• No results found

From Idea to Working Deployment:

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "From Idea to Working Deployment:"

Copied!
62
0
0

Loading.... (view fulltext now)

Download now ( 62 Page )

Full text

(1)

From Idea to

Working Deployment:

A Practical Guide for Deploying SUSE

®

Manager

Alessandro Renna

Sales Engineer [email protected]

Christophe Le Dorze

Sales Engineer [email protected]

(2)

Agenda

SUSE Manager overview

Requirements

Setup Process

Post-installation Tasks

Initial Configuration

Client Registration

Backup

(3)

SUSE

®

Manager

(4)

• Reduce complexity with automation • Control, standardize and optimize

converged, virtualized and cloud data centers

• Reduce risk and avoidable downtime through better change control, discovery and compliance tracking

SUSE Manager

Automated Linux systems management

that enables you to comprehensively

manage SUSE Linux Enterprise and Red Hat Enterprise Linux systems with a

single, centralized solution across

(5)

5

Optimize

Control

Innovate

SUSE® Manager

(6)

SUSE® Manager

Operational Benefits

Transparency

‒ See what is installed on your servers ‒ Compare servers to servers/profiles

Organizational

‒ Divide and manage sub-organizations

Provisioning

‒ Initial deployment directly into proven stage

Maintenance

‒ Central controlled package/patch management

Upgrade

‒ Automated Service Pack Migration ‒ Automated Major Release Upgrade

(7)

7

SUSE® Manager

Highlevel Architecture

SUSE Customer Center Update channels

Custom Chn

(8)

Management pack for System Center Operations Manager 2007/2012.

Provide SCOM user a single console to manage and update Windows & Linux servers in the datacenter

Up2date & YUM

RHEL update and patch repository

Lin ux ver Ser s SUSE Manager SUSE Customer Center < > < >

SUSE® Manager

(9)

9

SUSE® Manager

System Components

SUSE Manager Server

Python, Java, Tomcat, Apache Application Server

SUSE Manager Server

Python, Perl, Java, Tomcat, Apache Application Server

Jabber Instant Deployment Cobbler Bare Metal Provisioning API Scripting, Third-party Proxy Load Balancing, Branches

Oracle Database 10g or 11g PostgreSQL 9.1

(10)

Planning the Installation

Requirements

(11)

11

SUSE® Manager

Hardware Requirements

x86_64 server only

Supported virtual environments: KVM, Vmware, Hyper-v

Intel Pentium 4 or later or AMD Opteron or later

‒ 2GHz, 512K cache or equivalent

‒ Recommended: Intel or AMD multi-core processor, 2.4GHz

4 GB of memory

‒ Recommended for production use: 16 GB

20 GB of free disk space for base installation

‒ Additionally at least 25 GB for caching per distribution or channel

20 GB of storage for the database

Separate partition for storing backups

(12)

Disk Sizing Requirements

Example: SLES®11 SP2 with SP3 migration • Base system = 20 GB

• Database = 20 GB • Channels:

‒ SLES 11 SP1 Pool = 4 GB

‒ SLES 11 SP1 Updates = 20 GB ‒ SLES 11 SP2 Core = 4GB

‒ SLES 11 SP2 Updates = 20 GB ‒ SLES 11 SP3 Pool = 4 GB

‒ SLES 11 SP3 Updates = 20 GB

• + appropriate SUSE Manager Tools channels = 112 GB + <2 Service Packs (~25GB each) reserve> = ~175GB disk space

(13)

13

SUSE® Manager

Supported Client OS

SUSE

‒ SUSE Linux Enterprise Server 12

(x86-64, Power, System Z)

‒ SUSE Linux Enterprise Server 11 SP1 to SP3

(x86, x86-64, Itanium, Power, System Z)

‒ SUSE Linux Enterprise Server 10 SP3 to SP4

(x86, x86-64, Itanium, Power, System Z)

Novell

‒ Open Enterprise Server 11 SP1

Red Hat

‒ Red Hat Enterprise Linux 5 (x86, x86-64) ‒ Red Hat Enterprise Linux 6 (x86, x86-64) ‒ Red Hat Enterprise Linux 7 (x86_64)

(14)

SUSE® Manager

Other Important Requirements

Working DNS

‒ You need to have a working DNS environment. At least

maintained /etc/hosts on each involved server.

Full Qualified Domain Hostname

‒ SUSE Manager Server needs a FQDN to be able to create

self-signed root CA and common server certificate.

‒ linux.site is no option :-)

Hostname

‒ No special characters like underscore!

‒ Avoid uppercase letters (can cause jabberd to fail)

(15)

15

SUSE® Manager

Port Requirements

Inbound Connections

67 Open this port to configure SUSE Manager as a DHCP server for systems requesting IP addresses 69 Open this port to configure SUSE Manager as a PXE server and allow installation and re-installation of PXE-boot enabled systems 80 WebUI and client requests come in via either http or https

443 WebUI and client requests come in via either http or https 4545 Monitoring

5222 Connect clients with SUSE Manager for pushing actions to clients 5269 Connect proxies with SUSE Manager for pushing actions to proxies and clients via proxy Outbound Connections

80 Connecting to SUSE Customer Center 443 Connecting to SUSE Customer Center 4545 Monitoring

(16)

SUSE Customer Center Internet Firewall/ proxy Managed systems (Pull+RHNSD) SUSE Manager Managed systems (Pull+OSAD) Managed systems (Push) Managed systems (Push+SSH Tunel)

1 2 3 4

443 5222, 443 22 443 22

443

SUSE® Manager

(17)

17

SUSE® Manager

Topologies

SUSE Manager can be set up in multiple ways,

depending on a number of factors like the following:

‒ The total number of client systems to be served by SUSE

Manager

‒ The maximum number of clients expected to connect

concurrently to SUSE Manager

‒ The number of custom packages and channels to be served

by SUSE Manager

‒ The number of SUSE Manager servers used in the customer

(18)

SUSE® Manager

Topologies

Single SUSE Manager Topology SUSE Manager + SUSE Manager Proxy

(19)
(20)

Deployment of SUSE Manager

Prepare Your Subscriptions

1. Download SUSE Manager from https://download.suse.com

2. Take note of SUSE Manager reg code from Customer Center

(21)

21

SUSE® Manager

Setup Phases

1st Setup Phase

Setup operating system

Language, Keyboard, Root Password, License Agreement, Clock, Timezone, NTP, IP, Proxy, Product Registration

2nd Setup Phase

SUSE Manager Setup

Migration from Satellite/Spacewalk/SUSE Manager, Notification eMail, SSL Certificate, Database,

Admin Password, Mirror Credentials

Fueling with Packages

(22)

SUSE® Manager

Installation Best Practice

Do some

customizing

depending on your

environment before running second phase

‒ Install VMware Tools

‒ After registering and updating SUSE Manager (see below)

‒ Install additional agents (Backup/Monitoring/...)

Manually

restart

SUSE Manager

‒ spacewalk-service restart

Register your SUSE Manager and

update

the

(23)

23

Register SUSE Manager

check this box

(24)

Update SUSE Manager

1.

Log in as root user to the SUSE Manager server.

2.

Stop the Spacewalk service:

spacewalk-service

stop

3.

Apply the patch using either

zypper patch

or YaST

Online Update.

4.

Upgrade the database schema with

spacewalk-schema-upgrade

5.

Start the Spacewalk service:

spacewalk-service

(25)

25

SUSE Manager Setup Wizard

check this box

1.

Log in as root user to the SUSE Manager server.

(26)
(27)

27

SUSE® Manager

First Steps After Installation

Open SUSE Manager homepage

Create SUSE Manager Admin (first user)

Basic Configuration

‒ Admin → SUSE Manager Configuration

‒ Enable In-App HTTP Proxy for parent SU.Ma server, if any

‒ Do not use protocol prefix in this configuration ‒ Example: my.proxy.server:8080

‒ Review and Update Bootstrap Script

Create additional admin users

(28)

SUSE® Manager

Bootstrap Script Basics

Automates reconfiguration of clients

‒ Import custom GPG keys ‒ Install SSL certificates

‒ Register system to SUSE Manager ‒ Perform post-configuration activities

Master script saved as

/srv/www/htdocs/pub/bootstrap/bootstrap.

