As companies migrate and run new workloads into the public cloud, the IT challenges organizations face doesn’t change. Organizations need the ability to schedule updates and security patches to their Linux systems. The ability to review and validate systems have been updated or patched is equally important. At SUSE, we offer SUSE Manager that helps your organization meet those challenges. Working with Don Vosburg (SME on SUSE Manager), we plan on releasing a series of blogs outlining how to manage your systems across public cloud providers. I have also provided a link to a webinar Don Vosburg presented covering SUSE Managers features for SUSE Manager 3.0.

The SUSE Public Cloud team has recently deployed SUSE Manager and SUSE Manager Proxy as an image on Amazon Web Services, Google Compute Engine and Microsoft Azure. There is a blog that goes into detail how to access the image for Amazon Web Services and Microsoft Azure in the blog, SUSE Manager 3.0 arrives in the Public Cloud, at long last. It’s an interesting read that covers the arrival of the SUSE Manager image in the public cloud. For the image in Google Compute Engine please refer to Away With Shenanigans.

For this blog, we will focus on how to deploy SUSE Manager in the cloud following best practices. As we walk through the installation, we will provide links to additional documentation for those who wish to explore a topic in more detail. Below are the topics that we will describe during the setup.

  • Choosing the compute and storage resources needed to run SUSE Manager.
  • Describe the network security ports needed for SUSE Manager
  • And yes… the setup of SUSE Manager.

Choosing the compute and storage resources needed to run SUSE Manager.

Image Selection

Amazon: The SUSE Manager image is published via the “Community AMIs”  and is available during “Step 1: Choose an Amazon Machine Image”.  Search for “SUSE Manager  3”.

Google: The SUSE Manager images will only be visible in your account in the web console if you subscribe to the “suse-byos-cloud [at] googlegroups [dot] com” mailing list. This works by sending a message from your Google account to “suse-byos-cloud+subscribe [at] googlegroups [dot] com”. Once subscribed you can see the images in your image list in the web console. (excerpt from SUSE Manager 3.0 arrives in the Public Cloud at long last)

Microsoft Azure: The SUSE Manager image is published via the Azure Marketplace.  Search for “SUSE manager  3” and you will see the SUSE Manager 3.0 Server (BYOS).

Resource Selection

Storage: SUSE Manager recommends 100GB volume for the root (/) partition and 50GB for the database (/var/lib/pgsql) in the standard docs assuming that the root partition is btrfs. In the cloud the root partition is Ext4 so we recommend allocating 150GB general use storage type (performance profile) for your root partition. Create a second 500GB volume for /manager_storage and attach it to this instance. The IO profile is consistent with a streaming workload.

CPU and RAM: Below are the recommendations for RAM and CPU taken from and linked to the SUSE Manager Best Practices hardware section:

Minimum 4 GB+ for test server

Minimum 16 GB+ for base installation

Minimum 32 GB+ for a production server

 

Advised Number of CPUs Review the following list for CPU recommendations.

Connecting 200 systems or less to SUSE Manager: 4 CPUs

Connecting 500 systems or less to SUSE Manager: 4-8 CPUs

When implementing RHEL channels: 8 CPUs

 

Describe the network security ports needed for SUSE Manager

Open the correct ports in the cloud provider network security interface. In our setup we are allowing traffic to communicate over HTTP/HTTPS, SSH and TCP 4505-4506 across subnets in our environment. In addition we are allowing SSH and HTTP/HTTPS to communicate to allowed remote admin subnets. We advise you to restrict access to the ports according to your policy. Below are the ports used by SUSE Manager to communicate.:

HTTP and HTTPS (80/443) are used to contact SUSE Customer Center (SCC). All WebGUI, client, and proxy server requests travel via http or http. SUSE Manager uses this HTTPS for SUSE Customer Center inbound traffic.

SSH Port 22 will allow remote management to the server.

TCP 4505-4506 is used to communicate with managed systems using SaltStack

TCP 5222 is used to push actions to clients this port is required by the osad daemon running on your client systems.

TCP 5269 is needed if you push actions to or via a SUSE Manager Proxy.

Setup SUSE Manager

During the creation of the cloud virtual machine, we added storage to the server. Before we begin the installation of SUSE Manager, we need the partition formatted and mounted to our system. SUSE has provided a storage setup script, /usr/bin/suma-storage, that will eliminate a few steps when setting up the external partition. Below are the steps to follow:

Make sure you the following commands with admin permissions.

hostname:/ # sudo su –

We need to run lsblk to determine the name of the partition. The partition name will not show a mount point. In our example it is named xvdb.

hostname:/ # lsblk

NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT

hda   3:0 0  150G  0 disk

└─hda1   3:1 0  150G  0 part /

xvdb   202:16   0  500G  0 disk

Now that we have the name, we can run the /usr/bin/suma-storage and pass the name of the partition. If you did not give it the correct name you will see the message,

“–> Given storage disk does not exist or is not a block device”.

