Managing SUSE content

You can use the SCC Manager plug-in to manage content from SUSE on your orcharhino.

Running SUSE Linux Enterprise Server on managed hosts requires a subscription from SUSE. Ensure to provide valid licenses for all used SUSE products. Using insufficient, invalid, or otherwise inadequate licenses might violate your terms with SUSE.

We recommend using the SCC Manager plugin to import available products from SUSE to orcharhino. Navigate to Content > SUSE Subscriptions to see available and consumed SUSE subscriptions.

Preparing SUSE installation media

Use this procedure to extract the SUSE installation medium on your orcharhino Server to provision hosts in a disconnected environment. This example prepares the installation medium for SUSE Linux Enterprise Server 15 SP3.

Procedure
  1. Download the SLES 15 SP3 installation medium from suse.com/download/sles.

  2. Download the signature and checksum from suse.com.

  3. Transfer the .iso image, the signature, and the checksum from your local machine to orcharhino Server using scp:

    # scp SLE-15-SP3-Full-x86_64-GM-Media1.iso root@orcharhino.example.com:/tmp/
    # scp SLE-15-SP3-Full-x86_64-GM-Media1.iso.sha256 root@orcharhino.example.com:/tmp/
    # scp sles_15_sp3.signature root@orcharhino.example.com:/tmp/
  4. On your orcharhino Server, verify the integrity and authenticity of the .iso image using GPG public keys:

    # cd /tmp
    # gpg --verify sles_15_sp3.signature SLE-15-SP3-Full-x86_64-GM-Media1.iso.sha256
    # echo '2a6259fc849fef6ce6701b8505f64f89de0d2882857def1c9e4379d26e74fa56 SLE-15-SP3-Full-x86_64-GM-Media1.iso' | sha256sum --check
  5. Mount the .iso image:

    # mount SLE-15-SP3-Full-x86_64-GM-Media1.iso /mnt
  6. Copy the content of the mounted installation medium to the pub directory:

    # mkdir -p /var/www/html/pub/installation_media/sles/15sp3
    # cp -a /mnt/* /var/www/html/pub/installation_media/sles/15sp3/
  7. Unmount and delete the .iso image:

    # cd
    # umount /mnt
    # rm -f /tmp/SLE-15-SP3-Full-x86_64-GM-Media1.iso
    # rm -f /tmp/SLE-15-SP3-Full-x86_64-GM-Media1.iso.sha256
    # rm -f /tmp/sles_15_sp3.signature

You can use the path to the local installation media files when creating an installation medium, for example http://orcharhino.example.com/pub/installation_media/sles/15sp3/. For more information, see Adding Installation Media to orcharhino in Provisioning Hosts.

Creating a SUSE operating system

Use this procedure to create an installation medium and operating system entry for SLES 15 SP3. For more information, see:

Prerequisites
  • An extracted .iso image on orcharhino or an HTTP server that can be reached from hosts during their provisioning process. For more information, see Preparing SUSE Installation Media.

Procedure
  1. In the orcharhino management UI, navigate to Hosts > Provisioning Setup > Installation Media.

  2. Click Create Medium.

  3. Set a Name for the installation medium for SLES 15 SP3. Add local to the name because the path of the extracted .iso image points to your orcharhino.

  4. Set the Path of the extracted .iso image. The content of /var/www/html/pub/ is publicly available on http://orcharhino.example.com/pub/. If you extract the .iso image to /var/www/html/pub/installation_media/sles/15sp3/, the path is http://orcharhino.example.com/pub/installation_media/sles/15sp3/.

  5. Set the Operating System Family to SUSE for all SLES systems.

  6. Set a location and organization context for the installation media.

  7. On the Parameters tab, add the sle-module-basesystem-url parameter, select the string type, and enter the value http://orcharhino.example.com/pub/installation_media/sles/15sp3/. Note that the value depends on the path of the extracted .iso image.

    Add the or_client_repo_url parameter, select the string type, and enter the value http://orcharhino.example.com/pulp/repos/My_Organization/Library/custom/SLES_Client/SLES_Client_15SP3/.

    If you want to provision hosts through orcharhino Proxies, you have to use the sle-module-basesystem-path and or_client_repo_path parameters containing the Published At paths of your content on orcharhino Server. orcharhino Proxy will add the FQDN of your orcharhino Proxy to generate the URL based on the Content Source setting of your host.

