoc:80 +msgid "Click the btn:[Create] button." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:100 +#. type: Block title +#: modules/administration/pages/image-management.adoc:81 #, no-wrap -msgid "# azuremetadata --internal-ip\n" +msgid "Example Dockerfile Sources" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:104 +#: modules/administration/pages/image-management.adoc:82 msgid "" -"In the following command, replace [literal]```` with IP address " -"you retrieve from the command line above:" +"An Image Profile that can be reused is published at https://github.com/SUSE/" +"manager-build-profiles" msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:108 -#, no-wrap -msgid "# echo \" suma.cloud.net suma\" >> /etc/hosts\n" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:83 +msgid "" +"The [option]``ARG`` parameters ensure that the built image is associated " +"with the desired repository served by {productname}. The [option]``ARG`` " +"parameters also allow you to build image versions of {sles} which may differ " +"from the version of {sles} used by the build host itself." msgstr "" -#. type: Title === -#: modules/administration/pages/public-cloud.adoc:111 -#, no-wrap -msgid "Set up DNS Resolution" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:84 +msgid "" +"For example: The [command]``ARG repo`` parameter and the [command]``echo`` " +"command pointing to the repository file, creates and then injects the " +"correct path into the repository file for the desired channel version." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:115 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:85 msgid "" -"You will need to update the DNS records for the instance within the DNS " -"service of your network environment. Refer to the cloud service provider " -"documentation for detailed instructions:" +"The repository is determined by the activation key that you assigned to your " +"image profile." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:117 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:86 msgid "" -"http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html[DNS setup " -"on Amazon EC2]" +"The [package]#python# and [package]#python-xml# packages must be installed " +"in the container. They are required for inspecting images, and for " +"providing the package and product list of a container to the {productname} " +"{webui}. If you do not install them, images will still build but the " +"package and product list will not available in the {webui}." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:118 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:87 +#, no-wrap msgid "" -"https://cloud.google.com/compute/docs/networking[DNS setup on Google Compute " -"Engine]" +"FROM registry.example.com/sles12sp2\n" +"MAINTAINER Tux Administrator \"tux@example.com\"\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:119 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:88 +#, no-wrap +msgid "### Begin: These lines Required for use with {productname}\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:89 +#, no-wrap msgid "" -"https://azure.microsoft.com/en-us/documentation/articles/dns-operations-" -"recordsets[DNS setup on Microsoft Azure]" +"ARG repo\n" +"ARG cert\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:122 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:90 +#, no-wrap msgid "" -"If you run a {productname} Server instance, ensure the external storage is " -"attached and prepared correctly, and that DNS resolution is set up as " -"described. Start the ``susemanager_setup`` with {yast}:" +"# Add the correct certificate\n" +"RUN echo \"$cert\" > /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT.pem\n" msgstr "" #. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:125 +#: modules/administration/pages/image-management.adoc:91 #, no-wrap -msgid "# /sbin/yast2 susemanager_setup\n" +msgid "" +"# Update certificate trust store\n" +"RUN update-ca-certificates\n" msgstr "" -#. No need to duplicate this, since it exists within the docs suite. LKB 2019-05-29 -#. Uncommenting, as it turns out some of this content is unique. Will need a more surgical look. LKB 2019-08-02 -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:136 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:92 +#, no-wrap msgid "" -"The {productname} setup procedure in YaST is designed as a one pass process " -"with no rollback or cleanup capability. Therefore, if the setup procedure " -"is interrupted or ends with an error, it is not recommended that you repeat " -"the setup process or attempts to manually fix the configuration. These " -"methods are likely to result in a faulty {productname} installation. If you " -"experience errors during setup, start a new instance, and begin the setup " -"procedure again on a clean system." +"# Add the repository path to the image\n" +"RUN echo \"$repo\" > /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:138 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:93 +#, no-wrap +msgid "### End: These lines required for use with {productname}\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:94 +#, no-wrap msgid "" -"If you receive a message that there is not enough space available for setup, " -"ensure that your root volume is at least 20 GB and double check that the " -"instructions in <> have been completed " -"correctly." +"# Add the package script\n" +"ADD add_packages.sh /root/add_packages.sh\n" msgstr "" -# -# -# -# -#. REMARK check this; will it still work for sle 15? -#. Commented out per https://github.com/SUSE/spacewalk/issues/8951 LKB 2019-08-06 -#. {productname} Server for the public cloud comes with a bootstrap data module pre-installed. -#. The bootstrap module contains optimized package lists for bootstrapping instances started from {sle} images published by {suse}. -#. If you intend to register such an instance, when you create the bootstrap repository run the [command]``mgr-create-bootstrap-repo`` script using this command, to create a bootstrap repository suitable for {sle} 12 SP1 instances. -#. ---- -#. $ mgr-create-bootstrap-repo --datamodule=mgr_pubcloud_bootstrap_data -c SLE-12-SP1-x86_64 -#. ---- -#. See xref:client-configuration:creating-a-tools-repository.adoc[] for more information on bootstrapping. -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:156 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:95 +#, no-wrap msgid "" -"Prior to registering instances started from on demand images remove the " -"following packages from the instance to be registered:" +"# Run the package script\n" +"RUN /root/add_packages.sh\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:157 -msgid "cloud-regionsrv-client" +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:96 +#, no-wrap +msgid "" +"# After building remove the repository path from image\n" +"RUN rm -f /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:158 +#. TODO: Replace the "custom-system-info" link +#. type: Block title +#: modules/administration/pages/image-management.adoc:97 #, no-wrap -msgid "*For Amazon EC2*\n" +msgid "Using Custom Info Key-value Pairs as Docker Buildargs" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:160 -msgid "regionServiceClientConfigEC2" +#: modules/administration/pages/image-management.adoc:98 +msgid "" +"You can assign custom info key-value pairs to attach information to the " +"image profiles. Additionally, these key-value pairs are passed to the " +"Docker build command as `buildargs`." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:162 -msgid "regionServiceCertsEC2" +#: modules/administration/pages/image-management.adoc:99 +msgid "" +"For more information about the available custom info keys and creating " +"additional ones, see xref:reference:systems/custom-system-info.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:163 +#. type: Title === +#: modules/administration/pages/image-management.adoc:100 +#: modules/administration/pages/image-management.adoc:226 #, no-wrap -msgid "*For Google Compute Engine*\n" +msgid "Build an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:165 -msgid "cloud-regionsrv-client-plugin-gce" +#: modules/administration/pages/image-management.adoc:101 +msgid "" +"There are two ways to build an image. You can select menu:Images[Build] " +"from the left navigation bar, or click the build icon in the menu:" +"Images[Profiles] list." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:167 -msgid "regionServiceClientConfigGCE" +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:102 +#: modules/administration/pages/image-management.adoc:228 +#, no-wrap +msgid "images_image_build.png" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:169 -msgid "regionServiceCertsGCE" +#. type: Block title +#: modules/administration/pages/image-management.adoc:103 +#: modules/administration/pages/image-management.adoc:229 +#, no-wrap +msgid "Procedure: Building an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:170 -#, no-wrap -msgid "*For Microsoft Azure*\n" +#: modules/administration/pages/image-management.adoc:104 +#: modules/administration/pages/image-management.adoc:230 +msgid "Select menu:Images[Build]." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:172 -msgid "regionServiceClientConfigAzure" +#: modules/administration/pages/image-management.adoc:105 +msgid "" +"Add a different tag name if you want a version other than the default " +"``latest`` (only relevant to containers)." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:174 -msgid "regionServiceCertsAzure" +#: modules/administration/pages/image-management.adoc:106 +msgid "Select [guimenu]``Build Profile`` and [guimenu]``Build Host``." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:177 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:107 msgid "" -"If these packages are not removed it is possible to create interference " -"between the repositories provided by {productname} and the repositories " -"provided by the SUSE operated update infrastructure." +"Notice the [guimenu]``Profile Summary`` to the right of the build fields. " +"When you have selected a build profile, detailed information about the " +"selected profile will be displayed in this area." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:180 -msgid "" -"Additionally remove the line from the [path]``/etc/hosts`` file that " -"contains the *susecloud.net* reference." +#: modules/administration/pages/image-management.adoc:108 +msgid "To schedule a build click the btn:[Build] button." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:181 -msgid "If you run a {productname} Proxy instance" +#. type: Title === +#: modules/administration/pages/image-management.adoc:109 +#, no-wrap +msgid "Import an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:188 +#: modules/administration/pages/image-management.adoc:110 msgid "" -"Launch the instance, optionally with external storage configured. If you " -"use external storage (recommended), prepare it according to <>. It is recommended but not required to prepare the storage " -"before configuring {productname} proxy, as the suma-storage script will " -"migrate any existing cached data to the external storage. After preparing " -"the instance, register the system with the parent SUSE Manager, which could " -"be a {productname} Server or another {productname} Proxy. See the xref:" -"installation:proxy-setup.adoc[] for details. When registered, configure " -"your {productname} Proxy instance with this script:" +"You can import and inspect arbitrary images. Select menu:Images[Image List] " +"from the left navigation bar. Complete the text boxes of the " +"[guimenu]``Import`` dialog. When it has processed, the imported image will " +"be listed on the [guimenu]``Image List`` page." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:191 +#. type: Block title +#: modules/administration/pages/image-management.adoc:111 #, no-wrap -msgid "/usr/sbin/configure-proxy.sh\n" +msgid "Procedure: Importing an Image" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:194 +#: modules/administration/pages/image-management.adoc:112 msgid "" -"When the script has completed, {productname} should be functional and " -"running. For {productname} Server, the setup process created an " -"administrator user with this user name:" +"From menu:Images[Image list] click btn:[Import] to open the " +"[guimenu]``Import Image`` dialog." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:196 -msgid "User name: `admin`" +#: modules/administration/pages/image-management.adoc:113 +msgid "In the [guimenu]``Import Image`` dialog complete these fields:" msgstr "" -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:198 +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:114 #, no-wrap -msgid "Account credentials for admin user" +msgid "Image store:" msgstr "" -#. type: Table -#: modules/administration/pages/public-cloud.adoc:220 -#, no-wrap -msgid "" -"|\n" -" Amazon EC2\n" -"\n" -"|\n" -" Google Compute Engine\n" -"\n" -"|\n" -" Microsoft Azure\n" -"\n" -"\n" -"|\n" -"\n" -"[replaceable]``Instance-ID``\n" -"|\n" -"\n" -"[replaceable]``Instance-ID``\n" -"|\n" -"\n" -"[replaceable]``Instance-Name``**-suma**\n" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:115 +msgid "The registry from where the image will be pulled for inspection." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:223 -msgid "" -"The current value for the [replaceable]``Instance-ID`` or " -"[replaceable]``Instance-Name`` in case of the Azure Cloud, can be obtained " -"from the public cloud Web console or from within a terminal session as " -"follows:" +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:116 +#, no-wrap +msgid "Image name:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:224 -msgid "Obtain instance id from within Amazon EC2 instance" +#: modules/administration/pages/image-management.adoc:117 +msgid "The name of the image in the registry." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:228 +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:118 #, no-wrap -msgid "$ ec2metadata --instance-id\n" +msgid "Image version:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:230 -msgid "Obtain instance id from within Google Compute Engine instance" +#: modules/administration/pages/image-management.adoc:119 +msgid "The version of the image in the registry." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:234 +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:120 #, no-wrap -msgid "$ gcemetadata --query instance --id\n" +msgid "Build host:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:236 -msgid "Obtain instance name from within Microsoft Azure instance" +#: modules/administration/pages/image-management.adoc:121 +msgid "The build host that will pull and inspect the image." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:240 +#. type: Labeled list +#: modules/administration/pages/image-management.adoc:122 #, no-wrap -msgid "$ azuremetadata --instance-name\n" +msgid "Activation key:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:244 +#: modules/administration/pages/image-management.adoc:123 msgid "" -"After logging in through the {productname} Server {webui}, *change* the " -"default password." +"The activation key that provides the path to the software channel that the " +"image will be inspected with." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:247 -msgid "" -"{productname} Proxy does not have administration access to the {webui}. It " -"can be managed through its parent {productname} Server." +#: modules/administration/pages/image-management.adoc:124 +msgid "For confirmation, click btn:[Import]." msgstr "" -#. type: Title === -#: modules/administration/pages/public-cloud.adoc:251 -#, no-wrap -msgid "Using Separate Storage Volume" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:125 +msgid "" +"The entry for the image is created in the database, and an ``Inspect Image`` " +"action on {productname} is scheduled." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:257 +#: modules/administration/pages/image-management.adoc:126 msgid "" -"We recommend that the repositories and the database for {productname} be " -"stored on a virtual storage device. This best practice will avoid data loss " -"in cases where the {productname} instance may need to be terminated. These " -"steps *must* be performed *prior* to running the YaST {productname} setup " -"procedure." +"When it has been processed, you can find the imported image in the ``Image " +"List``. It has a different icon in the ``Build`` column, to indicate that " +"the image is imported. The status icon for the imported image can also be " +"seen on the ``Overview`` tab for the image." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:261 -msgid "" -"Provision a disk device in the public cloud environment, refer to the cloud " -"service provider documentation for detailed instructions. The size of the " -"disk is dependent on the number of distributions and channels you intend to " -"manage with {productname}. For sizing information refer to https://www.suse." -"com/support/kb/doc.php?id=7015050[SUSE Manager sizing examples]. A rule of " -"thumb is 25 GB per distribution per channel." +#: modules/administration/pages/image-management.adoc:128 +msgid "These are some known problems when working with images:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:262 +#: modules/administration/pages/image-management.adoc:129 msgid "" -"Once attached the device appears as Unix device node in your instance. For " -"the following command to work this device node name is required. In many " -"cases the attached storage appears as **/dev/sdb**. In order to check which " -"disk devices exists on your system, call the following command:" +"HTTPS certificates to access the registry or the git repositories should be " +"deployed to the client by a custom state file." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:266 -#, no-wrap -msgid "$ hwinfo --disk | grep -E \"Device File:\"\n" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:130 +msgid "SSH git access using Docker is currently unsupported." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:268 +#: modules/administration/pages/image-management.adoc:131 msgid "" -"With the device name at hand the process of re-linking the directories in " -"the file system {productname} uses to store data is handled by the suma-" -"storage script. In the following example we use [path]``/dev/sdb`` as the " -"device name." +"If the [package]#python# and [package]#python-xml# packages are not " +"installed in your images during the build process, reporting of installed " +"packages or products will fail. This will result in an ``unknown`` update " +"status." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:272 +#. type: Title == +#: modules/administration/pages/image-management.adoc:132 #, no-wrap -msgid "$ /usr/bin/suma-storage /dev/sdb\n" +msgid "OS Images" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:278 +#: modules/administration/pages/image-management.adoc:133 msgid "" -"After the call all database and repository files used by SUSE Manager Server " -"are moved to the newly created xfs based storage. In case your instance is " -"a {productname} Proxy, the script will move the Squid cache, which caches " -"the software packages, to the newly created storage. The xfs partition is " -"mounted below the path [path]``/manager_storage``. ." +"OS Images are built by the Kiwi image system. The output image is " +"customizable and can be PXE, QCOW2, LiveCD, or other types of images." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:279 -msgid "Create an entry in /etc/fstab (optional)" +#: modules/administration/pages/image-management.adoc:134 +msgid "" +"For more information about the Kiwi build system, see the https://doc." +"opensuse.org/projects/kiwi/doc/[Kiwi documentation]." msgstr "" +#. SLE15 images support is not yet released for SUMA4, will be part of SUMA4.0.4 as tech preview +#. From {sles}{nbsp}15, ``kiwi-ng`` is used instead of the legacy Kiwi. #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:282 +#: modules/administration/pages/image-management.adoc:136 msgid "" -"Different cloud frameworks treat the attachment of external storage devices " -"differently at instance boot time. Please refer to the cloud environment " -"documentation for guidance about the fstab entry." +"The Kiwi image building feature is available for Salt clients running {sles}" +"{nbsp}12 and {sles}{nbsp}11." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:284 +#: modules/administration/pages/image-management.adoc:137 msgid "" -"If your cloud framework recommends to add an fstab entry, add the following " -"line to the */etc/fstab* file." -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:288 -#, no-wrap -msgid "/dev/sdb1 /manager_storage xfs defaults,nofail 1 1\n" +"Kiwi image configuration files and configuration scripts must be accessible " +"in one of these locations:" msgstr "" -#. type: Title == -#: modules/administration/pages/public-cloud.adoc:292 -#, no-wrap -msgid "Registration of Cloned Systems" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:138 +msgid "Git repository" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:298 -msgid "" -"{productname} cannot distinguish between different instances that use the " -"same system ID. If you register a second instance with the same system ID " -"as a previous instance, {productname} will overwrite the original system " -"data with the new system data. This can occur when you launch multiple " -"instances from the same image, or when an image is created from a running " -"instance. However, it is possible to clone systems and register them " -"successfully by deleting the cloned system's ID, and generating a new ID." +#: modules/administration/pages/image-management.adoc:139 +msgid "HTTP hosted tarball" msgstr "" -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:300 -#, no-wrap -msgid "Procedure: Registering Cloned Systems" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:140 +msgid "Local build host directory" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:302 -msgid "Clone the system using your preferred hypervisor's cloning mechanism." +#: modules/administration/pages/image-management.adoc:141 +msgid "" +"For an example of a complete Kiwi repository served by git, see https://" +"github.com/SUSE/manager-build-profiles/tree/master/OSImage" msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:303 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:142 msgid "" -"On the cloned system, change the hostname and IP addresses, and check the " -"[path]``/etc/hosts`` file to ensure you have the right host entries." +"You will need at least 1{nbsp}GB of RAM available for Hosts running OS " +"Images built with Kiwi. Disk space depends on the actual size of the " +"image. For more information, see the documentation of the underlying system." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:305 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:143 msgid "" -"On traditional clients, stop the [command]``rhnsd`` daemon with [command]``/" -"etc/init.d/rhnsd stop`` or, on newer systemd-based systems, with " -"[command]``service rhnsd stop``. Then [command]``service osad stop``." +"The build host must be a Salt client. Do not install the build host as a " +"traditional client." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:306 -msgid "For SLES 11 or {rhel} 5 or 6 clients, run these commands:" +#: modules/administration/pages/image-management.adoc:145 +msgid "" +"To build all kinds of images with {productname}, create and configure a " +"build host. OS Image build hosts are Salt clients running on {sles}{nbsp}15 " +"SP2, {sles}{nbsp}12 (SP3 or later) or {sles}{nbsp}11 SP4." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:313 -msgid "For SLES 12, SLES 15, or {rhel} 7 clients, run these commands:" +#: modules/administration/pages/image-management.adoc:146 +msgid "" +"This procedure will guide you through the initial configuration for a build " +"host." msgstr "" -#. type: Plain text -#: modules/administration/pages/public-cloud.adoc:322 -msgid "If you are using Salt, then you will also need to run these commands:" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:147 +msgid "" +"The operating system on the build host must match the operating system on " +"the targeted image." msgstr "" -#. type: delimited block - -#: modules/administration/pages/public-cloud.adoc:326 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:148 msgid "" -"# service salt-minion stop\n" -"# rm -rf /var/cache/salt\n" +"For example, build {sles}{nbsp}15 based images on a build host running {sles}" +"{nbsp}15 SP2 OS version. Build {sles}{nbsp}12 based images on a build host " +"running {sles}{nbsp}12 SP4 or {sles}{nbsp}12 SP3 OS version. Build {sles}" +"{nbsp}11 based images on a build host running {sles}{nbsp}11 SP4 OS version." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:329 -msgid "If you are using a traditional client, clean up the working files with:" +#: modules/administration/pages/image-management.adoc:149 +msgid "Configure the build host in the {productname} {webui}:" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:335 +#: modules/administration/pages/image-management.adoc:150 msgid "" -"The bootstrap should now run with a new system ID, rather than a duplicate." +"Select a client that will be designated as a build host from the menu:" +"Systems[Overview] page." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:340 +#: modules/administration/pages/image-management.adoc:151 msgid "" -"If you are onboarding Salt client clones, then you will also need to check " -"if they have the same Salt minion ID. You will need to delete the minion ID " -"on each cloned client, using the [command]``rm`` command. Each operating " -"system type stores this file in a slightly different location, check the " -"table for the appropriate command." +"Navigate to the menu:System Details[Properties] tab, enable the " +"[guimenu]``Add-on System Type`` [guimenu]``OS Image Build Host``. Confirm " +"with btn:[Update Properties]." msgstr "" -#. type: Block title -#: modules/administration/pages/public-cloud.adoc:342 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:152 #, no-wrap -msgid "Minion ID File Location" +msgid "os-image-build-host.png" msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:344 -msgid "" -"Each operating system stores the minion ID file in a slightly different " -"location, check the table for the appropriate command." -msgstr "" - -#. type: Table -#: modules/administration/pages/public-cloud.adoc:364 -#, no-wrap +#: modules/administration/pages/image-management.adoc:153 msgid "" -"| Operating System | Commands\n" -"| SLES 15 | [command]``rm /etc/salt/minion_id``\n" -"\n" -" [command]``rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" -"| SLES 12 | [command]``rm /etc/salt/minion_id``\n" -"\n" -" [command]``rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" -"| SLES 11 | [command]``rm /etc/salt/minion_id``\n" -"\n" -" [command]``suse_register -E``\n" -"| SLES 10 | [command]``rm -rf /etc/{zmd,zypp}``\n" -"\n" -" [command]``rm -rf /var/lib/zypp/``\n" -" Do not delete [path]``/var/lib/zypp/db/products/``\n" -"\n" -" [command]``rm -rf /var/lib/zmd/``\n" -"| {rhel} 5, 6, 7 | [command]`` rm -f /etc/NCCcredentials``\n" +"Navigate to menu:System Details[Software > Software Channels], and enable " +"the required software channels depending on the build host version." msgstr "" #. type: Plain text -#: modules/administration/pages/public-cloud.adoc:367 +#: modules/administration/pages/image-management.adoc:154 msgid "" -"When you have deleted the minion ID file, re-run the bootstrap script, and " -"restart the client to see the cloned system in {productname} with the new ID." -msgstr "" - -#. type: Title = -#: modules/administration/pages/mgr-sync.adoc:2 -#, no-wrap -msgid "Using ``mgr-sync``" +"{sles}{nbsp}11 build hosts require {productname} Client tools (``SLE-Manager-" +"Tools11-Pool`` and ``SLE-Manager-Tools11-Updates``)." msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:7 +#: modules/administration/pages/image-management.adoc:155 msgid "" -"The ``mgr-sync`` tool is used at the command prompt. It provides functions " -"for using {productname} that are not always available in the {webui}. The " -"primary use of ``mgr-sync`` is to connect to the {scc}, retrieve product and " -"package information, and prepare channels for synchronization with the " -"{productname} Server." +"{sles}{nbsp}12 build hosts require {productname} Client tools (``SLE-Manager-" +"Tools12-Pool`` and ``SLE-Manager-Tools12-Updates``)." msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:10 +#: modules/administration/pages/image-management.adoc:156 msgid "" -"This tool is designed for use with a {suse} support subscription. It is not " -"required for open source distributions, including {opensuse}, {centos}, and " -"{ubuntu}." +"{sles}{nbsp}15 build hosts require {sles} modules ``SLE-Module-DevTools15-" +"SP2-Pool`` and ``SLE-Module-DevTools15-SP2-Updates``. Schedule and click " +"btn:[Confirm]." msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:13 +#: modules/administration/pages/image-management.adoc:157 msgid "" -"The available commands and arguments for ``mgr-sync`` are listed in this " -"table. Use this syntax for ``mgr-sync`` commands:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/mgr-sync.adoc:16 -#, no-wrap -msgid "mgr-sync [-h] [--version] [-v] [-s] [-d {1,2,3}] {list,add,refresh,delete}\n" +"Install Kiwi and all required packages by applying `Highstate`. From the " +"system details page select menu:States[Highstate] and click btn:[Apply " +"Highstate]. Alternatively, apply Highstate from the {productname} Server " +"command line:" msgstr "" #. type: Block title -#: modules/administration/pages/mgr-sync.adoc:21 +#: modules/administration/pages/image-management.adoc:159 #, no-wrap -msgid "mgr-sync Commands" +msgid "{productname} Web Server Public Certificate RPM" msgstr "" -#. type: Table -#: modules/administration/pages/mgr-sync.adoc:29 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/image-management.adoc:160 msgid "" -"| Command | Description | Example Use\n" -"| list | List channels, organization credentials, or products | ``mgr-sync list channels``\n" -"| add | Add channels, organization credentials, or products | ``mgr-sync add channel ``\n" -"| refresh | Refresh the local copy of products, channels, and subscriptions | ``mgr-sync refresh``\n" -"| delete | Delete existing SCC organization credentials from the local system | ``mgr-sync delete credentials``\n" -"| sync | Synchronize specified channel or ask for it when left blank| ``mgr-sync sync channel ``\n" +"Build host provisioning copies the {productname} certificate RPM to the " +"build host. This certificate is used for accessing repositories provided by " +"{productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:33 +#: modules/administration/pages/image-management.adoc:161 msgid "" -"To see the full list of options specific to a command, use this command:" +"The certificate is packaged in RPM by the `mgr-package-rpm-certificate-" +"osimage` package script. The package script is called automatically during " +"a new {productname} installation." msgstr "" -#. type: delimited block - -#: modules/administration/pages/mgr-sync.adoc:36 -#, no-wrap -msgid "mgr-sync --help\n" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:162 +msgid "" +"When you upgrade the `spacewalk-certs-tools` package, the upgrade scenario " +"will call the package script using the default values. However if the " +"certificate path was changed or unavailable, you will need to call the " +"package script manually using `--ca-cert-full-path ` " +"after the upgrade procedure has finished." msgstr "" #. type: Block title -#: modules/administration/pages/mgr-sync.adoc:42 +#: modules/administration/pages/image-management.adoc:163 #, no-wrap -msgid "mgr-sync Optional Arguments" +msgid "Package script call example" msgstr "" -#. type: Table -#: modules/administration/pages/mgr-sync.adoc:51 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:164 #, no-wrap -msgid "" -"| Option | Abbreviated option | Description | Example Use\n" -"| help | ``h`` | Display the command usage and options | ``mgr-sync --help``\n" -"| version | N/A | Display the currently installed version of ``mgr-sync`` | ``mgr-sync --version``\n" -"| verbose | ``v`` | Provide verbose output | ``mgr-sync --verbose refresh``\n" -"| store-credentials | ``s`` | Store credentials a local hidden file | ``mgr-sync --store-credentials``\n" -"| debug | ``d`` | Log additional debugging information. Requires a level of 1, 2, 3. 3 provides the highest amnount of debugging information | ``mgr-sync -d 3 refresh``\n" -"| no-sync | N/A | Use with the ``add`` command to add products or channels without beginning a synchronization | ``mgr-sync --no-sync add ``\n" +msgid "/usr/sbin/mgr-package-rpm-certificate-osimage --ca-cert-full-path /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:57 -msgid "Logs for ``mgr-sync`` are located in:" +#: modules/administration/pages/image-management.adoc:165 +msgid "" +"The RPM package with the certificate is stored in a salt-accessible " +"directory such as:" msgstr "" -#. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:59 -msgid "[path]``/var/log/rhn/mgr-sync.log``" +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:166 +#, no-wrap +msgid "/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-osimage-1.0-1.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/mgr-sync.adoc:59 -msgid "[path]``/var/log/rhn/rhn_web_api.log``" +#: modules/administration/pages/image-management.adoc:167 +msgid "" +"The RPM package with the certificate is provided in the local build host " +"repository:" msgstr "" -#. type: Title = -#: modules/administration/pages/auth-methods-pam.adoc:2 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:168 #, no-wrap -msgid "Authentication With PAM" +msgid "/var/lib/Kiwi/repo\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:7 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:169 msgid "" -"{productname} supports network-based authentication systems using pluggable " -"authentication modules (PAM). PAM is a suite of libraries that allows you " -"to integrate {productname} with a centralized authentication mechanism, " -"eliminating the need to remember multiple passwords. {productname} supports " -"LDAP, Kerberos, and other network-based authentication systems using PAM." +"Specify the RPM package with the {productname} SSL certificate in the build " +"source, and make sure your Kiwi configuration contains ``rhn-org-trusted-ssl-" +"cert-osimage`` as a required package in the ``bootstrap`` section." msgstr "" #. type: Block title -#: modules/administration/pages/auth-methods-pam.adoc:10 +#: modules/administration/pages/image-management.adoc:170 #, no-wrap -msgid "Procedure: Enabling PAM" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:15 -msgid "" -"Create a PAM service file at [path]``/etc/pam.d/susemanager``. A standard " -"[path]``/etc/pam.d/susemanager`` file should look like this. It configures " -"{productname} to use the system wide PAM configuration:" +msgid "config.xml" msgstr "" #. type: delimited block - -#: modules/administration/pages/auth-methods-pam.adoc:22 +#: modules/administration/pages/image-management.adoc:171 #, no-wrap msgid "" -"#%PAM-1.0\n" -"auth include common-auth\n" -"account include common-account\n" -"password include common-password\n" -"session include common-session\n" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:24 -msgid "" -"Enforce the use of the service file by adding this line to [path]``/etc/rhn/" -"rhn.conf``:" +"...\n" +" \n" +" ...\n" +" \n" +" \n" +"...\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-pam.adoc:27 +#. type: Title === +#: modules/administration/pages/image-management.adoc:172 #, no-wrap -msgid "pam_auth_service = susemanager\n" +msgid "Create an Activation Key for OS Images" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:30 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:173 msgid "" -"In this example, the PAM service file is called [systemitem]``susemanager``." +"Create an activation key associated with the channel that your OS Images " +"will use as repositories when building the image." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:31 -msgid "Restart the {productname} services after a configuration change." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:174 +msgid "Activation keys are mandatory for OS Image building." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:32 +#: modules/administration/pages/image-management.adoc:175 msgid "" -"In the {productname} {webui}, navigate to menu:Users[Create User] and enable " -"a new or existing user to authenticate with PAM." +"To build OS Images, you will need an activation key that is associated with " +"a channel other than `SUSE Manager Default`." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:34 -msgid "" -"Check the [guimenu]``Pluggable Authentication Modules (PAM)`` checkbox. It " -"is below the password and password confirmation fields." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:177 +msgid "In the {webui}, select menu:Systems[Activation Keys]." msgstr "" #. type: delimited block = -#: modules/administration/pages/auth-methods-pam.adoc:43 -msgid "" -"Changing the password in the {productname} {webui} changes only the local " -"password on the {productname} Server. If PAM is enabled for that user, the " -"local password might not be used at all. In the above example, for " -"instance, the Kerberos password will not be changed. Use the password " -"change mechanism of your network service to change the password for these " -"users." +#: modules/administration/pages/image-management.adoc:178 +msgid "Click [guimenu]``Create Key``." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:48 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:179 msgid "" -"To configure system-wide authentication you can use YaST. You will need to " -"install the [package]``yast2-ldap-client`` and [package]``yast2-kerberos-" -"client`` packages." +"Enter a [guimenu]``Description``, a [guimenu]``Key`` name, and use the drop-" +"down box to select a [guimenu]``Base Channel`` to associate with the key." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-pam.adoc:52 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:183 msgid "" -"For more information about configuring PAM, the SUSE Linux Enterprise Server " -"Security Guide contains a generic example that will also work for other " -"network-based authentication methods. It also describes how to configure an " -"active directory service. For more information, see https://documentation." -"suse.com/sles/15-SP1/html/SLES-all/part-auth.html." -msgstr "" - -#. type: Title = -#: modules/administration/pages/auth-methods-sso.adoc:2 -#, no-wrap -msgid "Authentication With Single Sign-On (SSO)" +"OS Images can require a significant amount of storage space. Therefore, we " +"recommended that the OS Image store is located on a partition of its own or " +"on a Btrfs subvolume, separate from the root partition. By default, the " +"image store will be located at [path]``/srv/www/os-images``." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:5 +#: modules/administration/pages/image-management.adoc:184 msgid "" -"{productname} supports single sign-on (SSO) by implementing the Security " -"Assertion Markup Language (SAML){nbsp}2 protocol." +"Image stores for Kiwi build type, used to build system, virtual, and other " +"images, are not supported yet." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:10 +#: modules/administration/pages/image-management.adoc:185 msgid "" -"Single sign-on is an authentication process that allows a user to access " -"multiple applications with one set of credentials. SAML is an XML-based " -"standard for exchanging authentication and authorization data. A SAML " -"identity service provider (IdP) provides authentication and authorization " -"services to service providers (SP), such as {productname}. {productname} " -"exposes three endpoints which must be enabled for single sign-on." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:12 -msgid "SSO in {productname} supports:" +"Images are always stored in [path]``/srv/www/os-images/`` " +"and are accessible via HTTP/HTTPS [url]``https:///os-" +"images/``." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:14 -msgid "Log in with SSO." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:187 +msgid "Manage image profiles using the {webui}." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:15 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:190 msgid "" -"Log out with service provider-initiated single logout (SLO), and Identity " -"service provider single logout service (SLS)." +"To create an image profile select from menu:Images[Profiles] and click btn:" +"[Create]." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:16 -msgid "Assertion and nameId encryption." +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:191 +#, no-wrap +msgid "images_image_create_profile_kiwi.png" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:17 -msgid "Assertion signatures." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:192 +msgid "" +"In the [guimenu]``Label`` field, provide a name for the `Image Profile`." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:18 -msgid "" -"Message signatures with AuthNRequest, LogoutRequest, and LogoutResponses." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:193 +msgid "Use `Kiwi` as the [guimenu]``Image Type``." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:19 -msgid "Enable an Assertion consumer service endpoint." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:194 +msgid "Image store is automatically selected." msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:20 -msgid "Enable a single logout service endpoint." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:195 +msgid "" +"Enter a [guimenu]``Config URL`` to the directory containing the Kiwi " +"configuration files:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:21 -msgid "Publish the SP metadata (which can be signed)." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:196 +msgid "git URI" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:23 -msgid "SSO in {productname} does not support:" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:197 +msgid "HTTPS tarball" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:25 -msgid "" -"Product choosing and implementation for the identity service provider (IdP)." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:198 +msgid "Path to build host local directory" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:26 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:199 msgid "" -"SAML support for other products (check with the respective product " -"documentation)." +"Select an [guimenu]``Activation Key``. Activation keys ensure that images " +"using a profile are assigned to the correct channel and packages." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:28 +#: modules/administration/pages/image-management.adoc:200 msgid "" -"For an example implementation of SSO, see xref:administration:auth-methods-" -"sso-example.adoc[]." +"Associate an activation key with an image profile to ensure the image " +"profile uses the correct software channel, and any packages." msgstr "" #. type: delimited block = -#: modules/administration/pages/auth-methods-sso.adoc:34 -msgid "" -"If you change from the default authentication method to single sign-on, the " -"new SSO credentials apply only to the {webui}. Client tools such as ``mgr-" -"sync`` or ``spacecmd`` will continue to work with the default authentication " -"method only." +#: modules/administration/pages/image-management.adoc:201 +msgid "Confirm with the btn:[Create] button." msgstr "" -#. type: Title == -#: modules/administration/pages/auth-methods-sso.adoc:38 +#. type: Block title +#: modules/administration/pages/image-management.adoc:202 #, no-wrap -msgid "Prerequisites" +msgid "Source format options" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:42 -msgid "" -"Before you begin, you need to have configured an external identity service " -"provider with these parameters. Check your IdP documentation for " -"instructions." +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:203 +msgid "git/HTTP(S) URL to the repository" msgstr "" #. type: delimited block = -#: modules/administration/pages/auth-methods-sso.adoc:48 +#: modules/administration/pages/image-management.adoc:204 msgid "" -"Your IdP must have a SAML:Attribute containing the username of the IdP user " -"domain, called ``uid``. The ``uid`` attribute passed in the SAML:Attribute " -"must be created in the {productname} user base before you activate single " -"sign-on." +"URL to the git repository containing the sources of the image to be built. " +"Depending on the layout of the repository the URL can be:" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:52 -msgid "You will need these endpoints:" +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:205 +#, no-wrap +msgid "https://github.com/SUSE/manager-build-profiles\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:55 +#: modules/administration/pages/image-management.adoc:206 msgid "" -"Assertion consumer service (or ACS): an endpoint to accept SAML messages to " -"establish a session into the Service Provider. The endpoint for ACS in " -"{productname} is: https://server.example.com/rhn/manager/sso/acs" +"You can specify a branch after the `#` character in the URL. In this " +"example, we use the `master` branch:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:207 +#, no-wrap +msgid "https://github.com/SUSE/manager-build-profiles#master\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:57 +#: modules/administration/pages/image-management.adoc:208 msgid "" -"Single logout service (or SLS): an endpoint to initiate a logout request " -"from the IdP. The endpoint for SLS in {productname} is: https://server." -"example.com/rhn/manager/sso/sls" +"You can specify a directory that contains the image sources after the `:` " +"character. In this example, we use `OSImage/POS_Image-JeOS6`:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:209 +#, no-wrap +msgid "https://github.com/SUSE/manager-build-profiles#master:OSImage/POS_Image-JeOS6\n" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:59 -msgid "" -"Metadata: an endpoint to retrieve {productname} metadata for SAML. The " -"endpoint for metadata in {productname} is: https://server.example.com/rhn/" -"manager/sso/metadata" +#: modules/administration/pages/image-management.adoc:210 +msgid "HTTP(S) URL to the tarball" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:61 +#: modules/administration/pages/image-management.adoc:211 msgid "" -"After the authentication with the IdP using the user ``orgadmin`` is " -"successful, you will be logged in into {productname} as the ``orgadmin`` " -"user, provided that the ``orgadmin`` user exists in {productname}." +"URL to the tar archive, compressed or uncompressed, hosted on the webserver." msgstr "" -#. type: Title == -#: modules/administration/pages/auth-methods-sso.adoc:64 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:212 #, no-wrap -msgid "Enable SSO" +msgid "https://myimagesourceserver.example.org/MyKiwiImage.tar.gz\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/auth-methods-sso.adoc:70 +#. type: Plain text +#: modules/administration/pages/image-management.adoc:213 +msgid "Path to the directory on the build host" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/image-management.adoc:214 msgid "" -"Using SSO is mutually exclusive with other types of authentication: it is " -"either enabled or disabled. SSO is disabled by default." +"Enter the path to the directory with the Kiwi build system sources. This " +"directory must be present on the selected build host." msgstr "" -#. type: Block title -#: modules/administration/pages/auth-methods-sso.adoc:72 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:215 #, no-wrap -msgid "Procedure: Enabling SSO" +msgid "/var/lib/Kiwi/MyKiwiImage\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:75 -msgid "If your users do not yet exist in {productname}, create them first." +#. type: Title ==== +#: modules/administration/pages/image-management.adoc:216 +#, no-wrap +msgid "Example of Kiwi Sources" msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:76 +#: modules/administration/pages/image-management.adoc:217 msgid "" -"Edit [path]``/etc/rhn/rhn.conf`` and add this line at the end of the file:" +"Kiwi sources consist at least of `config.xml`. Usually, `config.sh` and " +"`images.sh` are present as well. Sources can also contain files to be " +"installed in the final image under the `root` subdirectory." msgstr "" -#. type: delimited block - -#: modules/administration/pages/auth-methods-sso.adoc:79 -#, no-wrap -msgid "java.sso = true\n" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:218 +msgid "" +"For information about the Kiwi build system, see the https://doc.opensuse." +"org/projects/kiwi/doc/[Kiwi documentation]." msgstr "" #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:83 +#: modules/administration/pages/image-management.adoc:219 msgid "" -"Find the parameters you want to customize in [path]``/usr/share/rhn/config-" -"defaults/rhn_java_sso.conf``. Insert the parameters you want to customize " -"into [path]``/etc/rhn/rhn.conf`` and prefix them with [literal]``java." -"sso``. For example, in [path]``/usr/share/rhn/config-defaults/rhn_java_sso." -"conf`` find:" +"{suse} provides examples of fully functional image sources at the https://" +"github.com/SUSE/manager-build-profiles[SUSE/manager-build-profiles] public " +"GitHub repository." +msgstr "" + +#. type: Block title +#: modules/administration/pages/image-management.adoc:220 +#, no-wrap +msgid "Example of JeOS config.xml" msgstr "" #. type: delimited block - -#: modules/administration/pages/auth-methods-sso.adoc:86 +#: modules/administration/pages/image-management.adoc:221 #, no-wrap -msgid "onelogin.saml2.sp.assertion_consumer_service.url = https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" +msgid "\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:89 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:222 +#, no-wrap msgid "" -"To customize it, create the corresponding option in [path]``/etc/rhn/rhn." -"conf`` by prefixing the option name with ``java.sso.``:" +"\n" +" \n" +" Admin User\n" +" noemail@example.com\n" +" SUSE Linux Enterprise 12 SP3 JeOS\n" +" \n" +" \n" +" 6.0.0\n" +" zypper\n" +" SLE\n" +" SLE\n" msgstr "" #. type: delimited block - -#: modules/administration/pages/auth-methods-sso.adoc:92 +#: modules/administration/pages/image-management.adoc:223 #, no-wrap -msgid "java.sso.onelogin.saml2.sp.assertion_consumer_service.url = https://YOUR-PRODUCT-HOSTNAME-OR-IP/rhn/manager/sso/acs\n" +msgid "" +" en_US\n" +" us.map.gz\n" +" Europe/Berlin\n" +" utc\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:96 +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:224 +#, no-wrap msgid "" -"To find all the occurrences you need to change, search in the file for the " -"placeholders [literal]``YOUR-PRODUCT`` and [literal]``YOUR-IDP-ENTITY``. " -"Every parameter comes with a brief explanation of what it is meant for." +" true\n" +" \n" +" \n" +" \n" +" \n" +" \n" +" \n" +" \n" +" \n" +" ...\n" +" \n" +" \n" +" ...\n" +" \n" +" \n" +" \n" msgstr "" -#. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:97 -msgid "Restart the spacewalk service to pick up the changes:" +#. type: delimited block - +#: modules/administration/pages/image-management.adoc:225 +#, no-wrap +msgid "" +" \n" +" \n" +" \n" +" \n" +" ...\n" +" \n" +"\n" msgstr "" +#. ianew: admin/image-management.adoc +#. iawho: lana 2019-02-27 #. type: Plain text -#: modules/administration/pages/auth-methods-sso.adoc:104 +#: modules/administration/pages/image-management.adoc:227 msgid "" -"When you visit the {productname} URL, you will be redirected to the IdP for " -"SSO where you will be requested to authenticate. Upon successful " -"authentication, you will be redirected to the {productname} {webui}, logged " -"in as the authenticated user. If you encounter problems with logging in " -"using SSO, check the {productname} logs for more information." +"There are two ways to build an image using the {webui}. Either select menu:" +"Images[Build], or click the build icon in the menu:Images[Profiles] list." msgstr "" -#. type: Title = -#: modules/administration/pages/content-lifecycle-examples.adoc:2 -#, no-wrap -msgid "Content Lifecycle Management Examples" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:231 +msgid "" +"Add a different tag name if you want a version other than the default " +"``latest`` (applies only to containers)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:6 -msgid "" -"This section contains some common examples of how you can use content " -"lifecycle management. Use these examples to build your own personalized " -"implementation." +#: modules/administration/pages/image-management.adoc:232 +msgid "Select the [guimenu]``Image Profile`` and a [guimenu]``Build Host``." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:10 -#, no-wrap -msgid "Creating a Project for a Monthly Patch Cycle" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:233 +msgid "" +"A [guimenu]``Profile Summary`` is displayed to the right of the build " +"fields. When you have selected a build profile, detailed information about " +"the selected profile will show up in this area." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:13 -msgid "An example project for a monthly patch cycle consists of:" +#: modules/administration/pages/image-management.adoc:234 +msgid "To schedule a build, click the btn:[Build] button." msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:15 -#: modules/administration/pages/content-lifecycle-examples.adoc:23 -#, no-wrap -msgid "Creating a `By Date` filter" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:235 +msgid "" +"The build server cannot run any form of automounter during the image " +"building process. If applicable, ensure that you do not have your Gnome " +"session running as root. If an automounter is running, the image build will " +"finish successfully, but the checksum of the image will be different and " +"will fail later." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:16 -msgid "Adding the filter to the project" +#: modules/administration/pages/image-management.adoc:236 +msgid "" +"After the image is successfully built, the inspection phase begins. During " +"the inspection phase {susemgr} collects information about the image:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:17 -msgid "Applying the filter to a new project build" +#: modules/administration/pages/image-management.adoc:237 +msgid "List of packages installed in the image" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:18 -msgid "Excluding a patch from the project" +#: modules/administration/pages/image-management.adoc:238 +msgid "Checksum of the image" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:19 -msgid "Including a patch in the project" +#: modules/administration/pages/image-management.adoc:239 +msgid "Image type and other image details" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:27 +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:240 msgid "" -"The ``By Date`` filter excludes all patches released after a specified " -"date. This filter is useful for your content lifecycle projects that follow " -"a monthly patch cycle." +"If the built image type is `PXE`, a Salt pillar will also be generated. " +"Image pillars are stored in the `/srv/susemanager/pillar_data/images/` " +"directory and the Salt subsystem can access details about the generated " +"image. Details include where the pillar is located and provided, image " +"checksums, information needed for network boot, and more." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:29 -#, no-wrap -msgid "Procedure: Creating the ``By Date`` Filter" +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:241 +msgid "The generated pillar is available to all connected clients." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:31 -#: modules/administration/pages/content-lifecycle-examples.adoc:76 -#: modules/administration/pages/content-lifecycle-examples.adoc:106 +#: modules/administration/pages/image-management.adoc:243 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters] " -"and click btn:[Create Filter]." +"Building an image requires several dependent steps. When the build fails, " +"investigating Salt states results can help identify the source of the " +"failure. You can carry out these checks when the build fails:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:33 -msgid "" -"In the [guimenu]``Filter Name`` field, type a name for your filter. For " -"example, [systemitem]``Exclude patches by date``." +#: modules/administration/pages/image-management.adoc:244 +msgid "The build host can access the build sources" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:34 +#: modules/administration/pages/image-management.adoc:245 msgid "" -"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Issue " -"date)``." +"There is enough disk space for the image on both the build host and the " +"{productname} server" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:35 -msgid "" -"In the [guimenu]``Matcher`` field, [guimenu]``later or equal`` is " -"autoselected." +#: modules/administration/pages/image-management.adoc:246 +msgid "The activation key has the correct channels associated with it" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:36 -msgid "Select the date and time." +#: modules/administration/pages/image-management.adoc:247 +msgid "The build sources used are valid" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:37 -#: modules/administration/pages/content-lifecycle-examples.adoc:48 -#: modules/administration/pages/content-lifecycle-examples.adoc:83 -#: modules/administration/pages/content-lifecycle-examples.adoc:115 -msgid "Click btn:[Save]." +#: modules/administration/pages/image-management.adoc:248 +msgid "" +"The RPM package with the {productname} public certificate is up to date and " +"available at `/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-" +"osimage-1.0-1.noarch.rpm`. For more on how to refresh a public certificate " +"RPM, see <>." msgstr "" #. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:41 +#: modules/administration/pages/image-management.adoc:249 #, no-wrap -msgid "Adding the Filter to the Project" +msgid "Limitations" msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:43 -#, no-wrap -msgid "Procedure: Adding a Filter to a Project" +#. type: Plain text +#: modules/administration/pages/image-management.adoc:250 +msgid "The section contains some known issues when working with images." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:45 +#: modules/administration/pages/image-management.adoc:251 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Projects] " -"and select a project from the list." +"HTTPS certificates used to access the HTTP sources or git repositories " +"should be deployed to the client by a custom state file, or configured " +"manually." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:46 -msgid "Click btn:[Attach/Detach Filters] link to see all available filters" +#: modules/administration/pages/image-management.adoc:252 +msgid "Importing Kiwi-based images is not supported." +msgstr "" + +#. type: Title == +#: modules/administration/pages/image-management.adoc:253 +#, no-wrap +msgid "List Image Profiles Available for Building" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:47 -msgid "Select the new [guimenu]``Exclude patches by date`` filter." +#: modules/administration/pages/image-management.adoc:254 +msgid "" +"To list images available for building select menu:Images[Image List]. A " +"list of all images will be displayed." msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:52 +#. type: Target for macro image +#: modules/administration/pages/image-management.adoc:255 #, no-wrap -msgid "Applying the Filter to a new Project Build" +msgid "images_list_images.png" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:56 +#: modules/administration/pages/image-management.adoc:256 msgid "" -"The new filter is added to your filter list, but it still needs to be " -"applied to the project. To apply the filter you need to build the first " -"environment." +"Displayed data about images includes an image [guimenu]``Name``, its " +"[guimenu]``Version`` and the build [guimenu]``Status``. You will also see " +"the image update status with a listing of possible patch and package updates " +"that are available for the image." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:57 +#. type: Plain text +#: modules/administration/pages/image-management.adoc:257 +msgid "" +"Clicking the btn:[Details] button on an image will provide a detailed view. " +"The detailed view includes an exact list of relevant patches and a list of " +"all packages installed within the image." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/image-management.adoc:258 +msgid "" +"The patch and the package list is only available if the inspect state after " +"a build was successful." +msgstr "" + +#. type: Title = +#: modules/administration/pages/iss.adoc:1 #, no-wrap -msgid "Procedure: Using the Filter" +msgid "Inter-Server Synchronization" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:59 -msgid "Click btn:[Build] to build the first environment." +#: modules/administration/pages/iss.adoc:2 +msgid "" +"If you have more than one {productname} installation, you need to ensure " +"that they stay aligned on content and permissions. Inter-Server " +"Synchronization (ISS) allows you to connect two or more {productname} " +"Servers and keep them up-to-date." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:61 +#: modules/administration/pages/iss.adoc:3 msgid "" -"OPTIONAL: Add a message. You can use messages to help track the build " -"history." +"To set up ISS, you need to define one {productname} Server as a master, with " +"the other as a slave. If conflicting configurations exist, the system will " +"prioritize the master configuration." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:62 +#. type: delimited block = +#: modules/administration/pages/iss.adoc:4 msgid "" -"Check that the filter has worked correctly by using the new channels on a " -"test server." +"ISS Masters are masters only because they have slaves attached to them. " +"This means that you need to set up the ISS Master first, by defining its " +"slaves. You can then set up the ISS Slaves, by attaching them to a master." +msgstr "" + +#. type: Block title +#: modules/administration/pages/iss.adoc:5 +#, no-wrap +msgid "Procedure: Setting up an ISS Master" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:64 +#: modules/administration/pages/iss.adoc:6 msgid "" -"Click btn:[Promote] to move the content to the next environment. The build " -"will take longer if you have a large number of filters, or they are very " -"complex." +"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " +"Master Setup], and click btn:[Add new slave]." msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:68 -#, no-wrap -msgid "Excluding a Patch from the Project" +#. type: Plain text +#: modules/administration/pages/iss.adoc:7 +msgid "" +"In the [guimenu]``Edit Slave Details`` dialog, provide these details for the " +"ISS Master's first slave:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:72 +#: modules/administration/pages/iss.adoc:8 msgid "" -"Tests may help you discover issues. When an issue is found, exclude the " -"problem patch released before the `by date` filter." +"In the [guimenu]``Slave Fully-Qualified Domain Name`` field, enter the FQDN " +"of the ISS Slave." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:73 -#, no-wrap -msgid "Procedure: Excluding a Patch" +#. type: Plain text +#: modules/administration/pages/iss.adoc:9 +msgid "For example: [systemitem]``server2.example.com``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:78 +#: modules/administration/pages/iss.adoc:10 msgid "" -"In the [guimenu]``Filter Name`` field, enter a name for the filter. For " -"example, [systemitem]``Exclude openjdk patch``." +"Check the [guimenu]``Allow Slave to Sync?`` checkbox to enable the slave to " +"synchronize with the master." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:79 -#: modules/administration/pages/content-lifecycle-examples.adoc:109 +#: modules/administration/pages/iss.adoc:11 msgid "" -"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Advisory " -"Name)``." +"Check the [guimenu]``Sync All Orgs to Slave?`` checkbox to synchronize all " +"organizations to this slave." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:80 -#: modules/administration/pages/content-lifecycle-examples.adoc:110 -msgid "In the [guimenu]``Matcher`` field, select [guimenu]``equals``." +#: modules/administration/pages/iss.adoc:12 +msgid "Click btn:[Create] to add the ISS slave." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:82 +#: modules/administration/pages/iss.adoc:13 msgid "" -"In the [guimenu]``Advisory Name`` field, type a name for the advisory. For " -"example, [systemitem]``SUSE-15-2019-1807``." +"In the [guimenu]``Allow Export of the Selected Organizations`` section, " +"check the organizations you want to allow this slave to export to the " +"master, and click btn:[Allow Orgs]." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:84 -#: modules/administration/pages/content-lifecycle-examples.adoc:177 -#: modules/administration/pages/content-lifecycle-examples.adoc:255 -msgid "Navigate to menu:Content Lifecycle[Projects] and select your project." +#: modules/administration/pages/iss.adoc:14 +msgid "" +"Before you set up the ISS Slave, you will need to ensure you have the " +"appropriate CA certificate." +msgstr "" + +#. type: Block title +#: modules/administration/pages/iss.adoc:15 +#, no-wrap +msgid "Procedure: Copying the Master CA Certificate to an ISS Slave" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:85 +#: modules/administration/pages/iss.adoc:16 msgid "" -"Click btn:[Attach/Detach Filters] link, select [guimenu]``Exclude openjdk " -"patch``, and click btn:[Save]." +"On the ISS Master, locate the CA Certificate at ``/srv/www/htdocs/pub/RHN-" +"ORG-TRUSTED-SSL-CERT`` and create a copy that can be transferred to the " +"ISS Slave." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:87 +#: modules/administration/pages/iss.adoc:17 msgid "" -"When you rebuild the project with the btn:[Build] button, the new filter is " -"used together with the [guimenu]``by date`` filter we added before." +"On the ISS Slave, save the CA certificate file to the ``/etc/pki/trust/" +"anchors/`` directory." msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:91 +#. type: Plain text +#: modules/administration/pages/iss.adoc:18 +msgid "When you have copied the certificate, you can set up the ISS Slave." +msgstr "" + +#. type: Block title +#: modules/administration/pages/iss.adoc:19 #, no-wrap -msgid "Including a Patch in the Project" +msgid "Procedure: Setting up an ISS Slave" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:97 +#: modules/administration/pages/iss.adoc:20 msgid "" -"In this example, you have received a security alert. An important security " -"patch was released several days after the first of the month you are " -"currently working on. The name of the new patch is ``SUSE-15-2019-2071``. " -"You need to include this new patch into your environment." +"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " +"Slave Setup], and click btn:[Add new master]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:102 +#. type: Plain text +#: modules/administration/pages/iss.adoc:21 msgid "" -"The [guimenu]``Allow`` filters rule overrides the exclude function of the " -"[guimenu]``Deny`` filter rule. For more information, see xref:" -"administration:content-lifecycle.adoc[]." +"In the [guimenu]``Details for new Master`` dialog, provide these details for " +"the server to use as the ISS master:" msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:104 -#, no-wrap -msgid "Procedure: Including a Patch in a Project" +#. type: Plain text +#: modules/administration/pages/iss.adoc:22 +msgid "" +"In the [guimenu]``Master Fully-Qualified Domain Name`` field, enter the FQDN " +"of the ISS Master for this slave." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:108 -msgid "" -"In the [guimenu]``Filter Name`` field, type a name for the filter. For " -"example, [systemitem]``Include kernel security fix``." +#: modules/administration/pages/iss.adoc:23 +msgid "For example: ``server1.example.com``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:111 +#: modules/administration/pages/iss.adoc:24 msgid "" -"In the [guimenu]``Advisory Name`` field, type " -"[guimenu]``SUSE-15-2019-2071``, and check [guimenu]``Allow``." +"In the [guimenu]``Filename of this Master's CA Certificate`` field, enter " +"the absolute path to the CA certificate on the ISS master." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:112 -#: modules/administration/pages/content-lifecycle-examples.adoc:176 -msgid "Click btn:[Save] to store the filter." +#: modules/administration/pages/iss.adoc:25 +msgid "This should be ``/etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:113 -msgid "" -"Navigate to menu:Content Lifecycle[Projects] and select your project from " -"the list." +#: modules/administration/pages/iss.adoc:26 +msgid "Click btn:[Add new master] to add the ISS Slave to this master." +msgstr "" + +#. type: Block title +#: modules/administration/pages/iss.adoc:27 +#, no-wrap +msgid "Procedure: Completing ISS Setup" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:114 +#: modules/administration/pages/iss.adoc:28 msgid "" -"Click btn:[Attach/Detach Filters], and select [guimenu]``Include kernel " -"security patch``." +"At the command prompt on the ISS Slave, synchronize with the ISS Master:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/iss.adoc:29 +#, no-wrap +msgid "mgr-inter-sync\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:116 -msgid "Click btn:[Build] to rebuild the environment." +#: modules/administration/pages/iss.adoc:30 +msgid "OPTIONAL: To synchronize a single channel, use this command:" msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:120 +#. type: delimited block - +#: modules/administration/pages/iss.adoc:31 #, no-wrap -msgid "Update an Existing Monthly Patch Cycle" +msgid "mgr-inter-sync -c \n" msgstr "" +#. Need to double check this against the UI. --LKB 2020-04-08 #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:123 +#: modules/administration/pages/iss.adoc:32 msgid "" -"When a monthly patch cycle is complete, you can update the patch cycle for " -"the next month." +"In the {productname} {webui}, navigate to menu:Admin[ISS Configuration > " +"Configure Master-to-Slave Mappings] and select the organizations you want to " +"synchronize." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:124 +#. type: Title = +#: modules/administration/pages/live-patching-channel-setup.adoc:1 #, no-wrap -msgid "Procedure: Updating a Monthly Patch Cycle" +msgid "Set up Channels for Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:127 +#: modules/administration/pages/live-patching-channel-setup.adoc:2 msgid "" -"In the [guimenu]``by date`` field, change the date of the filter to the next " -"month. Alternatively, create a new filter and change the assignment to the " -"project." +"A reboot is required every time you update the full kernel package. " +"Therefore, it is important that clients using Live Patching do not have " +"newer kernels available in the channels they are assigned to. Clients using " +"live patching have updates for the running kernel in the live patching " +"channels." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:129 -msgid "" -"Check if the exclude filter for ``SUSE-15-2019-1807`` can be detached from " -"the project. There may be a new patch available to fix this issue." +#: modules/administration/pages/live-patching-channel-setup.adoc:3 +msgid "There are two ways to manage channels for live patching:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:131 +#: modules/administration/pages/live-patching-channel-setup.adoc:4 msgid "" -"Detach the ``allow`` filter you added previously. The patch is included by " -"default." +"Use content lifecycle management to clone the product tree and remove kernel " +"versions newer than the running one. This procedure is explained in the " +"xref:content-lifecycle-examples.adoc#enhance-project-with-" +"livepatching[Content Livecycle Management Examples]. This is the " +"recommended solution." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:132 +#: modules/administration/pages/live-patching-channel-setup.adoc:5 msgid "" -"Rebuild the project to create a new environment with patches for the next " -"month." +"Alternatively, use the `spacewalk-manage-channel-lifecycle` tool. This " +"procedure is more manual and requires command line tools as well as the " +"{webui}. This procedure is explained in this section for SLES{nbsp}15 SP1, " +"but it also works for SLE{nbsp}12 SP4 or later." msgstr "" #. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:136 +#: modules/administration/pages/live-patching-channel-setup.adoc:6 #, no-wrap -msgid "Enhance a Project with Live Patching" +msgid "Use spacewalk-manage-channel-lifecycle for Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:139 +#: modules/administration/pages/live-patching-channel-setup.adoc:7 msgid "" -"This section covers setting up filters to create environments for live " -"patching." +"Cloned vendor channels should be prefixed by ``dev`` for development, " +"``testing``, or ``prod`` for production. In this procedure, you will create " +"a ``dev`` cloned channel and then promote the channel to ``testing``." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:143 -msgid "" -"When you are preparing to use live patching, there are some important " -"considerations" +#. type: Block title +#: modules/administration/pages/live-patching-channel-setup.adoc:8 +#, no-wrap +msgid "Procedure: Cloning Live Patching Channels" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:146 +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:9 msgid "" -"Only ever use one kernel version on your systems. The live patching " -"packages are installed with a specific kernel." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:147 -msgid "Live patching updates are shipped as one patch." +"At the command prompt on the client, as root, obtain the current package " +"channel tree:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:150 +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:10 +#, no-wrap msgid "" -"Each kernel patch that begins a new series of live patching kernels will " -"display the ``required reboot`` flag. These kernel patches come with live " -"patching tools. When you have installed them, you will need to reboot the " -"system at least once before the next year." +"# spacewalk-manage-channel-lifecycle --list-channels\n" +"Spacewalk Username: admin\n" +"Spacewalk Password:\n" +"Channel tree:\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:151 +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:11 +#, no-wrap msgid "" -"Only install live patch updates that match the installed kernel version." +" 1. sles15-{sp-vert}-pool-x86_64\n" +" \\__ sle-live-patching15-pool-x86_64-{sp-vert}\n" +" \\__ sle-live-patching15-updates-x86_64-{sp-vert}\n" +" \\__ sle-manager-tools15-pool-x86_64-{sp-vert}\n" +" \\__ sle-manager-tools15-updates-x86_64-{sp-vert}\n" +" \\__ sles15-{sp-vert}-updates-x86_64\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:153 +#. type: Plain text +#: modules/administration/pages/live-patching-channel-setup.adoc:12 msgid "" -"Live patches are provided as stand-alone patches. You must exclude all " -"regular kernel patches with higher kernel version than the currently " -"installed one." +"Use the [command]``spacewalk-manage-channel`` command with the " +"[option]``init`` argument to automatically create a new development clone of " +"the original vendor channel:" msgstr "" -#. type: Title === -#: modules/administration/pages/content-lifecycle-examples.adoc:158 +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:13 #, no-wrap -msgid "Exclude Packages with a Higher Kernel Version" +msgid "spacewalk-manage-channel-lifecycle --init -c sles15-{sp-vert}-pool-x86_64\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:162 +#: modules/administration/pages/live-patching-channel-setup.adoc:14 msgid "" -"In this example you update your systems with the ``SUSE-15-2019-1244`` " -"patch. This patch contains ``kernel-default-4.12.14-150.17.1-x86_64``." +"Check that [systemitem]``dev-sles15-{sp-vert}-updates-x86_64`` is available " +"in your channel list." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:164 +#: modules/administration/pages/live-patching-channel-setup.adoc:15 msgid "" -"You need to exclude all patches which contain a higher version of ``kernel-" -"default``." +"Check the ``dev`` cloned channel you created, and remove any kernel updates " +"that require a reboot." msgstr "" #. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:165 +#: modules/administration/pages/live-patching-channel-setup.adoc:16 #, no-wrap -msgid "Procedure: Excluding Packages with a Higher Kernel Version" +msgid "Procedure: Removing Non-Live Kernel Patches from Cloned Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:167 +#: modules/administration/pages/live-patching-channel-setup.adoc:17 msgid "" -"In the {productname} {webui}, navigate to menu:Content Lifecycle[Filters], " -"and click btn:[Create Filter]." +"Check the current kernel version by selecting the client from menu:" +"Systems[System List], and taking note of the version displayed in the " +"[guimenu]``Kernel`` field." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:169 +#: modules/administration/pages/live-patching-channel-setup.adoc:18 msgid "" -"In the [guimenu]``Filter Name`` field, type a name for your filter. For " -"example, [systemitem]``Exclude kernel greater than 4.12.14-150.17.1``." +"In the {productname} {webui}, select the client from menu:Systems[Overview], " +"navigate to the menu:Software[Manage > Channels] tab, and select " +"[systemitem]``dev-sles15-sp{sp-vert}-updates-x86_64``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:170 +#: modules/administration/pages/live-patching-channel-setup.adoc:19 msgid "" -"In the [guimenu]``Filter Type`` field, select [guimenu]``Patch (Contains " -"Package)``." +"Navigate to the [guimenu]``Patches`` tab, and click btn:[List/Remove " +"Patches]." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:171 +#: modules/administration/pages/live-patching-channel-setup.adoc:20 msgid "" -"In the [guimenu]``Matcher`` field, select [guimenu]``version greater than``." +"In the search bar, type [systemitem]``kernel`` and identify the kernel " +"version that matches the kernel currently used by your client." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:172 +#: modules/administration/pages/live-patching-channel-setup.adoc:21 msgid "" -"In the [guimenu]``Package Name`` field, type [systemitem]``kernel-default``." +"Remove all kernel versions that are newer than the currently installed " +"kernel." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:173 -msgid "Leave the the [guimenu]``Epoch`` field empty." +#: modules/administration/pages/live-patching-channel-setup.adoc:22 +msgid "" +"Your channel is now set up for live patching, and can be promoted to " +"``testing``. In this procedure, you will also add the live patching child " +"channels to your client, ready to be applied." +msgstr "" + +#. type: Block title +#: modules/administration/pages/live-patching-channel-setup.adoc:23 +#, no-wrap +msgid "Procedure: Promoting Live Patching Channels" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:174 -msgid "In the [guimenu]``Version`` field, type [systemitem]``4.12.14``." +#: modules/administration/pages/live-patching-channel-setup.adoc:24 +msgid "" +"At the command prompt on the client, as `root`, promote and clone the `dev-" +"sles15-{sp-vert}-pool-x86_64` channel to a new ``testing`` channel:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/live-patching-channel-setup.adoc:25 +#, no-wrap +msgid "# spacewalk-manage-channel-lifecycle --promote -c dev-sles15-{sp-vert}-pool-x86_64\n" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:175 -msgid "In the [guimenu]``Release`` field, type [systemitem]``150.17.1``." +#: modules/administration/pages/live-patching-channel-setup.adoc:26 +msgid "" +"In the {productname} {webui}, select the client from menu:Systems[Overview], " +"and navigate to the menu:Software[Software Channels] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:179 +#: modules/administration/pages/live-patching-channel-setup.adoc:27 msgid "" -"Select [guimenu]``Exclude kernel greater than 4.12.14-150.17.1``, and click " -"btn:[Save]." +"Check the new [systemitem]``test-sles15-sp{sp-vert}-pool-x86_64`` custom " +"channel to change the base channel, and check both corresponding live " +"patching child channels." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:183 +#: modules/administration/pages/live-patching-channel-setup.adoc:28 msgid "" -"When you click btn:[Build], a new environment is created. The new " -"environment contains all the kernel patches up to the version you installed." +"Click btn:[Next], confirm that the details are correct, and click btn:" +"[Confirm] to save the changes." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:186 +#: modules/administration/pages/live-patching-channel-setup.adoc:29 msgid "" -"All kernel patches with higher kernel versions are removed. Live patching " -"kernels will stay available as long as they are not the first in a series." +"You can now select and view available CVE patches, and apply these important " +"kernel updates with Live Patching." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:202 +#. type: Title = +#: modules/administration/pages/live-patching-sles12.adoc:1 #, no-wrap -msgid "Switch to a New Kernel Version for Live Patching" +msgid "Live Patching on SLES{nbsp}12" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:207 +#: modules/administration/pages/live-patching-sles12.adoc:2 msgid "" -"Live Patching for a specific kernel version is only available for one year. " -"After one year you must update the kernel on your systems. Execute these " -"environment changes:" +"On SLES{nbsp}12 systems, live patching is managed by kGraft. For in depth " +"information covering kGraft use, see https://documentation.suse.com/sles/12-" +"SP4/html/SLES-all/cha-kgraft.html." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:208 -#, no-wrap -msgid "Procedure: Switch to a New Kernel Version" +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:3 +#: modules/administration/pages/live-patching-sles15.adoc:3 +msgid "Before you begin, ensure:" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:211 -msgid "" -"Decide which kernel version you will upgrade to. For example: " -"`4.12.14-150.32.1`" +#: modules/administration/pages/live-patching-sles12.adoc:4 +#: modules/administration/pages/live-patching-sles15.adoc:4 +msgid "{productname} is fully updated." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:212 -msgid "Create a new kernel version Filter." +#: modules/administration/pages/live-patching-sles12.adoc:5 +msgid "You have one or more Salt clients running SLES{nbsp}12 (SP1 or later)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:213 +#: modules/administration/pages/live-patching-sles12.adoc:6 +msgid "Your SLES{nbsp}12 Salt clients are registered with {productname}." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:7 msgid "" -"Detach the previous filter **Exclude kernel greater than 4.12.14-150.17.1** " -"and attach the new filter." +"You have access to the SLES{nbsp}12 channels appropriate for your " +"architecture, including the live patching child channel (or channels)." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:8 +#: modules/administration/pages/live-patching-sles15.adoc:8 +msgid "The clients are fully synchronized." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:9 +#: modules/administration/pages/live-patching-sles15.adoc:9 +msgid "Assign the clients to the cloned channels prepared for live patching." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:220 +#: modules/administration/pages/live-patching-sles12.adoc:10 +#: modules/administration/pages/live-patching-sles15.adoc:10 msgid "" -"Click btn:[Build] to rebuild the environment. The new environment contains " -"all kernel patches up to the new kernel version you selected. Systems using " -"these channels will have the kernel update available for installation. You " -"will need to reboot systems after they have performed the upgrade. The new " -"kernel will remain valid for one year. All packages installed during the " -"year will match the current live patching kernel filter." +"For more information on preparation, see xref:administration:live-patching-" +"channel-setup.adoc[]." msgstr "" -#. type: Title == -#: modules/administration/pages/content-lifecycle-examples.adoc:223 +#. type: Block title +#: modules/administration/pages/live-patching-sles12.adoc:11 +#: modules/administration/pages/live-patching-sles15.adoc:11 #, no-wrap -msgid "Appstream Filters" +msgid "Procedure: Setting up for Live Patching" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:229 +#: modules/administration/pages/live-patching-sles12.adoc:12 msgid "" -"If you are using {rhel}{nbsp}8 clients, you cannot perform package " -"operations such as installing or upgrading directly from modular " -"repositories like the {rhel} Appstream repository. You can use the " -"Appstream filter to transform modular repositories into regular " -"repositories. It does this by keeping the packages in the repository and " -"stripping away the module metadata. The resulting repository can be used in " -"{productname} in the same way as a regular repository." +"Select the client you want to manage with Live Patching from menu:" +"Systems[Overview], and on the system details page navigate to the menu:" +"Software[Packages > Install] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:232 -msgid "" -"The AppStream filter selects a single module stream to be included in the " -"target repository. You can add multiple filters to select multiple module " -"streams." +#: modules/administration/pages/live-patching-sles12.adoc:13 +msgid "Search for the [systemitem]``kgraft`` package, and install it." +msgstr "" + +#. type: Target for macro image +#: modules/administration/pages/live-patching-sles12.adoc:14 +#, no-wrap +msgid "enable_live_patching_kgraft_install.png" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:235 -msgid "" -"If you do not use an AppStream filter in your CLM project, the module " -"metadata in the modular sources remains intact, and the target repositories " -"contain the same module metadata. As long as at least one AppStream filter " -"is enabled in the CLM project, all target repositories are transformed into " -"regular repositories." +#: modules/administration/pages/live-patching-sles12.adoc:15 +#: modules/administration/pages/live-patching-sles15.adoc:15 +msgid "Apply the highstate to enable Live Patching, and reboot the client." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/live-patching-sles12.adoc:16 +#: modules/administration/pages/live-patching-sles15.adoc:16 +msgid "Repeat for each client that you want to manage with Live Patching." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:238 +#: modules/administration/pages/live-patching-sles12.adoc:17 msgid "" -"To use the AppStream filter, you need a CLM project with a modular " -"repository such as ``{rhel} AppStream``. Ensure that you included the " -"module you need as a source before you begin." +"To check that live patching has been enabled correctly, select the client " +"from menu:Systems[System List], and ensure that [systemitem]``Live " +"Patching`` appears in the [guimenu]``Kernel`` field." msgstr "" #. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:241 +#: modules/administration/pages/live-patching-sles12.adoc:18 +#: modules/administration/pages/live-patching-sles15.adoc:18 #, no-wrap -msgid "Procedure: Using Appstream Filters" +msgid "Procedure: Applying Live Patches to a Kernel" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:244 -#: modules/administration/pages/content-lifecycle-examples.adoc:263 +#: modules/administration/pages/live-patching-sles12.adoc:19 +#: modules/administration/pages/live-patching-sles15.adoc:19 msgid "" -"In the {productname} {webui}, navigate to your {rhel}{nbsp}8 CLM project. " -"Ensure that you have included the AppStream channels for your project." +"In the {productname} {webui}, select the client from menu:Systems[Overview]." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:245 -#: modules/administration/pages/content-lifecycle-examples.adoc:264 -msgid "Click btn:``Create Filter`` and use these parameters:" +#: modules/administration/pages/live-patching-sles12.adoc:20 +#: modules/administration/pages/live-patching-sles15.adoc:20 +msgid "" +"You will see a banner at the top of the screen showing the number of " +"critical and non-critical packages available for the client:" msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:247 -#: modules/administration/pages/content-lifecycle-examples.adoc:266 -msgid "In the [guimenu]``Filter Name`` field, type a name for the new filter." +#. type: Target for macro image +#: modules/administration/pages/live-patching-sles12.adoc:21 +#: modules/administration/pages/live-patching-sles15.adoc:21 +#, no-wrap +msgid "live_patching_criticalupdates.png" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:248 -#: modules/administration/pages/content-lifecycle-examples.adoc:267 -msgid "" -"In the [guimenu]``Filter Type`` field, select [parameter]``Module (Stream)``." +#: modules/administration/pages/live-patching-sles12.adoc:22 +#: modules/administration/pages/live-patching-sles15.adoc:22 +msgid "Click btn:[Critical] to see a list of the available critical patches." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:250 +#: modules/administration/pages/live-patching-sles12.adoc:23 +#: modules/administration/pages/live-patching-sles15.adoc:23 msgid "" -"In the [guimenu]``Module Name`` field, type a module name. For example, " -"[parameter]``postgresql``." +"Select any patch with a synopsis reading [guimenu]``Important: Security " +"update for the Linux kernel``." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:253 -msgid "" -"In the [guimenu]``Stream`` field, type the name of the desired stream. For " -"example, [parameter]``10``. If you leave this field blank, the default " -"stream for the module is selected." +#: modules/administration/pages/live-patching-sles12.adoc:24 +#: modules/administration/pages/live-patching-sles15.adoc:24 +msgid "Security bugs will also include their CVE number, where applicable." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:254 -msgid "Click btn:[Save] to create the new filter." +#: modules/administration/pages/live-patching-sles12.adoc:25 +#: modules/administration/pages/live-patching-sles15.adoc:25 +msgid "" +"OPTIONAL: If you know the CVE number of a patch you want to apply, you can " +"search for it in menu:Audit[CVE Audit], and apply the patch to any clients " +"that require it." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:256 +#. type: delimited block = +#: modules/administration/pages/live-patching-sles12.adoc:26 +#: modules/administration/pages/live-patching-sles15.adoc:26 msgid "" -"Click btn:``Attach/Detach Filters``, select your new Appstream filter, and " -"click btn:[Save]." +"Not all kernel patches are Live Patches! Non-Live kernel patches are " +"represented by a `Reboot Required` icon located next to the `Security` " +"shield icon. These patches will always require a reboot." msgstr "" -#. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:259 +#. type: delimited block = +#: modules/administration/pages/live-patching-sles12.adoc:27 +#: modules/administration/pages/live-patching-sles15.adoc:27 msgid "" -"You can use the browse function in the ``Create/Edit Filter`` form to select " -"a module from a list of available module streams for a modular channel." +"Not all security issues can be fixed by applying a live patch. Some " +"security issues can only be fixed by applying a full kernel update and will " +"require a reboot. The assigned CVE numbers for these issues are not " +"included in live patches. A CVE audit will display this requirement." msgstr "" -#. type: Block title -#: modules/administration/pages/content-lifecycle-examples.adoc:260 +#. type: Title = +#: modules/administration/pages/live-patching-sles15.adoc:1 #, no-wrap -msgid "Procedure: Browsing Available Module Streams" +msgid "Live Patching on SLES{nbsp}15" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:268 -msgid "Click ``Browse available modules`` to see all modular channels." +#: modules/administration/pages/live-patching-sles15.adoc:2 +msgid "" +"On SLES{nbsp}15 systems and newer, live patching is managed by the " +"[systemitem]``klp livepatch`` tool." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:269 -msgid "Select a channel to browse the modules and streams:" +#: modules/administration/pages/live-patching-sles15.adoc:5 +msgid "You have one or more Salt clients running SLES{nbsp}15 (SP1 or later)." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:271 -msgid "" -"In the [guimenu]``Module Name`` field, start typing a module name to search, " -"or select from the list." +#: modules/administration/pages/live-patching-sles15.adoc:6 +msgid "Your SLES{nbsp}15 Salt clients are registered with {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:272 +#: modules/administration/pages/live-patching-sles15.adoc:7 msgid "" -"In the [guimenu]``Stream`` field, start typing a stream name to search, or " -"select from the list." +"You have access to the SLES{nbsp}15 channels appropriate for your " +"architecture, including the live patching child channel (or channels)." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:278 +#. type: Plain text +#: modules/administration/pages/live-patching-sles15.adoc:12 msgid "" -"Channel selection is only for browsing modules. The selected channel will " -"not be saved with the filter, and will not affect the CLM process in any way." +"Select the client you want to manage with Live Patching from menu:" +"Systems[Overview], and navigate to the menu:Software[Packages > Install] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:282 +#: modules/administration/pages/live-patching-sles15.adoc:13 msgid "" -"You can create additional AppStream filters for any other module stream to " -"be included in the target repository. Any module streams that the selected " -"stream depends on will be automatically included." +"Search for the [systemitem]``kernel-livepatch`` package, and install it." msgstr "" -#. type: delimited block = -#: modules/administration/pages/content-lifecycle-examples.adoc:289 -msgid "" -"Be careful not to specify conflicting, incompatible, or missing module " -"streams. For example, selecting two streams from the same module is invalid." +#. type: Target for macro image +#: modules/administration/pages/live-patching-sles15.adoc:14 +#, no-wrap +msgid "enable_live_patching_kernel_live_install.png" msgstr "" #. type: Plain text -#: modules/administration/pages/content-lifecycle-examples.adoc:292 +#: modules/administration/pages/live-patching-sles15.adoc:17 msgid "" -"When you build your CLM project using the btn:[Build] button in the {webui}, " -"the target repository is a regular repository without any modules, that " -"contains packages from the selected module streams." +"To check that live patching has been enabled correctly, select the client " +"from menu:Systems[System List], and ensure that [systemitem]``Live Patch`` " +"appears in the [guimenu]``Kernel`` field." msgstr "" #. type: Title = -#: modules/administration/pages/tshoot-osadjabberd.adoc:2 +#: modules/administration/pages/maintenance-window-tasks.adoc:1 #, no-wrap -msgid "Troubleshooting OSAD and jabberd" +msgid "Maintenance Window Tasks" msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step -#. type: Title == -#: modules/administration/pages/tshoot-osadjabberd.adoc:24 -#, no-wrap -msgid "Open File Count Exceeded" +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:2 +msgid "" +"If you work with scheduled maintenance windows, you might find it difficult " +"to remember all the things that you need to do before, during, and after " +"that critical downtime of the {productname} Server. {productname} Server " +"related systems such as Inter-Server Synchronization Slave Servers or " +"{productname} Proxies are also affected and have to be considered." msgstr "" +#. It's similar to zypper at the package level: #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:27 +#: modules/administration/pages/maintenance-window-tasks.adoc:3 msgid "" -"In some cases, the maximum number of files that jabber can open is lower " -"than the number of connected OSAD clients." +"{suse} recommends you always keep your {productname} infrastructure " +"updated. That includes servers, proxies, and build hosts. If you do not " +"keep the {productname} Server updated, you might not be able to update some " +"parts of your environment when you need to." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:29 +#: modules/administration/pages/maintenance-window-tasks.adoc:4 msgid "" -"If this occurs, OSAD clients cannot contact the SUSE Manager Server, and " -"jabberd will take an excessive amount of time to respond on port 5222." +"This section contains a checklist for your maintenance window, with links to " +"further information on performing each of the steps." msgstr "" -#. type: delimited block = -#: modules/administration/pages/tshoot-osadjabberd.adoc:35 -msgid "" -"This fix is only required if you have more than 8192 clients connected using " -"OSAD. In this case, we recommend you consider using Salt clients instead. " -"For more information about tuning large scale installations, see xref:salt:" -"large-scale.adoc[]." +#. type: Title == +#: modules/administration/pages/maintenance-window-tasks.adoc:5 +#, no-wrap +msgid "Server" msgstr "" +#. ke, 2019-09-30: we'll stop spacewalk during the update +#. . Stop spacewalk services. +#. You will need to stop the spacewalk, SAP, and database services, along with any others you have running. +#. . Check if the configuration is still correct. #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:39 -msgid "" -"You can increase the number of files available to jabber by editing the " -"jabberd local configuration file. By default, the file is located at " -"[path]``/etc/systemd/system/jabberd.service.d/override.conf``." +#: modules/administration/pages/maintenance-window-tasks.adoc:6 +msgid "Apply the latest updates." msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-osadjabberd.adoc:42 -#, no-wrap -msgid "Procedure: Adjusting the Maximum File Count" +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:7 +msgid "See xref:upgrade:server-intro.adoc[]." +msgstr "" + +#. We reboot during the above listed procedures. +#. . Reboot the server. +#. . Check if the configuration is still correct. +#. . Start any stopped services. +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:8 +msgid "Upgrade to the latest service pack, if required." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:45 +#: modules/administration/pages/maintenance-window-tasks.adoc:9 msgid "" -"At the command prompt, as root, open the local configuration file for " -"editing:" +"Run [command]``spacewalk-service status`` and check whether all required " +"services are up and running." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-osadjabberd.adoc:48 -#, no-wrap -msgid "systemctl edit jabberd\n" +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:10 +msgid "" +"For information about database schema upgrades and PostgreSQL migrations, " +"see xref:upgrade:db-intro.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:50 -msgid "Add or edit this section:" +#: modules/administration/pages/maintenance-window-tasks.adoc:11 +msgid "" +"You can install updates using your package manager. For information on " +"using {yast}, see https://documentation.suse.com/sles/15-SP2/html/SLES-all/" +"cha-onlineupdate-you.html. For information on using zypper, see https://" +"documentation.suse.com/sles/15-SP2/html/SLES-all/cha-sw-cl.html#sec-zypper." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-osadjabberd.adoc:54 -#, no-wrap +# +# +#. Preferable, you will run such a tool within a maintenance window; for more information, see xref:administration:maintenance-window.adoc#maintenance-window[]. +#. complete procedure, also see above: +#. 1. Log in as root user to the SUSE Manager server. +#. 2. Stop the Spacewalk service: +#. spacewalk-service stop +#. 3. Apply the patch using either zypper patch or YaST Online Update. +#. 4. Upgrade the database schema: +#. spacewalk-schema-upgrade +#. 5. Start the Spacewalk service: +#. spacewalk-service start +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:12 msgid "" -"[Service]\n" -"LimitNOFILE=:\n" +"By default, several update channels are configured and enabled for the " +"{productname} Server. New and updated packages will become available " +"automatically." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:58 +#: modules/administration/pages/maintenance-window-tasks.adoc:13 msgid "" -"The value you choose will vary depending on your environment. For example, " -"if you have 9500 clients, increase the soft value by 100 to 9600, and the " -"hard value by 1000 to 10500:" +"To keep {susemgr} up to date, either connect it directly to {scc} or use " +"{rmtool} (RMT). You can use RMT as a local installation source for " +"disconnected environments." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-osadjabberd.adoc:63 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/maintenance-window-tasks.adoc:14 msgid "" -"[Unit]\n" -"LimitNOFILE=\n" -"LimitNOFILE=9600:10500\n" +"You can check that the update channels are available on your system with " +"this command:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/maintenance-window-tasks.adoc:15 +#, no-wrap +msgid "zypper lr\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:65 -msgid "Save the file and exit the editor." +#: modules/administration/pages/maintenance-window-tasks.adoc:16 +msgid "The output will look similar to this:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/tshoot-osadjabberd.adoc:70 +#. type: delimited block - +#: modules/administration/pages/maintenance-window-tasks.adoc:17 +#, no-wrap msgid "" -"The default editor for systemctl files is vim. To save the file and exit, " -"press kbd:[Esc] to enter ``normal`` mode, type kbd:[:wq] and press kbd:" -"[Enter]." +"Name | Enabled | GPG Check | Refresh\n" +"-------------------------------------------------------+---------+-----------+--------\n" +"SLE-Module-Basesystem15-SP2-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-Basesystem15-SP2-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Module-Python2-15-SP2-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-Python2-15-SP2-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Product-SUSE-Manager-Server-4.1-Pool | Yes | (r ) Yes | No\n" +"SLE-Product-SUSE-Manager-Server-4.1-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Module-SUSE-Manager-Server-4.1-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-SUSE-Manager-Server-4.1-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Module-Server-Applications15-SP2-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-Server-Applications15-SP2-Updates | Yes | (r ) Yes | Yes\n" +"SLE-Module-Web-Scripting15-SP2-Pool | Yes | (r ) Yes | No\n" +"SLE-Module-Web-Scripting15-SP2-Updates | Yes | (r ) Yes | Yes\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:74 +#: modules/administration/pages/maintenance-window-tasks.adoc:18 msgid "" -"Ensure you also update the `max_fds` parameter in [path]``/etc/jabberd/c2s." -"xml``. For example: `10500`" +"{productname} releases maintenance updates (MUs) to provide newer packages. " +"Maintenance updates are indicated with a new version number. For example, " +"the major release 4.1 will be incremented to 4.1.1 when an MU is released." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-osadjabberd.adoc:79 +#: modules/administration/pages/maintenance-window-tasks.adoc:19 msgid "" -"The soft file limit is the maximum number of open files for a single " -"process. In {productname} the highest consuming process is ``c2s``, which " -"opens a connection per client. 100 additional files are added, here, to " -"accommodate for any non-connection file that ``c2s`` requires to work " -"correctly. The hard limit applies to all processes belonging to jabber, and " -"also accounts for open files from the router, ``c2s`` and ``sm`` processes." +"You can verify which version you are running by looking at the bottom of the " +"navigation bar in the {webui}. You can also fetch the version number with " +"the [literal]``api.getVersion()`` XMLRPC API call." msgstr "" -#. type: Title = -#: modules/administration/pages/tshoot-hostname-rename.adoc:2 +#. type: Title === +#: modules/administration/pages/maintenance-window-tasks.adoc:20 #, no-wrap -msgid "Troubleshooting Renaming {productname} Server" +msgid "Client Tools" msgstr "" -# -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step -#. Showing my working. --LKB 2020-06-22 -#. Cause: Renaming the hostname -#. Consequence: Changes not picked up by db, clients and proxies -#. Fix: Use the [command]``spacewalk-hostname-rename`` script to update the settings in the PostgreSQL database and the internal structures of {productname}. -#. Result: Renaming is successfully propagated #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:33 +#: modules/administration/pages/maintenance-window-tasks.adoc:21 msgid "" -"If you change the hostname of the {productname} Server locally, your " -"{productname} installation will cease to work properly. This is because the " -"changes have not been made in the database, which prevents the changes from " -"propagating out your clients and any proxies." +"When the server is updated consider to update some tools on the clients, " +"too. Updating [package]``salt-minion``, [package]``zypper``, and other " +"related management package on clients is not a strict requirement, but it is " +"a best practice in general. For example, a maintenance update on the server " +"might introduce a major new Salt version. Then minions will continue to " +"work but might experience problems later on. To avoid this always update " +"the salt-minion package when available. {suse} makes sure that " +"[package]``salt-minion`` can always be updated safely." msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:36 -msgid "" -"If you need to change the hostname of the {productname} Server, you can do " -"so using the [command]``spacewalk-hostname-rename`` script. This script " -"updates the settings in the PostgreSQL database and the internal structures " -"of {productname}." +#. type: Title == +#: modules/administration/pages/maintenance-window-tasks.adoc:22 +#, no-wrap +msgid "Inter-Server Synchronization Slave Server" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:38 +#: modules/administration/pages/maintenance-window-tasks.adoc:23 msgid "" -"The [command]``spacewalk-hostname-rename`` script is part of the " -"[package]``spacewalk-utils`` package." +"If you are using an inter-server synchronization slave server, update it " +"after the {productname} Server update is complete." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:40 +#: modules/administration/pages/maintenance-window-tasks.adoc:24 msgid "" -"The only mandatory parameter for the script is the newly configured IP " -"address of the {productname} Server." +"For more in inter-server synchronization, see xref:administration:iss.adoc[]." msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-hostname-rename.adoc:43 +#. type: Title == +#: modules/administration/pages/maintenance-window-tasks.adoc:25 #, no-wrap -msgid "Procedure: Renaming {productname} Server" +msgid "Monitoring Server" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:47 +#: modules/administration/pages/maintenance-window-tasks.adoc:26 msgid "" -"Change the network settings of the server on the system level locally and " -"remotely at the DNS server. You will also need to provide configuration " -"settings for reverse name resolution. Changing network settings is done in " -"the same way as with renaming any other system." +"If you are using a monitoring server for Prometheus, update it after the " +"{productname} Server update is complete." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:48 +#: modules/administration/pages/maintenance-window-tasks.adoc:27 msgid "" -"Reboot the {productname} Server to use the new network configuration and to " -"ensure the hostname has changed." +"For more information on monitoring, see xref:administration:monitoring." +"adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:50 -msgid "" -"Run the script [command]``spacewalk-hostname-rename`` script with the public " -"IP address of the server. If the server is not using the new hostname, the " -"script will fail." +#. type: Title == +#: modules/administration/pages/maintenance-window-tasks.adoc:28 +#, no-wrap +msgid "Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:51 +#: modules/administration/pages/maintenance-window-tasks.adoc:29 msgid "" -"Re-configure your clients to make your environment aware of the new hostname " -"and IP address." +"Proxies should be updated as soon as {productname} Server updates are " +"complete." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:53 +#: modules/administration/pages/maintenance-window-tasks.adoc:30 msgid "" -"In the Salt minion configuration file [path]``/etc/salt/minion``, you must " -"make sure to specify the name of the new Salt master ({productname} Server):" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/tshoot-hostname-rename.adoc:56 -#, no-wrap -msgid "master: \n" +"In general, running a proxy connected to a server on a different version is " +"not supported. The only exception is for the duration of updates where it " +"is expected that the server is updated first, so the proxy could run the " +"previous version temporarily." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:61 +#: modules/administration/pages/maintenance-window-tasks.adoc:31 msgid "" -"Traditional clients have the [path]``/etc/sysconfig/rhn/up2date`` " -"configuration file that must be changed. With a re-activation key you can " -"re-register traditional clients (if there are any). For more information, " -"see xref:client-configuration:registration-cli.adoc[]." +"Especially if you are migrating from version 4.0 to 4.1, upgrade the server " +"first, then any proxy." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-hostname-rename.adoc:63 -msgid "" -"OPTIONAL: If you use PXE boot through a {productname} Proxy, you must check " -"the configuration settings of the proxy. On the proxy, run the " -"[command]``configure-tftpsync.sh`` setup script and enter the requested " -"information. For more information, see xref:installation:proxy-setup.adoc[]." +#: modules/administration/pages/maintenance-window-tasks.adoc:32 +msgid "For more information, see xref:upgrade:proxy-intro.adoc[]." msgstr "" #. type: Title = -#: modules/administration/pages/ssl-certs.adoc:2 +#: modules/administration/pages/maintenance-windows.adoc:1 #, no-wrap -msgid "SSL Certificates" +msgid "Maintenance Windows" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:5 +#: modules/administration/pages/maintenance-windows.adoc:2 msgid "" -"{productname} uses SSL certificates to ensure that clients are registered to " -"the correct server." +"The maintenance windows feature in {productname} allows you to schedule " +"actions to occur during a scheduled maintenance window period. When you " +"have created your maintenance window schedule, and applied it to a client, " +"you are prevented from executing some actions outside of the specified " +"period." msgstr "" -#. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:8 +#. type: delimited block = +#: modules/administration/pages/maintenance-windows.adoc:3 msgid "" -"Every client that uses SSL to register to the {productname} Server checks " -"that it is connecting to the right server by validating against a server " -"certificate. This process is called an SSL handshake." +"Maintenance windows operate in a different way to system locking. System " +"locks are switched on or off as required, while maintenance windows define " +"periods of time when actions are allowed. Additionally, the allowed and " +"restricted actions differ. For more information about system locks, see " +"xref:client-configuration:system-locking.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:11 +#: modules/administration/pages/maintenance-windows.adoc:4 msgid "" -"During the SSL handshake, the client will check that the hostname in the " -"server certificate matches what it expects. The client also needs to check " -"if the server certificate is trusted." +"Maintenance windows require both a calendar, and a schedule. The calendar " +"defines the date and time of your maintenance window events, including " +"recurring events, and must be in [path]``ical`` format. The schedule uses " +"the events defined in the calendar to create the maintenance windows. You " +"must create an [path]``ical`` file for upload, or link to an [path]``ical`` " +"file to create the calendar, before you can create the schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:14 +#: modules/administration/pages/maintenance-windows.adoc:5 msgid "" -"Every {productname} Server that uses SSL requires an SSL server " -"certificate. Provide the path to the server certificate using the " -"``SERVER_CERT`` environment variable during setup, or with the ``--from-" -"server-cert`` option of the [command]``rhn-ssl-tool`` command." +"When you have created the schedule, you can assign it to clients that are " +"registered to the {productname} Server. Clients that have a maintenance " +"schedule assigned cannot run restricted actions outside of maintenance " +"windows." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:17 +#: modules/administration/pages/maintenance-windows.adoc:6 msgid "" -"Certificate authorities (CAs) are certificates that are used to sign other " -"certificates. All certificates must be signed by a certificate authority " -"(CA) in order for them to be considered valid, and for clients to be able to " -"successfully match against them." +"Restricted actions significantly modify the client, and could potentially " +"cause the client to stop running. Some examples of restricted actions are:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:23 -msgid "" -"When an organization signs its own certificate, the certificate is " -"considered self-signed. A self-signed certificate is straight-forward to " -"set up, and does not cost any money, but they are considered less secure. " -"If you are using a self-signed certificate, you will have a root CA that is " -"signed with itself. When you look at the details of a root CA, you will see " -"that the subject has the same value as the issuer. Provide the path to your " -"root CA certificate using the ``CA_CERT`` environment variable during setup, " -"or with the ``--ca-cert`` option of the [command]``rhn-ssl-tool`` command." +#: modules/administration/pages/maintenance-windows.adoc:7 +msgid "Package installation" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:26 -msgid "" -"In order for SSL authentication to work correctly, the client must trust the " -"root CA. This means that the root CA must be installed on every client." +#: modules/administration/pages/maintenance-windows.adoc:8 +msgid "Client upgrade" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:29 -msgid "" -"The default method of SSL authentication is for {productname} to use self-" -"signed certificates. In this case, {productname} has generated all the " -"certificates, and the root CA has signed the server certificate directly." +#: modules/administration/pages/maintenance-windows.adoc:9 +msgid "Service pack migration" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:34 -msgid "" -"An alternative method is to use an intermediate CA. In this case, the root " -"CA signs the intermediate CA. The intermediate CA can then sign any number " -"of other intermediate CAs, and the final one signs the server certificate. " -"This is referred to as a chained certificate." +#: modules/administration/pages/maintenance-windows.adoc:10 +msgid "Highstate application (for Salt clients)" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:37 +#: modules/administration/pages/maintenance-windows.adoc:11 msgid "" -"If you are using intermediate CAs in a chained certificate, the root CA is " -"installed on the client, and the server certificate is installed on the " -"server. During the SSL handshake, clients must be able to verify the entire " -"chain of intermediate certificates between the root CA and the server " -"certificate, so they must be able to access all the intermediate " -"certificates." +"Unrestricted actions are minor actions that are considered safe and are " +"unlikely to cause problems on the client. Some examples of unrestricted " +"actions are:" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:42 -msgid "" -"There are two main ways of achieving this. In {productname}, by default, " -"all the intermediate CAs are installed on the client. However, you could " -"also configure your services on the server to provide them to the client. " -"In this case, during the SSL handshake, the server presents the server " -"certificate as well as all the intermediate CAs." +#: modules/administration/pages/maintenance-windows.adoc:12 +msgid "Package profile update" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:13 +msgid "Hardware refresh" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:14 +msgid "Subscribing to software channels" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:46 +#: modules/administration/pages/maintenance-windows.adoc:15 msgid "" -"Whichever method you choose, you must ensure that the ``CA_CERT`` " -"environment variable points to the root CA, and all intermediate CAs. It " -"should not contain the server certificate. The server certificate must be " -"defined at the ``SERVER_CERT`` environment variable." +"Before you begin, you must create an [path]``ical`` file for upload, or link " +"to an [path]``ical`` file to create the calendar. You can create " +"[path]``ical`` files in your preferred calendaring tool, such as Microsoft " +"Outlook, Google Calendar, or KOrganizer." +msgstr "" + +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:16 +#, no-wrap +msgid "Procedure: Uploading a New Maintenance Calendar" msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:53 +#: modules/administration/pages/maintenance-windows.adoc:17 msgid "" -"By default, {productname} uses a self-signed certificate. For additional " -"security, you can arrange a third party CA to sign your certificates. Third " -"party CAs perform checks to ensure that the information contained in the " -"certificate is correct. They will usually charge an annual fee for this " -"service. Using a third party CA makes certificates harder to spoof, and " -"will provide additional protection for your installation. If you have " -"certificates signed by a third party CA, you can import them to your " -"{productname} installation." +"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " +"> Calendars], and click btn:[Create]." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:55 +#: modules/administration/pages/maintenance-windows.adoc:18 msgid "" -"For more on self-signed certificates, see xref:administration:ssl-certs-" -"selfsigned.adoc[]." +"In the [guimenu]``Calendar Name`` section, type a name for your calendar." msgstr "" #. type: Plain text -#: modules/administration/pages/ssl-certs.adoc:55 +#: modules/administration/pages/maintenance-windows.adoc:19 msgid "" -"For more on imported certificates, see xref:administration:ssl-certs-" -"imported.adoc[]." +"Either provide a URL to your [path]``ical`` file, or upload the file " +"directly." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:20 +msgid "Click btn:[Create Calendar] to save your calendar." msgstr "" -#. type: Title = -#: modules/administration/pages/custom-channels.adoc:2 +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:21 #, no-wrap -msgid "Custom Channels" +msgid "Procedure: Creating a New Schedule" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:6 +#: modules/administration/pages/maintenance-windows.adoc:22 +#: modules/administration/pages/maintenance-windows.adoc:45 msgid "" -"Custom channels give you the ability to create your own software packages " -"and repositories, which you can use to update your clients. They also allow " -"you to use software provided by third party vendors in your environment." +"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " +"> Schedules], and click btn:[Create]." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:8 +#: modules/administration/pages/maintenance-windows.adoc:23 msgid "" -"You must have administrator privileges to be able to create and manage " -"custom channels." +"In the [guimenu]``Schedule Name`` section, type a name for your schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:10 +#: modules/administration/pages/maintenance-windows.adoc:24 msgid "" -"Before you create a custom channel, determine which base channel you want to " -"associate it with, and which repositories you want to use for content." +"OPTIONAL: If your [path]``ical`` file contains events that apply to more " +"than one schedule, check [guimenu]``Multi``." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:12 -msgid "" -"This section gives more detail on how to create, administer, and delete " -"custom channels." +#: modules/administration/pages/maintenance-windows.adoc:25 +#: modules/administration/pages/maintenance-windows.adoc:49 +msgid "Select the calendar to assign to this schedule." msgstr "" -#. type: Title == -#: modules/administration/pages/custom-channels.adoc:15 +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:26 +#: modules/administration/pages/maintenance-windows.adoc:50 +#: modules/administration/pages/maintenance-windows.adoc:55 +msgid "Click btn:[Create Schedule] to save your schedule." +msgstr "" + +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:27 #, no-wrap -msgid "Creating Custom Channels and Repositories" +msgid "Procedure: Assigning a Schedule to a Client" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:19 +#: modules/administration/pages/maintenance-windows.adoc:28 msgid "" -"If you have custom software packages that you need to install on your " -"{productname} systems, you can create a custom child channel to manage " -"them. You will need to create the channel in the {productname} {webui} and " -"create a repository for the packages, before assigning the channel to your " -"systems." +"In the {productname} {webui}, navigate to menu:Systems[Systems List], select " +"the client to be assigned to a schedule, locate the [guimenu]``System " +"Properties`` panel, and click btn:[Edit These Properties]." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:22 +#: modules/administration/pages/maintenance-windows.adoc:29 msgid "" -"You can select a vendor channel as the base channel if you want to use " -"packages provided by a vendor. Alternatively, select ``none`` to make your " -"custom channel a base channel." +"Alternatively, you can assign clients through the system set manager by " +"navigating to menu:Systems[System Set Manager] and using the menu:" +"Misc[Maintenance Windows] tab." msgstr "" -#. We need to create a section on importing GPG keys and change this to point there: https://github.com/SUSE/spacewalk/issues/9474 LKB 2019-09-18 #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:29 +#: modules/administration/pages/maintenance-windows.adoc:30 msgid "" -"Custom channels will sometimes require additional security settings. Many " -"third party vendors secure packages with GPG. If you want to use GPG-" -"protected packages in your custom channel, you will need to trust the GPG " -"key which has been used to sign the metadata. You can then check the " -"[guimenu]``Has Signed Metadata?`` check box to match the package metadata " -"against the trusted GPG keys. For more information on importing GPG keys, " -"see xref:reference:systems/autoinst-gpg-and-ssl-keys.adoc[]." +"In the [guimenu]``Edit System Details`` page, locate the " +"[guimenu]``Maintenance Schedule`` field, and select the name of the schedule " +"to be assigned." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:31 +msgid "Click btn:[Update Properties] to assign the maintenance schedule." msgstr "" #. type: delimited block = -#: modules/administration/pages/custom-channels.adoc:35 +#: modules/administration/pages/maintenance-windows.adoc:32 msgid "" -"Do not create child channels containing packages that are not compatible " -"with the client system." +"When you assign a new maintenance schedule to a client, it is possible that " +"the client might already have some restricted actions scheduled, and that " +"these might now conflict with the new maintenance schedule. If this occurs, " +"the {webui} will display an error and you will not be able to assign the " +"schedule to the client. To resolve this, check the btn:[Cancel affected " +"actions] option when you assign the schedule. This will cancel any " +"previously scheduled actions that conflict with the new maintenance schedule." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:33 +msgid "" +"When you have created your maintenance windows, you can schedule restricted " +"actions, such as package upgrades, to be performed during the maintenance " +"window." msgstr "" #. type: Block title -#: modules/administration/pages/custom-channels.adoc:39 +#: modules/administration/pages/maintenance-windows.adoc:34 #, no-wrap -msgid "Procedure: Creating a Custom Channel" +msgid "Procedure: Scheduling a Package Upgrade" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:41 +#: modules/administration/pages/maintenance-windows.adoc:35 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and click btn:[Create Channel]." +"In the {productname} {webui}, navigate to menu:Systems[System List], select " +"the client you want to upgrade, and go to the menu:Software[Packages > " +"Upgrade] tab." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:43 +#: modules/administration/pages/maintenance-windows.adoc:36 msgid "" -"On the [guimenu]``Create Software Channel`` page, give your channel a name " -"(for example, [systemitem]``My Tools SLES 15 SP1 x86_64``) and a label (for " -"example, [systemitem]``my-tools-sles15sp1-x86_64``). Labels must not " -"contain spaces or uppercase letters." +"Select the package to upgrade from the list, and click btn:[Upgrade " +"Packages]." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:45 +#: modules/administration/pages/maintenance-windows.adoc:37 msgid "" -"In the [guimenu]``Parent Channel`` drop down, choose the relevant base " -"channel (for example, [systemitem]``SLE-Product-SLES15-SP1-Pool for " -"x86_64``). Ensure that you choose the compatible parent channel for your " -"packages." +"In the [guimenu]``Maintenance Window`` field, select which maintenance " +"window the client should use to perform the upgrade." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:46 -msgid "" -"In the [guimenu]``Architecture`` drop down, choose the appropriate hardware " -"architecture (for example, [systemitem]``x86_64``)." +#: modules/administration/pages/maintenance-windows.adoc:38 +msgid "Click btn:[Confirm] to schedule the package upgrade." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:47 -msgid "" -"Provide any additional information in the contact details, channel access " -"control, and GPG fields, as required for your environment." +#. type: Title == +#: modules/administration/pages/maintenance-windows.adoc:39 +#, no-wrap +msgid "Maintenance Schedule Types" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:48 -msgid "Click btn:[Create Channel]." +#: modules/administration/pages/maintenance-windows.adoc:40 +msgid "" +"When you create a calendar, it contains a number of events, which can be " +"either one-time events, or recurring events. Each event contains a " +"``summary`` field. If you want to create multiple maintenance schedules for " +"one calendar, you can specify events for each using the ``summary`` field." msgstr "" -#. type: delimited block = -#: modules/administration/pages/custom-channels.adoc:55 +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:41 msgid "" -"By default, the ``Enable GPG Check`` field is checked when you create a new " -"channel. If you would like to add custom packages and applications to your " -"channel, make sure you uncheck this field to be able to install unsigned " -"packages. Disabling the GPG check is a security risk if packages are from " -"an untrusted source." +"For example, you might like to create a schedule for production servers, and " +"a different schedule for testing servers. In this case, you would specify " +"``SUMMARY: Production Servers`` on events for the production servers, and " +"``SUMMARY: Testing Servers`` on events for the testing servers." msgstr "" -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:59 +#. type: Target for macro image +#: modules/administration/pages/maintenance-windows.adoc:42 #, no-wrap -msgid "Procedure: Creating a Software Repository" +msgid "maint_windows_multi.png" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:61 +#: modules/administration/pages/maintenance-windows.adoc:43 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > " -"Repositories], and click btn:[Create Repository]." +"There are two types of schedule: single, or multi. If your calendar " +"contains events that apply to more than one schedule, then you must select " +"``multi``, and ensure you name the schedule according to the ``summary`` " +"field you used in the calendar file." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:62 -msgid "" -"On the [guimenu]``Create Repository`` page, give your repository a label " -"(for example, [systemitem]``my-tools-sles15sp1-x86_64-repo``)." +#. type: Block title +#: modules/administration/pages/maintenance-windows.adoc:44 +#, no-wrap +msgid "Procedure: Creating a Multi Schedule" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:64 +#: modules/administration/pages/maintenance-windows.adoc:46 msgid "" -"In the [guimenu]``Repository URL`` field, provide the path to the directory " -"that contains the [path]``repodata`` file (for example, " -"[systemitem]``file:///opt/mytools/``). You can use any valid addressing " -"protocol in this field." +"In the [guimenu]``Schedule Name`` section, type the name for your schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:65 -msgid "Uncheck the [guimenu]``Has Signed Metadata?`` check box." +#: modules/administration/pages/maintenance-windows.adoc:47 +msgid "Ensure it matches the ``summary`` field of the calendar." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:66 -msgid "" -"OPTIONAL: Complete the SSL fields if your repository requires client " -"certificate authentication." +#: modules/administration/pages/maintenance-windows.adoc:48 +#: modules/administration/pages/maintenance-windows.adoc:54 +msgid "Check the [guimenu]``Multi`` option." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:67 -msgid "Click btn:[Create Repository]." -msgstr "" - -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:70 -#, no-wrap -msgid "Procedure: Assigning the Repository to a Channel" +#: modules/administration/pages/maintenance-windows.adoc:51 +msgid "To create the next schedule, click btn:[Create]." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:72 +#: modules/administration/pages/maintenance-windows.adoc:52 msgid "" -"Assign your new repository to your custom channel by navigating to menu:" -"Software[Manage > Channels], clicking the name of your newly created custom " -"channel, and navigating to the [guimenu]``Repositories`` tab." +"In the [guimenu]``Schedule Name`` section, type the name for your second " +"schedule." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:73 -msgid "" -"Ensure the repository you want to assign to the channel is checked, and " -"click btn:[Update Repositories]." +#: modules/administration/pages/maintenance-windows.adoc:53 +msgid "Ensure it matches the ``summary`` field of the second calendar." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:75 -msgid "" -"Navigate to the [guimenu]``Sync`` tab and click btn:[Sync Now] to " -"synchronize immediately. You can also set an automated synchronization " -"schedule on this tab." +#: modules/administration/pages/maintenance-windows.adoc:56 +msgid "Repeat for each schedule you need to create." +msgstr "" + +#. type: Title == +#: modules/administration/pages/maintenance-windows.adoc:57 +#, no-wrap +msgid "Restricted and Unrestricted Actions" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:78 +#: modules/administration/pages/maintenance-windows.adoc:58 msgid "" -"There are several ways to check if a channel has finished synchronizing:" +"This sections contains a complete list of restricted and unrestricted " +"actions." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:81 +#: modules/administration/pages/maintenance-windows.adoc:59 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Setup Wizard] and " -"select the [guimenu]``Products`` tab. This dialog displays a completion bar " -"for each product when they are being synchronized." +"Restricted actions significantly modify the client, and could potentially " +"cause the client to stop running. Restricted actions can only be run during " +"a maintenance window. The restricted actions are:" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:84 +#: modules/administration/pages/maintenance-windows.adoc:60 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"then click the channel associated to the repository. Navigate to the menu:" -"[Repositories > Sync] tab. The [guimenu]``Sync Status`` is shown next to " -"the repository name.." +"Package operations (for example, installing, updating, or removing packages)" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:85 -msgid "Check the synchronization log file at the command prompt:" +#: modules/administration/pages/maintenance-windows.adoc:61 +msgid "Patch updates" msgstr "" -#. type: delimited block - -#: modules/administration/pages/custom-channels.adoc:88 -#, no-wrap -msgid "tail -f /var/log/rhn/reposync/.log\n" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:62 +msgid "Rebooting a client" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:92 -msgid "" -"Each child channel will generate its own log during the synchronization " -"progress. You will need to check all the base and child channel log files " -"to be sure that the synchronization is complete." +#: modules/administration/pages/maintenance-windows.adoc:63 +msgid "Rolling back transactions" msgstr "" -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:95 -#, no-wrap -msgid "Procedure: Adding Custom Channels to an Activation Key" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:64 +msgid "Configuration management changing tasks" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:97 -msgid "" -"In the {productname} {webui}, navigate to menu:Systems[Activation Keys], and " -"select the key you want to add the custom channel to." +#: modules/administration/pages/maintenance-windows.adoc:65 +msgid "Applying a highstate (for Salt clients)" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:99 -msgid "" -"On the [guiemnu]``Details`` tab, in the [guimenu]``Child Channels`` listing, " -"select the channel to associate. You can select multiple channels, if you " -"need to." +#: modules/administration/pages/maintenance-windows.adoc:66 +msgid "Autoinstallation and reinstallation" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:100 -msgid "Click btn:[Update Activation Key]." +#: modules/administration/pages/maintenance-windows.adoc:67 +msgid "Remote commands" msgstr "" -#. type: Title == -#: modules/administration/pages/custom-channels.adoc:103 -#, no-wrap -msgid "Add Packages and Patches to Custom Channels" +#. type: Plain text +#: modules/administration/pages/maintenance-windows.adoc:68 +msgid "Service pack migrations" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:107 +#: modules/administration/pages/maintenance-windows.adoc:69 +msgid "Cluster operations" +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/maintenance-windows.adoc:70 msgid "" -"When you create a new custom channel without cloning it from an existing " -"channel, it will not contain any packages or patches. You can add the " -"packages and patches you require using the {productname} {webui}." +"For Salt clients, it is possible to run remote commands directly at any time " +"by navigating to menu:Salt[Remote Commands]. This applies whether or not " +"the Salt client is in a maintenance window. For more information about " +"remote commands, see xref:administration:actions.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:110 +#: modules/administration/pages/maintenance-windows.adoc:71 msgid "" -"Custom channels can only include packages or patches that are cloned or " -"custom, and they must match the base architecture of the channel. Patches " -"added to custom channels must apply to a package that exists in the channel." +"Unrestricted actions are minor actions that are considered safe and are " +"unlikely to cause problems on the client. If an action is not restricted it " +"is, by definition, unrestricted, and can be be run at any time." msgstr "" -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:112 +#. type: Title = +#: modules/administration/pages/monitoring.adoc:1 #, no-wrap -msgid "Procedure: Adding Packages to Custom Channels" +msgid "Monitoring with Prometheus and Grafana" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:114 +#: modules/administration/pages/monitoring.adoc:2 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and go to the [guimenu]``Packages`` tab." +"You can monitor your {productname} environment using Prometheus and " +"Grafana. {productname} Server and Proxy are able to provide self-health " +"metrics. You can also install and manage a number of Prometheus exporters " +"on Salt clients." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:115 +#: modules/administration/pages/monitoring.adoc:3 msgid "" -"OPTIONAL: See all packages currently in the channel by navigating to the " -"[guimenu]``List/Remove`` tab." +"Prometheus and Grafana packages are included in the {productname} Client " +"Tools for:" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:116 -msgid "" -"Add new packages to the channel by navigating to the [guimenu]``Add`` tab." +#: modules/administration/pages/monitoring.adoc:4 +#: modules/administration/pages/monitoring.adoc:10 +msgid "{sle}{nbsp}12" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:117 -msgid "" -"Select the parent channel to provide packages, and click btn:[View Packages] " -"to populate the list." +#: modules/administration/pages/monitoring.adoc:5 +#: modules/administration/pages/monitoring.adoc:11 +msgid "{sle}{nbsp}15" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:118 -msgid "" -"Check the packages to add to the custom channel, and click btn:[Add " -"Packages]." +#: modules/administration/pages/monitoring.adoc:6 +msgid "{rhel}{nbsp} 6" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:119 -msgid "" -"When you are satisfied with the selection, click btn:[Confirm Addition] to " -"add the packages to the channel." +#: modules/administration/pages/monitoring.adoc:7 +msgid "{rhel}{nbsp} 7" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:121 -msgid "" -"OPTIONAL: You can compare the packages in the current channel with those in " -"a different channel by navigating to menu:Software[Manage > Channels], and " -"going to the menu:Packages[Compare] tab. To make the two channels the same, " -"click the btn:[Merge Differences] button, and resolve any conflicts." +#: modules/administration/pages/monitoring.adoc:8 +msgid "{rhel}{nbsp} 8" msgstr "" -#. type: Block title -#: modules/administration/pages/custom-channels.adoc:124 -#, no-wrap -msgid "Procedure: Adding Patches to a Custom Channel" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:9 +msgid "openSUSE 15.x" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:126 -msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and go to the [guimenu]``Patches`` tab." +#: modules/administration/pages/monitoring.adoc:12 +msgid "{centos}{nbsp} 6" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:127 -msgid "" -"OPTIONAL: See all patches currently in the channel by navigating to the " -"[guimenu]``List/Remove`` tab." +#: modules/administration/pages/monitoring.adoc:13 +msgid "{centos}{nbsp} 7" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:128 -msgid "" -"Add new patches to the channel by navigating to the [guimenu]``Add`` tab, " -"and selecting what kind of patches you want to add." +#: modules/administration/pages/monitoring.adoc:14 +msgid "{centos}{nbsp} 8" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:129 -msgid "" -"Select the parent channel to provide patches, and click btn:[View Associated " -"Patches] to populate the list." +#: modules/administration/pages/monitoring.adoc:15 +msgid "and openSUSE 15.x" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:130 +#: modules/administration/pages/monitoring.adoc:16 msgid "" -"Check the patches to add to the custom channel, and click btn:[Confirm]." +"You need to install Prometheus and Grafana on a machine separate from the " +"{productname} Server. We recommend you use a managed Salt client as your " +"monitoring server." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:131 +#: modules/administration/pages/monitoring.adoc:17 msgid "" -"When you are satisfied with the selection, click btn:[Confirm] to add the " -"patches to the channel." +"Prometheus fetches metrics using a pull mechanism, so the server must be " +"able to establish TCP connections to monitored clients. Clients must have " +"corresponding open ports and be reachable over the network. Alternatively, " +"you can use reverse proxies to establish a connection." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/monitoring.adoc:18 +msgid "" +"You must have a monitoring add-on subscription for each client you want to " +"monitor. Visit the {scc} to manage your {productname} subscriptions." msgstr "" #. type: Title == -#: modules/administration/pages/custom-channels.adoc:134 +#: modules/administration/pages/monitoring.adoc:19 #, no-wrap -msgid "Manage Custom Channels" +msgid "Prometheus and Grafana" +msgstr "" + +#. type: Block title +#: modules/administration/pages/monitoring.adoc:20 +#, no-wrap +msgid "Prometheus" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:137 +#: modules/administration/pages/monitoring.adoc:21 msgid "" -"{productname} administrators and channel administrators can alter or delete " -"any channel." +"Prometheus is an open-source monitoring tool that is used to record real-" +"time metrics in a time-series database. Metrics are pulled via HTTP, " +"enabling high performance and scalability." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:141 +#: modules/administration/pages/monitoring.adoc:22 msgid "" -"To grant other users rights to alter or delete a channel, navigate to menu:" -"Software[Manage > Channels] and select the channel you want to edit. " -"Navigate to the [guimenu]``Managers`` tab, and check the user to grant " -"permissions. Click btn:[Update] to save the changes." +"Prometheus metrics are time series data, or timestamped values belonging to " +"the same group or dimension. A metric is uniquely identified by its name " +"and set of labels." msgstr "" -#. type: delimited block = -#: modules/administration/pages/custom-channels.adoc:147 +#. TODO:: This should be an actual image. +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:23 +#, no-wrap msgid "" -"If you delete a channel that has been assigned to a set of clients, it will " -"trigger an immediate update of the channel state for any clients associated " -"with the deleted channel. This is to ensure that the changes are reflected " -"accurately in the repository file." +" metric name labels timestamp value\n" +"┌────────┴───────┐ ┌───────────┴───────────┐ ┌──────┴──────┐ ┌─┴─┐\n" +"http_requests_total{status=\"200\", method=\"GET\"} @1557331801.111 42236\n" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:153 +#: modules/administration/pages/monitoring.adoc:24 msgid "" -"You cannot delete {productname} channels with the {webui}. Only custom " -"channels can be deleted." +"Each application or system being monitored must expose metrics in the format " +"above, either through code instrumentation or Prometheus exporters." msgstr "" #. type: Block title -#: modules/administration/pages/custom-channels.adoc:156 +#: modules/administration/pages/monitoring.adoc:25 #, no-wrap -msgid "Procedure: Deleting Custom Channels" +msgid "Prometheus Exporters" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:158 +#: modules/administration/pages/monitoring.adoc:26 msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"and select the channel you want to delete." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:159 -msgid "Click btn:[Delete software channel]." +"Exporters are libraries that help with exporting metrics from third-party " +"systems as Prometheus metrics. Exporters are useful whenever it is not " +"feasible to instrument a given application or system with Prometheus metrics " +"directly. Multiple exporters can run on a monitored host to export local " +"metrics." msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:160 +#: modules/administration/pages/monitoring.adoc:27 msgid "" -"On the [guimenu]``Delete Channel`` page, check the details of the channel " -"you are deleting, and check the [guimenu]``Unsubscribe Systems`` checkbox to " -"remove the custom channel from any systems that might still be subscribed." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:161 -msgid "Click btn:[Delete Channel]." +"The Prometheus community provides a list of official exporters, and more can " +"be found as community contributions. For more information and an extensive " +"list of exporters, see https://prometheus.io/docs/instrumenting/exporters/." msgstr "" -#. type: Plain text -#: modules/administration/pages/custom-channels.adoc:164 -msgid "" -"When channels are deleted, the packages that are part of the deleted channel " -"are not automatically removed. You will not be able to update packages that " -"have had their channel deleted." +#. type: Block title +#: modules/administration/pages/monitoring.adoc:28 +#, no-wrap +msgid "Grafana" msgstr "" #. type: Plain text -#: modules/administration/pages/custom-channels.adoc:166 +#: modules/administration/pages/monitoring.adoc:29 msgid "" -"You can delete packages that are not associated with a channel in the " -"{productname} {webui}. Navigate to menu:Software[Manage > Packages], check " -"the packages to remove, and click btn:[Delete Packages]." -msgstr "" - -#. type: Title = -#: modules/administration/pages/image-management.adoc:2 -#, no-wrap -msgid "Image Building and Management" +"Grafana is a tool for data visualization, monitoring, and analysis. It is " +"used to create dashboards with panels representing specific metrics over a " +"set period of time. Grafana is commonly used together with Prometheus, but " +"also supports other data sources such as ElasticSearch, MySQL, PostgreSQL, " +"and Influx DB. For more information about Grafana, see https://grafana.com/" +"docs/." msgstr "" #. type: Title == -#: modules/administration/pages/image-management.adoc:7 +#: modules/administration/pages/monitoring.adoc:30 #, no-wrap -msgid "Image Building Overview" +msgid "Set up the Monitoring Server" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:11 +#: modules/administration/pages/monitoring.adoc:31 msgid "" -"{productname} enables system administrators to build containers and OS " -"Images and push the result in image stores. The workflow looks like this:" +"To set up your monitoring server, you need to install Prometheus and " +"Grafana, and configure them." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:13 -msgid "Define an image store" +#. type: Title === +#: modules/administration/pages/monitoring.adoc:32 +#, no-wrap +msgid "Install Prometheus" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:14 +#: modules/administration/pages/monitoring.adoc:33 msgid "" -"Define an image profile and associate it with a source (either a git " -"repository or a directory)" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/image-management.adoc:15 -msgid "Build the image" +"If your monitoring server is a {productname} Salt client, you can install " +"the Prometheus package using the {productname} {webui}. Otherwise you can " +"download and install the package on your monitoring server manually." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:16 -msgid "Push the image to the image store" +#. type: Block title +#: modules/administration/pages/monitoring.adoc:34 +#, no-wrap +msgid "Procedure: Installing Prometheus Using the {webui}" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:18 +#: modules/administration/pages/monitoring.adoc:35 msgid "" -"{productname} supports two distinct build types: dockerfile, and the Kiwi " -"image system." +"In the {productname} {webui}, open the details page of the system where " +"Prometheus is to be installed, and navigate to the [guimenu]``Formulas`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:23 +#: modules/administration/pages/monitoring.adoc:36 msgid "" -"The Kiwi build type is used to build system, virtual, and other images. The " -"image store for the Kiwi build type is pre-defined as a file system " -"directory at [path]``/srv/www/os-images`` on the server. {productname} " -"serves the image store over HTTPS from [literal]``///os-images/" -"``. The image store location is unique and is not customizable." +"Check the [guimenu]``Prometheus`` checkbox to enable monitoring formulas, " +"and click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:25 -msgid "" -"Images are always stored in [path]``/srv/www/os-image/``." -msgstr "" - -#. type: Title == -#: modules/administration/pages/image-management.adoc:29 -#, no-wrap -msgid "Container Images" -msgstr "" - -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:31 -#, no-wrap -msgid "image-building.png" -msgstr "" - -#. type: Title === -#: modules/administration/pages/image-management.adoc:36 -#: modules/administration/pages/image-management.adoc:396 -#, no-wrap -msgid "Requirements" +#: modules/administration/pages/monitoring.adoc:37 +msgid "Navigate to the ``Prometheus`` tab in the top menu." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:41 +#: modules/administration/pages/monitoring.adoc:38 msgid "" -"The containers feature is available for Salt clients running {sles} 12 or " -"later. Before you begin, ensure your environment meets these requirements:" +"In the ``{productname} Server`` section, enter valid {productname} API " +"credentials." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:44 +#: modules/administration/pages/monitoring.adoc:39 msgid "" -"A published git repository containing a dockerfile and configuration " -"scripts. The repository can be public or private, and should be hosted on " -"GitHub, GitLab, or BitBucket." +"Make sure that the credentials you have entered allow access to the set of " +"systems you want to monitor." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:45 -msgid "A properly configured image store, such as a Docker registry." +#: modules/administration/pages/monitoring.adoc:40 +#: modules/administration/pages/monitoring.adoc:68 +msgid "Customize any other configuration options according to your needs." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:51 -msgid "" -"If you require a private image registry you can use an open source solution " -"such as ``Portus``. For additional information on setting up Portus as a " -"registry provider, see the http://port.us.org/[Portus Documentation]." +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:41 +#: modules/administration/pages/monitoring.adoc:69 +#: modules/administration/pages/monitoring.adoc:129 +#: modules/administration/pages/monitoring.adoc:154 +msgid "Click btn:[Save Formula]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:55 -msgid "For more information on Containers or {caasp}, see:" +#: modules/administration/pages/monitoring.adoc:42 +#: modules/administration/pages/monitoring.adoc:70 +#: modules/administration/pages/monitoring.adoc:155 +msgid "Apply the highstate and confirm that it completes successfully." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:58 +#: modules/administration/pages/monitoring.adoc:43 msgid "" -"https://documentation.suse.com/sles/15-SP1/html/SLES-all/book-sles-docker." -"html" +"Check that the Prometheus interface loads correctly. In your browser, " +"navigate to the URL of the server where Prometheus is installed, on " +"port 9090 (for example, [literal]``http://example.com:9090``)." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:59 -msgid "https://documentation.suse.com/suse-caasp/4/" +#: modules/administration/pages/monitoring.adoc:44 +#: modules/administration/pages/monitoring.adoc:73 +#: modules/administration/pages/monitoring.adoc:133 +#: modules/administration/pages/monitoring.adoc:156 +msgid "" +"For more information about the monitoring formulas, see xref:salt:formula-" +"monitoring.adoc[]." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:63 -#: modules/administration/pages/image-management.adoc:425 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:45 #, no-wrap -msgid "Create a Build Host" +msgid "Procedure: Manually Installing and Configuring Prometheus" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:69 +#: modules/administration/pages/monitoring.adoc:46 msgid "" -"To build images with {productname}, you will need to create and configure a " -"build host. Container build hosts are Salt clients running {sle} 12 or " -"later. This section guides you through the initial configuration for a " -"build host." +"On the monitoring server, install the [package]``golang-github-prometheus-" +"prometheus`` package:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:47 +#, no-wrap +msgid "zypper in golang-github-prometheus-prometheus\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:71 -msgid "" -"From the {productname} {webui}, perform these steps to configure a build " -"host:" +#: modules/administration/pages/monitoring.adoc:48 +msgid "Enable the Prometheus service:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:49 +#, no-wrap +msgid "systemctl enable --now prometheus\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:74 -msgid "" -"Select a Salt client to be designated as a build host from the menu:" -"Systems[Overview] page." +#: modules/administration/pages/monitoring.adoc:50 +msgid "Check that the Prometheus interface loads correctly." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:77 +#: modules/administration/pages/monitoring.adoc:51 msgid "" -"From the [guimenu]``System Details`` page of the selected client assign the " -"containers modules. Go to menu:Software[Software Channels] and enable the " -"containers module (for example, [guimenu]``SLE-Module-Containers15-Pool`` " -"and [guimenu]``SLE-Module-Containers15-Updates``). Confirm by clicking btn:" -"[Change Subscriptions]." +"In your browser, navigate to the URL of the server where Prometheus is " +"installed, on port 9090 (for example, [literal]``http://example.com:9090``)." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:78 +#: modules/administration/pages/monitoring.adoc:52 msgid "" -"From the menu:System Details[Properties] page, enable ``Container Build " -"Host`` from the [guimenu]``Add-on System Types`` list and confirm by " -"clicking btn:[Update Properties]." +"Open the configuration file at [path]``/etc/prometheus/prometheus.yml`` and " +"add this configuration information." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:81 +#: modules/administration/pages/monitoring.adoc:53 msgid "" -"Install all required packages by applying ``Highstate``. From the system " -"details page select menu:States[Highstate] and click [guimenu]``Apply " -"Highstate``. Alternatively, apply Highstate from the {productname} Server " -"command line:" +"Replace `server.url` with your {productname} server URL and adjust " +"`username` and `password` fields to match your {productname} credentials." msgstr "" #. type: delimited block - -#: modules/administration/pages/image-management.adoc:84 -#: modules/administration/pages/image-management.adoc:462 +#: modules/administration/pages/monitoring.adoc:54 #, no-wrap -msgid "salt '$your_client' state.highstate\n" +msgid "" +"# {productname} self-health metrics\n" +"scrape_configs:\n" +"- job_name: 'mgr-server'\n" +" static_configs:\n" +" - targets:\n" +" - 'server.url:9100' # Node exporter\n" +" - 'server.url:9187' # PostgreSQL exporter\n" +" - 'server.url:5556' # JMX exporter (Tomcat)\n" +" - 'server.url:5557' # JMX exporter (Taskomatic)\n" +" - 'server.url:9800' # Taskomatic\n" +" - targets:\n" +" - 'server.url:80' # Message queue\n" +" labels:\n" +" __metrics_path__: /rhn/metrics\n" msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:89 +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:55 #, no-wrap -msgid "Create an Activation Key for Containers" +msgid "" +"# Managed systems metrics:\n" +"- job_name: 'mgr-clients'\n" +" uyuni_sd_configs:\n" +" - host: \"http://server.url\"\n" +" username: \"admin\"\n" +" password: \"admin\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:93 -msgid "" -"The containers built using {productname} will use channel(s) associated to " -"the activation key as repositories when building the image. This section " -"will guide you into creating an ad-hoc activation key for this purpose." +#: modules/administration/pages/monitoring.adoc:56 +msgid "Save the configuration file." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:97 -msgid "" -"To build a container, you will need an activation key that is associated " -"with a channel other than `SUSE Manager Default`." +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:57 +msgid "Restart the Prometheus service:" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:99 -#: modules/administration/pages/image-management.adoc:521 +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:58 #, no-wrap -msgid "systems_create_activation_key.png" +msgid "systemctl restart prometheus\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:102 -msgid "Select menu:Systems[Activation Keys]." +#: modules/administration/pages/monitoring.adoc:59 +msgid "" +"For more information about the Prometheus configuration options, see the " +"official Prometheus documentation at https://prometheus.io/docs/prometheus/" +"latest/configuration/configuration/" msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:103 -msgid "Click btn:[Create Key]." +#. type: Title === +#: modules/administration/pages/monitoring.adoc:60 +#, no-wrap +msgid "Install Grafana" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:105 +#: modules/administration/pages/monitoring.adoc:61 msgid "" -"Enter a [guimenu]``Description`` and a [guimenu]``Key`` name. Use the drop-" -"down menu to select the [guimenu]``Base Channel`` to associate with this key." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:106 -#: modules/administration/pages/image-management.adoc:527 -msgid "Confirm with btn:[Create Activation Key]." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:108 -#: modules/administration/pages/image-management.adoc:529 -msgid "For more information, see <>." +"If your monitoring server is a {productname} Salt client, you can install " +"the Grafana package using the {productname} {webui}. Otherwise you can " +"download and install the package on your monitoring server manually." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:112 -#: modules/administration/pages/image-management.adoc:533 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:62 #, no-wrap -msgid "Create an Image Store" +msgid "Procedure: Installing Grafana Using the {webui}" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:117 +#: modules/administration/pages/monitoring.adoc:63 msgid "" -"All built images are pushed to an image store. This section contains " -"information about creating an image store." +"In the {productname} {webui}, open the details page of the system where " +"Grafana is to be installed, and navigate to the [guimenu]``Formulas`` tab." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:118 -#, no-wrap -msgid "images_image_stores.png" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:64 +msgid "" +"Check the [guimenu]``Grafana`` checkbox to enable monitoring formulas, and " +"click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:121 -msgid "Select menu:Images[Stores]." +#: modules/administration/pages/monitoring.adoc:65 +msgid "Navigate to the ``Grafana`` tab in the top menu." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:122 -msgid "Click [guimenu]``Create`` to create a new store." +#: modules/administration/pages/monitoring.adoc:66 +msgid "" +"In the ``Enable and configure Grafana`` section, enter the admin credentials " +"you want to use to log in Grafana." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:124 -#, no-wrap -msgid "images_image_stores_create.png" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:67 +msgid "" +"On the ``Datasources`` section, make sure that the Prometheus URL field " +"points to the system where Prometheus is running." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:127 -msgid "Define a name for the image store in the [guimenu]``Label`` field." +#: modules/administration/pages/monitoring.adoc:71 +msgid "" +"Check that the Grafana interface is loading correctly. In your browser, " +"navigate to the URL of the server where Grafana is installed, on port 3000 " +"(for example, [literal]``http://example.com:3000``)." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:128 +#. type: delimited block = +#: modules/administration/pages/monitoring.adoc:72 msgid "" -"Provide the path to your image registry by filling in the [guimenu]``URI`` " -"field, as a fully qualified domain name (FQDN) for the container registry " -"host (whether internal or external)." +"{productname} provides pre-built dashboards for server self-health, basic " +"client monitoring, and more. You can choose which dashboards to provision " +"in the formula configuration page." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:132 +#. type: Block title +#: modules/administration/pages/monitoring.adoc:74 #, no-wrap -msgid "registry.example.com\n" +msgid "Procedure: Manually Installing Grafana" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:136 -msgid "" -"The Registry URI can also be used to specify an image store on a registry " -"that is already in use." +#: modules/administration/pages/monitoring.adoc:75 +msgid "Install the [package]``grafana`` package:" msgstr "" #. type: delimited block - -#: modules/administration/pages/image-management.adoc:140 +#: modules/administration/pages/monitoring.adoc:76 #, no-wrap -msgid "registry.example.com:5000/myregistry/myproject\n" +msgid "zypper in grafana\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:143 -msgid "Click btn:[Create] to add the new image store." +#: modules/administration/pages/monitoring.adoc:77 +msgid "Enable the Grafana service:" msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:147 -#: modules/administration/pages/image-management.adoc:550 +#. type: delimited block - +#: modules/administration/pages/monitoring.adoc:78 #, no-wrap -msgid "Create an Image Profile" +msgid "systemctl enable --now grafana-server\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:152 +#: modules/administration/pages/monitoring.adoc:79 +msgid "Check that the Grafana interface is loading correctly." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:80 msgid "" -"All container images are built using an image profile, which contains the " -"building instructions. This section contains information about creating an " -"image profile with the {productname} {webui}." +"In your browser, navigate to the URL of the server where Grafana is " +"installed, on port 3000 (for example, [literal]``http://example.com:3000``)." msgstr "" #. type: Target for macro image -#: modules/administration/pages/image-management.adoc:153 -#: modules/administration/pages/image-management.adoc:555 +#: modules/administration/pages/monitoring.adoc:81 #, no-wrap -msgid "images_image_profiles.png" +msgid "monitoring_grafana_example.png" msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:155 -#: modules/administration/pages/image-management.adoc:557 +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:82 +msgid "" +"For more information on how to manually install and configure Grafana, see " +"https://grafana.com/docs." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:83 +msgid "" +"For more information about the monitoring formulas with forms, see xref:salt:" +"formula-monitoring.adoc[]." +msgstr "" + +#. type: Title == +#: modules/administration/pages/monitoring.adoc:84 #, no-wrap -msgid "Procedure: Create an Image Profile" +msgid "Configure {productname} Monitoring" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:157 +#: modules/administration/pages/monitoring.adoc:85 msgid "" -"To create an image profile select menu:Images[Profiles] and click btn:" -"[Create]." +"With {productname}{nbsp}4 and higher, you can enable the server to expose " +"Prometheus self-health metrics, and also install and configure exporters on " +"client systems." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:159 +#. type: Title === +#: modules/administration/pages/monitoring.adoc:86 #, no-wrap -msgid "images_image_create_profile.png" +msgid "Server Self Monitoring" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:162 +#: modules/administration/pages/monitoring.adoc:87 msgid "" -"Provide a name for the image profile by filling in the [guimenu]``Label`` " -"field." +"The Server self-health metrics cover hardware, operating system and " +"{productname} internals. These metrics are made available by " +"instrumentation of the Java application, combined with Prometheus exporters." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:88 +msgid "These exporter packages are shipped with {productname} Server:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:167 -msgid "" -"If your container image tag is in a format such as `myproject/myimage`, make " -"sure your image store registry URI contains the `/myproject` suffix." +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:89 +#: modules/administration/pages/monitoring.adoc:98 +#: modules/administration/pages/monitoring.adoc:115 +msgid "Node exporter: [systemitem]``golang-github-prometheus-node_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:170 -msgid "Use a dockerfile as the `Image Type`." +#: modules/administration/pages/monitoring.adoc:90 +#: modules/administration/pages/monitoring.adoc:99 +#: modules/administration/pages/monitoring.adoc:116 +msgid "See https://github.com/prometheus/node_exporter." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:172 +#: modules/administration/pages/monitoring.adoc:91 +#: modules/administration/pages/monitoring.adoc:117 msgid "" -"Use the drop-down menu to select your registry from the `Target Image Store` " -"field." +"PostgreSQL exporter: [systemitem]``golang-github-wrouesnel-" +"postgres_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:176 -msgid "" -"In the [guimenu]``Path`` field, type a GitHub, GitLab or BitBucket " -"repository URL. The URL should be be http, https, or a token authentication " -"URL. Use one of these formats:" +#: modules/administration/pages/monitoring.adoc:92 +#: modules/administration/pages/monitoring.adoc:118 +msgid "See https://github.com/wrouesnel/postgres_exporter." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:177 -#, no-wrap -msgid "GitHub Path Options" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:93 +msgid "JMX exporter: [systemitem]``prometheus-jmx_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:179 -msgid "GitHub single user project repository" +#: modules/administration/pages/monitoring.adoc:94 +msgid "See https://github.com/prometheus/jmx_exporter." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:182 -#, no-wrap -msgid "https://github.com/USER/project.git#branchname:folder\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:95 +#: modules/administration/pages/monitoring.adoc:119 +msgid "" +"Apache exporter: [systemitem]``golang-github-lusitaniae-apache_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:185 -msgid "GitHub organization project repository" +#: modules/administration/pages/monitoring.adoc:96 +#: modules/administration/pages/monitoring.adoc:120 +msgid "See https://github.com/Lusitaniae/apache_exporter." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:188 -#, no-wrap -msgid "https://github.com/ORG/project.git#branchname:folder\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:97 +msgid "These exporter packages are shipped with {productname} Proxy:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:191 -msgid "GitHub token authentication" +#: modules/administration/pages/monitoring.adoc:100 +msgid "Squid exporter: [systemitem]``golang-github-boynux-squid_exporter``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:195 -msgid "" -"If your git repository is private, modify the profile's URL to include " -"authentication. Use this URL format to authenticate with a GitHub token:" +#: modules/administration/pages/monitoring.adoc:101 +msgid "See https://github.com/boynux/squid-exporter." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:199 -#, no-wrap -msgid "https://USER:@github.com/USER/project.git#master:/container/\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:102 +msgid "" +"The exporter packages are pre-installed in {productname} Server and Proxy, " +"but their respective systemd daemons are disabled by default." msgstr "" #. type: Block title -#: modules/administration/pages/image-management.adoc:201 +#: modules/administration/pages/monitoring.adoc:103 #, no-wrap -msgid "GitLab Path Options" +msgid "Procedure: Enabling Self Monitoring" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:203 -msgid "GitLab single user project repository" +#: modules/administration/pages/monitoring.adoc:104 +msgid "" +"In the {productname} {webui}, navigate to menu:Admin[Manager Configuration > " +"Monitoring]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:207 -#, no-wrap -msgid "https://gitlab.example.com/USER/project.git#master:/container/\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:105 +msgid "Click btn:[Enable services]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:210 -msgid "GitLab groups project repository" +#: modules/administration/pages/monitoring.adoc:106 +msgid "Restart Tomcat and Taskomatic." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:214 -#, no-wrap -msgid "https://gitlab.example.com/GROUP/project.git#master:/container/\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:107 +msgid "" +"Navigate to the URL of your Prometheus server, on port 9090 (for example, " +"[literal]``http://example.com:9090``)" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:217 -msgid "GitLab token authentication" +#: modules/administration/pages/monitoring.adoc:108 +msgid "" +"In the Prometheus UI, navigate to menu:[Status > Targets] and confirm that " +"all the endpoints on the ``mgr-server`` group are up." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:221 +#: modules/administration/pages/monitoring.adoc:109 msgid "" -"If your git repository is private and not publicly accessible, you need to " -"modify the profile's git URL to include authentication. Use this URL format " -"to authenticate with a GitLab token:" +"If you have also installed Grafana with the {webui}, the server insights " +"will be visible on the {productname} Server dashboard." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:225 +#. type: Target for macro image +#: modules/administration/pages/monitoring.adoc:110 #, no-wrap -msgid "https://gitlab-ci-token:@gitlab.example.com/USER/project.git#master:/container/\n" +msgid "monitoring_enable_services.png" msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:232 +#: modules/administration/pages/monitoring.adoc:111 msgid "" -"If you do not specify a git branch, the `master` branch will be used by " -"default. If a `folder` is not specified, the image sources (dockerfile " -"sources) are expected to be in the root directory of the GitHub or GitLab " -"checkout." +"Only server self-health monitoring can be enabled using the {webui}. " +"Metrics for a proxy are not automatically collected by Prometheus. To " +"enable self-health monitoring on a proxy, you will need to manually install " +"exporters and enable them." +msgstr "" + +#. type: Title === +#: modules/administration/pages/monitoring.adoc:112 +#, no-wrap +msgid "Monitoring Managed Systems" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:236 +#: modules/administration/pages/monitoring.adoc:113 msgid "" -"Select an `Activation Key`. Activation keys ensure that images using a " -"profile are assigned to the correct channel and packages." +"Prometheus metrics exporters can be installed and configured on Salt clients " +"using formulas. The packages are available from the {productname} client " +"tools channels, and can be enabled and configured directly in the " +"{productname} {webui}." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:241 -msgid "" -"When you associate an activation key with an image profile you are ensuring " -"any image using the profile will use the correct software channel and any " -"packages in the channel." +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:114 +msgid "These exporters can be installed on managed systems:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:244 -msgid "Click the btn:[Create] button." +#: modules/administration/pages/monitoring.adoc:121 +msgid "" +"When you have the exporters installed and configured, you can start using " +"Prometheus to collect metrics from monitored systems. If you have " +"configured your monitoring server with the {webui}, metrics collection will " +"happen automatically." msgstr "" #. type: Block title -#: modules/administration/pages/image-management.adoc:248 +#: modules/administration/pages/monitoring.adoc:122 #, no-wrap -msgid "Example Dockerfile Sources" +msgid "Procedure: Configuring Prometheus Exporters on a Client" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:252 +#: modules/administration/pages/monitoring.adoc:123 msgid "" -"An Image Profile that can be reused is published at https://github.com/SUSE/" -"manager-build-profiles" +"In the {productname} {webui}, open the details page of the client to be " +"monitored, and navigate to the menu:Formulas tab." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:257 +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:124 msgid "" -"The [option]``ARG`` parameters ensure that the built image is associated " -"with the desired repository served by {productname}. The [option]``ARG`` " -"parameters also allow you to build image versions of {sles} which may differ " -"from the version of {sles} used by the build host itself." +"Check the [guimenu]``Enabled`` checkbox on the ``Prometheus Exporters`` " +"formula." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:259 -msgid "" -"For example: The [command]``ARG repo`` parameter and the [command]``echo`` " -"command pointing to the repository file, creates and then injects the " -"correct path into the repository file for the desired channel version." +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:126 +msgid "Navigate to the menu:Formulas[Prometheus Exporters] tab." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:261 +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:127 msgid "" -"The repository is determined by the activation key that you assigned to your " -"image profile." +"Select the exporters you want to enable and customize arguments according to " +"your needs." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:268 +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:128 msgid "" -"The [package]#python# and [package]#python-xml# packages must be installed " -"in the container. They are required for inspecting images, and for " -"providing the package and product list of a container to the {productname} " -"{webui}. If you do not install them, images will still build but the " -"package and product list will not available in the {webui}." +"The [guimenu]``Address`` field accepts either a port number preceded by a " +"colon (``:9100``), or a fully resolvable address (``example:9100``)." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:273 -#, no-wrap -msgid "" -"FROM registry.example.com/sles12sp2\n" -"MAINTAINER Tux Administrator \"tux@example.com\"\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:130 +msgid "Apply the highstate." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:275 +#. type: Target for macro image +#: modules/administration/pages/monitoring.adoc:131 #, no-wrap -msgid "### Begin: These lines Required for use with {productname}\n" +msgid "monitoring_configure_formula.png" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:278 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/monitoring.adoc:132 msgid "" -"ARG repo\n" -"ARG cert\n" +"Monitoring formulas can also be configured for System Groups, by applying " +"the same configuration used for individual systems inside the corresponding " +"group." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:281 +#. type: Title == +#: modules/administration/pages/monitoring.adoc:134 #, no-wrap -msgid "" -"# Add the correct certificate\n" -"RUN echo \"$cert\" > /etc/pki/trust/anchors/RHN-ORG-TRUSTED-SSL-CERT.pem\n" +msgid "Network Boundaries" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:284 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:135 msgid "" -"# Update certificate trust store\n" -"RUN update-ca-certificates\n" +"Prometheus fetches metrics using a pull mechanism, so the server must be " +"able to establish TCP connections to monitored clients. By default, " +"Prometheus uses these ports:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:287 -#, no-wrap -msgid "" -"# Add the repository path to the image\n" -"RUN echo \"$repo\" > /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:136 +msgid "Node exporter: 9100" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:289 -#, no-wrap -msgid "### End: These lines required for use with {productname}\n" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:137 +msgid "PostgreSQL exporter: 9187" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:292 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:138 +msgid "Apache exporter: 9117" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:139 msgid "" -"# Add the package script\n" -"ADD add_packages.sh /root/add_packages.sh\n" +"Additionally, if you are running the alert manager on a different host than " +"where you run Prometheus, you will also need to open port 9093." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:295 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:140 msgid "" -"# Run the package script\n" -"RUN /root/add_packages.sh\n" +"For clients installed on cloud instances, you can add the required ports to " +"a security group that has access to the monitoring server." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:298 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:141 msgid "" -"# After building remove the repository path from image\n" -"RUN rm -f /etc/zypp/repos.d/susemanager:dockerbuild.repo\n" +"Alternatively, you can deploy a Prometheus instance in the exporters' local " +"network, and configure federation. This allows the main monitoring server " +"to scrape the time series from the local Prometheus instance. If you use " +"this method, you only need to open the Prometheus API port, which is 9090." msgstr "" -#. TODO: Replace the "custom-system-info" link -#. type: Block title -#: modules/administration/pages/image-management.adoc:301 -#, no-wrap -msgid "Using Custom Info Key-value Pairs as Docker Buildargs" +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:142 +msgid "" +"For more information on Prometheus federation, see https://prometheus.io/" +"docs/prometheus/latest/federation/." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:304 +#: modules/administration/pages/monitoring.adoc:143 msgid "" -"You can assign custom info key-value pairs to attach information to the " -"image profiles. Additionally, these key-value pairs are passed to the " -"Docker build command as `buildargs`." +"You can also proxy requests through the network boundary. Tools like " +"PushProx deploy a proxy and a client on both sides of the network barrier " +"and allow Prometheus to work across network topologies such as NAT." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:306 +#: modules/administration/pages/monitoring.adoc:144 msgid "" -"For more information about the available custom info keys and creating " -"additional ones, see xref:reference:systems/custom-system-info.adoc[]." +"For more information on PushProx, see https://github.com/RobustPerception/" +"PushProx." msgstr "" #. type: Title === -#: modules/administration/pages/image-management.adoc:309 -#: modules/administration/pages/image-management.adoc:701 +#: modules/administration/pages/monitoring.adoc:145 #, no-wrap -msgid "Build an Image" +msgid "Reverse Proxy Setup" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:314 +#: modules/administration/pages/monitoring.adoc:146 msgid "" -"There are two ways to build an image. You can select menu:Images[Build] " -"from the left navigation bar, or click the build icon in the menu:" -"Images[Profiles] list." -msgstr "" - -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:315 -#: modules/administration/pages/image-management.adoc:708 -#, no-wrap -msgid "images_image_build.png" +"Prometheus fetches metrics using a pull mechanism, so the server must be " +"able to establish TCP connections to each exporter on the monitored " +"clients. To simplify your firewall configuration, you can use reverse proxy " +"for your exporters to expose all metrics on a single port." msgstr "" +#. Probably a diagram here. --LKB 2020-08-11 #. type: Block title -#: modules/administration/pages/image-management.adoc:317 -#: modules/administration/pages/image-management.adoc:710 +#: modules/administration/pages/monitoring.adoc:147 #, no-wrap -msgid "Procedure: Building an Image" +msgid "Procedure: Installing Prometheus Exporters with Reverse Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:319 -#: modules/administration/pages/image-management.adoc:712 -msgid "Select menu:Images[Build]." +#: modules/administration/pages/monitoring.adoc:148 +msgid "" +"In the {productname} {webui}, open the details page of the system to be " +"monitored, and navigate to the [guimenu]``Formulas`` tab." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:320 +#: modules/administration/pages/monitoring.adoc:149 msgid "" -"Add a different tag name if you want a version other than the default " -"``latest`` (only relevant to containers)." +"Check the [guimenu]``Prometheus Exporters`` checkbox to enable the exporters " +"formula, and click btn:[Save]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:321 -msgid "Select [guimenu]``Build Profile`` and [guimenu]``Build Host``." +#: modules/administration/pages/monitoring.adoc:150 +msgid "Navigate to the ``Prometheus Exporters`` tab in the top menu." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:327 +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:151 msgid "" -"Notice the [guimenu]``Profile Summary`` to the right of the build fields. " -"When you have selected a build profile, detailed information about the " -"selected profile will be displayed in this area." +"Check the [guimenu]``Enable reverse proxy`` option, and enter a valid " +"reverse proxy port number." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:330 -msgid "To schedule a build click the btn:[Build] button." +#: modules/administration/pages/monitoring.adoc:152 +msgid "For example, ``9999``." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:334 +#. type: Plain text +#: modules/administration/pages/monitoring.adoc:153 +msgid "Customize the other exporters according to your needs." +msgstr "" + +#. type: Title = +#: modules/administration/pages/organizations.adoc:1 #, no-wrap -msgid "Import an Image" +msgid "Organizations" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:341 +#: modules/administration/pages/organizations.adoc:2 msgid "" -"You can import and inspect arbitrary images. Select menu:Images[Image List] " -"from the left navigation bar. Complete the text boxes of the " -"[guimenu]``Import`` dialog. When it has processed, the imported image will " -"be listed on the [guimenu]``Image List`` page." +"Organizations are used to manage user access and permissions within " +"{productname}." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:342 -#, no-wrap -msgid "Procedure: Importing an Image" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:3 +msgid "" +"For most environments, a single organization is enough. However, more " +"complicated environments might need several organizations. You might like " +"to have an organization for each physical location within your business, or " +"for different business functions." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:344 +#: modules/administration/pages/organizations.adoc:4 msgid "" -"From menu:Images[Image list] click btn:[Import] to open the " -"[guimenu]``Import Image`` dialog." +"When you have created your organizations, you can create and assign users to " +"your organizations. You can then assign permissions on an organization " +"level, which applies by default to every user assigned to the organization." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:345 -msgid "In the [guimenu]``Import Image`` dialog complete these fields:" +#: modules/administration/pages/organizations.adoc:5 +msgid "" +"You can also configure authentication methods for your new organization, " +"including PAM and single sign-on. For more information about " +"authentication, see xref:administration:auth-methods.adoc[]." msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:347 +#. type: Block title +#: modules/administration/pages/organizations.adoc:7 #, no-wrap -msgid "Image store:" +msgid "Procedure: Creating a New Organization" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:349 -msgid "The registry from where the image will be pulled for inspection." -msgstr "" - -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:350 -#, no-wrap -msgid "Image name:" +#: modules/administration/pages/organizations.adoc:8 +msgid "" +"In the {productname} {webui}, navigate to menu:Admin[Organizations], and " +"click btn:[Create Organization]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:352 -msgid "The name of the image in the registry." +#: modules/administration/pages/organizations.adoc:9 +msgid "In the [guimenu]``Create Organization`` dialog, complete these fields:" msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:353 -#, no-wrap -msgid "Image version:" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:10 +msgid "" +"In the [guimenu]``Organization Name`` field, type a name for your new " +"organization." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:355 -msgid "The version of the image in the registry." +#: modules/administration/pages/organizations.adoc:11 +msgid "The name should be between 3 and 128 characters long." msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:356 -#, no-wrap -msgid "Build host:" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:12 +msgid "" +"In the [guimenu]``Desired Login`` field, type the login name you want to use " +"for the organization's administrator." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:358 -msgid "The build host that will pull and inspect the image." +#: modules/administration/pages/organizations.adoc:13 +msgid "" +"This must be a new administrator account, you will not be able to use an " +"existing administrator account to sign in to the new organization, including " +"the one you are currently signed in with." msgstr "" -#. type: Labeled list -#: modules/administration/pages/image-management.adoc:359 -#, no-wrap -msgid "Activation key:" +#. type: Plain text +#: modules/administration/pages/organizations.adoc:14 +msgid "" +"In the [guimenu]``Desired Password`` field, type a password for the new " +"organization's administrator." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:361 +#: modules/administration/pages/organizations.adoc:15 msgid "" -"The activation key that provides the path to the software channel that the " -"image will be inspected with." +"Confirm the password by typing it again in the [guimenu]``Confirm Password`` " +"field. Password strength is indicated by the colored bar beneath the " +"password fields." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:363 -msgid "For confirmation, click btn:[Import]." +#: modules/administration/pages/organizations.adoc:16 +msgid "" +"In the [guimenu]``Email`` field, type an email address for the new " +"organization's administrator." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:365 +#: modules/administration/pages/organizations.adoc:17 msgid "" -"The entry for the image is created in the database, and an ``Inspect Image`` " -"action on {productname} is scheduled." +"In the [guimenu]``First Name`` field, select a salutation, and type a given " +"name for the new organization's administrator." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:369 +#: modules/administration/pages/organizations.adoc:18 msgid "" -"When it has been processed, you can find the imported image in the ``Image " -"List``. It has a different icon in the ``Build`` column, to indicate that " -"the image is imported. The status icon for the imported image can also be " -"seen on the ``Overview`` tab for the image." +"In the [guimenu]``Last Name`` field, type a surname for the new " +"organization's administrator." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:377 -msgid "These are some known problems when working with images:" +#: modules/administration/pages/organizations.adoc:19 +msgid "Click btn:[Create Organization]." +msgstr "" + +#. type: Title == +#: modules/administration/pages/organizations.adoc:20 +#, no-wrap +msgid "Manage Organizations" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:379 +#: modules/administration/pages/organizations.adoc:21 msgid "" -"HTTPS certificates to access the registry or the git repositories should be " -"deployed to the client by a custom state file." +"In the {productname} {webui}, navigate to menu:Admin[Organizations] to see a " +"list of available organizations. Click the name of an organization to " +"manage it." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:380 -msgid "SSH git access using Docker is currently unsupported." +#: modules/administration/pages/organizations.adoc:22 +msgid "" +"From the menu:Admin[Organizations] section, you can access tabs to manage " +"users, trusts, configuration, and states for your organization." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:382 +#. type: delimited block = +#: modules/administration/pages/organizations.adoc:23 msgid "" -"If the [package]#python# and [package]#python-xml# packages are not " -"installed in your images during the build process, reporting of installed " -"packages or products will fail. This will result in an ``unknown`` update " -"status." +"Organizations can only be managed by their administrators. To manage an " +"organization, ensure you are signed in as the correct administrator for the " +"organization you want to change." msgstr "" -#. type: Title == -#: modules/administration/pages/image-management.adoc:386 +#. type: Title === +#: modules/administration/pages/organizations.adoc:24 #, no-wrap -msgid "OS Images" +msgid "Organization Users" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:390 +#: modules/administration/pages/organizations.adoc:25 msgid "" -"OS Images are built by the Kiwi image system. The output image is " -"customizable and can be PXE, QCOW2, LiveCD, or other types of images." +"Navigate to the [guimenu]``Users`` tab to view the list of all users " +"associated with the organization, and their role. Clicking a username takes " +"you to the [guimenu]``Users`` menu to add, change, or delete users." +msgstr "" + +#. type: Title === +#: modules/administration/pages/organizations.adoc:26 +#, no-wrap +msgid "Trusted Organizations" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:392 +#: modules/administration/pages/organizations.adoc:27 msgid "" -"For more information about the Kiwi build system, see the https://doc." -"opensuse.org/projects/kiwi/doc/[Kiwi documentation]." +"Navigate to the [guimenu]``Trusts`` tab to add or remove trusted " +"organizations. Establishing trust between organizations allow them to share " +"content between them, and gives you the ability to migrate clients from one " +"organization to another." +msgstr "" + +#. type: Title === +#: modules/administration/pages/organizations.adoc:28 +#, no-wrap +msgid "Configure Organizations" msgstr "" -#. SLE15 images support is not yet released for SUMA4, will be part of SUMA4.0.4 as tech preview -#. From {sles}{nbsp}15, ``kiwi-ng`` is used instead of the legacy Kiwi. #. type: Plain text -#: modules/administration/pages/image-management.adoc:401 +#: modules/administration/pages/organizations.adoc:29 msgid "" -"The Kiwi image building feature is available for Salt clients running {sles}" -"{nbsp}12 and {sles}{nbsp}11." +"Navigate to the [guimenu]``Configuration`` tab to manage the configuration " +"of your organization. This includes the use of staged contents, setting up " +"crash reporting, and the use of SCAP files." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:403 +#: modules/administration/pages/organizations.adoc:30 msgid "" -"Kiwi image configuration files and configuration scripts must be accessible " -"in one of these locations:" +"For more information about content staging, see xref:administration:content-" +"staging.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:405 -msgid "Git repository" +#: modules/administration/pages/organizations.adoc:31 +msgid "" +"For more information about OpenSCAP, see xref:reference:audit/audit-openscap-" +"overview.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:406 -msgid "HTTP hosted tarball" +#. type: Title == +#: modules/administration/pages/organizations.adoc:32 +#, no-wrap +msgid "Manage States" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:407 -msgid "Local build host directory" +#: modules/administration/pages/organizations.adoc:33 +msgid "" +"Navigate to the [guimenu]``States`` tab to manage Salt states for all " +"clients in your organization. States allow you to define global security " +"policies, or add a common admin user to all clients." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:409 +#: modules/administration/pages/organizations.adoc:34 msgid "" -"For an example of a complete Kiwi repository served by git, see https://" -"github.com/SUSE/manager-build-profiles/tree/master/OSImage" +"For more information about Salt States, see xref:salt:salt-states.adoc[]." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:415 -msgid "" -"You will need at least 1{nbsp}GB of RAM available for Hosts running OS " -"Images built with Kiwi. Disk space depends on the actual size of the " -"image. For more information, see the documentation of the underlying system." +#. type: Title === +#: modules/administration/pages/organizations.adoc:35 +#, no-wrap +msgid "Manage Configuration Channels" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:421 +#. type: Plain text +#: modules/administration/pages/organizations.adoc:36 msgid "" -"The build host must be a Salt client. Do not install the build host as a " -"traditional client." +"You can select which configuration channels should be applied across your " +"organization. Configuration channels can be created in the {productname} " +"{webui} by navigating to menu:Configuration[Channels]. Apply configuration " +"channels to your organization using the {productname} {webui}." +msgstr "" + +#. type: Block title +#: modules/administration/pages/organizations.adoc:37 +#, no-wrap +msgid "Procedure: Applying Configuration Channels to an Organization" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:430 +#: modules/administration/pages/organizations.adoc:38 msgid "" -"To build all kinds of images with {productname}, create and configure a " -"build host. OS Image build hosts are Salt clients running on {sles}{nbsp}15 " -"SP2, {sles}{nbsp}12 (SP3 or later) or {sles}{nbsp}11 SP4." +"In the {productname} {webui}, navigate to menu:Home[My Organization > " +"Configuration Channels]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:432 -msgid "" -"This procedure will guide you through the initial configuration for a build " -"host." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:436 -msgid "" -"The operating system on the build host must match the operating system on " -"the targeted image." +#: modules/administration/pages/organizations.adoc:39 +msgid "Use the search feature to locate a channel by name." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:440 -msgid "" -"For example, build {sles}{nbsp}15 based images on a build host running {sles}" -"{nbsp}15 SP2 OS version. Build {sles}{nbsp}12 based images on a build host " -"running {sles}{nbsp}12 SP4 or {sles}{nbsp}12 SP3 OS version. Build {sles}" -"{nbsp}11 based images on a build host running {sles}{nbsp}11 SP4 OS version." +#. type: Plain text +#: modules/administration/pages/organizations.adoc:40 +msgid "Check the channel to be applied and click btn:[Save Changes]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:444 -msgid "Configure the build host in the {productname} {webui}:" +#: modules/administration/pages/organizations.adoc:41 +msgid "" +"This saves to the database, but does not apply the changes to the channel." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:446 -msgid "" -"Select a client that will be designated as a build host from the menu:" -"Systems[Overview] page." +#: modules/administration/pages/organizations.adoc:42 +msgid "Apply the changes by clicking btn:[Apply]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:447 +#: modules/administration/pages/organizations.adoc:43 msgid "" -"Navigate to the menu:System Details[Properties] tab, enable the " -"[guimenu]``Add-on System Type`` [guimenu]``OS Image Build Host``. Confirm " -"with btn:[Update Properties]." +"This schedules the task to apply the changes to all clients within the " +"organization." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:448 +#. type: Title = +#: modules/administration/pages/public-cloud.adoc:1 #, no-wrap -msgid "os-image-build-host.png" +msgid "Public Cloud" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:451 +#: modules/administration/pages/public-cloud.adoc:2 msgid "" -"Navigate to menu:System Details[Software > Software Channels], and enable " -"the required software channels depending on the build host version." +"Some public cloud environments provide images for {productname} Server and " +"Proxy. This section discusses what you will need for running {productname} " +"in a public cloud, and how to set up your installation." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:453 +#. type: delimited block = +#: modules/administration/pages/public-cloud.adoc:3 msgid "" -"{sles}{nbsp}11 build hosts require {productname} Client tools (``SLE-Manager-" -"Tools11-Pool`` and ``SLE-Manager-Tools11-Updates``)." +"Public clouds provide {productname} under a Bring Your Own Subscription " +"(BYOS) model. This means that you must register them with the {scc}. For " +"more information about registering {productname} with {scc}, see xref:" +"installation:general-requirements.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:454 +#: modules/administration/pages/public-cloud.adoc:4 msgid "" -"{sles}{nbsp}12 build hosts require {productname} Client tools (``SLE-Manager-" -"Tools12-Pool`` and ``SLE-Manager-Tools12-Updates``)." +"Depending on the public cloud network you are using, you can locate the " +"{productname} installation images by searching for the keywords " +"[package]``suse``, [package]``manager``, [package]``proxy``, or " +"[package]``BYOS``." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:456 +#: modules/administration/pages/public-cloud.adoc:5 msgid "" -"{sles}{nbsp}15 build hosts require {sles} modules ``SLE-Module-DevTools15-" -"SP2-Pool`` and ``SLE-Module-DevTools15-SP2-Updates``. Schedule and click " -"btn:[Confirm]." +"For ``SUSE Manager Server in Azure``, see xref:administration:public-cloud-" +"azure.adoc[]." +msgstr "" + +#. type: Title == +#: modules/administration/pages/public-cloud.adoc:6 +#, no-wrap +msgid "Instance Requirements" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:459 +#: modules/administration/pages/public-cloud.adoc:7 msgid "" -"Install Kiwi and all required packages by applying `Highstate`. From the " -"system details page select menu:States[Highstate] and click btn:[Apply " -"Highstate]. Alternatively, apply Highstate from the {productname} Server " -"command line:" +"Select a public cloud instance that meets the hardware requirements in xref:" +"installation:hardware-requirements.adoc[]." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:464 -#, no-wrap -msgid "{productname} Web Server Public Certificate RPM" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:8 +msgid "In addition, be aware of these considerations:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:467 +#: modules/administration/pages/public-cloud.adoc:9 msgid "" -"Build host provisioning copies the {productname} certificate RPM to the " -"build host. This certificate is used for accessing repositories provided by " -"{productname}." +"The {productname} setup procedure performs a forward-confirmed reverse DNS " +"lookup." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:470 +#: modules/administration/pages/public-cloud.adoc:10 msgid "" -"The certificate is packaged in RPM by the `mgr-package-rpm-certificate-" -"osimage` package script. The package script is called automatically during " -"a new {productname} installation." +"This must succeed in order for the setup procedure to complete successfully " +"and for {productname} to operate as expected. Therefore, it is important to " +"perform hostname and IP configuration prior to running the {productname} " +"setup procedure." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:473 +#: modules/administration/pages/public-cloud.adoc:11 msgid "" -"When you upgrade the `spacewalk-certs-tools` package, the upgrade scenario " -"will call the package script using the default values. However if the " -"certificate path was changed or unavailable, you will need to call the " -"package script manually using `--ca-cert-full-path ` " -"after the upgrade procedure has finished." +"{productname} Server and Proxy instances are expected to run in a network " +"configuration that provides you control over DNS entries, but cannot access " +"the wider internet." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:475 -#, no-wrap -msgid "Package script call example" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:12 +msgid "" +"Within this network configuration DNS resolution must be provided: `hostname " +"-f` must return the fully-qualified domain name (FQDN). DNS resolution is " +"also important for connecting clients. DNS is dependent on the cloud " +"framework you choose, refer to the cloud service provider documentation for " +"detailed instructions." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:479 -#, no-wrap -msgid "/usr/sbin/mgr-package-rpm-certificate-osimage --ca-cert-full-path /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:13 +msgid "" +"We recommend that you locate software repositories, the server database, and " +"the proxy squid cache on an external virtual disk." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:482 +#: modules/administration/pages/public-cloud.adoc:14 msgid "" -"The RPM package with the certificate is stored in a salt-accessible " -"directory such as:" +"This prevents data loss if the instance is unexpectedly terminated. " +"Instructions for setting up an external virtual disk are contained in this " +"section." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:484 +#. type: Title == +#: modules/administration/pages/public-cloud.adoc:15 #, no-wrap -msgid "/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-osimage-1.0-1.noarch.rpm\n" +msgid "Network Setup" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:487 +#: modules/administration/pages/public-cloud.adoc:16 msgid "" -"The RPM package with the certificate is provided in the local build host " -"repository:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:489 -#, no-wrap -msgid "/var/lib/Kiwi/repo\n" +"On a public cloud service, you must run {productname} within a restricted " +"network, such as VPC private subnet with an appropriate firewall setting. " +"The instance must only be able to be accessed by machines in your specified " +"IP ranges." msgstr "" #. type: delimited block = -#: modules/administration/pages/image-management.adoc:494 +#: modules/administration/pages/public-cloud.adoc:17 msgid "" -"Specify the RPM package with the {productname} SSL certificate in the build " -"source, and make sure your Kiwi configuration contains ``rhn-org-trusted-ssl-" -"cert-osimage`` as a required package in the ``bootstrap`` section." -msgstr "" - -#. type: Block title -#: modules/administration/pages/image-management.adoc:495 -#, no-wrap -msgid "config.xml" +"A world-accessible {productname} instance violates the terms of the " +"{productname} EULA, and it will not be supported by {suse}." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:504 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:18 msgid "" -"...\n" -" \n" -" ...\n" -" \n" -" \n" -"...\n" +"To access the {productname} {webui}, allow HTTPS when you set up your " +"networking environment." msgstr "" #. type: Title === -#: modules/administration/pages/image-management.adoc:510 +#: modules/administration/pages/public-cloud.adoc:19 #, no-wrap -msgid "Create an Activation Key for OS Images" +msgid "Set the Hostname" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:513 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:20 msgid "" -"Create an activation key associated with the channel that your OS Images " -"will use as repositories when building the image." +"{productname} requires a stable and reliable hostname. Changing the " +"hostname at a later point can create errors." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:515 -msgid "Activation keys are mandatory for OS Image building." +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:21 +msgid "" +"In most public cloud environments, the method shown in this section will " +"work correctly. However, you will have to perform the same modification for " +"every client." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:519 +#: modules/administration/pages/public-cloud.adoc:22 msgid "" -"To build OS Images, you will need an activation key that is associated with " -"a channel other than `SUSE Manager Default`." +"You might prefer to manage DNS resolution by creating a DNS entry in your " +"network environment instead." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:524 -msgid "In the {webui}, select menu:Systems[Activation Keys]." +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:23 +msgid "" +"You can also manage hostname resolution by editing the [path]``/etc/resolv." +"conf`` file. Depending on the order of your setup, if you start the " +"{productname} instance prior to setting up DNS services the file may not " +"contain the appropriate [systemitem]``search`` directive. Check that the " +"proper search directive exists in [path]``/etc/resolv.conf`` and add it if " +"it is missing." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:525 -msgid "Click [guimenu]``Create Key``." +#. type: Block title +#: modules/administration/pages/public-cloud.adoc:24 +#, no-wrap +msgid "Procedure: Setting the hostname locally" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:526 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:25 msgid "" -"Enter a [guimenu]``Description``, a [guimenu]``Key`` name, and use the drop-" -"down box to select a [guimenu]``Base Channel`` to associate with the key." +"Disable hostname setup by editing the DHCP configuration file at [path]``/" +"etc/sysconfig/network/dhcp``, and adding this line:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:539 -msgid "" -"OS Images can require a significant amount of storage space. Therefore, we " -"recommended that the OS Image store is located on a partition of its own or " -"on a Btrfs subvolume, separate from the root partition. By default, the " -"image store will be located at [path]``/srv/www/os-images``." +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:27 +msgid "Set the hostname locally with the [command]``hostnamectl`` command." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:543 +#: modules/administration/pages/public-cloud.adoc:28 msgid "" -"Image stores for Kiwi build type, used to build system, virtual, and other " -"images, are not supported yet." +"Ensure you use the system name, not the FQDN. For example, if the FQDN is " +"[path]``system_name.example.com``, the system name is [path]``system_name``, " +"and the domain name is [path]``example.com``." msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:545 -msgid "" -"Images are always stored in [path]``/srv/www/os-images/`` " -"and are accessible via HTTP/HTTPS [url]``https:///os-" -"images/``." +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:29 +#, no-wrap +msgid "# hostnamectl set-hostname system_name\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:554 -msgid "Manage image profiles using the {webui}." +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:30 +msgid "" +"Create a DNS entry in your network environment for domain name resolution, " +"or force correct resolution by editing the [path]``/etc/hosts`` file." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:559 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:31 msgid "" -"To create an image profile select from menu:Images[Profiles] and click btn:" -"[Create]." +"You can find the IP address by checking your public cloud web console, or " +"from the command line:" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:561 -#, no-wrap -msgid "images_image_create_profile_kiwi.png" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:32 +msgid "Amazon EC2 instance:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:564 -msgid "" -"In the [guimenu]``Label`` field, provide a name for the `Image Profile`." +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:33 +#, no-wrap +msgid "# ec2metadata --local-ipv4\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:565 -msgid "Use `Kiwi` as the [guimenu]``Image Type``." +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:34 +msgid "Google Compute Engine:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:566 -msgid "Image store is automatically selected." +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:35 +#, no-wrap +msgid "# gcemetadata --query instance --network-interfaces --ip\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:567 -msgid "" -"Enter a [guimenu]``Config URL`` to the directory containing the Kiwi " -"configuration files:" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:36 +msgid "Microsoft Azure:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:568 -msgid "git URI" +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:37 +#, no-wrap +msgid "# azuremetadata --internal-ip\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:569 -msgid "HTTPS tarball" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:38 +msgid "" +"In the following command, replace [literal]```` with IP address " +"you retrieve from the command line above:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:570 -msgid "Path to build host local directory" +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:39 +#, no-wrap +msgid "# echo \" suma.cloud.net suma\" >> /etc/hosts\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:572 -msgid "" -"Select an [guimenu]``Activation Key``. Activation keys ensure that images " -"using a profile are assigned to the correct channel and packages." +#. type: Title === +#: modules/administration/pages/public-cloud.adoc:40 +#, no-wrap +msgid "Set up DNS Resolution" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:577 +#: modules/administration/pages/public-cloud.adoc:41 msgid "" -"Associate an activation key with an image profile to ensure the image " -"profile uses the correct software channel, and any packages." +"You will need to update the DNS records for the instance within the DNS " +"service of your network environment. Refer to the cloud service provider " +"documentation for detailed instructions:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:581 -msgid "Confirm with the btn:[Create] button." +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:42 +msgid "" +"http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-dns.html[DNS setup " +"on Amazon EC2]" msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:583 -#, no-wrap -msgid "Source format options" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:43 +msgid "" +"https://cloud.google.com/compute/docs/networking[DNS setup on Google Compute " +"Engine]" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:585 -msgid "git/HTTP(S) URL to the repository" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:44 +msgid "" +"https://azure.microsoft.com/en-us/documentation/articles/dns-operations-" +"recordsets[DNS setup on Microsoft Azure]" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:589 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:45 msgid "" -"URL to the git repository containing the sources of the image to be built. " -"Depending on the layout of the repository the URL can be:" +"If you run a {productname} Server instance, ensure the external storage is " +"attached and prepared correctly, and that DNS resolution is set up as " +"described. Start the ``susemanager_setup`` with {yast}:" msgstr "" #. type: delimited block - -#: modules/administration/pages/image-management.adoc:592 +#: modules/administration/pages/public-cloud.adoc:46 #, no-wrap -msgid "https://github.com/SUSE/manager-build-profiles\n" +msgid "# /sbin/yast2 susemanager_setup\n" msgstr "" +#. No need to duplicate this, since it exists within the docs suite. LKB 2019-05-29 +#. Uncommenting, as it turns out some of this content is unique. Will need a more surgical look. LKB 2019-08-02 #. type: Plain text -#: modules/administration/pages/image-management.adoc:597 +#: modules/administration/pages/public-cloud.adoc:47 msgid "" -"You can specify a branch after the `#` character in the URL. In this " -"example, we use the `master` branch:" +"The {productname} setup procedure in YaST is designed as a one pass process " +"with no rollback or cleanup capability. Therefore, if the setup procedure " +"is interrupted or ends with an error, it is not recommended that you repeat " +"the setup process or attempts to manually fix the configuration. These " +"methods are likely to result in a faulty {productname} installation. If you " +"experience errors during setup, start a new instance, and begin the setup " +"procedure again on a clean system." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:600 -#, no-wrap -msgid "https://github.com/SUSE/manager-build-profiles#master\n" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:48 +msgid "" +"If you receive a message that there is not enough space available for setup, " +"ensure that your root volume is at least 20 GB and double check that the " +"instructions in <> have been completed " +"correctly." msgstr "" +# +# +# +# +#. REMARK check this; will it still work for sle 15? +#. Commented out per https://github.com/SUSE/spacewalk/issues/8951 LKB 2019-08-06 +#. {productname} Server for the public cloud comes with a bootstrap data module pre-installed. +#. The bootstrap module contains optimized package lists for bootstrapping instances started from {sle} images published by {suse}. +#. If you intend to register such an instance, when you create the bootstrap repository run the [command]``mgr-create-bootstrap-repo`` script using this command, to create a bootstrap repository suitable for {sle} 12 SP1 instances. +#. ---- +#. $ mgr-create-bootstrap-repo --datamodule=mgr_pubcloud_bootstrap_data -c SLE-12-SP1-x86_64 +#. ---- +#. See xref:client-configuration:creating-a-tools-repository.adoc[] for more information on bootstrapping. #. type: Plain text -#: modules/administration/pages/image-management.adoc:605 +#: modules/administration/pages/public-cloud.adoc:49 msgid "" -"You can specify a directory that contains the image sources after the `:` " -"character. In this example, we use `OSImage/POS_Image-JeOS6`:" +"Prior to registering instances started from on demand images remove the " +"following packages from the instance to be registered:" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:608 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:50 +msgid "cloud-regionsrv-client" +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:51 #, no-wrap -msgid "https://github.com/SUSE/manager-build-profiles#master:OSImage/POS_Image-JeOS6\n" +msgid "*For Amazon EC2*\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:611 -msgid "HTTP(S) URL to the tarball" +#: modules/administration/pages/public-cloud.adoc:52 +msgid "regionServiceClientConfigEC2" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:614 -msgid "" -"URL to the tar archive, compressed or uncompressed, hosted on the webserver." +#: modules/administration/pages/public-cloud.adoc:53 +msgid "regionServiceCertsEC2" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:617 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:54 #, no-wrap -msgid "https://myimagesourceserver.example.org/MyKiwiImage.tar.gz\n" +msgid "*For Google Compute Engine*\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:620 -msgid "Path to the directory on the build host" +#: modules/administration/pages/public-cloud.adoc:55 +msgid "cloud-regionsrv-client-plugin-gce" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:624 -msgid "" -"Enter the path to the directory with the Kiwi build system sources. This " -"directory must be present on the selected build host." +#: modules/administration/pages/public-cloud.adoc:56 +msgid "regionServiceClientConfigGCE" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:628 -#, no-wrap -msgid "/var/lib/Kiwi/MyKiwiImage\n" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:57 +msgid "regionServiceCertsGCE" msgstr "" -#. type: Title ==== -#: modules/administration/pages/image-management.adoc:633 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:58 #, no-wrap -msgid "Example of Kiwi Sources" +msgid "*For Microsoft Azure*\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:639 -msgid "" -"Kiwi sources consist at least of `config.xml`. Usually, `config.sh` and " -"`images.sh` are present as well. Sources can also contain files to be " -"installed in the final image under the `root` subdirectory." +#: modules/administration/pages/public-cloud.adoc:59 +msgid "regionServiceClientConfigAzure" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:641 -msgid "" -"For information about the Kiwi build system, see the https://doc.opensuse." -"org/projects/kiwi/doc/[Kiwi documentation]." +#: modules/administration/pages/public-cloud.adoc:60 +msgid "regionServiceCertsAzure" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:643 +#: modules/administration/pages/public-cloud.adoc:61 msgid "" -"{suse} provides examples of fully functional image sources at the https://" -"github.com/SUSE/manager-build-profiles[SUSE/manager-build-profiles] public " -"GitHub repository." +"If these packages are not removed it is possible to create interference " +"between the repositories provided by {productname} and the repositories " +"provided by the SUSE operated update infrastructure." msgstr "" -#. type: Block title -#: modules/administration/pages/image-management.adoc:644 -#, no-wrap -msgid "Example of JeOS config.xml" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:62 +msgid "" +"Additionally remove the line from the [path]``/etc/hosts`` file that " +"contains the *susecloud.net* reference." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:649 -#, no-wrap -msgid "\n" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:63 +msgid "If you run a {productname} Proxy instance" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:661 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:64 msgid "" -"\n" -" \n" -" Admin User\n" -" noemail@example.com\n" -" SUSE Linux Enterprise 12 SP3 JeOS\n" -" \n" -" \n" -" 6.0.0\n" -" zypper\n" -" SLE\n" -" SLE\n" +"Launch the instance, optionally with external storage configured. If you " +"use external storage (recommended), prepare it according to <>. It is recommended but not required to prepare the storage " +"before configuring {productname} proxy, as the suma-storage script will " +"migrate any existing cached data to the external storage. After preparing " +"the instance, register the system with the parent SUSE Manager, which could " +"be a {productname} Server or another {productname} Proxy. See the xref:" +"installation:proxy-setup.adoc[] for details. When registered, configure " +"your {productname} Proxy instance with this script:" msgstr "" #. type: delimited block - -#: modules/administration/pages/image-management.adoc:666 +#: modules/administration/pages/public-cloud.adoc:65 #, no-wrap -msgid "" -" en_US\n" -" us.map.gz\n" -" Europe/Berlin\n" -" utc\n" +msgid "/usr/sbin/configure-proxy.sh\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:688 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:66 msgid "" -" true\n" -" \n" -" \n" -" \n" -" \n" -" \n" -" \n" -" \n" -" \n" -" ...\n" -" \n" -" \n" -" ...\n" -" \n" -" \n" -" \n" +"When the script has completed, {productname} should be functional and " +"running." msgstr "" -#. type: delimited block - -#: modules/administration/pages/image-management.adoc:696 -#, no-wrap +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:67 msgid "" -" \n" -" \n" -" \n" -" \n" -" ...\n" -" \n" -"\n" +"For {productname} Server, the setup process created an administrator user " +"with this user name:" msgstr "" -#. ianew: admin/image-management.adoc -#. iawho: lana 2019-02-27 #. type: Plain text -#: modules/administration/pages/image-management.adoc:707 +#: modules/administration/pages/public-cloud.adoc:68 +msgid "User name: `admin`" +msgstr "" + +#. type: Block title +#: modules/administration/pages/public-cloud.adoc:69 +#, no-wrap +msgid "Account credentials for admin user" +msgstr "" + +#. type: Table +#: modules/administration/pages/public-cloud.adoc:70 +#, no-wrap msgid "" -"There are two ways to build an image using the {webui}. Either select menu:" -"Images[Build], or click the build icon in the menu:Images[Profiles] list." +"|\n" +" Amazon EC2\n" +"\n" +"|\n" +" Google Compute Engine\n" +"\n" +"|\n" +" Microsoft Azure\n" +"\n" +"\n" +"|\n" +"\n" +"[replaceable]``Instance-ID``\n" +"|\n" +"\n" +"[replaceable]``Instance-ID``\n" +"|\n" +"\n" +"[replaceable]``Instance-Name``**-suma**\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:713 +#: modules/administration/pages/public-cloud.adoc:71 msgid "" -"Add a different tag name if you want a version other than the default " -"``latest`` (applies only to containers)." +"The current value for the [replaceable]``Instance-ID`` or " +"[replaceable]``Instance-Name`` in case of the Azure Cloud, can be obtained " +"from the public cloud Web console or from within a terminal session as " +"follows:" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:714 -msgid "Select the [guimenu]``Image Profile`` and a [guimenu]``Build Host``." +#: modules/administration/pages/public-cloud.adoc:72 +msgid "Obtain instance id from within Amazon EC2 instance" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:720 -msgid "" -"A [guimenu]``Profile Summary`` is displayed to the right of the build " -"fields. When you have selected a build profile, detailed information about " -"the selected profile will show up in this area." +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:73 +#, no-wrap +msgid "$ ec2metadata --instance-id\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:724 -msgid "To schedule a build, click the btn:[Build] button." +#: modules/administration/pages/public-cloud.adoc:74 +msgid "Obtain instance id from within Google Compute Engine instance" msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:731 -msgid "" -"The build server cannot run any form of automounter during the image " -"building process. If applicable, ensure that you do not have your Gnome " -"session running as root. If an automounter is running, the image build will " -"finish successfully, but the checksum of the image will be different and " -"will fail later." +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:75 +#, no-wrap +msgid "$ gcemetadata --query instance --id\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:738 -msgid "" -"After the image is successfully built, the inspection phase begins. During " -"the inspection phase {susemgr} collects information about the image:" +#: modules/administration/pages/public-cloud.adoc:76 +msgid "Obtain instance name from within Microsoft Azure instance" msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:740 -msgid "List of packages installed in the image" +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:77 +#, no-wrap +msgid "$ azuremetadata --instance-name\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:741 -msgid "Checksum of the image" +#: modules/administration/pages/public-cloud.adoc:78 +msgid "" +"After logging in through the {productname} Server {webui}, *change* the " +"default password." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:742 -msgid "Image type and other image details" -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:748 +#: modules/administration/pages/public-cloud.adoc:79 msgid "" -"If the built image type is `PXE`, a Salt pillar will also be generated. " -"Image pillars are stored in the `/srv/susemanager/pillar_data/images/` " -"directory and the Salt subsystem can access details about the generated " -"image. Details include where the pillar is located and provided, image " -"checksums, information needed for network boot, and more." +"{productname} Proxy does not have administration access to the {webui}. It " +"can be managed through its parent {productname} Server." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:750 -msgid "The generated pillar is available to all connected clients." +#. type: Title === +#: modules/administration/pages/public-cloud.adoc:80 +#, no-wrap +msgid "Using Separate Storage Volume" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:761 +#: modules/administration/pages/public-cloud.adoc:81 msgid "" -"Building an image requires several dependent steps. When the build fails, " -"investigating Salt states results can help identify the source of the " -"failure. You can carry out these checks when the build fails:" +"We recommend that the repositories and the database for {productname} be " +"stored on a virtual storage device. This best practice will avoid data loss " +"in cases where the {productname} instance may need to be terminated. These " +"steps *must* be performed *prior* to running the YaST {productname} setup " +"procedure." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:763 -msgid "The build host can access the build sources" +#: modules/administration/pages/public-cloud.adoc:82 +msgid "" +"Provision a disk device in the public cloud environment, refer to the cloud " +"service provider documentation for detailed instructions. The size of the " +"disk is dependent on the number of distributions and channels you intend to " +"manage with {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:764 +#: modules/administration/pages/public-cloud.adoc:83 msgid "" -"There is enough disk space for the image on both the build host and the " -"{productname} server" +"For sizing information refer to https://www.suse.com/support/kb/doc.php?" +"id=7015050[SUSE Manager sizing examples]. A rule of thumb is 25 GB per " +"distribution per channel." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:765 -msgid "The activation key has the correct channels associated with it" +#: modules/administration/pages/public-cloud.adoc:84 +msgid "" +"Once attached the device appears as Unix device node in your instance. For " +"the following command to work this device node name is required. In many " +"cases the attached storage appears as **/dev/sdb**. In order to check which " +"disk devices exists on your system, call the following command:" msgstr "" -#. type: Plain text -#: modules/administration/pages/image-management.adoc:766 -msgid "The build sources used are valid" +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:85 +#, no-wrap +msgid "$ hwinfo --disk | grep -E \"Device File:\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:768 +#: modules/administration/pages/public-cloud.adoc:86 msgid "" -"The RPM package with the {productname} public certificate is up to date and " -"available at `/usr/share/susemanager/salt/images/rhn-org-trusted-ssl-cert-" -"osimage-1.0-1.noarch.rpm`. For more on how to refresh a public certificate " -"RPM, see <>." +"With the device name at hand the process of re-linking the directories in " +"the file system {productname} uses to store data is handled by the suma-" +"storage script. In the following example we use [path]``/dev/sdb`` as the " +"device name." msgstr "" -#. type: Title === -#: modules/administration/pages/image-management.adoc:772 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:87 #, no-wrap -msgid "Limitations" +msgid "$ /usr/bin/suma-storage /dev/sdb\n" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:775 -msgid "The section contains some known issues when working with images." +#: modules/administration/pages/public-cloud.adoc:88 +msgid "" +"After the call all database and repository files used by SUSE Manager Server " +"are moved to the newly created xfs based storage. In case your instance is " +"a {productname} Proxy, the script will move the Squid cache, which caches " +"the software packages, to the newly created storage. The xfs partition is " +"mounted below the path [path]``/manager_storage``. ." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:89 +msgid "Create an entry in /etc/fstab (optional)" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:777 +#: modules/administration/pages/public-cloud.adoc:90 msgid "" -"HTTPS certificates used to access the HTTP sources or git repositories " -"should be deployed to the client by a custom state file, or configured " -"manually." +"Different cloud frameworks treat the attachment of external storage devices " +"differently at instance boot time. Please refer to the cloud environment " +"documentation for guidance about the fstab entry." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:778 -msgid "Importing Kiwi-based images is not supported." +#: modules/administration/pages/public-cloud.adoc:91 +msgid "" +"If your cloud framework recommends to add an fstab entry, add the following " +"line to the */etc/fstab* file." +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:92 +#, no-wrap +msgid "/dev/sdb1 /manager_storage xfs defaults,nofail 1 1\n" msgstr "" #. type: Title == -#: modules/administration/pages/image-management.adoc:782 +#: modules/administration/pages/public-cloud.adoc:93 #, no-wrap -msgid "List Image Profiles Available for Building" +msgid "Registration of Cloned Systems" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:787 +#: modules/administration/pages/public-cloud.adoc:94 msgid "" -"To list images available for building select menu:Images[Image List]. A " -"list of all images will be displayed." +"{productname} cannot distinguish between different instances that use the " +"same system ID. If you register a second instance with the same system ID " +"as a previous instance, {productname} will overwrite the original system " +"data with the new system data. This can occur when you launch multiple " +"instances from the same image, or when an image is created from a running " +"instance. However, it is possible to clone systems and register them " +"successfully by deleting the cloned system's ID, and generating a new ID." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/image-management.adoc:788 +#. type: Block title +#: modules/administration/pages/public-cloud.adoc:95 #, no-wrap -msgid "images_list_images.png" +msgid "Procedure: Registering Cloned Systems" msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:792 -msgid "" -"Displayed data about images includes an image [guimenu]``Name``, its " -"[guimenu]``Version`` and the build [guimenu]``Status``. You will also see " -"the image update status with a listing of possible patch and package updates " -"that are available for the image." +#: modules/administration/pages/public-cloud.adoc:96 +msgid "Clone the system using your preferred hypervisor's cloning mechanism." msgstr "" #. type: Plain text -#: modules/administration/pages/image-management.adoc:795 +#: modules/administration/pages/public-cloud.adoc:97 msgid "" -"Clicking the btn:[Details] button on an image will provide a detailed view. " -"The detailed view includes an exact list of relevant patches and a list of " -"all packages installed within the image." +"On the cloned system, change the hostname and IP addresses, and check the " +"[path]``/etc/hosts`` file to ensure you have the right host entries." msgstr "" -#. type: delimited block = -#: modules/administration/pages/image-management.adoc:799 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:98 msgid "" -"The patch and the package list is only available if the inspect state after " -"a build was successful." -msgstr "" - -#. type: Title = -#: modules/administration/pages/tshoot-taskomatic.adoc:2 -#, no-wrap -msgid "Troubleshooting Taskomatic" +"On traditional clients, stop the [command]``rhnsd`` daemon with [command]``/" +"etc/init.d/rhnsd stop`` or, on newer systemd-based systems, with " +"[command]``service rhnsd stop``." msgstr "" -# -# -# -#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS -#. Troubleshooting format: -#. One sentence each: -#. Cause: What created the problem? -#. Consequence: What does the user see when this happens? -#. Fix: What can the user do to fix this problem? -#. Result: What happens after the user has completed the fix? -#. If more detailed instructions are required, put them in a "Resolving" procedure: -#. .Procedure: Resolving Widget Wobbles -#. . First step -#. . Another step -#. . Last step #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:23 -msgid "" -"Repository metadata regeneration is a relatively intensive process, so " -"Taskomatic can take several minutes to complete. Additionally, if " -"Taskomatic crashes, repository metadata regeneration can be interrupted." +#: modules/administration/pages/public-cloud.adoc:99 +msgid "Then [command]``service osad stop``." msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:26 -msgid "" -"If Taskomatic is still running, or if the process has crashed, package " -"updates can seem available in the {webui}, but will not appear on the " -"client, and attempts to update the client will fail. In this case, the " -"[command]``zypper ref`` command will show an error like this:" +#: modules/administration/pages/public-cloud.adoc:100 +msgid "For SLES 11 or {rhel} 5 or 6 clients, run these commands:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:29 +#: modules/administration/pages/public-cloud.adoc:101 +#: modules/administration/pages/tshoot-registerclones.adoc:13 #, no-wrap -msgid "Valid metadata not found at specified URL\n" +msgid "" +"# rm /var/lib/dbus/machine-id\n" +"# dbus-uuidgen --ensure\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:33 -msgid "" -"To correct this, determine if Taskomatic is still in the process of " -"generating repository metadata, or if a crash could have occurred. Wait for " -"metadata regeneration to complete or restart Taskomatic after a crash in " -"order for client updates to be carried out correctly." +#: modules/administration/pages/public-cloud.adoc:102 +msgid "For SLES 12, SLES 15, or {rhel} 7 clients, run these commands:" msgstr "" -#. type: Block title -#: modules/administration/pages/tshoot-taskomatic.adoc:36 +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:103 +#: modules/administration/pages/tshoot-registerclones.adoc:11 +#: modules/administration/pages/tshoot-registerclones.adoc:37 #, no-wrap -msgid "Procedure: Resolving Taskomatic Problems" +msgid "" +"# rm /etc/machine-id\n" +"# rm /var/lib/dbus/machine-id\n" +"# dbus-uuidgen --ensure\n" +"# systemd-machine-id-setup\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:39 +#: modules/administration/pages/public-cloud.adoc:104 +msgid "If you are using Salt, then you will also need to run these commands:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/public-cloud.adoc:105 +#, no-wrap msgid "" -"On the {productname} Server, check the [path]``/var/log/rhn/" -"rhn_taskomatic_daemon.log`` file to determine if any metadata regeneration " -"processes are still running, or if a crash occurred." +"# service salt-minion stop\n" +"# rm -rf /var/cache/salt\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:40 -msgid "Restart taskomatic:" +#: modules/administration/pages/public-cloud.adoc:106 +msgid "If you are using a traditional client, clean up the working files with:" msgstr "" #. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:43 +#: modules/administration/pages/public-cloud.adoc:107 +#: modules/administration/pages/tshoot-registerclones.adoc:34 #, no-wrap -msgid "service taskomatic restart\n" +msgid "# rm -f /etc/sysconfig/rhn/{osad-auth.conf,systemid}\n" msgstr "" #. type: Plain text -#: modules/administration/pages/tshoot-taskomatic.adoc:47 +#: modules/administration/pages/public-cloud.adoc:108 msgid "" -"In the Taskomatic log files, you can identify the section related to " -"metadata regeneration by looking for opening and closing lines that look " -"like this:" +"The bootstrap should now run with a new system ID, rather than a duplicate." msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:50 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:109 +msgid "" +"If you are onboarding Salt client clones, then you will also need to check " +"if they have the same Salt minion ID. You will need to delete the minion ID " +"on each cloned client, using the [command]``rm`` command. Each operating " +"system type stores this file in a slightly different location, check the " +"table for the appropriate command." +msgstr "" + +#. type: Block title +#: modules/administration/pages/public-cloud.adoc:110 #, no-wrap -msgid " ,174 [Thread-584] INFO com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Generating new repository metadata for channel 'cloned-2018-q1-sles12-sp3-updates-x86_64'(sha256) 550 packages, 140 errata\n" +msgid "Minion ID File Location" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:52 +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:111 +msgid "" +"Each operating system stores the minion ID file in a slightly different " +"location, check the table for the appropriate command." +msgstr "" + +#. type: Table +#: modules/administration/pages/public-cloud.adoc:112 #, no-wrap -msgid "...\n" +msgid "" +"| Operating System | Commands\n" +"| SLES 15 | [command]``rm /etc/salt/minion_id``\n" +"\n" +" [command]``rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" +"| SLES 12 | [command]``rm /etc/salt/minion_id``\n" +"\n" +" [command]``rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}``\n" +"| SLES 11 | [command]``rm /etc/salt/minion_id``\n" +"\n" +" [command]``suse_register -E``\n" +"| SLES 10 | [command]``rm -rf /etc/{zmd,zypp}``\n" +"\n" +" [command]``rm -rf /var/lib/zypp/``\n" +" Do not delete [path]``/var/lib/zypp/db/products/``\n" +"\n" +" [command]``rm -rf /var/lib/zmd/``\n" +"| {rhel} 5, 6, 7 | [command]`` rm -f /etc/NCCcredentials``\n" msgstr "" -#. type: delimited block - -#: modules/administration/pages/tshoot-taskomatic.adoc:54 -#, no-wrap -msgid " ,704 [Thread-584] INFO com.redhat.rhn.taskomatic.task.repomd.RepositoryWriter - Repository metadata generation for 'cloned-2018-q1-sles12-sp3-updates-x86_64' finished in 4 seconds\n" +#. type: Plain text +#: modules/administration/pages/public-cloud.adoc:113 +msgid "" +"When you have deleted the minion ID file, re-run the bootstrap script, and " +"restart the client to see the cloned system in {productname} with the new ID." msgstr "" #. type: Title = -#: modules/administration/pages/maintenance-window-tasks.adoc:2 +#: modules/administration/pages/repo-metadata.adoc:1 #, no-wrap -msgid "Maintenance Window Tasks" +msgid "Signing Repository Metadata" msgstr "" +#. TODO:: Explain why repository metadata should/would be signed. #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:6 +#: modules/administration/pages/repo-metadata.adoc:2 msgid "" -"If you work with scheduled maintenance windows, you might find it difficult " -"to remember all the things that you need to do before, during, and after " -"that critical downtime of the {productname} Server. {productname} Server " -"related systems such as Inter-Server Synchronization Slave Servers or " -"{productname} Proxies are also affected and have to be considered." +"You will require a custom GPG key to be able to sign repository metadata." msgstr "" -#. It's similar to zypper at the package level: -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:11 -msgid "" -"{suse} recommends you always keep your {productname} infrastructure " -"updated. That includes servers, proxies, and build hosts. If you do not " -"keep the {productname} Server updated, you might not be able to update some " -"parts of your environment when you need to." +#. type: Block title +#: modules/administration/pages/repo-metadata.adoc:3 +#, no-wrap +msgid "Procedure: Generating a Custom GPG Key" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:13 +#: modules/administration/pages/repo-metadata.adoc:4 msgid "" -"This section contains a checklist for your maintenance window, with links to " -"further information on performing each of the steps." +"As the root user, use the [command]``gpg`` command to generate a new key:" msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:16 +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:5 #, no-wrap -msgid "Server" +msgid "gpg --gen-key\n" msgstr "" -#. ke, 2019-09-30: we'll stop spacewalk during the update -#. . Stop spacewalk services. -#. You will need to stop the spacewalk, SAP, and database services, along with any others you have running. -#. . Check if the configuration is still correct. #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:24 -msgid "Apply the latest updates. See xref:upgrade:server-intro.adoc[]." +#: modules/administration/pages/repo-metadata.adoc:6 +msgid "" +"At the prompts, select [systemitem]``RSA`` as the key type, with a size of " +"2048 bits, and select an appropriate expiry date for your key." msgstr "" -#. We reboot during the above listed procedures. -#. . Reboot the server. -#. . Check if the configuration is still correct. -#. . Start any stopped services. #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:29 -msgid "Upgrade to the latest service pack, if required." +#: modules/administration/pages/repo-metadata.adoc:7 +msgid "" +"Check the details for your new key, and type [systemitem]``y`` to confirm." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:30 +#: modules/administration/pages/repo-metadata.adoc:8 msgid "" -"Run [command]``spacewalk-service status`` and check whether all required " -"services are up and running." +"At the prompts, enter a name and email address to be associated with your " +"key." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:32 +#: modules/administration/pages/repo-metadata.adoc:9 msgid "" -"For information about database schema upgrades and PostgreSQL migrations, " -"see xref:upgrade:db-intro.adoc[]." +"You can also add a comment to help you identify the key, if desired. When " +"you are happy with the user identity, type [systemitem]``O`` to confirm." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:36 -msgid "" -"You can install updates using your package manager. For information on " -"using {yast}, see https://documentation.suse.com/sles/15-SP1/html/SLES-all/" -"cha-onlineupdate-you.html. For information on using zypper, see https://" -"documentation.suse.com/sles/15-SP1/html/SLES-all/cha-sw-cl.html#sec-zypper." +#: modules/administration/pages/repo-metadata.adoc:10 +msgid "At the prompt, enter a passphrase to protect your key." msgstr "" -# -# -#. Preferable, you will run such a tool within a maintenance window; for more information, see xref:administration:maintenance-window.adoc#maintenance-window[]. -#. complete procedure, also see above: -#. 1. Log in as root user to the SUSE Manager server. -#. 2. Stop the Spacewalk service: -#. spacewalk-service stop -#. 3. Apply the patch using either zypper patch or YaST Online Update. -#. 4. Upgrade the database schema: -#. spacewalk-schema-upgrade -#. 5. Start the Spacewalk service: -#. spacewalk-service start #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:54 -msgid "" -"By default, several update channels are configured and enabled for the " -"{productname} Server. New and updated packages will become available " -"automatically." +#: modules/administration/pages/repo-metadata.adoc:11 +msgid "The key should be automatically added to your keyring." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:58 -msgid "" -"To keep {susemgr} up to date, either connect it directly to {scc} or use " -"{rmtool} (RMT). You can use RMT as a local installation source for " -"disconnected environments." +#: modules/administration/pages/repo-metadata.adoc:12 +msgid "You can check by listing the keys in your keyring:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:13 +#, no-wrap +msgid "gpg --list-keys\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:62 +#: modules/administration/pages/repo-metadata.adoc:14 msgid "" -"You can check that the update channels are available on your system with " -"this command:" +"Add the password for your keyring to the [filename]``/etc/rhn/signing.conf`` " +"configuration file, by opening the file in your text editor and adding this " +"line:" msgstr "" #. type: delimited block - -#: modules/administration/pages/maintenance-window-tasks.adoc:65 +#: modules/administration/pages/repo-metadata.adoc:15 #, no-wrap -msgid "zypper lr\n" +msgid "GPGPASS=\"password\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:68 -msgid "The output will look similar to this:" +#: modules/administration/pages/repo-metadata.adoc:16 +msgid "" +"You can manage metadata signing on the command line using the [command]``mgr-" +"sign-metadata-ctl`` command." msgstr "" -#. type: delimited block - -#: modules/administration/pages/maintenance-window-tasks.adoc:84 +#. type: Block title +#: modules/administration/pages/repo-metadata.adoc:17 #, no-wrap -msgid "" -"Name | Enabled | GPG Check | Refresh\n" -"-------------------------------------------------------+---------+-----------+--------\n" -"SLE-Module-Basesystem15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Basesystem15-SP1-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-Python2-15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Python2-15-SP1-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Product-SUSE-Manager-Server-4.0-Pool | Yes | (r ) Yes | No\n" -"SLE-Product-SUSE-Manager-Server-4.0-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-SUSE-Manager-Server-4.0-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-SUSE-Manager-Server-4.0-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-Server-Applications15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Server-Applications15-SP1-Updates | Yes | (r ) Yes | Yes\n" -"SLE-Module-Web-Scripting15-SP1-Pool | Yes | (r ) Yes | No\n" -"SLE-Module-Web-Scripting15-SP1-Updates | Yes | (r ) Yes | Yes\n" +msgid "Procedure: Enabling Metadata Signing" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:92 -msgid "" -"{productname} releases maintenance updates (MUs) to provide newer packages. " -"Maintenance updates are indicated with a new version number. For example, " -"the major release 4.0 will be incremented to 4.0.1 when an MU is released." +#: modules/administration/pages/repo-metadata.adoc:18 +msgid "You will need to know the short identifier for the key to use." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:95 -msgid "" -"You can verify which version you are running by looking at the bottom of the " -"navigation bar in the {webui}. You can also fetch the version number with " -"the [literal]``api.getVersion()`` XMLRPC API call." +#: modules/administration/pages/repo-metadata.adoc:19 +msgid "You can list your available public keys in short format:" msgstr "" -#. type: Title === -#: modules/administration/pages/maintenance-window-tasks.adoc:107 +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:20 #, no-wrap -msgid "Client Tools" +msgid "" +"gpg --keyid-format short --list-keys\n" +"...\n" +"pub rsa2048/3E7BFE0A 2019-04-02 [SC] [expires: 2021-04-01]\n" +" A43F9EC645ED838ED3014B035CFA51BF3E7BFE0A\n" +"uid [ultimate] SUSE Manager\n" +"sub rsa2048/118DE7FF 2019-04-02 [E] [expires: 2021-04-01]\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:115 +#: modules/administration/pages/repo-metadata.adoc:21 msgid "" -"When the server is updated consider to update some tools on the clients, " -"too. Updating [package]``salt-minion``, [package]``zypper``, and other " -"related management package on clients is not a strict requirement, but it is " -"a best practice in general. For example, a maintenance update on the server " -"might introduce a major new Salt version. Then minions will continue to " -"work but might experience problems later on. To avoid this always update " -"the salt-minion package when available. {suse} makes sure that " -"[package]``salt-minion`` can always be updated safely." +"Enable metadata signing with the [command]``mgr-sign-metadata-ctl`` command:" msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:118 +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:22 #, no-wrap -msgid "Inter-Server Synchronization Slave Server" +msgid "" +"mgr-sign-metadata-ctl enable 3E7BFE0A\n" +"OK. Found key 3E7BFE0A in keyring.\n" +"DONE. Set key 3E7BFE0A in /etc/rhn/signing.conf.\n" +"DONE. Enabled metadata signing in /etc/rhn/rhn.conf.\n" +"DONE. Exported key 4E2C3DD8 to /srv/susemanager/salt/gpg/mgr-keyring.gpg.\n" +"DONE. Exported key 4E2C3DD8 to /srv/www/htdocs/pub/mgr-gpg-pub.key.\n" +"NOTE. For the changes to become effective run:\n" +" mgr-sign-metadata-ctl regen-metadata\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:121 -msgid "" -"If you are using an inter-server synchronization slave server, update it " -"after the {productname} Server update is complete." +#: modules/administration/pages/repo-metadata.adoc:23 +msgid "You can check that your configuration is correct with this command:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:24 +#, no-wrap +msgid "mgr-sign-metadata-ctl check-config\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:123 +#: modules/administration/pages/repo-metadata.adoc:25 msgid "" -"For more in inter-server synchronization, see xref:administration:iss.adoc[]." +"Restart the services and schedule metadata regeneration to pick up the " +"changes:" msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:126 +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:26 #, no-wrap -msgid "Monitoring Server" +msgid "mgr-sign-metadata-ctl regen-metadata\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:129 +#: modules/administration/pages/repo-metadata.adoc:27 msgid "" -"If you are using a monitoring server for Prometheus, update it after the " -"{productname} Server update is complete." +"You can also use the [command]``mgr-sign-metadata-ctl`` command to perform " +"other tasks. Use [command]``mgr-sign-metadata-ctl --help`` to see the " +"complete list." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:131 +#: modules/administration/pages/repo-metadata.adoc:28 msgid "" -"For more information on monitoring, see xref:administration:monitoring." -"adoc[]." +"Repository metadata signing is a global option. When it is enabled, it is " +"enabled on all software channels on the server. This means that all clients " +"connected to the server will need to trust the new GPG key to be able to " +"install or update packages." msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-window-tasks.adoc:134 +#. type: Block title +#: modules/administration/pages/repo-metadata.adoc:29 #, no-wrap -msgid "Proxy" +msgid "Procedure: Importing GPG keys on Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:137 -msgid "" -"Proxies should be updated as soon as {productname} Server updates are " -"complete." +#: modules/administration/pages/repo-metadata.adoc:30 +msgid "For RPM-based client systems, use these remote commands:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:140 -msgid "" -"In general, running a proxy connected to a server on a different version is " -"not supported. The only exception is for the duration of updates where it " -"is expected that the server is updated first, so the proxy could run the " -"previous version temporarily." +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:31 +#, no-wrap +msgid "rpm --import http://server.example.com/pub/mgr-gpg-pub.key\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:142 +#: modules/administration/pages/repo-metadata.adoc:32 msgid "" -"Especially if you are migrating from version 3.2 to 4.0, upgrade the server " -"first, then any proxy." +"For Ubuntu clients, you will need to reassign the channels, which will " +"automatically pick up the new GPG key." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-window-tasks.adoc:143 -msgid "For more information, see xref:upgrade:proxy-intro.adoc[]." +#: modules/administration/pages/repo-metadata.adoc:33 +msgid "" +"You can do this through the {productname} {webui}, or from the command line " +"on the server with this command:" msgstr "" -#. type: Title = -#: modules/administration/pages/maintenance-windows.adoc:2 +#. type: delimited block - +#: modules/administration/pages/repo-metadata.adoc:34 #, no-wrap -msgid "Maintenance Windows" +msgid "salt state.apply channels\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:6 -msgid "" -"The maintenance windows feature in {productname} allows you to schedule " -"actions to occur during a scheduled maintenance window period. When you " -"have created your maintenance window schedule, and applied it to a client, " -"you are prevented from executing some actions outside of the specified " -"period." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/maintenance-windows.adoc:14 +#: modules/administration/pages/repo-metadata.adoc:35 msgid "" -"Maintenance windows operate in a different way to system locking. System " -"locks are switched on or off as required, while maintenance windows define " -"periods of time when actions are allowed. Additionally, the allowed and " -"restricted actions differ. For more information about system locks, see " -"xref:client-configuration:system-locking.adoc[]." +"OPTIONAL: For Salt clients, you might prefer to use a state to manage your " +"GPG keys." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:21 -msgid "" -"Maintenance windows require both a calendar, and a schedule. The calendar " -"defines the date and time of your maintenance window events, including " -"recurring events, and must be in [path]``ical`` format. The schedule uses " -"the events defined in the calendar to create the maintenance windows. You " -"must create an [path]``ical`` file for upload, or link to an [path]``ical`` " -"file to create the calendar, before you can create the schedule." +#. type: Title = +#: modules/administration/pages/reports.adoc:1 +#, no-wrap +msgid "Generate Reports" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:24 +#: modules/administration/pages/reports.adoc:2 msgid "" -"When you have created the schedule, you can assign it to clients that are " -"registered to the {productname} Server. Clients that have a maintenance " -"schedule assigned cannot run restricted actions outside of maintenance " -"windows." +"The [command]``spacewalk-report`` command is used to produce a variety of " +"reports. These reports can be helpful for taking inventory of your " +"subscribed systems, users, and organizations. Using reports is often " +"simpler than gathering information manually from the {susemgr} {webui}, " +"especially if you have many systems under management." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:27 +#: modules/administration/pages/reports.adoc:3 msgid "" -"Restricted actions significantly modify the client, and could potentially " -"cause the client to stop running. Some examples of restricted actions are:" +"To generate reports, you must have the [package]``spacewalk-reports`` " +"package installed." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:29 -msgid "Package installation" +#: modules/administration/pages/reports.adoc:4 +msgid "" +"The [command]``spacewalk-report`` command allows you to organize and display " +"reports about content, systems, and user resources across {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:30 -msgid "Client upgrade" +#: modules/administration/pages/reports.adoc:5 +msgid "You can generate reports on:" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:31 -msgid "Service pack migration" +#: modules/administration/pages/reports.adoc:6 +msgid "System Inventory: list all the systems registered to {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:32 -msgid "Highstate application (for Salt clients)" +#: modules/administration/pages/reports.adoc:7 +msgid "Patches: list all the patches relevant to the registered systems." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:35 +#: modules/administration/pages/reports.adoc:8 msgid "" -"Unrestricted actions are minor actions that are considered safe and are " -"unlikely to cause problems on the client. Some examples of unrestricted " -"actions are:" +"You can sort patches by severity, as well as the systems that apply to a " +"particular patch." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:37 -msgid "Package profile update" +#: modules/administration/pages/reports.adoc:9 +msgid "" +"Users: list all registered users and any systems associated with a " +"particular user." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:38 -msgid "Hardware refresh" +#: modules/administration/pages/reports.adoc:10 +msgid "" +"To get the report in CSV format, run this command at the command prompt on " +"the server:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:39 -msgid "Subscribing to software channels" +#. type: delimited block - +#: modules/administration/pages/reports.adoc:11 +#, no-wrap +msgid "spacewalk-report \n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:43 -msgid "" -"Before you begin, you must create an [path]``ical`` file for upload, or link " -"to an [path]``ical`` file to create the calendar. You can create " -"[path]``ical`` files in your preferred calendaring tool, such as Microsoft " -"Outlook, Google Calendar, or KOrganizer." +#: modules/administration/pages/reports.adoc:12 +msgid "This table lists the available reports:" msgstr "" #. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:46 +#: modules/administration/pages/reports.adoc:13 #, no-wrap -msgid "Procedure: Uploading a New Maintenance Calendar" +msgid "[command]``spacewalk-report`` Reports" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:48 +#. type: Table +#: modules/administration/pages/reports.adoc:14 +#, no-wrap msgid "" -"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " -"> Calendars], and click btn:[Create]." +"|Report | Invoked as | Description\n" +"| Actions | [command]``actions`` | All actions.\n" +"| Activation Keys | [command]``activation-keys`` | All activation keys, and the entitlements, channels, configuration channels, system groups, and packages associated with them.\n" +"| Activation Keys: Channels | [command]``activation-keys-channels`` | All activation keys and the entities associated with each key.\n" +"| Activation Keys: Configuration | [command]``activation-keys-config`` | All activation keys and the configuration channels associated with each key.\n" +"| Activation Keys: Server Groups | [command]``activation-keys-groups`` | All activation keys and the system groups associated with each key.\n" +"| Activation Keys: Packages | [command]``activation-keys-packages`` | All activation keys and the packages each key can deploy.\n" +"| Channel Packages | [command]``channel-packages`` | All packages in a channel.\n" +"| Channel Report | [command]``channels`` | Detailed report of a given channel.\n" +"| Cloned Channel Report | [command]``cloned-channels`` | Detailed report of cloned channels.\n" +"| Configuration Files | [command]``config-files`` | All configuration file revisions for all organizations, including file contents and file information.\n" +"| Latest Configuration Files | [command]``config-files-latest`` | The most recent configuration file revisions for all organizations, including file contents and file information.\n" +"| Custom Channels | [command]``custom-channels`` | Channel metadata for all channels owned by specific organizations.\n" +"| Custom Info | [command]``custom-info`` | Client custom information.\n" +"| Patches in Channels | [command]``errata-channels`` | All patches in channels.\n" +"| Patches Details | [command]``errata-list`` | All patches that affect registered clients.\n" +"| All patches | [command]``errata-list-all`` | All patches.\n" +"| Patches for Clients | [command]``errata-systems`` | Applicable patches and any registered clients that are affected.\n" +"| Host Guests | [command]``host-guests`` | Host and guests mapping.\n" +"| Inactive Clients | [command]``inactive-systems`` | Inactive clients.\n" +"| System Inventory | [command]``inventory`` | Clients registered to the server, together with hardware and software information.