Making Automation a Reality with SUSE Manager

Once upon a time, automating tasks on Linux servers was as simple as crafting a few Bash scripts and cron jobs. For some tasks, that process still works fine. You could create a simple backup script and run it with cron every night. Done and done. But with today’s increasingly challenging software stacks, the old Bash script approach won’t cut it. Instead, you need a real automation tool that can handle increasingly complex tasks and work with multiple platforms, clusters, containers, and more.

SUSE has a solution for that, one that can not only make the IT admin job easier but allow for automation such that your servers can always be up to date and remain in very specific states. With SUSE Manager in place, you can automate system-wide software updates, package and system deployments, image building, reboots, patching, configuration changes, and much more.

If you want to make automation a reality for your business, here is a look at why SUSE Manager might be the best route to success.

A Caveat
One thing you should understand about SUSE Manager is that, although it has an outstanding web-based interface, automation is not necessarily a point-and-click affair. You can certainly automate some basic tasks (such as updates and patch rollouts), but to build in a level of automation that will be truly useful for your enterprise business, you’ll need to work with Salt and even the command-line interface. For that, your admins will need to be properly trained by SUSE.

With that out of the way, let’s take a look at why you might want to add automation into your daily SUSE Manager routine.

More Reliable Security for Your Systems
One of the biggest issues admins regularly face is keeping up with server updates. This is especially true when your company has a large data center or multiple data centers hosted in different locations (even in multiple countries). When your business is supported by hundreds or thousands of server deployments, it’s on your admins’ shoulders to keep them running reliably and securely.

Now, imagine those admins have to manually work through an entire data center, filled with servers, and update the software and operating systems one-by-one. When this is the case, those updates tend to get pushed back (at best) or forgotten (at worst), to deal with more pressing issues.

This becomes a problem when those updates contain crucial security patches. If those patches aren’t applied, your servers remain vulnerable.

That’s where SUSE Manager comes into play. With SUSE Manager your team can administer, deploy, configure, monitor, and audit all of your Linux systems, whether they are running on bare metal or in a virtual environment. With the help of the built-in automation and orchestration features included with SUSE Manager, you can extend and expand the power of a single administrator. Not only does this have the effect of making it exponentially easier for your admins to keep your systems more reliably secure (by scheduling the deployment of updates and patches), it can also minimize staffing costs and reduce the time for system deployment and updates, even in complex DevOps scenarios.

Keeping Systems in Specific States
SUSE Manager includes the tools to ensure your systems always remain in the same state. States are the basic building blocks for Salt (and thereby, much of the automation within SUSE Manager). States are stored in SUSE Manager as “State Configuration Channels.” For example, you could create a template that will ensure your system services are always running and updated to the latest release. With the help of action chains, this process can not only be automated, but it can also prevent catastrophic failures.

What is an action chain (Figure 1)? Simply put, it’s a chain of events that occur sequentially. If one event fails, the remaining events do not happen. For example, you could create an action chain that does the following:

1. Stops the database
2. Applies update to the database
3. Starts the database
4. Extends the schema
5. Starts the application that uses the database

Figure 1: Creating an action chain in SUSE Manager.

Let’s say you’ve created the above action chain and then created it to run on a schedule (automated). One day the database refuses to stop. When that happens, the next event in the chain (updating the database) doesn’t launch. These types of chains are crucial for when your business requires a set of events to occur and either always succeed or stop before a single failure would bring your business to a standstill.

SUSE Manager also makes it possible to create, manage, and schedule highstates for your systems, which are numerous states combined in a single “manifest” of states. For example, you could create a state that will install the Apache web server, create a new site called mywebsite.com, enable the site, and make sure the server is running. The Salt manifest for that might look like:

apache2:
pkg:
– installed

mywebsite:
file.managed:
– name: /etc/apache2/sites-available/mywebsite.com
– source: salt://mywebsite.com

a2ensite mywebsite.com:
cmd.wait:
– unless: test -L /etc/apache2/sites-enabled/mywebsite.com
– watch:
– file: mywebsite

apache2:
service.running:
– watch:
– file: mywebsite

Once you have your highstate created, you can then automate it by way of a schedule or an event (such as a system coming online).

Salt formulas go one step further and allow you to fill in key configuration parameters, and then the states will be built out for you. With the help of Salt Formulas, SUSE Manager is capable of delivering system monitoring with Prometheus and Grafana. SUSE Manager includes several formulas that can be found in the Formulas tab within System details. You’ll find Salt Formulas for the likes of dhcpd, openVPN, Bind, PXE, vsftpd, CPU Mitigations, and more.

Faster System Deployments
Under normal circumstances, rolling out a bare metal server takes time. Although deploying virtual machines is far faster, even that can be time-consuming when you’re looking at configuring and spinning up numerous instances. This is made even more complicated when you have a larger business with multiple locations. With thousands of machines to deploy and manage, doing things the manual way is no longer an option.

