Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]

17 Admin

The Main Menu › Admin pages allows SUSE Manager customers to manage the basic configuration, including creating and managing multiple organizations. Only the SUSE Manager administrator can access the Main Menu › Admin pages.

17.1 Main Menu › Admin › Setup Wizard

Setting up SUSE Manager typically requires some extra steps after installation for common configuration tasks.

The Main Menu › Admin › Setup Wizard link is displayed when the SUSE Manager Web UI is used for the fist time and can be accessed later at any time by clicking Main Menu › Admin › Setup Wizard. On the three tabs configure the HTTP proxy server, organization credentials, and SUSE products.

HTTP Proxy:

If needed configure a proxy server that SUSE Manager will use to access SCC (SUSE Customer Center) and other remote servers here. Use hostname:port syntax in the HTTP Proxy › HTTP Proxy Hostname: field if the proxy port is not 8080. Clearing the fields disables proxy.

admin proxy settings
Organization Credentials:

Select Admin › Setup Wizard › Organization Credentials › Add a new credential then enter user name and password to give another organization/user access to SUSE Customer Center.

admin organization credentials

After saving, a new credential card will be displayed. Buttons below the credential card allow you to:

  • Check credential validation status (green tick or red cross icon). To re-check the credential with SCC, click the icon.

  • Set the primary credentials for inter-server synchronization (yellow star icon).

  • List the subscriptions related to a certain credential (list icon).

  • Edit the credential (pencil icon).

  • Delete the credential (trash can icon).

Main Menu › Admin › SUSE Products

On the Main Menu › Admin › SUSE Products page, select product-specific channels you are entitled to.

admin suse products

The products displayed are directly linked to your organization credentials and your SUSE subscriptions. Product extension and module lists are shown when you click the arrow to the left of the product description. This is a cascading mechanism and allows to unfold several levels according to the integration of the extensions and modules in the base product.

Products based on SUSE Linux Enterprise 15 or higher have a toggle button named include recommended. When the toogle button is enabled on a base product, recommended extensions and modules are automatically selected for synchronization. Once the include recommended button is enabled, you may uncheck product child channels you are not interested in syncing. Recommended channels are labeled accordingly. You cannot disable required channels.

If you click the Channels icon in a row of a product, a popup lists the underlying channels (repositories) that build the product.

In the row above the product listing two filter options are available:

  • Search by the product description. The filter limits the search to base products.

  • Filter by architecture. Click in the search field (or press Enter ) and then select from drop-down menu. You can repeat this as often as necessary. To remove an architecture either click the x symbol (or press Backspace ).

    Once you have made your selection(s), click Add products in the upper right area. This is equivalent to running mgr-sync add products or mgr-sync without any arguments.

    View the synchronization progress in the status bar field to the right.

    Note
    Note: Synchronization Time

    Channel synchronization will start and might take several hours. When finished the corresponding channels can be used in SUSE Manager.

    Important
    Important: If Synchronization Fails

    SUSE does not automatically trust 3rd party GPG keys. If a reposync fails check if an untrusted GPG key is the cause by viewing the log files located in:

    /var/log/rhn/reposync

    Look for lines similar to the following:

    ['/usr/bin/spacewalk-repo-sync', '--channel', 'sle-12-sp1-ga-desktop-
    nvidia-driver-x86_64', '--type', 'yum', '--non-interactive']
    ChannelException: The GPG key for this repository is not part of the keyring.
    Please run spacewalk-repo-sync in interactive mode to import it.

    Alternatively, you can add listed channels immediately by clicking the Add this product button in the status column. A progress bar will be displayed. The main product will expand, and then you may select add-on products belonging to the product that is currently added. To overview required channels, select the list icon in the SUSE Products › Channels column. Once a product has finished downloading, the status bar state will change from a filled percentage value to SUSE Products › Finished.

17.2 Main Menu › Admin › Organizations

The organizations feature allows SUSE Manager administrators to create and manage multiple organizations across SUSE Manager. Administrators can control an organization’s access to system management tasks.

admin list organizations

If you click the name of an organization, the Organization Details page appears.

17.2.1 Organizations › Organization Details

The Organization › Organization Details page lists the details of the selected organization.

admin organization details

The following details are available:

  • Organization Details › Organization Name : String (between 3 and 128 characters). This is the only value that you can change here. When done, confirm with clicking the Update Organization button.

