Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
SUSE Manager Documentation › Best Practices › Expanded Support
ContentsContents
Best Practices
  1. 1 Introduction
  2. 2 Managing Your Subscriptions
  3. 3 Expanded Support
  4. 4 Salt Formulas and SUSE Manager
  5. 5 Configuration Management with Salt
  6. 6 Salt Minion Scalability
  7. 7 Activation Key Management
  8. 8 Contact Methods
  9. 9 Advanced Patch Lifecycle Management
  10. 10 Live Patching with SUSE Manager
  11. 11 SUSE Manager Server Migration
  12. 12 Client Migration
  13. 13 PostgreSQL Database Migration
  14. 14 Backup and Restore
  15. 15 Authentication Methods
  16. 16 Using a Custom SSL Certificate
  17. 17 Troubleshooting
  18. 18 Additional Resources
  19. 19 A SUSE Manager 2.1 and 3.2 Product Comparison
  20. A GNU Licenses
  21. 20 GNU Free Documentation License
Navigation
SUSE Manager Documentation › Best Practices › Expanded Support
Top

3 Expanded Support

3.1 Managing Red Hat Enterprise Linux Clients
3.2 Preparing Channels and Repositories for CentOS Traditional Clients
3.3 Registering CentOS Salt Minions with SUSE Manager
3.4 Managing Ubuntu Clients
3.5 Prepare to Register Ubuntu Clients

In the following sections find information about Red Hat, CentOS, and Ubuntu clients.

3.1 Managing Red Hat Enterprise Linux Clients

The following sections provide guidance on managing Red Hat Expanded Support clients, this includes Salt minions and traditional systems.

3.1.1 Server Configuration for Red Hat Enterprise Linux Channels

This section provides guidance on server configuration for Red Hat Enterprise Linux Channels provided by SUSE.

  • Minimum of 8 GB RAM and at least two physical or virtual CPUs. Taskomatic will use one of these CPUs.

  • Taskomatic requires of minimum of 3072 MB RAM. This should be set in /etc/rhn/rhn.conf:

    taskomatic.java.maxmemory=3072

  • Provision enough disk space. /var/spacewalk contains all mirrored RPMs. For example, Red Hat Enterprise Linux 6 x86_64 channels require 90 GB and more.

  • LVM or an NFS mount is recommended.

  • Access to RHEL 5/6/7 Subscription Media.

Warning
Warning: Access to RHEL Media or Repositories

Access to Red Hat base media repositories and RHEL installation media is the responsibility of the user. Ensure that all your RHEL systems obtain support from RHEL or all your RHEL systems obtain support from SUSE. If you do not follow these practices you may violate terms with Red Hat.

3.1.2 Red Hat Enterprise Linux Channel Management Tips

This section provides tips on Red Hat Enterprise Linux channel management.

  • The base parent distribution Red Hat Enterprise Linux channel per architecture contains zero packages. No base media is provided by SUSE. The RHEL media or installation ISOs should be added as child channels of the Red Hat Enterprise Linux parent channel.

  • The Red Hat Enterprise Linux and tools channels are provided by SUSE Customer Center (SCC) using mgr-sync.

  • It can take up to 24 hours for an initial channel synchronization to complete.

  • When you have completed the initial synchronization process of any Red Hat Enterprise Linux channel it is recommended to clone the channel before working with it. This provides you with a backup of the original synchronization.

3.1.3 Mirroring RHEL Media into a Channel

The following procedure guides you through setup of the RHEL media as a SUSE Manager channel. All packages on the RHEL media will be mirrored into a child channel located under RES 5/6/7 distribution per architecture.

Procedure: Mirroring RHEL Media into a Channel

  1. Create a new Channel by log in to the Web UI and selecting Channels › Manage Software Channels › Create Channel .

  2. Fill in basic channel details and add the channel as a child to the corresponding RES 5/6/7 distribution channel per architecture from SCC. The base parent channel should contain zero packages.

  3. Modify the RES 5/6/7 activation key to include this new child channel.

  4. As root on the SUSE Manager command line copy the ISO to the /tmp directory.

  5. Create a directory to contain the media content:

    {prompt.root}mkdir -p /srv/www/htdocs/pub/rhel

  6. Mount the ISO:

    {prompt.root}mount -o loop /tmp/name_of_iso /srv/www/htdocs/pub/rhel

  7. Start spacewalk-repo-sync to synchronize Red Hat Enterprise Linux 7 packages:

    {prompt.root}spacewalk-repo-sync -c channel_name -u https://127.0.0.1/pub/rhel/
Repo URL: https://127.0.0.1/pub/rhel/
Packages in repo:              [...]
Packages already synced:       [...]
Packages to sync:              [...]
[...]

