Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]

1 Introduction

This document targets system administrators.

1.1 What’s Covered in this Guide?

This document describes SUSE recommended best practices for SUSE Manager. This information has been collected from a large number of successful SUSE Manager real world implementations and includes feedback provided by product management, sales and engineering.

Note
Note: SUSE Manager Version Information

In this manual if not other specified, SUSE Manager version 3.2 is assumed and this version is required if a feature is discussed. SUSE Manager 3.2 and SUSE Manager 3.2 Proxy were originally released as a SLES 12 SP3 extension. With the next maintenance update (December 2018), SUSE Manager 3.2 and SUSE Manager 3.2 Proxy will be based on SLES 12 SP4 and support SLE 12 SP4 clients officially. In the following sections and chapters, it is highly recommended to use SLE 12 SP4 instead of SP3. Whenever features of the SUSE Manager 3.2 host operating system are documented and not other specified version 12 SP4 is assumed.

This chapter will discuss the following topics:

  • Prerequisites

  • Network Requirements

  • Hardware Requirements

1.2 Prerequisites

Purchased Registration Keys. During initial setup SUSE Manager will request a product Registration Key. This key will be provided to you after purchasing the product. You can find your key located under your SUSE Customer Center account. Log-in with your SUSE Customer Center credentials or register for a new account. -https://scc.suse.com

Evaluation Keys. If you wish to run a test system (non-production) a 60 day evaluation key may be obtained. On the SUSE Manager product page click TRY SUSE MANAGER. The evaluation key limits the number of systems that may be registered with SUSE Manager to 10. For more information see:

SCC Organization Credentials. During setup you will also be asked to enter your SUSE Customer Center Organization Credentials.

Users and Passwords. During both the SUSE Linux Enterprise installation and setup of SUSE Manager several users and passwords will be created:

  • SUSE Linux Enterprise root user account

  • PostgreSQL database user and password

  • Certificate of Authority password

  • SUSE Manager administrator user and password

Tip
Tip: Safe Passwords

Maintain security by creating safe passwords. Store passwords within a secure location. Use the following guidelines when creating your passwords.

  • At least 8 characters long

  • Should contain uppercase characters A B C

  • Should contain lowercase characters a b c

  • Should contain numbers 1 2 3

  • Should contain symbols ~ ! @ #

1.3 Network Requirements

SUSE Manager and SUSE Manager Proxy both contact several external addresses in order to maintain updates and subscriptions. The following lists provide the up-to-date hostnames for each service requiring permission when used in combination with corporate firewall and content filters.

SUSE Customer Center Hostnames (Required)
Novell Customer Center Hostnames (Legacy)

For SUSE Manager to function properly it requires the following pre-configured components within your network.

Important
Important: Websocket Support

If SUSE Manager is accessed via an HTTP proxy (Squid, etc) the proxy must support websocket connections.

Networking Hardware. The following table provides networking hardware info. As SUSE Manager will likely be managing a large number of systems (quite possibly numbering in hundreds or even thousands), networking hardware that increases bandwidth becomes increasingly more valuable.

HardwareRecommended

100Mbits/s Link

Non-production test server

1Gb/s Link

Production Server

DHCP Server. The purpose of the Dynamic Host Configuration Protocol (DHCP) is to assign network settings centrally (from a server) rather than configuring them locally on each and every workstation. A host configured to use DHCP does not have control over its own static address. It is enabled to configure itself completely and automatically according to directions from the server. A DHCP server supplies not only the IP address and the netmask, but also the host name, domain name, gateway, and name server addresses for the client to use. For more information on configuring DHCP see also:

FQDN (Fully Qualified Domain Name). DNS assists in assigning an IP address to one or more names and assigning a name to an IP address. In Linux, this conversion is usually carried out by a special type of software known as bind. The machine that takes care of this conversion is called a name server. The names make up a hierarchical system in which each name component is separated by a period. The name hierarchy is, however, independent of the IP address hierarchy described above. Consider a complete name, such as jupiter.example.com, written in the format hostname.domain. A full name, referred to as a fully qualified domain name (FQDN), consists of a host name and a domain name (example.com). For more information on configuring a name server see also:

DNS (Dynamic Name System) Server. A DNS Server is required for resolving domain names and host names into IP addresses. For example, the IP address 192.168.2.100 could be assigned to the host name jupiter. In the case of SUSE Manager the DNS server must be resolvable both via DNS and reverse lookup. For more information on configuring DNS see also:

Important
Important: Microsoft NT Lan Manager Compatibility

Microsoft NT Lan Manager can be configured for use with basic authentication and will work with SUSE Manager but authentication using native (NTLM) Microsoft protocols is not supported.