  • Organization Details › Organization ID : Number

  • Organization Details › Active Users : Number. Clicking this number will open the Organization Details › Users tab.

  • Organization Details › Systems : Number

  • Organization Details › System Groups : Number

  • Organization Details › Activation Keys : Number

  • Organization Details › Autoinstallation Profiles : Number

  • Organization Details › Configuration Channels : Number

17.2.2 Organization Details › Users

List of all the users of an organization.

admin organization users

You can modify the user details if you belong to that organization and have organization administrator privileges.

17.2.3 Organization Details › Trust

Here establish trust between organizations.

admin organization trusts

Such a trust allows sharing contents and migrate systems between these two organizations. You may add a trust by checking the box next to an organization (or remove a trust by unchecking it) and clicking the Modify Trusts button.

17.2.4 Organization Details › Configuration

Allow the Organization Administrator to manage Organization configuration, configure the organization to use staged contents (pre-fetching packages, etc.), set up software crash reporting, and upload of SCAP files.

admin organization configuration
SUSE Manager Configuration

Enable SUSE Manager Configuration › Allow Organization Admin to manage Organization Configuration if desired.

Organization Configuration
  • Organization Configuration › Enable Staging Contents

  • Organization Configuration › Enable Errata E-mail Notifications (for users belonging to this organization)

  • Organization Configuration › Enable Software Crash Reporting

  • Organization Configuration › Enable Upload Of Crash Files

  • Organization Configuration › Crash File Upload Size Limit

  • Organization Configuration › Enable Upload Of Detailed SCAP Files

  • Organization Configuration › SCAP File Upload Size Limit

  • Organization Configuration › Allow Deletion of SCAP Results

  • Organization Configuration › Allow Deletion After (period in days)

When settings are done, confirm with clicking the Update Organization button.

Enable Staging Contents

The clients will download packages in advance and stage them. This has the advantage that the package installation action will take place immediately, when the schedule is actually executed. This pre-fetching saves maintenance window time, which is good for service uptime.

For staging contents (pre-fetching), edit on the client /etc/sysconfig/rhn/up2date:

stagingContent=1
stagingContentWindow=24

stagingContentWindow is a time value expressed in hours and determines when downloading will start. It is the number of hours before the scheduled installation or update time. In this case, it means 24 hours before the installation time. The start time for download depends on the selected contact method for a system. The assigned contact method sets the time for when the next rhn_check will be executed.

Next time an action is scheduled, packages will automatically be downloaded but not installed yet. When the scheduled time comes, the action will use the staged version.

Minion Content Staging

Every Organization administrator can enable Content Staging from the Organization configuration page Admin › Organization › OrgName › Configuration › Enable Staging Contents.

Staging content for minions is affected by two parameters.

  • salt_content_staging_advance: expresses the advance time, in hours, for the content staging window to open with regard to the scheduled installation/upgrade time.

  • salt_content_staging_window: expresses the duration, in hours, of the time window for Salt minions to stage packages in advance of scheduled installations or upgrades.

A value of salt_content_staging_advance equal to salt_content_staging_window results in the content staging window closing exactly when the installation/upgrade is scheduled to be executed. A larger value allows separating download time from the installation time.

These options are configured in /usr/share/rhn/config-defaults/rhn_java.conf and by default assume the following values:

  • salt_content_staging_advance: 8 hours

  • salt_content_staging_window: 8 hours

Note
Note

These parameters will only have an effect when Content Staging is enabled for the targeted Organization.

17.2.5 Organization Details › States

From the Admin › Organizations › States page you can assign State to all systems in an organization. For example, this way it is possible to define a few global security policies or add a common admin user to all machines.

admin organization states

17.3 Main Menu › Admin › Users

To view and manage all users of the organization you are currently logged in to, click Main Menu › Admin › Users in the left navigation bar. The table lists user name, real name, organization and whether the user is organization or SUSE Manager administrator. To modify administrator privileges, click any user name with administrator privileges to get to the Users › Users Details page. For more information, see: Section 16.1.4, “User Details.

