SUSE Manager 3.1

Getting Started

Author: Joseph Cayouette
Contributor: SUSE Manager Team
Publication Date: 2018-12-03

Copyright © 2018 SUSE LLC

Copyright © 2011-2014 Red Hat, Inc.

The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution-Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.

This document is an adaption of original works found at and and

Red Hat, as a licensor of these documents, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux® is the registered trademark of Linus Torvalds in the United States and other countries. Java® is a registered trademark of Oracle and/or its affiliates. XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries. All other trademarks are the property of their respective owners.

For SUSE trademarks, see All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its affiliates. Asterisks (*) denote third-party trademarks.

All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its affiliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof.

1 What is Covered?

Get started with SUSE Manager 3 by setting up a KVM learning environment. This quick-start guide will provide you with introductory guidance on setting up SUSE Manager server. You will learn the basics of managing both traditional SUSE Manager clients and Salt clients. This guide is intended for system administrators.

1.1 Introducing SUSE Manager

SUSE Manager lets you efficiently manage large sets of Linux systems and keep them up to date. It provides automated and cost-effective software management, asset management, and system provisioning. SUSE Manager provides a best in class solution for organizations requiring absolute control of maintenance and package deployment on their servers. It allows customers the highest level of flexibility and power ensuring their servers remain secure while facilitating and advancing an organizations system life-cycle requirements.

Salt.  The inclusion of Salt in SUSE Manager 3 provides powerful event-driven configuration and management capabilities for fine grained control of any modern infrastructure.

Salt-master.  SUSE Manager 3.1 takes a commanding role as a Salt-master capable of orchestrating thousands of Salt-minions (SUSE Manager Clients) via remote execution.

Distribution Management.  SUSE Manager 3.1 is also fully compatible with Red Hat Satellite Server and offers seamless management of both SUSE Linux Enterprise and Red Hat Enterprise Linux client systems.

1.2 Overview

SUSE Manager may be integrated within your network infrastructure in multiple ways. In this guide you will perform the following steps for an initial test setup.

  • Install SLES 12 and SUSE Manager as an extension

  • Register SUSE Manager server with SCC (SUSE Customer Center)

  • Synchronize a repository channel for use with both traditional clients and salt-minions

  • Create an authentication key to act as an ID for the synced repository channel

  • Add the new authentication key to a bootstrap template script and connect a traditional client

  • Register a salt-minion with SUSE Manager (salt-master) and assign it a channel with an authentication key

1.3 Prerequisites for Installation

This guide requires that you have created an account with SCC (SUSE Customer Center). During installation of both SUSE Linux Enterprise Server 12 and SUSE Manager 3.1, SUSE Customer Center credentials will be requested and you must enter them to receive the latest packages and updates. The following procedure will guide you through obtaining your SCC Organizational Credentials.

Procedure 1.1: Obtaining Your SCC Organization Credentials
  1. Open a browser and direct it to

  2. If you have not done so, create an account now.

  3. Log in to your new SCC account.

  4. Under the Management tools widget select Manage Users.

  5. Click the Organization Credentials tab.

  6. Keep this information handy during SUSE Manager 3 setup.

1.4 Obtaining Installation Media

After logging into your SCC account, you can find the installation images provided at the following addresses. Select one and continue reading:

Note: Just Enough Operating System (JeOS) vs. Full Media Image

The SLES 12 JeOS image provides the quickest route for setup of a test environment. The JeOS image total size is about 290 MB. The alternative would be the 3 GB SUSE Linux Enterprise Server 12 DVD image. Both installation media are appropriate, but depend upon available bandwidth or your application needs. Both methods of installation will be covered in this guide.

1.5 Hardware Requirements

Review the following table for SUSE Manager hardware and software requirements. For installation on z Systems, see Book “Advanced Topics”, Chapter 1 “SUSE Manager on IBM z Systems.




Multi-core 64-bit CPU (x86_64, IBM POWER)


Minimum 4 GB+ for test server

Minimum 16 GB+ for base installation

Minimum 32 GB+ for a production server

Free Disk Space

Minimum 100 GB for root partition

For the purposes of this guide the default JeOS root partition size of 24 GB will be sufficient

Minimum 50 GB for /var/lib/pgsql

Minimum 50 GB per SUSE product + 100 GB per Red Hat product /var/spacewalk

1.6 Base Host OS

SUSE Manager is based on the following host OS.

Note: Version Information

SUSE Manager 3.1 was originally released as a SLES 12 SP2 extension. With the next maintenance update (December 2018), SUSE Manager 3.1 will be based on SLES 12 SP4 and support SLE 12 SP4 clients officially. In the following sections and chapters, it is highly recommended to use SLE 12 SP4 instead of SP2 or SP3.

Base OS

SUSE Manager Version


3.0, 3.1

1.7 Supported Client Systems

Clients with the following operating systems are supported for registration with SUSE Manager. If you plan on using the new Salt features, ensure your clients are supported.