Open Port List. During the setup process of SUSE Manager all required ports will be opened automatically. The following tables provide you with an overview of ports which are used by SUSE Manager.

Table 1.1: Required Server Ports
PortProtocolDescription

22

TCP

SSH

67

UDP

DHCP

69

UDP

TFTP, used to support PXE services

80

TCP

HTTP, used in some bootstrap cases

123

UDP

NTP time service

443

TCP

HTTPS, used for Web UI, client, Proxy server, and API traffic

4505

TCP

Salt, used by the Salt-master to accept communication requests from minions

4506

TCP

Salt, used by the Salt-master to accept communication requests from minions

5222

TCP

XMPP client, used for communications with the osad daemon on traditional client systems

5269

TCP

XMPP server, used for pushing actions to SUSE Manager Proxy

For more information, see Port Listing.

Tip
Tip: Denying External Network Access

When your network requires denying external network access to and from SUSE Manager, an RMT or SMT Server may be registered against SUSE Manager. The RMT or SMT server can then be used to synchronize the necessary SUSE repositories. For more information on utilizing an RMT or SMT Server, see: Section 2.2, “Disconnected Setup with RMT or SMT (DMZ)”.

Note
Note: Blocking Port 80

Port 80 may be blocked as traffic is automatically redirected through port 443. It should be noted you will lose redirection. Keep in mind you will need additional ports open when using traditional clients in combination with osad (XMPP TCP 5222).

1.4 Hardware Recommendations

This section provides tested production recommendations for small to mid size networks that will be managed by SUSE Manager.

HardwareRecommended

CPU

Multi-core 64bit CPU (x86_64, ppc64le).

RAM

Minimum 4 GB+ for test server

 

Minimum 16 GB+ for base installation

 

Minimum 32 GB+ for a production server

Free Disk Space

Minimum 100 GB+ for root partition

 

Minimum 50 GB+ for /var/lib/pgsql

 

Minimum 50 GB per SUSE product, or 200 GB per Red Hat product /var/spacewalk

Advised Number of CPUs. Review the following list for CPU recommendations.

  • Connecting 200 systems or less to SUSE Manager : 4 CPUs

  • Connecting 500 systems or less to SUSE Manager : 4-8 CPUs

  • When implementing RHEL channels: 8 CPUs

Disk Space. SUSE Manager stores information in several directories. For these directories it is strongly recommend that you create separate file-systems or use an NFS share. During installation one VG will be created that contains all disks selected during installation. Therefore the first disk should be large enough to contain the OS. Normally 20GB - 50GB is sufficient. A 50 GB partition would be the recommended size. The following directories should be created on a separate file-system.

  • /var/spacewalk This directory will contain all rpm’s. Each RPM will be stored only once. The needed size will depend on the number of channels and type of channels that will be downloaded. The general rule would be that per SUSE Service Pack (including SUSE RedHat Expanded Support) around 50 GB should be enough. An extra 150 GB for RES/CentOS repositories should be added on top. If other non-enterprise distributions (eg OpenSUSE) are added, calculated 50 GB per distribution. This directory could also be stored on an NFS share.

  • /var/lib/pgsql This directory contains the PostgreSQL database. Recommended is to create a file-system of 50 GB. This volume should be monitored, because a full file-system where the database is running on can cause unexpected errors (and this even months after it happened).

  • /srv/tftpboot If PXE/cobbler is used, this directory will contain the images (initrd and linux) for all created auto-installation profiles. Each image is around 50 MB. Depending on the number of profiles a decision has to be made if it would be useful to move this directory to a separate file-system.

  • /var/log As SUSE Manager writes a large number of logs, it is recommended to create a separate file-system for /var/log. The size should be around 20 GB.

  • /var/spacewalk/db_backup For the backup of the PostgreSQL database, it is recommended the create a separate directory. As the database can be rather large, it is advised to mount it on a separate file-system. A safe estimate would be to provide twice space as for the directory created for /var/lib/pqsql.

Supported Databases. SUSE Manager 3 and later no longer provides support for an external Oracle database. The default database is an embedded PostgreSQL. During SUSE Manager setup the database will be created and configured.

Print this page