sh

‒ some manual configuration may still be required

(29)

29

SUSE® Manager

(30)

SUSE® Manager

Using Multiple Mirror Credentials

Required in case product entitlements are spread

out to multiple Customer Center sites

(31)

31

SUSE® Manager

(32)

SUSE® Manager

Things to Remember About Mirroring

The mirror process is scheduled within the database

and runs in background

spacewalk-repo-sync

Each software channel syncronization is logged

/var/log/rhn/reposync

Only one software channel syncronization at once

To manually start mirroring:

(33)

Perform the Initial Configuration

Organizations

System Groups

User Roles

(34)

SUSE® Manager

Organizations Basics

Single (flat) Organization vs. Multiple Child Organizations

‒ Reflects real org hierarchy into SUSE Manager ‒ Other scenarios

Software and System entitlements are added at the Base

Organization and then assigned to child Organizations

Administration of Child Organizations is delegate to other

users

It is recommended to define at least one new organization

(35)

35

Scenario 1: Multi-Department org

Sub-Organizations

• Org Admin manages entire org • System & group management • User creation & management • Content management:

‒ Sw channels, autoinstall prof ‒ Config channels, activation keys

(36)

Sub-Organizations

• Org Admin manages entire org • System & group management • User creation & management • Content management:

‒ Sw channels, autoinstall prof ‒ Config channels, activation keys ..

(37)

37

SUSE® Manager

System Groups

System group

A group of systems

Membership is based on

some common attribute

Create as many groups as

needed

Unions and intersections

Examples

‒ Hardware vendor ‒ Software stack:

LAMP, J2EE, DB, etc.

‒ Dev, Test, Prod, etc. ‒ Virtualization:

VMware, KVM, XEN, Hyper-V, etc.

‒ IT Service: Corporate Site,

(38)

SUSE® Manager

Role Based Access

SUSE Manager Administrator

Organization Administrator

Activation Key Administrator

Monitoring Administrator

Configuration Administrator

Channel Administrator

(39)

Configure Activation Keys

Register Clients to SUSE Manager

(40)

SUSE® Manager

Register Clients with a Key

Software Channels Software Packages Configuration Channels

Server Group B Activation

Key

Server

Server Group A

(41)

41

SUSE® Manager

(42)

SUSE® Manager

Activation Keys Best Practice

Channels to include

‒ suse-manager-tools

Packages to include

‒ osad (Pushing Tasks)

‒ Will install python-jabberpy and pyxml as dependency

‒ rhncfg-actions (Remote Command, Config Mgmt.)

‒ Will install rhncfg and rhncfg-client as dependency

(43)

43

SUSE® Manager

Registering Clients = Bootstrapping

Create bootstrap scripts on server

‒ /srv/www/htdocs/pub/bootstrap

Register from Client

‒ curl -Sks

https://server_hostname/pub/bootstrap/bootstrap-edited.sh | /bin/bash

Register from Server

‒ cat /srv/www/htdocs/pub/bootstrap/bootstrap-edited.sh | ssh

(44)

Monitoring

Executing probes

Gathering the output of these probes to store in the

SUSE Manager database

Monitoring of systems with SUSE Manager requires:

‒ Monitoring service to be enabled on the SUSE Manager server ‒ A monitoring agent to be installed and enabled on the clients

(rhnmd or sshd)

(45)
(46)

Important Directories

/rhnsat/

/etc/sysconfig/rhn/

/etc/rhn/

/etc/sudoers

/etc/tnsnames.ora

/srv/www/htdocs/pub/

/var/spacewalk/packages/1

/root/.gnupg/

/root/ssl-build/

/etc/dhcp.conf

/tftpboot/

/var/lib/cobbler/

/var/lib/rhn/kickstarts/

/srv/www/cobbler

/var/lib/nocpulse/

Recommendation: /var/spacewalk/

(47)

47

SUSE® Manager

Backing Up the Database

Oracle

‒ smdba backup-hot

‒ located in /opt/apps/oracle/flash_recovery_area/uppercase SID/

PostgreSQL

‒ smdba backup-hot --enable=on –backup-dir=/<dir>

Restore with:

smdba backup-restore force

(48)

Links

https://www.suse.com/products/suse-manager/

https://www.suse.com/documentation/suse_manager/

https://wiki.novell.com/index.php/SUSE_Manager

https://www.suse.com/support/kb/doc.php?id=7012610

https://www.suse.com/support/update/

https://download.suse.com/patch/finder/

http://support.novell.com/security/cve/index.html

http://cve.mitre.org/

(49)

Thank you.