Note: Supported Versions and SP Levels

Client operating system versions and SP levels must be under general support (normal or LTSS) to be supported with SUSE Manager. For details, see

Operating Systems


Traditional Clients

Salt Clients

SUSE Linux Enterprise 11 SP4 LTSS

x86, x86_64, Itanium, IBM POWER, z Systems



SUSE Linux Enterprise 12 SP1, SP2, SP3, SP4

x86_64, IBM POWER (ppc64le), z Systems



Red Hat Enterprise Linux 5

x86, x86_64



Red Hat Enterprise Linux 6

x86, x86_64



Red Hat Enterprise Linux 7

x86, x86_64



Novell Open Enterprise Server 11, SP1, SP2, SP3 LTSS

x86, x86_64



Open Enterprise Server 2015, 2015 SP1, 2018

x86, x86_64



1.8 Additional Requirements

To successfully complete this guide some network requirements must be met. The following section will walk you through these requirements.

Fully Qualified Domain Name (FQDN):  The SUSE Manager server must resolve its FQDN correctly or cookies will not work properly on the Web UI. For more information on FQDN, see:

Hostname and IP Address:  To ensure that SUSE Manager's domain name can be resolved by its clients, both server and client machines must be connected to a working Domain Name System (DNS) server. This guide assumes the required infrastructure exists within your environment. For more information on setting up a (DNS) server, see:

Using a Proxy When Installing from SUSE Linux Enterprise Media.  If you are on an internal network and do not have access to SUSE Customer Center, you can setup and use a proxy during a SUSE Linux Enterprise installation. For more information on configuring a proxy for access to SUSE Customer Center during a SUSE Linux Enterprise installation see:

Important: Naming Your Server

The hostname of SUSE Manager must not contain uppercase letters as this may cause jabberd to fail. Choose the hostname of your SUSE Manager server carefully. Although changing the server name is possible, it is a complex process and unsupported.

For a more complete overview on SUSE Manager requirements not covered in this guide, see Book “Best Practices”, Chapter 1 “Introduction”.

1.9 Firewall Rules

In a production environment SUSE Manager server and its clients should always utilize firewall rules. The following table provides an overview of required ports for use by SUSE Manager 3.1.

Traditional client systems connect to SUSE Manager via port 443. In addition, enabling push actions from SUSE Manager to client systems, requires inbound connections on port 5222. If SUSE Manager will also push to a SUSE Manager proxy, you must allow inbound connections on port 5269.

In the following table, Inbound means the server needs to be able to accept new TCP connections on that port and Outbound the server needs to be able to open TCP connections to that port.

Table 1.1: Required Ports on SUSE Manager Server






Required when configured as a DHCP server for systems requesting IP addresses.



Used when configured as a PXE server and allows installation and re-installation of PXE-boot enabled systems.



Used to contact SUSE Customer Center.



All Web UI, traditional client, and proxy server requests and SUSE Manager uses this port for SUSE Customer Center inbound traffic.



SUSE Manager uses this port to reach SUSE Customer Center (unless running in a disconnected mode with SMT—as described in Book “Best Practices”, Chapter 2 “Managing Your Subscriptions”, Section 2.2 “Subscription Management Tool (SMT) and Disconnected Setup (DMZ)”).



Required by the Salt-master to accept communication requests via TCP from minions.



Required by the Salt-master to accept communication requests via TCP from minions.



When you wish to push actions to clients this port is required by the osad daemon running on the client systems.



Needed if you push actions to or via a SUSE Manager Proxy.


Squid HTTP proxy for outgoing connections. It could be any port you configure.

For more information, see Book “Advanced Topics”, , Section B.1 “SUSE Manager Server”.

2 JeOS Installation

2.1 Virtual Machine Manager (virt-manager) Settings

Note: Version Information

SUSE Manager 3.1 was originally released as a SLES 12 SP2 extension. With the next maintenance update (December 2018), SUSE Manager 3.1 will be based on SLES 12 SP4 and support SLE 12 SP4 clients officially. In the following sections and chapters, it is highly recommended to use SLE 12 SP4 instead of SP2 or SP3.

This chapter provides the required (KVM) settings for installation of SUSE Linux Enterprise Just Enough Operating System (JeOS) 12 as the base for SUSE Manager 3.1. A kernel virtual machine (KVM) combined with Virtual Machine Manager (virt-manager) will be used as a sandbox for your first installation.

Tip: SUSE Virtualization Guide

For more information on virtualization, see

Enter the following settings when creating a new virtual machine using virt-manager.

KVM Settings

Installation Method:

Import Existing Disk Image






4096 MB



Storage Format:

.qcow2 24 GB (Default) JeOS Root Partition

Virtual Disks:

VirtIO Disk 2

VirtIO Disk 3

VirtIO Disk 4


101 GB for /var/spacewalk

50 GB for /var/lib/pgsql

4 GB for swap




Bridge br0

Tip: SUSE Virtualization Guide

For more information on virtualization, see

2.2 JeOS KVM Settings

Create 3 additional virtual disks required for the SUSE Manager storage partitions.

Procedure 2.1: Creating the Required Partitions with KVM
  1. Create a new virtual machine using the downloaded JeOS KVM image and select Import existing disk image.

  2. Configure RAM and number of CPU's: At least 4 GB RAM and 2 CPUs.

  3. Name your KVM machine and select the Customize configuration before install check box.

  4. Select the Add Hardware button and create three new virtual disks with the following specifications. These disks will be partitioned and mounted in Procedure 2.2, “Preparing JeOS for SUSE Manager Installation”.

    VirtIO Storage Disks



    VirtIO Disk 2


    101 GB

    VirtIO Disk 3


    50 GB

    VirtIO Disk 4


    4 GB

  5. Click Begin Installation and your new VM will boot from the JeOS image.

Proceed through the basic JeOS installation prompts until you reach the command line.

Tip: Root Password

During the basic installation prompts you are asked to enter the root password. Select a strong password and then in the next message box Confirm root Password.

2.3 Preparing JeOS for SUSE Manager

Procedure 2.2: Preparing JeOS for SUSE Manager Installation
  1. Register with SCC:

  2. Add SUSE Manager repositories:

    root # SUSEConnect -p SUSE-Manager-Server/3.1/x86_64 -r SUSE_MANAGER_CODE
  3. Install yast2-storage with all required dependencies (approx. 40 packages, 30 MB when installed). This basic administration package is required for preparing storage partitions:

    root # zypper in -t package yast2-storage
  4. Partition and mount the virtual disks at the following locations using YaST Partitioner (yast2 disk).

    VirtIO Storage Disks


    Storage Size

    File System Type

    VirtIO Disk 2


    101 GB


    VirtIO Disk 3


    50 GB


    VirtIO Disk 4


    4 GB


  5. SLES 12 by default uses the BTRFS file system. A mount point is created automatically for /var/lib/pgsql/ (even when not installed). This must be removed or commented out from the /etc/fstab entries. As root edit /etc/fstab and comment out or remove the line:

    /var/lib/pgsql btrfs subvol=@/var/lib/pgsql 0 0
    Warning: Removing the pgsql in the /etc/fstab Entry

    If you do not remove this line from fstab the first time you shutdown the server you will lose your database. This occurs because you will have duplicate entries in the fstab.

    Updated tools shipped with recent SPs will no longer require human intervention.

  6. Exit the partitioner and install the SUSE Manager pattern:

    root # zypper in -t pattern suma_server

For executing SUSE Manager setup: proceed to Section 4.2, “SUSE Manager Setup via GUI”.

3 SLES 12 Installation

Note: Version Information

SUSE Manager 3.1 was originally released as a SLES 12 SP2 extension. With the next maintenance update (December 2018), SUSE Manager 3.1 will be based on SLES 12 SP4 and support SLE 12 SP4 clients officially. In the following sections and chapters, it is highly recommended to use SLE 12 SP4 instead of SP2 or SP3.

3.1 SLES 12 KVM Requirements

This chapter provides the required (kvm) settings for installation of SUSE Linux Enterprise Server 12 media as the base for the SUSE Manager 3.1. A kernel virtual machine (kvm) combined with Virtual Machine Manager (virt-manager) will be used as a sandbox for this installation.

Enter the following settings when creating a new virtual machine using virt-manager.

KVM Settings for SLES 12

Installation Method:

Local install media (ISO image or CDROM)






4096 MB



Storage Format:


Additional Disks:

230 GB split between 4 GB swap and 130 GB mounted at /var/spacewalk/ (Virtual Disk 1) and 50 GB mounted at /var/lib/pgsql (Virtual Disk 2)




Bridge br0

3.2 SLES 12 KVM Settings

This section provides guidance on installation of SUSE Manager utilizing the full installation media with KVM and virt-manager. This section assumes you have previously setup an account with SCC and downloaded the SLES 12 full installation media.

Procedure 3.1: Preparing for SLES 12 Installation
  1. In virt-manager select File then New Virtual Machine.

  2. Choose Local install media (ISO image or CDROM).

  3. Ensure Use ISO Image is selected then click Browse and locate the full SLES 12 image you downloaded from your SCC account.

  4. Configure your machine with at least 4096 MB RAM and a minimum of 2 CPUs.

  5. Create a storage device with a minimum of 230 GB storage space for the installation. During the partitioning setup of the SLES 12 installation this disk should be partitioned into a 4 GB swap a 130 GB partition (or a dedicated virtual disk) for /var/spacewalk/ (XFS) and an additional 50 GB partition (or a dedicated virtual disk) for /var/lib/pgsql/ (XFS). The remaining storage space will be used by the operating system. Select Finish to begin the installation.

Installation of SUSE Linux Enterprise Server 12 will begin. For more information on completing an installation of SUSE Linux Enterprise Server 12, see

3.3 Selecting the SUSE Manager 3.1 Extension

During the SUSE Linux Enterprise Server 12 installation you will be presented with the Extension and Module Selection (see Figure 3.1, “Selecting SUSE Manager Extension”). Select the SUSE Manager 3.1 Extension and then complete the SUSE Linux Enterprise Server 12 installation.

Selecting SUSE Manager Extension
Figure 3.1: Selecting SUSE Manager Extension

4 SUSE Manager Setup

4.1 Included Topics

This section covers setup procedures of SUSE Manager 3.1. You will perform the following procedures:

  • Initiate SUSE Manager 3.1 setup from the command line

  • Create the admin user with the SUSE Manager Web UI

  • Synchronize with SUSE Customer Center (SCC) to obtain a list of product channels available for your clients.

  • Add the SUSE Linux Enterprise 12 SP3 channel

Note: Version Information

SUSE Manager 3.1 was originally released as a SLES 12 SP2 extension. With the next maintenance update (December 2018), SUSE Manager 3.1 will be based on SLES 12 SP4 and support SLE 12 SP4 clients officially. In the following sections and chapters, it is highly recommended to use SLE 12 SP4 instead of SP2 or SP3.

4.2 SUSE Manager Setup via GUI

Procedure 4.1: SUSE Manager Setup

This section will guide you through SUSE Manager setup procedures.

  1. Log in to the SUSE Linux Enterprise 12 desktop and start the YaST SUSE Manager Setup module: Either click Applications › System Tools › YaST and enter SUSE Manager Setup, or open a terminal and as root type yast2 susemanager_setup to initiate the setup.

  2. On the initial screen select Setup SUSE Manager from scratch and select Next to continue.

  3. Enter an email address which will receive notifications about the server's status. The number of emails sent from SUSE Manager can be extensive, therefore notifications via email may be disabled from the Web UI after setup if desired. If wanted, enable advertising SUSE Manager via SLP; this can simplify client setup.

    Select Next to continue.

  4. Enter your certificate information and a password. The password should be stored in a secure location. Without this password it will not be possible to set up a SUSE Manager Proxy Server. Select Next to continue.

  5. In Database Settings, enter a database user and password. This password should be stored in a secure location. Select Next to continue.

  6. SUSE Manager requires that you connect to SUSE Customer Center for software, updates and patches. You will be unable to synchronize or provide channels to your clients without this information. Enter your SUSE Customer Center Organization Credentials. You may open to register or access to your organization credentials. Select Next to continue.

  7. Select Yes to run setup when prompted. When completed select Next to continue.

    You will be presented with your new SUSE Manager Web UI address.

    Select Finish to complete SUSE Manager setup.

In Section 4.3, “Creating the Organization with the Administrator's Account”, you will create the administrator's account and synchronize with SUSE Customer Center.

4.3 Creating the Organization with the Administrator's Account

This section will walk you through creating the organization with the administrator's account for your SUSE Manager Server. The administrator's account is the highest authority account within SUSE Manager and therefore administrator account access information should be stored in a secure location. It is recommended that an administrator creates low level user accounts designated for administration of each organization or group under the administrator's account for security.

Procedure 4.2: Setting up the Administrator's Account
  • To begin open your browser and direct it to your SUSE Manager Server URL which was provided to you after completing setup.

    Enter the Organization Name, then your Desired Login name and Desired Password. Fill in the Account Information fields including an email for system notifications. Select Create Organization to finish creating your administration account.

Congratulations! You should now be presented with the SUSE Manager Front Page. Section 4.4, “Synchronizing with SUSE Customer Center (SCC)” will help prepare the server for connecting your first client.

4.4 Synchronizing with SUSE Customer Center (SCC)

SUSE Customer Center (SCC) maintains a collection of repositories which contain packages, software and updates for all supported client systems. These repositories are organized into channels each of which provide software specific to a distribution, release and architecture. You must synchronize your SUSE Manager Server with SCC to add channels for your client systems. After synchronizing with SCC your clients are able to receive updates or be organized into groups to be assigned to a specific software channel. This section covers synchronizing with SCC from the Web UI and adding your first client channels.

Procedure 4.3: Synchronizing with SUSE Customer Center
  1. From the SUSE Manager Web UI start page select Admin › Setup Wizard.

  2. From the Setup Wizard page select the SUSE Products tab. Wait a moment for the Available Products Below list to populate. You are present with a list of repositories provided from SCC. Each of these repositories represents a single software source known as a Base Channel within SUSE Manager. You can also see the architecture, channels, and status information from this page.

  3. As you are adding a SUSE Linux Enterprise 12 SP3 client based on the x86_64 architecture, scroll down the page and select the check box for this channel now.

    • Add single channels to SUSE Manager by selecting the check box to the left the + button of each channel.

    • Add multiple channels by selecting the check boxes to the left of the channels list and then schedule synchronization by clicking the + Add products button located at the bottom of the page.

After adding your first channel SUSE Manager will schedule the channel to be copied and begin mirroring it. This can take a long time as SUSE Manager must copy all software sources from the SUSE Vendor repositories located at SUSE Customer Center to your servers local /var/spacewalk/ directory.

Tip: PostgreSQL and Transparant Huge Pages

In some environments, Transparent Huge Pages provided by the kernel may slow down PostgreSQL workloads significantly.

To disable transparant huge pages set the transparent_hugepage kernel parameter to never. This has to be changed in /etc/default/grub and added to the line GRUB_CMDLINE_LINUX_DEFAULT, for example:

GRUB_CMDLINE_LINUX_DEFAULT="resume=/dev/sda1 splash=silent quiet showopts elevator=noop transparent_hugepage=never"

To write the new configuration run grub2-mkconfig -o /boot/grub2/grub.cfg. To update the grub2 during boot run grub2-install /dev/sda.