\n" +"| Kickstart Scripts | [command]``kickstart-scripts`` | All kickstart scripts, with details.\n" +"| Kickstart Trees | [command]``kickstartable-trees`` | Kickstartable trees.\n" +"| All Upgradable Versions | [command]``packages-updates-all`` | All newer package versions that can be upgraded.\n" +"| Newest Upgradable Version | [command]``packages-updates-newest`` | Newest package versions that can be upgraded.\n" +"| Proxy Overview | [command]``proxies-overview`` | All proxies and the clients registered to each.\n" +"| Repositories | [command]``repositories`` | All repositories, with their associated SSL details, and any filters.\n" +"| Result of SCAP | [command]``scap-scan`` | Result of OpenSCAP ``sccdf`` evaluations.\n" +"| Result of SCAP | [command]``scap-scan-results`` | Result of OpenSCAP ``sccdf`` evaluations, in a different format.\n" +"| System Data | [command]``splice-export`` | Client data needed for splice integration.\n" +"| System Crash: Count | [command]``system-crash-count`` | The total number of client crashes.\n" +"| System Crash: Details | [command]``system-crash-details`` | Crash details for all clients.\n" +"| System Currency | [command]``system-currency`` | Number of available patches for each registered client.\n" +"| System Extra Packages | [command]``system-extra-packages`` | All packages installed on all clients that are not available from channels the client is subscribed to.\n" +"| System Groups | [command]``system-groups`` | System groups.\n" +"| Activation Keys for System Groups | [command]``system-groups-keys`` | Activation keys for system groups.\n" +"| Systems in System Groups | [command]``system-groups-systems`` | Clients in system groups.\n" +"| System Groups Users | [command]``system-groups-users`` | System groups and users that have permissions on them.\n" +"| History: System | [command]``system-history`` | Event history for each client.\n" +"| History: Channels | [command]``system-history-channels`` | Channel event history.\n" +"| History: Configuration | [command]``system-history-configuration`` | Configuration event history.\n" +"| History: Entitlements | [command]``system-history-entitlements`` | System entitlement event history.\n" +"| History: Errata | [command]``system-history-errata`` | Errata event history.\n" +"| History: Kickstart | [command]``system-history-kickstart`` | Kickstart event history.\n" +"| History: Packages | [command]``system-history-packages`` | Package event history.\n" +"| History: SCAP | [command]``system-history-scap`` | OpenSCAP event history.\n" +"| MD5 Certificates | [command]``system-md5-certificates`` | All registered clients using certificates with an MD5 checksum.\n" +"| Installed Packages | [command]``system-packages-installed`` | Packages installed on clients.\n" +"| System Profiles | [command]``system-profiles`` | All clients registered to the server, with software and system group information.\n" +"| Users | [command]``users`` | All users registered to {productname}.\n" +"| MD5 Users | [command]``users-md5`` | All users for all organizations using MD5 encrypted passwords, with their details and roles.\n" +"| Systems administered | [command]``users-systems`` | Clients that individual users can administer.\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:49 +#: modules/administration/pages/reports.adoc:15 msgid "" -"In the [guimenu]``Calendar Name`` section, type a name for your calendar." +"For more information about an individual report, run [command]``spacewalk-" +"report`` with the option [option]``--info`` or [option]``--list-fields-" +"info`` and the report name. The description and list of possible fields in " +"the report will be shown." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:50 +#: modules/administration/pages/reports.adoc:16 msgid "" -"Either provide a URL to your [path]``ical`` file, or upload the file " -"directly." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:51 -msgid "Click btn:[Create Calendar] to save your calendar." +"For further information on program invocation and options, see the " +"[literal]``spacewalk-report(8)`` man page as well as the [option]``--" +"help``parameter of the [command]``spacewalk-report`` command." msgstr "" -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:54 +#. type: Title = +#: modules/administration/pages/ssl-certs-selfsigned.adoc:1 #, no-wrap -msgid "Procedure: Creating a New Schedule" +msgid "Self-Signed SSL Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:56 -#: modules/administration/pages/maintenance-windows.adoc:108 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:2 msgid "" -"In the {productname} {webui}, navigate to menu:Schedule[Maintenance Windows " -"> Schedules], and click btn:[Create]." +"By default, {productname} uses a self-signed certificate. In this case, the " +"certificate is created and signed by {productname}. This method does not " +"use an independent certificate authority to guarantee that the details of " +"the certificate are correct. Third party CAs perform checks to ensure that " +"the information contained in the certificate is correct. For more on third " +"party CAs, see xref:administration:ssl-certs-imported.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:57 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:3 msgid "" -"In the [guimenu]``Schedule Name`` section, type a name for your schedule." +"This section covers how to re-create your self-signed certificates on an " +"existing installation. It also covers how to create new self-signed " +"certificates and authenticate your existing clients to the new certificate, " +"using an intermediate certificate. Intermediate certificates merge the " +"intermediate and root CA certificates into one file. Ensure that the " +"intermediate certificate comes first in the combined file." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:58 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:4 msgid "" -"OPTIONAL: If your [path]``ical`` file contains events that apply to more " -"than one schedule, check [guimenu]``Multi``." +"The host name of the SSL keys and certificates must match the fully " +"qualified host name of the machine you deploy them on." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:59 -#: modules/administration/pages/maintenance-windows.adoc:112 -msgid "Select the calendar to assign to this schedule." +#. type: Title == +#: modules/administration/pages/ssl-certs-selfsigned.adoc:5 +#, no-wrap +msgid "Re-Create Existing Server Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:60 -#: modules/administration/pages/maintenance-windows.adoc:113 -#: modules/administration/pages/maintenance-windows.adoc:118 -msgid "Click btn:[Create Schedule] to save your schedule." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:6 +msgid "" +"If your existing certificates have expired or stopped working for any " +"reason, you can generate a new server certificate from the existing CA." msgstr "" #. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:63 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:7 #, no-wrap -msgid "Procedure: Assigning a Schedule to a Client" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:66 -msgid "" -"In the {productname} {webui}, navigate to menu:Systems[Systems List], select " -"the client to be assigned to a schedule, locate the [guimenu]``System " -"Properties`` panel, and click btn:[Edit These Properties]. Alternatively, " -"you can assign clients through the system set manager by navigating to menu:" -"Systems[System Set Manager] and using the menu:Misc[Maintenance Windows] tab." +msgid "Procedure: Re-Creating an Existing Server Certificate" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:67 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:8 msgid "" -"In the [guimenu]``Edit System Details`` page, locate the " -"[guimenu]``Maintenance Schedule`` field, and select the name of the schedule " -"to be assigned." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:68 -msgid "Click btn:[Update Properties] to assign the maintenance schedule." +"On the {productname} Server, at the command prompt, regenerate the server " +"certificate:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/maintenance-windows.adoc:75 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:9 +#, no-wrap msgid "" -"When you assign a new maintenance schedule to a client, it is possible that " -"the client might already have some restricted actions scheduled, and that " -"these might now conflict with the new maintenance schedule. If this occurs, " -"the {webui} will display an error and you will not be able to assign the " -"schedule to the client. To resolve this, check the btn:[Cancel affected " -"actions] option when you assign the schedule. This will cancel any " -"previously scheduled actions that conflict with the new maintenance schedule." +"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" +"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" +"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" +"--set-hostname=\"susemanager.example.com\" --set-cname=\"example.com\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:79 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:10 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:26 msgid "" -"When you have created your maintenance windows, you can schedule restricted " -"actions, such as package upgrades, to be performed during the maintenance " -"window." -msgstr "" - -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:82 -#, no-wrap -msgid "Procedure: Scheduling a Package Upgrade" +"Ensure that the [systemitem]``set-cname`` parameter is the fully-qualified " +"domain name of your {productname} Server. You can use the the " +"[systemitem]``set-cname`` parameter multiple times if you require multiple " +"aliases." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:84 -msgid "" -"In the {productname} {webui}, navigate to menu:Systems[System List], select " -"the client you want to upgrade, and go to the menu:Software[Packages > " -"Upgrade] tab." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:11 +msgid "Install the RPM that contains the newly generated certificate." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:85 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:12 msgid "" -"Select the package to upgrade from the list, and click btn:[Upgrade " -"Packages]." +"Check that you have the latest version of the RPM before running this " +"command. The version number is incremented every time you re-create the " +"certificates." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:86 -msgid "" -"In the [guimenu]``Maintenance Window`` field, select which maintenance " -"window the client should use to perform the upgrade." +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:13 +#, no-wrap +msgid "rpm -Uhv /root/ssl-build/lnx0259a/rhn-org-httpd-ssl-key-pair-lnx0259a-1.0-2.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:87 -msgid "Click btn:[Confirm] to schedule the package upgrade." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:14 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:61 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:73 +msgid "Restart services to pick up the changes:" msgstr "" #. type: Title == -#: modules/administration/pages/maintenance-windows.adoc:90 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:16 #, no-wrap -msgid "Maintenance Schedule Types" +msgid "Create and Replace CA and Server Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:95 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:17 msgid "" -"When you create a calendar, it contains a number of events, which can be " -"either one-time events, or recurring events. Each event contains a " -"``summary`` field. If you want to create multiple maintenance schedules for " -"one calendar, you can specify events for each using the ``summary`` field." +"If you need to create entirely new certificates for an existing " +"installation, you need to create a combined certificate first. Clients will " +"authenticate to the certificate with both the old and new details. Then you " +"can go ahead and remove the old details. This maintains the chain of trust." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:98 +#. type: delimited block = +#: modules/administration/pages/ssl-certs-selfsigned.adoc:18 msgid "" -"For example, you might like to create a schedule for production servers, and " -"a different schedule for testing servers. In this case, you would specify " -"``SUMMARY: Production Servers`` on events for the production servers, and " -"``SUMMARY: Testing Servers`` on events for the testing servers." +"Be careful with this procedure! It is possible to break the trust chain " +"between the server and clients using this procedure. If that happens, you " +"will need an administrative user to log in to every client and deploy the CA " +"directly." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/maintenance-windows.adoc:99 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:19 #, no-wrap -msgid "maint_windows_multi.png" +msgid "Procedure: Creating New Certificates" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:103 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:20 msgid "" -"There are two types of schedule: single, or multi. If your calendar " -"contains events that apply to more than one schedule, then you must select " -"``multi``, and ensure you name the schedule according to the ``summary`` " -"field you used in the calendar file." +"On the {productname} Server, at the command prompt, move the old certificate " +"directory to a new location:" msgstr "" -#. type: Block title -#: modules/administration/pages/maintenance-windows.adoc:106 -#, no-wrap -msgid "Procedure: Creating a Multi Schedule" +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:22 +msgid "Generate a new CA certificate and create an RPM:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:110 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:23 +#, no-wrap msgid "" -"In the [guimenu]``Schedule Name`` section, type the name for your schedule. " -"Ensure it matches the ``summary`` field of the calendar." +"rhn-ssl-tool --gen-ca --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" +"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" +"--set-org-unit=\"ORGANIZATION UNIT\" --set-common-name=\"SUSE Manager CA Certificate\" \\\n" +"--set-email=\"name@example.com\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:111 -#: modules/administration/pages/maintenance-windows.adoc:117 -msgid "Check the [guimenu]``Multi`` option." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:24 +msgid "Generate a new server certificate and create an RPM:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:114 -msgid "To create the next schedule, click btn:[Create]." +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:25 +#, no-wrap +msgid "" +"rhn-ssl-tool --gen-server --dir=\"/root/ssl-build\" --set-country=\"COUNTRY\" \\\n" +"--set-state=\"STATE\" --set-city=\"CITY\" --set-org=\"ORGANIZATION\" \\\n" +"--set-org-unit=\"ORGANIZATION UNIT\" --set-email=\"name@example.com\" \\\n" +"--set-hostname=\"susemanager.example.top\" --set-cname=\"example.com\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:116 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:27 msgid "" -"In the [guimenu]``Schedule Name`` section, type the name for your second " -"schedule. Ensure it matches the ``summary`` field of the second calendar." +"You will need to generate a server certificate RPM for each proxy, using " +"their host names and cnames." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:119 -msgid "Repeat for each schedule you need to create." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:28 +msgid "" +"When you have new certificates, you can create the combined RPMs to " +"authenticate the clients." msgstr "" -#. type: Title == -#: modules/administration/pages/maintenance-windows.adoc:122 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:29 #, no-wrap -msgid "Restricted and Unrestricted Actions" +msgid "Procedure: Create Combined Certificate RPMs" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:125 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:30 msgid "" -"This sections contains a complete list of restricted and unrestricted " -"actions." +"Create a new CA file that combines the old and new certificate details, and " +"generate a new RPM:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:129 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:31 +#, no-wrap msgid "" -"Restricted actions significantly modify the client, and could potentially " -"cause the client to stop running. Restricted actions can only be run during " -"a maintenance window. The restricted actions are:" +"mkdir /root/combined-ssl-build\n" +"cp /root/old-ssl-build/RHN-ORG-TRUSTED-SSL-CERT /root/combined-ssl-build/\n" +"cat /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT >> /root/combined-ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" +"cp /root/old-ssl-build/*.rpm /root/combined-ssl-build/\n" +"rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/combined-ssl-build\"\n" msgstr "" +#. I would like to split up these steps, I think. LKB 2019-09-10 #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:131 -msgid "" -"Package operations (for example, installing, updating, or removing packages)" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:32 +msgid "Deploy the CA certificate on the server:" msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:132 -msgid "Patch updates" +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:33 +#, no-wrap +msgid "" +"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/combined-ssl-build \\\n" +"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:133 -msgid "Rebooting a client" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:34 +msgid "" +"When you have the combined RPMs, you can deploy the combined CA certificates " +"to your clients." msgstr "" -#. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:134 -msgid "Rolling back transactions" +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:35 +#, no-wrap +msgid "Procedure: Deploying Combined Certificates on Traditional Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:135 -msgid "Configuration management changing tasks" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:36 +msgid "On the client, create a new custom channel using these details:" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:136 -msgid "Applying a highstate (for Salt clients)" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:37 +msgid "Name: SSL-CA-Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:137 -msgid "Autoinstallation and reinstallation" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:38 +msgid "Label: ssl-ca-channel" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:138 -msgid "Remote commands" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:39 +msgid "Parent Channel: " msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:139 -msgid "Service pack migrations" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:40 +msgid "Summary: SSL-CA-Channel" msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:140 -msgid "Cluster operations" -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/maintenance-windows.adoc:146 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:41 msgid "" -"For Salt clients, it is possible to run remote commands directly at any time " -"by navigating to menu:Salt[Remote Commands]. This applies whether or not " -"the Salt client is in a maintenance window. For more information about " -"remote commands, see xref:administration:actions.adoc[]." +"For more on creating custom channels, see xref:administration:channel-" +"management.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/maintenance-windows.adoc:149 -msgid "" -"Unrestricted actions are minor actions that are considered safe and are " -"unlikely to cause problems on the client. If an action is not restricted it " -"is, by definition, unrestricted, and can be be run at any time." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:42 +msgid "Upload the CA certificate RPM to the channel:" msgstr "" -#. type: Title = -#: modules/administration/pages/openscap.adoc:2 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:43 #, no-wrap -msgid "System Security with OpenSCAP" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/openscap.adoc:7 msgid "" -"{productname} uses OpenSCAP to audit clients. It allows you to schedule and " -"view compliance scans for any client." +"rhnpush -c ssl-ca-channel --nosig \\\n" +"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" +"/root/combined-ssl-build/rhn-org-trusted-ssl-cert-1.0-2.noarch.rpm\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/openscap.adoc:11 -msgid "OpenSCAP auditing is not available on Salt SSH clients." +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:44 +msgid "Subscribe all clients to the new ``SSL-CA-Channel`` channel." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:14 -msgid "" -"To use openSCAP, you will need the [systemitem]``spacewalk-oscap`` package " -"installed on the clients you want to audit." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:45 +msgid "Install the CA certificate RPM on all clients by updating the channel." msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:17 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:46 #, no-wrap -msgid "About SCAP" +msgid "Procedure: Deploying Combined Certificates on Salt Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:21 -msgid "" -"The Security Certification and Authorization Package (SCAP) is a " -"standardized compliance checking solution for enterprise-level Linux " -"infrastructures. It is a line of specifications maintained by the National " -"Institute of Standards and Technology (NIST) for maintaining system security " -"for enterprise systems." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:47 +msgid "In the {productname} {webui}, navigate to menu:Systems[Overview]." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:25 -msgid "" -"SCAP was created to provide a standardized approach to maintaining system " -"security, and the standards that are used will therefore continually change " -"to meet the needs of the community and enterprise businesses. New " -"specifications are governed by NIST's SCAP Release cycle to provide a " -"consistent and repeatable revision work flow. For more information, see " -"http://scap.nist.gov/timeline.html." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:48 +msgid "Check all your Salt Clients to add them to the system set manager." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:30 -msgid "" -"{productname} uses OpenSCAP to implement the SCAP specifications. OpenSCAP " -"is an auditing tool that utilizes the Extensible Configuration Checklist " -"Description Format (XCCDF). XCCDF is a standard way of expressing checklist " -"content and defines security checklists. It also combines with other " -"specifications such as Common Platform Enumeration (CPE), Common " -"Configuration Enumeration (CCE), and Open Vulnerability and Assessment " -"Language (OVAL), to create a SCAP-expressed checklist that can be processed " -"by SCAP-validated products." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:49 +msgid "Navigate to menu:Systems[System Set Manager > Overview]." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:34 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:50 msgid "" -"OpenSCAP verifies the presence of patches by using content produced by the " -"{suse} Security Team. OpenSCAP checks system security configuration " -"settings and examines systems for signs of compromise by using rules based " -"on standards and specifications. For more information about the {suse} " -"Security Team, see https://www.suse.com/support/security." -msgstr "" - -#. type: Title == -#: modules/administration/pages/openscap.adoc:37 -#, no-wrap -msgid "Prepare Clients for an SCAP Scan" +"In the [guimenu]``States`` field, click btn:[Apply] to apply the system " +"states." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:41 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:51 msgid "" -"Before you begin, you need to prepare your client systems for SCAP " -"scanning. Ensure clients have the ``openscap-content`` and ``openscap-" -"utils`` packages installed before you begin." +"In the [guimenu]``Highstate`` page, click btn:[Apply Highstate] to propagate " +"the changes to the clients." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:45 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:52 msgid "" -"Use this command to determine the location of the appropriate SCAP files. " -"Take a note of these paths for performing the scan:" +"When you have every client trusting both the old and new certificates, you " +"can go ahead and replace the server certificate on the {productname} Server " +"and Proxies." msgstr "" -#. type: delimited block - -#: modules/administration/pages/openscap.adoc:48 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:53 #, no-wrap -msgid "rpm -ql openscap-content\n" +msgid "Procedure: Replace Server Certificate on the Server" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:51 -msgid "The output should include these files:" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:54 +msgid "" +"On the {productname} Server, at the command prompt, install the RPM from the " +"[path]``ssl-build`` directory:" msgstr "" #. type: delimited block - -#: modules/administration/pages/openscap.adoc:57 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:55 #, no-wrap -msgid "" -"/usr/share/openscap/scap-oval.xml\n" -"/usr/share/openscap/scap-xccdf.xml\n" -"/usr/share/openscap/scap-yast2sec-oval.xml\n" -"/usr/share/openscap/scap-yast2sec-xccdf.xml\n" +msgid "rpm -Uhv ssl-build/susemanager/rhn-org-httpd-ssl-key-pair-susemanager-1.0-2.noarch.rpm\n" msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:61 +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:56 +msgid "Restart services to pick the changes:" +msgstr "" + +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:58 #, no-wrap -msgid "OpenSCAP Content Files" +msgid "Procedure: Replace Server Certificate on the Proxy" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:68 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:59 msgid "" -"OpenSCAP uses SCAP content files to define test rules. These content files " -"are created based on the XCCDF or OVAL standards. You can download publicly " -"available content files and customize it to your requirements. You can " -"install the ``openscap-content`` package for default content file " -"templates. Alternatively, if you are familiar with XCCDF or OVAL, you can " -"create your own content files." +"On the {productname} Proxy, at the command prompt, install the RPM from the " +"[path]``ssl-build`` directory:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/openscap.adoc:75 -msgid "" -"We recommend you use templates to create your SCAP content files. If you " -"create and use your own custom content files, you do so at your own risk. " -"If your system becomes damaged through the use of custom content files, you " -"might not be supported by {suse}." +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:60 +#, no-wrap +msgid "rpm -Uhv ssl-build/susemanager-proxy/rhn-org-httpd-ssl-key-pair-susemanager-proxy-1.0-2.noarch.rpm\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:62 +#, no-wrap +msgid "rhn-proxy restart\n" msgstr "" -#. ke 2013-08-28: Do we have SCAP content providers? Such as: The United States Government -#. Configuration Baseline (USGCB) for RHEL5 Desktop or Community-provided content (openscap-content -#. package)? For more info, see -#. https://access.redhat.com/site/documentation/en-US/Red_Hat_Network_Satellite/5.5/html/User_Guide/chap-Red_Hat_Network_Satellite-User_Guide-OpenSCAP.html # -#. I think this question is still valid. Who should we contact? LKB 2020-02-06 #. type: Plain text -#: modules/administration/pages/openscap.adoc:88 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:63 msgid "" -"When you have created your content files, you need to transfer the file to " -"the client. You can do this in the same way as you move any other file, " -"using physical storage media, or across a network with [command]``ftp`` or " -"[command]``scp``." +"Test that all clients still operate as expected and can use SSL to reach the " +"{productname} Server and any proxies." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:92 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:64 msgid "" -"We recommend that you create a package to distribute content files to " -"clients that you are managing with {productname}. Packages can be signed " -"and verified to ensure their integrity. For more information, see xref:" -"administration:custom-channels.adoc[]." +"When you have replaced the server certificates on your server and any " +"proxies, you need to update the certificate with only the new details on all " +"the clients. This is done by adding it to the client channels you set up " +"previously." msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:95 +#. type: Block title +#: modules/administration/pages/ssl-certs-selfsigned.adoc:65 #, no-wrap -msgid "Perform an Audit Scan" +msgid "Procedure: Adding the New Certificates to the Client Channel" msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:100 -msgid "" -"When you have transferred your content files, you can perform audit scans. " -"Audit scans can be triggered using the {productname} {webui}. You can also " -"use the {productname} API to schedule regular scans." +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:66 +msgid "" +"Copy the combined certificate RPM into the [path]``/root/ssl-build/`` " +"directory:" msgstr "" -#. type: Block title -#: modules/administration/pages/openscap.adoc:101 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:67 #, no-wrap -msgid "Procedure: Running an Audit Scan from the {webui}" +msgid "cp /root/combined-ssl-build/*.rpm /root/ssl-build/\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:103 -msgid "" -"In the {productname} {webui}, navigate to menu:Systems[Systems List] and " -"select the client you want to scan." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:68 +msgid "Generate a new RPM with from the new certificates." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:104 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:69 msgid "" -"Navigate to the [guimenu]``Audit`` tab, and the [guimenu]``Schedule`` subtab." +"Check the release number carefully to ensure you have the right certificate " +"file:" msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:106 -msgid "" -"In the [guimenu]``Path to XCCDF Document`` field, enter the path to the " -"XCCDF content file on the client. For example: [path]``/usr/share/openscap/" -"scap-yast2sec-xccdf.xml``" +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:70 +#, no-wrap +msgid "rhn-ssl-tool --gen-ca --rpm-only --dir=\"/root/ssl-build\"\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:107 -msgid "The scan will run at the client's next scheduled synchronization." +#: modules/administration/pages/ssl-certs-selfsigned.adoc:71 +msgid "Install the new local certificates on the {productname} Server:" msgstr "" -#. type: delimited block = -#: modules/administration/pages/openscap.adoc:113 +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:72 +#, no-wrap msgid "" -"The XCCDF content file is validated before it is run on the remote system. " -"If the content file includes invalid arguments, the test will fail." +"/usr/bin/rhn-deploy-ca-cert.pl --source-dir /root/ssl-build \\\n" +"--target-dir /srv/www/htdocs/pub/ --trust-dir=/etc/pki/trust/anchors/\n" msgstr "" -#. type: Block title -#: modules/administration/pages/openscap.adoc:117 +#. type: Plain text +#: modules/administration/pages/ssl-certs-selfsigned.adoc:75 +msgid "Upload the new RPM into the channel:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:76 #, no-wrap -msgid "Procedure: Running an Audit Scan from the API" +msgid "" +"rhnpush -c ssl-ca-channel --nosig \\\n" +"--ca-chain=/srv/www/htdocs/pub/RHN-ORG-TRUSTED-SSL-CERT \\\n" +"/root/ssl-build/rhn-org-trusted-ssl-cert-1.0-3.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:119 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:77 msgid "" -"Before you begin, ensure that the client to be scanned has Python and XML-" -"RPC libraries installed." +"When you have the new certificate in the channel, you can use the " +"{productname} {webui} to update it on all clients and proxies, by " +"synchronizing them with the channel. Alternatively, for Salt clients, you " +"can use menu:Salt[Remote Commands], or apply the highstate." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:121 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:78 msgid "" -"Choose an existing script or create a script for scheduling a system scan " -"through ``system.scap.scheduleXccdfScan``. For example:" +"You will also need to update your proxies to remove the copy of the " +"certificate and the associated RPM. Your proxies must have the same " +"certificate content as the server. Check the [path]``/srv/www/htdocs/pub/`` " +"directory and ensure it contains:" msgstr "" #. type: delimited block - -#: modules/administration/pages/openscap.adoc:129 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:79 #, no-wrap msgid "" -"#!/usr/bin/python\n" -"client = xmlrpclib.Server('https://spacewalk.example.com/rpc/api')\n" -"key = client.auth.login('username', 'password')\n" -"client.system.scap.scheduleXccdfScan(key, <1000010001>,\n" -" '',\n" -" '--profile ')\n" +"RHN-ORG-TRUSTED-SSL-CERT\n" +"rhn-org-trusted-ssl-cert-*.noarch.rpm\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:132 -msgid "In this example:" +#: modules/administration/pages/ssl-certs-selfsigned.adoc:80 +msgid "" +"To complete the process, you need to update the database with this command:" msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:133 -msgid "``<1000010001>`` is the system ID (sid)." +#. type: delimited block - +#: modules/administration/pages/ssl-certs-selfsigned.adoc:81 +#, no-wrap +msgid "/usr/bin/rhn-ssl-dbstore --ca-cert=/root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT\n" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:135 +#: modules/administration/pages/ssl-certs-selfsigned.adoc:82 msgid "" -"```` is the path to the content file location on the " -"client. For example, [path]``/usr/local/share/scap/usgcb-sled15desktop-" -"xccdf.xml``." +"If you use bootstrap, remember to also update your bootstrap scripts to " +"reflect the new certificate information." msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:137 -msgid "" -"```` is an additional argument for the [command]``oscap`` " -"command. For example, use " -"``united_states_government_configuration_baseline`` (USGCB)." +#. type: Title = +#: modules/administration/pages/tshoot-corruptrepo.adoc:1 +#, no-wrap +msgid "Troubleshooting Corrupt Repositories" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/openscap.adoc:138 -msgid "Run the script on the client you want to scan, from the command prompt." +#: modules/administration/pages/tshoot-corruptrepo.adoc:2 +msgid "" +"The information in the repository metadata files can become corrupt or out " +"of date. This can create problems with updating clients. You can fix this " +"by removing the files and regenerating it. With an new repository data " +"file, updates should operate as expected." msgstr "" -#. type: Title == -#: modules/administration/pages/openscap.adoc:141 +#. type: Block title +#: modules/administration/pages/tshoot-corruptrepo.adoc:3 #, no-wrap -msgid "Scan Results" +msgid "Procedure: Resolving Corrupt Repository Data" msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:147 +#: modules/administration/pages/tshoot-corruptrepo.adoc:4 msgid "" -"Information about the scans you have run is in the {productname} {webui}. " -"Navigate to to menu:Audit[OpenSCAP > All Scans] for a table of results. For " -"more information about the data in this table, see xref:reference:audit/" -"openscap-all-scans.adoc[]." +"Remove all files from [path]``/var/cache/rhn/repodata/-" +"updates-x86_64``." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:153 +#: modules/administration/pages/tshoot-corruptrepo.adoc:5 msgid "" -"To ensure that detailed information about scans is available, you need to " -"enable it on the client. In the {productname} {webui}, navigate to menu:" -"Admin[Organizations] and click on the organization the client is a part of. " -"Navigate to the [guimenu]``Configuration`` tab, and check the " -"[guimenu]``Enable Upload of Detailed SCAP Files`` option. When enabled, " -"this generates an additional HTML file on every scan, which contains extra " -"information. The results will show an extra line similar to this:" +"If you do not know the channel label, you can find it in the {productname} " +"{webui}, by navigating to menu:Software[Channels > Channel Label]." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-corruptrepo.adoc:6 +msgid "Regenerate the file from the command line:" msgstr "" #. type: delimited block - -#: modules/administration/pages/openscap.adoc:156 +#: modules/administration/pages/tshoot-corruptrepo.adoc:7 #, no-wrap -msgid "Detailed Results: xccdf-report.html xccdf-results.xml scap-yast2sec-oval.xml.result.xml\n" +msgid "spacecmd softwarechannel_regenerateyumcache -updates-x86_64\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/openscap.adoc:160 -msgid "" -"To retrieve scan information from the command line, use the " -"[command]``spacewalk-report`` command:" +#. type: Title = +#: modules/administration/pages/tshoot-firewalls.adoc:1 +#, no-wrap +msgid "Troubleshooting Firewalls" msgstr "" -#. type: delimited block - -#: modules/administration/pages/openscap.adoc:165 -#, no-wrap +# +# +# +# +# +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step +#. Cause: User firewall is set to block outgoing traffic by dropping the packet request. During sync with SCC, SUMA waits for an answer on each URL until it times out, eventually causing the entire refresh of the product list to timeout. Applies only to third party (non-SUSE) products, as sync with SCC needs to access locations other than SCC to verify if the if the download location is valid. +#. Consequence: The sync to SCC fails, and the third party products are not shown in the product list. +#. Fix: Configure the firewall to reject requests from SUMA instead of drop (preferred), or configure a firewall on the server (if no ability to change firewall settings) +#. Result: Sync to SCC will either be able to reach the URLs required, or will have request rejected so that the request fails rather than times out. +#. type: Plain text +#: modules/administration/pages/tshoot-firewalls.adoc:2 msgid "" -"spacewalk-report system-history-scap\n" -"spacewalk-report scap-scan\n" -"spacewalk-report scap-scan-results\n" +"If you are using a firewall that blocks outgoing traffic, it will either " +"``REJECT`` or ``DROP`` network requests. If it is set to ``DROP`` then you " +"might find that synchronizing with the {scc} times out." msgstr "" #. type: Plain text -#: modules/administration/pages/openscap.adoc:169 +#: modules/administration/pages/tshoot-firewalls.adoc:3 msgid "" -"You can also use the {productname} API to view results, with the ``system." -"scap`` handler." +"This occurs because the synchronization process needs to access third-party " +"repositories that provide packages for non-{suse} clients, and not just the " +"{scc}. When the {productname} Server attempts to reach these repositories " +"to check that they are valid, the firewall drops the requests, and the " +"synchronization continues to wait for the response until it times out." msgstr "" -#. type: Title = -#: modules/administration/pages/admin-overview.adoc:2 -#, no-wrap -msgid "Administration Guide Overview" +#. type: Plain text +#: modules/administration/pages/tshoot-firewalls.adoc:4 +msgid "" +"If this occurs, you will notice that the synchronization will take a long " +"time before it fails, and that your non-{suse} products are not shown in the " +"product list." msgstr "" #. type: Plain text -#: modules/administration/pages/admin-overview.adoc:5 -#, no-wrap -msgid "**Publication Date:** {docdate}\n" +#: modules/administration/pages/tshoot-firewalls.adoc:5 +msgid "You can fix this problem in several different ways." msgstr "" #. type: Plain text -#: modules/administration/pages/admin-overview.adoc:6 +#: modules/administration/pages/tshoot-firewalls.adoc:6 msgid "" -"This book provides guidance on performing administration tasks on the " -"{productname} Server." -msgstr "" - -#. type: Title = -#: modules/administration/pages/monitoring.adoc:2 -#, no-wrap -msgid "Monitoring with Prometheus and Grafana" +"The simplest method is to configure your firewall to allow access to the " +"URLs required by non-{suse} repositories. This allows the synchronization " +"process to reach the URLs and complete successfully." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:7 +#: modules/administration/pages/tshoot-firewalls.adoc:7 msgid "" -"You can monitor your {productname} environment using Prometheus and " -"Grafana. {productname} Server and Proxy are able to provide self-health " -"metrics. You can also install and manage a number of Prometheus exporters " -"on Salt clients." +"If allowing external traffic is not possible, configure your firewall to " +"``REJECT`` requests from {productname} instead of ``DROP``. This rejects " +"requests to third-party URLs, so that the synchronization fails early rather " +"than times out, and the products are not shown in the list." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:9 +#: modules/administration/pages/tshoot-firewalls.adoc:8 msgid "" -"Prometheus and Grafana packages are included in the {productname} Client " -"Tools for" +"If you do not have configuration access to the firewall, you can consider " +"setting up a separate firewall on the {productname} Server instead." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:11 +#. type: Title = +#: modules/administration/pages/tshoot-hostname-rename.adoc:1 #, no-wrap -msgid " {sle}{nbsp}12, {sle}{nbsp}15, {rhel}{nbsp} 6, {rhel}{nbsp} 7, {rhel}{nbsp} 8 and openSUSE 15.x.\n" +msgid "Troubleshooting Renaming {productname} Server" msgstr "" +# +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step +#. Showing my working. --LKB 2020-06-22 +#. Cause: Renaming the hostname +#. Consequence: Changes not picked up by db, clients and proxies +#. Fix: Use the [command]``spacewalk-hostname-rename`` script to update the settings in the PostgreSQL database and the internal structures of {productname}. +#. Result: Renaming is successfully propagated #. type: Plain text -#: modules/administration/pages/monitoring.adoc:14 -#, no-wrap -msgid " {sle}{nbsp}12, {sle}{nbsp}15, {centos}{nbsp} 6, {centos}{nbsp} 7, {centos}{nbsp} 8 and openSUSE 15.x.\n" +#: modules/administration/pages/tshoot-hostname-rename.adoc:2 +msgid "" +"If you change the hostname of the {productname} Server locally, your " +"{productname} installation will cease to work properly. This is because the " +"changes have not been made in the database, which prevents the changes from " +"propagating out your clients and any proxies." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:18 +#: modules/administration/pages/tshoot-hostname-rename.adoc:3 msgid "" -"You need to install Prometheus and Grafana on a machine separate from the " -"{productname} Server. We recommend you use a managed Salt client as your " -"monitoring server." +"If you need to change the hostname of the {productname} Server, you can do " +"so using the [command]``spacewalk-hostname-rename`` script. This script " +"updates the settings in the PostgreSQL database and the internal structures " +"of {productname}." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:22 +#: modules/administration/pages/tshoot-hostname-rename.adoc:4 msgid "" -"Prometheus fetches metrics using a pull mechanism, so the server must be " -"able to establish TCP connections to monitored clients. Clients must have " -"corresponding open ports and be reachable over the network. Alternatively, " -"you can use reverse proxies to establish a connection." +"The [command]``spacewalk-hostname-rename`` script is part of the " +"[package]``spacewalk-utils`` package." msgstr "" -#. type: delimited block = -#: modules/administration/pages/monitoring.adoc:29 +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:5 msgid "" -"You must have a monitoring add-on subscription for each client you want to " -"monitor. Visit the {scc} to manage your {productname} subscriptions." +"The only mandatory parameter for the script is the newly configured IP " +"address of the {productname} Server." msgstr "" -#. type: Title == -#: modules/administration/pages/monitoring.adoc:34 +#. type: Block title +#: modules/administration/pages/tshoot-hostname-rename.adoc:6 #, no-wrap -msgid "Prometheus and Grafana" +msgid "Procedure: Renaming {productname} Server" msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:37 -#, no-wrap -msgid "Prometheus" +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:7 +msgid "" +"Change the network settings of the server on the system level locally and " +"remotely at the DNS server." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:8 +msgid "" +"You will also need to provide configuration settings for reverse name " +"resolution. Changing network settings is done in the same way as with " +"renaming any other system." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:41 +#: modules/administration/pages/tshoot-hostname-rename.adoc:9 msgid "" -"Prometheus is an open-source monitoring tool that is used to record real-" -"time metrics in a time-series database. Metrics are pulled via HTTP, " -"enabling high performance and scalability." +"Reboot the {productname} Server to use the new network configuration and to " +"ensure the hostname has changed." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:44 -msgid "" -"Prometheus metrics are time series data, or timestamped values belonging to " -"the same group or dimension. A metric is uniquely identified by its name " -"and set of labels." +#: modules/administration/pages/tshoot-hostname-rename.adoc:10 +msgid "Remove the old [package]``rhn-org-httpd-ssl-key-pair`` package:" msgstr "" -#. TODO:: This should be an actual image. #. type: delimited block - -#: modules/administration/pages/monitoring.adoc:51 +#: modules/administration/pages/tshoot-hostname-rename.adoc:11 #, no-wrap -msgid "" -" metric name labels timestamp value\n" -"┌────────┴───────┐ ┌───────────┴───────────┐ ┌──────┴──────┐ ┌─┴─┐\n" -"http_requests_total{status=\"200\", method=\"GET\"} @1557331801.111 42236\n" +msgid "zypper rm package rhn-org-httpd-ssl-key-pair\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:54 +#: modules/administration/pages/tshoot-hostname-rename.adoc:12 msgid "" -"Each application or system being monitored must expose metrics in the format " -"above, either through code instrumentation or Prometheus exporters." +"Run the script [command]``spacewalk-hostname-rename`` script with the public " +"IP address of the server." msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:56 -#, no-wrap -msgid "Prometheus Exporters" +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:13 +msgid "If the server is not using the new hostname, the script will fail." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:61 +#: modules/administration/pages/tshoot-hostname-rename.adoc:14 msgid "" -"Exporters are libraries that help with exporting metrics from third-party " -"systems as Prometheus metrics. Exporters are useful whenever it is not " -"feasible to instrument a given application or system with Prometheus metrics " -"directly. Multiple exporters can run on a monitored host to export local " -"metrics." +"Re-configure your clients to make your environment aware of the new hostname " +"and IP address." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:64 +#: modules/administration/pages/tshoot-hostname-rename.adoc:15 msgid "" -"The Prometheus community provides a list of official exporters, and more can " -"be found as community contributions. For more information and an extensive " -"list of exporters, see https://prometheus.io/docs/instrumenting/exporters/." +"In the Salt minion configuration file [path]``/etc/salt/minion``, you must " +"make sure to specify the name of the new Salt master ({productname} Server):" msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:66 +#. type: delimited block - +#: modules/administration/pages/tshoot-hostname-rename.adoc:16 #, no-wrap -msgid "Grafana" +msgid "master: \n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:72 +#: modules/administration/pages/tshoot-hostname-rename.adoc:17 msgid "" -"Grafana is a tool for data visualization, monitoring, and analysis. It is " -"used to create dashboards with panels representing specific metrics over a " -"set period of time. Grafana is commonly used together with Prometheus, but " -"also supports other data sources such as ElasticSearch, MySQL, PostgreSQL, " -"and Influx DB. For more information about Grafana, see https://grafana.com/" -"docs/." +"Traditional clients have the [path]``/etc/sysconfig/rhn/up2date`` " +"configuration file that must be changed. With a re-activation key you can " +"re-register traditional clients (if there are any). For more information, " +"see xref:client-configuration:registration-cli.adoc[]." msgstr "" -#. type: Title == -#: modules/administration/pages/monitoring.adoc:75 -#, no-wrap -msgid "Set up the Monitoring Server" +#. type: Plain text +#: modules/administration/pages/tshoot-hostname-rename.adoc:18 +msgid "" +"OPTIONAL: If you use PXE boot through a {productname} Proxy, you must check " +"the configuration settings of the proxy." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:78 +#: modules/administration/pages/tshoot-hostname-rename.adoc:19 msgid "" -"To set up your monitoring server, you need to install Prometheus and " -"Grafana, and configure them." +"On the proxy, run the [command]``configure-tftpsync.sh`` setup script and " +"enter the requested information. For more information, see xref:" +"installation:proxy-setup.adoc[]." msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:81 +#. type: Title = +#: modules/administration/pages/tshoot-inactiveclients.adoc:1 #, no-wrap -msgid "Install Prometheus" +msgid "Troubleshooting Inactive clients" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/monitoring.adoc:85 +#: modules/administration/pages/tshoot-inactiveclients.adoc:2 msgid "" -"If your monitoring server is a {productname} Salt client, you can install " -"the Prometheus package using the {productname} {webui}. Otherwise you can " -"download and install the package on your monitoring server manually." +"A Taskomatic job periodically pings clients to ensure they are connected. " +"Clients are considered inactive if they have not responded to a Taskomatic " +"check in for 24 hours or more. To see a list of inactive clients in the " +"{webui}, navigate to menu:Systems[System List > Inactive]." msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:88 -#, no-wrap -msgid "Procedure: Installing Prometheus Using the {webui}" +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:3 +msgid "Clients can become inactive for a number of reasons:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:90 -msgid "" -"In the {productname} {webui}, open the details page of the system where " -"Prometheus is to be installed, and navigate to the [guimenu]``Formulas`` tab." +#: modules/administration/pages/tshoot-inactiveclients.adoc:4 +msgid "The client is not entitled to any {productname} service." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:91 +#: modules/administration/pages/tshoot-inactiveclients.adoc:5 msgid "" -"Check the [guimenu]``Prometheus`` checkbox to enable monitoring formulas, " -"and click btn:[Save]." +"If the client remains unentitled for 180 days (6 months), it is removed." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:92 -msgid "Navigate to the ``Prometheus`` tab in the top menu." +#: modules/administration/pages/tshoot-inactiveclients.adoc:6 +msgid "" +"On traditional clients, the [clientitem]``rhnsd`` service has been disabled." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:94 -msgid "" -"In the ``{productname} Server`` section, enter valid {productname} API " -"credentials. Make sure that the credentials you have entered allow access " -"to the set of systems you want to monitor." +#: modules/administration/pages/tshoot-inactiveclients.adoc:7 +msgid "The client is behind a firewall that does not allow HTTPS connections." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:95 -#: modules/administration/pages/monitoring.adoc:167 -msgid "Customize any other configuration options according to your needs." +#: modules/administration/pages/tshoot-inactiveclients.adoc:8 +msgid "The client is behind a proxy that is misconfigured." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:96 -#: modules/administration/pages/monitoring.adoc:168 -#: modules/administration/pages/monitoring.adoc:284 -#: modules/administration/pages/monitoring.adoc:342 -msgid "Click btn:[Save Formula]." +#: modules/administration/pages/tshoot-inactiveclients.adoc:9 +msgid "" +"The client is communicating with a different {productname} Server, or the " +"connection has been misconfigured." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:97 -#: modules/administration/pages/monitoring.adoc:169 -#: modules/administration/pages/monitoring.adoc:343 -msgid "Apply the highstate and confirm that it completes successfully." +#: modules/administration/pages/tshoot-inactiveclients.adoc:10 +msgid "" +"The client is not in a network that can communicate with the " +"{productname} Server." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:98 +#: modules/administration/pages/tshoot-inactiveclients.adoc:11 msgid "" -"Check that the Prometheus interface loads correctly. In your browser, " -"navigate to the URL of the server where Prometheus is installed, on " -"port 9090 (for example, [literal]``http://example.com:9090``)." +"A firewall is blocking traffic between the client and the {productname} " +"Server." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:100 -#: modules/administration/pages/monitoring.adoc:178 -#: modules/administration/pages/monitoring.adoc:296 -#: modules/administration/pages/monitoring.adoc:344 +#: modules/administration/pages/tshoot-inactiveclients.adoc:12 +msgid "Taskomatic is misconfigured." +msgstr "" + +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:13 msgid "" -"For more information about the monitoring formulas, see xref:salt:formula-" -"monitoring.adoc[]." +"For more information about client connections to the server, see xref:client-" +"configuration:contact-methods-intro.adoc[]." msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:103 -#, no-wrap -msgid "Procedure: Manually Installing and Configuring Prometheus" +#. type: Plain text +#: modules/administration/pages/tshoot-inactiveclients.adoc:14 +msgid "" +"For more information about configuring ports, see xref:installation:ports." +"adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:105 +#: modules/administration/pages/tshoot-inactiveclients.adoc:15 msgid "" -"On the monitoring server, install the [package]``golang-github-prometheus-" -"prometheus`` package:" +"For more information about troubleshooting firewalls, see xref:" +"administration:tshoot-firewalls.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:108 +#. type: Title = +#: modules/administration/pages/tshoot-registerclones.adoc:1 #, no-wrap -msgid "zypper in golang-github-prometheus-prometheus\n" +msgid "Troubleshooting Registering Cloned Clients" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/monitoring.adoc:110 -msgid "Enable the Prometheus service:" +#: modules/administration/pages/tshoot-registerclones.adoc:2 +msgid "" +"If you are using {productname} to manage virtual machines, you might find it " +"useful to create clones of your VMs. A clone is a VM that uses a primary " +"disk that is an exact copy of an existing disk." msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:113 -#, no-wrap -msgid "systemctl enable --now prometheus\n" +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:3 +msgid "" +"While cloning VMs can save you a lot of time, the duplicated identifying " +"information on the disk can sometimes cause problems." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:116 +#: modules/administration/pages/tshoot-registerclones.adoc:4 msgid "" -"Check that the Prometheus interface loads correctly. In your browser, " -"navigate to the URL of the server where Prometheus is installed, on " -"port 9090 (for example, [literal]``http://example.com:9090``)." +"If you have a client that is already registered, you create a clone of that " +"client, and then try and register the clone, you probably want {productname} " +"to register them as two separate clients. However, if the machine ID in " +"both the original client and the clone is the same, {productname} will " +"register both clients as one system, and the existing client data will be " +"over-written with that of the clone." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:118 +#: modules/administration/pages/tshoot-registerclones.adoc:5 msgid "" -"Open the configuration file at [path]``/etc/prometheus/prometheus.yml`` and " -"add this configuration information. Replace `server.url` with your " -"{productname} server URL and adjust `username` and `password` fields to " -"match your {productname} credentials." +"This can be resolved by changing the machine ID of the clone, so that " +"{productname} recognizes them as two different clients." msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:134 -#, no-wrap +#. type: delimited block = +#: modules/administration/pages/tshoot-registerclones.adoc:6 msgid "" -"# {productname} self-health metrics\n" -"scrape_configs:\n" -"- job_name: 'mgr-server'\n" -" static_configs:\n" -" - targets:\n" -" - 'server.url:9100' # Node exporter\n" -" - 'server.url:9187' # PostgreSQL exporter\n" -" - 'server.url:5556' # JMX exporter (Tomcat)\n" -" - 'server.url:5557' # JMX exporter (Taskomatic)\n" -" - 'server.url:9800' # Taskomatic\n" -" - targets:\n" -" - 'server.url:80' # Message queue\n" -" labels:\n" -" __metrics_path__: /rhn/metrics\n" +"Each step of this procedure is performed on the cloned client. This " +"procedure does not manipulate the original client, which will still be " +"registered to {productname}." msgstr "" -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:141 +#. type: Block title +#: modules/administration/pages/tshoot-registerclones.adoc:7 #, no-wrap -msgid "" -"# Managed systems metrics:\n" -"- job_name: 'mgr-clients'\n" -" uyuni_sd_configs:\n" -" - host: \"http://server.url\"\n" -" username: \"admin\"\n" -" password: \"admin\"\n" +msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Salt Clients" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:143 -msgid "Save the configuration file." +#: modules/administration/pages/tshoot-registerclones.adoc:8 +#: modules/administration/pages/tshoot-registerclones.adoc:21 +msgid "On the cloned machine, change the hostname and IP addresses." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:144 -msgid "Restart the Prometheus service:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/monitoring.adoc:147 -#, no-wrap -msgid "systemctl restart prometheus\n" +#: modules/administration/pages/tshoot-registerclones.adoc:9 +#: modules/administration/pages/tshoot-registerclones.adoc:22 +msgid "" +"Make sure [path]``/etc/hosts`` contains the changes you made and the correct " +"host entries." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:150 +#: modules/administration/pages/tshoot-registerclones.adoc:10 msgid "" -"For more information about the Prometheus configuration options, see the " -"official Prometheus documentation at https://prometheus.io/docs/prometheus/" -"latest/configuration/configuration/" +"For distributions that support systemd: If your machines have the same " +"machine ID, delete the file on each duplicated client and re-create it:" msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:153 -#, no-wrap -msgid "Install Grafana" +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:12 +msgid "" +"For distributions that do not support systemd: Generate a machine ID from " +"dbus:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:157 +#: modules/administration/pages/tshoot-registerclones.adoc:14 msgid "" -"If your monitoring server is a {productname} Salt client, you can install " -"the Grafana package using the {productname} {webui}. Otherwise you can " -"download and install the package on your monitoring server manually." +"If your clients still have the same Salt client ID, delete the " +"[path]``minion_id`` file on each client (FQDN will be used when it is " +"regenerated on client restart):" msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:160 +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:15 #, no-wrap -msgid "Procedure: Installing Grafana Using the {webui}" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:162 -msgid "" -"In the {productname} {webui}, open the details page of the system where " -"Grafana is to be installed, and navigate to the [guimenu]``Formulas`` tab." +msgid "# rm /etc/salt/minion_id\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:163 +#: modules/administration/pages/tshoot-registerclones.adoc:16 msgid "" -"Check the [guimenu]``Grafana`` checkbox to enable monitoring formulas, and " -"click btn:[Save]." +"Delete accepted keys from the onboarding page and the system profile from " +"{productname}, and restart the client with:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:164 -msgid "Navigate to the ``Grafana`` tab in the top menu." +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:17 +#, no-wrap +msgid "# service salt-minion restart\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:165 -msgid "" -"In the ``Enable and configure Grafana`` section, enter the admin credentials " -"you want to use to log in Grafana." +#: modules/administration/pages/tshoot-registerclones.adoc:18 +msgid "Re-register the clients." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:166 +#: modules/administration/pages/tshoot-registerclones.adoc:19 msgid "" -"On the ``Datasources`` section, make sure that the Prometheus URL field " -"points to the system where Prometheus is running." +"Each client will now have a different [path]``/etc/machine-id`` and should " +"be correctly displayed on the [guimenu]``System Overview`` page." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:170 -msgid "" -"Check that the Grafana interface is loading correctly. In your browser, " -"navigate to the URL of the server where Grafana is installed, on port 3000 " -"(for example, [literal]``http://example.com:3000``)." +#. type: Block title +#: modules/administration/pages/tshoot-registerclones.adoc:20 +#, no-wrap +msgid "Procedure: Resolving Duplicate Machine IDs in Cloned Traditional Clients" msgstr "" -#. type: delimited block = -#: modules/administration/pages/monitoring.adoc:175 +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:23 msgid "" -"{productname} provides pre-built dashboards for server self-health, basic " -"client monitoring, and more. You can choose which dashboards to provision " -"in the formula configuration page." +"Stop the [systemitem]``rhnsd`` daemon, on {rhnminrelease6} and {sle} 11 with:" msgstr "" -#. type: Block title -#: modules/administration/pages/monitoring.adoc:180 +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:24 #, no-wrap -msgid "Procedure: Manually Installing Grafana" +msgid "# /etc/init.d/rhnsd stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:183 -msgid "Install the [package]``grafana`` package:" +#: modules/administration/pages/tshoot-registerclones.adoc:25 +msgid "or, on newer systemd-based systems, with:" msgstr "" #. type: delimited block - -#: modules/administration/pages/monitoring.adoc:186 +#: modules/administration/pages/tshoot-registerclones.adoc:26 #, no-wrap -msgid "zypper in grafana\n" +msgid "# service rhnsd stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:188 -msgid "Enable the Grafana service:" +#: modules/administration/pages/tshoot-registerclones.adoc:27 +msgid "Stop [systemitem]``osad`` with:" msgstr "" #. type: delimited block - -#: modules/administration/pages/monitoring.adoc:191 +#: modules/administration/pages/tshoot-registerclones.adoc:28 #, no-wrap -msgid "systemctl enable --now grafana-server\n" +msgid "# /etc/init.d/osad stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:194 -msgid "" -"Check that the Grafana interface is loading correctly. In your browser, " -"navigate to the URL of the server where Grafana is installed, on port 3000 " -"(for example, [literal]``http://example.com:3000``)." +#: modules/administration/pages/tshoot-registerclones.adoc:29 +#: modules/administration/pages/tshoot-registerclones.adoc:31 +msgid "or:" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/monitoring.adoc:195 +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:30 #, no-wrap -msgid "monitoring_grafana_example.png" +msgid "# service osad stop\n" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:32 +#, no-wrap +msgid "# rcosad stop\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:198 +#: modules/administration/pages/tshoot-registerclones.adoc:33 msgid "" -"For more information on how to manually install and configure Grafana, see " -"https://grafana.com/docs." +"Remove the [systemitem]``osad`` authentication configuration file and the " +"system ID:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:200 -msgid "" -"For more information about the monitoring formulas with forms, see xref:salt:" -"formula-monitoring.adoc[]." +#: modules/administration/pages/tshoot-registerclones.adoc:35 +msgid "Delete the files containing the machine IDs:" msgstr "" -#. type: Title == -#: modules/administration/pages/monitoring.adoc:203 -#, no-wrap -msgid "Configure {productname} Monitoring" +#. type: Plain text +#: modules/administration/pages/tshoot-registerclones.adoc:36 +msgid "SLES{nbsp}12:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:206 -msgid "" -"With {productname}{nbsp}4, you can enable the server to expose Prometheus " -"self-health metrics, and also install and configure exporters on client " -"systems." +#: modules/administration/pages/tshoot-registerclones.adoc:38 +msgid "SLES{nbsp}11:" msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:209 +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:39 #, no-wrap -msgid "Server Self Monitoring" +msgid "# suse_register -E\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:213 -msgid "" -"The Server self-health metrics cover hardware, operating system and " -"{productname} internals. These metrics are made available by " -"instrumentation of the Java application, combined with Prometheus exporters." +#: modules/administration/pages/tshoot-registerclones.adoc:40 +msgid "Remove the credential files:" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:215 -msgid "These exporter packages are shipped with {productname} Server:" +#: modules/administration/pages/tshoot-registerclones.adoc:41 +msgid "SLES clients:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:218 -#: modules/administration/pages/monitoring.adoc:229 -#: modules/administration/pages/monitoring.adoc:265 -msgid "" -"Node exporter: [systemitem]``golang-github-prometheus-node_exporter``. See " -"https://github.com/prometheus/node_exporter." +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:42 +#, no-wrap +msgid "# rm -f /etc/zypp/credentials.d/{SCCcredentials,NCCcredentials}\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:220 -#: modules/administration/pages/monitoring.adoc:267 -msgid "" -"PostgreSQL exporter: [systemitem]``golang-github-wrouesnel-" -"postgres_exporter``. See https://github.com/wrouesnel/postgres_exporter." +#: modules/administration/pages/tshoot-registerclones.adoc:43 +msgid "{rhel} clients:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-registerclones.adoc:44 +#, no-wrap +msgid "# rm -f /etc/NCCcredentials\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:222 -msgid "" -"JMX exporter: [systemitem]``prometheus-jmx_exporter``. See https://github." -"com/prometheus/jmx_exporter." +#: modules/administration/pages/tshoot-registerclones.adoc:45 +msgid "Re-run the bootstrap script." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:224 -#: modules/administration/pages/monitoring.adoc:269 +#: modules/administration/pages/tshoot-registerclones.adoc:46 msgid "" -"Apache exporter: [systemitem]``golang-github-lusitaniae-apache_exporter``. " -"See https://github.com/Lusitaniae/apache_exporter." +"You should now see the cloned system in {productname} without overriding the " +"system it was cloned from." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:226 -msgid "These exporter packages are shipped with {productname} Proxy:" +#. type: Title = +#: modules/administration/pages/tshoot-saltboot.adoc:1 +#, no-wrap +msgid "Troubleshooting the Saltboot Formula" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/monitoring.adoc:231 +#: modules/administration/pages/tshoot-saltboot.adoc:2 +msgid "" +"Because of a problem in the computed partition size value, the saltboot " +"formula can sometimes fail when it is created on SLE{nbsp}11 SP3 clients, " +"with an error like this:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-saltboot.adoc:3 +#, no-wrap msgid "" -"Squid exporter: [systemitem]``golang-github-boynux-squid_exporter``. See " -"https://github.com/boynux/squid-exporter." +" ID: disk1_partitioned\n" +" Function: saltboot.partitioned\n" +" Name: disk1\n" +" Result: false\n" +" Comment: An exception occurred in this state: Traceback (most recent call last):\n" +" File \"/usr/lib/python2.6/site-packages/salt/state.py\", line 1767, in call\n" +" **cdata['kwargs'])\n" +" File \"/usr/lib/python2.6/site-packages/salt/loader.py\", line 1705, in wrapper\n" +" return f(*args, **kwargs)\n" +" File \"/var/cache/salt/minion/extmods/states/saltboot.py\", line 393, in disk_partitioned\n" +" existing = __salt__['partition.list'](device, unit='MiB')\n" +" File \"/usr/lib/python2.6/site-packages/salt/modules/parted.py\", line 177, in list_\n" +" 'Problem encountered while parsing output from parted')\n" +"CommandExecutionError: Problem encountered while parsing output from parted\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:233 +#: modules/administration/pages/tshoot-saltboot.adoc:4 msgid "" -"The exporter packages are pre-installed in {productname} Server and Proxy, " -"but their respective systemd daemons are disabled by default." +"This problem can be resolved by manually configuring the size of the " +"partition containing the operating system. When the size is set correctly, " +"formula creation will work as expected." msgstr "" #. type: Block title -#: modules/administration/pages/monitoring.adoc:236 +#: modules/administration/pages/tshoot-saltboot.adoc:5 #, no-wrap -msgid "Procedure: Enabling Self Monitoring" +msgid "Procedure: Manually Configuring the Partition Size in the Saltboot Formula" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:239 +#: modules/administration/pages/tshoot-saltboot.adoc:6 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Manager Configuration > " -"Monitoring]." +"In the {productname} {webui}, navigate to menu:Systems[System Groups] and " +"select the ``Hardware Type Group`` that contains the SLE{nbsp}11 SP3 client " +"that is causing the error." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:240 -msgid "Click btn:[Enable services]." +#: modules/administration/pages/tshoot-saltboot.adoc:7 +msgid "" +"In the [guimenu]``Formulas`` tab, navigate to the [guimenu]``Saltboot`` " +"subtab." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:241 -msgid "Restart Tomcat and Taskomatic." +#: modules/administration/pages/tshoot-saltboot.adoc:8 +msgid "" +"Locate the partition that contains the operating system, and in the " +"[guimenu]``Partition Size`` field, type the appropriate size (in MiB)." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:242 -msgid "" -"Navigate to the URL of your Prometheus server, on port 9090 (for example, " -"[literal]``http://example.com:9090``)" +#: modules/administration/pages/tshoot-saltboot.adoc:9 +msgid "Click btn:[Save Formula], and apply the highstate to save your changes." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:243 -msgid "" -"In the Prometheus UI, navigate to menu:[Status > Targets] and confirm that " -"all the endpoints on the ``mgr-server`` group are up." +#. type: Title = +#: modules/administration/pages/openscap.adoc:1 +#, no-wrap +msgid "System Security with OpenSCAP" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:244 +#: modules/administration/pages/openscap.adoc:2 msgid "" -"If you have also installed Grafana with the {webui}, the server insights " -"will be visible on the {productname} Server dashboard." +"{productname} uses OpenSCAP to audit clients. It allows you to schedule and " +"view compliance scans for any client." msgstr "" -#. type: Target for macro image -#: modules/administration/pages/monitoring.adoc:245 -#, no-wrap -msgid "monitoring_enable_services.png" +#. type: delimited block = +#: modules/administration/pages/openscap.adoc:3 +msgid "OpenSCAP auditing is not available on Salt SSH clients." msgstr "" #. type: delimited block = -#: modules/administration/pages/monitoring.adoc:252 +#: modules/administration/pages/openscap.adoc:4 msgid "" -"Only server self-health monitoring can be enabled using the {webui}. " -"Metrics for a proxy are not automatically collected by Prometheus. To " -"enable self-health monitoring on a proxy, you will need to manually install " -"exporters and enable them." +"Scanning clients can consume a lot of memory and compute power on the client " +"being scanned. For {redhat} clients, ensure you have at least 2{nbsp}GB of " +"RAM available on each client to be scanned." msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:256 +#. type: Title == +#: modules/administration/pages/openscap.adoc:5 #, no-wrap -msgid "Monitoring Managed Systems" +msgid "About SCAP" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:260 +#: modules/administration/pages/openscap.adoc:6 msgid "" -"Prometheus metrics exporters can be installed and configured on Salt clients " -"using formulas. The packages are available from the {productname} client " -"tools channels, and can be enabled and configured directly in the " -"{productname} {webui}." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:262 -msgid "These exporters can be installed on managed systems:" +"The Security Certification and Authorization Package (SCAP) is a " +"standardized compliance checking solution for enterprise-level Linux " +"infrastructures. It is a line of specifications maintained by the National " +"Institute of Standards and Technology (NIST) for maintaining system security " +"for enterprise systems." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:272 +#: modules/administration/pages/openscap.adoc:7 msgid "" -"When you have the exporters installed and configured, you can start using " -"Prometheus to collect metrics from monitored systems. If you have " -"configured your monitoring server with the {webui}, metrics collection will " -"happen automatically." -msgstr "" - -#. type: Block title -#: modules/administration/pages/monitoring.adoc:275 -#, no-wrap -msgid "Procedure: Configuring Prometheus Exporters on a Client" +"SCAP was created to provide a standardized approach to maintaining system " +"security, and the standards that are used will therefore continually change " +"to meet the needs of the community and enterprise businesses. New " +"specifications are governed by NIST's SCAP Release cycle to provide a " +"consistent and repeatable revision work flow. For more information, see " +"http://scap.nist.gov/timeline.html." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:278 +#: modules/administration/pages/openscap.adoc:8 msgid "" -"In the {productname} {webui}, open the details page of the client to be " -"monitored, and navigate to the menu:Formulas tab." +"{productname} uses OpenSCAP to implement the SCAP specifications. OpenSCAP " +"is an auditing tool that utilizes the Extensible Configuration Checklist " +"Description Format (XCCDF). XCCDF is a standard way of expressing checklist " +"content and defines security checklists. It also combines with other " +"specifications such as Common Platform Enumeration (CPE), Common " +"Configuration Enumeration (CCE), and Open Vulnerability and Assessment " +"Language (OVAL), to create a SCAP-expressed checklist that can be processed " +"by SCAP-validated products." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:279 +#: modules/administration/pages/openscap.adoc:9 msgid "" -"Check the [guimenu]``Enabled`` checkbox on the ``Prometheus Exporters`` " -"formula." +"OpenSCAP verifies the presence of patches by using content produced by the " +"{suse} Security Team. OpenSCAP checks system security configuration " +"settings and examines systems for signs of compromise by using rules based " +"on standards and specifications. For more information about the {suse} " +"Security Team, see https://www.suse.com/support/security." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:281 -msgid "Navigate to the menu:Formulas[Prometheus Exporters] tab." +#. type: Title == +#: modules/administration/pages/openscap.adoc:10 +#, no-wrap +msgid "Prepare Clients for an SCAP Scan" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:283 +#: modules/administration/pages/openscap.adoc:11 msgid "" -"Select the exporters you want to enable and customize arguments according to " -"your needs. The [guimenu]``Address`` field accepts either a port number " -"preceded by a colon (``:9100``), or a fully resolvable address " -"(``example:9100``)." +"Before you begin, you need to prepare your client systems for SCAP scanning." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:285 -msgid "Apply the highstate." +#: modules/administration/pages/openscap.adoc:12 +msgid "" +"For scanning {sles} clients, install the ``openscap-content`` and ``openscap-" +"utils`` packages before you begin. Use this command to determine the " +"location of the appropriate SCAP files. Take a note of the file paths for " +"performing the scan:" msgstr "" -#. type: Target for macro image -#: modules/administration/pages/monitoring.adoc:286 +#. type: delimited block - +#: modules/administration/pages/openscap.adoc:13 #, no-wrap -msgid "monitoring_configure_formula.png" +msgid "rpm -ql openscap-content\n" msgstr "" -#. type: delimited block = -#: modules/administration/pages/monitoring.adoc:291 -msgid "" -"Monitoring formulas can also be configured for System Groups, by applying " -"the same configuration used for individual systems inside the corresponding " -"group." +#. type: Plain text +#: modules/administration/pages/openscap.adoc:14 +msgid "" +"For scanning {redhat} clients, install the ``scap-security-guide`` and " +"``openscap-utils`` packages before you begin. Use this command to determine " +"the location of the appropriate SCAP files. Take a note of the file paths " +"for performing the scan:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/openscap.adoc:15 +#, no-wrap +msgid "rpm -ql scap-security-guide\n" msgstr "" #. type: Title == -#: modules/administration/pages/monitoring.adoc:299 +#: modules/administration/pages/openscap.adoc:16 #, no-wrap -msgid "Network Boundaries" +msgid "OpenSCAP Content Files" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:303 +#: modules/administration/pages/openscap.adoc:17 msgid "" -"Prometheus fetches metrics using a pull mechanism, so the server must be " -"able to establish TCP connections to monitored clients. By default, " -"Prometheus uses these ports:" +"OpenSCAP uses SCAP content files to define test rules. These content files " +"are created based on the XCCDF or OVAL standards. You can download publicly " +"available content files and customize it to your requirements. You can " +"install the ``openscap-content`` package for default content file " +"templates. Alternatively, if you are familiar with XCCDF or OVAL, you can " +"create your own content files." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:305 -msgid "Node exporter: 9100" +#. type: delimited block = +#: modules/administration/pages/openscap.adoc:18 +msgid "" +"We recommend you use templates to create your SCAP content files. If you " +"create and use your own custom content files, you do so at your own risk. " +"If your system becomes damaged through the use of custom content files, you " +"might not be supported by {suse}." msgstr "" +#. ke 2013-08-28: Do we have SCAP content providers? Such as: The United States Government +#. Configuration Baseline (USGCB) for RHEL5 Desktop or Community-provided content (openscap-content +#. package)? For more info, see +#. https://access.redhat.com/site/documentation/en-US/Red_Hat_Network_Satellite/5.5/html/User_Guide/chap-Red_Hat_Network_Satellite-User_Guide-OpenSCAP.html # +#. I think this question is still valid. Who should we contact? LKB 2020-02-06 #. type: Plain text -#: modules/administration/pages/monitoring.adoc:306 -msgid "PostgreSQL exporter: 9187" +#: modules/administration/pages/openscap.adoc:19 +msgid "" +"When you have created your content files, you need to transfer the file to " +"the client. You can do this in the same way as you move any other file, " +"using physical storage media, or across a network with [command]``ftp`` or " +"[command]``scp``." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:307 -msgid "Apache exporter: 9117" +#: modules/administration/pages/openscap.adoc:20 +msgid "" +"We recommend that you create a package to distribute content files to " +"clients that you are managing with {productname}. Packages can be signed " +"and verified to ensure their integrity. For more information, see xref:" +"administration:custom-channels.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:309 -msgid "" -"Additionally, if you are running the alert manager on a different host than " -"where you run Prometheus, you will also need to open port 9093." +#. type: Title == +#: modules/administration/pages/openscap.adoc:21 +#, no-wrap +msgid "Perform an Audit Scan" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:311 +#: modules/administration/pages/openscap.adoc:22 msgid "" -"For clients installed on cloud instances, you can add the required ports to " -"a security group that has access to the monitoring server." +"When you have transferred your content files, you can perform audit scans. " +"Audit scans can be triggered using the {productname} {webui}. You can also " +"use the {productname} API to schedule regular scans." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:315 -msgid "" -"Alternatively, you can deploy a Prometheus instance in the exporters' local " -"network, and configure federation. This allows the main monitoring server " -"to scrape the time series from the local Prometheus instance. If you use " -"this method, you only need to open the Prometheus API port, which is 9090." +#. type: Block title +#: modules/administration/pages/openscap.adoc:23 +#, no-wrap +msgid "Procedure: Running an Audit Scan from the {webui}" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:317 +#: modules/administration/pages/openscap.adoc:24 msgid "" -"For more information on Prometheus federation, see https://prometheus.io/" -"docs/prometheus/latest/federation/." +"In the {productname} {webui}, navigate to menu:Systems[Systems List] and " +"select the client you want to scan." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:320 +#: modules/administration/pages/openscap.adoc:25 msgid "" -"You can also proxy requests through the network boundary. Tools like " -"PushProx deploy a proxy and a client on both sides of the network barrier " -"and allow Prometheus to work across network topologies such as NAT." +"Navigate to the [guimenu]``Audit`` tab, and the [guimenu]``Schedule`` subtab." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:322 +#: modules/administration/pages/openscap.adoc:26 msgid "" -"For more information on PushProx, see https://github.com/RobustPerception/" -"PushProx." +"In the [guimenu]``Path to XCCDF Document`` field, enter the path to the " +"XCCDF content file on the client. For example: [path]``/usr/share/openscap/" +"scap-yast2sec-xccdf.xml``" msgstr "" -#. type: Title === -#: modules/administration/pages/monitoring.adoc:325 -#, no-wrap -msgid "Reverse Proxy Setup" +#. type: Plain text +#: modules/administration/pages/openscap.adoc:27 +msgid "The scan will run at the client's next scheduled synchronization." msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:329 +#. type: delimited block = +#: modules/administration/pages/openscap.adoc:28 msgid "" -"Prometheus fetches metrics using a pull mechanism, so the server must be " -"able to establish TCP connections to each exporter on the monitored " -"clients. To simplify your firewall configuration, you can use reverse proxy " -"for your exporters. This way all metrics will be exposed on a single port." +"The XCCDF content file is validated before it is run on the remote system. " +"If the content file includes invalid arguments, the test will fail." msgstr "" -#. Probably a diagram here. --LKB 2020-08-11 #. type: Block title -#: modules/administration/pages/monitoring.adoc:334 +#: modules/administration/pages/openscap.adoc:29 #, no-wrap -msgid "Procedure: Installing Prometheus Exporters with Reverse Proxy" +msgid "Procedure: Running an Audit Scan from the API" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:336 +#: modules/administration/pages/openscap.adoc:30 msgid "" -"In the {productname} {webui}, open the details page of the system to be " -"monitored, and navigate to the [guimenu]``Formulas`` tab." +"Before you begin, ensure that the client to be scanned has Python and XML-" +"RPC libraries installed." msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:337 +#: modules/administration/pages/openscap.adoc:31 msgid "" -"Check the [guimenu]``Prometheus Exporters`` checkbox to enable the exporters " -"formula, and click btn:[Save]." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:338 -msgid "Navigate to the ``Prometheus Exporters`` tab in the top menu." +"Choose an existing script or create a script for scheduling a system scan " +"through ``system.scap.scheduleXccdfScan``. For example:" msgstr "" -#. type: Plain text -#: modules/administration/pages/monitoring.adoc:340 +#. type: delimited block - +#: modules/administration/pages/openscap.adoc:32 +#, no-wrap msgid "" -"Check the [guimenu]``Enable reverse proxy`` option, and enter a valid " -"reverse proxy port number. For example, ``9999``." +"#!/usr/bin/python\n" +"client = xmlrpclib.Server('https://spacewalk.example.com/rpc/api')\n" +"key = client.auth.login('username', 'password')\n" +"client.system.scap.scheduleXccdfScan(key, <1000010001>,\n" +" '',\n" +" '--profile ')\n" msgstr "" #. type: Plain text -#: modules/administration/pages/monitoring.adoc:341 -msgid "Customize the other exporters according to your needs." -msgstr "" - -#. type: Title = -#: modules/administration/pages/actions.adoc:2 -#, no-wrap -msgid "Actions" +#: modules/administration/pages/openscap.adoc:33 +msgid "In this example:" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:5 -msgid "You can manage actions on your clients in a number of different ways." +#: modules/administration/pages/openscap.adoc:34 +msgid "``<1000010001>`` is the system ID (sid)." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:8 +#: modules/administration/pages/openscap.adoc:35 msgid "" -"For Salt clients, you can schedule automated recurring actions to apply the " -"highstate to clients on a specified schedule. You can apply recurring " -"actions to individual clients, to all clients in a system group, or to an " -"entire organization." +"```` is the path to the content file location on the " +"client. For example, [path]``/usr/local/share/scap/usgcb-sled15desktop-" +"xccdf.xml``." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:11 +#: modules/administration/pages/openscap.adoc:36 msgid "" -"On both Salt and traditional clients, you can set actions to be performed in " -"a particular order by creating action chains. Action chains can be created " -"and edited ahead of time, and scheduled to run at a time that suits you." +"```` is an additional argument for the [command]``oscap`` " +"command. For example, use " +"``united_states_government_configuration_baseline`` (USGCB)." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:14 -msgid "" -"You can also perform remote commands on one or more of your Salt clients. " -"Remote commands allows you to issue commands to individual Salt clients, or " -"to all clients that match a search term." +#: modules/administration/pages/openscap.adoc:37 +msgid "Run the script on the client you want to scan, from the command prompt." msgstr "" #. type: Title == -#: modules/administration/pages/actions.adoc:17 +#: modules/administration/pages/openscap.adoc:38 #, no-wrap -msgid "Recurring Actions" +msgid "Scan Results" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:20 +#: modules/administration/pages/openscap.adoc:39 msgid "" -"You can apply recurring actions on individual Salt clients, or to all " -"clients in an organization." +"Information about the scans you have run is in the {productname} {webui}. " +"Navigate to to menu:Audit[OpenSCAP > All Scans] for a table of results. For " +"more information about the data in this table, see xref:reference:audit/" +"openscap-all-scans.adoc[]." msgstr "" -#. type: Block title -#: modules/administration/pages/actions.adoc:23 +#. type: Plain text +#: modules/administration/pages/openscap.adoc:40 +msgid "" +"To ensure that detailed information about scans is available, you need to " +"enable it on the client. In the {productname} {webui}, navigate to menu:" +"Admin[Organizations] and click on the organization the client is a part of. " +"Navigate to the [guimenu]``Configuration`` tab, and check the " +"[guimenu]``Enable Upload of Detailed SCAP Files`` option. When enabled, " +"this generates an additional HTML file on every scan, which contains extra " +"information. The results will show an extra line similar to this:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/openscap.adoc:41 #, no-wrap -msgid "Procedure: Creating a New Recurring Action" +msgid "Detailed Results: xccdf-report.html xccdf-results.xml scap-yast2sec-oval.xml.result.xml\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:25 +#: modules/administration/pages/openscap.adoc:42 msgid "" -"To apply a recurring action to an individual client, navigate to " -"[guimenu]``Systems``, click the client to configure schedules for, and " -"navigate to the menu:States[Recurring States] tab." +"To retrieve scan information from the command line, use the " +"[command]``spacewalk-report`` command:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:26 +#. type: delimited block - +#: modules/administration/pages/openscap.adoc:43 +#, no-wrap msgid "" -"To apply a recurring action to a system group, navigate to menu:" -"Systems[System Groups], select the group to configure schedules for, and " -"navigate to menu:States[Recurring States] tab." +"spacewalk-report system-history-scap\n" +"spacewalk-report scap-scan\n" +"spacewalk-report scap-scan-results\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:27 -msgid "Click btn:[Create]." +#: modules/administration/pages/openscap.adoc:44 +msgid "" +"You can also use the {productname} API to view results, with the ``system." +"scap`` handler." +msgstr "" + +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +#. Old content that has come across from the Reference Guide starts here. Pretty much all of this now exists in the right locations, but I'm leaving it here for posterity on the chance that there is yelling. --LKB 2020-08-05 +#. [[sm-audit-page]] +#. = Systems Audit Page +#. To display a system's audit page, click menu:Systems[system_name > Audit]. +#. Use this page to schedule and view compliance scans for a particular system. +#. Scans are performed by the OpenSCAP tool, which implements NIST's standard Security Content Automation Protocol (SCAP). +#. Before you scan a system, make sure that the SCAP content is prepared and all prerequisites in +#. xref:reference:audit/audit-openscap-overview.adoc#s1-openscap-suma-prerq[Prerequisites for Using OpenSCAP in {productname}] are met. +#. == List Scans +#. This subtab lists a summary of all scans completed on the system. +#. The following columns are displayed: +#. XCCDF Test Result:: +#. The scan test result name, which provides a link to the detailed results of the scan. +#. Completed:: +#. The exact time the scan finished. +#. Compliance:: +#. The unweighted pass/fail ratio of compliance based on the Standard used. +#. P:: +#. Number of checks that passed. +#. F:: +#. Number of checks that failed. +#. E:: +#. Number of errors that occurred during the scan. +#. U:: +#. Unknown. +#. N:: +#. Not applicable to the machine. +#. K:: +#. Not checked. +#. S:: +#. Not Selected. +#. I:: +#. Informational. +#. X:: +#. Fixed. +#. Total:: +#. Total number of checks. +#. Each entry starts with an icon indicating the results of a comparison to a previous similar scan. +#. The icons indicate the following: +#. * "RHN List Checked" Icon -- no difference between the compared scans. +#. * "RHN List Alert" Icon -- arbitrary differences between the compared scans. +#. * "RHN List Error" Icon -- major differences between the compared scans. Either there are more failures than the previous scan or less passes +#. * "RHN List Check In" Icon -- no comparable scan was found, therefore, no comparison was made. +#. To find out what has changed between two scans in more detail, select the ones you are interested in and click menu:Compare Selected Scans[] +#. . +#. To delete scans that are no longer relevant, select those and click on menu:Remove Selected Scans[] +#. . +#. Scan results can also be downloaded in CSV format. +#. == Scan Details +#. The Scan Details page contains the results of a single scan. +#. The page is divided into two sections: +#. Details of the XCCDF Scan:: +#. This section displays various details about the scan, including: +#. ** File System Path: the path to the XCCDF file used for the scan. +#. ** Command-line Arguments: any additional command-line arguments that were used. +#. ** Profile Identifier: the profile identifier used for the scan. +#. ** Profile Title: the title of the profile used for the scan. +#. ** Scan's Error output: any errors encountered during the scan. +#. XCCDF Rule Results:: +#. The rule results provide the full list of XCCDF rule identifiers, identifying tags, and the result for each of these rule checks. +#. This list can be filtered by a specific result. +#. [[sm-audit-schedule]] +#. == Schedule Audit +#. Use the Schedule New XCCDF Scan page to schedule new scans for specific machines. +#. Scans occur at the system's next scheduled check-in that occurs after the date and time specified. +#. The following fields can be configured: +#. Command-line Arguments::: +#. Optional arguments to the [command]``oscap`` command, either: +#. ** ``--profile PROFILE``: Specifies a particular profile from the XCCDF document. +#. + +#. Profiles are determined by the Profile tag in the XCCDF XML file. +#. Use the [command]``oscap`` command to see a list of profiles within a given XCCDF file, for example: +#. + +#. ---- +#. # oscap info /usr/local/share/scap/dist_sles12_scap-sles12-oval.xml +#. Document type: XCCDF Checklist +#. Checklist version: 1.1 +#. Status: draft +#. Generated: 2015-12-12 +#. Imported: 2016-02-15T22:09:33 +#. Resolved: false +#. Profiles: SLES12-Default +#. ---- +#. + +#. If not specified, the default profile is used. +#. Some early versions of OpenSCAP in require that you use the `--profile` option or the scan will fail. +#. ** ``--skip-valid``: Do not validate input and output files. You can use this option to bypass the file validation process if you do not have well-formed XCCDF content. +#. Path to XCCDF Document::: +#. This is a required field. +#. The path parameter points to the XCCDF content location on the client system. +#. For example: [path]``/usr/local/share/scap/dist_sles12_scap-sles12-oval.xml`` +#. + +#. WARNING: The XCCDF content is validated before it is run on the remote system. +#. Specifying invalid arguments can cause [command]``spacewalk-oscap`` to fail to validate or run. +#. Due to security concerns, the [command]``oscap xccdf eval`` command only accepts a limited set of parameters. +#. + +#. For information about how to schedule scans using the {webui} +#. , refer to: +#. xref:reference:audit/audit-openscap-overview.adoc#pro-os-suma-audit-scans-webui[Procedure: Scans via the Web Interface] +#. type: Title = +#: modules/administration/pages/tshoot-osadjabberd.adoc:1 +#, no-wrap +msgid "Troubleshooting OSAD and jabberd" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/actions.adoc:28 -msgid "Type a name for the new schedule." +#: modules/administration/pages/tshoot-osadjabberd.adoc:2 +msgid "" +"In some cases, the maximum number of files that jabber can open is lower " +"than the number of connected OSAD clients." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:29 -msgid "Choose the frequency of the recurring action:" +#: modules/administration/pages/tshoot-osadjabberd.adoc:3 +msgid "" +"If this occurs, OSAD clients cannot contact the SUSE Manager Server, and " +"jabberd will take an excessive amount of time to respond on port 5222." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:32 +#. type: delimited block = +#: modules/administration/pages/tshoot-osadjabberd.adoc:4 msgid "" -"[guimenu]``Hourly:`` Type the minute of each hour. For example, " -"[parameter]``15`` will run the action at fifteen minutes past every hour." +"This fix is only required if you have more than 8192 clients connected using " +"OSAD. In this case, we recommend you consider using Salt clients instead. " +"For more information about tuning large scale installations, see xref:salt:" +"large-scale.adoc[]." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:34 +#: modules/administration/pages/tshoot-osadjabberd.adoc:5 msgid "" -"[guimenu]``Daily:`` Select the time of each day. For example, " -"[parameter]``01:00`` will run the action at 0100 every day, in the timezone " -"of the {productname} Server." +"You can increase the number of files available to jabber by editing the " +"jabberd local configuration file. By default, the file is located at " +"[path]``/etc/systemd/system/jabberd.service.d/override.conf``." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:35 -msgid "" -"[guimenu]``Weekly:`` Select the day of the week and the time of the day, to " -"execute the action every week at the specified time." +#. type: Block title +#: modules/administration/pages/tshoot-osadjabberd.adoc:6 +#, no-wrap +msgid "Procedure: Adjusting the Maximum File Count" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:36 +#: modules/administration/pages/tshoot-osadjabberd.adoc:7 msgid "" -"[guimenu]``Monthly:`` Select the day of the month and the time of the day, " -"to execute the action every month at the specified time." +"At the command prompt, as root, open the local configuration file for " +"editing:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/tshoot-osadjabberd.adoc:8 +#, no-wrap +msgid "systemctl edit jabberd\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:38 -msgid "" -"[guimenu]``Custom Quartz format:`` For more detailed options, enter a custom " -"quartz string. For example, to run a recurring action at 0215 every " -"Saturday of every month, enter:" +#: modules/administration/pages/tshoot-osadjabberd.adoc:9 +msgid "Add or edit this section:" msgstr "" #. type: delimited block - -#: modules/administration/pages/actions.adoc:41 +#: modules/administration/pages/tshoot-osadjabberd.adoc:10 #, no-wrap -msgid "0 15 2 ? * 7\n" +msgid "" +"[Service]\n" +"LimitNOFILE=:\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:43 +#: modules/administration/pages/tshoot-osadjabberd.adoc:11 msgid "" -"OPTIONAL: Toggle the [guimenu]``Test mode`` switch on to run the schedule in " -"test mode." +"The value you choose will vary depending on your environment. For example, " +"if you have 9500 clients, increase the soft value by 100 to 9600, and the " +"hard value by 1000 to 10500:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:44 +#. type: delimited block - +#: modules/administration/pages/tshoot-osadjabberd.adoc:12 +#, no-wrap msgid "" -"Click btn:[Create Schedule] to save, and see the complete list of existing " -"schedules." +"[Unit]\n" +"LimitNOFILE=\n" +"LimitNOFILE=9600:10500\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:48 +#: modules/administration/pages/tshoot-osadjabberd.adoc:13 +msgid "Save the file and exit the editor." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/tshoot-osadjabberd.adoc:14 msgid "" -"Organization Administrators can set and edit recurring actions for all " -"clients in the organization. Navigate to menu:Home[My Organization > " -"Recurring States] to see all recurring actions that apply to the entire " -"organization." +"The default editor for systemctl files is vim. To save the file and exit, " +"press kbd:[Esc] to enter ``normal`` mode, type kbd:[:wq] and press kbd:" +"[Enter]." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:51 +#: modules/administration/pages/tshoot-osadjabberd.adoc:15 msgid "" -"{productname} Administrators can set and edit recurring actions for all " -"clients in all organizations. Navigate to menu:Admin[Organizations], select " -"the organization to manage, and navigate to the menu:States[Recurring " -"States] tab." +"Ensure you also update the `max_fds` parameter in [path]``/etc/jabberd/c2s." +"xml``. For example: `10500`" msgstr "" -#. type: delimited block = -#: modules/administration/pages/actions.adoc:56 +#. type: Plain text +#: modules/administration/pages/tshoot-osadjabberd.adoc:16 msgid "" -"Recurring actions can only be used with Salt clients. Traditional clients " -"in your group or organization are ignored." +"The soft file limit is the maximum number of open files for a single " +"process. In {productname} the highest consuming process is ``c2s``, which " +"opens a connection per client. 100 additional files are added, here, to " +"accommodate for any non-connection file that ``c2s`` requires to work " +"correctly. The hard limit applies to all processes belonging to jabber, and " +"also accounts for open files from the router, ``c2s`` and ``sm`` processes." msgstr "" -#. type: Title == -#: modules/administration/pages/actions.adoc:60 +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +# +#. Delinking per https://github.com/SUSE/spacewalk/issues/9516 LKB 2019-09-23 +#. == jabberd Database Corruption +#. ``SYMPTOMS``: After _a disk is full error_ or a _disk crash event_, the [systemitem]``jabberd`` database may have become corrupted. +#. [systemitem]``jabberd`` may then fail starting Spacewalk services: +#. ---- +#. Starting spacewalk services... +#. Initializing jabberd processes... +#. Starting router done +#. Starting sm startproc: exit status of parent of /usr/bin/sm: 2 failed +#. Terminating jabberd processes... +#. ---- +#. [path]``/var/log/messages`` shows more details: +#. ---- +#. jabberd/sm[31445]: starting up +#. jabberd/sm[31445]: process id is 31445, written to /var/lib/jabberd/pid/sm.pid +#. jabberd/sm[31445]: loading 'db' storage module +#. jabberd/sm[31445]: db: corruption detected! close all jabberd processes and run db_recover +#. jabberd/router[31437]: shutting down +#. ---- +#. ``CURE``: Remove the [systemitem]``jabberd`` database and restart. +#. [systemitem]``jabberd`` will automatically re-create the database. +#. Enter at the command prompt: +#. ---- +#. spacewalk-service stop +#. rm -rf /var/lib/jabberd/db/* +#. spacewalk-service start +#. ---- +#. ke, 2019-08-08: not sure whether we want this here: +#. An alternative approach would be to test another database, but SUSE Manager does not deliver drivers for this: +#. ---- +#. rcosa-dispatcher stop +#. rcjabberd stop +#. cd /var/lib/jabberd/db +#. rm * +#. cp /usr/share/doc/packages/jabberd/db-setup.sqlite . +#. sqlite3 sqlite.db < db-setup.sqlite +#. chown jabber:jabber * +#. rcjabberd start +#. rcosa-dispatcher start +#. ---- +#. Delinking per https://github.com/SUSE/spacewalk/issues/9516 LKB 2019-09-23 +#. == Capturing XMPP Network Data for Debugging Purposes +#. If you are experiencing bugs regarding OSAD, it can be useful to dump network messages to help with debugging. +#. The following procedures provide information on capturing data from both the client and server side. +#. .Procedure: Server Side Capture +#. . Install the [package]#tcpdump# package on the server as root: +#. + +#. ---- +#. zypper in tcpdump +#. ---- +#. . Stop the OSA dispatcher and Jabber processes: +#. + +#. ---- +#. rcosa-dispatcher stop +#. rcjabberd stop +#. ---- +#. . Start data capture on port 5222: +#. + +#. ---- +#. tcpdump -s 0 port 5222 -w server_dump.pcap +#. ---- +#. . Open a second terminal and start the OSA dispatcher and Jabber processes: +#. + +#. ---- +#. rcosa-dispatcher start +#. rcjabberd start +#. ---- +#. . Operate the server and clients so the bug you formerly experienced is reproduced. +#. . When you have finished your capture re-open the first terminal and stop the data capture with kbd:[CTRL+c]. +#. .Procedure: Client Side Capture +#. . Install the tcpdump package on your client as root: +#. + +#. ---- +#. zypper in tcpdump +#. ---- +#. . Stop the OSA process: +#. + +#. ---- +#. rcosad stop +#. ---- +#. . Begin data capture on port 5222: +#. + +#. ---- +#. tcpdump -s 0 port 5222 -w client_client_dump.pcap +#. ---- +#. . Open a second terminal and start the OSA process: +#. + +#. ---- +#. rcosad start +#. ---- +#. . Operate the server and clients so the bug you formerly experienced is reproduced. +#. . When you have finished your capture re-open the first terminal and stop the data capture with kbd:[CTRL+c]. +#. type: Title = +#: modules/administration/pages/tshoot-sync.adoc:1 #, no-wrap -msgid "Action Chains" +msgid "Troubleshooting Synchronization" msgstr "" +# +# +# +#. PUT THIS COMMENT AT THE TOP OF TROUBLESHOOTING SECTIONS +#. Troubleshooting format: +#. One sentence each: +#. Cause: What created the problem? +#. Consequence: What does the user see when this happens? +#. Fix: What can the user do to fix this problem? +#. Result: What happens after the user has completed the fix? +#. If more detailed instructions are required, put them in a "Resolving" procedure: +#. .Procedure: Resolving Widget Wobbles +#. . First step +#. . Another step +#. . Last step #. type: Plain text -#: modules/administration/pages/actions.adoc:63 +#: modules/administration/pages/tshoot-sync.adoc:2 msgid "" -"If you need to perform a number of sequential actions on your clients, you " -"can create an action chain to ensure the order is respected." +"Synchronization can fail for a number of reasons. To get more information " +"about a connection problem, run this command:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:68 +#. type: delimited block - +#: modules/administration/pages/tshoot-sync.adoc:3 +#, no-wrap msgid "" -"By default, most clients will execute an action as soon as the command is " -"issued. In some case, actions will take a long time, which could mean that " -"actions issued afterwards fail. For example, if you instruct a client to " -"reboot, then issue a second command, the second action could fail because " -"the reboot is still occurring. To ensure that actions occur in the correct " -"order, use action chains." +"export URLGRABBER_DEBUG=DEBUG\n" +"spacewalk-repo-sync -c > /var/log/spacewalk-repo-sync-$(date +%F-%R).log 2>&1\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:71 +#: modules/administration/pages/tshoot-sync.adoc:4 msgid "" -"You can use action chains on both traditional and Salt clients. Action " -"chains can include any number of these actions, in any order:" +"You can also check logs created by Zypper at [path]``/var/log/zypper.log``" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:73 -msgid "menu:System Details[Remote Command]" +#. type: Labeled list +#: modules/administration/pages/tshoot-sync.adoc:5 +#, no-wrap +msgid "GPG Key Mismatch" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:74 -msgid "menu:System Details[Schedule System Reboot]" +#: modules/administration/pages/tshoot-sync.adoc:6 +msgid "" +"{productname} does not automatically trust third party GPG keys. If package " +"synchronization fails, it could be because of an untrusted GPG key. You can " +"find out if this is the case by opening [path]``/var/log/rhn/reposync`` and " +"looking for an error like this:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:75 -msgid "menu:System Details[States > Highstate]" +#. type: delimited block - +#: modules/administration/pages/tshoot-sync.adoc:7 +#, no-wrap +msgid "" +"['/usr/bin/spacewalk-repo-sync', '--channel', 'sle-12-sp1-ga-desktop-\n" +"nvidia-driver-x86_64', '--type', 'yum', '--non-interactive']\n" +"RepoMDError: Cannot access repository. Maybe repository GPG keys are not imported\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:76 -msgid "menu:System Details[Software > Packages > List/Remove]" +#: modules/administration/pages/tshoot-sync.adoc:8 +msgid "" +"To resolve the problem, you need to import the GPG key to {productname}. " +"For more on importing GPG keys, see xref:administration:repo-metadata.adoc[]." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:77 -msgid "menu:System Details[Software > Packages > Install]" +#. type: Labeled list +#: modules/administration/pages/tshoot-sync.adoc:9 +#, no-wrap +msgid "Checksum Mismatch" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:78 -msgid "menu:System Details[Software > Packages > Upgrade]" +#: modules/administration/pages/tshoot-sync.adoc:10 +msgid "" +"If a checksum has failed, you might see an error like this in the [path]``/" +"var/log/rhn/reposync/*.log`` log file:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:79 -msgid "menu:System Details[Software > Patches]" +#. type: delimited block - +#: modules/administration/pages/tshoot-sync.adoc:11 +#, no-wrap +msgid "" +"Repo Sync Errors: (50, u'checksums did not match\n" +"326a904c2fbd7a0e20033c87fc84ebba6b24d937 vs\n" +"afd8c60d7908b2b0e2d95ad0b333920aea9892eb', 'Invalid information uploaded\n" +"to the server')\n" +"The package microcode_ctl-1.17-102.57.62.1.x86_64 which is referenced by\n" +"patch microcode_ctl-8413 was not found in the database. This patch has\n" +"been skipped.\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:80 -msgid "menu:System Details[Software > Software Channels]" +#: modules/administration/pages/tshoot-sync.adoc:12 +msgid "" +"You can resolve this error by running the synchronization from the command " +"prompt with the [command]``-Y`` option:" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:81 -msgid "menu:System Details[Configuration]" +#. type: delimited block - +#: modules/administration/pages/tshoot-sync.adoc:13 +#, no-wrap +msgid "spacewalk-repo-sync --channel -Y\n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:82 -msgid "menu:Images[Build]" +#: modules/administration/pages/tshoot-sync.adoc:14 +msgid "" +"This option verifies the repository data before the synchronization, rather " +"than relying on locally cached checksums." msgstr "" -#. type: Block title -#: modules/administration/pages/actions.adoc:85 +#. type: Title = +#: modules/administration/pages/users.adoc:1 #, no-wrap -msgid "Procedure: Creating a New Action Chain" +msgid "Users" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:88 +#: modules/administration/pages/users.adoc:2 msgid "" -"In the {productname} {webui}, navigate to the first action you want to " -"perform in the action chain. For example, navigate to [guimenu]``System " -"Details`` for a client, and click btn:[Schedule System Reboot]." +"{productname} Administrators can add new users, grant permissions, and " +"deactivate or delete users. If you are managing a large number of users, " +"you can assign users to system groups to manage permissions at a group level." +msgstr "" + +#. type: delimited block = +#: modules/administration/pages/users.adoc:3 +msgid "" +"The [guimenu]``Users`` menu is only available if you are logged in with a " +"{productname} administrator account." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:89 -msgid "Check the [guimenu]``Add to`` field and select ``new action chain``." +#: modules/administration/pages/users.adoc:4 +msgid "" +"To manage {productname} users, navigate to menu:Users[User List > All] to " +"see all users in your {productname} Server. Each user in the list shows the " +"username, real name, assigned roles, the date the user last signed in, and " +"the current status of the user. Click btn:``Create User`` to create a new " +"user account. Click the username to go to the [guimenu]``User Details`` " +"page." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:91 +#: modules/administration/pages/users.adoc:5 msgid "" -"Confirm the action. This will not perform the action immediately, it will " -"instead create the new action chain, and a blue bar confirming this appears " -"at the top of the screen." +"To add new users to your organization, click btn:[Create User], complete the " +"details for the new user, and click btn:[Create Login]." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:92 +#: modules/administration/pages/users.adoc:6 msgid "" -"Continue adding actions to your action chain by checking the [guimenu]``Add " -"to`` field and selecting the name of the action chain to add them to." +"You can deactivate or delete user accounts if they are no longer required. " +"Deactivated user accounts can be reactivated at any time. Deleted user " +"accounts are not visible, and cannot be retrieved." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:93 +#: modules/administration/pages/users.adoc:7 msgid "" -"When you have finished adding actions, navigate to menu:Schedule[Action " -"Chains] and selecting the action chain from the list." +"Users can deactivate their own accounts. However, if users have an " +"administrator role, the role must be removed before the account can be " +"deactivated." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:96 +#: modules/administration/pages/users.adoc:8 msgid "" -"Re-order actions by dragging them and dropping them into the correct " -"position. Click the blue plus sign to see the clients an action will be " -"performed on. Click btn:[Save] to save your changes." +"Deactivated users cannot log in to the {productname} {webui} or schedule any " +"actions. Actions scheduled by a user prior to their deactivation remain in " +"the action queue. Deactivated users can be reactivated by {productname} " +"administrators." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:98 +#: modules/administration/pages/users.adoc:9 msgid "" -"Schedule a time for your action chain to run, and click btn:[Save and " -"Schedule]. If you leave the page without clicking either btn:[Save] or btn:" -"[Save and Schedule] all unsaved changes will be discarded." +"Users can hold multiple administrator roles, and there can be more than one " +"user holding any administrator role at any time. There must always be at " +"least one active {productname} Administrator." msgstr "" -#. type: delimited block = -#: modules/administration/pages/actions.adoc:102 -msgid "" -"If one action in an action chain fails, the action chain stops, and no " -"further actions are executed." +#. type: Block title +#: modules/administration/pages/users.adoc:10 +#, no-wrap +msgid "User Administrator Role Permissions" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:105 +#. type: Table +#: modules/administration/pages/users.adoc:11 +#, no-wrap msgid "" -"You can see scheduled actions from action chains by navigating to menu:" -"Schedule[Pending Actions]." +"| Role Name | Description\n" +"| System Group User | Standard role associated with all users.\n" +"| {productname} Administrator | Can perform all functions, including changing privileges of other users.\n" +"| Organization Administrator | Manages activation keys, configurations, channels, and system groups.\n" +"| Activation Key Administrator | Manages activation keys.\n" +"| Image Administrator | Manages image profiles, builds, and stores.\n" +"| Configuration Administrator | Manages system configuration.\n" +"| Channel Administrator | Manages software channels, including making channels globally subscribable, and creating new channels.\n" +"| System Group Administrator | Manages systems groups, including creating and deleting system groups, adding clients to existing groups, and managing user access to groups.\n" msgstr "" #. type: Title == -#: modules/administration/pages/actions.adoc:108 +#: modules/administration/pages/users.adoc:12 #, no-wrap -msgid "Remote Commands" +msgid "User Permissions and Systems" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:112 +#: modules/administration/pages/users.adoc:13 msgid "" -"You can configure clients to run commands remotely. This allows you to " -"issue scripts or individual commands to a client, without having access to " -"the client directly." +"If you have created system groups to manage your clients, you can assign " +"groups to users for them to manage." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:116 +#: modules/administration/pages/users.adoc:14 msgid "" -"This feature is automatically enabled on Salt clients, and you do not need " -"to perform any further configuration. For traditional clients, the feature " -"is enabled if you have registered the client using a bootstrap script and " -"have enabled remote commands. You can use this procedure to enable it " -"manually, instead." +"To assign a user to a system group, navigate to menu:Users[User List], click " +"the username to edit, and go to the [guimenu]``System Groups`` tab. Check " +"the groups to assign, and click btn:``Update Defaults``." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:119 +#: modules/administration/pages/users.adoc:15 msgid "" -"Before you begin, ensure your client is subscribed to the appropriate tools " -"child channel for its installed operating system. For more information " -"about subscribing to software channels, see xref:client-configuration:" -"channels.adoc[]." -msgstr "" - -#. type: Block title -#: modules/administration/pages/actions.adoc:122 -#, no-wrap -msgid "Procedure: Configuring Traditional Clients to Accept Remote Commands" +"You can also select one or more default system groups for a user. When the " +"user registers a new client, it is assigned to the chosen system group by " +"default. This allows the user to immediately access the newly-registered " +"client." msgstr "" +#. I really don't understand what this is. Need a sentence or two to explain it. --LKB 2020-04-29 #. type: Plain text -#: modules/administration/pages/actions.adoc:125 +#: modules/administration/pages/users.adoc:16 msgid "" -"On the client, at the command prompt, use the package manager to install the " -"[systemitem]``rhncfg``, [systemitem]``rhncfg-client``, and " -"[systemitem]``rhncfg-actions`` packages, if not already installed. For " -"example:" -msgstr "" - -#. type: delimited block - -#: modules/administration/pages/actions.adoc:128 -#, no-wrap -msgid "zypper in rhncfg rhncfg-client rhncfg-actions\n" +"To manage external groups, navigate to menu:Users[System Group " +"Configuration], and go to the [guimenu]``External Authentication`` tab. " +"Click btn:[Create External Group] to create a new external group. Give the " +"group a name, and assign it to the appropriate system group." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:130 +#: modules/administration/pages/users.adoc:17 msgid "" -"On the client, at the command prompt, as root, create a path in the local " -"configuration directory:" +"For more information about system groups, see xref:reference:systems/system-" +"groups.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/actions.adoc:133 -#, no-wrap -msgid "mkdir -p /etc/sysconfig/rhn/allowed-actions/script\n" +#. type: Plain text +#: modules/administration/pages/users.adoc:18 +msgid "" +"To see the individual clients a user can administer, navigate to menu:" +"Users[User List], click the username to edit, and go to the " +"[guimenu]``Systems`` tab. To carry out bulk tasks, you can select clients " +"from the list to add them to the system set manager." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:137 +#: modules/administration/pages/users.adoc:19 msgid "" -"Create an empty file called [path]``run`` in the new directory. This file " -"grants the {productname} Server permission to run remote commands:" +"For more information about the system set manager, see xref:client-" +"configuration:system-set-manager.adoc[]." msgstr "" -#. type: delimited block - -#: modules/administration/pages/actions.adoc:140 +#. type: Title == +#: modules/administration/pages/users.adoc:20 #, no-wrap -msgid "touch /etc/sysconfig/rhn/allowed-actions/script/run\n" +msgid "Users and Channel Permissions" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:145 -msgid "" -"For Salt clients, remote commands are run from the [path]``/tmp/`` directory " -"on the client. To ensure that remote commands work accurately, do not mount " -"``/tmp`` with the [parameter]``noexec`` option." -msgstr "" - -#. type: delimited block = -#: modules/administration/pages/actions.adoc:151 +#: modules/administration/pages/users.adoc:21 msgid "" -"All commands run from the [guimenu]``Remote Commands`` page are executed as " -"{rootuser} on clients. Wildcards can be used to run commands across any " -"number of systems. Always take extra care to check your commands before " -"issuing them." -msgstr "" - -#. type: Block title -#: modules/administration/pages/actions.adoc:155 -#, no-wrap -msgid "Procedure: Running Remote Commands on Traditional Clients" +"You can assign users to software channels within your organization either as " +"a subscriber that consumes content from channels, or as an administrator, " +"who can manage the channels themselves." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:157 +#: modules/administration/pages/users.adoc:22 msgid "" -"In the {productname} {webui}, navigate to [guimenu]``Systems``, click the " -"client to run a remote command on, and navigate to the menu:Details[Remote " -"Command] tab." +"To subscribe a user to a channel, navigate to menu:Users[User List], click " +"the username to edit, and go to the menu:Channel Permissions[Subscription] " +"tab. Check the channels to assign, and click btn:``Update Permissions``." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:159 +#: modules/administration/pages/users.adoc:23 msgid "" -"In the [guimenu]``Run as user`` field, type the user ID (UID) of the user on " -"the client that you want to run the command. Alternatively, you can specify " -"a group to run the command, using the group ID (GID) in the [guimenu]``Run " -"as group`` field." +"To grant a user channel management permissions, navigate to menu:Users[User " +"List], click the username to edit, and go to the menu:Channel " +"Permissions[Management] tab. Check the channels to assign, and click btn:" +"``Update Permissions``." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:161 +#: modules/administration/pages/users.adoc:24 msgid "" -"OPTIONAL: In the [guimenu]``Timeout`` field, type a timeout period for the " -"command, in seconds. If the command is not executed within this period, it " -"will not be run." +"Some channels in the list might not be subscribable. This is usually " +"because of the users administrator status, or the channels global settings." msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:162 -msgid "In the [guimenu]``Command label`` field, type a name for your command." +#. type: Title == +#: modules/administration/pages/users.adoc:25 +#, no-wrap +msgid "User Language" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:163 +#: modules/administration/pages/users.adoc:26 msgid "" -"In the [guimenu]``Script`` field, type the command or script to execute." +"When you create a new user, you can choose which language to use for the " +"{webui}. After a user has been created, you can change the language by " +"navigating to menu:Home[My Preferences]." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:164 +#: modules/administration/pages/users.adoc:27 msgid "" -"Select a date and time to execute the command, or add the remote command to " -"an action chain." +"The default language is set in the ``rhn.conf`` configuration file. To " +"change the default language, open the [path]``/etc/rhn/rhn.conf`` file and " +"add or edit this line:" +msgstr "" + +#. type: delimited block - +#: modules/administration/pages/users.adoc:28 +#, no-wrap +msgid "web.locale = \n" msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:165 -msgid "Click btn:[Schedule] to schedule the remote command." +#: modules/administration/pages/users.adoc:29 +msgid "If the parameter is not set, the default language is ``en_US``." msgstr "" #. type: Plain text -#: modules/administration/pages/actions.adoc:167 -msgid "" -"For more information about action chains, see xref:reference:schedule/action-" -"chains.adoc[]." +#: modules/administration/pages/users.adoc:30 +msgid "These languages are available in {productname}:" msgstr "" #. type: Block title -#: modules/administration/pages/actions.adoc:171 +#: modules/administration/pages/users.adoc:31 +#: modules/administration/pages/users.adoc:33 #, no-wrap -msgid "Procedure: Running Remote Commands on Salt Clients" -msgstr "" - -#. type: Plain text -#: modules/administration/pages/actions.adoc:173 -msgid "Navigate to menu:Salt[Remote Commands]." +msgid "Available Language Codes" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:174 +#. type: Table +#: modules/administration/pages/users.adoc:32 +#, no-wrap msgid "" -"In the first field, before the ``@`` symbol, type the command you want to " -"issue." +"| Language code | Language | Dialect\n" +"| ``en_US`` | English | United States\n" +"| ``zh_CN`` | Chinese | Mainland, Simplified\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:176 +#. type: Table +#: modules/administration/pages/users.adoc:34 +#, no-wrap msgid "" -"In the second field, after the ``@`` symbol, type the client you want to " -"issue the command on. You can type the ``minion-id`` of an individual " -"client, or you can use wildcards to target a range of clients." +"| Language code | Language | Dialect\n" +"| ``bn_IN`` | Bangla | India\n" +"| ``ca`` | Catalan |\n" +"| ``de`` | German |\n" +"| ``en_US`` | English | United States\n" +"| ``es`` | Spanish |\n" +"| ``fr`` | French |\n" +"| ``gu`` | Gujarati |\n" +"| ``hi`` | Hindi |\n" +"| ``it`` | Italian |\n" +"| ``ja`` | Japanese |\n" +"| ``ko`` | Korean |\n" +"| ``pa`` | Punjabi |\n" +"| ``pt`` | Portuguese |\n" +"| ``pt_BR`` | Portuguese | Brazil\n" +"| ``ru`` | Russian |\n" +"| ``ta`` | Tamil |\n" +"| ``zh_CN`` | Chinese | Mainland, Simplified\n" +"| ``zh_TW`` | Chinese | Taiwan, Traditional\n" msgstr "" -#. type: Plain text -#: modules/administration/pages/actions.adoc:177 +#. type: delimited block = +#: modules/administration/pages/users.adoc:35 msgid "" -"Click btn:[Find targets] to check which clients you have targeted, and " -"confirm that you have used the correct details." -msgstr "" - -#. type: Plain text -#: modules/administration/pages/actions.adoc:177 -msgid "Click btn:[Run command] to issue the command to the target clients." +"Translations in {uyuni} are provided by the community, and could be " +"incorrect or incomplete. Where a translation is not available, the {webui} " +"will default to English (``en_US``)." msgstr "" #. type: Title = -#: modules/administration/nav-administration-guide.adoc:4 +#: modules/administration/nav-administration-guide.adoc:1 #, no-wrap msgid "Administration Guide: {productname} {productnumber}" msgstr "" #. Image Management #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:11 +#: modules/administration/nav-administration-guide.adoc:2 msgid "xref:admin-overview.adoc[Administration Guide Overview]" msgstr "" #. Channel Management #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:13 +#: modules/administration/nav-administration-guide.adoc:3 msgid "xref:image-management.adoc[Image Management]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:14 +#: modules/administration/nav-administration-guide.adoc:4 msgid "xref:channel-management.adoc[Channel Management]" msgstr "" #. Subscription Matching #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:16 +#: modules/administration/nav-administration-guide.adoc:5 msgid "xref:custom-channels.adoc[Custom Channels]" msgstr "" #. Live Patching #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:18 +#: modules/administration/nav-administration-guide.adoc:6 msgid "xref:subscription-matching.adoc[Subscription Matching]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:19 +#: modules/administration/nav-administration-guide.adoc:7 msgid "xref:live-patching.adoc[Live Patching]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:20 +#: modules/administration/nav-administration-guide.adoc:8 msgid "xref:live-patching-channel-setup.adoc[Channel Setup for Live Patching]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:21 +#: modules/administration/nav-administration-guide.adoc:9 msgid "xref:live-patching-sles15.adoc[Live Patching on SLES 15]" msgstr "" #. Monitoring #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:23 +#: modules/administration/nav-administration-guide.adoc:10 msgid "xref:live-patching-sles12.adoc[Live Patching on SLES 12]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:24 +#: modules/administration/nav-administration-guide.adoc:11 msgid "xref:monitoring.adoc[Monitoring]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:25 +#: modules/administration/nav-administration-guide.adoc:12 msgid "xref:organizations.adoc[Organizations]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:26 +#: modules/administration/nav-administration-guide.adoc:13 msgid "xref:content-staging.adoc[Content Staging]" msgstr "" #. Content Lifecycle #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:28 +#: modules/administration/nav-administration-guide.adoc:14 msgid "xref:disconnected-setup.adoc[Disconnected Setup]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:29 +#: modules/administration/nav-administration-guide.adoc:15 msgid "xref:content-lifecycle.adoc[Content Lifecycle Management]" msgstr "" #. Authentication Methods #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:31 +#: modules/administration/nav-administration-guide.adoc:16 msgid "" "xref:content-lifecycle-examples.adoc[Content Lifecycle Management Examples]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:32 +#: modules/administration/nav-administration-guide.adoc:17 msgid "xref:auth-methods.adoc[Authentication Methods]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:33 +#: modules/administration/nav-administration-guide.adoc:18 msgid "xref:auth-methods-sso.adoc[Authentication With SSO]" msgstr "" #. SSL Certificates #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:35 +#: modules/administration/nav-administration-guide.adoc:19 msgid "xref:auth-methods-pam.adoc[Authentication With PAM]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:36 +#: modules/administration/nav-administration-guide.adoc:20 msgid "xref:ssl-certs.adoc[SSL Certificates]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:37 +#: modules/administration/nav-administration-guide.adoc:21 msgid "xref:ssl-certs-selfsigned.adoc[Self-Signed SSL Certificates]" msgstr "" #. ISS #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:39 +#: modules/administration/nav-administration-guide.adoc:22 msgid "xref:ssl-certs-imported.adoc[Imported SSL Certificates]" msgstr "" #. Tasks, Actions, & Maintenance Windows #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:41 +#: modules/administration/nav-administration-guide.adoc:23 msgid "xref:iss.adoc[Inter-Server Synchronization]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:42 +#: modules/administration/nav-administration-guide.adoc:24 msgid "xref:actions.adoc[Actions]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:43 +#: modules/administration/nav-administration-guide.adoc:25 msgid "xref:task-schedules.adoc[Task Schedules]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:44 +#: modules/administration/nav-administration-guide.adoc:26 +msgid "xref:crash-reporting.adoc[Crash Reporting]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:27 msgid "xref:maintenance-windows.adoc[Maintenance Windows]" msgstr "" -#. Backing up +#. Users #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:46 +#: modules/administration/nav-administration-guide.adoc:28 msgid "xref:maintenance-window-tasks.adoc[Maintenance Window Tasks]" msgstr "" +#. Backing up #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:47 +#: modules/administration/nav-administration-guide.adoc:29 +msgid "xref:users.adoc[Users]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:30 msgid "xref:backup-restore.adoc[Backing Up and Restoring]" msgstr "" #. mgr-sync #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:49 +#: modules/administration/nav-administration-guide.adoc:31 msgid "xref:space-management.adoc[Managing Disk Space]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:50 +#: modules/administration/nav-administration-guide.adoc:32 msgid "xref:mgr-sync.adoc[Using mgr-sync]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:51 +#: modules/administration/nav-administration-guide.adoc:33 msgid "Security" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:52 +#: modules/administration/nav-administration-guide.adoc:34 msgid "xref:master-fingerprint.adoc[Master Fingerprint]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:53 +#: modules/administration/nav-administration-guide.adoc:35 msgid "xref:repo-metadata.adoc[Repository Metadata]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:54 +#: modules/administration/nav-administration-guide.adoc:36 msgid "xref:mirror-sources.adoc[Mirror Sources]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:55 +#: modules/administration/nav-administration-guide.adoc:37 msgid "xref:openscap.adoc[OpenSCAP]" msgstr "" #. Spacewalk Reports #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:57 +#: modules/administration/nav-administration-guide.adoc:38 msgid "xref:auditing.adoc[Auditing Packages]" msgstr "" #. Tuning #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:59 +#: modules/administration/nav-administration-guide.adoc:39 msgid "xref:reports.adoc[Generate Reports]" msgstr "" #. Troubleshooting #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:61 +#: modules/administration/nav-administration-guide.adoc:40 msgid "xref:tuning-changelogs.adoc[Tuning Changelogs]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:62 +#: modules/administration/nav-administration-guide.adoc:41 msgid "xref:tshoot-intro.adoc[Troubleshooting]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:63 +#: modules/administration/nav-administration-guide.adoc:42 msgid "xref:tshoot-corruptrepo.adoc[Troubleshooting Corrupt Repositories]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:64 +#: modules/administration/nav-administration-guide.adoc:43 msgid "xref:tshoot-diskspace.adoc[Troubleshooting Disk Space]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:65 +#: modules/administration/nav-administration-guide.adoc:44 +msgid "xref:tshoot-firewalls.adoc[Troubleshooting Firewalls]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:45 +msgid "xref:tshoot-inactiveclients.adoc[Troubleshooting Inactive Clients]" +msgstr "" + +#. type: Plain text +#: modules/administration/nav-administration-guide.adoc:46 msgid "xref:tshoot-localcert.adoc[Troubleshooting Local Certificates]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:66 +#: modules/administration/nav-administration-guide.adoc:47 msgid "xref:tshoot-logintimeout.adoc[Troubleshooting Login Timeout]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:67 +#: modules/administration/nav-administration-guide.adoc:48 msgid "xref:tshoot-notifications.adoc[Troubleshooting Notifications]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:68 +#: modules/administration/nav-administration-guide.adoc:49 msgid "xref:tshoot-osadjabberd.adoc[Troubleshooting OSAD and jabberd]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:69 +#: modules/administration/nav-administration-guide.adoc:50 msgid "xref:tshoot-packages.adoc[Troubleshooting Packages]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:70 +#: modules/administration/nav-administration-guide.adoc:51 msgid "" "xref:tshoot-registerclones.adoc[Troubleshooting Registering Cloned Clients]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:71 +#: modules/administration/nav-administration-guide.adoc:52 msgid "xref:tshoot-hostname-rename.adoc[Troubleshooting Renaming the Server]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:72 +#: modules/administration/nav-administration-guide.adoc:53 msgid "xref:tshoot-rpctimeout.adoc[Troubleshooting RPC Timeouts]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:73 +#: modules/administration/nav-administration-guide.adoc:54 msgid "xref:tshoot-saltboot.adoc[Troubleshooting Saltboot]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:74 -msgid "xref:tshoot-sync.adoc[Troubleshooting Product Synchronization]" +#: modules/administration/nav-administration-guide.adoc:55 +msgid "xref:tshoot-sync.adoc[Troubleshooting Synchronization]" msgstr "" #. type: Plain text -#: modules/administration/nav-administration-guide.adoc:75 +#: modules/administration/nav-administration-guide.adoc:56 msgid "xref:tshoot-taskomatic.adoc[Troubleshooting Taskomatic]" msgstr "" diff --git a/l10n-weblate/architecture/architecture.pot b/l10n-weblate/architecture/architecture.pot deleted file mode 100644 index 6863966c1a1..00000000000 --- a/l10n-weblate/architecture/architecture.pot +++ /dev/null @@ -1,2563 +0,0 @@ -# SOME DESCRIPTIVE TITLE -# Copyright (C) YEAR Free Software Foundation, Inc. -# This file is distributed under the same license as the PACKAGE package. -# FIRST AUTHOR , YEAR. -# -#, fuzzy -msgid "" -msgstr "" -"Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2020-08-23 23:31+0200\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: FULL NAME \n" -"Language-Team: LANGUAGE \n" -"Language: \n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" - -#. type: Title = -#: modules/architecture/pages/apache.adoc:2 -#, no-wrap -msgid "Apache" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/apache.adoc:9 -#, no-wrap -msgid "Functions" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:12 -msgid "" -"Apache is a primary component of {productname}. It performs the following " -"functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:14 -#, no-wrap -msgid "**Handles HTTP(S) communication**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:15 -#, no-wrap -msgid "**Serves Static Files**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:16 -#, no-wrap -msgid "**HTTP gateway to: Apache Tomcat, the Python XMLRPC server and Cobbler**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/apache.adoc:17 -#, no-wrap -msgid "Log Files" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:20 -msgid "_Logs for Apache are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/apache.adoc:23 -#, no-wrap -msgid "/var/log/apache2/error_log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/architecture-intro.adoc:2 -#, no-wrap -msgid "Introduction" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-intro.adoc:5 -#, no-wrap -msgid "**Publication Date:** {docdate}\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/architecture-legend.adoc:1 -#, no-wrap -msgid "Component Legend" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:4 -msgid "" -"These diagram components will be used in the following sections explaining " -"the architecture of {productname}. Components in {productname} can " -"communicate in three ways:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:6 -msgid "One way" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:7 -msgid "Two way" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:8 -msgid "Scheduled (time based)" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/architecture-legend.adoc:11 -#, no-wrap -msgid "Types of Components" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:14 -#, no-wrap -msgid "One Way" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:17 -msgid "Components that communicate in only one direction are represented by:" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:18 -#, no-wrap -msgid "One way communication between components" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/architecture-legend.adoc:20 -#, no-wrap -msgid "dia-one-way-component.png" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:24 -#, no-wrap -msgid "Two Way" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:27 -msgid "Components that communicate in both directions are represented by:" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:28 -#, no-wrap -msgid "Two way communication between components" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/architecture-legend.adoc:30 -#, no-wrap -msgid "dia-two-way-component.png" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:34 -#, no-wrap -msgid "Database Connections" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:37 -msgid "" -"A component that reads and writes to the database communicates in both " -"directions are represented by:" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:38 -#, no-wrap -msgid "Two way communication between a component and the database(read and write)" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/architecture-legend.adoc:40 -#, no-wrap -msgid "dia-database-communication.png" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:44 -#, no-wrap -msgid "Scheduled (Time based)" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:47 -msgid "Components that run on a schedule are represented by:" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:48 -#, no-wrap -msgid "Component that runs on a schedule" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/architecture-legend.adoc:50 -#, no-wrap -msgid "dia-component-schedule.png" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/components-overview.adoc:4 -msgid "Description..." -msgstr "" - -#. type: Title = -#: modules/architecture/pages/database.adoc:2 -#, no-wrap -msgid "Database" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/database.adoc:11 -msgid "" -"The database is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/database.adoc:13 -#, no-wrap -msgid "**Primarily stores application data**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/database.adoc:14 -#, no-wrap -msgid "**Functions as a data exchange area between components**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/database.adoc:17 -msgid "_Logs for the database are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/database.adoc:20 -#, no-wrap -msgid "/var/lib/pgsql/data/pg_log/*\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/devel-repositories.adoc:1 -#, no-wrap -msgid "Devel Repositories" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/jabberd.adoc:2 -#, no-wrap -msgid "jabberd" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/jabberd.adoc:9 -msgid "" -"jabberd is a component of {productname}. It performs the following function " -"in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/jabberd.adoc:11 -#, no-wrap -msgid "**Implements the Jabber (XMPP) protocol that osa-dispatcher uses**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/jabberd.adoc:14 -msgid "_Logs for jabberd are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/jabberd.adoc:17 -#, no-wrap -msgid "/var/log/messages\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/maintenance-repositories.adoc:1 -#, no-wrap -msgid "Maintenance Repositories" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/mgr-sync.adoc:2 -#, no-wrap -msgid "mgr-sync" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr-sync.adoc:13 -#, no-wrap -msgid "" -"*mgr-sync* is a command line tool for {productname}.\n" -"It performs the following function.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr-sync.adoc:15 -#, no-wrap -msgid "**mgr-sync is a command line tool that synchronizes with {scc}(SCC) and retrieves data and package repositories.**\n" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/mgr-sync.adoc:17 -#, no-wrap -msgid "mgr-sync and Open Source Distributions" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/mgr-sync.adoc:20 -msgid "" -"__This tool is designed for use with a support subscription or trial account " -"with {scc}. It is not required for open source distributions(OpenSUSE Leap , " -"CentOS, Ubuntu, etc.).__" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/mgr-sync.adoc:22 -#, no-wrap -msgid "mgr-sync --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr-sync.adoc:25 -msgid "__The following options are available for the *mgr-sync* command:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:30 -#, no-wrap -msgid "" -"mgr-sync --help\n" -"usage: mgr-sync [-h] [--version] [-v] [-s] [-d {1,2,3}]\n" -" {list,add,refresh,delete} ...\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:32 -#, no-wrap -msgid "Synchronize SUSE Manager repositories.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:41 -#, no-wrap -msgid "" -"optional arguments:\n" -" -h, --help show this help message and exit\n" -" --version Print mgr-sync version\n" -" -v, --verbose Be verbose\n" -" -s, --store-credentials\n" -" Store credentials to the local dot file.\n" -" -d {1,2,3}, --debug {1,2,3}\n" -" Log additional debug information depending on DEBUG\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:49 -#, no-wrap -msgid "" -"Subcommands:\n" -" {list,add,refresh,delete}\n" -" list List channels, SCC organization credentials or\n" -" products\n" -" add add channels, SCC organization credentials or products\n" -" refresh Refresh product, channel and subscription\n" -" delete Delete SCC organization credentials\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr-sync.adoc:54 -msgid "_Logs for the mgr-sync tool are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:58 -#, no-wrap -msgid "" -"/var/log/rhn/mgr-sync.log\n" -"/var/log/rhn/rhn_web_api.log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/mgr_check.adoc:2 -#, no-wrap -msgid "mgr_check" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr_check.adoc:11 -#, no-wrap -msgid "*mgr_check* is a primary component of {productname}. It performs the following functions in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr_check.adoc:13 -#, no-wrap -msgid "**Client-side command line tool for legacy clients that checks for actions on the server and executes them**\n" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/mgr_check.adoc:15 -#, no-wrap -msgid "mgr_check and rhn_check" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/mgr_check.adoc:19 -#, no-wrap -msgid "" -"*mgr_check* is symlinked to *rhn_check* in `/usr/sbin/`.\n" -"Both _mgr_check_ and _rhn_check_ can be used for checking for actions on the server.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr_check.adoc:22 -#, no-wrap -msgid "lrwxrwxrwx 1 root root 9 Sep 9 09:05 mgr_check -> rhn_check*\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/mgr_check.adoc:25 -#, no-wrap -msgid "mgr_check --help" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/mgr_check.adoc:27 -msgid "" -"__The following options are available for the *rhn_check* on your legacy " -"clients:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr_check.adoc:31 -#, no-wrap -msgid "" -"mgr_check --help\n" -"Usage: rhn_check [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr_check.adoc:43 -#, no-wrap -msgid "" -"Options:\n" -" -v, --verbose Show additional output. Repeat for more detail.\n" -" --proxy=PROXY Specify an http proxy to use\n" -" --proxyUser=PROXYUSER\n" -" Specify a username to use with an authenticated http\n" -" proxy\n" -" --proxyPassword=PROXYPASSWORD\n" -" Specify a password to use with an authenticated http\n" -" proxy\n" -" --version show program's version number and exit\n" -" -h, --help show this help message and exit\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr_check.adoc:47 -msgid "_Logs for the *mgr_check* are located on your legacy clients in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr_check.adoc:50 -#, no-wrap -msgid "/var/log/up2date\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/osa-dispatcher.adoc:2 -#, no-wrap -msgid "osa-dispatcher" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osa-dispatcher.adoc:11 -#, no-wrap -msgid "*osa-dispatcher* is a component of {productname}. It performs the following function in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osa-dispatcher.adoc:13 -#, no-wrap -msgid "**Monitors database for actions, informing osad clients when they need to run them**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/osa-dispatcher.adoc:14 -#, no-wrap -msgid "osa-dispatcher --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osa-dispatcher.adoc:16 -msgid "__The following options are available for the *osa-dispatcher*:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osa-dispatcher.adoc:20 -#, no-wrap -msgid "" -"osa-dispatcher --help\n" -"Usage: osa-dispatcher [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osa-dispatcher.adoc:27 -#, no-wrap -msgid "" -"Options:\n" -" -v, --verbose Increase verbosity\n" -" -N, --nodetach Suppress backgrounding and detachment of the process\n" -" --pid-file=PID_FILE Write to this PID file\n" -" --logfile=LOGFILE Write log information to this file\n" -" -h, --help show this help message and exit\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osa-dispatcher.adoc:33 -msgid "_Logs for the *osa-dispatcher* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osa-dispatcher.adoc:36 -#, no-wrap -msgid "/var/log/rhn/osa_dispatcher.log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/osad.adoc:2 -#, no-wrap -msgid "osad" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:12 -#, no-wrap -msgid "*osad* is a primary component of {productname}. It performs the following functions in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:14 -#, no-wrap -msgid "**Client-side daemon for legacy clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:15 -#, no-wrap -msgid "**Calls mgr_check(rhn_check) when notified by Jabber**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/osad.adoc:18 -#, no-wrap -msgid "osad --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:21 -msgid "" -"The following options are available for use with *osad* on your legacy " -"clients:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osad.adoc:25 -#, no-wrap -msgid "" -"osad --help\n" -"Usage: osad [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osad.adoc:35 -#, no-wrap -msgid "" -"Options:\n" -" -v, --verbose Increase verbosity\n" -" -N, --nodetach Suppress backgrounding and detachment of the process\n" -" --pid-file=PID_FILE Write to this PID file\n" -" --logfile=LOGFILE Write log information to this file\n" -" --cfg=CFG Use this configuration file for defaults\n" -" --jabber-server=JABBER_SERVER\n" -" Primary jabber server to connect to\n" -" -h, --help show this help message and exit\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:42 -msgid "_Logs for *osad* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osad.adoc:45 -#, no-wrap -msgid "/var/log/osad\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:2 -#, no-wrap -msgid "zypp-plugin-spacewalk" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:12 -#, no-wrap -msgid "*zypp-plugin-spacewalk* is a component of {productname}. It performs the following functions in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:14 -#, no-wrap -msgid "**Client-side add-on to zypper for legacy clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:15 -#, no-wrap -msgid "**Exposes SUSE Manager channels as zypper repositories**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:16 -#, no-wrap -msgid "**The plugin is not required on salt-minions**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:22 -msgid "" -"_Logs for the *zypp-plugin-spacewalk* are located on your legacy clients in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:26 -#, no-wrap -msgid "" -"/var/log/zypper.log\n" -"/var/log/zypp/*\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/pool-repositories.adoc:1 -#, no-wrap -msgid "Pool Repositories" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/python-xmlrpc-server.adoc:2 -#, no-wrap -msgid "Python XMLRPC Server" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/python-xmlrpc-server.adoc:12 -msgid "" -"The Python XMLRPC Server is a primary component of {productname}. It " -"performs the following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/python-xmlrpc-server.adoc:14 -#, no-wrap -msgid "**Provides the private XMLRPC API**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/python-xmlrpc-server.adoc:15 -#, no-wrap -msgid "**Used primarily by client tools (mgr_check)**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/python-xmlrpc-server.adoc:21 -msgid "__Logs for the Python XMLRPC Server are located in:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/python-xmlrpc-server.adoc:25 -#, no-wrap -msgid "" -"/var/log/apache2/error_log\n" -"/var/log/rhn/rhn_server_xmlrpc.log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/repositories-overview.adoc:1 -#, no-wrap -msgid "Repository Types" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/rhnsd.adoc:2 -#, no-wrap -msgid "rhnsd" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:7 -#, no-wrap -msgid "" -"*rhnsd* is a client-side daemon for traditional clients only.\n" -"As of {productname} 4, it is only available on non-systemd systems ({sle} 11 and {rhnminrelease6}).\n" -"For later versions, a systemd timer ([systemitem]``rhnsd.timer``) is available.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:12 -#, no-wrap -msgid "*rhnsd* is a primary component of {productname}. It performs the following functions in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:14 -#, no-wrap -msgid "**Client-side daemon for traditional clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:15 -#, no-wrap -msgid "**Periodically calls mgr_check (symlinked to rhn_check)**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:16 -#, no-wrap -msgid "**Randomizes check time not to overload the server**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/rhnsd.adoc:19 -#, no-wrap -msgid "rhnsd --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:21 -msgid "" -"The following options are available for use with rhnsd on your legacy " -"clients:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/rhnsd.adoc:26 -#, no-wrap -msgid "" -"rhnsd --help\n" -"Usage: rhnsd [OPTION...]\n" -"Spacewalk Services Daemon\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/rhnsd.adoc:32 -#, no-wrap -msgid "" -" -f, --foreground Run in foreground\n" -" -i, --interval=MINS Connect to Spacewalk every MINS minutes\n" -" -?, --help Give this help list\n" -" --usage Give a short usage message\n" -" -V, --version Print program version\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/rhnsd.adoc:35 -#, no-wrap -msgid "" -"Mandatory or optional arguments to long options are also mandatory or optional\n" -"for any corresponding short options.\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-api.adoc:2 -#, no-wrap -msgid "salt-api" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:12 -msgid "" -"The *salt-api* is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:14 -#, no-wrap -msgid "**Internal API communicates the Java side of {productname} with the salt-master**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:15 -#, no-wrap -msgid "**Provides HTTPS and websocket interfaces with the salt-master**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:16 -#, no-wrap -msgid "**Handles the SSH connections to clients (SSH Push)**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-api.adoc:19 -#, no-wrap -msgid "salt-api --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:22 -msgid "" -"The following options are available for the *salt-api*. The following list " -"is not comprehensive, for more information see: http://docs.saltstack." -"com[The Saltstack Docs]" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:24 -#, no-wrap -msgid "**Options:**\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:28 -#, no-wrap -msgid "" -"salt-api --help\n" -"Usage: salt-api [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:30 -#, no-wrap -msgid "The Salt API system manages network API connectors for the Salt Master\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:42 -#, no-wrap -msgid "" -"Options:\n" -" --version show program's version number and exit\n" -" -V, --versions-report\n" -" Show program's dependencies version number and exit.\n" -" -h, --help show this help message and exit\n" -" -c CONFIG_DIR, --config-dir=CONFIG_DIR\n" -" Pass in an alternative configuration directory.\n" -" Default: '/etc/salt'.\n" -" -d, --daemon Run the salt-api as a daemon.\n" -" --pid-file=PIDFILE Specify the location of the pidfile. Default:\n" -" '/var/run/salt-api.pid'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:46 -#, no-wrap -msgid "" -" Logging Options:\n" -" Logging options which override any settings defined on the\n" -" configuration files.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:57 -#, no-wrap -msgid "" -" -l LOG_LEVEL, --log-level=LOG_LEVEL\n" -" Console logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -" --log-file=API_LOGFILE\n" -" Log file path. Default: '/var/log/salt/api'.\n" -" --log-file-level=LOG_LEVEL_LOGFILE\n" -" Logfile logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:60 -#, no-wrap -msgid "" -"You can find additional help about salt-api issuing \"man salt-api\" or on\n" -"http://docs.saltstack.com\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:65 -msgid "_Logs for *salt-api* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:69 -#, no-wrap -msgid "" -"/var/log/salt/master\n" -"/var/log/salt/api\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-bootstrapping-ui.adoc:1 -#, no-wrap -msgid "Boostrapping UI" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-broker.adoc:2 -#, no-wrap -msgid "salt-broker" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-broker.adoc:12 -msgid "" -"The *salt-broker* is a component of the {productname} proxy. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-broker.adoc:14 -#, no-wrap -msgid "**Used only in the {productname} Proxy for clients using pull method**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-broker.adoc:15 -#, no-wrap -msgid "**Forwards the ZeroMQ Salt channels from {productname} server to the proxy clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-broker.adoc:19 -msgid "_Logs for *salt-broker* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-broker.adoc:22 -#, no-wrap -msgid "/var/log/salt/broker\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-contact-method-overview.adoc:2 -#, no-wrap -msgid "Salt Contact Methods" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-contact-method-overview.adoc:5 -#, no-wrap -msgid "Choosing a Contact Method for Salt" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:9 -msgid "" -"{productname} provides several methods for communication between client and " -"server. All commands that the {productname} server sends to its clients " -"will be routed through one of these contact methods." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:12 -msgid "" -"The contact method you select for Salt will depend on your network " -"infrastructure. The following sections provide a starting point for " -"selecting a method which best suits your network environment." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:14 -msgid "xref:salt-pull.adoc[Salt Pull]" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:15 -msgid "xref:salt-ssh-push.adoc[Salt SSH Push]" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:15 -msgid "xref:salt-ssh-push-tunnel.adoc[Salt SSH Push and Tunnel]" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-core-components.adoc:1 -#, no-wrap -msgid "Core Salt Components" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-core-components.adoc:9 -msgid "Comming soon..." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-core-components.adoc:10 -#, no-wrap -msgid "Salt Core" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/salt-core-components.adoc:12 -#, no-wrap -msgid "dia-salt-stack-core-block.png" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-data-locations.adoc:2 -#, no-wrap -msgid "Salt Data and {productname}" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-data-locations.adoc:9 -#: modules/architecture/pages/salt-data-locations.adoc:13 -#, no-wrap -msgid "Salt Global Static Data" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-data-locations.adoc:12 -msgid "" -"Global static data *should not* be customized or edited by {productname} " -"users. This data is generated by the server." -msgstr "" - -#. type: Table -#: modules/architecture/pages/salt-data-locations.adoc:21 -#, no-wrap -msgid "" -"| Directory | Function\n" -"\n" -"| /usr/share/susemanager/salt/ | Custom modules, states, grains\n" -"| /usr/share/susemanager/pillar_data/ |\tGlobal pillar data\n" -"| /usr/share/susemanager/formulas/ | Formulas\n" -"| /usr/share/salt-formulas/ | Formulas (either for {productname} or stand-alone Salt)\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-data-locations.adoc:24 -#, no-wrap -msgid "Generated Data Per Client" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-data-locations.adoc:27 -msgid "" -"Generated data for clients *should not* be customized or edited by " -"{productname} users. This data is generated by the server." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-data-locations.adoc:28 -#: modules/architecture/pages/salt-data-locations.adoc:41 -#, no-wrap -msgid "Salt Generated Data Per Client" -msgstr "" - -#. type: Table -#: modules/architecture/pages/salt-data-locations.adoc:35 -#, no-wrap -msgid "" -"| Directory | Function\n" -"\n" -"| /srv/susemanager/pillar_data/\t | custom modules, states, grains\n" -"| /usr/share/susemanager/pillar_data/ |\tglobal pillar data\n" -"| /srv/susemanager/formulas_data/ | formulas\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-data-locations.adoc:37 -#, no-wrap -msgid "Custom Salt Data" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-data-locations.adoc:40 -msgid "" -"The following directories are reserved for use by users *and should be* " -"customized and edited by {productname} users. The custom salt data place " -"here will be calculated and combined with the content generated listed above " -"when running a highstate." -msgstr "" - -#. type: Table -#: modules/architecture/pages/salt-data-locations.adoc:48 -#, no-wrap -msgid "" -"| Directory | Function\n" -"\n" -"| /srv/salt/ | user defined custom modules, states, grains\n" -"| /srv/pillar/ | user defined global pillar data\n" -"| /srv/formula_metadata | user defined formulas\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-master.adoc:2 -#, no-wrap -msgid "salt-master" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:12 -msgid "" -"The *salt-master* is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:14 -#, no-wrap -msgid "**Core process of Salt on the server side**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:15 -#, no-wrap -msgid "**Provides communication with Salt clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:16 -#, no-wrap -msgid "**Handles Salt jobs, publishes to the Salt event Bus**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:17 -#, no-wrap -msgid "**Handles client responses**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:18 -#, no-wrap -msgid "**Manages states, highstates, pillar information, etc**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-master.adoc:20 -#, no-wrap -msgid "salt-master --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:23 -msgid "" -"The following options are available for the *salt-master*. The following " -"list is not comprehensive, for more information see: http://docs.saltstack." -"com[The Saltstack Docs]" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:29 -#, no-wrap -msgid "" -"salt-master --help\n" -"Usage: salt-master [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:31 -#, no-wrap -msgid "The Salt Master, used to control the Salt Clients\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:46 -#, no-wrap -msgid "" -"Options:\n" -" --version show program's version number and exit\n" -" -V, --versions-report\n" -" Show program's dependencies version number and exit.\n" -" -h, --help show this help message and exit\n" -" --saltfile=SALTFILE Specify the path to a Saltfile. If not passed, one\n" -" will be searched for in the current working directory.\n" -" -c CONFIG_DIR, --config-dir=CONFIG_DIR\n" -" Pass in an alternative configuration directory.\n" -" Default: '/etc/salt'.\n" -" -u USER, --user=USER Specify user to run salt-master.\n" -" -d, --daemon Run the salt-master as a daemon.\n" -" --pid-file=PIDFILE Specify the location of the pidfile. Default:\n" -" '/var/run/salt-master.pid'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:61 -#, no-wrap -msgid "" -" -l LOG_LEVEL, --log-level=LOG_LEVEL\n" -" Console logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -" --log-file=LOG_FILE\n" -" Log file path. Default: '/var/log/salt/master'.\n" -" --log-file-level=LOG_LEVEL_LOGFILE\n" -" Logfile logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:64 -#, no-wrap -msgid "" -"You can find additional help about salt-master issuing \"man salt-master\" or on\n" -"http://docs.saltstack.com\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:70 -msgid "_Logs for *salt-master* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:73 -#, no-wrap -msgid "/var/log/salt/master\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-minion.adoc:2 -#, no-wrap -msgid "salt-minion" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:12 -msgid "" -"The *salt-minion* is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:14 -#, no-wrap -msgid "**Client-side main process for Salt clients (only pull method)**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:15 -#, no-wrap -msgid "**Communicates the client with salt-master via Salt event bus (ZeroMQ)**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:16 -#, no-wrap -msgid "**Executes the actions received from the Salt master on the client (minion)**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-minion.adoc:18 -#, no-wrap -msgid "salt-minion --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:21 -msgid "" -"The following options are available for the *salt-minion*. The following " -"list is not comprehensive, for more information see: http://docs.saltstack." -"com[The Saltstack Docs]" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:27 -#, no-wrap -msgid "" -"salt-minion --help\n" -"Usage: salt-minion [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:29 -#, no-wrap -msgid "The Salt Minion, receives commands from a remote Salt Master\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:44 -#, no-wrap -msgid "" -"Options:\n" -" --version show program's version number and exit\n" -" -V, --versions-report\n" -" Show program's dependencies version number and exit.\n" -" -h, --help show this help message and exit\n" -" --saltfile=SALTFILE Specify the path to a Saltfile. If not passed, one\n" -" will be searched for in the current working directory.\n" -" -c CONFIG_DIR, --config-dir=CONFIG_DIR\n" -" Pass in an alternative configuration directory.\n" -" Default: '/etc/salt'.\n" -" -u USER, --user=USER Specify user to run salt-minion.\n" -" -d, --daemon Run the salt-minion as a daemon.\n" -" --pid-file=PIDFILE Specify the location of the pidfile. Default:\n" -" '/var/run/salt-minion.pid'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:59 -#, no-wrap -msgid "" -" -l LOG_LEVEL, --log-level=LOG_LEVEL\n" -" Console logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -" --log-file=LOG_FILE\n" -" Log file path. Default: '/var/log/salt/minion'.\n" -" --log-file-level=LOG_LEVEL_LOGFILE\n" -" Logfile logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:62 -#, no-wrap -msgid "" -"You can find additional help about salt-minion issuing \"man salt-minion\" or on\n" -"http://docs.saltstack.com\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:67 -msgid "_Logs for *salt-minion* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:70 -#, no-wrap -msgid "/var/log/salt/minion\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-onboarding-and-registration.adoc:1 -#, no-wrap -msgid "Onboarding and Registration" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-overview.adoc:1 -#, no-wrap -msgid "Salt Architecture" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-overview.adoc:9 -msgid "Some description..." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-overview.adoc:10 -#, no-wrap -msgid "Salt Stack Diagram" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-overview.adoc:11 -msgid "image:dia-salt-stack.png[]" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-pull.adoc:2 -#, no-wrap -msgid "Salt Pull" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-ssh-push-tunnel.adoc:2 -#, no-wrap -msgid "Salt SSH Push & Tunnel" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-ssh-push.adoc:2 -#, no-wrap -msgid "Salt SSH Push" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:10 -msgid "" -"Salt SSH Push is intended to be used in environments where your Salt clients " -"cannot reach the {productname} server directly to regularly checking in and, " -"for example, fetch package updates." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-ssh-push.adoc:11 -#, no-wrap -msgid "Push via SSH" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/salt-ssh-push.adoc:16 -msgid "" -"This feature is not related to Push via SSH for the traditional clients. " -"For Push via SSH, see pass:c[xref:bp.contact.methods.ssh.push[Salt SSH " -"Push]]." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:20 -#, no-wrap -msgid "Overview" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-ssh-push.adoc:22 -#, no-wrap -msgid "Push via Salt SSH Contact Method" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/salt-ssh-push.adoc:24 -#, no-wrap -msgid "salt-ssh-contact-taigon.png" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:32 -#, no-wrap -msgid "" -"Salt provides \"`Salt SSH`\"\n" -" ([command]``salt-ssh``), a feature to manage clients from a server.\n" -"It works without installing Salt related software on clients.\n" -"Using Salt SSH there is no need to have clients connected to the Salt master.\n" -"Using this as a {productname} connect method, this feature provides similar functionality for Salt clients as the traditional Push via SSH feature for traditional clients.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:34 -msgid "This feature allows:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:36 -msgid "" -"Managing Salt entitled systems with the Push via SSH contact method using " -"Salt SSH." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:37 -msgid "Bootstrapping such systems." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:40 -#, no-wrap -msgid "Requirements" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:43 -msgid "" -"SSH daemon must be running on the remote system and reachable by the " -"[systemitem]``salt-api`` daemon (typically running on the {productname} " -"server)." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:44 -msgid "" -"Python must be available on the remote system (Python must be supported by " -"the installed Salt). Currently: python 2.6." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-ssh-push.adoc:45 -#, no-wrap -msgid "Unsupported Systems" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/salt-ssh-push.adoc:50 -msgid "" -"{rhel} and CentOS versions <= 5 are not supported because they do not have " -"Python 2.6 by default." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:54 -#, no-wrap -msgid "Bootstrapping" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:57 -msgid "To bootstrap a Salt SSH system, proceed as follows:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:59 -msgid "" -"Open the menu:Bootstrap Minions[] dialog in the Web UI (menu:" -"Systems[Bootstrapping] )." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:60 -msgid "" -"Fill out the required fields. Select an menu:Activation Key[] with the menu:" -"Push via SSH[] contact method configured. For more information about " -"activation keys, see:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:61 -msgid "pass:c[xref:ref.webui.systems.activ-keys]." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:62 -msgid "Check the menu:Manage system completely via SSH[] option." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:63 -msgid "Confirm with clicking the menu:Bootstrap[] button." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:67 -msgid "" -"Now the system will be bootstrapped and registered in {productname}. If " -"done successfully, it will appear in the menu:Systems[] list." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:70 -#, no-wrap -msgid "Configuration" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:73 -msgid "There are two kinds of parameters for Push via Salt SSH:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:75 -msgid "" -"Bootstrap-time parameters {mdash} configured in the menu:Bootstrapping[] " -"page:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:76 -msgid "Host" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:77 -msgid "Activation key" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:78 -msgid "" -"Password {mdash} used only for bootstrapping, not saved anywhere; all future " -"SSH sessions are authorized via a key/certificate pair" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:79 -msgid "Persistent parameters {mdash} configured {productname}-wide:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:80 -msgid "sudo user {mdash} same as in pass:c[bp.contact.methods.ssh.push.sudo]." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:83 -#, no-wrap -msgid "Action Execution" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:88 -msgid "" -"The Push via Salt SSH feature uses a taskomatic job to execute scheduled " -"actions using [command]``salt-ssh``. The taskomatic job periodically checks " -"for scheduled actions and executes them. While on traditional clients with " -"SSH push configured only [command]``mgr_check`` is executed via SSH, the " -"Salt SSH push job executes a complete [command]``salt-ssh`` call based on " -"the scheduled action." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:91 -#, no-wrap -msgid "Known Limitation" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:94 -msgid "OpenSCAP auditing is not available on Salt SSH clients." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:95 -msgid "Beacons do not work with Salt SSH." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:96 -msgid "" -"Installing a package on a system using [command]``zypper`` will not invoke " -"the package refresh." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:97 -msgid "" -"Virtual Host functions (for example, a host to guests) will not work if the " -"virtual host system is Salt SSH-based." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:100 -#, no-wrap -msgid "For More Information" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:103 -msgid "For more information, see" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:105 -msgid "https://wiki.microfocus.com/index.php/SUSE_Manager/SaltSSHServerPush" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:105 -msgid "https://docs.saltstack.com/en/latest/topics/ssh/" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/spacewalk-repo-sync.adoc:2 -#, no-wrap -msgid "spacewalk-repo-sync" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:12 -msgid "" -"spacewalk-repo-sync is a command line tool for {productname}. It performs " -"the following functions." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:14 -#, no-wrap -msgid "**Copies a repo’s metadata to the database**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:15 -#, no-wrap -msgid "**Copies a repo’s RPM files to the file system**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/spacewalk-repo-sync.adoc:18 -#, no-wrap -msgid "spacewalk-repo-sync --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:21 -msgid "" -"__The following options are available for the *spacewalk-repo-sync* tool:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/spacewalk-repo-sync.adoc:25 -#, no-wrap -msgid "" -"spacewalk-repo-sync --help\n" -"Usage: spacewalk-repo-sync [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/spacewalk-repo-sync.adoc:67 -#, no-wrap -msgid "" -"Options:\n" -" -h, --help show this help message and exit\n" -" -l, --list List the custom channels with the associated\n" -" repositories.\n" -" -s, --show-packages List all packages in a specified channel.\n" -" -u URL, --url=URL The url of the repository. Can be used multiple times.\n" -" -c CHANNEL_LABEL, --channel=CHANNEL_LABEL\n" -" The label of the channel to sync packages to. Can be\n" -" used multiple times.\n" -" -p PARENT_LABEL, --parent-channel=PARENT_LABEL\n" -" Synchronize the parent channel and all its child\n" -" channels.\n" -" -d, --dry-run Test run. No sync takes place.\n" -" --latest Sync latest packages only. Use carefully - you might\n" -" need to fix some dependencies on your own.\n" -" -g CONFIG, --config=CONFIG\n" -" Configuration file\n" -" -t REPO_TYPE, --type=REPO_TYPE\n" -" Force type of repository (\"yum\", \"uln\" and \"deb\" are\n" -" supported)\n" -" -f, --fail If a package import fails, fail the entire operation\n" -" -n, --non-interactive\n" -" Do not ask anything, use default answers\n" -" -i FILTERS, --include=FILTERS\n" -" Comma or space separated list of included packages or\n" -" package groups.\n" -" -e FILTERS, --exclude=FILTERS\n" -" Comma or space separated list of excluded packages or\n" -" package groups.\n" -" --email e-mail a report of what was synced/imported\n" -" --traceback-mail=TRACEBACK_MAIL\n" -" alternative email address(es) for sync output (--email\n" -" option)\n" -" --no-errata Do not sync errata\n" -" --no-packages Do not sync packages\n" -" --sync-kickstart Sync kickstartable tree\n" -" --force-all-errata Process metadata of all errata, not only missing.\n" -" --batch-size=BATCH_SIZE\n" -" max. batch size for package import (debug only)\n" -" -Y, --deep-verify Do not use cached package checksums\n" -" -v, --verbose Verbose output. Possible to accumulate: -vvv\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:72 -msgid "_Logs for the **spacewalk-repo-sync** tool are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/spacewalk-repo-sync.adoc:75 -#, no-wrap -msgid "/var/log/rhn/reposync/*\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/syncing-repositories.adoc:1 -#, no-wrap -msgid "Repository Synchronization" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/taskomatic.adoc:2 -#, no-wrap -msgid "Taskomatic" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:10 -msgid "" -"Taskomatic is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:12 -#, no-wrap -msgid "**Taskomatic handles most background jobs**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:13 -#, no-wrap -msgid "**Patch applicability status refresh**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:14 -#, no-wrap -msgid "**Server side scheduling**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:15 -#, no-wrap -msgid "**SSH push**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:16 -#, no-wrap -msgid "**Cobbler database sync**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:17 -#, no-wrap -msgid "**Repository synchronization and repository metadata generation**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:18 -#, no-wrap -msgid "**CVE audit pre-computation**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:19 -#, no-wrap -msgid "**Cleanup Jobs**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:20 -#, no-wrap -msgid "**Checks on clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:24 -msgid "__Log files for taskomatic are located in:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/taskomatic.adoc:28 -#, no-wrap -msgid "" -"/var/log/rhn/rhn_taskomatic_daemon.log\n" -"/var/log/rhn/reposync/*\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/tomcat.adoc:2 -#, no-wrap -msgid "Apache Tomcat" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:10 -msgid "" -"Apache Tomcat is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:12 -#, no-wrap -msgid "**Contains servlet (Java) applications**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:13 -#, no-wrap -msgid "**The most important servlet is the RHN servlet:**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:14 -#, no-wrap -msgid "**Handles the majority of the Web UI**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:15 -#, no-wrap -msgid "**Public XMLRPC API**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:19 -msgid "__Logs for Apache Tomcat are located in:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/tomcat.adoc:25 -#, no-wrap -msgid "" -"/var/log/rhn/rhn_web_ui.log\n" -"/var/log/rhn/rhn_web_api.log\n" -"/var/log/tomcat/catalina.out\n" -"/var/log/tomcat/catalina.*.log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/tools-repositories.adoc:1 -#, no-wrap -msgid "Tool Repositories" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-contact-method-overview.adoc:2 -#, no-wrap -msgid "Traditional Contact Methods" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/traditional-contact-method-overview.adoc:7 -#, no-wrap -msgid "Selecting a Contact Method" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-contact-method-overview.adoc:13 -msgid "" -"The contact method you select will depend on your network infrastructure. " -"The following sections provide a starting point for selecting a method which " -"best suits your network environment." -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-osad.adoc:2 -#, no-wrap -msgid "Traditional Contact Method (osad)" -msgstr "" - -#. FIXME: check whether the same applies for the timer -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:12 -msgid "" -"OSAD is an alternative contact method between {productname} and its " -"clients. By default, {productname} uses [systemitem]``rhnsd``, which " -"contacts the server every four hours to execute scheduled actions. OSAD " -"allows registered client systems to execute scheduled actions immediately." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:14 -msgid "OSAD has several distinct components:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:16 -msgid "" -"The [systemitem]``osa-dispatcher`` service runs on the server, and uses " -"database checks to determine if clients need to be pinged, or if actions " -"need to be executed." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:18 -msgid "" -"The [systemitem]``osad`` service runs on the client. It responds to pings " -"from [systemitem]``osa-dispatcher`` and runs [command]``mgr_check`` to " -"execute actions when directed to do so." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:21 -msgid "" -"The [systemitem]``jabberd`` service is a daemon that uses the " -"[systemitem]``XMPP`` protocol for communication between the client and the " -"server. The [systemitem]``jabberd`` service also handles authentication." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:24 -msgid "" -"The [command]``mgr_check`` tool runs on the client to execute actions. It " -"is triggered by communication from the [systemitem]``osa-dispatcher`` " -"service." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:30 -msgid "" -"The [systemitem]``osa-dispatcher`` periodically runs a query to check when " -"clients last showed network activity. If it finds a client that has not " -"shown activity recently, it will use [systemitem]``jabberd`` to ping all " -"[systemitem]``osad`` instances running on all clients registered with your " -"{productname} server. The [systemitem]``osad`` instances respond to the " -"ping using [systemitem]``jabberd``, which is running in the background on " -"the server. When the [systemitem]``osa-dispatcher`` receives the response, " -"it marks the client as online. If the [systemitem]``osa-dispatcher`` fails " -"to receive a response within a certain period of time, it marks the client " -"as offline." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:34 -msgid "" -"When you schedule actions on an OSAD-enabled system, the task will be " -"carried out immediately. The [systemitem]``osa-dispatcher`` periodically " -"checks clients for actions that need to be executed. If an outstanding " -"action is found, it uses [systemitem]``jabberd`` to execute " -"[command]``mgr_check`` on the client, which will then execute the action." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-osad.adoc:35 -#, no-wrap -msgid "osad Contact Method" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/traditional-osad.adoc:36 -#, no-wrap -msgid "dia-osad.png" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/traditional-osad.adoc:40 -#, no-wrap -msgid "Enabling and Configuring OSAD" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:43 -msgid "" -"This section covers enabling the [systemitem]``osa-dispatcher`` and " -"[systemitem]``osad`` services, and performing initial setup." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:45 -msgid "" -"OSAD clients use the fully qualified domain name (FQDN) of the server to " -"communicate with the [systemitem]``osa-dispatcher`` service." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:50 -msgid "" -"SSL is required for [systemitem]``osad`` communication. If SSL certificates " -"are not available, the daemon on your client systems will fail to connect. " -"Make sure your firewall rules are set to allow the required ports. For more " -"information, see pass:c[xref:tab.install.ports.server[Server Ports]]." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-osad.adoc:51 -#, no-wrap -msgid "Procedure: Enabling OSAD" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:53 -msgid "" -"On your {productname} server, as the root user, start the [systemitem]``osa-" -"dispatcher`` service:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-osad.adoc:57 -#, no-wrap -msgid "systemctl start osa-dispatcher\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:62 -msgid "" -"On each client machine, install the [systemitem]``mgr-osad`` package from " -"the [systemitem]``Tools`` child channel. The [systemitem]``mgr-osad`` " -"package should be installed on clients only. If you install the " -"[systemitem]``mgr-osad`` package on your {productname} Server, it will " -"conflict with the [systemitem]``osa-dispatcher`` package." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:64 -msgid "" -"On the client systems, as the root user, start the [systemitem]``osad`` " -"service:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-osad.adoc:68 -#, no-wrap -msgid "systemctl start osad\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:71 -msgid "" -"Because [systemitem]``osad`` and [systemitem]``osa-dispatcher`` are run as " -"services, you can use standard commands to manage them, including " -"[command]``stop``, [command]``restart``, and [command]``status``." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-osad.adoc:72 -#, no-wrap -msgid "Configuration and Log Files" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:75 -msgid "" -"Each OSAD component is configured by local configuration files. We " -"recommend you keep the default configuration parameters for all OSAD " -"components." -msgstr "" - -#. type: Table -#: modules/architecture/pages/traditional-osad.adoc:83 -#, no-wrap -msgid "" -"| Component | Location | Path to Configuration File\n" -"| [systemitem]``osa-dispatcher`` | Server | [path]``/etc/rhn/rhn.conf`` Section: [systemitem]``OSA configuration``\n" -"| [systemitem]``osad`` | Client | [path]``/etc/sysconfig/rhn/osad.conf`` [path]``/etc/syseconfig/rhn/up2date``\n" -"| [systemitem]``osad`` log file | Client | [path]``/var/log/osad``\n" -"| [systemitem]``jabberd`` log file | Both | [path]``/var/log/messages``\n" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-osad.adoc:86 -#, no-wrap -msgid "Troubleshooting OSAD" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:88 -msgid "" -"If your OSAD clients cannot connect to the server, or if the " -"[systemitem]``jabberd`` service takes a lot of time responding to port 5552, " -"it could be because you have exceeded the open file count." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:91 -msgid "" -"Every client needs one always-open TCP connection to the server, which " -"consumes a single file handler. If the number of file handlers currently " -"open exceeds the maximum number of files that [systemitem]``jabberd`` is " -"allowed to use, [systemitem]``jabberd`` will queue the requests, and refuse " -"connections." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:93 -msgid "" -"To resolve this issue, you can increase the file limits for " -"[systemitem]``jabberd`` by editing the [path]``/etc/security/limits.conf`` " -"configuration file and adding these lines:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-osad.adoc:97 -#, no-wrap -msgid "" -"jabbersoftnofile5100\n" -"jabberhardnofile6000\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:101 -msgid "" -"Calculate the limits required for your environment by adding 100 to the " -"number of clients for the soft limit, and 1000 to the current number of " -"clients for the soft limit. In the example above, we have assumed 500 " -"current clients, so the soft limit is 5100, and the hard limit is 6000." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:103 -msgid "" -"You will also need to update the [systemitem]``max_fds`` parameter in the " -"[path]``/etc/jabberd/c2s.xml`` file with your chosen hard limit:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-osad.adoc:106 -#, no-wrap -msgid "6000\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-overview.adoc:1 -#, no-wrap -msgid "Traditional Architecture" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-overview.adoc:8 -#, no-wrap -msgid "The Traditional Stack" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-overview.adoc:9 -msgid "image:dia-traditional-stack.png[]" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-rhnsd.adoc:2 -#, no-wrap -msgid "Traditional Contact Method (rhnsd)" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:6 -msgid "" -"For background information, see xref:architecture:rhnsd.adoc[]. *rhnsd* is " -"used non-systemd systems; on later systems, a systemd timer " -"([systemitem]``rhnsd.timer``) is used." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:8 -msgid "" -"The daemon is started by /etc/init.d/rhnsd, it does not use rhnsd.service." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/traditional-rhnsd.adoc:12 -#, no-wrap -msgid "The Default Contact Method" -msgstr "" - -#. FIXME: check it with the systemd.timer -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:17 -msgid "" -"The {productname} *rhnsd* daemon runs on client systems and periodically " -"connects with {productname} to check for new updates and notifications. The " -"daemon, which runs in the background, is started by *rhnsd.service*." -msgstr "" - -#. By default, it will check every 4 hours for new actions, therefore it may take some time for your clients to begin updating after actions have been scheduled for them. -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:25 -msgid "" -"To check for updates, *rhnsd* runs the external *mgr_check* program located " -"in `/usr/sbin/`. This is a small application that establishes the network " -"connection to {productname}. The SUSE Manager daemon does not listen on any " -"network ports or talk to the network directly. All network activity is done " -"via the *mgr_check* utility." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-rhnsd.adoc:26 -#, no-wrap -msgid "Auto accepting (EULAs)" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/traditional-rhnsd.adoc:31 -msgid "" -"When new packages or updates are installed on the client using " -"{productname}, any end user licence agreements (EULAs) are automatically " -"accepted. To review a package EULA, open the package detail page in the " -"{webui}." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:35 -msgid "" -"This figure provides an overview of the default *rhnsd* process path. All " -"items left of the *Python XMLRPC server* block represent processes running " -"on an {productname} client." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-rhnsd.adoc:36 -#, no-wrap -msgid "rhnsd Contact Method" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/traditional-rhnsd.adoc:37 -#, no-wrap -msgid "dia-rhnsd-taigon.png" -msgstr "" - -#. type: Title === -#: modules/architecture/pages/traditional-rhnsd.adoc:41 -#, no-wrap -msgid "Configuring {productname} rhnsd Daemon" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:44 -msgid "" -"The {productname} daemon can be configured by editing the file on the client:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-rhnsd.adoc:47 -#, no-wrap -msgid "/etc/sysconfig/rhn/rhnsd\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:53 -msgid "" -"This is the configuration file the rhnsd initialization script uses. An " -"important parameter for the daemon is its check-in frequency. The default " -"interval time is four hours (240 minutes). If you modify the configuration " -"file, you must as {rootuser} restart the daemon with:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-rhnsd.adoc:56 -#, no-wrap -msgid "/etc/init.d/rhnsd restart\n" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-rhnsd.adoc:58 -#, no-wrap -msgid "Minimum Allowed Check-in Parameter" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/traditional-rhnsd.adoc:62 -msgid "" -"The minimum allowed time interval is one hour (60 minutes). If you set the " -"interval below one hour, it will change back to the default of 4 hours " -"(240 minutes)." -msgstr "" - -#. type: Title === -#: modules/architecture/pages/traditional-rhnsd.adoc:64 -#, no-wrap -msgid "Viewing rhnsd Daemon Status" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:67 -msgid "As the {ruser} you may view the status of rhnsd by typing the command:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-rhnsd.adoc:69 -#, no-wrap -msgid "/etc/init.d/rhnsd status\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-ssh-pull.adoc:1 -#, no-wrap -msgid "Traditional SSH Pull" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-ssh-push.adoc:1 -#, no-wrap -msgid "Traditional SSH Push" -msgstr "" - -#. type: Title = -#: modules/architecture/nav-architecture-components-guide.adoc:5 -#, no-wrap -msgid "Architecture Guide: {productname} {productnumber}" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:16 -msgid "xref:architecture-intro.adoc[Architecture Guide]" -msgstr "" - -#. The Salt Stack -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:18 -msgid "xref:architecture-legend.adoc[Legend]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:19 -msgid "xref:salt-overview.adoc[Salt]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:20 -msgid "xref:salt-core-components.adoc[Core Salt Components]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:21 -msgid "xref:salt-data-locations.adoc[Salt Data Locations]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:22 -msgid "xref:salt-contact-method-overview.adoc[Salt Contact Methods]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:25 -msgid "xref:salt-ssh-push-tunnel.adoc[Salt SSH Push & Tunnel]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:26 -msgid "xref:salt-bootstrapping-ui.adoc[Salt Bootstrapping WebUI]" -msgstr "" - -#. The Traditional Stack -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:28 -msgid "xref:salt-onboarding-and-registration.adoc[Onboarding and Registration]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:29 -msgid "xref:traditional-overview.adoc[Traditional]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:30 -msgid "xref:traditional-contact-method-overview.adoc[Contact Methods]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:31 -msgid "xref:traditional-rhnsd.adoc[rhnsd]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:32 -msgid "xref:traditional-osad.adoc[osad]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:33 -msgid "xref:traditional-ssh-push.adoc[SSH Push]" -msgstr "" - -#. Repositories -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:35 -msgid "xref:traditional-ssh-pull.adoc[SSH Pull]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:36 -msgid "xref:repositories-overview.adoc[Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:37 -msgid "xref:pool-repositories.adoc[Pool Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:38 -msgid "xref:devel-repositories.adoc[Devel Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:39 -msgid "xref:tools-repositories.adoc[Tools Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:40 -msgid "xref:maintenance-repositories.adoc[Maintenance Repositories]" -msgstr "" - -#. Component Index -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:42 -msgid "xref:syncing-repositories.adoc[Syncing Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:43 -msgid "xref:components-overview.adoc[Component Index]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:44 -msgid "xref:apache.adoc[Apache httpd]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:45 -msgid "xref:tomcat.adoc[Tomcat]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:46 -msgid "xref:python-xmlrpc-server.adoc[Python XMLRPC Server]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:47 -msgid "xref:taskomatic.adoc[Taskomatic]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:48 -msgid "xref:database.adoc[Database]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:49 -msgid "xref:mgr-sync.adoc[mgr-sync]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:50 -msgid "xref:spacewalk-repo-sync.adoc[spacewalk-repo-sync]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:51 -msgid "xref:osa-dispatcher.adoc[osa-dispatcher]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:52 -msgid "xref:jabberd.adoc[jabberd]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:53 -msgid "xref:mgr_check.adoc[mgr_check]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:54 -msgid "xref:plugin-zypp-spacewalk.adoc[zypp-plugin-spacewalk]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:55 -msgid "xref:rhnsd.adoc[rhnsd]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:56 -msgid "xref:osad.adoc[osad]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:57 -msgid "xref:salt-master.adoc[salt-master]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:58 -msgid "xref:salt-api.adoc[salt-api]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:59 -msgid "xref:salt-minion.adoc[salt-minion]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:59 -msgid "xref:salt-broker.adoc[salt-broker]" -msgstr "" diff --git a/l10n-weblate/architecture/es.po b/l10n-weblate/architecture/es.po deleted file mode 100644 index 358e32085cd..00000000000 --- a/l10n-weblate/architecture/es.po +++ /dev/null @@ -1,2565 +0,0 @@ -# SOME DESCRIPTIVE TITLE -# Copyright (C) YEAR Free Software Foundation, Inc. -# This file is distributed under the same license as the PACKAGE package. -# FIRST AUTHOR , YEAR. -# -msgid "" -msgstr "" -"Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2020-06-14 00:54+0200\n" -"PO-Revision-Date: 2020-09-01 09:08+0000\n" -"Last-Translator: Pau Garcia Quiles \n" -"Language-Team: Spanish \n" -"Language: es\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Weblate 3.6.1\n" - -#. type: Title = -#: modules/architecture/pages/apache.adoc:2 -#, no-wrap -msgid "Apache" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/apache.adoc:9 -#, no-wrap -msgid "Functions" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:12 -msgid "" -"Apache is a primary component of {productname}. It performs the following " -"functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:14 -#, no-wrap -msgid "**Handles HTTP(S) communication**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:15 -#, no-wrap -msgid "**Serves Static Files**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:16 -#, no-wrap -msgid "**HTTP gateway to: Apache Tomcat, the Python XMLRPC server and Cobbler**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/apache.adoc:17 -#, no-wrap -msgid "Log Files" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:20 -msgid "_Logs for Apache are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/apache.adoc:23 -#, no-wrap -msgid "/var/log/apache2/error_log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/architecture-legend.adoc:1 -#, no-wrap -msgid "Component Legend" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:4 -msgid "" -"These diagram components will be used in the following sections explaining " -"the architecture of {productname}. Components in {productname} can " -"communicate in three ways:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:6 -msgid "One way" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:7 -msgid "Two way" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:8 -msgid "Scheduled (time based)" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/architecture-legend.adoc:11 -#, no-wrap -msgid "Types of Components" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:14 -#, no-wrap -msgid "One Way" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:17 -msgid "Components that communicate in only one direction are represented by:" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:18 -#, no-wrap -msgid "One way communication between components" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/architecture-legend.adoc:20 -#, no-wrap -msgid "dia-one-way-component.png" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:24 -#, no-wrap -msgid "Two Way" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:27 -msgid "Components that communicate in both directions are represented by:" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:28 -#, no-wrap -msgid "Two way communication between components" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/architecture-legend.adoc:30 -#, no-wrap -msgid "dia-two-way-component.png" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:34 -#, no-wrap -msgid "Database Connections" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:37 -msgid "" -"A component that reads and writes to the database communicates in both " -"directions are represented by:" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:38 -#, no-wrap -msgid "Two way communication between a component and the database(read and write)" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/architecture-legend.adoc:40 -#, no-wrap -msgid "dia-database-communication.png" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:44 -#, no-wrap -msgid "Scheduled (Time based)" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:47 -msgid "Components that run on a schedule are represented by:" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:48 -#, no-wrap -msgid "Component that runs on a schedule" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/architecture-legend.adoc:50 -#, no-wrap -msgid "dia-component-schedule.png" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/components-overview.adoc:2 -#, no-wrap -msgid "Introduction" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/components-overview.adoc:4 -msgid "Description..." -msgstr "" - -#. type: Title = -#: modules/architecture/pages/database.adoc:2 -#, no-wrap -msgid "Database" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/database.adoc:11 -msgid "" -"The database is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/database.adoc:13 -#, no-wrap -msgid "**Primarily stores application data**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/database.adoc:14 -#, no-wrap -msgid "**Functions as a data exchange area between components**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/database.adoc:17 -msgid "_Logs for the database are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/database.adoc:20 -#, no-wrap -msgid "/var/lib/pgsql/data/pg_log/*\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/devel-repositories.adoc:1 -#, no-wrap -msgid "Devel Repositories" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/jabberd.adoc:2 -#, no-wrap -msgid "jabberd" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/jabberd.adoc:9 -msgid "" -"jabberd is a component of {productname}. It performs the following function " -"in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/jabberd.adoc:11 -#, no-wrap -msgid "**Implements the Jabber (XMPP) protocol that osa-dispatcher uses**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/jabberd.adoc:14 -msgid "_Logs for jabberd are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/jabberd.adoc:17 -#, no-wrap -msgid "/var/log/messages\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/maintenance-repositories.adoc:1 -#, no-wrap -msgid "Maintenance Repositories" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/mgr-sync.adoc:2 -#, no-wrap -msgid "mgr-sync" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr-sync.adoc:13 -#, no-wrap -msgid "" -"*mgr-sync* is a command line tool for {productname}.\n" -"It performs the following function.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr-sync.adoc:15 -#, no-wrap -msgid "**mgr-sync is a command line tool that synchronizes with {scc}(SCC) and retrieves data and package repositories.**\n" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/mgr-sync.adoc:17 -#, no-wrap -msgid "mgr-sync and Open Source Distributions" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/mgr-sync.adoc:20 -msgid "" -"__This tool is designed for use with a support subscription or trial account " -"with {scc}. It is not required for open source distributions(OpenSUSE Leap , " -"CentOS, Ubuntu, etc.).__" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/mgr-sync.adoc:22 -#, no-wrap -msgid "mgr-sync --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr-sync.adoc:25 -msgid "__The following options are available for the *mgr-sync* command:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:30 -#, no-wrap -msgid "" -"mgr-sync --help\n" -"usage: mgr-sync [-h] [--version] [-v] [-s] [-d {1,2,3}]\n" -" {list,add,refresh,delete} ...\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:32 -#, no-wrap -msgid "Synchronize SUSE Manager repositories.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:41 -#, no-wrap -msgid "" -"optional arguments:\n" -" -h, --help show this help message and exit\n" -" --version Print mgr-sync version\n" -" -v, --verbose Be verbose\n" -" -s, --store-credentials\n" -" Store credentials to the local dot file.\n" -" -d {1,2,3}, --debug {1,2,3}\n" -" Log additional debug information depending on DEBUG\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:49 -#, no-wrap -msgid "" -"Subcommands:\n" -" {list,add,refresh,delete}\n" -" list List channels, SCC organization credentials or\n" -" products\n" -" add add channels, SCC organization credentials or products\n" -" refresh Refresh product, channel and subscription\n" -" delete Delete SCC organization credentials\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr-sync.adoc:54 -msgid "_Logs for the mgr-sync tool are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:58 -#, no-wrap -msgid "" -"/var/log/rhn/mgr-sync.log\n" -"/var/log/rhn/rhn_web_api.log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/mgr_check.adoc:2 -#, no-wrap -msgid "mgr_check" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr_check.adoc:11 -#, no-wrap -msgid "*mgr_check* is a primary component of {productname}. It performs the following functions in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr_check.adoc:13 -#, no-wrap -msgid "**Client-side command line tool for legacy clients that checks for actions on the server and executes them**\n" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/mgr_check.adoc:15 -#, no-wrap -msgid "mgr_check and rhn_check" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/mgr_check.adoc:19 -#, no-wrap -msgid "" -"*mgr_check* is symlinked to *rhn_check* in `/usr/sbin/`.\n" -"Both _mgr_check_ and _rhn_check_ can be used for checking for actions on the server.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr_check.adoc:22 -#, no-wrap -msgid "lrwxrwxrwx 1 root root 9 Sep 9 09:05 mgr_check -> rhn_check*\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/mgr_check.adoc:25 -#, no-wrap -msgid "mgr_check --help" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/mgr_check.adoc:27 -msgid "" -"__The following options are available for the *rhn_check* on your legacy " -"clients:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr_check.adoc:31 -#, no-wrap -msgid "" -"mgr_check --help\n" -"Usage: rhn_check [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr_check.adoc:43 -#, no-wrap -msgid "" -"Options:\n" -" -v, --verbose Show additional output. Repeat for more detail.\n" -" --proxy=PROXY Specify an http proxy to use\n" -" --proxyUser=PROXYUSER\n" -" Specify a username to use with an authenticated http\n" -" proxy\n" -" --proxyPassword=PROXYPASSWORD\n" -" Specify a password to use with an authenticated http\n" -" proxy\n" -" --version show program's version number and exit\n" -" -h, --help show this help message and exit\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr_check.adoc:47 -msgid "_Logs for the *mgr_check* are located on your legacy clients in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr_check.adoc:50 -#, no-wrap -msgid "/var/log/up2date\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/osa-dispatcher.adoc:2 -#, no-wrap -msgid "osa-dispatcher" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osa-dispatcher.adoc:11 -#, no-wrap -msgid "*osa-dispatcher* is a component of {productname}. It performs the following function in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osa-dispatcher.adoc:13 -#, no-wrap -msgid "**Monitors database for actions, informing osad clients when they need to run them**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/osa-dispatcher.adoc:14 -#, no-wrap -msgid "osa-dispatcher --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osa-dispatcher.adoc:16 -msgid "__The following options are available for the *osa-dispatcher*:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osa-dispatcher.adoc:20 -#, no-wrap -msgid "" -"osa-dispatcher --help\n" -"Usage: osa-dispatcher [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osa-dispatcher.adoc:27 -#, no-wrap -msgid "" -"Options:\n" -" -v, --verbose Increase verbosity\n" -" -N, --nodetach Suppress backgrounding and detachment of the process\n" -" --pid-file=PID_FILE Write to this PID file\n" -" --logfile=LOGFILE Write log information to this file\n" -" -h, --help show this help message and exit\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osa-dispatcher.adoc:33 -msgid "_Logs for the *osa-dispatcher* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osa-dispatcher.adoc:36 -#, no-wrap -msgid "/var/log/rhn/osa_dispatcher.log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/osad.adoc:2 -#, no-wrap -msgid "osad" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:12 -#, no-wrap -msgid "*osad* is a primary component of {productname}. It performs the following functions in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:14 -#, no-wrap -msgid "**Client-side daemon for legacy clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:15 -#, no-wrap -msgid "**Calls mgr_check(rhn_check) when notified by Jabber**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/osad.adoc:18 -#, no-wrap -msgid "osad --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:21 -msgid "" -"The following options are available for use with *osad* on your legacy " -"clients:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osad.adoc:25 -#, no-wrap -msgid "" -"osad --help\n" -"Usage: osad [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osad.adoc:35 -#, no-wrap -msgid "" -"Options:\n" -" -v, --verbose Increase verbosity\n" -" -N, --nodetach Suppress backgrounding and detachment of the process\n" -" --pid-file=PID_FILE Write to this PID file\n" -" --logfile=LOGFILE Write log information to this file\n" -" --cfg=CFG Use this configuration file for defaults\n" -" --jabber-server=JABBER_SERVER\n" -" Primary jabber server to connect to\n" -" -h, --help show this help message and exit\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:42 -msgid "_Logs for *osad* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osad.adoc:45 -#, no-wrap -msgid "/var/log/osad\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:2 -#, no-wrap -msgid "zypp-plugin-spacewalk" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:12 -#, no-wrap -msgid "*zypp-plugin-spacewalk* is a component of {productname}. It performs the following functions in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:14 -#, no-wrap -msgid "**Client-side add-on to zypper for legacy clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:15 -#, no-wrap -msgid "**Exposes SUSE Manager channels as zypper repositories**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:16 -#, no-wrap -msgid "**The plugin is not required on salt-minions**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:22 -msgid "" -"_Logs for the *zypp-plugin-spacewalk* are located on your legacy clients in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:26 -#, no-wrap -msgid "" -"/var/log/zypper.log\n" -"/var/log/zypp/*\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/pool-repositories.adoc:1 -#, no-wrap -msgid "Pool Repositories" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/python-xmlrpc-server.adoc:2 -#, no-wrap -msgid "Python XMLRPC Server" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/python-xmlrpc-server.adoc:12 -msgid "" -"The Python XMLRPC Server is a primary component of {productname}. It " -"performs the following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/python-xmlrpc-server.adoc:14 -#, no-wrap -msgid "**Provides the private XMLRPC API**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/python-xmlrpc-server.adoc:15 -#, no-wrap -msgid "**Used primarily by client tools (mgr_check)**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/python-xmlrpc-server.adoc:21 -msgid "__Logs for the Python XMLRPC Server are located in:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/python-xmlrpc-server.adoc:25 -#, no-wrap -msgid "" -"/var/log/apache2/error_log\n" -"/var/log/rhn/rhn_server_xmlrpc.log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/repositories-overview.adoc:1 -#, no-wrap -msgid "Repository Types" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/rhnsd.adoc:2 -#, no-wrap -msgid "rhnsd" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:7 -#, no-wrap -msgid "" -"*rhnsd* is a client-side daemon for traditional clients only.\n" -"As of {productname} 4, it is only available on non-systemd systems ({sle} 11 and {rhnminrelease6}).\n" -"For later versions, a systemd timer ([systemitem]``rhnsd.timer``) is available.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:12 -#, no-wrap -msgid "*rhnsd* is a primary component of {productname}. It performs the following functions in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:14 -#, no-wrap -msgid "**Client-side daemon for traditional clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:15 -#, no-wrap -msgid "**Periodically calls mgr_check (symlinked to rhn_check)**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:16 -#, no-wrap -msgid "**Randomizes check time not to overload the server**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/rhnsd.adoc:19 -#, no-wrap -msgid "rhnsd --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:21 -msgid "" -"The following options are available for use with rhnsd on your legacy " -"clients:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/rhnsd.adoc:26 -#, no-wrap -msgid "" -"rhnsd --help\n" -"Usage: rhnsd [OPTION...]\n" -"Spacewalk Services Daemon\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/rhnsd.adoc:32 -#, no-wrap -msgid "" -" -f, --foreground Run in foreground\n" -" -i, --interval=MINS Connect to Spacewalk every MINS minutes\n" -" -?, --help Give this help list\n" -" --usage Give a short usage message\n" -" -V, --version Print program version\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/rhnsd.adoc:35 -#, no-wrap -msgid "" -"Mandatory or optional arguments to long options are also mandatory or optional\n" -"for any corresponding short options.\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-api.adoc:2 -#, no-wrap -msgid "salt-api" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:12 -msgid "" -"The *salt-api* is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:14 -#, no-wrap -msgid "**Internal API communicates the Java side of {productname} with the salt-master**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:15 -#, no-wrap -msgid "**Provides HTTPS and websocket interfaces with the salt-master**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:16 -#, no-wrap -msgid "**Handles the SSH connections to clients (SSH Push)**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-api.adoc:19 -#, no-wrap -msgid "salt-api --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:22 -msgid "" -"The following options are available for the *salt-api*. The following list " -"is not comprehensive, for more information see: http://docs.saltstack." -"com[The Saltstack Docs]" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:24 -#, no-wrap -msgid "**Options:**\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:28 -#, no-wrap -msgid "" -"salt-api --help\n" -"Usage: salt-api [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:30 -#, no-wrap -msgid "The Salt API system manages network API connectors for the Salt Master\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:42 -#, no-wrap -msgid "" -"Options:\n" -" --version show program's version number and exit\n" -" -V, --versions-report\n" -" Show program's dependencies version number and exit.\n" -" -h, --help show this help message and exit\n" -" -c CONFIG_DIR, --config-dir=CONFIG_DIR\n" -" Pass in an alternative configuration directory.\n" -" Default: '/etc/salt'.\n" -" -d, --daemon Run the salt-api as a daemon.\n" -" --pid-file=PIDFILE Specify the location of the pidfile. Default:\n" -" '/var/run/salt-api.pid'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:46 -#, no-wrap -msgid "" -" Logging Options:\n" -" Logging options which override any settings defined on the\n" -" configuration files.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:57 -#, no-wrap -msgid "" -" -l LOG_LEVEL, --log-level=LOG_LEVEL\n" -" Console logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -" --log-file=API_LOGFILE\n" -" Log file path. Default: '/var/log/salt/api'.\n" -" --log-file-level=LOG_LEVEL_LOGFILE\n" -" Logfile logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:60 -#, no-wrap -msgid "" -"You can find additional help about salt-api issuing \"man salt-api\" or on\n" -"http://docs.saltstack.com\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:65 -msgid "_Logs for *salt-api* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:69 -#, no-wrap -msgid "" -"/var/log/salt/master\n" -"/var/log/salt/api\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-bootstrapping-ui.adoc:1 -#, no-wrap -msgid "Boostrapping UI" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-broker.adoc:2 -#, no-wrap -msgid "salt-broker" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-broker.adoc:12 -msgid "" -"The *salt-broker* is a component of the {productname} proxy. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-broker.adoc:14 -#, no-wrap -msgid "**Used only in the {productname} Proxy for clients using pull method**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-broker.adoc:15 -#, no-wrap -msgid "**Forwards the ZeroMQ Salt channels from {productname} server to the proxy clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-broker.adoc:19 -msgid "_Logs for *salt-broker* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-broker.adoc:22 -#, no-wrap -msgid "/var/log/salt/broker\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-contact-method-overview.adoc:2 -#, no-wrap -msgid "Salt Contact Methods" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-contact-method-overview.adoc:5 -#, no-wrap -msgid "Choosing a Contact Method for Salt" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:9 -msgid "" -"{productname} provides several methods for communication between client and " -"server. All commands that the {productname} server sends to its clients " -"will be routed through one of these contact methods." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:12 -msgid "" -"The contact method you select for Salt will depend on your network " -"infrastructure. The following sections provide a starting point for " -"selecting a method which best suits your network environment." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:14 -msgid "xref:salt-pull.adoc[Salt Pull]" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:15 -msgid "xref:salt-ssh-push.adoc[Salt SSH Push]" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:15 -msgid "xref:salt-ssh-push-tunnel.adoc[Salt SSH Push and Tunnel]" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-core-components.adoc:1 -#, no-wrap -msgid "Core Salt Components" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-core-components.adoc:9 -msgid "Comming soon..." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-core-components.adoc:10 -#, no-wrap -msgid "Salt Core" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/salt-core-components.adoc:12 -#, no-wrap -msgid "dia-salt-stack-core-block.png" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-data-locations.adoc:2 -#, no-wrap -msgid "Salt Data and {productname}" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-data-locations.adoc:9 -#: modules/architecture/pages/salt-data-locations.adoc:13 -#, no-wrap -msgid "Salt Global Static Data" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-data-locations.adoc:12 -msgid "" -"Global static data *should not* be customized or edited by {productname} " -"users. This data is generated by the server." -msgstr "" - -#. type: Table -#: modules/architecture/pages/salt-data-locations.adoc:21 -#, no-wrap -msgid "" -"| Directory | Function\n" -"\n" -"| /usr/share/susemanager/salt/ | Custom modules, states, grains\n" -"| /usr/share/susemanager/pillar_data/ |\tGlobal pillar data\n" -"| /usr/share/susemanager/formulas/ | Formulas\n" -"| /usr/share/salt-formulas/ | Formulas (either for {productname} or stand-alone Salt)\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-data-locations.adoc:24 -#, no-wrap -msgid "Generated Data Per Client" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-data-locations.adoc:27 -msgid "" -"Generated data for clients *should not* be customized or edited by " -"{productname} users. This data is generated by the server." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-data-locations.adoc:28 -#: modules/architecture/pages/salt-data-locations.adoc:41 -#, no-wrap -msgid "Salt Generated Data Per Client" -msgstr "" - -#. type: Table -#: modules/architecture/pages/salt-data-locations.adoc:35 -#, no-wrap -msgid "" -"| Directory | Function\n" -"\n" -"| /srv/susemanager/pillar_data/\t | custom modules, states, grains\n" -"| /usr/share/susemanager/pillar_data/ |\tglobal pillar data\n" -"| /srv/susemanager/formulas_data/ | formulas\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-data-locations.adoc:37 -#, no-wrap -msgid "Custom Salt Data" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-data-locations.adoc:40 -msgid "" -"The following directories are reserved for use by users *and should be* " -"customized and edited by {productname} users. The custom salt data place " -"here will be calculated and combined with the content generated listed above " -"when running a highstate." -msgstr "" - -#. type: Table -#: modules/architecture/pages/salt-data-locations.adoc:48 -#, no-wrap -msgid "" -"| Directory | Function\n" -"\n" -"| /srv/salt/ | user defined custom modules, states, grains\n" -"| /srv/pillar/ | user defined global pillar data\n" -"| /srv/formula_metadata | user defined formulas\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-master.adoc:2 -#, no-wrap -msgid "salt-master" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:12 -msgid "" -"The *salt-master* is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:14 -#, no-wrap -msgid "**Core process of Salt on the server side**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:15 -#, no-wrap -msgid "**Provides communication with Salt clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:16 -#, no-wrap -msgid "**Handles Salt jobs, publishes to the Salt event Bus**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:17 -#, no-wrap -msgid "**Handles client responses**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:18 -#, no-wrap -msgid "**Manages states, highstates, pillar information, etc**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-master.adoc:20 -#, no-wrap -msgid "salt-master --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:23 -msgid "" -"The following options are available for the *salt-master*. The following " -"list is not comprehensive, for more information see: http://docs.saltstack." -"com[The Saltstack Docs]" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:29 -#, no-wrap -msgid "" -"salt-master --help\n" -"Usage: salt-master [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:31 -#, no-wrap -msgid "The Salt Master, used to control the Salt Clients\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:46 -#, no-wrap -msgid "" -"Options:\n" -" --version show program's version number and exit\n" -" -V, --versions-report\n" -" Show program's dependencies version number and exit.\n" -" -h, --help show this help message and exit\n" -" --saltfile=SALTFILE Specify the path to a Saltfile. If not passed, one\n" -" will be searched for in the current working directory.\n" -" -c CONFIG_DIR, --config-dir=CONFIG_DIR\n" -" Pass in an alternative configuration directory.\n" -" Default: '/etc/salt'.\n" -" -u USER, --user=USER Specify user to run salt-master.\n" -" -d, --daemon Run the salt-master as a daemon.\n" -" --pid-file=PIDFILE Specify the location of the pidfile. Default:\n" -" '/var/run/salt-master.pid'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:61 -#, no-wrap -msgid "" -" -l LOG_LEVEL, --log-level=LOG_LEVEL\n" -" Console logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -" --log-file=LOG_FILE\n" -" Log file path. Default: '/var/log/salt/master'.\n" -" --log-file-level=LOG_LEVEL_LOGFILE\n" -" Logfile logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:64 -#, no-wrap -msgid "" -"You can find additional help about salt-master issuing \"man salt-master\" or on\n" -"http://docs.saltstack.com\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:70 -msgid "_Logs for *salt-master* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:73 -#, no-wrap -msgid "/var/log/salt/master\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-minion.adoc:2 -#, no-wrap -msgid "salt-minion" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:12 -msgid "" -"The *salt-minion* is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:14 -#, no-wrap -msgid "**Client-side main process for Salt clients (only pull method)**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:15 -#, no-wrap -msgid "**Communicates the client with salt-master via Salt event bus (ZeroMQ)**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:16 -#, no-wrap -msgid "**Executes the actions received from the Salt master on the client (minion)**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-minion.adoc:18 -#, no-wrap -msgid "salt-minion --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:21 -msgid "" -"The following options are available for the *salt-minion*. The following " -"list is not comprehensive, for more information see: http://docs.saltstack." -"com[The Saltstack Docs]" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:27 -#, no-wrap -msgid "" -"salt-minion --help\n" -"Usage: salt-minion [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:29 -#, no-wrap -msgid "The Salt Minion, receives commands from a remote Salt Master\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:44 -#, no-wrap -msgid "" -"Options:\n" -" --version show program's version number and exit\n" -" -V, --versions-report\n" -" Show program's dependencies version number and exit.\n" -" -h, --help show this help message and exit\n" -" --saltfile=SALTFILE Specify the path to a Saltfile. If not passed, one\n" -" will be searched for in the current working directory.\n" -" -c CONFIG_DIR, --config-dir=CONFIG_DIR\n" -" Pass in an alternative configuration directory.\n" -" Default: '/etc/salt'.\n" -" -u USER, --user=USER Specify user to run salt-minion.\n" -" -d, --daemon Run the salt-minion as a daemon.\n" -" --pid-file=PIDFILE Specify the location of the pidfile. Default:\n" -" '/var/run/salt-minion.pid'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:59 -#, no-wrap -msgid "" -" -l LOG_LEVEL, --log-level=LOG_LEVEL\n" -" Console logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -" --log-file=LOG_FILE\n" -" Log file path. Default: '/var/log/salt/minion'.\n" -" --log-file-level=LOG_LEVEL_LOGFILE\n" -" Logfile logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:62 -#, no-wrap -msgid "" -"You can find additional help about salt-minion issuing \"man salt-minion\" or on\n" -"http://docs.saltstack.com\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:67 -msgid "_Logs for *salt-minion* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:70 -#, no-wrap -msgid "/var/log/salt/minion\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-onboarding-and-registration.adoc:1 -#, no-wrap -msgid "Onboarding and Registration" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-overview.adoc:1 -#, no-wrap -msgid "Salt Architecture" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-overview.adoc:9 -msgid "Some description..." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-overview.adoc:10 -#, no-wrap -msgid "Salt Stack Diagram" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-overview.adoc:11 -msgid "image:dia-salt-stack.png[]" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-pull.adoc:2 -#, no-wrap -msgid "Salt Pull" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-ssh-push-tunnel.adoc:2 -#, no-wrap -msgid "Salt SSH Push & Tunnel" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-ssh-push.adoc:2 -#, no-wrap -msgid "Salt SSH Push" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:10 -msgid "" -"Salt SSH Push is intended to be used in environments where your Salt clients " -"cannot reach the {productname} server directly to regularly checking in and, " -"for example, fetch package updates." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-ssh-push.adoc:11 -#, no-wrap -msgid "Push via SSH" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/salt-ssh-push.adoc:16 -msgid "" -"This feature is not related to Push via SSH for the traditional clients. " -"For Push via SSH, see pass:c[xref:bp.contact.methods.ssh.push[Salt SSH " -"Push]]." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:20 -#, no-wrap -msgid "Overview" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-ssh-push.adoc:22 -#, no-wrap -msgid "Push via Salt SSH Contact Method" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/salt-ssh-push.adoc:24 -#, no-wrap -msgid "salt-ssh-contact-taigon.png" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:32 -#, no-wrap -msgid "" -"Salt provides \"`Salt SSH`\"\n" -" ([command]``salt-ssh``), a feature to manage clients from a server.\n" -"It works without installing Salt related software on clients.\n" -"Using Salt SSH there is no need to have clients connected to the Salt master.\n" -"Using this as a {productname} connect method, this feature provides similar functionality for Salt clients as the traditional Push via SSH feature for traditional clients.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:34 -msgid "This feature allows:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:36 -msgid "" -"Managing Salt entitled systems with the Push via SSH contact method using " -"Salt SSH." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:37 -msgid "Bootstrapping such systems." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:40 -#, no-wrap -msgid "Requirements" -msgstr "Requisitos" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:43 -msgid "" -"SSH daemon must be running on the remote system and reachable by the " -"[systemitem]``salt-api`` daemon (typically running on the {productname} " -"server)." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:44 -msgid "" -"Python must be available on the remote system (Python must be supported by " -"the installed Salt). Currently: python 2.6." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-ssh-push.adoc:45 -#, no-wrap -msgid "Unsupported Systems" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/salt-ssh-push.adoc:50 -msgid "" -"{rhel} and CentOS versions <= 5 are not supported because they do not have " -"Python 2.6 by default." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:54 -#, no-wrap -msgid "Bootstrapping" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:57 -msgid "To bootstrap a Salt SSH system, proceed as follows:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:59 -msgid "" -"Open the menu:Bootstrap Minions[] dialog in the Web UI (menu:" -"Systems[Bootstrapping] )." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:60 -msgid "" -"Fill out the required fields. Select an menu:Activation Key[] with the menu:" -"Push via SSH[] contact method configured. For more information about " -"activation keys, see:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:61 -msgid "pass:c[xref:ref.webui.systems.activ-keys]." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:62 -msgid "Check the menu:Manage system completely via SSH[] option." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:63 -msgid "Confirm with clicking the menu:Bootstrap[] button." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:67 -msgid "" -"Now the system will be bootstrapped and registered in {productname}. If " -"done successfully, it will appear in the menu:Systems[] list." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:70 -#, no-wrap -msgid "Configuration" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:73 -msgid "There are two kinds of parameters for Push via Salt SSH:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:75 -msgid "" -"Bootstrap-time parameters {mdash} configured in the menu:Bootstrapping[] " -"page:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:76 -msgid "Host" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:77 -msgid "Activation key" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:78 -msgid "" -"Password {mdash} used only for bootstrapping, not saved anywhere; all future " -"SSH sessions are authorized via a key/certificate pair" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:79 -msgid "Persistent parameters {mdash} configured {productname}-wide:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:80 -msgid "sudo user {mdash} same as in pass:c[bp.contact.methods.ssh.push.sudo]." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:83 -#, no-wrap -msgid "Action Execution" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:88 -msgid "" -"The Push via Salt SSH feature uses a taskomatic job to execute scheduled " -"actions using [command]``salt-ssh``. The taskomatic job periodically checks " -"for scheduled actions and executes them. While on traditional clients with " -"SSH push configured only [command]``mgr_check`` is executed via SSH, the " -"Salt SSH push job executes a complete [command]``salt-ssh`` call based on " -"the scheduled action." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:91 -#, no-wrap -msgid "Known Limitation" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:94 -msgid "OpenSCAP auditing is not available on Salt SSH clients." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:95 -msgid "Beacons do not work with Salt SSH." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:96 -msgid "" -"Installing a package on a system using [command]``zypper`` will not invoke " -"the package refresh." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:97 -msgid "" -"Virtual Host functions (for example, a host to guests) will not work if the " -"virtual host system is Salt SSH-based." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:100 -#, no-wrap -msgid "For More Information" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:103 -msgid "For more information, see" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:105 -msgid "https://wiki.microfocus.com/index.php/SUSE_Manager/SaltSSHServerPush" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:105 -msgid "https://docs.saltstack.com/en/latest/topics/ssh/" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/syncing-repositories.adoc:1 -#, no-wrap -msgid "Repository Synchronization" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/taskomatic.adoc:2 -#, no-wrap -msgid "Taskomatic" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:10 -msgid "" -"Taskomatic is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:12 -#, no-wrap -msgid "**Taskomatic handles most background jobs**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:13 -#, no-wrap -msgid "**Patch applicability status refresh**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:14 -#, no-wrap -msgid "**Server side scheduling**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:15 -#, no-wrap -msgid "**SSH push**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:16 -#, no-wrap -msgid "**Cobbler database sync**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:17 -#, no-wrap -msgid "**Repository synchronization and repository metadata generation**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:18 -#, no-wrap -msgid "**CVE audit pre-computation**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:19 -#, no-wrap -msgid "**Cleanup Jobs**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:20 -#, no-wrap -msgid "**Checks on clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:24 -msgid "__Log files for taskomatic are located in:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/taskomatic.adoc:28 -#, no-wrap -msgid "" -"/var/log/rhn/rhn_taskomatic_daemon.log\n" -"/var/log/rhn/reposync/*\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/tomcat.adoc:2 -#, no-wrap -msgid "Apache Tomcat" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:10 -msgid "" -"Apache Tomcat is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:12 -#, no-wrap -msgid "**Contains servlet (Java) applications**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:13 -#, no-wrap -msgid "**The most important servlet is the RHN servlet:**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:14 -#, no-wrap -msgid "**Handles the majority of the Web UI**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:15 -#, no-wrap -msgid "**Public XMLRPC API**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:19 -msgid "__Logs for Apache Tomcat are located in:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/tomcat.adoc:25 -#, no-wrap -msgid "" -"/var/log/rhn/rhn_web_ui.log\n" -"/var/log/rhn/rhn_web_api.log\n" -"/var/log/tomcat/catalina.out\n" -"/var/log/tomcat/catalina.*.log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/tools-repositories.adoc:1 -#, no-wrap -msgid "Tool Repositories" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-contact-method-overview.adoc:2 -#, no-wrap -msgid "Traditional Contact Methods" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/traditional-contact-method-overview.adoc:7 -#, no-wrap -msgid "Selecting a Contact Method" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-contact-method-overview.adoc:13 -msgid "" -"The contact method you select will depend on your network infrastructure. " -"The following sections provide a starting point for selecting a method which " -"best suits your network environment." -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-osad.adoc:2 -#, no-wrap -msgid "Traditional Contact Method (osad)" -msgstr "" - -#. FIXME: check whether the same applies for the timer -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:12 -msgid "" -"OSAD is an alternative contact method between {productname} and its " -"clients. By default, {productname} uses [systemitem]``rhnsd``, which " -"contacts the server every four hours to execute scheduled actions. OSAD " -"allows registered client systems to execute scheduled actions immediately." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:14 -msgid "OSAD has several distinct components:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:16 -msgid "" -"The [systemitem]``osa-dispatcher`` service runs on the server, and uses " -"database checks to determine if clients need to be pinged, or if actions " -"need to be executed." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:18 -msgid "" -"The [systemitem]``osad`` service runs on the client. It responds to pings " -"from [systemitem]``osa-dispatcher`` and runs [command]``mgr_check`` to " -"execute actions when directed to do so." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:21 -msgid "" -"The [systemitem]``jabberd`` service is a daemon that uses the " -"[systemitem]``XMPP`` protocol for communication between the client and the " -"server. The [systemitem]``jabberd`` service also handles authentication." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:24 -msgid "" -"The [command]``mgr_check`` tool runs on the client to execute actions. It " -"is triggered by communication from the [systemitem]``osa-dispatcher`` " -"service." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:30 -msgid "" -"The [systemitem]``osa-dispatcher`` periodically runs a query to check when " -"clients last showed network activity. If it finds a client that has not " -"shown activity recently, it will use [systemitem]``jabberd`` to ping all " -"[systemitem]``osad`` instances running on all clients registered with your " -"{productname} server. The [systemitem]``osad`` instances respond to the " -"ping using [systemitem]``jabberd``, which is running in the background on " -"the server. When the [systemitem]``osa-dispatcher`` receives the response, " -"it marks the client as online. If the [systemitem]``osa-dispatcher`` fails " -"to receive a response within a certain period of time, it marks the client " -"as offline." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:34 -msgid "" -"When you schedule actions on an OSAD-enabled system, the task will be " -"carried out immediately. The [systemitem]``osa-dispatcher`` periodically " -"checks clients for actions that need to be executed. If an outstanding " -"action is found, it uses [systemitem]``jabberd`` to execute " -"[command]``mgr_check`` on the client, which will then execute the action." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-osad.adoc:35 -#, no-wrap -msgid "osad Contact Method" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/traditional-osad.adoc:36 -#, no-wrap -msgid "dia-osad.png" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/traditional-osad.adoc:40 -#, no-wrap -msgid "Enabling and Configuring OSAD" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:43 -msgid "" -"This section covers enabling the [systemitem]``osa-dispatcher`` and " -"[systemitem]``osad`` services, and performing initial setup." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:45 -msgid "" -"OSAD clients use the fully qualified domain name (FQDN) of the server to " -"communicate with the [systemitem]``osa-dispatcher`` service." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:50 -msgid "" -"SSL is required for [systemitem]``osad`` communication. If SSL certificates " -"are not available, the daemon on your client systems will fail to connect. " -"Make sure your firewall rules are set to allow the required ports. For more " -"information, see pass:c[xref:tab.install.ports.server[Server Ports]]." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-osad.adoc:51 -#, no-wrap -msgid "Procedure: Enabling OSAD" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:53 -msgid "" -"On your {productname} server, as the root user, start the [systemitem]``osa-" -"dispatcher`` service:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-osad.adoc:57 -#, no-wrap -msgid "systemctl start osa-dispatcher\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:62 -msgid "" -"On each client machine, install the [systemitem]``mgr-osad`` package from " -"the [systemitem]``Tools`` child channel. The [systemitem]``mgr-osad`` " -"package should be installed on clients only. If you install the " -"[systemitem]``mgr-osad`` package on your {productname} Server, it will " -"conflict with the [systemitem]``osa-dispatcher`` package." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:64 -msgid "" -"On the client systems, as the root user, start the [systemitem]``osad`` " -"service:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-osad.adoc:68 -#, no-wrap -msgid "systemctl start osad\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:71 -msgid "" -"Because [systemitem]``osad`` and [systemitem]``osa-dispatcher`` are run as " -"services, you can use standard commands to manage them, including " -"[command]``stop``, [command]``restart``, and [command]``status``." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-osad.adoc:72 -#, no-wrap -msgid "Configuration and Log Files" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:75 -msgid "" -"Each OSAD component is configured by local configuration files. We " -"recommend you keep the default configuration parameters for all OSAD " -"components." -msgstr "" - -#. type: Table -#: modules/architecture/pages/traditional-osad.adoc:83 -#, no-wrap -msgid "" -"| Component | Location | Path to Configuration File\n" -"| [systemitem]``osa-dispatcher`` | Server | [path]``/etc/rhn/rhn.conf`` Section: [systemitem]``OSA configuration``\n" -"| [systemitem]``osad`` | Client | [path]``/etc/sysconfig/rhn/osad.conf`` [path]``/etc/syseconfig/rhn/up2date``\n" -"| [systemitem]``osad`` log file | Client | [path]``/var/log/osad``\n" -"| [systemitem]``jabberd`` log file | Both | [path]``/var/log/messages``\n" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-osad.adoc:86 -#, no-wrap -msgid "Troubleshooting OSAD" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:88 -msgid "" -"If your OSAD clients cannot connect to the server, or if the " -"[systemitem]``jabberd`` service takes a lot of time responding to port 5552, " -"it could be because you have exceeded the open file count." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:91 -msgid "" -"Every client needs one always-open TCP connection to the server, which " -"consumes a single file handler. If the number of file handlers currently " -"open exceeds the maximum number of files that [systemitem]``jabberd`` is " -"allowed to use, [systemitem]``jabberd`` will queue the requests, and refuse " -"connections." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:93 -msgid "" -"To resolve this issue, you can increase the file limits for " -"[systemitem]``jabberd`` by editing the [path]``/etc/security/limits.conf`` " -"configuration file and adding these lines:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-osad.adoc:97 -#, no-wrap -msgid "" -"jabbersoftnofile5100\n" -"jabberhardnofile6000\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:101 -msgid "" -"Calculate the limits required for your environment by adding 100 to the " -"number of clients for the soft limit, and 1000 to the current number of " -"clients for the soft limit. In the example above, we have assumed 500 " -"current clients, so the soft limit is 5100, and the hard limit is 6000." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:103 -msgid "" -"You will also need to update the [systemitem]``max_fds`` parameter in the " -"[path]``/etc/jabberd/c2s.xml`` file with your chosen hard limit:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-osad.adoc:106 -#, no-wrap -msgid "6000\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-overview.adoc:1 -#, no-wrap -msgid "Traditional Architecture" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-overview.adoc:8 -#, no-wrap -msgid "The Traditional Stack" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-overview.adoc:9 -msgid "image:dia-traditional-stack.png[]" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-rhnsd.adoc:2 -#, no-wrap -msgid "Traditional Contact Method (rhnsd)" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:6 -msgid "" -"For background information, see xref:architecture:rhnsd.adoc[]. *rhnsd* is " -"used non-systemd systems; on later systems, a systemd timer " -"([systemitem]``rhnsd.timer``) is used." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:8 -msgid "" -"The daemon is started by /etc/init.d/rhnsd, it does not use rhnsd.service." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/traditional-rhnsd.adoc:12 -#, no-wrap -msgid "The Default Contact Method" -msgstr "" - -#. FIXME: check it with the systemd.timer -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:17 -msgid "" -"The {productname} *rhnsd* daemon runs on client systems and periodically " -"connects with {productname} to check for new updates and notifications. The " -"daemon, which runs in the background, is started by *rhnsd.service*." -msgstr "" - -#. By default, it will check every 4 hours for new actions, therefore it may take some time for your clients to begin updating after actions have been scheduled for them. -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:25 -msgid "" -"To check for updates, *rhnsd* runs the external *mgr_check* program located " -"in `/usr/sbin/`. This is a small application that establishes the network " -"connection to {productname}. The SUSE Manager daemon does not listen on any " -"network ports or talk to the network directly. All network activity is done " -"via the *mgr_check* utility." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-rhnsd.adoc:26 -#, no-wrap -msgid "Auto accepting (EULAs)" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/traditional-rhnsd.adoc:31 -msgid "" -"When new packages or updates are installed on the client using " -"{productname}, any end user licence agreements (EULAs) are automatically " -"accepted. To review a package EULA, open the package detail page in the " -"{webui}." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:35 -msgid "" -"This figure provides an overview of the default *rhnsd* process path. All " -"items left of the *Python XMLRPC server* block represent processes running " -"on an {productname} client." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-rhnsd.adoc:36 -#, no-wrap -msgid "rhnsd Contact Method" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/traditional-rhnsd.adoc:37 -#, no-wrap -msgid "dia-rhnsd-taigon.png" -msgstr "" - -#. type: Title === -#: modules/architecture/pages/traditional-rhnsd.adoc:41 -#, no-wrap -msgid "Configuring {productname} rhnsd Daemon" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:44 -msgid "" -"The {productname} daemon can be configured by editing the file on the client:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-rhnsd.adoc:47 -#, no-wrap -msgid "/etc/sysconfig/rhn/rhnsd\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:53 -msgid "" -"This is the configuration file the rhnsd initialization script uses. An " -"important parameter for the daemon is its check-in frequency. The default " -"interval time is four hours (240 minutes). If you modify the configuration " -"file, you must as {rootuser} restart the daemon with:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-rhnsd.adoc:56 -#, no-wrap -msgid "/etc/init.d/rhnsd restart\n" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-rhnsd.adoc:58 -#, no-wrap -msgid "Minimum Allowed Check-in Parameter" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/traditional-rhnsd.adoc:62 -msgid "" -"The minimum allowed time interval is one hour (60 minutes). If you set the " -"interval below one hour, it will change back to the default of 4 hours " -"(240 minutes)." -msgstr "" - -#. type: Title === -#: modules/architecture/pages/traditional-rhnsd.adoc:64 -#, no-wrap -msgid "Viewing rhnsd Daemon Status" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:67 -msgid "As the {ruser} you may view the status of rhnsd by typing the command:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-rhnsd.adoc:69 -#, no-wrap -msgid "/etc/init.d/rhnsd status\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-ssh-pull.adoc:1 -#, no-wrap -msgid "Traditional SSH Pull" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-ssh-push.adoc:1 -#, no-wrap -msgid "Traditional SSH Push" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-intro.adoc:5 -#, no-wrap -msgid "**Publication Date:** {docdate}\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/spacewalk-repo-sync.adoc:2 -#, no-wrap -msgid "spacewalk-repo-sync" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:12 -msgid "" -"spacewalk-repo-sync is a command line tool for {productname}. It performs " -"the following functions." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:14 -#, no-wrap -msgid "**Copies a repo’s metadata to the database**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:15 -#, no-wrap -msgid "**Copies a repo’s RPM files to the file system**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/spacewalk-repo-sync.adoc:18 -#, no-wrap -msgid "spacewalk-repo-sync --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:21 -msgid "" -"__The following options are available for the *spacewalk-repo-sync* tool:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/spacewalk-repo-sync.adoc:25 -#, no-wrap -msgid "" -"spacewalk-repo-sync --help\n" -"Usage: spacewalk-repo-sync [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/spacewalk-repo-sync.adoc:67 -#, no-wrap -msgid "" -"Options:\n" -" -h, --help show this help message and exit\n" -" -l, --list List the custom channels with the associated\n" -" repositories.\n" -" -s, --show-packages List all packages in a specified channel.\n" -" -u URL, --url=URL The url of the repository. Can be used multiple times.\n" -" -c CHANNEL_LABEL, --channel=CHANNEL_LABEL\n" -" The label of the channel to sync packages to. Can be\n" -" used multiple times.\n" -" -p PARENT_LABEL, --parent-channel=PARENT_LABEL\n" -" Synchronize the parent channel and all its child\n" -" channels.\n" -" -d, --dry-run Test run. No sync takes place.\n" -" --latest Sync latest packages only. Use carefully - you might\n" -" need to fix some dependencies on your own.\n" -" -g CONFIG, --config=CONFIG\n" -" Configuration file\n" -" -t REPO_TYPE, --type=REPO_TYPE\n" -" Force type of repository (\"yum\", \"uln\" and \"deb\" are\n" -" supported)\n" -" -f, --fail If a package import fails, fail the entire operation\n" -" -n, --non-interactive\n" -" Do not ask anything, use default answers\n" -" -i FILTERS, --include=FILTERS\n" -" Comma or space separated list of included packages or\n" -" package groups.\n" -" -e FILTERS, --exclude=FILTERS\n" -" Comma or space separated list of excluded packages or\n" -" package groups.\n" -" --email e-mail a report of what was synced/imported\n" -" --traceback-mail=TRACEBACK_MAIL\n" -" alternative email address(es) for sync output (--email\n" -" option)\n" -" --no-errata Do not sync errata\n" -" --no-packages Do not sync packages\n" -" --sync-kickstart Sync kickstartable tree\n" -" --force-all-errata Process metadata of all errata, not only missing.\n" -" --batch-size=BATCH_SIZE\n" -" max. batch size for package import (debug only)\n" -" -Y, --deep-verify Do not use cached package checksums\n" -" -v, --verbose Verbose output. Possible to accumulate: -vvv\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:72 -msgid "_Logs for the **spacewalk-repo-sync** tool are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/spacewalk-repo-sync.adoc:75 -#, no-wrap -msgid "/var/log/rhn/reposync/*\n" -msgstr "" - -#. type: Title = -#: modules/architecture/nav-architecture-components-guide.adoc:5 -#, no-wrap -msgid "Architecture Guide: {productname} {productnumber}" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:16 -msgid "xref:architecture-intro.adoc[Architecture Guide]" -msgstr "" - -#. The Salt Stack -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:18 -msgid "xref:architecture-legend.adoc[Legend]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:19 -msgid "xref:salt-overview.adoc[Salt]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:20 -msgid "xref:salt-core-components.adoc[Core Salt Components]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:21 -msgid "xref:salt-data-locations.adoc[Salt Data Locations]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:22 -msgid "xref:salt-contact-method-overview.adoc[Salt Contact Methods]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:25 -msgid "xref:salt-ssh-push-tunnel.adoc[Salt SSH Push & Tunnel]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:26 -msgid "xref:salt-bootstrapping-ui.adoc[Salt Bootstrapping WebUI]" -msgstr "" - -#. The Traditional Stack -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:28 -msgid "xref:salt-onboarding-and-registration.adoc[Onboarding and Registration]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:29 -msgid "xref:traditional-overview.adoc[Traditional]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:30 -msgid "xref:traditional-contact-method-overview.adoc[Contact Methods]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:31 -msgid "xref:traditional-rhnsd.adoc[rhnsd]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:32 -msgid "xref:traditional-osad.adoc[osad]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:33 -msgid "xref:traditional-ssh-push.adoc[SSH Push]" -msgstr "" - -#. Repositories -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:35 -msgid "xref:traditional-ssh-pull.adoc[SSH Pull]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:36 -msgid "xref:repositories-overview.adoc[Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:37 -msgid "xref:pool-repositories.adoc[Pool Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:38 -msgid "xref:devel-repositories.adoc[Devel Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:39 -msgid "xref:tools-repositories.adoc[Tools Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:40 -msgid "xref:maintenance-repositories.adoc[Maintenance Repositories]" -msgstr "" - -#. Component Index -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:42 -msgid "xref:syncing-repositories.adoc[Syncing Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:43 -msgid "xref:components-overview.adoc[Component Index]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:44 -msgid "xref:apache.adoc[Apache httpd]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:45 -msgid "xref:tomcat.adoc[Tomcat]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:46 -msgid "xref:python-xmlrpc-server.adoc[Python XMLRPC Server]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:47 -msgid "xref:taskomatic.adoc[Taskomatic]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:48 -msgid "xref:database.adoc[Database]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:49 -msgid "xref:mgr-sync.adoc[mgr-sync]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:50 -msgid "xref:spacewalk-repo-sync.adoc[spacewalk-repo-sync]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:51 -msgid "xref:osa-dispatcher.adoc[osa-dispatcher]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:52 -msgid "xref:jabberd.adoc[jabberd]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:53 -msgid "xref:mgr_check.adoc[mgr_check]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:54 -msgid "xref:plugin-zypp-spacewalk.adoc[zypp-plugin-spacewalk]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:55 -msgid "xref:rhnsd.adoc[rhnsd]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:56 -msgid "xref:osad.adoc[osad]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:57 -msgid "xref:salt-master.adoc[salt-master]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:58 -msgid "xref:salt-api.adoc[salt-api]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:59 -msgid "xref:salt-minion.adoc[salt-minion]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:59 -msgid "xref:salt-broker.adoc[salt-broker]" -msgstr "" diff --git a/l10n-weblate/architecture/zh_CN.po b/l10n-weblate/architecture/zh_CN.po deleted file mode 100644 index a92d4788de1..00000000000 --- a/l10n-weblate/architecture/zh_CN.po +++ /dev/null @@ -1,2563 +0,0 @@ -# Chinese translations for l package -# l 软件包的简体中文翻译 -# Copyright (C) 2020 Free Software Foundation, Inc. -# This file is distributed under the same license as the l package. -# Automatically generated, 2020. -# -msgid "" -msgstr "" -"Project-Id-Version: l 10n\n" -"POT-Creation-Date: 2020-08-24 02:24+0200\n" -"PO-Revision-Date: 2020-08-23 23:31+0200\n" -"Last-Translator: Automatically generated\n" -"Language-Team: none\n" -"Language: zh_CN\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" - -#. type: Title = -#: modules/architecture/pages/apache.adoc:2 -#, no-wrap -msgid "Apache" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/apache.adoc:9 -#, no-wrap -msgid "Functions" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:12 -msgid "" -"Apache is a primary component of {productname}. It performs the following " -"functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:14 -#, no-wrap -msgid "**Handles HTTP(S) communication**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:15 -#, no-wrap -msgid "**Serves Static Files**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:16 -#, no-wrap -msgid "**HTTP gateway to: Apache Tomcat, the Python XMLRPC server and Cobbler**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/apache.adoc:17 -#, no-wrap -msgid "Log Files" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/apache.adoc:20 -msgid "_Logs for Apache are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/apache.adoc:23 -#, no-wrap -msgid "/var/log/apache2/error_log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/architecture-legend.adoc:1 -#, no-wrap -msgid "Component Legend" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:4 -msgid "" -"These diagram components will be used in the following sections explaining " -"the architecture of {productname}. Components in {productname} can " -"communicate in three ways:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:6 -msgid "One way" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:7 -msgid "Two way" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:8 -msgid "Scheduled (time based)" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/architecture-legend.adoc:11 -#, no-wrap -msgid "Types of Components" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:14 -#, no-wrap -msgid "One Way" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:17 -msgid "Components that communicate in only one direction are represented by:" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:18 -#, no-wrap -msgid "One way communication between components" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/architecture-legend.adoc:20 -#, no-wrap -msgid "dia-one-way-component.png" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:24 -#, no-wrap -msgid "Two Way" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:27 -msgid "Components that communicate in both directions are represented by:" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:28 -#, no-wrap -msgid "Two way communication between components" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/architecture-legend.adoc:30 -#, no-wrap -msgid "dia-two-way-component.png" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:34 -#, no-wrap -msgid "Database Connections" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:37 -msgid "" -"A component that reads and writes to the database communicates in both " -"directions are represented by:" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:38 -#, no-wrap -msgid "Two way communication between a component and the database(read and write)" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/architecture-legend.adoc:40 -#, no-wrap -msgid "dia-database-communication.png" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:44 -#, no-wrap -msgid "Scheduled (Time based)" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-legend.adoc:47 -msgid "Components that run on a schedule are represented by:" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/architecture-legend.adoc:48 -#, no-wrap -msgid "Component that runs on a schedule" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/architecture-legend.adoc:50 -#, no-wrap -msgid "dia-component-schedule.png" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/components-overview.adoc:2 -#, no-wrap -msgid "Introduction" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/components-overview.adoc:4 -msgid "Description..." -msgstr "" - -#. type: Title = -#: modules/architecture/pages/database.adoc:2 -#, no-wrap -msgid "Database" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/database.adoc:11 -msgid "" -"The database is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/database.adoc:13 -#, no-wrap -msgid "**Primarily stores application data**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/database.adoc:14 -#, no-wrap -msgid "**Functions as a data exchange area between components**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/database.adoc:17 -msgid "_Logs for the database are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/database.adoc:20 -#, no-wrap -msgid "/var/lib/pgsql/data/pg_log/*\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/devel-repositories.adoc:1 -#, no-wrap -msgid "Devel Repositories" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/jabberd.adoc:2 -#, no-wrap -msgid "jabberd" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/jabberd.adoc:9 -msgid "" -"jabberd is a component of {productname}. It performs the following function " -"in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/jabberd.adoc:11 -#, no-wrap -msgid "**Implements the Jabber (XMPP) protocol that osa-dispatcher uses**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/jabberd.adoc:14 -msgid "_Logs for jabberd are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/jabberd.adoc:17 -#, no-wrap -msgid "/var/log/messages\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/maintenance-repositories.adoc:1 -#, no-wrap -msgid "Maintenance Repositories" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/mgr-sync.adoc:2 -#, no-wrap -msgid "mgr-sync" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr-sync.adoc:13 -#, no-wrap -msgid "" -"*mgr-sync* is a command line tool for {productname}.