Tech Blog.

Thoughts, stories, ideas.

Release and Patch Management with SUSE Manager 3

25. August 2016

The SUSE Manager 3 beta programme was started at the end of December 2015. We would like to take this opportunity to gain a basic understanding of what the next version will offer. To start, the most important change is the integration of [SaltStack] as a remote execution and configuration management framework.
We have selected the following use case for this blog post and drafted a brief description of how it would be implemented in practice.

Scenario

In order to be able to perform reasonable release and patch management in larger IT system environments, identical systems are often operated in different environments (phases or stages). When a new release or a patch becomes available, it is first installed on the development systems where various tests and, if necessary, adjustments are performed before it is rolled out to the production systems.

SUSE Manager provides a simple solution for this scenario. It allows for individual patches and packages to be passed from one environment to the next. It is also allows for synchronizing a complete state or snapshot of a defined point in time from one environment to the next.

Prerequisites

The configurations described assume that SUSE Manger 3 is installed and at least one client system with SLES11 or SLES12 is connected as Salt Minion.

Configuration

In order to perform the complete setup in the shell, the packages spacewalk-utils and spacecmd must be installed.

suma3:~ # zypper in -y spacewalk-utils spacecmd

We then display the existing software channels.

suma3:~ # spacewalk-manage-channel-lifecycle \
-u admin -p $PASSWORD -l

At this time, only one channel is displayed. The so-called vendor channel contains all packages and patches that can be downloaded from SCC.
It is thus a mirror of the latest SUSE packages.

We now create the four environments (phases).

suma3:~ # spacewalk-manage-channel-lifecycle \
-u admin -p $PASSWORD \
--channel sles12-sp1-pool-x86_64 --init \
-P devl,test,inte,prod
suma3:~ # for PHASE in devl test inte prod ; do
> spacewalk-manage-channel-lifecycle \
> -u admin -p $PASSWORD \
> --channel $PHASE-sles12-sp1-pool-x86_64 \
> --promote -P devl,test,inte,prod
> done

If the environments (phases) are not explicitly specified with -P, the default (dev, test, prod) is used. If we display the channel tree again with the above command, the five base channels are displayed. The vendor channel and the four environment channels created (devl, test, inte, prod).

In order to be able to test the configuration, we assign a SUSE Manager Client System to an environment, in our example, the test environment.

suma3:~ # spacecmd -u admin -p $PASSWORD -y \
system_setbasechannel suma3-client1.example \
test-sles12-sp1-pool-x86_64

On the client system, we can use the following command to verify if the assignment was successful.

suma3-client1:~ # zypper lr

Only repositories of the assigned environment will be displayed.

Via the WebUI or the CLI, it is now possible to import individual packages or patches into an environment or to synchronize one environment with another.

Behind the Scenes

Once a client system has been assigned to a base channel, a file with the corresponding repositories is created on the SUSE Manager, which runs as Salt Master.

suma3:~ # cd /srv/susemanager/salt/channels ; \
> cat channels.repo.044625baad3d49889f067f14d7cae86f
[susemanager:test-sles12-sp1-pool-x86_64]
name=test-sles12-sp1-pool-x86_64
enabled=1
autorefresh=1
baseurl=https://suma3.example/rhn/manager/download/test-sles12-sp1-pool-x86_64?eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0ODc4MzU1NDgsImlhdCI6MTQ1NjI5OTU0OCwibmJmIjoxNDU2Mjk5NDI4LCJvcmciOjEsImp0aSI6IlRrYldFQWUwaHZGdzNZUklQQk1aWmcifQ.cmGZyuMU_SJT_fHRmj9X0zP7vM1A2KwWgNRp6m4BDcI
[...]

The suffix of the file name corresponds to the Salt Minion ID of the respective client, in our case, the ID of suma3-client1.example.

SUSE Manager then executes the following command, which rewrites the file /etc/zypp/repos.d/susemanager:channels.repo on the target system suma3-client1.example, if there are deviations from the local version.


suma3:~ # salt 'suma3-client1.example' state.apply

Interaction Spacewalk / SaltStack

Spacewalk passes its commands to Salt Master via its Rest API. The client library used is that developed by SUSE salt-netapi-client.

Conclusion

This setup was easy to perform thanks to the configuration management of SaltStack. Compared to previous versions of SUSE Manager, which used rhns as a client stack, the configuration was a lot leaner and the repository resources were assigned to the clients more quickly.
The integration of SaltStack is an asset for SUSE Manager, offering considerable advantages not only in the described use case.