Monitor channel synchronization process in real-time by viewing channel log files located in the directory /var/log/rhn/reposync:

root # cd /var/log/rhn/reposync
root # tail -f CHANNEL_NAME.log

After your channel sync has completed proceed to Chapter 5, Registering Clients.

5 Registering Clients

5.1 Introduction

All releases previous to and including SUSE Manager 2.1 were implemented and shipped with a client management framework, which today is still fully supported. Since version 3, SUSE Manager includes a complete Salt solution in addition to the traditional framework. Salt is an end-to-end data-center automation tool which may also be used outside the scope of SUSE Manager to introduce reactive, real-time orchestration, and configuration management. Managed systems may coexist using both methods, allowing you to become comfortable using Salt while keeping existing deployments intact.

5.2 Creating Activation Keys

Activation keys are used with both traditional and Salt clients to ensure that your clients have the correct software entitlements, are connecting to the appropriate channels, and are subscribed to the relevant groups. Each activation key is bound to an orgnization, which you can set when you create the key.

This section contains information on how to create activation keys for both traditional and Salt clients, and provides some best practices for working with activation keys.

Procedure 5.1: Creating Activation Keys
  1. Log in to the SUSE Manager Web UI as administrator.

  2. Switch to Systems › Activation Keys.

  3. Click the Create Key link at the upper right corner.

  4. Enter a Description to identify the generated activation key.

  5. Enter a human readable Key string value such as SLES12-SP3 to represent the distribution and service pack associated with the key.

    Warning: Allowed Characters

    Do not use commas in the Key field for any SUSE products. However, you must use commas for Red Hat Products. For more information, see Book “Reference Manual”, Chapter 2 “Systems”, Section 2.9 “Activation Keys”.

  6. Enter 1 in the Usage field. This allows one client to register using this key and uses one of your subscription entitlements.

  7. Select the SUSE Linux Enterprise 12 SP3 channel you added earlier from the Base Channels drop down.

  8. Leave the Contact Method at default.

  9. Leave Universal Default unchecked. Click Create Activation Key to finish creating the key for the first channel.

When you create activation keys, keep these best practices in mind:

  • Avoid using the SUSE Manager Default parent channel. This setting forces {productname} to choose a parent channel that best corresponds to the installed operating system, which can sometimes lead to unexpected behavior. Instead, SUSE recommends you create activation keys specific to each distribution and architecture.

  • If you are using bootstrap scripts, consider creating an activation key for each script. This will help you align channel assignments, package installation, system group memberships, and configuration channel assignments. You will also need less manual interaction with your system after registration.

  • If you do not enter a human-readable name for your activation keys, the system will automatically generate a number string, which can make it difficult to manage your keys. Consider a naming scheme for your activation keys to help you keep track of them.

  • Note that the Configuration File Deployment check box does not appear until after you have created the activation key. Ensure you go back and check the box if you need to enable configuration management.

5.3 Creating the SUSE Manager Tools Repository

In this section you will create a tools repository on the SUSE Manager Server for providing client tools. The client tools repository contains packages for installing Salt on minions as well as the required packages for registering traditional clients during the bootstrapping procedure. These packages will be installed from the newly generated repository during the registration process. In the following procedure you will create the SUSE Linux Enterprise 12 SP3 tools repository.

Important: Creating a Tools Repository when an SCC Channel has not been Synced

Before following the procedure to create the tools repository make sure the SUSE vendor channel you will be using with your client has been completely synced. You can check this by running tail -f /var/log/rhn/reposync/CHANNEL_NAME.log as root. For example:

# tail -f /var/log/rhn/reposync/sles12-sp3-pool-x86_64.log

When finished you will see:

2017/12/12 15:20:32 +02:00 Importing packages started.
2017/12/12 15:22:02 +02:00 1.07 %
2017/12/12 15:34:25 +02:00 86.01 %
2017/12/12 15:35:49 +02:00 Importing packages finished.
2017/12/12 15:35:49 +02:00 Linking packages to channel.
2017/12/12 15:35:59 +02:00 Sync completed.
Procedure 5.2: Generating the Tools Repository for SUSE Linux Enterprise 12 SP3
  1. Open a terminal on the server as root and enter the following command to list available bootstrap repositories:

    # mgr-create-bootstrap-repo -l
    1. SLE-12-SP3-x86_64
  2. Then invoke the same command using the listed repository as the product label to actually create the bootstrap repository:

    # mgr-create-bootstrap-repo -c SLE-12-SP3-x86_64
  3. SUSE Manager will create and add the client tools to the newly created repositories directory located at /srv/www/htdocs/pub/repositories/.

