The DevOps Edge with SUSE Manager

SUSE Manager brings the power of DevOps to your enterprise Linux environment.

DevOps is an IT management philosophy that requires speed, efficiency, and confidence. A DevOps environment is constantly evolving—containers spin up, new applications appear, tools are tested, and updates happen—all without stoppages or significant downtime.

The professionals who work in the supercharged DevOps space need tools that are powerful, secure, and precise. Decisive actions transform the network, implementing services and adapting configurations to respond to changes. The DevOps environment requires tools that lock down security and promote automation. DevOps engineers keep their focus on:

• System images—you’ll need a way to create and manage images for fast and efficient roll-out of bare metal, virtual or container-based Linux systems.
• Automated configuration—the DevOps world runs on automation. Why waste valuable time retyping the same few commands to repeat a common task? Automation also helps prevent errors that could lead to insecurity and downtime.
• Patches and updates—informal and imprecise package policies lead to misconfiguration and insecurity, requiring intervention that could lead to lost productivity.
• Security audits—keep ahead of problems by scanning managed systems to discover vulnerabilities and unauthorized software.

SUSE Manager is a single tool that can manage the complete life cycle of your Linux systems in a DevOps environment. Use SUSE Manager to manage images, oversee configuration, initiate audits, lock down software updates, and much more. Read on for more about SUSE Manager and the DevOps edge.

Creating and Managing Images

The DevOps edge depends on flexible automation and granular control of system images. SUSE Manager manages the version-controlled deployment templates at the core of your continuous-integration environment. The KIWI image builder included with SUSE Manager helps you create system images for easy and seamless deployment. You can create templates for standard image types and customize the templates to adapt to specific needs. SUSE Manager supports easy testing, patching, storing, and rebuilding of system images. You can even run a Common Vulnerabilities and Exposures (CVE) security audit on a system image to ensure the image meets known security requirements before you install (Figure 1).

Figure 1 – SUSE Manager provides software updates within container images.

Salt Configuration

Efficient roll-out, deployment, and configuration are at the core of the DevOps vision. The open source Salt configuration framework included with SUSE Manager lets you predefine a complete configuration for a system or critical application, allowing for effortless automated configuration across the network. Salt provides a rich context for remote installation and reconfiguration. As your environment evolves through cycles of development, testing, and deployment, Salt lets you adapt your systems swiftly and securely through automated, remote configuration.

A state file describing the client configuration resides on the server (called the Salt Master). When the Salt client starts, it seeks out the Salt master and executes the steps defined in the state file (see Figure 2). Salt lets you automate and replicate configuration steps. To change the configuration, the admin just needs to change the state file and trigger an update.

You can even combine multiple state files into a complex description called a formula. SUSE Manager provides a formulas and forms user interface as a central staging point for defining and managing Linux configuration across your network.

Figure 2 – Automated configuration with Salt: The client (called a Salt minion) wakes up and requests configuration information from the Salt master. A predefined configuration arrives in the form of the state file. 

All Your Linux Systems

SUSE Manager looks after all your Linux systems, including SUSE, Red Hat, and Ubuntu systems running on metal, in a container, or in a virtual machine. Managing all your Linux systems from a single tool simplifies the admin experience, leading to fewer errors and a reduced learning curve for new staff. SUSE Manager also offers close integration with OpenStack and Kubernetes for managing Linux in cloud and container environments.

Patches and Updates

DevOps extends the power of a single admin through centralized administration and fluid, flexible management tools that lock down control. SUSE Manager gives you the tight control over patches and software installation you’ll need for rapid integration without the risk. You can define a software channel for pushing patches, packages, and updates to managed systems. Use a software channel to update a single system or a group of systems. For instance, you could push out an update to all web servers. Software channels save time and reduce duplicated efforts, and they also provide an efficient means for imposing uniformity and security. By restricting the system to only receive updates through the channel, you can keep unauthorized packages off the network and maintain a disciplined system for testing and auditing prior to installation.

Software and Security Audits

A major source of errors and downtime is employees configuring Linux systems in a careless or inconsistent manner. The audit features in SUSE Manager let you enforce company rules, as well as external standards and licensing policies. Use SUSE Manager to inventory your Linux systems, and once the inventory is complete, it will report on any deviation from the authorized configuration, desired patch levels, and security requirements. You can also use SUSE Manager to check security policies imposed through the Open Security Content Automation Protocol (OpenSCAP) or to search out vulnerabilities defined in the CVE list.

Additionally, the audit tools let a single admin do the work that could take hours of labor—or might even require a full-time security staffer—in a conventional environment.

Automation

The secret to DevOps is automation. The auditing tools and Salt configuration framework are examples of the automation power you get with SUSE Manager.

SUSE Manager also supports roll-your-own automation through its API and full-featured scripting interface. The spacecmd command-line tool lets you build almost any SUSE Manager function into a script.

SUSE Manager also offers an XML-RPC-based API that allows you to build SUSE Manager functions into any programming language that offers XML-RPC client support. Use the SUSE Manager API to access SUSE Manager features from programs written in Perl, Python, or Ruby.

Conclusion

If you administer Linux systems in a DevOps environment, and you’re looking for a single tool that brings the DevOps edge to image management, deployment, configuration, auditing, and automation, take a closer look at SUSE Manager.