17.4 Main Menu › Admin › Manager Configuration

The Main Menu › Admin › Manager Configuration page is split into tabs which allow you to configure many aspects of SUSE Manager.

17.4.1 Manager Configuration › General

This page allows you to adjust basic SUSE Manager administration settings.

admin general configuration
Administrator Email Address

E-mail address of the SUSE Manager administrator.

SUSE Manager Hostname

Host name of the SUSE Manager server.

SUSE Manager Proxy Configuration

Configure proxy data via the following fields:

  • Manager Configuration › HTTP proxy

  • Manager Configuration › HTTP proxy username

  • Manager Configuration › HTTP proxy password

  • Manager Configuration › Confirm HTTP proxy password

    The HTTP proxy settings are for the communication with a SUSE Manager parent server, if there is any. The HTTP proxy should be of the form: hostname:port; the default port 8080 will be used if none is explicitly provided. HTTP proxy settings for client systems to connect to this SUSE Manager can be different, and will be configured separately, for example via: Section 17.4.2, “Manager Configuration › Bootstrap Script.

RPM repository mount point

The directory where RPM packages are mirrored. By default: /var/spacewalk.

Default To SSL

For secure communication, use SSL.

When done, confirm with Update.

17.4.2 Manager Configuration › Bootstrap Script

The Manager Configuration › Bootstrap Script page allows you to generate a bootstrap script that registers the client systems with SUSE Manager and disconnects them from the remote SUSE Customer Center.

Important
Important: SLES 15 and Python 3

SLES 15 utilizes Python 3 as its default system version. Due to this change any older bootstrap scripts(based on python 2) must be re-created for SLES 15 systems. Attempting to register SLES 15 systems with SUSE Manager using Python 2 versions of the bootstrap script will fail.

admin configuration bootstrap

This generated script will be placed within the /srv/www/htdocs/pub/bootstrap/ directory on your SUSE Manager server. The bootstrap script will significantly reduce the effort involved in reconfiguring all systems, which by default obtain packages from the SUSE Customer Center. The required fields are pre-populated with values derived from previous installation steps. Ensure this information is accurate.

SUSE Manager server hostname

The name of the SUSE Manager server where you want to register the client (pre-populated).

SSL cert location

Location and name of the SSL certificate (pre-populated).

Bootstrap using Salt

To bootstrap traditional clients, uncheck Client Bootstrap Script Configuration › Bootstrap using Salt. For more information, see: Book “Getting Started”, Chapter 5 “Registering Clients”, Section 5.4 “Registering Traditional Clients”.

Enable SSL

It is advised keeping SSL enabled. If enabled the corporate public CA certificate will be installed on the client. If disabled the user must manage CA certificates to be able to run the registration (rhnreg_ks).

Enable Client GPG checking

GNU Privacy Guard (GPG)

Enable Remote Configuration

Enable remote configuration management and remote command acceptance of the systems to be bootstrapped to the SUSE Manager. Both features are useful for completing client configuration. For more information, see: Chapter 14, Configuration and Section 7.3.1.3, “System Details › Details › Remote Command.

Client HTTP Proxy

Client HTTP proxy settings if you are using an HTTP proxy server.

When finished, click Update.

17.4.3 Manager Configuration › Organizations

The Manager Configuration › Organizations page contains details about the organizations feature of SUSE Manager, and links for creating and configuring organizations.

admin configuration organization

17.4.4 Manager Configuration › Restart

The Manager Configuration › Restart page comprises the final step in configuring SUSE Manager.

admin configuration restart

Click the Restart button to restart SUSE Manager and incorporate all of the configuration options added on the previous screens. It will take between four and five minutes for a restart to finish.

17.4.5 Manager Configuration › Cobbler

On the Manager Configuration › Cobbler page you can run the Cobbler synchronization by clicking Update.

admin configuration cobbler

Cobbler synchronization is used to repair or rebuild the contents of /srv/tftpboot or /srv/www/cobbler when a manual modification of the cobbler setup has occurred.

17.4.6 Manager Configuration › Bare-metal systems

Here you can add unprovisioned ("bare-metal") systems capable of booting using PXE to an organization.

admin configuration bare metal systems

First click Enable adding to this organization. Those systems then will appear in the Main Menu › Systems › All Systems list, where regular provisioning via autoinstallation is possible in a completely unattended fashion.