Now let’s run the storage script.

hostname:/ # /usr/bin/suma-storage /dev/xvdb

–> Check disk for content signature

–> Creating partition on disk /dev/xvdb

–> Creating xfs filesystem

–> Syncing SUSE Manager directories to storage disk

One more step. Now that we have mounted the disk, we need to make sure that it stays mounted after it is rebooted. The nofail is recommended to ensure that your system will boot if for some reason your secondary partition is not available. We need to edit the /etc/fstab and add the entry below:

/dev/xvdb /manager_storage xfs defaults,nofail 0 1

Now that we have the storage setup, we need to register SUSE Manager with SUSE Customer Center (SCC). It is important that your system have HTTP and HTTPS access to the Internet to contact the SCC.

hostname:/ # SUSEConnect -r <activationcode> -e address@companyname.com

hostname:/ # SUSEConnect -p SUSE-Manager-Server/3.0/x86_64 -r <activationcode>

Install the latest SP1 and SUSE Manager updates and reboot. During the set up you will receive a SUSE Manager Database Schema Update shell prompt page. The shell prompt outlines steps to follow when updating the SUSE Manager database schema; however, since we have not performed the set up the steps can be ignored.

hostname:/  # zypper up

hostname:/  # reboot

Now that we are up to date and registered, we can migrate(upgrade) from SLES 12 SP1 to SLES12 SP2.  We will perform the migration and reboot before setting up SUSE Manager:

hostname:/  # zypper migration

Executing ‘zypper  refresh’

Repository ‘SLES12-SP1-Pool’ is up to date.

Repository ‘SLES12-SP1-Updates’ is up to date.

Repository ‘SUSE-Manager-Server-3.0-Pool’ is up to date.

Repository ‘SUSE-Manager-Server-3.0-Updates’ is up to date.

All repositories have been refreshed.

Executing ‘zypper  –no-refresh patch-check –updatestack-only’

Loading repository data…

Reading installed packages…

0 patches needed (0 security patches)

Available migrations:

1 | SUSE Linux Enterprise Server 12 SP2 x86_64

SUSE Manager Server 3.0 x86_64 (already installed)

[num/q]:  1

You will find it has one conflict during the migration, but you can safely resolve it:

Choose solution 1, and the migration should continue properly. Below is will displayed once it is completed. After it is installed be sure to reboot.

254 packages to upgrade, 39 to downgrade, 163 new, 12 to remove.

Overall download size: 262.9 MiB. Already cached: 0 B. After the operation, additional 8.6 MiB will be used.

Continue? [y/n/? shows all options] (y): y

254 packages to upgrade, 39 to downgrade, 163 new, 12 to remove.

Overall download size: 262.9 MiB. Already cached: 0 B. After the operation, additional 8.6 MiB will be used.

Continue? [y/n/? shows all options] (y): y

hostname:/  # reboot

Now we need to make sure your system has a valid hostname.domain.name that you can use. The various cloud providers can provide a hostname but it is neither memorable or friendly.

As root, you can use the following commands below to set a hostname that follows your naming standard.

hostname:/  # yast lan

And edit the Hostname/DNS tab to include the hostname specified above.

hostname:/  # hostname -F /etc/hostname

Use the private IP and create a proper entry in /etc/hosts to reflect the FQDN.

Now you can run the SUSE Manager setup and follow the SUSE Manager setup:

hostname:/  # yast susemanager_setup

NOTE – Additional step required for SUSE Manager in the Public cloud.

After you run through SUSE Manager setup, the next step is to Create the Administrator’s Account. To provide a more secure setup SUSE has already set the password for the admin account and created the initial organization. You will be able to change both the password and organization. To reset the password after the setup is complete execute the following command as root. You will be prompted to enter the password.

hostname:/  # satpasswd admin

At this point setup is complete and you can login to your SUSE Manager web console!

(Visited 1 times, 1 visits today)
Tags: , , , , , ,
Category: Alliance Partners, Cloud and as a Service Solutions, Cloud Computing, SUSE Manager Management Pack for Microsoft System Center
This entry was posted Wednesday, 24 May, 2017 at 9:08 am
You can follow any responses to this entry via RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet