SUSE Manager 3.2 › Advanced Topics › SUSE Manager in the Public Cloud
ContentsContents
Advanced Topics
  1. About This Guide
  2. 1 SUSE Manager on IBM z Systems
  3. 2 SUSE Manager 3.2 Proxy
  4. 3 Security
  5. 4 SUSE Manager in the Public Cloud
  6. 5 Optimization and Scalability
  7. 6 Salt SSH Integration
  8. 7 Monitoring with Icinga
  9. 8 Image Building and Management
  10. 9 Kubernetes Integration Guide
  11. 10 Cobbler
  12. 11 Virtualization
  13. 12 Inventorying vCenter/vSphere ESXi Hosts with SUSE Manager
  14. 13 SUSE Manager Command Line Tools
  15. 14 spacecmd Reference
  16. A Ports
  17. B Minimalist AutoYaST Profile for Automated Installations and Useful Enhancements
  18. C GNU Licenses
  19. 15 GNU Free Documentation License
Navigation
SUSE Manager 3.2 › Advanced Topics › SUSE Manager in the Public Cloud
Top

4 SUSE Manager in the Public Cloud

SUSE Manager Server and SUSE Manager Proxy in the Public Cloud

Abstract

SUSE Manager delivers best-in-class Linux server management capabilities. For detailed information about the product please refer to the SUSE Manager documentation.

The SUSE Manager Server and SUSE Manager Proxy images published by SUSE in selected Public Cloud environments are provided as Bring Your Own Subscription (BYOS) images. SUSE Manager Server instances need to be registered with the SUSE Customer Center (SCC). Subscriptions of SUSE Manager Proxy instances are handled through their parent SUSE Manager Server. After an instance is launched, SUSE Manager needs to be set up and configured following the procedure in the SUSE Manager documentation.

4.1 Instance Requirements
4.2 Setup
4.2.1 Using Separate Storage Volume
4.3 Registration of Cloned Systems

4.1 Instance Requirements

Select an instance size that meets the system requirements as documented in the SUSE Manager documentation.

  • Minimal main memory: >12G

  • The SUSE Manager setup procedure performs a Forward-confirmed reverse DNS lookup. This must succeed in order for the setup procedure to complete successfully and for SUSE Manager to operate as expected. Therefore it is important that the hostname and IP configuration be performed prior to running the SUSE Manager setup procedure.

  • SUSE Manager Server and SUSE Manager Proxy instances are expected to run in a network configuration that provides you control over DNS entries and that is shielded from the Internet at large. Within this network configuration DNS (Domain Name Service) resolution must be provided, such that hostname -f returns the FQDN (Full Qualified Domain Name). The DNS resolution is not only important for the SUSE Manager Server procedure but is also important when clients are configured to be managed via SUSE Manager . Configuring DNS is Cloud Framework dependent, please refer to the cloud service provider documentation for detailed instructions.

  • Minimal free disk space for SUSE Manager 15G.

    For Public Cloud instances we recommend that the repositories and the SUSE Manager Server database, and respectively the SUSE Manager Proxy squid cache, be located on an external virtual disk. The details for this setup are provided in Section 4.2.1, “Using Separate Storage Volume”.

    Storing the database and the repositories on an external virtual disk ensures that the data is not lost should the instance need to be terminated for some reason.

Please ensure that the selected instance type matches the requirements listed above. Although we recommend that the database and the repositories are stored on a separate device it is still recommended to set the root volume size of the instance to 20G.

4.2 Setup

  1. Run an instance of the SUSE Manager Server or SUSE Manager Proxy image as published by SUSE.

    The images are identifiable by the suse, manager, server or proxy, and byos keywords in each public cloud environment.

    The SUSE Manager instance must run in a network access restricted environment such as the private subnet of a VPC or with an appropriate firewall setting such that it can only be accessed by machines in the IP ranges you use. A generally accessible SUSE Manager instance violates the terms of the SUSE Manager EULA. Access to the web interface of SUSE Manager requires https.

