managing linux in the cloud with suse manager

1

Managing Linux In The Cloud With SUSE® ManagerManage all your Linux instances in AWS, Azure and GCP (and inside your

own data center, too)

TUT-1089

Don Vosburg

Sales Engineer

dvosburg@suse.com

Niel Bornstein

Sales Engineer

nbornstein@suse.com

2

Why SUSE Manager in the Cloud?

• More workloads are moving to the cloud

• Need to schedule updates and security patches, just like on prem

• Security exposure can be even higher in the cloud, depending on how you

set things up

• SUSE Manager can run in the cloud and manage cloud workloads – in

fact, it can cross between on prem and different cloud providers

(Data transit charges may apply!)

• More than just SLES – RHEL, CentOS, and Ubuntu too!

3

What Can We Deliver?

• All the great things about SUSE Manager

• Shown today on Amazon AWS, Azure, and Google Cloud Platform

• IT infrastructure management across clouds

• Visibility and flexibility in content delivery to your managed instances

4

What’s Common Across Cloud Providers

• Web UI, command line, and REST APIs

• Marketplace SUSE Manager images – DON'T start with just SLES

• Cloning templates – need to reset machine-id

• Differences between BYOS and on-demand, for SUSE Manager Server,

Proxy and managed instances

• Need to set a static hostname

• Private,cloud-specific FQDNs cause issues

• Additional storage volume needs to be added

• /usr/bin/suma-storage script

• SUSE Manager setup scripting (YaST)

• We treat all managed systems as equal, for good or bad

5

On-Demand (Managed) Instances

You can manage on-demand/paygo/reserved instances with SUSE Manager!

You just have to...

• Remove the cloud region packages

• AWS example: 'zypper rm regionServiceClientConfigEC2'

• Remove the cloud SMT repos

• '.repo' files in /etc/zypp/repos.d

• '.service' files in /etc/zypp/services.d

• Use bootstrap script to onboard with SUSE Manager

• Specifics are here:

https://www.suse.com/c/suse-manager-3-0-arrives-public-cloud-long-last/

6

Default Organization Pre-Defined on Image

7

What’s Different: Amazon EC2

• Availability zones and visibility

• Network setup separated from

instance setup

• Storage options

• Sizing without visible pricing

• Native management tools

8

9

• Note the "memory-optimized" image choice (r5ad.large)

• Storage can help optimize the instance (NVMe, faster SSD)

10

Building a SUSE

Manager Server

(in Amazon EC2)

Demo

11

What’s Different: Microsoft Azure

• Sizing – Many choices, but pricing listed

• Networking setup

• Storage options – SSD and HDD in

combination

• Hyper-V

• Native management tools

12

Azure – Selecting image

13

Azure – Adding Storage

14

Azure – Networking Setup

15

Azure – Networking Setup

16

What’s Different: Google Cloud Platform

• Native management tools (Stackdriver)

• Opportunity for you to set precedents

17

18

19

20

SUSE Manager in the Cloud:Things to Watch Out For

• Sizing

• Adding the storage for postgresql – might need a postgresql reinstall

• Swapfile (vs partition) on cached disk

• Hostname/DNS – make sure it persists

• SUSEConnect and product registration – BYOS

• SSH connection for proxy configuration script

• Setting webUI password – satwho, satpasswd

21

Hybrid and Multi-Cloud

• Network traversal to/from cloud providers is expensive

• This can apply to populating channels in SUSE Manager as well as updating your

systems from SUSE Manager

• Network traversal across cloud regions can also be expensive

• For example, you might have systems in multiple regions but only one SUSE Manager

server

• ZeroMQ tuning and salt ports – settings we have usedping_interval: 2

auth_timeout: 10

auth_tries: 2

auth_safemode: False

random_reauth_delay: 10

tcp_keepalive: True

tcp_keepalive_idle: 60

22

SUSE Manager Communication

23

SUSE Manager Meets Monitoring

Self-monitoring of SUSE Manager Server and Proxy

• Easily enable monitoring of SUSE Manager Server

• Pre-installed Prometheus exporters can expose metrics about:

• Hardware

• Java virtual machines

• Apache and PostgreSQL

• SUSE Manager’s internals

• SUSE Manager Proxy can be monitored via squid exporter

24

SUSE Manager Meets Monitoring

Setup and automate Prometheus monitoring with SUSE Manager

• Packages provided via supported, official channels:

• Main packages (Prometheus, Grafana) from SUSE Manager channels

• Specific metrics exporters alongside the respective applications

• Enable exporters on managed clients using Salt Formulas

• Group systems to define data exporter templates

• Integration with Prometheus service discovery

25

Monitoring

Demo

26

Every platform has its k8s

SUSE AWS Azure GCP

Kubernetes

Implementation

CaaS Platform Elastic Kubernetes

Service (Amazon

EKS)

Azure Kubernetes

Service (AKS)

Google

Kubernetes Engine

(GKE)

Container Registry docker registry (registry-

tools package),

Portus

Elastic Container

Registry (Amazon

ECR)

Azure Container

Registry

Container Registry

27

Building

Container Images

Demo

28

Subscription Matching

In addition to the existing support for VMware and generic hypervisors,

subscription matching now has the ability to gather virtual instances from

Amazon EC2, Azure, and GCP.

• Requires installation of the virtual-host-gatherer-libcloud package.

• May lead to unexpected results due to the comingling of on-demand and BYOS instance

types.

• SUSE Manager team actively improving functionality

29

What Do You Want Next?

• Topology awareness (CPI)?

• Virtualization hosts/cloud-init awareness?

• "Bare metal" provisioning?

• Automating onboarding?

• ????

30

Resources

• SUSE Manager Documentation

https://documentation.suse.com/en-us/suma/4.0/

(search for 'public cloud')

• Blog – David Rocha

https://www.suse.com/communities/blog/setting-suse-manager-public-cloud/

• Monitoring

https://documentation.suse.com/external-tree/en-us/suma/4.0/suse-manager/administration/monitoring.html

• Subscription-matching

https://documentation.suse.com/external-tree/en-us/suma/4.0/suse-manager/client-configuration/vhm-aws.html

33

General Disclaimer

This document is not to be construed as a promise by any participating company to

develop, deliver, or market a product. It is not a commitment to deliver any material,

code, or functionality, and should not be relied upon in making purchasing

decisions. SUSE makes no representations or warranties with respect to the contents of

this document, and specifically disclaims any express or implied warranties of

merchantability or fitness for any particular purpose. The development, release, and

timing of features or functionality described for SUSE products remains at the sole

discretion of SUSE. Further, SUSE reserves the right to revise this document and to

make changes to its content, at any time, without obligation to notify any person or entity

of such revisions or changes. All SUSE marks referenced in this presentation are

trademarks or registered trademarks of SUSE, LLC, Inc. in the United States and other

countries. All third-party trademarks are the property of their respective owners.