    To synchronize RES 5/6 packages:

    {prompt.root}spacewalk-repo-sync -c channel_name -u https://127.0.0.1/pub/rhel/Server/
Repo URL: https://127.0.0.1/pub/rhel/Server/
Packages in repo:              [...]
Packages already synced:       [...]
Packages to sync:              [...]
[...]

  8. When the channel has completed the synchronization process you can use the channel as any normal SUSE Manager channel.

Attempting to synchronize the repository will sometimes fail with this error:

[Errno 256] No more mirrors to try.

To troubleshoot this error, look at the HTTP protocol to determine if spacewalk-repo-sync is running:

procedure: Debug spacewalk-repo-sync

  1. Start debugging mode with export URLGRABBER_DEBUG=DEBUG

  2. Check the output of /usr/bin/spacewalk-repo-sync --channel <channel-label> --type yum

  3. If you want to disable debug mode, use unset URLGRABBER_DEBUG

3.1.4 Registering RES Salt Minions with SUSE Manager

This section will guide you through registering RHEL minions with SUSE Manager.

This section assumes you have updated your server to the latest patch level.

3.1.4.1 Synchronizing Appropriate Red Hat Enterprise Linux Channels

Ensure you have the corresponding Red Hat Enterprise Linux product enabled and required channels have been fully synchronized:

RHEL 7.x

  • Product: Red Hat Enterprise Linux 7

  • Mandatory channels: rhel-x86_64-server-7 , res7-suse-manager-tools-x86_64 , res7-x86_64 systemitem>

RHEL 6.x

  • Product: Red Hat Enterprise Linux 6

  • Mandatory channels: rhel-x86_64-server-6 , res6-suse-manager-tools-x86_64 , res6-x86_64

Tip
Tip: Checking Synchronization Progress

To check if a channel has finished synchronizing you can do one of the following:

  • From the SUSE ManagerWeb UI browse to Admin › Setup Wizard and select the SUSE Products tab. Here you will find a percent completion bar for each product.

  • Alternatively, you may check the synchronization log file located under /var/log/rhn/reposync/channel-label.log using cat or the tailf command. Keep in mind that base channels can contain multiple child channels. Each of these child channels will generate its own log during the synchronization progress. Do not assume a channel has finished synchronizing until you have checked all relevant log files including base and child channels.

Create an activation key associated with the Red Hat Enterprise Linux channel.

3.1.4.2 Creating a Bootstrap Repository

The following procedure demonstrate creating a bootstrap repository for RHEL:

  1. On the server command line as root, create a bootstrap repo for RHEL with the following command:

    mgr-create-bootstrap-repo RHEL_activation_channel_key

    If you use a dedicated channel per RHEL version, specify it with the --with-custom-channel option.

  2. Rename bootstrap.sh to resversion-boostrap.sh:

    {prompt.root}cp bootstrap.sh res7-bootstrap.sh

3.1.5 Register a Salt Minion via Bootstrap

The following procedure will guide you through registering a Salt minion using the bootstrap script.

Procedure: Registration Using the Bootstrap Script

  1. For your new minion download the bootstrap script from the SUSE Manager server:

    wget --no-check-certificate https://`server`/pub/bootstrap/res7-bootstrap.sh

  2. Add the appropriate res-gpg-pubkey--.key to the ORG_GPG_KEY key parameter, comma delimited in your res7-bootstrap.sh script. These are located on your SUSE Manager server at:

    http://`server`/pub/

  3. Make the res7-bootstrap.sh script executable and run it. This will install necessary Salt packages from the bootstrap repository and start the Salt minion service:

    {prompt.root}chmod +x res7-bootstrap.sh{prompt.root}./res7-boostrap.sh

  4. From the SUSE Manager Web UI select Salt › Keys and accept the new minion’s key.

Important
Important: Troubleshooting Bootstrap

If bootstrapping a minion fails it is usually caused by missing packages. These missing packages are contained on the RHEL installation media. The RHEL installation media should be loop mounted and added as a child channel to the Red Hat Enterprise Linux channel. See the warning in Section 3.1, “Managing Red Hat Enterprise Linux Clients” on access to RHEL Media.

3.1.6 Manual Salt Minion Registration

The following procedure will guide you through the registration of a Salt minion manually.