  2. Setup the hostname as follows:

    SUSE Manager requires a stable and reliable hostname and does not take kindly to hostname changes. All commands provided need to be executed as the root user. .. Disable hostname setup in the dhcp configuration file: /etc/sysconfig/network/dhcp

    +

    DHCLIENT_SET_HOSTNAME="no"

    1. Set the hostname to a name of your choice. Please note it is important to provide the system name and not the fully qualified hostname to the hostnamectl command.

      It is expected that the Fully Qualified Domain Name (FQDN) is set by the cloud framework; for example if cloud_instance.cloud.net is the fully qualified name than cloud_instance is the system name and cloud.net is the domain name.

      In the following example we will change the system name to suma

      $ hostnamectl set-hostname suma

      The fully qualified hostname is now locally set to suma.cloud.net. Once the hostname is set locally a DNS entry needs to be created in your network environment such that domain name resolution works properly.

      Alternatively to force proper resolution of the name on the SUSE Manager system you may alter the /etc/hosts file as follows:

      $ echo "${local_address} suma.cloud.net suma" >> /etc/hosts

      The current value for the local_address, can be obtained from the public cloud Web console or from within a terminal session as follows: * Obtain local ip address from within Amazon EC2 instance

      +

      $ ec2metadata --local-ipv4

      • Obtain local ip address from within Google Compute Engine instance

        $ gcemetadata --query instance --network-interfaces --ip

      • Obtain local ip address from within Microsoft Azure instance

        $ azuremetadata --internal-ip

    Note that forcing the DNS resolution to work via modification of the /etc/hosts file will allow the yast2 susemanagersetup procedure to work. However, if DNS resolution is not properly configured this also implies that any client that is to be managed via this SUSE Manager instance must also receive the same modification to /etc/hosts .

    + One more aspect of hostname resolution is the /etc/resolv.conf file. Depending on the order of your setup, i.e. if you started the SUSE Manager instance prior to setting up DNS services the file may not contain the appropriate search directive. Double check that the proper search directive exists in /etc/resolv.conf . In our example the directive would be search cloud.net. If the directive is missing add it to the file.

    + Reference information for the DNS record update is provided below.

    1. For an update of the DNS records for the instance within the DNS service of your network environment, refer to the cloud service provider documentation for detailed instructions:

  3. Configure SUSE Manager

    • If you run a SUSE Manager Server instance run YaST as shown below after the instance is launched, the external storage is attached and prepared according to Section 4.2.1, “Using Separate Storage Volume”, and the DNS resolution is set up as described earlier.

      $ /sbin/yast2 susemanagersetup

      Note that the setup of SUSE Manager from this point forward does not differ from the documentation in the SUSE Manager Guide.

      The SUSE Manager setup procedure in YaST is designed as a one pass process with no rollback or cleanup capability. Therefore, if the setup procedure is interrupted or ends with an error, it is not recommended to attempt a recovery as a reapate of the setup process or attempts to manually "fix" the configuration are most likely to fail and result in a broken SUSE Manager installation. In case of any errors we recommend to start a new instance in order to run a fresh setup procedure on a clean system.

      If you are prompted with a message that there is not enough space available for the setup of SUSE Manager verify that your root volume is at least 20GB and double check that the instructions in Section 4.2.1, “Using Separate Storage Volume” had the desired effects.

      SUSE Manager Server for the Public Cloud comes with a bootstrap data module pre-installed that contains optimized package lists for bootstrapping instances started from SUSE Linux Enterprise images published by SUSE. If you intend to register such an instance, make sure when creating the bootstrap repository you run the mgr-create-bootstrap-repo script as follows:

      $ mgr-create-bootstrap-repo --datamodule=mgr_pubcloud_bootstrap_data -c SLE-12-SP1-x86_64

      The above example creates a bootstrap repository suitable for SUSE Linux Enterprise Server 12 SP1 instances. See Creating the SUSE Manger Tools Repository for more information on bootstrapping.

      Prior to registering instances started from on demand images remove the following packages from the instance to be registered: …​ cloud-regionsrv-client …​ For Amazon EC2

      + regionServiceClientConfigEC2

      + regionServiceCertsEC2

      1. For Google Compute Engine

        cloud-regionsrv-client-plugin-gce

        regionServiceClientConfigGCE

        regionServiceCertsGCE

      2. For Microsoft Azure

        regionServiceClientConfigAzure

        regionServiceCertsAzure

    If these packages are not removed it is possible to create interference between the repositories provided by SUSE Manager and the repositories provided by the SUSE operated update infrastructure.