    (SLES 12 only) Add the parameter additional_media, select the string type, and enter the value "".

  8. Click Submit to save the installation media entry for SLES 15 SP3.

  9. In the orcharhino management UI, navigate to Hosts > Provisioning Setup > Operating Systems.

  10. Click Create Operating System.

  11. Set the Name of the operating system. Choose a name as reported by Ansible, Puppet, or Salt as fact.

  12. Set the Major Version of SLES, for example 15.

  13. Set the Minor Version of SLES, for example 3 for SLES 15 SP3.

  14. Optional: Add an arbitrary Description.

  15. Set the Family to SUSE for all SLES systems.

  16. Set the Root Password Hash to SHA256 for SLES 15 SP3.

  17. Assign the Architectures to SLES 15 SP3.

  18. Click Submit to save the operating system entry.

  19. In the orcharhino management UI, navigate to Hosts > Templates > Partition Tables and click Create Partition Table. The partition tables are stored in the /usr/share/foreman/app/views/unattended/partition_tables_templates/ directory on your orcharhino Server.

    For more information, see Partition Tables in Provisioning Hosts.

  20. In the orcharhino management UI, navigate to Hosts > Templates > Provisioning Templates and click Create Template. The provisioning templates are stored in the /usr/share/foreman/app/views/unattended/provisioning_templates/ directory on your orcharhino Server.

    For more information, see Provisioning Templates in Provisioning Hosts.

  21. In the orcharhino management UI, navigate to Hosts > Provisioning Setup > Operating Systems.

  22. Select the previously created operating system.

  23. On the Partition Table tab, select the previously created partition table.

  24. On the Templates tab, select the previously created provisioning template.

  25. Click Submit to save the operating system entry.

Installing the SCC Manager plug-in

Use this procedure to install the SCC Manager plug-in on your orcharhino.

Procedure
  • Install the SCC Manager plug-in on your orcharhino Server:

    # orcharhino-installer --enable-foreman-plugin-scc-manager

Adding an SCC account to orcharhino

Use the following procedure to add your SCC account to orcharhino. To use the CLI instead of the orcharhino management UI, see the CLI procedure.

Prerequisites
Procedure
  1. Optional: In the orcharhino management UI, navigate to Content > Content Credentials and click Create Content Credential.

    Add the GPG public key for SLES 15 SP3 from suse.com.

  2. In the orcharhino management UI, navigate to Content > SUSE Subscriptions.

  3. Click Add SCC Account.

  4. In the Name field, enter a name for your SCC account in orcharhino.

  5. In the Login and Password fields, enter your SUSE credentials.

  6. In the Base URL field, you can enter the base URL for the Suse Customer Center. By default, it is set to https://scc.suse.com.

  7. Optional: Set a Sync interval to periodically update the SCC authentication tokens. Note that this does not refer to synchronizing content to orcharhino.

  8. Optional: In the Use GPG key for SUSE products field, you can select the previously created content credential to automatically add a GPG public key to your SUSE products. zypper automatically verifies the signatures of each software package to ensure their authenticity.

    You can also set the GPG public key for repositories from SUSE at a later stage. However, changing it does not affect already synchronized products. If you already have synchronized products in orcharhino, navigate to Content > Products and replace the GPG key in each respective product.

  9. Optional: From the Download Policy list, select a download policy for your SUSE products. For more information, see Download Policies Overview.

  10. Optional: From the Mirroring Policy list, select a mirroring policy for your SUSE products. For more information, see Mirroring Policies Overview.

  11. Click Test connection to verify your account information. Note that you have to re-enter your password if you have already saved your SCC account to orcharhino.

  12. Click Submit to save your SCC account to orcharhino.

  13. In the orcharhino management UI, navigate to Content > SUSE Subscriptions, select your SCC account, and click Sync to fetch a list of products associated to your SCC account.

CLI procedure
  1. Optional: Import the public GPG key from SUSE into orcharhino.

    For more information, see Importing a GPG Key in Managing Content.