49

(50)
(51)
(52)

SUSE® Manager

Software Channel Rules

Base/Parent Channels

‒ Each client system will be assigned to one parent channel ‒ Base/Parent channels represent main installation media

Child Channels

‒ A parent channel can have multiple child channels ‒ A child channel is assigned to one parent channel

‒ Child channels typically contains additional third-party

packages, own packages and updates

Repositories

(53)
(54)

Concepts

Software package

‒ Pre-packaged software, incl:

‒ Executables ‒ Configuration

‒ Scripts (install, remove etc.) ‒ Data

‒ Vendor

‒ Dependencies

‒ Vendor support level

Patch

‒ Relates to:

‒ Functional defect ‒ Vulnerability

‒ Urgency categories:

Security, Bug fix, Enhancement

‒ Contains references to:

‒ Bugzilla issue ‒ CVE number

‒ 1:many relationship to

(55)
(56)

Patch Staging Support

Vendor Software Channel

As is from vendor – no changes

Development

Frozen vendor channel – changes possible

Testing

Frozen development channel – changes possible

Production

(57)

Clone Channels

Custom Channels

(58)

Clone Channels

Are custom channels

Used to provide software at a certain stage

‒ Avoid sync

‒ Development > Testing > Production cycle

Do not space for repositories

Can be cloned in 3 ways:

‒ Current state of the channel ‒ Original state of the channel ‒ Select patches

(59)

59

Locked Channels

spacewalk-clone-by-date

Included in spacewalk-utils.rpm

Create clones of software channels based on a point

in time

Clones all the patches up to a given date

Runs a dependency resolution routine to add in any

(60)

Patch Lifecycle Management

Spacewalk-manage-channel-lifecycle

Included in spacewalk-utils.rpm

Create dev, test and prod cloned channels by default

Once the patches have been validated in the dev

environment, you can promote these patches into the

prod env with

--promote

(61)
(62)

Unpublished Work of SUSE LLC. All Rights Reserved.

This work is an unpublished work and contains confidential, proprietary and trade secret information of SUSE LLC. Access to this work is restricted to SUSE employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of SUSE.

Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General Disclaimer

This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for SUSE products remains at the sole

discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

References

Download now ( PDF - 62 Page - 1.86 MB )

Related documents

SUSE Manager in the Public Cloud. SUSE Manager Server in the Public Cloud

After the instance is launched and the external storage is attached and prepared ac- cording to Using Separate Storage Volume begin with the setup of SUSE Manager.. The steps

SUSE Customer Center Roadmap

Split the subscription display per Server, Extensions, SUSE Manager

How to Configure a SharePoint Server 2010 Farm

The database server remains an important aspect of a SharePoint 2010 farm; it is used to store SharePoint configuration details, to host user data and farm content, and to

To configure a Virtual SIP Server

In the displayed window browse for the folder you extracted the Virtual machine archive to, then select the Elastix 2.0.3 x86 (example).vmx file and click Open .... In case a warning

Sophos Anti-Virus for Mac OS X network startup guide. For networked Macs running Mac OS X

■ Create the central installation on the Mac server, or a Mac workstation that has access to the server, and install Sophos Update Manager to enable you to configure it.. ■

Front Cover NEC. Setup Guide. Document Rev.1.01

-- When you configure the IP address assigned by the DHCP, NEC ESMPRO Manager PXE Service configures the BMC to obtain the IP address by the DHCP if the managed server has

Lab Configuring LEAP/EAP using Local RADIUS Authentication

Complete the following steps to configure the Backup RADIUS Server from the SECURITY&gt;Server Manager Page:.. Enter the IP address of the Local RADIUS server in the Server

Novell Identity Manager Resource Kit

This guide describes how to configure your SUSE ® Linux Enterprise Server 10 SP2 environment for the Novell ® Identity Manager Resource Kit.. The guide contains the