Note: Support for SUSE Linux Enterprise 15 Products

If you have mirrored more than one SUSE Linux Enterprise 15 Product (for example, SLES, SLED, and SLES for SAP Application), you can specify the one you are actually interested in. First check what is avaiable:

    # mgr-create-bootstrap-repo -c SLE-15-x86_64 --with-custom-channel
Multiple options for parent channel found. Please use option
--with-parent-channel <label> and choose one of:
- sle-product-sles15-pool-x86_64
- sle-product-sles_sap15-pool-x86_64
- sle-product-sled15-pool-x86_64

Then specify it with --with-parent-channel:

# mgr-create-bootstrap-repo -c SLE-15-x86_64 --with-parent-channel sle-product-sled15-pool-x86_64

5.4 Registering Traditional Clients

5.4.1 Generating a Bootstrap Script

This section goes over generating a template bootstrap script which will be copied and modified for use with traditional clients.

Warning: Python3 and SLES 15

SLES 15 uses Python 3 as the default python language version. Due to this change your Older bootstrap scripts(based on python 2) must be re-created for all SLES 15 systems. Attempting to register SLES 15 systems with SUSE Manager using Python 2 versions of the bootstrap script will fail.

Traditional clients register with SUSE Manager via a bootstrap script executed on the client which deploys all necessary packages to it. The bootstrap script contains parameters which assigns a client system to its base channel. Two of these important parameters are:

  • Activation Keys

  • GNU Privacy Guard (GPG) Keys

Note: Using --traditional

As of SUSE Manager 3.1 the --traditional option must be used if creating a bootstrap script from the command line via the mgr-bootstrap command for traditional clients. Bootstrap scripts are now by default used for Salt minions.

Note: Bootstrap Scripting Best Practices

It is possible to use various methods to register clients for use with SUSE Manager in mass using bootstrap. Using batch scripts for mass registration of both VM and Bare Metal machines is a possibility. Some of these methods will be covered in the Best Practices Guide and will be added as examples at a later time.

The following procedure will guide you through generating a bootstrap template script.

Procedure 5.3: Creating a Bootstrap Script
  1. On the SUSE Manager Web UI, switch to Admin › Manager Configuration › Bootstrap Script. For more information, see Book “Reference Manual”, Chapter 11 “Admin”, Section 11.4.2 “Admin > Manager Configuration > Bootstrap Script.

  2. Uncheck Bootstrap using Salt. Otherwise leave the default settings and click the Update button.

    Warning: Using SSL

    Unchecking Enable SSL in the Web UI or setting USING_SSL to 0 in the bootstrap script is not recommended. If you disable SSL nevertheless you must manage CA certificates yourself to be able to run the registration process successfully.

  3. A template bootstrap script is generated and stored on the server's file system in the /srv/www/htdocs/pub/bootstrap directory.

    # cd /srv/www/htdocs/pub/bootstrap
    # ls        
    client-config-overrides.txt   sm-client-tools.rpm

    The bootstrap script is also available at

Section 5.4.2, “Modifying the Bootstrap Script” will cover copying and modifying your bootstrap template for use with each client.

5.4.2 Modifying the Bootstrap Script

In this section you will copy and modify the template bootstrap script you created from Section 5.4.1, “Generating a Bootstrap Script”.

The minimal requirement when modifying a bootstrap script for use with SUSE Manager is inclusion of an activation key. Depending on your organizations security requirements it is strongly recommended to include one or more (GPG) keys (for example, your organization key, and package signing keys). For the purposes of this guide you will be registering with the activation keys created in the previous section.

Procedure 5.4: Modifying the Bootstrap Script
  1. Log in as root on the command line on your SUSE Manager server.

  2. Navigate to the bootstrap directory with:

    # cd /srv/www/htdocs/pub/bootstrap/
  3. Create and rename two copies of the template bootstrap script for use with each of your clients.

    # cp
    # cp
  4. Open for modification. Scroll down and modify both lines marked in green. You must comment out exit 1 with a hash mark (#) to activate the script and then enter the name of the key for this script in the ACTIVATION_KEYS= field as follows:

    echo "Enable this script: comment (with #'s) this block (or, at least just"
    echo "the exit below)"
    #exit 1
    # can be edited, but probably correct (unless created during initial install):
    # NOTE: ACTIVATION_KEYS *must* be used to bootstrap a client machine.
  5. When you have finished your modifications save the file and repeat this procedure for the second bootstrap script. Then proceed to Section 5.4.3, “Connecting Your First Client”.

Note: Finding Your Keys

To find key names you have created: In the Web UI, click Home › Overview › Manage Activation keys › Key Field. All keys created for channels are listed here. You must enter the full name of the key you wish to use in the bootstrap script exactly as presented in the key field.

5.4.3 Connecting Your First Client

This section covers connecting your clients to SUSE Manager with the modified bootstrap script.

Procedure 5.5: Running the Bootstrap Script
  1. On your SUSE Manager Server as root navigate to the following directory:

    # cd /srv/www/htdocs/pub/bootstrap/
  2. Run the following command to execute the bootstrap script on the client:

      | ssh /bin/bash
  3. The script will execute and proceed to download the required dependencies located in the repositories directory you created earlier. Once the script has finished running, log in to the Web UI and click Systems › Overview to see your new client listed.

This concludes the bootstrap section of this guide. Section 5.5, “Registering Salt Clients” will go over registering Salt minions for use with SUSE Manager 3.

