Release and Patch Management with SUSE Manager 3
The SUSE Manager 3 beta programme was started at the end of December 2015. We would like to take this opportunity to gain a basic understanding of what the next version will offer. To start, the most important change is the integration of [SaltStack] as a remote execution and configuration management framework.
We have selected the following use case for this blog post and drafted a brief description of how it would be implemented in practice.
In order to be able to perform reasonable release and patch management in larger IT system environments, identical systems are often operated in different environments (phases or stages). When a new release or a patch becomes available, it is first installed on the development systems where various tests and, if necessary, adjustments are performed before it is rolled out to the production systems.
SUSE Manager provides a simple solution for this scenario. It allows for individual patches and packages to be passed from one environment to the next. It is also allows for synchronizing a complete state or snapshot of a defined point in time from one environment to the next.
The configurations described assume that SUSE Manger 3 is installed and at least one client system with SLES11 or SLES12 is connected as Salt Minion.
In order to perform the complete setup in the shell, the packages
spacecmd must be installed.
suma3:~ # zypper in -y spacewalk-utils spacecmd
We then display the existing software channels.
suma3:~ # spacewalk-manage-channel-lifecycle \ -u admin -p $PASSWORD -l
At this time, only one channel is displayed. The so-called vendor channel contains all packages and patches that can be downloaded from SCC.
It is thus a mirror of the latest SUSE packages.
We now create the four environments (phases).
suma3:~ # spacewalk-manage-channel-lifecycle \ -u admin -p $PASSWORD \ --channel sles12-sp1-pool-x86_64 --init \ -P devl,test,inte,prod suma3:~ # for PHASE in devl test inte prod ; do > spacewalk-manage-channel-lifecycle \ > -u admin -p $PASSWORD \ > --channel $PHASE-sles12-sp1-pool-x86_64 \ > --promote -P devl,test,inte,prod > done
If the environments (phases) are not explicitly specified with
-P, the default (dev, test, prod) is used. If we display the channel tree again with the above command, the five base channels are displayed. The vendor channel and the four environment channels created (devl, test, inte, prod).
In order to be able to test the configuration, we assign a SUSE Manager Client System to an environment, in our example, the test environment.
suma3:~ # spacecmd -u admin -p $PASSWORD -y \ system_setbasechannel suma3-client1.example \ test-sles12-sp1-pool-x86_64
On the client system, we can use the following command to verify if the assignment was successful.
suma3-client1:~ # zypper lr
Only repositories of the assigned environment will be displayed.
Via the WebUI or the CLI, it is now possible to import individual packages or patches into an environment or to synchronize one environment with another.
Behind the Scenes
Once a client system has been assigned to a base channel, a file with the corresponding repositories is created on the SUSE Manager, which runs as Salt Master.
suma3:~ # cd /srv/susemanager/salt/channels ; \ > cat channels.repo.044625baad3d49889f067f14d7cae86f [susemanager:test-sles12-sp1-pool-x86_64] name=test-sles12-sp1-pool-x86_64 enabled=1 autorefresh=1 baseurl=https://suma3.example/rhn/manager/download/test-sles12-sp1-pool-x86_64?eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE0ODc4MzU1NDgsImlhdCI6MTQ1NjI5OTU0OCwibmJmIjoxNDU2Mjk5NDI4LCJvcmciOjEsImp0aSI6IlRrYldFQWUwaHZGdzNZUklQQk1aWmcifQ.cmGZyuMU_SJT_fHRmj9X0zP7vM1A2KwWgNRp6m4BDcI [...]
The suffix of the file name corresponds to the Salt Minion ID of the respective client, in our case, the ID of
SUSE Manager then executes the following command, which rewrites the file
/etc/zypp/repos.d/susemanager:channels.repo on the target system
suma3-client1.example, if there are deviations from the local version.
suma3:~ # salt 'suma3-client1.example' state.apply
Interaction Spacewalk / SaltStack
Spacewalk passes its commands to Salt Master via its Rest API. The client library used is that developed by SUSE salt-netapi-client.
This setup was easy to perform thanks to the configuration management of SaltStack. Compared to previous versions of SUSE Manager, which used
rhns as a client stack, the configuration was a lot leaner and the repository resources were assigned to the clients more quickly.
The integration of SaltStack is an asset for SUSE Manager, offering considerable advantages not only in the described use case.