    + Additionally remove the line from the /etc/hosts file that contains the susecloud.net reference.

    • If you run a SUSE Manager Proxy instance

      Launch the instance, optionally with external storage configured. If you use external storage (recommended), prepare it according to Section 4.2.1, “Using Separate Storage Volume”. It is recommended but not required to prepare the storage before configuring SUSE Manager proxy, as the suma-storage script will migrate any existing cached data to the external storage. After preparing the instance, register the system with the parent SUSE Manager, which could be a SUSE Manager Server or another SUSE Manager Proxy. See the SUSE Manager Proxy Setup guide for details. Once registered, run

      $ /usr/sbin/configure-proxy.sh

      to configure your SUSE Manager Proxy instance.

  4. After the completion of the configuration step, SUSE Manager should be functional and running. For SUSE Manager Server, the setup process created an administrator user with following user name:

    • User name: admin

      Table 4.1: Account credentials for admin user

      Amazon EC2

      Google Compute Engine

      Microsoft Azure

      Instance-ID

      Instance-ID

      Instance-Name-suma

      The current value for the Instance-ID or Instance-Name in case of the Azure Cloud, can be obtained from the public cloud Web console or from within a terminal session as follows: ** Obtain instance id from within Amazon EC2 instance

      +

      $ ec2metadata --instance-id

      • Obtain instance id from within Google Compute Engine instance

        $ gcemetadata --query instance --id

      • Obtain instance name from within Microsoft Azure instance

        $ azuremetadata --instance-name

    After logging in through the SUSE Manager Server Web UI, change the default password.

    + {susemgr} Proxy does not have administration Web interface itself. It can be managed through its parent SUSE Manager Server.

4.2.1 Using Separate Storage Volume

We recommend that the repositories and the database for SUSE Manager be stored on a virtual storage device. This best practice will avoid data loss in cases where the SUSE Manager instance may need to be terminated. These steps must be performed prior to running the YaST SUSE Manager setup procedure.

  1. Provision a disk device in the public cloud environment, refer to the cloud service provider documentation for detailed instructions. The size of the disk is dependent on the number of distributions and channels you intend to manage with SUSE Manager . For sizing information refer to SUSE Manager sizing examples. A rule of thumb is 25 GB per distribution per channel.

  2. Once attached the device appears as Unix device node in your instance. For the following command to work this device node name is required. In many cases the attached storage appears as /dev/sdb. In order to check which disk devices exists on your system, call the following command:

    $ hwinfo --disk | grep -E "Device File:"

  3. With the device name at hand the process of re-linking the directories in the filesystem SUSE Manager uses to store data is handled by the suma-storage script. In the following example we use /dev/sdb as the device name.

    $ /usr/bin/suma-storage /dev/sdb

    After the call all database and repository files used by SUSE Manager Server are moved to the newly created xfs based storage. In case your instance is a SUSE Manager Proxy, the script will move the Squid cache, which caches the software packages, to the newly created storage. The xfs partition is mounted below the path /manager_storage .

  4. Create an entry in /etc/fstab (optional)

    Different cloud frameworks treat the attachment of external storage devices differently at instance boot time. Please refer to the cloud environment documentation for guidance about the fstab entry.

    If your cloud framework recommends to add an fstab entry, add the following line to the /etc/fstab file.

    /dev/sdb1 /manager_storage xfs defaults 1 1

4.3 Registration of Cloned Systems

SUSE Manager treats systems (instances) with the same system ID as one. This implies that one instance will mask another if the instances have the same system ID. This situation occurs by launching multiple instances from the same image or when an image has been created from a running instance. Thus prior to registering a new instance complete step 5.1 or 5.2, depending on the distribution on the following wiki.

http://wiki.novell.com/index.php/SUSE_Manager/Register_Clones

Chapter 5 Optimization and ScalabilityChapter 3 Security
Print this page

© 2018 SUSE