  1. Add the bootstrap repository:

    yum-config-manager --add-repo https://`server`/pub/repositories/res/7/bootstrap

  2. Install the salt-minion package:

    {prompt.root}yum install salt-minion

  3. Edit the Salt minion configuration file to point to the SUSE Manager server:

    {prompt.root}mkdir /etc/salt/minion.d{prompt.root}echo "master:`server_fqdn`" > /etc/salt/minion.d/susemanager.conf

  4. Start the minion service:

    {prompt.root}systemctl start salt-minion

  5. From the SUSE Manager Web UI select the Salt › Keys and accept the new minion’s key.

3.2 Preparing Channels and Repositories for CentOS Traditional Clients

This following section provides an example procedure for configuring CentOS channels and repositories and finally registering a CentOS client with SUSE Manager.

These steps will be identical for Scientific Linux and Fedora.

Procedure: Preparing Channels and Repositories

  1. As root install spacewalk-utils on your SUSE Manager server:

    zypper in spacewalk-utils
    Important
    Important: Supported Tools

    The spacewalk-utils package contains a collection of upstream command line tools which provide assistance with spacewalk administrative operations. You will be using the spacewalk-common-channels tool. Keep in mind SUSE only provides support for spacewalk-clone-by-date and spacewalk-manage-channel-lifecycle tools.

  2. Run the spacewalk-common-channels script to add the CentOS7 base, updates, and Spacewalk client channels.

    {prompt.root}spacewalk-common-channels -u admin -p`secret`-a x86_64 'centos7'{prompt.root}spacewalk-common-channels -u admin -p`secret`-a x86_64 'centos7-updates'{prompt.root}spacewalk-common-channels -u admin -p`secret`-a x86_64 'spacewalk26-client-centos7'
    Note
    Note: Required Channel References

    The /etc/rhn/spacewalk-common-channels.ini must contain the channel references to be added. If a channel is not listed, check the latest version here for updates: https://github.com/spacewalkproject/spacewalk/tree/master/utils

  3. From the Web UI select Main Menu › Software › Manage Software Channels › Overview. Select the base channel you want to synchronize, in this case CentOS7 (x86_64). Select Repositories › Sync. Check the channels you want to synchronize and then click the Sync Now button or, optionally, schedule a regular synchronization time.

  4. Copy all relevant GPG keys to /srv/www/htdocs/pub. Depending on what distribution you are interested in managing these could include an EPEL key, SUSE keys, Red Hat keys, and CentOS keys. After copying these you can reference them in a comma-delimited list within your bootstrap script (see Procedure: Preparing the Bootstrap Script).

  5. Install and setup a CentOS 7 client with the default installation packages.

  6. Ensure the client machine can resolve itself and your SUSE Manager server via DNS. Validate that there is an entry in /etc/hosts for the real IP address of the client.

  7. Create an activation key (centos7) on the SUSE Manager server that points to the correct parent/child channels, including the CentOS base repo, updates, and Spacewalk client.

Now prepare the bootstrap script.

Procedure: Preparing the Bootstrap Script

  1. Create/edit your bootstrap script to correctly reflect the following:

    # can be edited, but probably correct (unless created during initial install):

# NOTE: ACTIVATION_KEYS *must* be used to bootstrap a client machine.

ACTIVATION_KEYS=1-centos7

ORG_GPG_KEY=res.key,RPM-GPG-KEY-CentOS-7,suse-307E3D54.key,suse-9C800ACA.key,RPM-GPG-KEY-spacewalk-2015

FULLY_UPDATE_THIS_BOX=0

yum clean all
# Install the prerequisites
yum -y install yum-rhn-plugin rhn-setup

  2. Add the following lines to the bottom of your script, (just before echo -bootstrap complete -):

    # This section is for commands to be executed after registration
mv /etc/yum.repos.d/Cent* /root/
yum clean all
chkconfig rhnsd on
chkconfig osad on
service rhnsd restart
service osad restart

  3. Continue by following normal bootstrap procedures to bootstrap the new client.

3.3 Registering CentOS Salt Minions with SUSE Manager

The following procedure will guide you through registering a CentOS Minion.

Warning
Warning: Support for CentOS Patches

CentOS uses patches originating from CentOS is not officially supported by SUSE . See the matrix of SUSE Manager clients on the main page of the SUSE Manager wiki, linked from the Quick Links section: https://wiki.microfocus.com/index.php?title=SUSE_Manager

Procedure: Register a CentOS 7 Minion

  1. Add the Open Build Service repo for Salt:

    {prompt.root}yum-config-manager --add-repo http://download.opensuse.org/repositories/systemsmanagement:/saltstack:/products/RHEL_7/

  2. Import the repo key:

    {prompt.root}rpm --import http://download.opensuse.org/repositories/systemsmanagement:/saltstack:/products/RHEL_7/repodata/repomd.xml.key

  3. Check if there is a different repository that contains Salt. If there is more than one repository listed disable the repository that contains Salt apart from the OBS one.