\n" -"It performs the following function.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr-sync.adoc:15 -#, no-wrap -msgid "**mgr-sync is a command line tool that synchronizes with {scc}(SCC) and retrieves data and package repositories.**\n" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/mgr-sync.adoc:17 -#, no-wrap -msgid "mgr-sync and Open Source Distributions" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/mgr-sync.adoc:20 -msgid "" -"__This tool is designed for use with a support subscription or trial account " -"with {scc}. It is not required for open source distributions(OpenSUSE Leap , " -"CentOS, Ubuntu, etc.).__" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/mgr-sync.adoc:22 -#, no-wrap -msgid "mgr-sync --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr-sync.adoc:25 -msgid "__The following options are available for the *mgr-sync* command:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:30 -#, no-wrap -msgid "" -"mgr-sync --help\n" -"usage: mgr-sync [-h] [--version] [-v] [-s] [-d {1,2,3}]\n" -" {list,add,refresh,delete} ...\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:32 -#, no-wrap -msgid "Synchronize SUSE Manager repositories.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:41 -#, no-wrap -msgid "" -"optional arguments:\n" -" -h, --help show this help message and exit\n" -" --version Print mgr-sync version\n" -" -v, --verbose Be verbose\n" -" -s, --store-credentials\n" -" Store credentials to the local dot file.\n" -" -d {1,2,3}, --debug {1,2,3}\n" -" Log additional debug information depending on DEBUG\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:49 -#, no-wrap -msgid "" -"Subcommands:\n" -" {list,add,refresh,delete}\n" -" list List channels, SCC organization credentials or\n" -" products\n" -" add add channels, SCC organization credentials or products\n" -" refresh Refresh product, channel and subscription\n" -" delete Delete SCC organization credentials\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr-sync.adoc:54 -msgid "_Logs for the mgr-sync tool are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr-sync.adoc:58 -#, no-wrap -msgid "" -"/var/log/rhn/mgr-sync.log\n" -"/var/log/rhn/rhn_web_api.log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/mgr_check.adoc:2 -#, no-wrap -msgid "mgr_check" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr_check.adoc:11 -#, no-wrap -msgid "*mgr_check* is a primary component of {productname}. It performs the following functions in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr_check.adoc:13 -#, no-wrap -msgid "**Client-side command line tool for legacy clients that checks for actions on the server and executes them**\n" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/mgr_check.adoc:15 -#, no-wrap -msgid "mgr_check and rhn_check" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/mgr_check.adoc:19 -#, no-wrap -msgid "" -"*mgr_check* is symlinked to *rhn_check* in `/usr/sbin/`.\n" -"Both _mgr_check_ and _rhn_check_ can be used for checking for actions on the server.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr_check.adoc:22 -#, no-wrap -msgid "lrwxrwxrwx 1 root root 9 Sep 9 09:05 mgr_check -> rhn_check*\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/mgr_check.adoc:25 -#, no-wrap -msgid "mgr_check --help" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/mgr_check.adoc:27 -msgid "" -"__The following options are available for the *rhn_check* on your legacy " -"clients:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr_check.adoc:31 -#, no-wrap -msgid "" -"mgr_check --help\n" -"Usage: rhn_check [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr_check.adoc:43 -#, no-wrap -msgid "" -"Options:\n" -" -v, --verbose Show additional output. Repeat for more detail.\n" -" --proxy=PROXY Specify an http proxy to use\n" -" --proxyUser=PROXYUSER\n" -" Specify a username to use with an authenticated http\n" -" proxy\n" -" --proxyPassword=PROXYPASSWORD\n" -" Specify a password to use with an authenticated http\n" -" proxy\n" -" --version show program's version number and exit\n" -" -h, --help show this help message and exit\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/mgr_check.adoc:47 -msgid "_Logs for the *mgr_check* are located on your legacy clients in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/mgr_check.adoc:50 -#, no-wrap -msgid "/var/log/up2date\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/osa-dispatcher.adoc:2 -#, no-wrap -msgid "osa-dispatcher" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osa-dispatcher.adoc:11 -#, no-wrap -msgid "*osa-dispatcher* is a component of {productname}. It performs the following function in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osa-dispatcher.adoc:13 -#, no-wrap -msgid "**Monitors database for actions, informing osad clients when they need to run them**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/osa-dispatcher.adoc:14 -#, no-wrap -msgid "osa-dispatcher --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osa-dispatcher.adoc:16 -msgid "__The following options are available for the *osa-dispatcher*:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osa-dispatcher.adoc:20 -#, no-wrap -msgid "" -"osa-dispatcher --help\n" -"Usage: osa-dispatcher [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osa-dispatcher.adoc:27 -#, no-wrap -msgid "" -"Options:\n" -" -v, --verbose Increase verbosity\n" -" -N, --nodetach Suppress backgrounding and detachment of the process\n" -" --pid-file=PID_FILE Write to this PID file\n" -" --logfile=LOGFILE Write log information to this file\n" -" -h, --help show this help message and exit\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osa-dispatcher.adoc:33 -msgid "_Logs for the *osa-dispatcher* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osa-dispatcher.adoc:36 -#, no-wrap -msgid "/var/log/rhn/osa_dispatcher.log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/osad.adoc:2 -#, no-wrap -msgid "osad" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:12 -#, no-wrap -msgid "*osad* is a primary component of {productname}. It performs the following functions in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:14 -#, no-wrap -msgid "**Client-side daemon for legacy clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:15 -#, no-wrap -msgid "**Calls mgr_check(rhn_check) when notified by Jabber**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/osad.adoc:18 -#, no-wrap -msgid "osad --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:21 -msgid "" -"The following options are available for use with *osad* on your legacy " -"clients:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osad.adoc:25 -#, no-wrap -msgid "" -"osad --help\n" -"Usage: osad [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osad.adoc:35 -#, no-wrap -msgid "" -"Options:\n" -" -v, --verbose Increase verbosity\n" -" -N, --nodetach Suppress backgrounding and detachment of the process\n" -" --pid-file=PID_FILE Write to this PID file\n" -" --logfile=LOGFILE Write log information to this file\n" -" --cfg=CFG Use this configuration file for defaults\n" -" --jabber-server=JABBER_SERVER\n" -" Primary jabber server to connect to\n" -" -h, --help show this help message and exit\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/osad.adoc:42 -msgid "_Logs for *osad* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/osad.adoc:45 -#, no-wrap -msgid "/var/log/osad\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:2 -#, no-wrap -msgid "zypp-plugin-spacewalk" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:12 -#, no-wrap -msgid "*zypp-plugin-spacewalk* is a component of {productname}. It performs the following functions in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:14 -#, no-wrap -msgid "**Client-side add-on to zypper for legacy clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:15 -#, no-wrap -msgid "**Exposes SUSE Manager channels as zypper repositories**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:16 -#, no-wrap -msgid "**The plugin is not required on salt-minions**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:22 -msgid "" -"_Logs for the *zypp-plugin-spacewalk* are located on your legacy clients in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/plugin-zypp-spacewalk.adoc:26 -#, no-wrap -msgid "" -"/var/log/zypper.log\n" -"/var/log/zypp/*\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/pool-repositories.adoc:1 -#, no-wrap -msgid "Pool Repositories" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/python-xmlrpc-server.adoc:2 -#, no-wrap -msgid "Python XMLRPC Server" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/python-xmlrpc-server.adoc:12 -msgid "" -"The Python XMLRPC Server is a primary component of {productname}. It " -"performs the following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/python-xmlrpc-server.adoc:14 -#, no-wrap -msgid "**Provides the private XMLRPC API**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/python-xmlrpc-server.adoc:15 -#, no-wrap -msgid "**Used primarily by client tools (mgr_check)**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/python-xmlrpc-server.adoc:21 -msgid "__Logs for the Python XMLRPC Server are located in:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/python-xmlrpc-server.adoc:25 -#, no-wrap -msgid "" -"/var/log/apache2/error_log\n" -"/var/log/rhn/rhn_server_xmlrpc.log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/repositories-overview.adoc:1 -#, no-wrap -msgid "Repository Types" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/rhnsd.adoc:2 -#, no-wrap -msgid "rhnsd" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:7 -#, no-wrap -msgid "" -"*rhnsd* is a client-side daemon for traditional clients only.\n" -"As of {productname} 4, it is only available on non-systemd systems ({sle} 11 and {rhnminrelease6}).\n" -"For later versions, a systemd timer ([systemitem]``rhnsd.timer``) is available.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:12 -#, no-wrap -msgid "*rhnsd* is a primary component of {productname}. It performs the following functions in the stack.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:14 -#, no-wrap -msgid "**Client-side daemon for traditional clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:15 -#, no-wrap -msgid "**Periodically calls mgr_check (symlinked to rhn_check)**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:16 -#, no-wrap -msgid "**Randomizes check time not to overload the server**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/rhnsd.adoc:19 -#, no-wrap -msgid "rhnsd --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/rhnsd.adoc:21 -msgid "" -"The following options are available for use with rhnsd on your legacy " -"clients:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/rhnsd.adoc:26 -#, no-wrap -msgid "" -"rhnsd --help\n" -"Usage: rhnsd [OPTION...]\n" -"Spacewalk Services Daemon\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/rhnsd.adoc:32 -#, no-wrap -msgid "" -" -f, --foreground Run in foreground\n" -" -i, --interval=MINS Connect to Spacewalk every MINS minutes\n" -" -?, --help Give this help list\n" -" --usage Give a short usage message\n" -" -V, --version Print program version\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/rhnsd.adoc:35 -#, no-wrap -msgid "" -"Mandatory or optional arguments to long options are also mandatory or optional\n" -"for any corresponding short options.\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-api.adoc:2 -#, no-wrap -msgid "salt-api" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:12 -msgid "" -"The *salt-api* is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:14 -#, no-wrap -msgid "**Internal API communicates the Java side of {productname} with the salt-master**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:15 -#, no-wrap -msgid "**Provides HTTPS and websocket interfaces with the salt-master**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:16 -#, no-wrap -msgid "**Handles the SSH connections to clients (SSH Push)**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-api.adoc:19 -#, no-wrap -msgid "salt-api --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:22 -msgid "" -"The following options are available for the *salt-api*. The following list " -"is not comprehensive, for more information see: http://docs.saltstack." -"com[The Saltstack Docs]" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:24 -#, no-wrap -msgid "**Options:**\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:28 -#, no-wrap -msgid "" -"salt-api --help\n" -"Usage: salt-api [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:30 -#, no-wrap -msgid "The Salt API system manages network API connectors for the Salt Master\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:42 -#, no-wrap -msgid "" -"Options:\n" -" --version show program's version number and exit\n" -" -V, --versions-report\n" -" Show program's dependencies version number and exit.\n" -" -h, --help show this help message and exit\n" -" -c CONFIG_DIR, --config-dir=CONFIG_DIR\n" -" Pass in an alternative configuration directory.\n" -" Default: '/etc/salt'.\n" -" -d, --daemon Run the salt-api as a daemon.\n" -" --pid-file=PIDFILE Specify the location of the pidfile. Default:\n" -" '/var/run/salt-api.pid'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:46 -#, no-wrap -msgid "" -" Logging Options:\n" -" Logging options which override any settings defined on the\n" -" configuration files.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:57 -#, no-wrap -msgid "" -" -l LOG_LEVEL, --log-level=LOG_LEVEL\n" -" Console logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -" --log-file=API_LOGFILE\n" -" Log file path. Default: '/var/log/salt/api'.\n" -" --log-file-level=LOG_LEVEL_LOGFILE\n" -" Logfile logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:60 -#, no-wrap -msgid "" -"You can find additional help about salt-api issuing \"man salt-api\" or on\n" -"http://docs.saltstack.com\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-api.adoc:65 -msgid "_Logs for *salt-api* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-api.adoc:69 -#, no-wrap -msgid "" -"/var/log/salt/master\n" -"/var/log/salt/api\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-bootstrapping-ui.adoc:1 -#, no-wrap -msgid "Boostrapping UI" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-broker.adoc:2 -#, no-wrap -msgid "salt-broker" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-broker.adoc:12 -msgid "" -"The *salt-broker* is a component of the {productname} proxy. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-broker.adoc:14 -#, no-wrap -msgid "**Used only in the {productname} Proxy for clients using pull method**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-broker.adoc:15 -#, no-wrap -msgid "**Forwards the ZeroMQ Salt channels from {productname} server to the proxy clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-broker.adoc:19 -msgid "_Logs for *salt-broker* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-broker.adoc:22 -#, no-wrap -msgid "/var/log/salt/broker\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-contact-method-overview.adoc:2 -#, no-wrap -msgid "Salt Contact Methods" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-contact-method-overview.adoc:5 -#, no-wrap -msgid "Choosing a Contact Method for Salt" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:9 -msgid "" -"{productname} provides several methods for communication between client and " -"server. All commands that the {productname} server sends to its clients " -"will be routed through one of these contact methods." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:12 -msgid "" -"The contact method you select for Salt will depend on your network " -"infrastructure. The following sections provide a starting point for " -"selecting a method which best suits your network environment." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:14 -msgid "xref:salt-pull.adoc[Salt Pull]" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:15 -msgid "xref:salt-ssh-push.adoc[Salt SSH Push]" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-contact-method-overview.adoc:15 -msgid "xref:salt-ssh-push-tunnel.adoc[Salt SSH Push and Tunnel]" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-core-components.adoc:1 -#, no-wrap -msgid "Core Salt Components" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-core-components.adoc:9 -msgid "Comming soon..." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-core-components.adoc:10 -#, no-wrap -msgid "Salt Core" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/salt-core-components.adoc:12 -#, no-wrap -msgid "dia-salt-stack-core-block.png" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-data-locations.adoc:2 -#, no-wrap -msgid "Salt Data and {productname}" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-data-locations.adoc:9 -#: modules/architecture/pages/salt-data-locations.adoc:13 -#, no-wrap -msgid "Salt Global Static Data" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-data-locations.adoc:12 -msgid "" -"Global static data *should not* be customized or edited by {productname} " -"users. This data is generated by the server." -msgstr "" - -#. type: Table -#: modules/architecture/pages/salt-data-locations.adoc:21 -#, no-wrap -msgid "" -"| Directory | Function\n" -"\n" -"| /usr/share/susemanager/salt/ | Custom modules, states, grains\n" -"| /usr/share/susemanager/pillar_data/ |\tGlobal pillar data\n" -"| /usr/share/susemanager/formulas/ | Formulas\n" -"| /usr/share/salt-formulas/ | Formulas (either for {productname} or stand-alone Salt)\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-data-locations.adoc:24 -#, no-wrap -msgid "Generated Data Per Client" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-data-locations.adoc:27 -msgid "" -"Generated data for clients *should not* be customized or edited by " -"{productname} users. This data is generated by the server." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-data-locations.adoc:28 -#: modules/architecture/pages/salt-data-locations.adoc:41 -#, no-wrap -msgid "Salt Generated Data Per Client" -msgstr "" - -#. type: Table -#: modules/architecture/pages/salt-data-locations.adoc:35 -#, no-wrap -msgid "" -"| Directory | Function\n" -"\n" -"| /srv/susemanager/pillar_data/\t | custom modules, states, grains\n" -"| /usr/share/susemanager/pillar_data/ |\tglobal pillar data\n" -"| /srv/susemanager/formulas_data/ | formulas\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-data-locations.adoc:37 -#, no-wrap -msgid "Custom Salt Data" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-data-locations.adoc:40 -msgid "" -"The following directories are reserved for use by users *and should be* " -"customized and edited by {productname} users. The custom salt data place " -"here will be calculated and combined with the content generated listed above " -"when running a highstate." -msgstr "" - -#. type: Table -#: modules/architecture/pages/salt-data-locations.adoc:48 -#, no-wrap -msgid "" -"| Directory | Function\n" -"\n" -"| /srv/salt/ | user defined custom modules, states, grains\n" -"| /srv/pillar/ | user defined global pillar data\n" -"| /srv/formula_metadata | user defined formulas\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-master.adoc:2 -#, no-wrap -msgid "salt-master" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:12 -msgid "" -"The *salt-master* is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:14 -#, no-wrap -msgid "**Core process of Salt on the server side**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:15 -#, no-wrap -msgid "**Provides communication with Salt clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:16 -#, no-wrap -msgid "**Handles Salt jobs, publishes to the Salt event Bus**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:17 -#, no-wrap -msgid "**Handles client responses**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:18 -#, no-wrap -msgid "**Manages states, highstates, pillar information, etc**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-master.adoc:20 -#, no-wrap -msgid "salt-master --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:23 -msgid "" -"The following options are available for the *salt-master*. The following " -"list is not comprehensive, for more information see: http://docs.saltstack." -"com[The Saltstack Docs]" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:29 -#, no-wrap -msgid "" -"salt-master --help\n" -"Usage: salt-master [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:31 -#, no-wrap -msgid "The Salt Master, used to control the Salt Clients\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:46 -#, no-wrap -msgid "" -"Options:\n" -" --version show program's version number and exit\n" -" -V, --versions-report\n" -" Show program's dependencies version number and exit.\n" -" -h, --help show this help message and exit\n" -" --saltfile=SALTFILE Specify the path to a Saltfile. If not passed, one\n" -" will be searched for in the current working directory.\n" -" -c CONFIG_DIR, --config-dir=CONFIG_DIR\n" -" Pass in an alternative configuration directory.\n" -" Default: '/etc/salt'.\n" -" -u USER, --user=USER Specify user to run salt-master.\n" -" -d, --daemon Run the salt-master as a daemon.\n" -" --pid-file=PIDFILE Specify the location of the pidfile. Default:\n" -" '/var/run/salt-master.pid'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:61 -#, no-wrap -msgid "" -" -l LOG_LEVEL, --log-level=LOG_LEVEL\n" -" Console logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -" --log-file=LOG_FILE\n" -" Log file path. Default: '/var/log/salt/master'.\n" -" --log-file-level=LOG_LEVEL_LOGFILE\n" -" Logfile logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:64 -#, no-wrap -msgid "" -"You can find additional help about salt-master issuing \"man salt-master\" or on\n" -"http://docs.saltstack.com\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-master.adoc:70 -msgid "_Logs for *salt-master* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-master.adoc:73 -#, no-wrap -msgid "/var/log/salt/master\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-minion.adoc:2 -#, no-wrap -msgid "salt-minion" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:12 -msgid "" -"The *salt-minion* is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:14 -#, no-wrap -msgid "**Client-side main process for Salt clients (only pull method)**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:15 -#, no-wrap -msgid "**Communicates the client with salt-master via Salt event bus (ZeroMQ)**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:16 -#, no-wrap -msgid "**Executes the actions received from the Salt master on the client (minion)**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-minion.adoc:18 -#, no-wrap -msgid "salt-minion --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:21 -msgid "" -"The following options are available for the *salt-minion*. The following " -"list is not comprehensive, for more information see: http://docs.saltstack." -"com[The Saltstack Docs]" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:27 -#, no-wrap -msgid "" -"salt-minion --help\n" -"Usage: salt-minion [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:29 -#, no-wrap -msgid "The Salt Minion, receives commands from a remote Salt Master\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:44 -#, no-wrap -msgid "" -"Options:\n" -" --version show program's version number and exit\n" -" -V, --versions-report\n" -" Show program's dependencies version number and exit.\n" -" -h, --help show this help message and exit\n" -" --saltfile=SALTFILE Specify the path to a Saltfile. If not passed, one\n" -" will be searched for in the current working directory.\n" -" -c CONFIG_DIR, --config-dir=CONFIG_DIR\n" -" Pass in an alternative configuration directory.\n" -" Default: '/etc/salt'.\n" -" -u USER, --user=USER Specify user to run salt-minion.\n" -" -d, --daemon Run the salt-minion as a daemon.\n" -" --pid-file=PIDFILE Specify the location of the pidfile. Default:\n" -" '/var/run/salt-minion.pid'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:59 -#, no-wrap -msgid "" -" -l LOG_LEVEL, --log-level=LOG_LEVEL\n" -" Console logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -" --log-file=LOG_FILE\n" -" Log file path. Default: '/var/log/salt/minion'.\n" -" --log-file-level=LOG_LEVEL_LOGFILE\n" -" Logfile logging log level. One of u'all', u'garbage',\n" -" u'trace', u'debug', u'profile', u'info', u'warning',\n" -" u'error', u'critical', u'quiet'. Default: 'warning'.\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:62 -#, no-wrap -msgid "" -"You can find additional help about salt-minion issuing \"man salt-minion\" or on\n" -"http://docs.saltstack.com\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-minion.adoc:67 -msgid "_Logs for *salt-minion* are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/salt-minion.adoc:70 -#, no-wrap -msgid "/var/log/salt/minion\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-onboarding-and-registration.adoc:1 -#, no-wrap -msgid "Onboarding and Registration" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-overview.adoc:1 -#, no-wrap -msgid "Salt Architecture" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-overview.adoc:9 -msgid "Some description..." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-overview.adoc:10 -#, no-wrap -msgid "Salt Stack Diagram" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-overview.adoc:11 -msgid "image:dia-salt-stack.png[]" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-pull.adoc:2 -#, no-wrap -msgid "Salt Pull" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-ssh-push-tunnel.adoc:2 -#, no-wrap -msgid "Salt SSH Push & Tunnel" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/salt-ssh-push.adoc:2 -#, no-wrap -msgid "Salt SSH Push" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:10 -msgid "" -"Salt SSH Push is intended to be used in environments where your Salt clients " -"cannot reach the {productname} server directly to regularly checking in and, " -"for example, fetch package updates." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-ssh-push.adoc:11 -#, no-wrap -msgid "Push via SSH" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/salt-ssh-push.adoc:16 -msgid "" -"This feature is not related to Push via SSH for the traditional clients. " -"For Push via SSH, see pass:c[xref:bp.contact.methods.ssh.push[Salt SSH " -"Push]]." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:20 -#, no-wrap -msgid "Overview" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-ssh-push.adoc:22 -#, no-wrap -msgid "Push via Salt SSH Contact Method" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/salt-ssh-push.adoc:24 -#, no-wrap -msgid "salt-ssh-contact-taigon.png" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:32 -#, no-wrap -msgid "" -"Salt provides \"`Salt SSH`\"\n" -" ([command]``salt-ssh``), a feature to manage clients from a server.\n" -"It works without installing Salt related software on clients.\n" -"Using Salt SSH there is no need to have clients connected to the Salt master.\n" -"Using this as a {productname} connect method, this feature provides similar functionality for Salt clients as the traditional Push via SSH feature for traditional clients.\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:34 -msgid "This feature allows:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:36 -msgid "" -"Managing Salt entitled systems with the Push via SSH contact method using " -"Salt SSH." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:37 -msgid "Bootstrapping such systems." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:40 -#, no-wrap -msgid "Requirements" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:43 -msgid "" -"SSH daemon must be running on the remote system and reachable by the " -"[systemitem]``salt-api`` daemon (typically running on the {productname} " -"server)." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:44 -msgid "" -"Python must be available on the remote system (Python must be supported by " -"the installed Salt). Currently: python 2.6." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/salt-ssh-push.adoc:45 -#, no-wrap -msgid "Unsupported Systems" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/salt-ssh-push.adoc:50 -msgid "" -"{rhel} and CentOS versions <= 5 are not supported because they do not have " -"Python 2.6 by default." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:54 -#, no-wrap -msgid "Bootstrapping" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:57 -msgid "To bootstrap a Salt SSH system, proceed as follows:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:59 -msgid "" -"Open the menu:Bootstrap Minions[] dialog in the Web UI (menu:" -"Systems[Bootstrapping] )." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:60 -msgid "" -"Fill out the required fields. Select an menu:Activation Key[] with the menu:" -"Push via SSH[] contact method configured. For more information about " -"activation keys, see:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:61 -msgid "pass:c[xref:ref.webui.systems.activ-keys]." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:62 -msgid "Check the menu:Manage system completely via SSH[] option." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:63 -msgid "Confirm with clicking the menu:Bootstrap[] button." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:67 -msgid "" -"Now the system will be bootstrapped and registered in {productname}. If " -"done successfully, it will appear in the menu:Systems[] list." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:70 -#, no-wrap -msgid "Configuration" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:73 -msgid "There are two kinds of parameters for Push via Salt SSH:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:75 -msgid "" -"Bootstrap-time parameters {mdash} configured in the menu:Bootstrapping[] " -"page:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:76 -msgid "Host" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:77 -msgid "Activation key" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:78 -msgid "" -"Password {mdash} used only for bootstrapping, not saved anywhere; all future " -"SSH sessions are authorized via a key/certificate pair" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:79 -msgid "Persistent parameters {mdash} configured {productname}-wide:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:80 -msgid "sudo user {mdash} same as in pass:c[bp.contact.methods.ssh.push.sudo]." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:83 -#, no-wrap -msgid "Action Execution" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:88 -msgid "" -"The Push via Salt SSH feature uses a taskomatic job to execute scheduled " -"actions using [command]``salt-ssh``. The taskomatic job periodically checks " -"for scheduled actions and executes them. While on traditional clients with " -"SSH push configured only [command]``mgr_check`` is executed via SSH, the " -"Salt SSH push job executes a complete [command]``salt-ssh`` call based on " -"the scheduled action." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:91 -#, no-wrap -msgid "Known Limitation" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:94 -msgid "OpenSCAP auditing is not available on Salt SSH clients." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:95 -msgid "Beacons do not work with Salt SSH." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:96 -msgid "" -"Installing a package on a system using [command]``zypper`` will not invoke " -"the package refresh." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:97 -msgid "" -"Virtual Host functions (for example, a host to guests) will not work if the " -"virtual host system is Salt SSH-based." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/salt-ssh-push.adoc:100 -#, no-wrap -msgid "For More Information" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:103 -msgid "For more information, see" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:105 -msgid "https://wiki.microfocus.com/index.php/SUSE_Manager/SaltSSHServerPush" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/salt-ssh-push.adoc:105 -msgid "https://docs.saltstack.com/en/latest/topics/ssh/" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/syncing-repositories.adoc:1 -#, no-wrap -msgid "Repository Synchronization" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/taskomatic.adoc:2 -#, no-wrap -msgid "Taskomatic" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:10 -msgid "" -"Taskomatic is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:12 -#, no-wrap -msgid "**Taskomatic handles most background jobs**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:13 -#, no-wrap -msgid "**Patch applicability status refresh**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:14 -#, no-wrap -msgid "**Server side scheduling**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:15 -#, no-wrap -msgid "**SSH push**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:16 -#, no-wrap -msgid "**Cobbler database sync**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:17 -#, no-wrap -msgid "**Repository synchronization and repository metadata generation**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:18 -#, no-wrap -msgid "**CVE audit pre-computation**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:19 -#, no-wrap -msgid "**Cleanup Jobs**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:20 -#, no-wrap -msgid "**Checks on clients**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/taskomatic.adoc:24 -msgid "__Log files for taskomatic are located in:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/taskomatic.adoc:28 -#, no-wrap -msgid "" -"/var/log/rhn/rhn_taskomatic_daemon.log\n" -"/var/log/rhn/reposync/*\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/tomcat.adoc:2 -#, no-wrap -msgid "Apache Tomcat" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:10 -msgid "" -"Apache Tomcat is a primary component of {productname}. It performs the " -"following functions in the stack." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:12 -#, no-wrap -msgid "**Contains servlet (Java) applications**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:13 -#, no-wrap -msgid "**The most important servlet is the RHN servlet:**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:14 -#, no-wrap -msgid "**Handles the majority of the Web UI**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:15 -#, no-wrap -msgid "**Public XMLRPC API**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/tomcat.adoc:19 -msgid "__Logs for Apache Tomcat are located in:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/tomcat.adoc:25 -#, no-wrap -msgid "" -"/var/log/rhn/rhn_web_ui.log\n" -"/var/log/rhn/rhn_web_api.log\n" -"/var/log/tomcat/catalina.out\n" -"/var/log/tomcat/catalina.*.log\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/tools-repositories.adoc:1 -#, no-wrap -msgid "Tool Repositories" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-contact-method-overview.adoc:2 -#, no-wrap -msgid "Traditional Contact Methods" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/traditional-contact-method-overview.adoc:7 -#, no-wrap -msgid "Selecting a Contact Method" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-contact-method-overview.adoc:13 -msgid "" -"The contact method you select will depend on your network infrastructure. " -"The following sections provide a starting point for selecting a method which " -"best suits your network environment." -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-osad.adoc:2 -#, no-wrap -msgid "Traditional Contact Method (osad)" -msgstr "" - -#. FIXME: check whether the same applies for the timer -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:12 -msgid "" -"OSAD is an alternative contact method between {productname} and its " -"clients. By default, {productname} uses [systemitem]``rhnsd``, which " -"contacts the server every four hours to execute scheduled actions. OSAD " -"allows registered client systems to execute scheduled actions immediately." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:14 -msgid "OSAD has several distinct components:" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:16 -msgid "" -"The [systemitem]``osa-dispatcher`` service runs on the server, and uses " -"database checks to determine if clients need to be pinged, or if actions " -"need to be executed." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:18 -msgid "" -"The [systemitem]``osad`` service runs on the client. It responds to pings " -"from [systemitem]``osa-dispatcher`` and runs [command]``mgr_check`` to " -"execute actions when directed to do so." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:21 -msgid "" -"The [systemitem]``jabberd`` service is a daemon that uses the " -"[systemitem]``XMPP`` protocol for communication between the client and the " -"server. The [systemitem]``jabberd`` service also handles authentication." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:24 -msgid "" -"The [command]``mgr_check`` tool runs on the client to execute actions. It " -"is triggered by communication from the [systemitem]``osa-dispatcher`` " -"service." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:30 -msgid "" -"The [systemitem]``osa-dispatcher`` periodically runs a query to check when " -"clients last showed network activity. If it finds a client that has not " -"shown activity recently, it will use [systemitem]``jabberd`` to ping all " -"[systemitem]``osad`` instances running on all clients registered with your " -"{productname} server. The [systemitem]``osad`` instances respond to the " -"ping using [systemitem]``jabberd``, which is running in the background on " -"the server. When the [systemitem]``osa-dispatcher`` receives the response, " -"it marks the client as online. If the [systemitem]``osa-dispatcher`` fails " -"to receive a response within a certain period of time, it marks the client " -"as offline." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:34 -msgid "" -"When you schedule actions on an OSAD-enabled system, the task will be " -"carried out immediately. The [systemitem]``osa-dispatcher`` periodically " -"checks clients for actions that need to be executed. If an outstanding " -"action is found, it uses [systemitem]``jabberd`` to execute " -"[command]``mgr_check`` on the client, which will then execute the action." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-osad.adoc:35 -#, no-wrap -msgid "osad Contact Method" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/traditional-osad.adoc:36 -#, no-wrap -msgid "dia-osad.png" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/traditional-osad.adoc:40 -#, no-wrap -msgid "Enabling and Configuring OSAD" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:43 -msgid "" -"This section covers enabling the [systemitem]``osa-dispatcher`` and " -"[systemitem]``osad`` services, and performing initial setup." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:45 -msgid "" -"OSAD clients use the fully qualified domain name (FQDN) of the server to " -"communicate with the [systemitem]``osa-dispatcher`` service." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:50 -msgid "" -"SSL is required for [systemitem]``osad`` communication. If SSL certificates " -"are not available, the daemon on your client systems will fail to connect. " -"Make sure your firewall rules are set to allow the required ports. For more " -"information, see pass:c[xref:tab.install.ports.server[Server Ports]]." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-osad.adoc:51 -#, no-wrap -msgid "Procedure: Enabling OSAD" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:53 -msgid "" -"On your {productname} server, as the root user, start the [systemitem]``osa-" -"dispatcher`` service:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-osad.adoc:57 -#, no-wrap -msgid "systemctl start osa-dispatcher\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:62 -msgid "" -"On each client machine, install the [systemitem]``mgr-osad`` package from " -"the [systemitem]``Tools`` child channel. The [systemitem]``mgr-osad`` " -"package should be installed on clients only. If you install the " -"[systemitem]``mgr-osad`` package on your {productname} Server, it will " -"conflict with the [systemitem]``osa-dispatcher`` package." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:64 -msgid "" -"On the client systems, as the root user, start the [systemitem]``osad`` " -"service:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-osad.adoc:68 -#, no-wrap -msgid "systemctl start osad\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:71 -msgid "" -"Because [systemitem]``osad`` and [systemitem]``osa-dispatcher`` are run as " -"services, you can use standard commands to manage them, including " -"[command]``stop``, [command]``restart``, and [command]``status``." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-osad.adoc:72 -#, no-wrap -msgid "Configuration and Log Files" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:75 -msgid "" -"Each OSAD component is configured by local configuration files. We " -"recommend you keep the default configuration parameters for all OSAD " -"components." -msgstr "" - -#. type: Table -#: modules/architecture/pages/traditional-osad.adoc:83 -#, no-wrap -msgid "" -"| Component | Location | Path to Configuration File\n" -"| [systemitem]``osa-dispatcher`` | Server | [path]``/etc/rhn/rhn.conf`` Section: [systemitem]``OSA configuration``\n" -"| [systemitem]``osad`` | Client | [path]``/etc/sysconfig/rhn/osad.conf`` [path]``/etc/syseconfig/rhn/up2date``\n" -"| [systemitem]``osad`` log file | Client | [path]``/var/log/osad``\n" -"| [systemitem]``jabberd`` log file | Both | [path]``/var/log/messages``\n" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-osad.adoc:86 -#, no-wrap -msgid "Troubleshooting OSAD" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:88 -msgid "" -"If your OSAD clients cannot connect to the server, or if the " -"[systemitem]``jabberd`` service takes a lot of time responding to port 5552, " -"it could be because you have exceeded the open file count." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:91 -msgid "" -"Every client needs one always-open TCP connection to the server, which " -"consumes a single file handler. If the number of file handlers currently " -"open exceeds the maximum number of files that [systemitem]``jabberd`` is " -"allowed to use, [systemitem]``jabberd`` will queue the requests, and refuse " -"connections." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:93 -msgid "" -"To resolve this issue, you can increase the file limits for " -"[systemitem]``jabberd`` by editing the [path]``/etc/security/limits.conf`` " -"configuration file and adding these lines:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-osad.adoc:97 -#, no-wrap -msgid "" -"jabbersoftnofile5100\n" -"jabberhardnofile6000\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:101 -msgid "" -"Calculate the limits required for your environment by adding 100 to the " -"number of clients for the soft limit, and 1000 to the current number of " -"clients for the soft limit. In the example above, we have assumed 500 " -"current clients, so the soft limit is 5100, and the hard limit is 6000." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-osad.adoc:103 -msgid "" -"You will also need to update the [systemitem]``max_fds`` parameter in the " -"[path]``/etc/jabberd/c2s.xml`` file with your chosen hard limit:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-osad.adoc:106 -#, no-wrap -msgid "6000\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-overview.adoc:1 -#, no-wrap -msgid "Traditional Architecture" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-overview.adoc:8 -#, no-wrap -msgid "The Traditional Stack" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-overview.adoc:9 -msgid "image:dia-traditional-stack.png[]" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-rhnsd.adoc:2 -#, no-wrap -msgid "Traditional Contact Method (rhnsd)" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:6 -msgid "" -"For background information, see xref:architecture:rhnsd.adoc[]. *rhnsd* is " -"used non-systemd systems; on later systems, a systemd timer " -"([systemitem]``rhnsd.timer``) is used." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:8 -msgid "" -"The daemon is started by /etc/init.d/rhnsd, it does not use rhnsd.service." -msgstr "" - -#. type: Title == -#: modules/architecture/pages/traditional-rhnsd.adoc:12 -#, no-wrap -msgid "The Default Contact Method" -msgstr "" - -#. FIXME: check it with the systemd.timer -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:17 -msgid "" -"The {productname} *rhnsd* daemon runs on client systems and periodically " -"connects with {productname} to check for new updates and notifications. The " -"daemon, which runs in the background, is started by *rhnsd.service*." -msgstr "" - -#. By default, it will check every 4 hours for new actions, therefore it may take some time for your clients to begin updating after actions have been scheduled for them. -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:25 -msgid "" -"To check for updates, *rhnsd* runs the external *mgr_check* program located " -"in `/usr/sbin/`. This is a small application that establishes the network " -"connection to {productname}. The SUSE Manager daemon does not listen on any " -"network ports or talk to the network directly. All network activity is done " -"via the *mgr_check* utility." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-rhnsd.adoc:26 -#, no-wrap -msgid "Auto accepting (EULAs)" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/traditional-rhnsd.adoc:31 -msgid "" -"When new packages or updates are installed on the client using " -"{productname}, any end user licence agreements (EULAs) are automatically " -"accepted. To review a package EULA, open the package detail page in the " -"{webui}." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:35 -msgid "" -"This figure provides an overview of the default *rhnsd* process path. All " -"items left of the *Python XMLRPC server* block represent processes running " -"on an {productname} client." -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-rhnsd.adoc:36 -#, no-wrap -msgid "rhnsd Contact Method" -msgstr "" - -#. type: Target for macro image -#: modules/architecture/pages/traditional-rhnsd.adoc:37 -#, no-wrap -msgid "dia-rhnsd-taigon.png" -msgstr "" - -#. type: Title === -#: modules/architecture/pages/traditional-rhnsd.adoc:41 -#, no-wrap -msgid "Configuring {productname} rhnsd Daemon" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:44 -msgid "" -"The {productname} daemon can be configured by editing the file on the client:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-rhnsd.adoc:47 -#, no-wrap -msgid "/etc/sysconfig/rhn/rhnsd\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:53 -msgid "" -"This is the configuration file the rhnsd initialization script uses. An " -"important parameter for the daemon is its check-in frequency. The default " -"interval time is four hours (240 minutes). If you modify the configuration " -"file, you must as {rootuser} restart the daemon with:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-rhnsd.adoc:56 -#, no-wrap -msgid "/etc/init.d/rhnsd restart\n" -msgstr "" - -#. type: Block title -#: modules/architecture/pages/traditional-rhnsd.adoc:58 -#, no-wrap -msgid "Minimum Allowed Check-in Parameter" -msgstr "" - -#. type: delimited block = -#: modules/architecture/pages/traditional-rhnsd.adoc:62 -msgid "" -"The minimum allowed time interval is one hour (60 minutes). If you set the " -"interval below one hour, it will change back to the default of 4 hours " -"(240 minutes)." -msgstr "" - -#. type: Title === -#: modules/architecture/pages/traditional-rhnsd.adoc:64 -#, no-wrap -msgid "Viewing rhnsd Daemon Status" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/traditional-rhnsd.adoc:67 -msgid "As the {ruser} you may view the status of rhnsd by typing the command:" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/traditional-rhnsd.adoc:69 -#, no-wrap -msgid "/etc/init.d/rhnsd status\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-ssh-pull.adoc:1 -#, no-wrap -msgid "Traditional SSH Pull" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/traditional-ssh-push.adoc:1 -#, no-wrap -msgid "Traditional SSH Push" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/architecture-intro.adoc:5 -#, no-wrap -msgid "**Publication Date:** {docdate}\n" -msgstr "" - -#. type: Title = -#: modules/architecture/pages/spacewalk-repo-sync.adoc:2 -#, no-wrap -msgid "spacewalk-repo-sync" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:12 -msgid "" -"spacewalk-repo-sync is a command line tool for {productname}. It performs " -"the following functions." -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:14 -#, no-wrap -msgid "**Copies a repo’s metadata to the database**\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:15 -#, no-wrap -msgid "**Copies a repo’s RPM files to the file system**\n" -msgstr "" - -#. type: Title == -#: modules/architecture/pages/spacewalk-repo-sync.adoc:18 -#, no-wrap -msgid "spacewalk-repo-sync --help" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:21 -msgid "" -"__The following options are available for the *spacewalk-repo-sync* tool:__" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/spacewalk-repo-sync.adoc:25 -#, no-wrap -msgid "" -"spacewalk-repo-sync --help\n" -"Usage: spacewalk-repo-sync [options]\n" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/spacewalk-repo-sync.adoc:67 -#, no-wrap -msgid "" -"Options:\n" -" -h, --help show this help message and exit\n" -" -l, --list List the custom channels with the associated\n" -" repositories.\n" -" -s, --show-packages List all packages in a specified channel.\n" -" -u URL, --url=URL The url of the repository. Can be used multiple times.\n" -" -c CHANNEL_LABEL, --channel=CHANNEL_LABEL\n" -" The label of the channel to sync packages to. Can be\n" -" used multiple times.\n" -" -p PARENT_LABEL, --parent-channel=PARENT_LABEL\n" -" Synchronize the parent channel and all its child\n" -" channels.\n" -" -d, --dry-run Test run. No sync takes place.\n" -" --latest Sync latest packages only. Use carefully - you might\n" -" need to fix some dependencies on your own.\n" -" -g CONFIG, --config=CONFIG\n" -" Configuration file\n" -" -t REPO_TYPE, --type=REPO_TYPE\n" -" Force type of repository (\"yum\", \"uln\" and \"deb\" are\n" -" supported)\n" -" -f, --fail If a package import fails, fail the entire operation\n" -" -n, --non-interactive\n" -" Do not ask anything, use default answers\n" -" -i FILTERS, --include=FILTERS\n" -" Comma or space separated list of included packages or\n" -" package groups.\n" -" -e FILTERS, --exclude=FILTERS\n" -" Comma or space separated list of excluded packages or\n" -" package groups.\n" -" --email e-mail a report of what was synced/imported\n" -" --traceback-mail=TRACEBACK_MAIL\n" -" alternative email address(es) for sync output (--email\n" -" option)\n" -" --no-errata Do not sync errata\n" -" --no-packages Do not sync packages\n" -" --sync-kickstart Sync kickstartable tree\n" -" --force-all-errata Process metadata of all errata, not only missing.\n" -" --batch-size=BATCH_SIZE\n" -" max. batch size for package import (debug only)\n" -" -Y, --deep-verify Do not use cached package checksums\n" -" -v, --verbose Verbose output. Possible to accumulate: -vvv\n" -msgstr "" - -#. type: Plain text -#: modules/architecture/pages/spacewalk-repo-sync.adoc:72 -msgid "_Logs for the **spacewalk-repo-sync** tool are located in:_" -msgstr "" - -#. type: delimited block - -#: modules/architecture/pages/spacewalk-repo-sync.adoc:75 -#, no-wrap -msgid "/var/log/rhn/reposync/*\n" -msgstr "" - -#. type: Title = -#: modules/architecture/nav-architecture-components-guide.adoc:5 -#, no-wrap -msgid "Architecture Guide: {productname} {productnumber}" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:16 -msgid "xref:architecture-intro.adoc[Architecture Guide]" -msgstr "" - -#. The Salt Stack -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:18 -msgid "xref:architecture-legend.adoc[Legend]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:19 -msgid "xref:salt-overview.adoc[Salt]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:20 -msgid "xref:salt-core-components.adoc[Core Salt Components]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:21 -msgid "xref:salt-data-locations.adoc[Salt Data Locations]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:22 -msgid "xref:salt-contact-method-overview.adoc[Salt Contact Methods]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:25 -msgid "xref:salt-ssh-push-tunnel.adoc[Salt SSH Push & Tunnel]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:26 -msgid "xref:salt-bootstrapping-ui.adoc[Salt Bootstrapping WebUI]" -msgstr "" - -#. The Traditional Stack -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:28 -msgid "xref:salt-onboarding-and-registration.adoc[Onboarding and Registration]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:29 -msgid "xref:traditional-overview.adoc[Traditional]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:30 -msgid "xref:traditional-contact-method-overview.adoc[Contact Methods]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:31 -msgid "xref:traditional-rhnsd.adoc[rhnsd]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:32 -msgid "xref:traditional-osad.adoc[osad]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:33 -msgid "xref:traditional-ssh-push.adoc[SSH Push]" -msgstr "" - -#. Repositories -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:35 -msgid "xref:traditional-ssh-pull.adoc[SSH Pull]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:36 -msgid "xref:repositories-overview.adoc[Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:37 -msgid "xref:pool-repositories.adoc[Pool Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:38 -msgid "xref:devel-repositories.adoc[Devel Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:39 -msgid "xref:tools-repositories.adoc[Tools Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:40 -msgid "xref:maintenance-repositories.adoc[Maintenance Repositories]" -msgstr "" - -#. Component Index -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:42 -msgid "xref:syncing-repositories.adoc[Syncing Repositories]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:43 -msgid "xref:components-overview.adoc[Component Index]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:44 -msgid "xref:apache.adoc[Apache httpd]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:45 -msgid "xref:tomcat.adoc[Tomcat]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:46 -msgid "xref:python-xmlrpc-server.adoc[Python XMLRPC Server]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:47 -msgid "xref:taskomatic.adoc[Taskomatic]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:48 -msgid "xref:database.adoc[Database]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:49 -msgid "xref:mgr-sync.adoc[mgr-sync]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:50 -msgid "xref:spacewalk-repo-sync.adoc[spacewalk-repo-sync]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:51 -msgid "xref:osa-dispatcher.adoc[osa-dispatcher]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:52 -msgid "xref:jabberd.adoc[jabberd]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:53 -msgid "xref:mgr_check.adoc[mgr_check]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:54 -msgid "xref:plugin-zypp-spacewalk.adoc[zypp-plugin-spacewalk]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:55 -msgid "xref:rhnsd.adoc[rhnsd]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:56 -msgid "xref:osad.adoc[osad]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:57 -msgid "xref:salt-master.adoc[salt-master]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:58 -msgid "xref:salt-api.adoc[salt-api]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:59 -msgid "xref:salt-minion.adoc[salt-minion]" -msgstr "" - -#. type: Plain text -#: modules/architecture/nav-architecture-components-guide.adoc:59 -msgid "xref:salt-broker.adoc[salt-broker]" -msgstr "" diff --git a/l10n-weblate/client-configuration.cfg b/l10n-weblate/client-configuration.cfg new file mode 100644 index 00000000000..b75f717ffff --- /dev/null +++ b/l10n-weblate/client-configuration.cfg @@ -0,0 +1,100 @@ +[po4a_langs] es zh_CN cs +[po4a_paths] l10n-weblate/client-configuration/client-configuration.pot $lang:l10n-weblate/client-configuration/$lang.po + +[po4a_alias:adoc] adoc opt:"-M UTF-8 -L UTF-8" + +[options] opt:"--porefs=counter" + +[type: asciidoc] modules/client-configuration/_attributes.adoc $lang:translations/$lang/modules/client-configuration/_attributes.adoc +[type: asciidoc] modules/client-configuration/pages/contact-methods-intro.adoc $lang:translations/$lang/modules/client-configuration/pages/contact-methods-intro.adoc +[type: asciidoc] modules/client-configuration/pages/contact-methods-rhnsd.adoc $lang:translations/$lang/modules/client-configuration/pages/contact-methods-rhnsd.adoc +[type: asciidoc] modules/client-configuration/pages/non-suse-clients.adoc $lang:translations/$lang/modules/client-configuration/pages/non-suse-clients.adoc +[type: asciidoc] modules/client-configuration/pages/subscription-management.adoc $lang:translations/$lang/modules/client-configuration/pages/subscription-management.adoc +[type: asciidoc] modules/client-configuration/pages/snippets/check_sync_webui_uyuni.adoc $lang:translations/$lang/modules/client-configuration/pages/snippets/check_sync_webui_uyuni.adoc +[type: asciidoc] modules/client-configuration/pages/snippets/manual_associate.adoc $lang:translations/$lang/modules/client-configuration/pages/snippets/manual_associate.adoc +[type: asciidoc] modules/client-configuration/pages/snippets/manual_repos.adoc $lang:translations/$lang/modules/client-configuration/pages/snippets/manual_repos.adoc +[type: asciidoc] modules/client-configuration/pages/snippets/add_channels_cli.adoc $lang:translations/$lang/modules/client-configuration/pages/snippets/add_channels_cli.adoc +[type: asciidoc] modules/client-configuration/pages/snippets/add_channels_wizard.adoc $lang:translations/$lang/modules/client-configuration/pages/snippets/add_channels_wizard.adoc +[type: asciidoc] modules/client-configuration/pages/snippets/check_sync_cli.adoc $lang:translations/$lang/modules/client-configuration/pages/snippets/check_sync_cli.adoc +[type: asciidoc] modules/client-configuration/pages/snippets/check_sync_webui_suma.adoc $lang:translations/$lang/modules/client-configuration/pages/snippets/check_sync_webui_suma.adoc +[type: asciidoc] modules/client-configuration/pages/snippets/manual_channels.adoc $lang:translations/$lang/modules/client-configuration/pages/snippets/manual_channels.adoc +[type: asciidoc] modules/client-configuration/pages/snippets/trust_gpg.adoc $lang:translations/$lang/modules/client-configuration/pages/snippets/trust_gpg.adoc +[type: asciidoc] modules/client-configuration/pages/client-proxy-cli.adoc $lang:translations/$lang/modules/client-configuration/pages/client-proxy-cli.adoc +[type: asciidoc] modules/client-configuration/pages/client-proxy.adoc $lang:translations/$lang/modules/client-configuration/pages/client-proxy.adoc +[type: asciidoc] modules/client-configuration/pages/contact-methods-pushssh.adoc $lang:translations/$lang/modules/client-configuration/pages/contact-methods-pushssh.adoc +[type: asciidoc] modules/client-configuration/pages/products.adoc $lang:translations/$lang/modules/client-configuration/pages/products.adoc +[type: asciidoc] modules/client-configuration/pages/registration-cli.adoc $lang:translations/$lang/modules/client-configuration/pages/registration-cli.adoc +[type: asciidoc] modules/client-configuration/pages/registration-overview-oracle.adoc $lang:translations/$lang/modules/client-configuration/pages/registration-overview-oracle.adoc +[type: asciidoc] modules/client-configuration/pages/registration-overview-redhat.adoc $lang:translations/$lang/modules/client-configuration/pages/registration-overview-redhat.adoc +[type: asciidoc] modules/client-configuration/pages/registration-overview-ubuntu.adoc $lang:translations/$lang/modules/client-configuration/pages/registration-overview-ubuntu.adoc +[type: asciidoc] modules/client-configuration/pages/activation-keys.adoc $lang:translations/$lang/modules/client-configuration/pages/activation-keys.adoc +[type: asciidoc] modules/client-configuration/pages/autoinst-intro.adoc $lang:translations/$lang/modules/client-configuration/pages/autoinst-intro.adoc +[type: asciidoc] modules/client-configuration/pages/autoinst-profiles.adoc $lang:translations/$lang/modules/client-configuration/pages/autoinst-profiles.adoc +[type: asciidoc] modules/client-configuration/pages/autoinst-provisioning.adoc $lang:translations/$lang/modules/client-configuration/pages/autoinst-provisioning.adoc +[type: asciidoc] modules/client-configuration/pages/autoinst-setup.adoc $lang:translations/$lang/modules/client-configuration/pages/autoinst-setup.adoc +[type: asciidoc] modules/client-configuration/pages/autoyast-example.adoc $lang:translations/$lang/modules/client-configuration/pages/autoyast-example.adoc +[type: asciidoc] modules/client-configuration/pages/autoyast.adoc $lang:translations/$lang/modules/client-configuration/pages/autoyast.adoc +[type: asciidoc] modules/client-configuration/pages/bootstrap-repository.adoc $lang:translations/$lang/modules/client-configuration/pages/bootstrap-repository.adoc +[type: asciidoc] modules/client-configuration/pages/channels.adoc $lang:translations/$lang/modules/client-configuration/pages/channels.adoc +[type: asciidoc] modules/client-configuration/pages/client-automating-profiles.adoc $lang:translations/$lang/modules/client-configuration/pages/client-automating-profiles.adoc +[type: asciidoc] modules/client-configuration/pages/client-config-overview.adoc $lang:translations/$lang/modules/client-configuration/pages/client-config-overview.adoc +[type: asciidoc] modules/client-configuration/pages/client-proxy-script.adoc $lang:translations/$lang/modules/client-configuration/pages/client-proxy-script.adoc +[type: asciidoc] modules/client-configuration/pages/client-proxy-webui.adoc $lang:translations/$lang/modules/client-configuration/pages/client-proxy-webui.adoc +[type: asciidoc] modules/client-configuration/pages/clients-debian.adoc $lang:translations/$lang/modules/client-configuration/pages/clients-debian.adoc +[type: asciidoc] modules/client-configuration/pages/clients-opensuse.adoc $lang:translations/$lang/modules/client-configuration/pages/clients-opensuse.adoc +[type: asciidoc] modules/client-configuration/pages/clients-oracle.adoc $lang:translations/$lang/modules/client-configuration/pages/clients-oracle.adoc +[type: asciidoc] modules/client-configuration/pages/clients-rh-cdn.adoc $lang:translations/$lang/modules/client-configuration/pages/clients-rh-cdn.adoc +[type: asciidoc] modules/client-configuration/pages/clients-rh-rhui.adoc $lang:translations/$lang/modules/client-configuration/pages/clients-rh-rhui.adoc +[type: asciidoc] modules/client-configuration/pages/clients-sle.adoc $lang:translations/$lang/modules/client-configuration/pages/clients-sle.adoc +[type: asciidoc] modules/client-configuration/pages/clients-sleses.adoc $lang:translations/$lang/modules/client-configuration/pages/clients-sleses.adoc +[type: asciidoc] modules/client-configuration/pages/clients-ubuntu-old.adoc $lang:translations/$lang/modules/client-configuration/pages/clients-ubuntu-old.adoc +[type: asciidoc] modules/client-configuration/pages/clients-ubuntu.adoc $lang:translations/$lang/modules/client-configuration/pages/clients-ubuntu.adoc +[type: asciidoc] modules/client-configuration/pages/configuration-management.adoc $lang:translations/$lang/modules/client-configuration/pages/configuration-management.adoc +[type: asciidoc] modules/client-configuration/pages/contact-methods-osad.adoc $lang:translations/$lang/modules/client-configuration/pages/contact-methods-osad.adoc +[type: asciidoc] modules/client-configuration/pages/contact-methods-saltssh.adoc $lang:translations/$lang/modules/client-configuration/pages/contact-methods-saltssh.adoc +[type: asciidoc] modules/client-configuration/pages/custom-info.adoc $lang:translations/$lang/modules/client-configuration/pages/custom-info.adoc +[type: asciidoc] modules/client-configuration/pages/gpg-keys.adoc $lang:translations/$lang/modules/client-configuration/pages/gpg-keys.adoc +[type: asciidoc] modules/client-configuration/pages/kickstart.adoc $lang:translations/$lang/modules/client-configuration/pages/kickstart.adoc +[type: asciidoc] modules/client-configuration/pages/package-management.adoc $lang:translations/$lang/modules/client-configuration/pages/package-management.adoc +[type: asciidoc] modules/client-configuration/pages/patch-management.adoc $lang:translations/$lang/modules/client-configuration/pages/patch-management.adoc +[type: asciidoc] modules/client-configuration/pages/power-management.adoc $lang:translations/$lang/modules/client-configuration/pages/power-management.adoc +[type: asciidoc] modules/client-configuration/pages/registration-bootstrap.adoc $lang:translations/$lang/modules/client-configuration/pages/registration-bootstrap.adoc +[type: asciidoc] modules/client-configuration/pages/registration-overview-centos.adoc $lang:translations/$lang/modules/client-configuration/pages/registration-overview-centos.adoc +[type: asciidoc] modules/client-configuration/pages/registration-overview-debian.adoc $lang:translations/$lang/modules/client-configuration/pages/registration-overview-debian.adoc +[type: asciidoc] modules/client-configuration/pages/registration-overview-suse.adoc $lang:translations/$lang/modules/client-configuration/pages/registration-overview-suse.adoc +[type: asciidoc] modules/client-configuration/pages/registration-overview.adoc $lang:translations/$lang/modules/client-configuration/pages/registration-overview.adoc +[type: asciidoc] modules/client-configuration/pages/repositories.adoc $lang:translations/$lang/modules/client-configuration/pages/repositories.adoc +[type: asciidoc] modules/client-configuration/pages/snapshots.adoc $lang:translations/$lang/modules/client-configuration/pages/snapshots.adoc +[type: asciidoc] modules/client-configuration/pages/supported-features-centos.adoc $lang:translations/$lang/modules/client-configuration/pages/supported-features-centos.adoc +[type: asciidoc] modules/client-configuration/pages/supported-features-debian.adoc $lang:translations/$lang/modules/client-configuration/pages/supported-features-debian.adoc +[type: asciidoc] modules/client-configuration/pages/supported-features-es.adoc $lang:translations/$lang/modules/client-configuration/pages/supported-features-es.adoc +[type: asciidoc] modules/client-configuration/pages/supported-features-oracle.adoc $lang:translations/$lang/modules/client-configuration/pages/supported-features-oracle.adoc +[type: asciidoc] modules/client-configuration/pages/supported-features-rh.adoc $lang:translations/$lang/modules/client-configuration/pages/supported-features-rh.adoc +[type: asciidoc] modules/client-configuration/pages/supported-features-sles.adoc $lang:translations/$lang/modules/client-configuration/pages/supported-features-sles.adoc +[type: asciidoc] modules/client-configuration/pages/supported-features-ubuntu.adoc $lang:translations/$lang/modules/client-configuration/pages/supported-features-ubuntu.adoc +[type: asciidoc] modules/client-configuration/pages/supported-features.adoc $lang:translations/$lang/modules/client-configuration/pages/supported-features.adoc +[type: asciidoc] modules/client-configuration/pages/system-groups.adoc $lang:translations/$lang/modules/client-configuration/pages/system-groups.adoc +[type: asciidoc] modules/client-configuration/pages/system-locking.adoc $lang:translations/$lang/modules/client-configuration/pages/system-locking.adoc +[type: asciidoc] modules/client-configuration/pages/system-set-manager.adoc $lang:translations/$lang/modules/client-configuration/pages/system-set-manager.adoc +[type: asciidoc] modules/client-configuration/pages/tshoot-clients.adoc $lang:translations/$lang/modules/client-configuration/pages/tshoot-clients.adoc +[type: asciidoc] modules/client-configuration/pages/vhm-aws.adoc $lang:translations/$lang/modules/client-configuration/pages/vhm-aws.adoc +[type: asciidoc] modules/client-configuration/pages/vhm-azure.adoc $lang:translations/$lang/modules/client-configuration/pages/vhm-azure.adoc +[type: asciidoc] modules/client-configuration/pages/vhm-caasp.adoc $lang:translations/$lang/modules/client-configuration/pages/vhm-caasp.adoc +[type: asciidoc] modules/client-configuration/pages/vhm-file.adoc $lang:translations/$lang/modules/client-configuration/pages/vhm-file.adoc +[type: asciidoc] modules/client-configuration/pages/vhm-gce.adoc $lang:translations/$lang/modules/client-configuration/pages/vhm-gce.adoc +[type: asciidoc] modules/client-configuration/pages/vhm-kubernetes.adoc $lang:translations/$lang/modules/client-configuration/pages/vhm-kubernetes.adoc +[type: asciidoc] modules/client-configuration/pages/vhm-nutanix.adoc $lang:translations/$lang/modules/client-configuration/pages/vhm-nutanix.adoc +[type: asciidoc] modules/client-configuration/pages/vhm-vmware.adoc $lang:translations/$lang/modules/client-configuration/pages/vhm-vmware.adoc +[type: asciidoc] modules/client-configuration/pages/vhm.adoc $lang:translations/$lang/modules/client-configuration/pages/vhm.adoc +[type: asciidoc] modules/client-configuration/pages/virt-clusters.adoc $lang:translations/$lang/modules/client-configuration/pages/virt-clusters.adoc +[type: asciidoc] modules/client-configuration/pages/virt-xenkvm.adoc $lang:translations/$lang/modules/client-configuration/pages/virt-xenkvm.adoc +[type: asciidoc] modules/client-configuration/pages/virtualization.adoc $lang:translations/$lang/modules/client-configuration/pages/virtualization.adoc +[type: asciidoc] modules/client-configuration/pages/client-upgrades-lifecycle.adoc $lang:translations/$lang/modules/client-configuration/pages/client-upgrades-lifecycle.adoc +[type: asciidoc] modules/client-configuration/pages/client-upgrades.adoc $lang:translations/$lang/modules/client-configuration/pages/client-upgrades.adoc +[type: asciidoc] modules/client-configuration/pages/clients-centos.adoc $lang:translations/$lang/modules/client-configuration/pages/clients-centos.adoc +[type: asciidoc] modules/client-configuration/pages/cobbler.adoc $lang:translations/$lang/modules/client-configuration/pages/cobbler.adoc +[type: asciidoc] modules/client-configuration/pages/system-types.adoc $lang:translations/$lang/modules/client-configuration/pages/system-types.adoc +[type: asciidoc] modules/client-configuration/pages/client-upgrades-major.adoc $lang:translations/$lang/modules/client-configuration/pages/client-upgrades-major.adoc +[type: asciidoc] modules/client-configuration/pages/client-upgrades-sp-migration.adoc $lang:translations/$lang/modules/client-configuration/pages/client-upgrades-sp-migration.adoc +[type: asciidoc] modules/client-configuration/pages/registration-webui.adoc $lang:translations/$lang/modules/client-configuration/pages/registration-webui.adoc +[type: asciidoc] modules/client-configuration/nav-client-configuration-guide.adoc $lang:translations/$lang/modules/client-configuration/nav-client-configuration-guide.adoc diff --git a/l10n/po/es/client-configuration/assets/images/4-uyuni-content_lifecycle-debian.png b/l10n-weblate/client-configuration/assets-cs/images/4-uyuni-content_lifecycle-debian.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/4-uyuni-content_lifecycle-debian.png rename to l10n-weblate/client-configuration/assets-cs/images/4-uyuni-content_lifecycle-debian.png diff --git a/l10n/po/es/client-configuration/assets/images/5-uyuni-activation-key-debian.png b/l10n-weblate/client-configuration/assets-cs/images/5-uyuni-activation-key-debian.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/5-uyuni-activation-key-debian.png rename to l10n-weblate/client-configuration/assets-cs/images/5-uyuni-activation-key-debian.png diff --git a/l10n/po/es/client-configuration/assets/images/6-uyuni-ui-bootstrap-debian.png b/l10n-weblate/client-configuration/assets-cs/images/6-uyuni-ui-bootstrap-debian.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/6-uyuni-ui-bootstrap-debian.png rename to l10n-weblate/client-configuration/assets-cs/images/6-uyuni-ui-bootstrap-debian.png diff --git a/l10n/po/es/client-configuration/assets/images/7-uyuni-bootstrap-script.png b/l10n-weblate/client-configuration/assets-cs/images/7-uyuni-bootstrap-script.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/7-uyuni-bootstrap-script.png rename to l10n-weblate/client-configuration/assets-cs/images/7-uyuni-bootstrap-script.png diff --git a/l10n/po/es/client-configuration/assets/images/baremetal_add_to_org.png b/l10n-weblate/client-configuration/assets-cs/images/baremetal_add_to_org.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/baremetal_add_to_org.png rename to l10n-weblate/client-configuration/assets-cs/images/baremetal_add_to_org.png diff --git a/l10n/po/es/client-configuration/assets/images/combine-keys.png b/l10n-weblate/client-configuration/assets-cs/images/combine-keys.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/combine-keys.png rename to l10n-weblate/client-configuration/assets-cs/images/combine-keys.png diff --git a/l10n/po/es/client-configuration/assets/images/combine-keys2.png b/l10n-weblate/client-configuration/assets-cs/images/combine-keys2.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/combine-keys2.png rename to l10n-weblate/client-configuration/assets-cs/images/combine-keys2.png diff --git a/l10n/po/es/client-configuration/assets/images/mgr_configuration_bootstrap_trad.png b/l10n-weblate/client-configuration/assets-cs/images/mgr_configuration_bootstrap_trad.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/mgr_configuration_bootstrap_trad.png rename to l10n-weblate/client-configuration/assets-cs/images/mgr_configuration_bootstrap_trad.png diff --git a/l10n/po/es/client-configuration/assets/images/provision-config-keys.png b/l10n-weblate/client-configuration/assets-cs/images/provision-config-keys.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/provision-config-keys.png rename to l10n-weblate/client-configuration/assets-cs/images/provision-config-keys.png diff --git a/l10n/po/es/client-configuration/assets/images/proxy-saltbootstrap.png b/l10n-weblate/client-configuration/assets-cs/images/proxy-saltbootstrap.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/proxy-saltbootstrap.png rename to l10n-weblate/client-configuration/assets-cs/images/proxy-saltbootstrap.png diff --git a/l10n/po/es/client-configuration/assets/images/rhnsd-taigon.png b/l10n-weblate/client-configuration/assets-cs/images/rhnsd-taigon.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/rhnsd-taigon.png rename to l10n-weblate/client-configuration/assets-cs/images/rhnsd-taigon.png diff --git a/l10n/po/es/architecture/assets/images/salt-ssh-contact-taigon.png b/l10n-weblate/client-configuration/assets-cs/images/salt-ssh-contact-taigon.png similarity index 100% rename from l10n/po/es/architecture/assets/images/salt-ssh-contact-taigon.png rename to l10n-weblate/client-configuration/assets-cs/images/salt-ssh-contact-taigon.png diff --git a/l10n/po/es/client-configuration/assets/images/sshpush-taigon.png b/l10n-weblate/client-configuration/assets-cs/images/sshpush-taigon.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/sshpush-taigon.png rename to l10n-weblate/client-configuration/assets-cs/images/sshpush-taigon.png diff --git a/l10n/po/zh_CN/client-configuration/assets/images/systems_create_activation_key.png b/l10n-weblate/client-configuration/assets-cs/images/systems_create_activation_key.png similarity index 100% rename from l10n/po/zh_CN/client-configuration/assets/images/systems_create_activation_key.png rename to l10n-weblate/client-configuration/assets-cs/images/systems_create_activation_key.png diff --git a/l10n/po/es/client-configuration/assets/images/systems_create_activation_key_childchannels.png b/l10n-weblate/client-configuration/assets-cs/images/systems_create_activation_key_childchannels.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/systems_create_activation_key_childchannels.png rename to l10n-weblate/client-configuration/assets-cs/images/systems_create_activation_key_childchannels.png diff --git a/l10n/po/zh_CN/client-configuration/assets/images/4-uyuni-content_lifecycle-debian.png b/l10n-weblate/client-configuration/assets-es/images/4-uyuni-content_lifecycle-debian.png similarity index 100% rename from l10n/po/zh_CN/client-configuration/assets/images/4-uyuni-content_lifecycle-debian.png rename to l10n-weblate/client-configuration/assets-es/images/4-uyuni-content_lifecycle-debian.png diff --git a/l10n/po/zh_CN/client-configuration/assets/images/5-uyuni-activation-key-debian.png b/l10n-weblate/client-configuration/assets-es/images/5-uyuni-activation-key-debian.png similarity index 100% rename from l10n/po/zh_CN/client-configuration/assets/images/5-uyuni-activation-key-debian.png rename to l10n-weblate/client-configuration/assets-es/images/5-uyuni-activation-key-debian.png diff --git a/l10n/po/zh_CN/client-configuration/assets/images/6-uyuni-ui-bootstrap-debian.png b/l10n-weblate/client-configuration/assets-es/images/6-uyuni-ui-bootstrap-debian.png similarity index 100% rename from l10n/po/zh_CN/client-configuration/assets/images/6-uyuni-ui-bootstrap-debian.png rename to l10n-weblate/client-configuration/assets-es/images/6-uyuni-ui-bootstrap-debian.png diff --git a/l10n/po/zh_CN/client-configuration/assets/images/7-uyuni-bootstrap-script.png b/l10n-weblate/client-configuration/assets-es/images/7-uyuni-bootstrap-script.png similarity index 100% rename from l10n/po/zh_CN/client-configuration/assets/images/7-uyuni-bootstrap-script.png rename to l10n-weblate/client-configuration/assets-es/images/7-uyuni-bootstrap-script.png diff --git a/l10n/po/zh_CN/client-configuration/assets/images/baremetal_add_to_org.png b/l10n-weblate/client-configuration/assets-es/images/baremetal_add_to_org.png similarity index 100% rename from l10n/po/zh_CN/client-configuration/assets/images/baremetal_add_to_org.png rename to l10n-weblate/client-configuration/assets-es/images/baremetal_add_to_org.png diff --git a/l10n/po/zh_CN/client-configuration/assets/images/combine-keys.png b/l10n-weblate/client-configuration/assets-es/images/combine-keys.png similarity index 100% rename from l10n/po/zh_CN/client-configuration/assets/images/combine-keys.png rename to l10n-weblate/client-configuration/assets-es/images/combine-keys.png diff --git a/l10n/po/zh_CN/client-configuration/assets/images/combine-keys2.png b/l10n-weblate/client-configuration/assets-es/images/combine-keys2.png similarity index 100% rename from l10n/po/zh_CN/client-configuration/assets/images/combine-keys2.png rename to l10n-weblate/client-configuration/assets-es/images/combine-keys2.png diff --git a/l10n/po/zh_CN/client-configuration/assets/images/mgr_configuration_bootstrap_trad.png b/l10n-weblate/client-configuration/assets-es/images/mgr_configuration_bootstrap_trad.png similarity index 100% rename from l10n/po/zh_CN/client-configuration/assets/images/mgr_configuration_bootstrap_trad.png rename to l10n-weblate/client-configuration/assets-es/images/mgr_configuration_bootstrap_trad.png diff --git a/l10n/po/zh_CN/client-configuration/assets/images/provision-config-keys.png b/l10n-weblate/client-configuration/assets-es/images/provision-config-keys.png similarity index 100% rename from l10n/po/zh_CN/client-configuration/assets/images/provision-config-keys.png rename to l10n-weblate/client-configuration/assets-es/images/provision-config-keys.png diff --git a/l10n/po/es/installation/assets/images/proxy-saltbootstrap.png b/l10n-weblate/client-configuration/assets-es/images/proxy-saltbootstrap.png similarity index 100% rename from l10n/po/es/installation/assets/images/proxy-saltbootstrap.png rename to l10n-weblate/client-configuration/assets-es/images/proxy-saltbootstrap.png diff --git a/l10n/po/zh_CN/client-configuration/assets/images/rhnsd-taigon.png b/l10n-weblate/client-configuration/assets-es/images/rhnsd-taigon.png similarity index 100% rename from l10n/po/zh_CN/client-configuration/assets/images/rhnsd-taigon.png rename to l10n-weblate/client-configuration/assets-es/images/rhnsd-taigon.png diff --git a/l10n/po/es/client-configuration/assets/images/salt-ssh-contact-taigon.png b/l10n-weblate/client-configuration/assets-es/images/salt-ssh-contact-taigon.png similarity index 100% rename from l10n/po/es/client-configuration/assets/images/salt-ssh-contact-taigon.png rename to l10n-weblate/client-configuration/assets-es/images/salt-ssh-contact-taigon.png diff --git a/l10n/po/zh_CN/client-configuration/assets/images/sshpush-taigon.png b/l10n-weblate/client-configuration/assets-es/images/sshpush-taigon.png similarity index 100% rename from l10n/po/zh_CN/client-configuration/assets/images/sshpush-taigon.png rename to l10n-weblate/client-configuration/assets-es/images/sshpush-taigon.png diff --git a/l10n-weblate/client-configuration/assets-es/images/systems_create_activation_key.png b/l10n-weblate/client-configuration/assets-es/images/systems_create_activation_key.png new file mode 100644 index 00000000000..f9d55ae103c Binary files /dev/null and b/l10n-weblate/client-configuration/assets-es/images/systems_create_activation_key.png differ diff --git a/l10n/po/zh_CN/client-configuration/assets/images/systems_create_activation_key_childchannels.png b/l10n-weblate/client-configuration/assets-es/images/systems_create_activation_key_childchannels.png similarity index 100% rename from l10n/po/zh_CN/client-configuration/assets/images/systems_create_activation_key_childchannels.png rename to l10n-weblate/client-configuration/assets-es/images/systems_create_activation_key_childchannels.png diff --git a/l10n-weblate/client-configuration/assets-zh_CN/images/4-uyuni-content_lifecycle-debian.png b/l10n-weblate/client-configuration/assets-zh_CN/images/4-uyuni-content_lifecycle-debian.png new file mode 100644 index 00000000000..2dd98fc34d6 Binary files /dev/null and b/l10n-weblate/client-configuration/assets-zh_CN/images/4-uyuni-content_lifecycle-debian.png differ diff --git a/l10n-weblate/client-configuration/assets-zh_CN/images/5-uyuni-activation-key-debian.png b/l10n-weblate/client-configuration/assets-zh_CN/images/5-uyuni-activation-key-debian.png new file mode 100644 index 00000000000..e5cc2211ab2 Binary files /dev/null and b/l10n-weblate/client-configuration/assets-zh_CN/images/5-uyuni-activation-key-debian.png differ diff --git a/l10n-weblate/client-configuration/assets-zh_CN/images/6-uyuni-ui-bootstrap-debian.png b/l10n-weblate/client-configuration/assets-zh_CN/images/6-uyuni-ui-bootstrap-debian.png new file mode 100644 index 00000000000..98d2763e1fd Binary files /dev/null and b/l10n-weblate/client-configuration/assets-zh_CN/images/6-uyuni-ui-bootstrap-debian.png differ diff --git a/l10n-weblate/client-configuration/assets-zh_CN/images/7-uyuni-bootstrap-script.png b/l10n-weblate/client-configuration/assets-zh_CN/images/7-uyuni-bootstrap-script.png new file mode 100644 index 00000000000..ae2e5471f85 Binary files /dev/null and b/l10n-weblate/client-configuration/assets-zh_CN/images/7-uyuni-bootstrap-script.png differ diff --git a/l10n-weblate/client-configuration/assets-zh_CN/images/baremetal_add_to_org.png b/l10n-weblate/client-configuration/assets-zh_CN/images/baremetal_add_to_org.png new file mode 100644 index 00000000000..01fc5e78193 Binary files /dev/null and b/l10n-weblate/client-configuration/assets-zh_CN/images/baremetal_add_to_org.png differ diff --git a/l10n-weblate/client-configuration/assets-zh_CN/images/combine-keys.png b/l10n-weblate/client-configuration/assets-zh_CN/images/combine-keys.png new file mode 100644 index 00000000000..d7001f5e604 Binary files /dev/null and b/l10n-weblate/client-configuration/assets-zh_CN/images/combine-keys.png differ diff --git a/l10n-weblate/client-configuration/assets-zh_CN/images/combine-keys2.png b/l10n-weblate/client-configuration/assets-zh_CN/images/combine-keys2.png new file mode 100644 index 00000000000..bc8742c4f09 Binary files /dev/null and b/l10n-weblate/client-configuration/assets-zh_CN/images/combine-keys2.png differ diff --git a/l10n-weblate/client-configuration/assets-zh_CN/images/mgr_configuration_bootstrap_trad.png b/l10n-weblate/client-configuration/assets-zh_CN/images/mgr_configuration_bootstrap_trad.png new file mode 100644 index 00000000000..a11570ad006 Binary files /dev/null and b/l10n-weblate/client-configuration/assets-zh_CN/images/mgr_configuration_bootstrap_trad.png differ diff --git a/l10n-weblate/client-configuration/assets-zh_CN/images/provision-config-keys.png b/l10n-weblate/client-configuration/assets-zh_CN/images/provision-config-keys.png new file mode 100644 index 00000000000..49b21ca346f Binary files /dev/null and b/l10n-weblate/client-configuration/assets-zh_CN/images/provision-config-keys.png differ diff --git a/l10n/po/zh_CN/client-configuration/assets/images/proxy-saltbootstrap.png b/l10n-weblate/client-configuration/assets-zh_CN/images/proxy-saltbootstrap.png similarity index 100% rename from l10n/po/zh_CN/client-configuration/assets/images/proxy-saltbootstrap.png rename to l10n-weblate/client-configuration/assets-zh_CN/images/proxy-saltbootstrap.png diff --git a/l10n-weblate/client-configuration/assets-zh_CN/images/rhnsd-taigon.png b/l10n-weblate/client-configuration/assets-zh_CN/images/rhnsd-taigon.png new file mode 100644 index 00000000000..0f16102a462 Binary files /dev/null and b/l10n-weblate/client-configuration/assets-zh_CN/images/rhnsd-taigon.png differ diff --git a/l10n/po/zh_CN/architecture/assets/images/salt-ssh-contact-taigon.png b/l10n-weblate/client-configuration/assets-zh_CN/images/salt-ssh-contact-taigon.png similarity index 100% rename from l10n/po/zh_CN/architecture/assets/images/salt-ssh-contact-taigon.png rename to l10n-weblate/client-configuration/assets-zh_CN/images/salt-ssh-contact-taigon.png diff --git a/l10n-weblate/client-configuration/assets-zh_CN/images/sshpush-taigon.png b/l10n-weblate/client-configuration/assets-zh_CN/images/sshpush-taigon.png new file mode 100644 index 00000000000..64926c3c7bc Binary files /dev/null and b/l10n-weblate/client-configuration/assets-zh_CN/images/sshpush-taigon.png differ diff --git a/l10n-weblate/client-configuration/assets-zh_CN/images/systems_create_activation_key.png b/l10n-weblate/client-configuration/assets-zh_CN/images/systems_create_activation_key.png new file mode 100644 index 00000000000..f9d55ae103c Binary files /dev/null and b/l10n-weblate/client-configuration/assets-zh_CN/images/systems_create_activation_key.png differ diff --git a/l10n-weblate/client-configuration/assets-zh_CN/images/systems_create_activation_key_childchannels.png b/l10n-weblate/client-configuration/assets-zh_CN/images/systems_create_activation_key_childchannels.png new file mode 100644 index 00000000000..e5530dfc4bb Binary files /dev/null and b/l10n-weblate/client-configuration/assets-zh_CN/images/systems_create_activation_key_childchannels.png differ diff --git a/l10n-weblate/client-configuration/client-configuration.pot b/l10n-weblate/client-configuration/client-configuration.pot index 4552f8a4714..f5a08de1bb4 100644 --- a/l10n-weblate/client-configuration/client-configuration.pot +++ b/l10n-weblate/client-configuration/client-configuration.pot @@ -7,246 +7,310 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" -"POT-Creation-Date: 2020-08-23 23:31+0200\n" +"POT-Creation-Date: 2020-09-30 10:22+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" +"Content-Type: text/plain; charset=utf-8\n" "Content-Transfer-Encoding: 8bit\n" -#. type: Block title -#: modules/client-configuration/pages/snippets/add_channels_cli.adoc:1 +#. type: Title = +#: modules/client-configuration/pages/contact-methods-intro.adoc:1 #, no-wrap -msgid "Procedure: Adding Software Channels at the Command Prompt" +msgid "Contact Methods" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/add_channels_cli.adoc:3 +#: modules/client-configuration/pages/contact-methods-intro.adoc:2 msgid "" -"At the command prompt on the {productname} Server, as root, use the " -"[command]``spacewalk-common-channels`` command to add the appropriate " -"channels:" +"There are a number of ways that the {productname} Server can communicate " +"with clients. Which one you use depends on your network architecture." msgstr "" -#. type: delimited block - -#: modules/client-configuration/pages/snippets/add_channels_cli.adoc:10 -#, no-wrap +#. type: Plain text +#: modules/client-configuration/pages/contact-methods-intro.adoc:3 +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:2 msgid "" -"spacewalk-common-channels \\\n" -" \\\n" -" \\\n" -" \\\n" -"... \n" +"The {productname} daemon ([command]``rhnsd``) runs on traditional client " +"systems and periodically connects with {productname} to check for new " +"updates and notifications. It does not apply to Salt clients." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/add_channels_cli.adoc:12 -msgid "Synchronize the channels:" +#: modules/client-configuration/pages/contact-methods-intro.adoc:4 +msgid "" +"Push via SSH and Push via Salt SSH are used in environments where clients " +"cannot reach the {productname} Server directly. In this environment, " +"clients are located in a firewall-protected zone called a DMZ. No system " +"within the DMZ is authorized to open a connection to the internal network, " +"including the {productname} Server." msgstr "" -#. type: delimited block - -#: modules/client-configuration/pages/snippets/add_channels_cli.adoc:15 -#, no-wrap -msgid "mgr-sync refresh --refresh-channels\n" +#. type: Plain text +#: modules/client-configuration/pages/contact-methods-intro.adoc:5 +msgid "" +"OSAD is an alternative contact method between {productname} and its " +"clients. OSAD allows registered client systems to execute scheduled actions " +"immediately." msgstr "" -#. type: Block title -#: modules/client-configuration/pages/snippets/add_channels_wizard.adoc:1 +#. type: Title = +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:1 #, no-wrap -msgid "Procedure: Adding Software Channels" +msgid "SUSE Manager Daemon (rhnsd)" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/add_channels_wizard.adoc:3 +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:3 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Setup Wizard > " -"Products]." +"It is only used on {sle}{nbsp}11 and {rhnminrelease6}, as these systems do " +"not use systemd. On later operating systems, a systemd timer " +"([systemitem]``rhnsd.timer``) is used and controlled by " +"[systemitem]``rhnsd.service``." +msgstr "" + +#. type: Plain text +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:4 +msgid "Start the daemon with [command]``/etc/init.d/rhnsd``." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/add_channels_wizard.adoc:6 +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:5 msgid "" -"Locate the appropriate products for your client operating system and " -"architecture using the search bar, and check the appropriate product. This " -"will automatically check all required channels. Click the arrow to see the " -"complete list of related products, and ensure that any extra products you " -"require are checked." +"By default, it will check every four hours for new actions. This means it " +"can take some time for clients to execute scheduled actions." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/add_channels_wizard.adoc:6 +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:6 msgid "" -"Click btn:[Add Products] and wait until the products have finished " -"synchronizing." +"To check for updates, [systemitem]``rhnsd`` runs the external " +"[systemitem]``mgr_check`` program located in [path]``/usr/sbin/``. This is " +"a small application that establishes the network connection to " +"{productname}. The SUSE Manager daemon does not listen on any network ports " +"or talk to the network directly. All network activity is performed by the " +"[systemitem]``mgr_check`` utility." msgstr "" -#. type: Block title -#: modules/client-configuration/pages/snippets/check_sync_cli.adoc:1 +#. type: Plain text +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:7 +msgid "" +"This figure provides an overview of the default [systemitem]``rhnsd`` " +"process path. All items left of the [systemitem]``Python XMLRPC server`` " +"block represent processes running on a {productname} client." +msgstr "" + +#. type: Target for macro image +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:8 #, no-wrap -msgid "Procedure: Checking Synchronization Progress from the Command Prompt" +msgid "rhnsd-taigon.png" +msgstr "" + +#. type: Title == +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:9 +#, no-wrap +msgid "Configure rhnsd" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/check_sync_cli.adoc:3 +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:10 msgid "" -"At the command prompt on the {productname} Server, as root, use the " -"[command]``tail`` command to check the synchronization log file:" +"The `rhnsd` initialization script has a configuration file on the client " +"system at [path]``/etc/sysconfig/rhn/rhnsd``." +msgstr "" + +#. type: Plain text +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:11 +msgid "" +"An important parameter for the daemon is its check-in frequency. The " +"default interval time is four hours (240 minutes). The minimum allowed time " +"interval is one hour (60 minutes). If you set the interval below one hour, " +"it will change back to the default of 4 hours (240 minutes)." +msgstr "" + +#. type: Plain text +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:12 +msgid "" +"If you modify the `rhnsd` configuration file, execute this command as root " +"to restart the daemon and pick up your changes:" msgstr "" #. type: delimited block - -#: modules/client-configuration/pages/snippets/check_sync_cli.adoc:6 +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:13 #, no-wrap -msgid "tail -f /var/log/rhn/reposync/.log\n" +msgid "/etc/init.d/rhnsd restart\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/check_sync_cli.adoc:9 -msgid "" -"Each child channel generates its own log during the synchronization " -"progress. You will need to check all the base and child channel log files " -"to be sure that the synchronization is complete." +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:14 +msgid "To see the status of `rhnsd`, use this command as root:" msgstr "" -#. type: Block title -#: modules/client-configuration/pages/snippets/check_sync_webui_suma.adoc:1 +#. type: delimited block - +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:15 #, no-wrap -msgid "Procedure: Checking Synchronization Progress" +msgid "/etc/init.d/rhnsd status\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/check_sync_webui_suma.adoc:4 +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:16 msgid "" -"In the {productname} {webui}, navigate to menu:Admin[Setup Wizard] and " -"select the [guimenu]``Products`` tab. This dialog displays a completion bar " -"for each product when they are being synchronized." +"On {sle}{nbsp}12 and later, the default time interval is set in " +"[path]``/etc/systemd/system/timers.target.wants/rhnsd.timer``, in this " +"section:" +msgstr "" + +#. type: delimited block - +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:17 +#, no-wrap +msgid "" +"[Timer]\n" +"OnCalendar=00/4:00\n" +"RandomizedDelaySec=30min\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/check_sync_webui_suma.adoc:5 +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:18 msgid "" -"Alternatively, you can navigate to menu:Software[Manage > Channels], then " -"click the channel associated to the repository. Navigate to the " -"[guimenu]``Repositories`` tab, then click [guimenu]``Sync`` and check " -"[systemitem]``Sync Status``." +"You can create an overriding drop-in file for [path]``rhnsd.timer`` using " +"[command]``systemctl``:" +msgstr "" + +#. type: delimited block - +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:19 +#, no-wrap +msgid "systemctl edit rhnsd.timer\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/check_sync_webui_uyuni.adoc:3 +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:20 +msgid "For example, if you want configure a two hour time interval:" +msgstr "" + +#. type: delimited block - +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:21 +#, no-wrap msgid "" -"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " -"then click the channel associated to the repository." +"[Timer]\n" +"OnCalendar=00/2:00\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/check_sync_webui_uyuni.adoc:3 +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:22 msgid "" -"Navigate to the [guimenu]``Repositories`` tab, then click [guimenu]``Sync`` " -"and check [systemitem]``Sync Status``." +"The file will be saved as " +"[path]``/etc/systemd/system/rhnsd.timer.d/override.conf``." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_associate.adoc:2 +#: modules/client-configuration/pages/contact-methods-rhnsd.adoc:23 msgid "" -"When you have created all the channels, you can associate them with the " -"repositories you created:" +"For more information about system timers, see the [command]``systemd.timer`` " +"and [command]``systemctl`` manpages." msgstr "" -#. type: Block title -#: modules/client-configuration/pages/snippets/manual_associate.adoc:5 +#. type: Title = +#: modules/client-configuration/pages/non-suse-clients.adoc:1 #, no-wrap -msgid "Procedure: Associating Channels with Repositories" +msgid "Other Clients" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_associate.adoc:7 +#: modules/client-configuration/pages/non-suse-clients.adoc:2 msgid "" -"On the {productname} Server {webui}, navigate to menu:Software[Manage > " -"Channels], and click the channel to associate." +"It is possible to register clients using operating systems from Red Hat, " +"CentOS, or Ubuntu." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_associate.adoc:8 +#: modules/client-configuration/pages/non-suse-clients.adoc:3 msgid "" -"Navigate to the [guimenu]``Repositories`` tab, and check the repository to " -"associate with this channel." +"This section contains information specific to clients running operating " +"systems other than those provided by {suse}." msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/snippets/manual_associate.adoc:9 -msgid "" -"Click btn:[Update Repositories] to associate the channel and the repository." +#. type: Title = +#: modules/client-configuration/pages/subscription-management.adoc:1 +#, no-wrap +msgid "Managing Your Subscriptions" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_associate.adoc:10 -msgid "Repeat for all channels and repositories you need to associate." +#: modules/client-configuration/pages/subscription-management.adoc:2 +msgid "Coming Soon..." +msgstr "" + +#. type: Block title +#: modules/client-configuration/pages/snippets/check_sync_webui_uyuni.adoc:1 +#: modules/client-configuration/pages/snippets/check_sync_webui_suma.adoc:1 +#, no-wrap +msgid "Procedure: Checking Synchronization Progress" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_associate.adoc:11 +#: modules/client-configuration/pages/snippets/check_sync_webui_uyuni.adoc:2 msgid "" -"OPTIONAL: Navigate to the [guimenu]``Sync`` tab to set a recurring schedule " -"for synchronization of this repository." +"In the {productname} {webui}, navigate to menu:Software[Manage > Channels], " +"then click the channel associated to the repository." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_associate.adoc:11 -msgid "Click btn:[Sync Now] to begin synchronization immediately." +#: modules/client-configuration/pages/snippets/check_sync_webui_uyuni.adoc:3 +#: modules/client-configuration/pages/snippets/check_sync_webui_suma.adoc:5 +msgid "" +"Navigate to the [guimenu]``Repositories`` tab, then click [guimenu]``Sync`` " +"and check [systemitem]``Sync Status``." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_channels.adoc:2 +#: modules/client-configuration/pages/snippets/manual_associate.adoc:1 msgid "" -"When you have created the repositories, you can create the custom channels, " -"one for each repository:" +"When you have created all the channels, you can associate them with the " +"repositories you created:" msgstr "" #. type: Block title -#: modules/client-configuration/pages/snippets/manual_channels.adoc:5 +#: modules/client-configuration/pages/snippets/manual_associate.adoc:2 #, no-wrap -msgid "Procedure: Creating Custom Channels" +msgid "Procedure: Associating Channels with Repositories" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_channels.adoc:7 +#: modules/client-configuration/pages/snippets/manual_associate.adoc:3 msgid "" "On the {productname} Server {webui}, navigate to menu:Software[Manage > " -"Channels]." +"Channels], and click the channel to associate." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_channels.adoc:8 +#: modules/client-configuration/pages/snippets/manual_associate.adoc:4 msgid "" -"Click btn:[Create Channel] and set the appropriate parameters for the " -"channels." +"Navigate to the [guimenu]``Repositories`` tab, and check the repository to " +"associate with this channel." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_channels.adoc:9 -msgid "" -"In the [guimenu]``Parent Channel`` field, select the appropriate base " -"channel." +#: modules/client-configuration/pages/snippets/manual_associate.adoc:5 +msgid "Click btn:[Update Repositories] to associate the channel and the repository." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_channels.adoc:10 -msgid "Click btn:[Create Channel]." +#: modules/client-configuration/pages/snippets/manual_associate.adoc:6 +msgid "Repeat for all channels and repositories you need to associate." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_channels.adoc:12 +#: modules/client-configuration/pages/snippets/manual_associate.adoc:7 msgid "" -"Repeat for all channels you need to create. There should be one custom " -"channel for each custom repository." +"OPTIONAL: Navigate to the [guimenu]``Sync`` tab to set a recurring schedule " +"for synchronization of this repository." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_channels.adoc:14 -msgid "" -"You can check that you have created all the appropriate channels and " -"repositories, by navigating to menu:Software[Channel List > All]." +#: modules/client-configuration/pages/snippets/manual_associate.adoc:8 +msgid "Click btn:[Sync Now] to begin synchronization immediately." msgstr "" #. type: Block title @@ -256,21 +320,21 @@ msgid "Procedure: Creating Custom Repositories" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_repos.adoc:3 +#: modules/client-configuration/pages/snippets/manual_repos.adoc:2 msgid "" "On the {productname} Server {webui}, navigate to menu:Software[Manage > " "Repositories]." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_repos.adoc:4 +#: modules/client-configuration/pages/snippets/manual_repos.adoc:3 msgid "" "Click btn:[Create Repository] and set the appropriate parameters for the " "``main`` repository." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/manual_repos.adoc:5 +#: modules/client-configuration/pages/snippets/manual_repos.adoc:4 msgid "Click btn:[Create Repository]." msgstr "" @@ -279,9376 +343,9972 @@ msgstr "" msgid "Repeat for all repositories you need to create." msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/snippets/trust_gpg.adoc:4 -msgid "" -"By default, some operating systems do not trust the GPG key for the " -"{productname} client tools. The clients can be successfully bootstrapped " -"without the GPG key being trusted. However, you will not be able to install " -"new client tool packages or update them until the keys are trusted." -msgstr "" - #. type: Block title -#: modules/client-configuration/pages/snippets/trust_gpg.adoc:7 +#: modules/client-configuration/pages/snippets/add_channels_cli.adoc:1 #, no-wrap -msgid "Procedure: Trusting GPG Keys on Clients" +msgid "Procedure: Adding Software Channels at the Command Prompt" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/trust_gpg.adoc:11 +#: modules/client-configuration/pages/snippets/add_channels_cli.adoc:2 msgid "" -"On the {productname} Server, at the command prompt, check the contents of " -"the [path]``/srv/www/htdocs/pub/`` directory. This directory contains all " -"available public keys. Take a note of the key that applies to the client " -"you are registering." +"At the command prompt on the {productname} Server, as root, use the " +"[command]``spacewalk-common-channels`` command to add the appropriate " +"channels:" msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/snippets/trust_gpg.adoc:13 +#. type: delimited block - +#: modules/client-configuration/pages/snippets/add_channels_cli.adoc:3 +#, no-wrap msgid "" -"Open the relevant bootstrap script, locate the [systemitem]``ORG_GPG_KEY=`` " -"parameter and add the required key. For example:" +"spacewalk-common-channels \\\n" +" \\\n" +" \\\n" +" \\\n" +"... \n" +msgstr "" + +#. type: Plain text +#: modules/client-configuration/pages/snippets/add_channels_cli.adoc:4 +msgid "Synchronize the channels:" msgstr "" #. type: delimited block - -#: modules/client-configuration/pages/snippets/trust_gpg.adoc:16 +#: modules/client-configuration/pages/snippets/add_channels_cli.adoc:5 #, no-wrap -msgid "uyuni-gpg-pubkey-0d20833e.key\n" +msgid "mgr-sync refresh --refresh-channels\n" msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/snippets/trust_gpg.adoc:19 -msgid "You do not need to delete any previously stored keys." +#. type: Block title +#: modules/client-configuration/pages/snippets/add_channels_wizard.adoc:1 +#, no-wrap +msgid "Procedure: Adding Software Channels" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/snippets/trust_gpg.adoc:21 +#: modules/client-configuration/pages/snippets/add_channels_wizard.adoc:2 msgid "" -"If you are bootstrapping clients from the {productname} {webui}, you will " -"need to use a Salt state to trust the key. Create the Salt state and assign " -"it to the organization. You can then use an activation key and " -"configuration channels to deploy the key to the clients." +"In the {productname} {webui}, navigate to menu:Admin[Setup Wizard > " +"Products]." msgstr "" -#. type: Title = -#: modules/client-configuration/pages/activation-keys.adoc:2 -#, no-wrap -msgid "Activation Keys" +#. type: Plain text +#: modules/client-configuration/pages/snippets/add_channels_wizard.adoc:3 +msgid "" +"Locate the appropriate products for your client operating system and " +"architecture using the search bar, and check the appropriate product." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:6 +#: modules/client-configuration/pages/snippets/add_channels_wizard.adoc:4 msgid "" -"Activation keys are used with traditional and Salt clients to ensure that " -"your clients have the correct software entitlements, are connecting to the " -"appropriate channels, and are subscribed to the relevant groups. Each " -"activation key is bound to an organization, which you can set when you " -"create the key." +"This will automatically check all required channels. Click the arrow to see " +"the complete list of related products, and ensure that any extra products " +"you require are checked." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:11 +#: modules/client-configuration/pages/snippets/add_channels_wizard.adoc:5 msgid "" -"In {productname}, an activation key is a group of configuration settings " -"with a label. You can apply all configuration settings associated with an " -"activation key by adding its label as a parameter to a bootstrap script. We " -"recommend you use an activation key label in combination with a bootstrap " -"script. When the bootstrap script is executed all configuration settings " -"associated with the label are applied to the system the script is run on." +"Click btn:[Add Products] and wait until the products have finished " +"synchronizing." msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:13 -msgid "An activation key can specify:" +#. type: Block title +#: modules/client-configuration/pages/snippets/check_sync_cli.adoc:1 +#, no-wrap +msgid "Procedure: Checking Synchronization Progress from the Command Prompt" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:15 -msgid "Channel Assignment" +#: modules/client-configuration/pages/snippets/check_sync_cli.adoc:2 +msgid "" +"At the command prompt on the {productname} Server, as root, use the " +"[command]``tail`` command to check the synchronization log file:" +msgstr "" + +#. type: delimited block - +#: modules/client-configuration/pages/snippets/check_sync_cli.adoc:3 +#, no-wrap +msgid "tail -f /var/log/rhn/reposync/.log\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:16 -msgid "System Types (Traditionally called Add-on Entitlements)" +#: modules/client-configuration/pages/snippets/check_sync_cli.adoc:4 +msgid "" +"Each child channel generates its own log during the synchronization " +"progress." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:17 -msgid "Contact Method" +#: modules/client-configuration/pages/snippets/check_sync_cli.adoc:5 +msgid "" +"You will need to check all the base and child channel log files to be sure " +"that the synchronization is complete." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:18 -msgid "Configuration Files" +#: modules/client-configuration/pages/snippets/check_sync_webui_suma.adoc:2 +msgid "" +"In the {productname} {webui}, navigate to menu:Admin[Setup Wizard] and " +"select the [guimenu]``Products`` tab." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:19 -msgid "Packages to be Installed" +#: modules/client-configuration/pages/snippets/check_sync_webui_suma.adoc:3 +msgid "" +"This dialog displays a completion bar for each product when they are being " +"synchronized." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:20 -msgid "System Group Assignment" +#: modules/client-configuration/pages/snippets/check_sync_webui_suma.adoc:4 +msgid "" +"Alternatively, you can navigate to menu:Software[Manage > Channels], then " +"click the channel associated to the repository." msgstr "" -#. type: Target for macro image -#: modules/client-configuration/pages/activation-keys.adoc:21 -#, no-wrap -msgid "provision-config-keys.png" +#. type: Plain text +#: modules/client-configuration/pages/snippets/manual_channels.adoc:1 +msgid "" +"When you have created the repositories, you can create the custom channels, " +"one for each repository:" msgstr "" #. type: Block title -#: modules/client-configuration/pages/activation-keys.adoc:25 +#: modules/client-configuration/pages/snippets/manual_channels.adoc:2 #, no-wrap -msgid "Procedure: Creating an Activation Key" +msgid "Procedure: Creating Custom Channels" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:27 +#: modules/client-configuration/pages/snippets/manual_channels.adoc:3 msgid "" -"In the {productname} {webui}, as an administrator, navigate to menu:" -"Systems[Activation Keys]." +"On the {productname} Server {webui}, navigate to menu:Software[Manage > " +"Channels]." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:28 -msgid "Click the btn:[Create Key] button." +#: modules/client-configuration/pages/snippets/manual_channels.adoc:4 +msgid "" +"Click btn:[Create Channel] and set the appropriate parameters for the " +"channels." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:29 +#: modules/client-configuration/pages/snippets/manual_channels.adoc:5 msgid "" -"On the [guimenu]``Activation Key Details`` page, in the " -"[guimenu]``Description`` field, enter a name for the activation key." +"In the [guimenu]``Parent Channel`` field, select the appropriate base " +"channel." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:31 -msgid "" -"In the [guimenu]``Key`` field, enter the distribution and service pack " -"associated with the key. For example, ``SLES12-SP4`` for {sles}{nbsp}" -"12{nbsp}SP4." +#: modules/client-configuration/pages/snippets/manual_channels.adoc:6 +msgid "Click btn:[Create Channel]." msgstr "" -#. type: delimited block = -#: modules/client-configuration/pages/activation-keys.adoc:37 -#: modules/client-configuration/pages/activation-keys.adoc:159 -msgid "" -"Do not use commas in the [guimenu]``Key`` field for any {suse} products. " -"However, you *must* use commas for Red Hat Products. For more information, " -"see xref:reference:systems/activation-keys.adoc[]." +#. type: Plain text +#: modules/client-configuration/pages/snippets/manual_channels.adoc:7 +msgid "Repeat for all channels you need to create." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:41 -msgid "" -"In the [guimenu]``Base Channels`` drop-down box, select the appropriate base " -"software channel, and allow the relevant child channels to populate. For " -"more information, see xref:reference:admin/setup-wizard.adoc#vle.webui.admin." -"wizard.products[] and xref:administration:custom-channels.adoc[]." +#: modules/client-configuration/pages/snippets/manual_channels.adoc:8 +msgid "There should be one custom channel for each custom repository." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:42 +#: modules/client-configuration/pages/snippets/manual_channels.adoc:9 msgid "" -"Select the child channels you need (for example, the mandatory {susemgr} " -"tools and updates channels)." +"You can check that you have created all the appropriate channels and " +"repositories, by navigating to menu:Software[Channel List > All]." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:43 +#: modules/client-configuration/pages/snippets/trust_gpg.adoc:1 msgid "" -"We recommend you leave the [guimenu]``Contact Method`` set to " -"[guimenu]``Default``." +"By default, some operating systems do not trust the GPG key for the " +"{productname} client tools. The clients can be successfully bootstrapped " +"without the GPG key being trusted. However, you will not be able to install " +"new client tool packages or update them until the keys are trusted." +msgstr "" + +#. type: Block title +#: modules/client-configuration/pages/snippets/trust_gpg.adoc:2 +#, no-wrap +msgid "Procedure: Trusting GPG Keys on Clients" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:44 +#: modules/client-configuration/pages/snippets/trust_gpg.adoc:3 msgid "" -"We recommend you leave the [guimenu]``Universal Default`` setting unchecked." +"On the {productname} Server, at the command prompt, check the contents of " +"the [path]``/srv/www/htdocs/pub/`` directory." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:45 -msgid "Click btn:[Create Activation Key] to create the activation key." +#: modules/client-configuration/pages/snippets/trust_gpg.adoc:4 +msgid "" +"This directory contains all available public keys. Take a note of the key " +"that applies to the client you are registering." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:46 +#: modules/client-configuration/pages/snippets/trust_gpg.adoc:5 msgid "" -"Check the [guimenu]``Configuration File Deployment`` check box to enable " -"configuration management for this key, and click btn:[Update Activation Key] " -"to save this change." +"Open the relevant bootstrap script, locate the [systemitem]``ORG_GPG_KEY=`` " +"parameter and add the required key." msgstr "" -#. type: delimited block = -#: modules/client-configuration/pages/activation-keys.adoc:51 -msgid "" -"The [guimenu]``Configuration File Deployment`` check box does not appear " -"until after you have created the activation key. Ensure you go back and " -"check the box if you need to enable configuration management." +#. type: Plain text +#: modules/client-configuration/pages/snippets/trust_gpg.adoc:6 +#: modules/client-configuration/pages/cobbler.adoc:20 +msgid "For example:" msgstr "" -#. type: Title == -#: modules/client-configuration/pages/activation-keys.adoc:55 +#. type: delimited block - +#: modules/client-configuration/pages/snippets/trust_gpg.adoc:7 #, no-wrap -msgid "Combining Activation Keys" +msgid "uyuni-gpg-pubkey-0d20833e.key\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:59 -msgid "" -"You can combine activation keys when executing the bootstrap script on your " -"traditional clients. Combining keys allows for more control on what is " -"installed on your systems and reduces duplication of keys for large or " -"complex environments." -msgstr "" - -#. type: Target for macro image -#: modules/client-configuration/pages/activation-keys.adoc:60 -#, no-wrap -msgid "combine-keys.png" +#: modules/client-configuration/pages/snippets/trust_gpg.adoc:8 +msgid "You do not need to delete any previously stored keys." msgstr "" -#. type: Target for macro image -#: modules/client-configuration/pages/activation-keys.adoc:62 -#, no-wrap -msgid "combine-keys2.png" +#. type: Plain text +#: modules/client-configuration/pages/snippets/trust_gpg.adoc:9 +msgid "" +"If you are bootstrapping clients from the {productname} {webui}, you will " +"need to use a Salt state to trust the key." msgstr "" -#. type: delimited block = -#: modules/client-configuration/pages/activation-keys.adoc:68 +#. type: Plain text +#: modules/client-configuration/pages/snippets/trust_gpg.adoc:10 msgid "" -"With Salt clients, you cannot combine activation keys. Only the first key " -"will be used." +"Create the Salt state and assign it to the organization. You can then use " +"an activation key and configuration channels to deploy the key to the " +"clients." msgstr "" -#. type: Title == -#: modules/client-configuration/pages/activation-keys.adoc:72 +#. type: Title = +#: modules/client-configuration/pages/client-proxy-cli.adoc:1 +#: modules/client-configuration/pages/registration-cli.adoc:1 #, no-wrap -msgid "Reactivation Keys" +msgid "Register on the Command Line (Salt)" msgstr "" +#. Might need an 'unsupported' note? LKB 2019-05-01 +#. cf. https://bugzilla.suse.com/show_bug.cgi?id=1131398 +#. I'd say "no", according to the outcome of +#. https://github.com/SUSE/spacewalk/issues/9333 KE 2019-12-17 #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:76 +#: modules/client-configuration/pages/client-proxy-cli.adoc:2 msgid "" -"Reactivation keys can be used once only to re-register a client and regain " -"all {productname} settings. Reactivation keys are client-specific, and " -"include the system ID, history, groups, and channels." +"Instead of the {webui}, you can use the command line to register a Salt " +"client to a proxy. This procedure requires that you have installed the Salt " +"package on the Salt client before registration. For SLE 12 based clients, " +"you also must have activated the [systemitem]``Advanced Systems Management`` " +"module." msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:81 +#. type: delimited block = +#: modules/client-configuration/pages/client-proxy-cli.adoc:3 msgid "" -"To create a reactivation key, navigate to [guimenu]``Systems``, click the " -"client to create a reactivation key for, and navigate to the menu:" -"Details[Reactivation] tab. Click btn:[Generate New Key] to create the " -"reactivation key. Record the details of the key for later use. Unlike " -"typical activation keys, which are not associated with a specific system ID, " -"keys created here do not show up on the menu:Systems[Activation Keys] page." +"Registering traditional clients on the command line is also possible, but it " +"requires more steps. It is not covered here. Use the bootstrap script " +"procedure to register traditional clients. For more information, see " +"xref:client-proxy-script.adoc[]." msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:85 -msgid "" -"When you have created a reactivation key, you can use it with the " -"[command]``rhnreg_ks`` command line utility. This command will re-register " -"the client and restore its {productname} settings. You can only use a " -"reactivation key once." +#. type: Block title +#: modules/client-configuration/pages/client-proxy-cli.adoc:4 +#, no-wrap +msgid "Procedure: Registering Clients to a Proxy Using the Command Line" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:88 -msgid "" -"You can combine reactivation keys with activation keys to aggregate the " -"settings of multiple keys for a single system profile. For example:" +#: modules/client-configuration/pages/client-proxy-cli.adoc:5 +#: modules/client-configuration/pages/registration-cli.adoc:5 +msgid "Choose a client configuration file located at:" msgstr "" #. type: delimited block - -#: modules/client-configuration/pages/activation-keys.adoc:93 +#: modules/client-configuration/pages/client-proxy-cli.adoc:6 +#: modules/client-configuration/pages/registration-cli.adoc:6 #, no-wrap -msgid "" -"rhnreg_ks --server=/XMLRPC \\\n" -" --activationkey=, \\\n" -" --force\n" +msgid "/etc/salt/minion\n" msgstr "" -#. type: delimited block = -#: modules/client-configuration/pages/activation-keys.adoc:100 -msgid "" -"If you autoinstall a client with its existing {productname} profile, the " -"profile will use the reactivation key to re-register the system and restore " -"its settings. Do not regenerate, delete, or use this key while a profile-" -"based autoinstallation is in progress. Doing so will cause the " -"autoinstallation to fail." +#. type: Plain text +#: modules/client-configuration/pages/client-proxy-cli.adoc:7 +#: modules/client-configuration/pages/registration-cli.adoc:7 +msgid "or:" msgstr "" -#. type: Title == -#: modules/client-configuration/pages/activation-keys.adoc:104 +#. type: delimited block - +#: modules/client-configuration/pages/client-proxy-cli.adoc:8 +#: modules/client-configuration/pages/registration-cli.adoc:8 #, no-wrap -msgid "Activation Key Best Practices" +msgid "/etc/salt/minion.d/NAME.conf\n" msgstr "" -#. type: Block title -#: modules/client-configuration/pages/activation-keys.adoc:106 -#, no-wrap -msgid "Default Parent Channel" +#. type: Plain text +#: modules/client-configuration/pages/client-proxy-cli.adoc:9 +#: modules/client-configuration/pages/registration-cli.adoc:9 +msgid "This is sometimes also called a minion file." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:111 -msgid "" -"Avoid using the [systemitem]``SUSE Manager Default`` parent channel. This " -"setting forces {productname} to choose a parent channel that best " -"corresponds to the installed operating system, which can sometimes lead to " -"unexpected behavior. Instead, we recommend you create activation keys " -"specific to each distribution and architecture." +#: modules/client-configuration/pages/client-proxy-cli.adoc:10 +msgid "Add the proxy FQDN as the `master` to the client configuration file:" msgstr "" -#. type: Block title -#: modules/client-configuration/pages/activation-keys.adoc:112 +#. type: delimited block - +#: modules/client-configuration/pages/client-proxy-cli.adoc:11 #, no-wrap -msgid "Bootstrapping with Activation Keys" +msgid "master: PROXY123.EXAMPLE.COM\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:117 -msgid "" -"If you are using bootstrap scripts, consider creating an activation key for " -"each script. This will help you align channel assignments, package " -"installation, system group memberships, and configuration channel " -"assignments. You will also need less manual interaction with your system " -"after registration." +#: modules/client-configuration/pages/client-proxy-cli.adoc:12 +#: modules/client-configuration/pages/registration-cli.adoc:12 +msgid "Restart the [systemitem]``salt-minion`` service:" msgstr "" -#. type: Block title -#: modules/client-configuration/pages/activation-keys.adoc:118 +#. type: delimited block - +#: modules/client-configuration/pages/client-proxy-cli.adoc:13 +#: modules/client-configuration/pages/registration-cli.adoc:13 +#: modules/client-configuration/pages/virt-xenkvm.adoc:13 #, no-wrap -msgid "Bandwidth Requirements" +msgid "systemctl restart salt-minion\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:121 +#: modules/client-configuration/pages/client-proxy-cli.adoc:14 msgid "" -"Using activation keys might result in automatic downloading of software at " -"registration time, which might not be desirable in environments where " -"bandwidth is constrained." +"On the server, accept the new client key; replace [systemitem]```` " +"with the name of your client:" msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:123 -msgid "These options create bandwidth usage:" +#. type: delimited block - +#: modules/client-configuration/pages/client-proxy-cli.adoc:15 +#: modules/client-configuration/pages/registration-cli.adoc:15 +#, no-wrap +msgid "salt-key -a ''\n" msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:125 -msgid "" -"Assigning a SUSE Product Pool channel will result in the automatic " -"installation of the corresponding product descriptor package." +#. type: Title = +#: modules/client-configuration/pages/client-proxy.adoc:1 +#, no-wrap +msgid "Client Registration on a Proxy" msgstr "" +#. The following sections cover registering Salt and traditional clients on a {productname} Proxy. +#. When a client is registered it connect to the proxy exclusively for Salt operations (Salt client) and normal HTTP package downloads. +#. There are three ways to register Salt clients. #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:126 -msgid "Any package in the [guimenu]``Packages`` section will be installed." +#: modules/client-configuration/pages/client-proxy.adoc:2 +msgid "" +"Proxy servers can act as a broker and package cache for both Salt and " +"traditional clients. Registering clients on a {productname} Proxy is " +"similar to registering them directly on {productname}, with a few key " +"differences." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:127 +#: modules/client-configuration/pages/client-proxy.adoc:3 msgid "" -"Any Salt state from the [guimenu]``Configuration`` section might trigger " -"downloads depending on its contents." +"These sections contain information on registering Salt clients on a proxy " +"using the {webui}, commands on the command line, or a bootstrap script. " +"There is also information on registering traditional clients using a " +"bootstrap script." msgstr "" -#. type: Block title -#: modules/client-configuration/pages/activation-keys.adoc:128 -#, no-wrap -msgid "Key Label Naming" +#. Here starts what you can see on the server about proxy connected clients +#. type: Plain text +#: modules/client-configuration/pages/client-proxy.adoc:4 +msgid "" +"Within the {webui}, proxy pages will show information about both Salt and " +"traditional clients. You can see a list of clients that are connected to a " +"proxy by clicking the name of the proxy in menu:Systems[System List > " +"Proxy], then select the [guimenu]``Proxy`` subtab of the " +"[guimenu]``Details`` tab." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:131 +#: modules/client-configuration/pages/client-proxy.adoc:5 msgid "" -"If you do not enter a human-readable name for your activation keys, the " -"system will automatically generate a number string, which can make it " -"difficult to manage your keys." +"A list of chained proxies for a Salt client can be seen by clicking the name " +"of the client in menu:Systems[All], then select the [guimenu]``Connection`` " +"subtab of the [guimenu]``Details`` tab." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:134 +#: modules/client-configuration/pages/client-proxy.adoc:6 msgid "" -"Consider a naming scheme for your activation keys to help you keep track of " -"them. Creating names which are associated with your organization's " -"infrastructure will make it easier for you when performing more complex " -"operations." +"If you decide to move any of your clients between proxies or the server you " +"will need to repeat the registration process from the beginning." msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:136 -msgid "When creating key labels, consider these tips:" +#. type: Title = +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:1 +#, no-wrap +msgid "Push via SSH" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:138 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:2 msgid "" -"OS naming (mandatory): Keys should always refer to the OS they provide " -"settings for" +"Push via SSH is used in environments where traditional clients cannot reach " +"the {productname} Server directly. In this environment, clients are located " +"in a firewall-protected zone called a DMZ. No system within the DMZ is " +"authorized to open a connection to the internal network, including the " +"{productname} Server." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:139 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:3 msgid "" -"Architecture naming (recommended): Unless your company is running on one " -"architecture only, for example x86_64, then providing labels with an " -"architecture type is a good idea." +"The Push via SSH method creates an encrypted tunnel from the {productname} " +"Server on the internal network to the clients located on the DMZ. After all " +"actions and events are executed, the tunnel is closed." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:140 -msgid "Server type naming: What is, or what will this server be used for?" +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:4 +msgid "" +"The server uses SSH to contact the clients at regular intervals, checking in " +"and performing scheduled actions and events." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:141 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:5 +msgid "" +"This contact method works for traditional clients only. For Salt clients, " +"use Push via Salt SSH." +msgstr "" + +#. type: delimited block = +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:6 msgid "" -"Location naming: Where is the server located? Room, building, or department?" +"Re-installing systems using the provisioning model is not currently " +"supported on clients managed with push via SSH." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:142 -msgid "Date naming: Maintenance windows, quarter, etc." +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:7 +msgid "" +"This image demonstrates the push via SSH process path. All items left of " +"the [systemitem]``Taskomatic`` block represent processes running on a " +"{productname} client." msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:143 -msgid "Custom naming: What naming scheme suits your organizations needs?" +#. type: Target for macro image +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:8 +#, no-wrap +msgid "sshpush-taigon.png" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:145 -msgid "Example activation key label names:" +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:9 +msgid "" +"For tunneling connections via SSH, two available port numbers are required, " +"one for tunneling HTTP and the second for tunneling via HTTPS (HTTP is only " +"necessary during the registration process). The port numbers used by " +"default are `1232` and `1233`. To overwrite these, you can add two custom " +"port numbers greater than 1024 to [path]``/etc/rhn/rhn.conf``:" msgstr "" #. type: delimited block - -#: modules/client-configuration/pages/activation-keys.adoc:148 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:10 #, no-wrap -msgid "sles12-sp2-web_server-room_129-x86_64\n" +msgid "" +"ssh_push_port_http = high_port_1\n" +"ssh_push_port_https = high_port_2\n" msgstr "" -#. type: delimited block - -#: modules/client-configuration/pages/activation-keys.adoc:152 -#, no-wrap -msgid "sles12-sp2-test_packages-blg_502-room_21-ppc64le\n" +#. type: Plain text +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:11 +msgid "" +"If you would like your clients to be contacted using their hostnames instead " +"of an IP address, set this option:" msgstr "" -#. type: Block title -#: modules/client-configuration/pages/activation-keys.adoc:161 +#. type: delimited block - +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:12 #, no-wrap -msgid "Included Channels" +msgid "ssh_push_use_hostname = true\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:164 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:13 msgid "" -"When creating activation keys you also need to keep in mind which software " -"channels will be associated with it." +"It is also possible to adjust the number of threads to use for opening " +"client connections in parallel. By default two parallel threads are used. " +"Set [systemitem]``taskomatic.ssh_push_workers`` in " +"[path]``/etc/rhn/rhn.conf``:" msgstr "" -#. type: delimited block = -#: modules/client-configuration/pages/activation-keys.adoc:170 -msgid "" -"Keys should have a specific base channel assigned to them, for example: " -"``SLES12-SP2-Pool-x86_64``. If this is not the case, {productname} cannot " -"use specific stages. Using the default base channel is not recommended and " -"may cause problems." +#. type: delimited block - +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:14 +#, no-wrap +msgid "taskomatic.ssh_push_workers = number\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:173 -msgid "Channels to be included:" +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:15 +msgid "" +"For security reasons, you might want to use sudo with SSH, to access the " +"system as an unprivileged user instead of as root." msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:174 -msgid "suse-manager-tools" +#. type: Block title +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:16 +#, no-wrap +msgid "Procedure: Configuring Unprivileged SSH Access" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:175 -#: modules/client-configuration/pages/activation-keys.adoc:183 -msgid "Typical packages to be included:" +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:17 +msgid "" +"Ensure you have the latest [path]``spacewalk-taskomatic`` and " +"[path]``spacewalk-certs-tools`` packages installed on the {productname} " +"Server." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:176 -msgid "mgr-osad (pushing tasks)" +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:18 +msgid "On each client system, create an appropriate unprivileged user." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:177 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:19 msgid "" -"Installs [package]``python-jabberpy`` and [package]``pyxml`` as dependencies" +"On each client system, open the [path]``/etc/sudoers`` file and comment out " +"these lines:" msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:178 -msgid "[package]``mgr-cfg-actions`` (Remote Command, Configuration Management)" +#. type: delimited block - +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:20 +#, no-wrap +msgid "" +"#Defaults targetpw # ask for the password of the target user i.e. root\n" +"#ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults " +"targetpw'!\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:179 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:21 msgid "" -"Installs [package]``mgr-cfg`` and [package]``mgr-cfg-client`` as dependencies" +"On each client system, in the `User privilege specification` section, add " +"these lines:" msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:181 -msgid "The [systemitem]``suse-manager-tools`` channel is mandatory." +#. type: delimited block - +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:22 +#, no-wrap +msgid "" +" ALL=(ALL) NOPASSWD:/usr/sbin/mgr_check\n" +" ALL=(ALL) NOPASSWD:/home//enable.sh\n" +" ALL=(ALL) NOPASSWD:/home//bootstrap.sh\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:185 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:23 msgid "" -"osad (pushing tasks): Installs [package]``python-jabberpy`` and " -"[package]``pyxml`` as dependencies" +"On each client system, in the [path]``/home/user/.bashrc`` file, add these " +"lines:" +msgstr "" + +#. type: delimited block - +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:24 +#, no-wrap +msgid "" +"PATH=$PATH:/usr/sbin\n" +"export PATH\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/activation-keys.adoc:185 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:25 msgid "" -"[package]``rhncfg-actions`` (Remote Command, Configuration Managment): " -"Installs [package]``rhncfg`` and [package]``rhncfg-client`` as dependencies" +"On the {productname} Server, in the [path]``/etc/rhn/rhn.conf`` " +"configuration file, add or amend this line to include the unprivileged " +"username:" msgstr "" -#. type: Title = -#: modules/client-configuration/pages/autoinstallation-methods.adoc:2 +#. type: delimited block - +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:26 #, no-wrap -msgid "Automate Client Installation" +msgid "ssh_push_sudo_user = \n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoinstallation-methods.adoc:7 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:27 msgid "" -"{ay} and Kickstart configuration files allow you to automate client system " -"installations. This is useful if you need to install a large number of " -"clients." +"Because clients are in the DMZ and cannot reach the server, you need to use " +"the [command]``mgr-ssh-push-init`` tool to register them with the " +"{productname} Server." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoinstallation-methods.adoc:10 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:28 msgid "" -"For {sle} clients, use {ay}. When you have created an {ay} file, you can " -"upload and manage it using the {productname} {webui}." +"To use the tool, you will need the client hostname or IP address, and the " +"path to a valid bootstrap script on the {productname} Server. For more " +"information about bootstrapping, see " +"xref:client-configuration:registration-bootstrap.adoc[]." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoinstallation-methods.adoc:13 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:29 msgid "" -"For {rhel} clients, use Kickstart. Kickstart files are created, modified, " -"and managed within the {productname} {webui}." +"The bootstrap script will need to have an activation key associated with it " +"that is configured for Push via SSH. For more information on activation " +"keys, see xref:client-configuration:activation-keys.adoc[]." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoinstallation-methods.adoc:21 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:30 msgid "" -"We recommend that you use PXE boot for installing clients. PXE booting " -"requires a DHCP server that points to your {productname} Server. The " -"{productname} Server then acts as a TFTP server. The TFTP environment is " -"generated with Cobbler. Cobbler can also generate a bootable ISO image. " -"The ISO image can be used to install machines when PXE boot is not an " -"option. For more information about Cobbler, see xref:client-configuration:" -"cobbler.adoc[]." +"Before you begin, you need to ensure that you have specified which ports to " +"use for SSH tunneling. If you have registered clients before changing the " +"port numbers, they will need to be registered again." msgstr "" -#. type: Title = -#: modules/client-configuration/pages/autoyast-example.adoc:2 +#. type: delimited block = +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:31 +msgid "" +"Clients that are managed with Push via SSH cannot reach the server " +"directly. When you use the [command]``mgr-ssh-push-init`` tool, the " +"[systemitem]``rhnsd`` daemon is disabled." +msgstr "" + +#. type: Block title +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:32 #, no-wrap -msgid "AutoYast Example File" +msgid "Procedure: Registering Clients with Push via SSH" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast-example.adoc:5 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:33 msgid "" -"{suse} provides templates of AutoYaST profiles in the https://github.com/" -"SUSE/manager-build-profiles[SUSE/manager-build-profiles] public GitHub " -"repository." +"At the command prompt on the {productname} Server, as root, execute this " +"command:" msgstr "" -#. type: Title == -#: modules/client-configuration/pages/autoyast-example.adoc:7 +#. type: delimited block - +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:34 #, no-wrap -msgid "Minimalist AutoYaST Profile for Automated Installations and Useful Enhancements" +msgid "" +"# mgr-ssh-push-init --client --register \\\n" +"/srv/www/htdocs/pub/bootstrap/bootstrap_script --tunnel\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast-example.adoc:12 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:35 msgid "" -"The {ay} profile in this section installs a {sles} system with all default " -"installation options including a default network configuration using DHCP. " -"After the installation is finished, a bootstrap script located on the " -"{productname} server is executed in order to register the freshly installed " -"system with {productname}. You need to adjust the IP address of the " -"{productname} server, the name of the bootstrap script, and the root " -"password according to your environment:" +"OPTIONAL: You can remove the [command]``--tunnel`` option, if you do not " +"want to use tunneling." +msgstr "" + +#. type: Plain text +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:36 +msgid "Verify that the SSH connection is active:" msgstr "" #. type: delimited block - -#: modules/client-configuration/pages/autoyast-example.adoc:19 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:37 #, no-wrap msgid "" -"\n" -" ...\n" -" root\n" -" `linux`\n" -"\n" +"# ssh -i /root/.ssh/id_susemanager -R ::443 \\\n" +" zypper ref\n" msgstr "" -#. type: delimited block - -#: modules/client-configuration/pages/autoyast-example.adoc:21 +#. type: Block title +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:38 #, no-wrap -msgid "http://`192.168.1.1`/pub/bootstrap/`my_bootstrap.sh`\n" -msgstr "" - -#. type: Plain text -#: modules/client-configuration/pages/autoyast-example.adoc:24 -msgid "The complete {ay} file:" +msgid "Example: API Access to Push via SSH" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast-example.adoc:26 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:39 msgid "" -"You can find the AutoYaST file at https://github.com/SUSE/manager-build-" -"profiles/tree/master/AutoYaST/Minimal-AutoYaST." +"You can use the API to manage which contact method to use. This example " +"Python code sets the contact method to ``ssh-push``." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast-example.adoc:28 -msgid "Use this enhancement fragment to add child channels:" +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:40 +msgid "Valid values are:" msgstr "" -#. type: delimited block - -#: modules/client-configuration/pages/autoyast-example.adoc:47 -#, no-wrap -msgid "" -"\n" -" \n" -" \n" -" true\n" -" http://$c_server/ks/dist/child/`channel-label`/`distribution-label`\n" -" $c_name\n" -" $c_product\n" -" /\n" -" \n" -" \n" -" \n" -" http://$c_server/ks/dist/child/`channel-label`/`sle-manager-tools`/`distribution-label`\n" -" ...\n" -" \n" -" ...\n" -" \n" -"\n" +#. type: Plain text +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:41 +msgid "`default` (pull)" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast-example.adoc:53 -msgid "" -"Replace [replaceable]``channel-label`` and [replaceable]``distribution-" -"label`` with the correct labels (such as `sles12-sp4-updates-x86_64` and " -"`sles12-sp4-x86_64`). Ensure that the distribution label corresponds to the " -"Autoinstallable Distribution. Set the variables (such as ``$c_server``) " -"according to your environment. For more information about variables, see " -"xref:reference:systems/autoinst-distributions.adoc[]." +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:42 +msgid "`ssh-push`" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast-example.adoc:56 -msgid "Here is a literal example for `sles12-sp4-x86_64`:" +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:43 +msgid "`ssh-push-tunnel`" msgstr "" #. type: delimited block - -#: modules/client-configuration/pages/autoyast-example.adoc:83 -#, no-wrap -msgid "" -"\n" -" \n" -" \n" -" \n" -" http://192.168.150.10/ks/dist/child/dev-sles12-sp4-updates-x86_64/dev-sles12sp4\n" -" SLES 12 Updates\n" -" /\n" -" SLES12 Updates\n" -" \n" -" \n" -" \n" -" http://192.168.150.10/ks/dist/child/dev-sle-manager-tools12-pool-x86_64-sp4/dev-sles12sp4\n" -" SLES 12 Pool SUSE Manager Tools\n" -" /\n" -" SLES12 Pool SUSE Manager Tools\n" -" \n" -" \n" -" \n" -" http://192.168.150.10/ks/dist/child/dev-sle-manager-tools12-updates-x86_64-sp4/dev-sles12sp4\n" -" SLES 12 Updates SUSE Manager Tools\n" -" /\n" -" SLES12 Updates SUSE Manager Tools\n" -" \n" -" \n" -"\n" -msgstr "" - -#. type: Block title -#: modules/client-configuration/pages/autoyast-example.adoc:86 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:44 #, no-wrap -msgid "Add the Updates Channel" -msgstr "" - -#. type: delimited block = -#: modules/client-configuration/pages/autoyast-example.adoc:92 msgid "" -"It is required that you add the updates tools channel to the `` {ay} " -"snippet section. This ensures your systems are provided with an up-to-date " -"version of the `libzypp` package. If you do not include the updates tools " -"channel, you will encounter `400` errors. In this example, the " -"(DISTRIBUTION_NAME) is replaced with the name of the autoinstallation " -"distribution from menu:Systems[Autoinstallation > Distributions]." +"client = xmlrpclib.Server(SUMA_HOST + \"/rpc/api\", verbose=0)\n" +"key = client.auth.login(SUMA_LOGIN, SUMA_PASSWORD)\n" +"client.system.setDetails(key, 1000012345, {'contact_method' : 'ssh-push'})\n" msgstr "" -#. type: delimited block - -#: modules/client-configuration/pages/autoyast-example.adoc:101 -#, no-wrap +#. type: Plain text +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:45 msgid "" -"\n" -" true\n" -" http://$redhat_management_server/ks/dist/child/sles12-sp2-updates-x86_64/(DISTRIBUTION_NAME)\n" -" sles12 sp2 updates\n" -" SLES12\n" -" /\n" -"\n" +"If you have a client that has already been registered, and you want to " +"migrate it to use Push via SSH, some extra steps are required. You can use " +"the [command]``mgr-ssh-push-init`` tool to set up your client." msgstr "" -#. type: Title = -#: modules/client-configuration/pages/autoyast.adoc:2 +#. type: Block title +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:46 #, no-wrap -msgid "AutoYaST" +msgid "Procedure: Migrating Registered Systems to Push via SSH" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:6 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:47 msgid "" -"When you install a {sle} client, there are a number of questions you need to " -"answer. To automate installation, you can create an {ay} file with all the " -"answers to those questions, so that no user intervention is required." +"At the command prompt on the {productname} Server, as root, set up the " +"client:" msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:9 +#. type: delimited block - +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:48 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:55 +#, no-wrap msgid "" -"{ay} files can be kept on a server and read by individual clients during " -"installation. The same {ay} file is used to install multiple clients." +"# mgr-ssh-push-init --client \\\n" +"/srv/www/htdocs/pub/bootstrap/bootstrap_script --tunnel\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:11 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:49 msgid "" -"{ay} can be used to schedule a registered system to be installed with a new " -"operating system and package profile, or you can use it to install a new " -"system that was not previously registered, or does not yet have an operating " -"system installed." +"Using the {productname} {webui}, change the client's contact method to " +"`ssh-push` or `ssh-push-tunnel`." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:13 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:50 msgid "" -"For more information about {ay}, see https://doc.opensuse.org/projects/" -"autoyast/." +"OPTIONAL: If you need to edit an existing activation key, you can do so with " +"this command:" msgstr "" -# -# -# -#. This is general autoyast info, not specific to SUMA. LKB 2019-07-29 -#. When a machine is to receive a network-based {ay} installation, the following events must occur in this order: -#. . After being connected to the network and turned on, the machine's PXE logic broadcasts its MAC address and requests to be discovered. -#. . If no static IP address is used, the DHCP server recognizes the discovery request and offers network information needed for the new machine to boot. This includes an IP address, the default gateway to be used, the netmask of the network, the IP address of the TFTP or HTTP server holding the bootloader program, and the full path and file name to that program (relative to the server's root). -#. . The machine applies the networking information and initiates a session with the server to request the bootloader program. -#. . The bootloader searches for its configuration file on the server from which it was loaded. This file dictates which Kernel and Kernel options, such as the initial RAM disk (initrd) image, should be executed on the booting machine. Assuming the bootloader program is SYSLINUX, this file is located in the [path]``pxelinux.cfg`` directory on the server and named the hexadecimal equivalent of the new machine's IP address. For example, a bootloader configuration file for {sles} should contain: -#. + -#. ---- -#. port 0 -#. prompt 0 -#. timeout 1 -#. default autoyast -#. label autoyast -#. kernel vmlinuz -#. append autoyast=http://`my_susemanager_server`/`path`#. install=http://`my_susemanager_server`/`repo_tree` -#. ---- -#. . The machine accepts and uncompresses the initrd and kernel, boots the kernel, fetches the instsys from the install server and initiates the {ay} installation with the options supplied in the bootloader configuration file, including the server containing the {ay} configuration file. -#. . The new machine is installed based on the parameters established within the {ay} configuration file. -#. type: Title == -#: modules/client-configuration/pages/autoyast.adoc:41 +#. type: delimited block - +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:51 #, no-wrap -msgid "Before you Begin" -msgstr "" - -#. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:45 msgid "" -"Some preparation is required for your infrastructure to handle {ay} " -"installations. Before you create an {ay} profile, consider:" +"client.activationkey.setDetails(key, '1-mykey', {'contact_method' : " +"'ssh-push'})\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:48 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:52 msgid "" -"A DHCP server is not required for {ay}, but it can make things easier. If " -"you are using static IP addresses, you should select static IP while " -"developing your {ay} profile." -msgstr "" - -#. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:49 -msgid "Host the {ay} distribution trees via HTTP, provided by {productname}." +"You can also use Push via SSH for clients that connect using a {productname} " +"Proxy. Ensure your proxy is updated before you begin." msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:50 -msgid "" -"If you are performing a bare metal {ay} installation, use these settings:" +#. type: Block title +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:53 +#, no-wrap +msgid "Procedure: Registering Clients with Push via SSH to a Proxy" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:51 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:54 msgid "" -"Configure DHCP to assign the required networking parameters and the " -"bootloader program location." +"At the command prompt on the {productname} Proxy, as root, set up the " +"client:" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:52 +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:56 msgid "" -"In the bootloader configuration file, specify the kernel and appropriate " -"kernel options to be used." +"At the command prompt on the {productname} Server, copy the SSH key to the " +"proxy:" msgstr "" -#. type: Title == -#: modules/client-configuration/pages/autoyast.adoc:55 +#. type: delimited block - +#: modules/client-configuration/pages/contact-methods-pushssh.adoc:57 #, no-wrap -msgid "Build a Bootable ISO" +msgid "mgr-ssh-push-init --client \n" msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:59 -msgid "" -"You will need to create a bootable ISO image to be used by the target system " -"for installation. When the system is rebooted or switched on, it boots from " -"the image, loads the {ay} configuration from your {productname}, and " -"installs {sles} according to the {ay} profile." +#. type: Title = +#: modules/client-configuration/pages/products.adoc:1 +#, no-wrap +msgid "Software Products" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:62 +#: modules/client-configuration/pages/products.adoc:2 msgid "" -"To use the ISO image, boot the system and type `autoyast` at the prompt " -"(assuming you left the label for the {ay} boot as ``autoyast``). Press kbd:" -"[Enter] to begin the {ay} installation." +"In {productname}, software is made available in products. Your {suse} " +"subscription allows you to access a range of different products, which you " +"can browse and select in the {productname} {webui} by navigating to " +"menu:Admin[Setup Wizard > Products]." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:65 +#: modules/client-configuration/pages/products.adoc:3 msgid "" -"This is managed by the KIWI image system. For more information about KIWI, " -"see http://doc.opensuse.org/projects/kiwi/doc/." -msgstr "" - -#. type: Title == -#: modules/client-configuration/pages/autoyast.adoc:68 -#, no-wrap -msgid "Integrate with PXE" +"Products contain any number of software channels. Click the `Show product's " +"channels` icon to see the channels included in the product. When you have " +"added a product and synchronized successfully, you have access to the " +"channels provided by the product, and can use the packages in the product on " +"your {productname} Server and clients." msgstr "" +#. Might need an 'unsupported' note? LKB 2019-05-01 +#. I'd say "no", according to the outcome of +#. https://github.com/SUSE/spacewalk/issues/9333 KE 2019-12-17 #. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:72 +#: modules/client-configuration/pages/registration-cli.adoc:2 msgid "" -"Instead of using a bootable ISO image, you can use a PXE image instead. " -"This is less error-prone, allows {ay} installation from bare metal, and " -"integrates with existing PXE/DHCP environments." +"Instead of the {webui}, you can use the command line to register a Salt " +"client. This procedure requires that you have installed the Salt package on " +"the Salt client before registration. For SLE 12 based clients, you also " +"must have activated the [systemitem]``Advanced Systems Management`` module." msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:75 +#. type: delimited block = +#: modules/client-configuration/pages/registration-cli.adoc:3 msgid "" -"To use this method, make sure your systems have network interface cards " -"(NICs) that support PXE. You will need to install and configure a PXE " -"server, ensure DHCP is running, and place the installation repository on an " -"HTTP server that is reachable by the {productname} Server." +"Registering on the command line is also possible with traditional clients, " +"but it requires more steps. It is not covered here. Use the bootstrap " +"script procedure to register traditional clients. For more information, see " +"xref:registration-bootstrap.adoc[]." msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:77 -msgid "" -"Upload the {ay} profile to the {productname} Server using the {productname} " -"{webui}." +#. type: Block title +#: modules/client-configuration/pages/registration-cli.adoc:4 +#, no-wrap +msgid "Procedure: Registering Clients Using the Command Line" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:79 +#: modules/client-configuration/pages/registration-cli.adoc:10 msgid "" -"When the {ay} profile has been created, use the URL from the " -"[guimenu]``Autoinstallation Overview`` page as the image location." +"Add the {productname} Server or Proxy FQDN as the `master`, and the " +"activation key, to the client configuration file:" msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:81 +#. type: delimited block - +#: modules/client-configuration/pages/registration-cli.adoc:11 +#, no-wrap msgid "" -"For more information about PXE boot, see https://documentation.suse.com/" -"sles/15-SP1/html/SLES-all/cha-deployment-prep-pxe.html" +"master: SERVER.EXAMPLE.COM\n" +"server_id_use_src: adler32\n" +"enable_legacy_startup_events: False\n" +"enable_fqdns_grains: False\n" +"grains:\n" +" susemanager:\n" +" activation_key: \"\"\n" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/autoyast.adoc:82 +#: modules/client-configuration/pages/registration-cli.adoc:14 msgid "" -"For more information about autoinstallation profiles, see xref:reference:" -"systems/autoinst-profiles.adoc[]." -msgstr "" - -#. type: Title = -#: modules/client-configuration/pages/bootstrap-repository.adoc:2 -#, no-wrap -msgid "Bootstrap Repository" +"On the {productname} Server, accept the new client key; replace " +"[systemitem]```` with the name of your client:" msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/bootstrap-repository.adoc:6 +#. type: delimited block = +#: modules/client-configuration/pages/registration-cli.adoc:16 +#: modules/client-configuration/pages/registration-bootstrap.adoc:24 +#: modules/client-configuration/pages/registration-webui.adoc:25 msgid "" -"A bootstrap repository contains packages for installing Salt on clients, as " -"well as the required packages for registering Salt or traditional clients " -"during bootstrapping. Bootstrap repositories are automatically created and " -"regenerated on the {productname} Server for every synchronized product." +"To register and use {centos}{nbsp}6, {oracle}{nbsp}6, {rhel}{nbsp}6, or " +"{sleses}{nbsp}6 clients, you need to configure the {productname} Server to " +"support older types of SSL encryption. For more information about how to " +"resolve this error, see ``Registering Older Clients`` at " +"xref:client-configuration:tshoot-clients.adoc[]." msgstr "" -#. type: Title == -#: modules/client-configuration/pages/bootstrap-repository.adoc:9 -#, no-wrap -msgid "Prepare to Create a Bootstrap Repository" +#. REMARK: This is what we previously offered: +# +#. .Procedure: Registering Salt Clients +#. . On your client as {rootuser} enter the following command: +#. + +# +#. ---- +#. zypper ar http://FQDN.server.example.com/pub/repositories/sle/12/4/bootstrap/ \ +#. sles12-sp4 +#. ---- +#. + +# +#. [NOTE] +#. ==== +#. Do not use ``HTTPS``. +#. Use `HTTP` instead to avoid errors. +#. ==== +#. + +# +#. . After adding the repository containing the necessary Salt packages execute: +#. + +# +#. ---- +#. zypper in salt-minion +#. ---- +#. . Modify the client configuration file to point to the fully qualified domain name ([replaceable]``FQDN``) of the {productname} server (master): +#. + +# +#. ---- +#. vi /etc/salt/minion +#. ---- +#. + +#. Find and change the line: +#. + +# +#. ---- +#. master: salt +#. ---- +#. + +#. to: +#. + +# +#. ---- +#. master: FQDN.server.example.com +#. ---- +#. . Restart the Salt client with: +#. + +# +#. ---- +#. systemctl restart salt-minion +#. ---- +# +#. Your newly registered client should now show up within the {webui} under menu:Salt[Keys]. +#. Accept the [guimenu]``pending`` key to begin management. +#. type: Title = +#: modules/client-configuration/pages/registration-overview-oracle.adoc:1 +#, no-wrap +msgid "Oracle Client Registration" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/bootstrap-repository.adoc:12 +#: modules/client-configuration/pages/registration-overview-oracle.adoc:2 msgid "" -"When you select a product for synchronization, the bootstrap repository is " -"automatically created as soon as all mandatory channels are fully mirrored." +"You can register {oracle} clients to your {productname} Server. The method " +"and details varies depending on the operating system of the client." msgstr "" -#. type: Title == -#: modules/client-configuration/pages/bootstrap-repository.adoc:31 -#, no-wrap -msgid "Options for Automatic Mode" +#. type: Plain text +#: modules/client-configuration/pages/registration-overview-oracle.adoc:3 +#: modules/client-configuration/pages/registration-overview-redhat.adoc:3 +#: modules/client-configuration/pages/registration-overview-ubuntu.adoc:3 +#: modules/client-configuration/pages/registration-overview-centos.adoc:3 +#: modules/client-configuration/pages/registration-overview-debian.adoc:3 +#: modules/client-configuration/pages/registration-overview-suse.adoc:3 +msgid "" +"Before you start, ensure that the client has the date and time synchronized " +"correctly with the {productname} Server." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/bootstrap-repository.adoc:35 +#: modules/client-configuration/pages/registration-overview-oracle.adoc:4 +#: modules/client-configuration/pages/registration-overview-redhat.adoc:4 +#: modules/client-configuration/pages/registration-overview-ubuntu.adoc:4 +#: modules/client-configuration/pages/registration-overview-centos.adoc:4 +#: modules/client-configuration/pages/registration-overview-debian.adoc:4 +#: modules/client-configuration/pages/registration-overview-suse.adoc:4 msgid "" -"You can change how the automated bootstrap repository creation works. This " -"section details the various settings." +"You must also have created an activation key. For more information about " +"creating activation keys, see " +"xref:client-configuration:activation-keys.adoc[]." msgstr "" -#. type: Block title -#: modules/client-configuration/pages/bootstrap-repository.adoc:38 +#. type: Title = +#: modules/client-configuration/pages/registration-overview-redhat.adoc:1 #, no-wrap -msgid "Flush Mode" +msgid "Red Hat Client Registration" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/bootstrap-repository.adoc:42 +#: modules/client-configuration/pages/registration-overview-redhat.adoc:2 msgid "" -"By default, every regeneration starts with an empty repository and copies " -"only the latest packages into it. To disable this behavior, add or edit " -"this value in [path]``/etc/rhn/rhn.conf``:" +"You can register {rhel} clients to your {productname} Server using either " +"the {redhat} content delivery network (CDN), or {redhat} update " +"infrastructure (RHUI). The method and details varies depending on the " +"operating system of the client." msgstr "" -#. type: delimited block - -#: modules/client-configuration/pages/bootstrap-repository.adoc:45 +#. type: Title = +#: modules/client-configuration/pages/registration-overview-ubuntu.adoc:1 #, no-wrap -msgid "server.susemanager.bootstrap_repo_flush = 0\n" +msgid "Ubuntu Client Registration" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/bootstrap-repository.adoc:48 +#: modules/client-configuration/pages/registration-overview-ubuntu.adoc:2 msgid "" -"Alternatively, you can use the ``--no-flush`` option when you create the " -"bootstrap repository from the command prompt." +"You can register {ubuntu} clients to your {productname} Server. The method " +"and details varies depending on the operating system of the client." msgstr "" #. type: Block title -#: modules/client-configuration/pages/bootstrap-repository.adoc:51 +#: modules/client-configuration/pages/activation-keys.adoc:1 +#: modules/client-configuration/pages/client-automating-profiles.adoc:109 +#: modules/client-configuration/pages/client-automating-profiles.adoc:110 #, no-wrap -msgid "Automatic Mode" +msgid "Activation Keys" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/bootstrap-repository.adoc:55 +#: modules/client-configuration/pages/activation-keys.adoc:2 msgid "" -"By default, automated regeneration of the bootstrap repositories is " -"enabled. To disable it, add or edit this value in [path]``/etc/rhn/rhn." -"conf``:" +"Activation keys are used with traditional and Salt clients to ensure that " +"your clients have the correct software entitlements, are connecting to the " +"appropriate channels, and are subscribed to the relevant groups. Each " +"activation key is bound to an organization, which you can set when you " +"create the key." msgstr "" -#. type: delimited block - -#: modules/client-configuration/pages/bootstrap-repository.adoc:58 -#, no-wrap -msgid "server.susemanager.auto_generate_bootstrap_repo = 0\n" +#. type: Plain text +#: modules/client-configuration/pages/activation-keys.adoc:3 +msgid "" +"In {productname}, an activation key is a group of configuration settings " +"with a label. You can apply all configuration settings associated with an " +"activation key by adding its label as a parameter to a bootstrap script. We " +"recommend you use an activation key label in combination with a bootstrap " +"script. When the bootstrap script is executed all configuration settings " +"associated with the label are applied to the system the script is run on." msgstr "" -#. type: Title === -#: modules/client-configuration/pages/bootstrap-repository.adoc:62 -#, no-wrap -msgid "Configure Bootstrap Data File" +#. type: Plain text +#: modules/client-configuration/pages/activation-keys.adoc:4 +msgid "An activation key can specify:" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/bootstrap-repository.adoc:69 -msgid "" -"The tool uses a data file with information about which packages are required " -"for each distribution. The data file is stored at [path]``/usr/share/" -"susemanager/mgr_bootstrap_data.py``. {suse} updates this file regularly. " -"If you want to makes changes to this file, do not edit it directly. " -"Instead, create a copy in the same directory and edit your copy:" +#: modules/client-configuration/pages/activation-keys.adoc:5 +msgid "Channel Assignment" msgstr "" -#. type: delimited block - -#: modules/client-configuration/pages/bootstrap-repository.adoc:73 -#, no-wrap -msgid "" -"cd /usr/share/susemanager/\n" -"cp mgr_bootstrap_data.py my_data.py\n" +#. type: Plain text +#: modules/client-configuration/pages/activation-keys.adoc:6 +msgid "System Types (Traditionally called Add-on Entitlements)" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/bootstrap-repository.adoc:77 -msgid "" -"When you have made your changes, configure {productname} to use the new " -"file. Add or edit this value in [path]``/etc/rhn/rhn.conf``:" +#: modules/client-configuration/pages/activation-keys.adoc:7 +msgid "Contact Method" msgstr "" -#. type: delimited block - -#: modules/client-configuration/pages/bootstrap-repository.adoc:80 -#, no-wrap -msgid "server.susemanager.bootstrap_repo_datamodule = my_data\n" +#. type: Plain text +#: modules/client-configuration/pages/activation-keys.adoc:8 +msgid "Configuration Files" msgstr "" -#. type: delimited block = -#: modules/client-configuration/pages/bootstrap-repository.adoc:86 -msgid "" -"On the next update, the new data from {suse} will overwrite the original " -"data file, not the new one. You will need to keep the new file up to date " -"with changes provided by {suse}." +#. type: Plain text +#: modules/client-configuration/pages/activation-keys.adoc:9 +msgid "Packages to be Installed" msgstr "" -#. type: Title == -#: modules/client-configuration/pages/bootstrap-repository.adoc:90 -#, no-wrap -msgid "Manually Generate a Bootstrap Repository" +#. type: Plain text +#: modules/client-configuration/pages/activation-keys.adoc:10 +msgid "System Group Assignment" msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/bootstrap-repository.adoc:94 -msgid "" -"By default, bootstrap repositories are regenerated daily. You can manually " -"create the bootstrap repository from the command prompt:" +#. type: Target for macro image +#: modules/client-configuration/pages/activation-keys.adoc:11 +#, no-wrap +msgid "provision-config-keys.png" msgstr "" #. type: Block title -#: modules/client-configuration/pages/bootstrap-repository.adoc:97 +#: modules/client-configuration/pages/activation-keys.adoc:12 +#: modules/client-configuration/pages/client-upgrades-lifecycle.adoc:15 +#: modules/client-configuration/pages/client-upgrades-major.adoc:33 #, no-wrap -msgid "Procedure: Generating the Bootstrap Repository for {sle}" +msgid "Procedure: Creating an Activation Key" msgstr "" #. type: Plain text -#: modules/client-configuration/pages/bootstrap-repository.adoc:99 +#: modules/client-configuration/pages/activation-keys.adoc:13 msgid "" -"At the command prompt on the {productname} Server, as root, list the " -"available bootstrap repositories:" +"In the {productname} {webui}, as an administrator, navigate to " +"menu:Systems[Activation Keys]." msgstr "" -#. type: delimited block - -#: modules/client-configuration/pages/bootstrap-repository.adoc:102 -#, no-wrap -msgid "mgr-create-bootstrap-repo -l\n" +#. type: Plain text +#: modules/client-configuration/pages/activation-keys.adoc:14 +msgid "Click the btn:[Create Key] button." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/bootstrap-repository.adoc:104 +#: modules/client-configuration/pages/activation-keys.adoc:15 msgid "" -"Create the bootstrap repository, using the appropriate repository name as " -"the product label:" -msgstr "" - -#. type: delimited block - -#: modules/client-configuration/pages/bootstrap-repository.adoc:107 -#, no-wrap -msgid "mgr-create-bootstrap-repo -c SLE-version-x86_64\n" +"On the [guimenu]``Activation Key Details`` page, in the " +"[guimenu]``Description`` field, enter a name for the activation key." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/bootstrap-repository.adoc:110 +#: modules/client-configuration/pages/activation-keys.adoc:16 msgid "" -"The client repository is located in [path]``/srv/www/htdocs/pub/repositories/" -"``." +"In the [guimenu]``Key`` field, enter the distribution and service pack " +"associated with the key." msgstr "" -#. type: Block title -#: modules/client-configuration/pages/bootstrap-repository.adoc:113 -#, no-wrap -msgid "Procedure: Specifying a Parent Channel for a Bootstrap Repository" +#. type: Plain text +#: modules/client-configuration/pages/activation-keys.adoc:17 +msgid "For example, ``SLES12-SP4`` for {sles}{nbsp}12{nbsp}SP4." msgstr "" -#. type: Plain text -#: modules/client-configuration/pages/bootstrap-repository.adoc:116 +#. type: delimited block = +#: modules/client-configuration/pages/activation-keys.adoc:18 +#: modules/client-configuration/pages/activation-keys.adoc:74 msgid "" -"If you have mirrored more than one product (for example, SLES and SLES for " -"SAP), or if you use custom channels, you need to specify the parent channel " -"to use when creating the bootstrap repository." +"Do not use commas in the [guimenu]``Key`` field for any {suse} products. " +"However, you *must* use commas for Red Hat Products. For more information, " +"see xref:reference:systems/activation-keys.adoc[]." msgstr "" #. type: Plain text -#: modules/client-configuration/pages/bootstrap-repository.adoc:118 -msgid "Check which parent channels you have available:" +#: modules/client-configuration/pages/activation-keys.adoc:19 +msgid "" +"In the [guimenu]``Base Channels`` drop-down box, select the appropriate base " +"software channel, and allow the relevant child channels to populate." msgstr "" -#. type: delimited block - -#: modules/client-configuration/pages/bootstrap-repository.adoc:126 -#, no-wrap +#. type: Plain text +#: modules/client-configuration/pages/activation-keys.adoc:20 msgid "" -"mgr-create-bootstrap-repo -c SLE-15-x86_64\n" -"Multiple options for parent channel found. Please use option\n" -"--with-parent-channel