Only AMD64/Intel 64 systems with at least 1 GB of RAM are supported. SUSE Manager server will use its integrated Cobbler instance and will act as TFTP server for this feature to work, so the network segment that connects it to target systems must be properly configured. In particular, a DHCP server must exist and have a next-server configuration parameter set to the SUSE Manager server IP address or hostname.

When enabled, any bare-metal system connected to the SUSE Manager server network will be automatically added to the organization when it powers on. The process typically takes a few minutes; when it finishes, the system will automatically shut down and then appear in the Main Menu › Systems › All Systems list.

Note
Note

New systems will be added to the organization of the administrator who enabled this feature. To change the organization, disable the feature, log in as an administrator of a different organization and enable it again.

Provisioning can be initiated by clicking the Provisioning tab. In case of bare-metal systems, though, provisioning cannot be scheduled, it will happen automatically when it is completely configured and the system is powered on.

It is possible to use Main Menu › Systems › System Set Manager with bare-metal systems, although in that case some features will not be available as those systems do not have an operating system installed. This limitation also applies to mixed sets with regular and bare-metal systems: full features will be enabled again when all bare-metal systems are removed from the set.

17.5 Main Menu › Admin › ISS Configuration

Inter-Server Synchronization (ISS) allows SUSE Manager synchronizing content and permissions from another SUSE Manager instance in a peer-to-peer relationship.

17.5.1 Configuring the Master SUSE Manager Server

The following will help you set up a master ISS server.

admin iss configuration master

Click Admin › ISS Configuration › Master Setup. In the top right-hand corner of this page, click Add New Slave:

admin iss configuration edit slave

Fill in the following information:

  • Slave Fully Qualified Domain Name (FQDN)

  • Allow Slave to Sync? Selecting this checkbox will allow the slave SUSE Manager to access this master SUSE Manager. Otherwise, contact with this slave will be denied.

  • Sync All Orgs to Slave? Checking this checkbox will synchronize all organizations to the slave SUSE Manager.

Note
Note

Marking the ISS Configuration › Sync All Orgs to Slave? checkbox on the ISS Configuration › Master Setup page will override any specifically selected organizations in the local organization table.

Click Create. Optionally, click any local organization to be exported to the slave SUSE Manager then click Allow Orgs.

Note
Note: Enabling Inter-server Synchronization in SUSE Manager 2.1

ISS is enabled by default in SUSE Manager 3.1 and later.

To enable the inter-server synchronization (ISS) feature in SUSE Manager 2.1, edit the /etc/rhn/rhn.conf file and set: disable_iss=0. Save the file and restart the httpd service with service httpd restart.

For synchronization timeout settings, see: Book “Best Practices”, Chapter 17 “Troubleshooting”, Section 17.5 “RPC Connection Timeout Settings”.

17.5.2 Configuring Slave Servers

Slave servers receive content synchronized from the master server.

admin iss configuration slave

To securely transfer content to the slave servers, the ORG-SSL certificate from the master server is needed. Click Admin › ISS Configuration › Slave Setup. In the top right-hand corner, click Add New Master.

admin iss configuration edit master

ISS Configuration › Update Master › Master Setup and fill in the following information:

  • Master Fully Qualified Domain Name (FQDN)

  • Filename of this Master’s CA Certificate: use the full path to the CA Certificate. For example:

    /etc/pki/trust/anchors
  • Default Master?

Click Add New Master. When the master and slave servers are configured, start the synchronization on the slave server by executing mgr-inter-sync:

mgr-inter-sync -c`YOUR-CHANNEL`

17.5.3 Mapping SUSE Manager Master Server Organizations to Slave Organizations

A mapping between organizational names on the master SUSE Manager allows for channel access permissions being set on the master server and propagated when content is synchronized to a slave SUSE Manager. Not all organization and channel details need to be mapped for all slaves. SUSE Manager administrators can select which permissions and organizations can be synchronized by allowing or omitting mappings.

To complete the mapping, log in to the Slave SUSE Manager as administrator. Click Admin › ISS Configuration › Slave Setup and select a master SUSE Manager by clicking its name. Use the drop-down box to map the exported master organization name to a matching local organization in the slave SUSE Manager, then click Update Mapping.