With SUSE Manager, automating those deployments can completely redefine the process. With a single tool, you can manage incredibly complex system deployments, no matter their location. Imagine being able to deploy complex heterogeneous environments, with extended target OS support, all from a single point of entry? Even better, with automated Linux server provisioning, patching, and configuration, your staff is capable of faster, consistent, and repeatable server deployments.

With the help of Automated Hardware discovery (using PXE boot) and Autoinstallation (Figure 2), your IT staff is better equipped to more efficiently and effectively onboard new hardware.

Figure 2 – The SUSE Manager Autoinstallation tool can help you create automated deployments.

You’ll reduce operational costs, as well as errors.

That’s what SUSE Manager can do for you.

Content Lifecycle Management
One of the more important features of SUSE Manager is the Content Lifecycle Management (CLM) tool. Although you cannot directly set up automation with this portion of SUSE Manager, you can clone vendor channels and then modify the cloned channels to include only the packages you want to be installed on a client (Figure 3).

Figure 3 – Filtering packages within Content Lifecycle Management makes it easy for you to allow or deny packages from channels.

A channel clone (a project) defines the required software channel sources, the filters to be used to find packages, and the build environments for the packages. Once you have a channel specified to the needs of a particular rollout, you can then automate that rollout with the help of Salt.

How can this help to empower your staff? With CLM, your SUSE Manager admins can create projects for automated monthly patch cycles, filtered to meet the exact details of every department, every branch, and every server in your business. With the help of Live Patching, those deployments can be done, even on a kernel level, without incurring downtime during business hours.

By employing the SUSE Manager CLM tool, you can expect consistent rollouts that are perfectly tailored to meet the needs of your business, all the while automating the process.

At the heart of this automation is Salt.

What Is Salt?
To put it simply, Salt is a remote execution engine, configuration management, and orchestration system, capable of maintaining remote nodes in defined states. What is a defined state? Let’s say you’ve defined a particular state that requires a specific software package to be installed and that its services are running. To define and deploy these states, SUSE Manage uses Salt Formulas (which are a bit higher level than States), which are collections of Salt States that have been written by your SUSE Manager team or by other (third-party) users. Salt States contain generic parameter fields that allow you to define reliable, reproducible configurations repeatedly and automatically.

By creating the proper Salt formula, you can automate the installation of those packages and make sure their services are running.

The Salt Formula Catalog can be found in SUSE Manager at Salt > Formula Catalog (or under any system or System Group in the ‘Formulas’ tab). There you can view any of the currently installed Salt formulas (Figure 4).

Figure 4 – The SUSE Manager Salt Formula catalog.

You can use Formulas from within Salt States with the require declaration, like so:

include:
– epel

python26:
pkg.installed:
– require:
– pkg: epel

By using formulas, you can (with the help of SUSE Manager) automate simple, repetitive, or incredibly complicated tasks. But at its heart, Salt lets you:

● Run commands (at a granular level) on remote systems in parallel (so multiple commands at once).
● Use secure and encrypted protocols.
● Use small and fast network payloads for more efficient (and reliable) results.
● Provide a simple programming interface.

At this point, you might be thinking this is a bit too challenging for your staff. Do they have the time to learn how to create Salt Formulas? If not, it’s possible to easily install specific Salt Formulas by way of RPM packages. From the command line, you can (using the zypper tool), search for available formulas (such as zypper se –type package formula). When you find one that meets your needs, it’s as easy to install as:

sudo zypper in FORMULA

(where FORMULA is the name of the formula to be installed).

But the truth is, your business isn’t going to get the most out of SUSE Manager without a full understanding of how Salt works and how to create or implement Salt Formulas. The good news is that SUSE is quite adept at creating custom Salt Formulas. So when your business requires a highly customized Salt Formula to keep your company systems at specific states, they can either guide you in writing the formula or create it for you. That’s the SUSE way.

Salt or GUI?
At this point, however, you’re probably wondering, “Will my SUSE Manager admins have to write Salt formulas for everything?” Not with basic SUSE Manager usage. Your admins can get by using just the GUI for a lot of basic tasks. But to get the most out of this powerful tool, Salt will be required, especially when you’re looking to automate more and more complex tasks.

At this point, you’re probably thinking, “But my admins don’t have time to learn Salt.” That’s an understandable position to be in. However, when you realize how powerful Salt can be, you’ll want those admins empowered with the tool best suited to keep your business efficient and scalable.

Think about it this way: Once your admins have a solid grasp on how Salt works, they could spend a single workday crafting a Salt template and use that template to automate or schedule the provisioning or updating of thousands of servers. So a bit of effort and investment upfront is going to save your business serious time and money in the long run.

In the end, it’s not a question of Salt Formulas/templates or a GUI; it’s both. You’ll eventually get to the point with SUSE Manager that you’re creating complex Salt templates that handle increasingly complicated tasks, adding those templates to SUSE Manager, and then automating them by way of scheduling.

With this combination, you can automate tasks like:

● Provisioning
● Patch updates
● Deploying Kubernetes clusters
● Automating a server to the next major OS version
● Installing software
● Running any remote command

With the help of action chains, you can create combinations of the above that will run in succession, for more reliable administrative tasks.

How can your company afford to miss out on that kind of power?