5.5 Registering Salt Clients

There are currently three methods for registering Salt minions:

  • The following section describes the first method and uses a bootstrap repository.

  • The second method is to create a bootstrap script with the mgr-bootstrap commandline tool or using the Web UI. Make sure that the Bootstrap using Salt option is properly checked. Then bootstrapping Salt minions with a bootstrap script is performed in the same manner as bootstrapping traditional clients—for more information, see Section 5.4, “Registering Traditional Clients”.

  • The third method is performed from the SUSE Manager Web UI; find this method located in Book “Reference Manual”, Chapter 2 “Systems”, Section 2.6 “Bootstrapping [Salt]”.

Important: Deprecation Warning

The mgr-bootstrap --salt option will be deprecated as of SUSE Manager 3.1. To bootstrap a Salt minion call mgr-bootstrap from the command line as you would for a traditional system.

The following section assumes you have created a SUSE Manager tools repository. You can review creating a tools repository in Section 5.3, “Creating the SUSE Manager Tools Repository”.

Warning: Ensure the Salt Master is Reachable During Bootstrap

The Salt master and its proxy should always be reachable via both IP address and the FQDN. In the following rare scenario:

  • The Salt master (SUSE Manager) is in some DNS.

  • Your Minions are in a different subnet bound to an alternate DNS and the Salt master record is absent.

  • The Salt master cannot know that the minion is not utilizing the same DNS record. The the Salt master nevertheless sends the FQDN of itself to the minion expecting it to join.

  • The minion looks for a different DNS, one where the master record does not exist therefore bootstrap fails.

Once you have fully synced a base channel from the Web UI for clients to obtain software sources from, for example: SLES12-SP3-Pool_for_x86_64 perform the following procedure to register a Salt minion.

Procedure 5.6: Registering Salt Minions
  1. On your minion as root enter the following command:

    # zypper ar \

    Do not use HTTPS. Use HTTP instead to avoid errors.

  2. After adding the repository containing the necessary Salt packages execute:

    # zypper in salt-minion
  3. Modify the minion configuration file to point to the fully qualified domain name (FQDN) of the SUSE Manager server (master):

    # vi /etc/salt/minion

    Find and change the line:

    master: salt


  4. Restart the Salt minion with:

    # systemctl restart salt-minion

    or on non-systemd OS:

    # rcsalt-minion restart

Your newly registered minion should now show up within the Web UI under Salt › Onboarding. Accept its key to begin management.

6 Getting Started with Salt

6.1 Introduction

This chapter provides an introduction to using the new Salt features added in SUSE Manager 3. This chapter assumes you have completed all former sections within the Getting Started Guide. You should have a running SUSE Manager server and at least one on-boarded Salt minion to complete the sections of this chapter. If you find yourself stuck at any point refer to the SaltStack Get Started tutorial located at

Tip: Use More than One Minion

Connecting two or more minions during your testing is considered best practice. This will allow you to target individual minions using Salt and experiment with the power of its targeting features.

This guide does not attempt to cover all that Salt has to offer. This guide is a primer for using Salt with SUSE Manager. For comprehensive Salt documentation, see

The current version of Salt in SUSE Manager is 2018.3.0

6.2 Understanding Salt Calls

Salt Calls

Salt calls are defined by three main properties:

# salt 'target' function [arguments]

Use the second property in a Salt call to define a target machine. Specify the minion or group of minions you would like to run a function on.

General Targeting

List available grains on all minions:

# salt '*'

Ping a specific minion:

# salt ''
Glob Targeting

Ping all minions using a domain:

# salt '*'

Display the OS name of all minions with the label webserver:

# salt 'webserver*' grains.item oscodename
List Targeting
# salt -L ','
Regular Expression Targeting

You may use PCRE-compliant regular expressions:

# salt -E '(?!web)'
IP Address Targeting

List minion IP addresses:

# salt '*' network.ip_addrs

Ping a specific minion IP address:

# salt -S ''

Ping all minions on a subnet:

# salt -S
Tip: Lookup a Subnet Using the ip Command

You can use the ip command to find the subnet mask in the format of

# ip -o -f inet addr show | awk '/scope global/ {print $4}'

Once you have specified a target, provide the function you would like to call. Functions also accept arguments. These are space-delimited. For example:

salt '*' 'echo "Hello: $FIRST_NAME"' env='{FIRST_NAME: "John"}'
Locating Additional Minion Functions

Find more functions which can be called on minions by running:

salt '*' sys.doc

A full list of callable functions are located here:


Provides the extra data needed by a function you are calling. The command pkg.install requires an argument specifying a package to install. YaST has been selected for installation. For example:

# salt '*' pkg.install yast2

6.3 Common Salt Terminology


Grains provide information about the hardware of a minion. For example, the operating system, IP addresses, network interfaces, memory, etc. When running a Salt command from keep in mind any modules and functions called are run locally from the system being called. Salt modules are stored on minions and master within the following directory:


List all available grains with the function:

# salt '*'

List collected grain system data by using the grains.items function:

# salt '*' grains.items

For more information on grains, see


States are templates which place systems into a known configuration, for example which applications and services are installed and running on those systems. States are a way for you to describe what each of your systems should look like. Once written, states are applied to target systems automating the process of managing and maintaining a large numbers of systems into a known state. For more information on states, see


Pillars unlike grains are created on the master. Pillar files contain information about a minion or group of minions. Pillars allow you to send confidential information to a targeted minion or group of minions. Pillars are useful for sensitive data, configuration of minions, variables, and any arbitrary data which should be defined. For more information on pillars, see


Beacons allow an admin to use the event system in Salt to monitor non-Salt processes. Minions may use beacons to hook into many types of system proceses for constant monitoring. Once a targeted monitored activity occurs an event is sent on the Salt event bus that may be used to trigger a reactor.