On the command line, issue the synchronization command on each of the custom channels to obtain the correct trust structure and channel permissions:

mgr-inter-sync -c`YOUR-CHANNEL`

17.6 Main Menu › Admin › Task Schedules

Under Main Menu › Admin › Task Schedules all predefined task bunches are listed.

admin task schedules

Click a SUSE Manager Schedules › Schedule name to open its Schedule Name › Basic Schedule Details where you can disable it or change the frequency. Click Edit Schedule to update the schedule with your settings. To delete a schedule, click delete schedule in the upper right-hand corner.

Warning
Warning

Only disable or delete a schedule if you are absolutely certain this is necessary as they are essential for SUSE Manager to work properly.

If you click a bunch name, a list of runs of that bunch type and their status will be displayed. Clicking the start time links takes you back to the Schedule Name › Basic Schedule Details.

For example, the following predefined task bunches are scheduled by default and can be configured:

channel-repodata-default:

(Re)generates repository metadata files.

cleanup-data-default:

Cleans up stale package change log and monitoring time series data from the database.

clear-taskologs-default:

Clears task engine (taskomatic) history data older than a specified number of days, depending on the job type, from the database.

cobbler-sync-default:

Synchronizes distribution and profile data from SUSE Manager to Cobbler. For more information on Cobbler, see Book “Advanced Topics”, Chapter 10 “Cobbler”.

compare-configs-default:

Compares configuration files as stored in configuration channels with the files stored on all configuration-enabled servers. To review comparisons, click the Main Menu › Systems tab and click the system of interest. Go to Configuration › Compare Files. For more information, refer to: Section 7.3.3.5, “System Details › Configuration › Compare Files.

cve-server-channels-default:

Updates internal pre-computed CVE data that is used to display results on the Main Menu › Audit › CVE Audit page. Search results in the Main Menu › Audit › CVE Audit page are updated to the last run of this schedule). For more information, see: Section 12.1, “CVE Audit”.

daily-status-default:

Sends daily report e-mails to relevant addresses. To learn more about how to configure notifications for specific users, see: Section 16.1.4.5, “User Details › Preferences

errata-cache-default:

Updates internal patch cache database tables, which are used to look up packages that need updates for each server. Also, this sends notification emails to users that might be interested in certain patches. For more information on patches, see: Chapter 10, Patches.

errata-queue-default:

Queues automatic updates (patches) for servers that are configured to receive them.

kickstart-cleanup-default:

Cleans up stale kickstart session data.

kickstartfile-sync-default:

Generates Cobbler files corresponding to Kickstart profiles created by the configuration wizard.

mgr-register-default:

Calls the mgr-register command, which synchronizes client registration data with NCC (new, changed or deleted clients' data are forwarded).

mgr-sync-refresh-default:

the default time at which the start of synchronization with SUSE Customer Center (SCC) takes place (mgr-sync-refresh).

package-cleanup-default:

deletes stale package files from the file system.

reboot-action-cleanup-default:

any reboot actions pending for more than six hours are marked as failed and associated data is cleaned up in the database. For more information on scheduling reboot actions, see: Section 7.3.4.2, “System Details › Provisioning › Power Management.

sandbox-cleanup-default:

cleans up sandbox › ] configuration files and channels that are older than the menu:sandbox_lifetime[ configuration parameter (3 days by default). Sandbox files are those imported from systems or files under development. For more information, see: Section 7.3.3.3, “System Details › Configuration › Add Files [Management]”

session-cleanup-default:

cleans up stale Web interface sessions, typically data that is temporarily stored when a user logs in and then closes the browser before logging out.

ssh-push-default:

prompts clients to check in with SUSE Manager via SSH if they are configured with a Contact Method › SSH Push.

token-cleanup-default:

deletes expired repository tokens that are used by Salt minions to download packages and metadata.

17.7 Main Menu › Admin › Task Engine Status

This is a status report of the various tasks running by the SUSE Manager task engine.

admin task status last execution

Next to the task name you find the date and time of the last execution and the status.

17.8 Main Menu › Admin › Show Tomcat Logs

Here the SUSE Manager admin user has access to the Tomcat log file located at /var/log/rhn/rhn_web_ui.log. No root privileges are required.

admin show tomcat logs
Print this page