    {prompt.root}yum list --showduplicates salt

  4. Install the Salt minion:

    {prompt.root}yum install salt salt-minion

  5. Change the Salt configuration to point to the SUSE Manager server:

    {prompt.root}mkdir -p /etc/salt/minion.d{prompt.root}echo "master:`server_fqdn`" > /etc/salt/minion.d/susemanager.conf

  6. Restart the minion

    {prompt.root}systemctl restart salt-minion

  7. Proceed to Main Menu › Salt › Keys from the Web UI and accept the minion’s key.

3.4 Managing Ubuntu Clients

Support for Ubuntu Clients was added in SUSE Manager 3.2. Currently, Salt minions running Ubuntu 16.04 LTS and 18.04 LTS are supported.

Note
Note

Ubuntu clients must be Salt minions. Traditional clients are not supported.

Bootstrapping is supported for starting Ubuntu clients and performing initial state runs such as setting repositories and performing profile updates. However, the root user on Ubuntu is disabled by default, so in order to use bootstrapping, you will require an existing user with sudo privileges for Python.

Other supported features:

  • Synchronizing .deb channels

  • Assigning .deb channels to minions

  • GPG signing .deb repositories

  • Information displayed in System details pages

  • Package install, update, and remove

  • Package install using Package States

  • Configuration and state channels

Some actions are not yet supported:

  • Patch and errata support

  • Bare metal installations, PXE booting, and virtual host provisioning

  • Live patching

  • CVE Audit

  • If you use are using a repository from storage media (server.susemanager.fromdir = …​ option in rhn.conf), Ubuntu Client Tools will not work.

3.5 Prepare to Register Ubuntu Clients

Some preparation is required before you can register Ubuntu clients to SUSE Manager Server.

Before you begin, ensure you have the Ubuntu product enabled, and have synchronized the Ubuntu channels:

For Ubuntu 18.04:

  • Product: Ubuntu Client 18.04

  • Mandatory channels: ubuntu-18.04-pool-amd64

For Ubuntu 16.04:

  • Product: Ubuntu Client 16.04

  • Mandatory channels: ubuntu-16.04-pool-amd64

Note
Note

The mandatory channels do not contain Ubuntu upstream packages. The repositories and channels for synchronizing upstream content must be configured manually.

Procedure: Preparing to Register Ubuntu Clients

  1. Ensure that you have the appropriate software channels available on your system. In the SUSE Manager Web UI, navigate to Software › Channel List › All. You should see a base channel and a child channel for your architecture, for example:

     ubuntu-18.04-pool for amd64
 |
 +- Ubuntu-18.04-SUSE-Manager-Tools for amd64

  2. Create custom repositories to mirror the Ubuntu packages. For example:

    For main:

  3. Create custom channels under the pool channel, mirroring the vendor channels. Ensure the custom channels you create have AMD64 Debian architecture.

    For example:

     ubuntu-18.04-pool for amd64 (vendor channel)
 |
 +- Ubuntu-18.04-SUSE-Manager-Tools for amd64 (vendor channel)
 |
 +- ubuntu-18.04-amd64-main (custom channel)
 |
 +- ubuntu-18.04-amd64-main-updates (custom channel)

  4. Associate the custom channels with the appropriate custom repositories.

  5. Synchronize the new custom channels. You can check the progress of your synchronization from the command line with this command:

tail -f /var/log/rhn/reposync.log /var/log/rhn/reposync/*

  1. To use bootstrap with Ubuntu, you will need to create a bootstrap repository. You can do this from the command line with mgr-create-bootstrap-repo:

    mgr-create-bootstrap-repo --with-custom-channels

The root user on Ubuntu is disabled by default. You can enable it by editing the sudoers file.

Procedure: Granting Root User Access

  1. On the client, edit the sudoers file:

    sudo visudo

    Grant sudo access to the user by adding this line to the sudoers file. Replace <user> with the name of the user that will be used to bootsrap the client in the Web UI:

    <user>   ALL=NOPASSWD: /usr/bin/python, /usr/bin/python2, /usr/bin/python3
Chapter 4 Salt Formulas and SUSE ManagerChapter 2 Managing Your Subscriptions
Print this page

© 2019 SUSE