Important: Enabling Beacons

To work with beacons on Salt minions the package python-pyinotify must be installed for SUSE systems. For RES systems install python-inotify. This package is not installed automatically during the salt minion package installation.

Note: Peer Communication with salt-broker

The salt-broker acts like a switch and not like a hub, therefore Peer communication will only work for minions behind the same broker/Proxy. For more information on Salt and peer communication see:

6.4 Useful Salt Commands

The following list provides several useful Salt commands.


Print a list of all minions that are up:

# salt-run manage.up

Print a list of all minions that are down:

# salt-run manage.down

Print a list with the current status of all Salt minions:

# salt-run manage.status

Check the version of Salt running on the master and active minions:

# salt-run manage.versions

Copy a file to a minion or set of minions.

# salt-cp '*' foo.conf /root

For more information, see

salt-key -l

List public keys:

# salt-key -l
salt-key -A

Accept all pending keys:

# salt-key -A

6.5 Salt File Locations and Structure

The following screen describes Salt file structures and their locations used by the SUSE Manager server. These files are listed in /etc/salt/master.d/susemanager.conf:

# Configure different file roots

    - /usr/share/susemanager/salt    #Should not be touched by a user
    - /srv/susemanager/salt          #Should not be touched by a user
    - /srv/salt                      #Your custom states go here

# Configure different pillar roots

    - /usr/share/susemanager/pillar  #Should not be touched by a user
    - /srv/pillar                    #Custom pillars go here

# Extension modules path

extension_modules: /usr/share/susemanager/modules

# Master top configuration

  mgr_master_tops: True

The following tips should be kept in mind when working with /etc/salt/master.d/susemanager.conf.

  • Files listed are searched in the order they appear.

  • The first file found is called.

6.5.1 file_roots

SUSE Manager as the Salt master reads its state data from three specific file root directories.


This directory is created by SUSE Manager and its content generated by the /usr/share/susemanager/modules/tops/ python module:

It is shipped and updated together with SUSE Manager and includes certificate setup and common state logic that will be applied to packages and channels.

Warning: Non-editable Directory

You should not edit or add custom Salt data to this directory.


This directory is created by SUSE Manager and contains assigned channels and packages for minions, groups, and organizations. These files will be overwritten and regenerated. A good analogy for this directory would be the SUSE Manager database translated into Salt directives.

Warning: Non-editable Directory

You should not edit or add custom Salt data to this directory.


The directory /srv/salt is for your custom state data, salt modules etc. SUSE Manager does not touch or do anything with this directory. However the state data placed here affects the Highstate of minions and is merged with the result generated by SUSE Manager.

Tip: Editable Directory

Place your custom Salt data here.

6.5.2 pillar_roots

SUSE Manager as the Salt master reads its pillar data from two specific pillar root directories.


This directory is generated by SUSE Manager. It is shipped and updated together with SUSE Manager.

Warning: Non-editable Directory

You should not edit or add custom Salt data to this directory.


SUSE Manager by default does not touch or do anything with this directory. However the custom pillar data placed here is merged with the pillar result created by SUSE Manager.

Tip: Editable Directory

Place your custom Salt pillar data here.

6.6 Install the SUSE Manager Locale Formula

The following section provides guidance on installing and using SUSE provided Salt formulas.

Procedure 6.1: Installing the Locale Formula
  1. Install the locale formula with:

    zypper install locale-formula

    This installs the package contents to /usr/share/susemanager/formulas/{metadata,states}

  2. After installing the RPM, log in to the SUSE Manager Web UI.

  3. Browse to the System Details page of any minion you would like to apply the formula to.

  4. On the System Details page of the minion you will see a new Formulas tab. Select it to view a list of installed formulas.

  5. In the Formulas listing select Locale and click Save.

  6. A new tab will appear next to the Formula subtab. Select the new Locale tab.

  7. The Locale tab contains options for setting the language, keyboard layout, timezone, and whether hardware clock is set to UTC. Select the desired options and click Save.

  8. Run the following command to verify pillar settings. The output has been truncated.

    salt '$your_minion' pillar.items
               English (US)
               English (US)
       org_id:alt '$your_minion_here'
  9. Apply this state to your minion by applying the highstate from the command line with:

    salt '$your_minion' state.highstate

    You can also apply the highstate from the previous formula tab from the SUSE Manager Web UI by clicking Apply Highstate.

Print this page