  2. Add your SCC account to orcharhino:

    # hammer scc_manager scc_accounts create \
    --base-url "https://scc.suse.com/" \
    --interval My_Interval \
    --katello-gpg-key-id My_GPG_Key_ID \
    --location-id My_Location_ID \
    --login "My_SCC_Account_Name" \
    --name "My_Account_Name" \
    --organization-id My_Organization_ID \
    --password "My_SCC_Account_Password" \
    --sync-date _My_Sync_Date
  3. Test your SCC account credentials:

    # hammer scc_manager scc_accounts test_connection \
    --id My_SCC_Account_ID

    Ensure the command returns Testing connection for SCC account succeeded.

  4. Synchronize the list of available SUSE products to orcharhino:

    # hammer scc_manager scc_accounts sync \
    --id My_SCC_Account_ID
  5. Check the status of the task:

    # hammer task info \
    --id My_Task_ID

    The synchronization is complete once the command returns State: stopped and Result: success.

Removing an SCC account from orcharhino

Use the following procedure to remove your SCC account from orcharhino. To use the CLI instead of the orcharhino management UI, see the CLI procedure.

If you want to switch SCC accounts and retain your synchronized content, do not delete your old SCC account, even if it is expired. Instead, change the login and password of your SCC account. If you delete your old SCC account, you cannot reuse existing repositories, products, content views, and composite content views. For more information, see Switching SCC Accounts.

Procedure
  1. In the orcharhino management UI, navigate to Content > SUSE Subscriptions.

  2. For your SCC account, click Delete in the Actions menu.

  3. Click Confirm to remove your SCC account from orcharhino.

CLI procedure
  • Remove your SCC account from orcharhino:

    # hammer scc_manager scc_accounts delete \
    --id My_SCC_Account_ID

Switching SCC accounts

You can switch your SCC account by changing the SCC credentials saved on orcharhino.

The SCC Manager plug-in does not support multiple SCC accounts.

If you want to switch your SCC account and retain the synchronized content, do not immediately delete your old SCC account, even if it is expired. If you delete your old SCC account, you cannot reuse existing repositories, products, content views, and composite content views.

Prerequisites
Procedure
  1. In the orcharhino management UI, navigate to Content > SUSE Subscriptions.

  2. Select your SCC account.

  3. Enter a new Login and Password.

  4. Click Submit to change your SCC account.

Your new SCC account reuses existing products and repositories from SUSE. Content that is no longer available for your new SCC account cannot be synchronized anymore.

Updating an SCC account

Use the following procedure to update your SCC account in orcharhino. To use the CLI instead of the orcharhino management UI, see the CLI procedure.

Procedure
  1. In the orcharhino management UI, navigate to Content > SUSE Subscriptions.

  2. Select your SCC account and update it as required.

    For more information, see Adding an SCC Account to Server.

  3. Click Submit to update your SCC account.

CLI procedure
  • Update your SCC account in orcharhino:

    # hammer scc_manager scc_accounts update \
    --id My_SCC_Account_ID \
    --password "My_SCC_Account_Password" \
    _My_Options

    For a list of options, run hammer scc_manager scc_accounts update --help.

Importing SUSE products

Use this procedure to import products from SUSE into orcharhino. To use the CLI instead of the orcharhino management UI, see the CLI procedure.

Prerequisites
Procedure
  1. In the orcharhino management UI, navigate to Content > SUSE Subscriptions.

  2. Click Select products on your previously synchronized SCC account.

  3. Use the Select Product, Select Version, and Select Architecture lists to filter all available SUSE products.

    Note that each filter depends on the previous selection.

  4. Click Search to apply the filter.

  5. Select all SUSE products you want to synchronize to orcharhino.

    You can select individual repositories from the Filter repositories list. By default, debug and source repositories are excluded.

  6. Click Add product(s) to create the selected SUSE products in orcharhino.

    Note that the SCC Manager plug-in can only add, but not remove products from orcharhino.

  7. Optional: Click on the task ID to follow the creation of the selected products in orcharhino.

CLI procedure
  1. List all available SUSE products:

    # hammer scc_manager scc_accounts scc_products list \
    --scc-account-id My_SCC_Account_ID
  2. View information about a SUSE product:

    # hammer scc_manager scc_accounts scc_products info \
    --id My_SUSE_Product_ID \
    --scc-account-id My_SCC_Account_ID
  3. Subscribe to a SUSE product:

    # hammer scc_manager scc_accounts scc_products subscribe \
    --id My_SUSE_Product_ID \
    --scc-account-id My_SCC_Account_ID
  4. Optional: Subscribe to multiple SUSE products:

    # hammer scc_manager scc_accounts bulk_subscribe \
    --id My_SUSE_Account_ID \
    --scc-subscribe-product-ids My_SUSE_Product_ID_1,My_SUSE_Product_ID_2,My_SUSE_Product_ID_3

Synchronizing SUSE content

Use this procedure to synchronize SUSE content to your orcharhino to deploy, register, and serve content to hosts.

Prerequisites
Procedure
  1. In the orcharhino management UI, navigate to Content > Products.

  2. Select the SUSE Linux Enterprise Server 15 SP3 x86_64 product and click Sync Now to synchronize the SUSE repositories for SLES 15 SP3 to orcharhino.

  3. In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.

  4. Create a content view called SLES 15 SP3 comprising the SLES repositories created in the SLES 15 SP3 product and a content view called SLES 15 SP3 orcharhino client comprising the orcharhino client repository created in the SLES 15 SP3 orcharhino client product.

    For more information, see Creating a Content View.

  5. Publish a new version of both content views.

    For more information, see Promoting a Content View.

  6. In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.

  7. Click Create Content View to create a composite content view called Composite SLES 15 SP3 comprising the previously published SLES 15 SP3 content view, the SLES 15 SP3 orcharhino client content view, and optionally further content views of your choice, for example a content view containing Puppet. For more information, see the ATIX Service Portal for the necessary upstream URL. For more information, see Creating a Composite Content View.

  8. Publish a new version and promote this version to the Lifecycle Environment of your choice.

  9. In the orcharhino management UI, navigate to Content > Lifecycle > Activation Keys.

  10. Click Create Activation Key to create an Activation Key called sles-15-sp3.

    For more information, see Creating an Activation Key.

  11. On the Details tab, select a Lifecycle Environment and composite content view.

  12. On the Subscriptions tab, select the necessary subscriptions, for example SLES 15 SP3, SLES 15 SP3 orcharhino client, and Puppet.

Installing KLP Patches

After you have enabled Kernel Live Patching, you can install KLP patches to update the Linux Kernel without rebooting your host.

Prerequisite
  • Kernel Live Patching is enabled on your host running SLES 15 SP5

Procedure
  1. Connect to your host running SLES 15 SP5:

    # ssh root@my-host.example.com
  2. Search for available Kernel live patches:

    # zypper search kernel-livepatch
  3. Install a KLP patch:

    # zypper install kernel-livepatch-5_3_18-59_5-default

Enabling Kernel Live Patching

You can enable Kernel Live Patching using KLP for hosts running SLES 15 SP5 to allow for Linux Kernel updates without reboots.

Prerequisites
  • Synchronized content for SLES 15 SP5

  • Access to the SUSE product SUSE Linux Enterprise Live Patching 15 SP5 x86_64

Procedure
  1. In the orcharhino management UI, navigate to Content > SUSE Subscriptions.

  2. Click Select products and select the SUSE Linux Enterprise Live Patching 15 SP5 x86_64 product.

  3. Navigate to Content > Products, select the previously added product, and click Sync Selected.

  4. Once synchronized, navigate to Content > Content Views and add the repositories of the SUSE Linux Enterprise Live Patching 15 SP5 x86_64 product to your SLES 15 SP5 content view.

  5. Navigate to Content > Content Views and select the SLES 15 SP5 content view. Publish a new version of the selected content view.

  6. Navigate to Content > Activation Keys and select the previously created sles-15-sp5 activation key. On the Subscriptions tab, select the repositories of the SUSE Linux Enterprise Live Patching 15 SP5 x86_64 product.

  7. Connect to your host running SLES 15 SP5:

    # ssh root@my-host.example.com
  8. Update the available content on your hosts:

    # subscription-manager refresh
  9. Install the required package:

    # zypper install kernel-livepatch-tools
  10. Reboot your host:

    # reboot now

The text and illustrations on this page are licensed by ATIX AG under a Creative Commons Attribution–Share Alike 3.0 Unported ("CC-BY-SA") license. This page also contains text from the official Foreman documentation which uses the same license ("CC-BY-SA").