Contents
Use the SUSE Manager Web interface to manage multiple SUSE Linux Enterprise and Red Hat Enterprise Linux systems simultaneously, including viewing alerts, applying updates, patches and security fixes, and installing software packages. This chapter seeks to identify all categories, pages, and tabs within the Web interface and to explain how to use them.
The top navigation bar is divided into tabs. SUSE Manager Administrators see Figure 3.1, “Top Navigation Bar—SUSE Manager” as the top navigation bar. Note that only SUSE Manager Administrators see the Monitoring and Admin tabs.
The left navigation bar is divided into pages. The links are context-sensitive . The Figure 3.2, “Left Navigation Bar—Users” is an example of the left navigation bar for the Users tab.
Some pages have subtabs. These tabs offer an additional layer of granularity in performing tasks for systems or users. Figure 3.3, “Subtabs—System Details” is a menu bar for all subtabs. This system has Management and Provisioning entitlements, but not Monitoring.
Keep in mind, since this guide covers all entitlement levels, some tabs, pages, and even whole categories described here may not be visible to you. For this reason, textual markers are used here to identify, which functions are available to each entitlement level.
Table 3.1. Entitlement Markers
Marker | Entitlement |
---|---|
[Mgmt] | Management or higher |
[Prov] | Provisioning |
[Mon] | Monitoring |
If no marker follows a category, page, or tab label within this chapter, the area described is available to all SUSE Manager users. If a marker does follow, the associated entitlement is needed. Remember that Provisioning inherits all of the functions of Management.
If a marker precedes a paragraph, only the specific portion of the page or tab discussed afterward requires the indicated entitlement level. When a page or tab is associated with a particular entitlement level, all of its tabs and subtabs require at least the same entitlement level but may need a higher entitlement. Regardless, each tab is identified separately.
This section summarizes all of the categories and primary pages (those linked from the top and left navigation bars) within the SUSE Manager Web interface. It does not list the many subpages, tabs and subtabs accessible from the left navigation bar and individual pages. Each area of the website is explained in detail later in this chapter:
Overview — View and manage your primary account information and obtain help.
Overview — Obtain a quick overview of your account. It notifies you if your systems need attention, provides a quick link to go directly to them, and displays the most recent patch alerts for your account.
Your Account — Update your personal profile and addresses.
Your Preferences — Indicate if you wish to receive email notifications about available patches for your systems, set how many items are displayed at one time for lists such as system lists and system group lists, set your time zone, and identify your contact options.
Subscription Management — Manage base and add-on system entitlements, such as Management, Provisioning, and Virtualization.
Organization Trusts — Display the trusts established with your organization.
Systems — Manage all of your systems (including virtual guest systems) here.
Overview — [Mgmt] — View a summary of your systems or system groups showing how many available patches each system has and which systems are entitled.
Systems — Select and view subsets of your systems by specific criteria, such as Virtual Systems, Unentitled, Recently Registered, Proxy, and Inactive.
System Groups — [Mgmt] — List your system groups. Create additional groups.
System Set Manager — [Mgmt] — Perform various actions on collective sets of systems, including scheduling patch updates, package management, listing and creating new groups, and managing channel entitlements.
Advanced Search — [Mgmt] — Quickly search all of your systems by specific criteria, such as name, hardware, devices, system info, networking, packages, and location.
Activation Keys — [Mgmt] — Generate an activation key for an SUSE Manager-entitled system. This activation key can be used to grant a specified level of entitlement or group membership to a newly registered system using the rhnreg_ks command.
Stored Profiles — [Prov] — View system profiles used to provision systems.
Custom System Info — [Prov] — Create and edit system information keys containing completely customizable values that can be assigned while provisioning systems.
Autoinstallation — [Prov] — Display and modify various aspects of autoinstallation profiles (Kickstart and AutoYaST) used in provisioning systems.
Patches — View and manage patch (errata) alerts here.
Patches — Lists patch (errata) slerts and download associated RPMs.
Advanced Search — Search patch (errata) alerts based on specific criteria, such as synopsis, advisory type, and package name.
Manage Patches — Manage the patches (errata) for an organization's channels.
Clone Patches — Clone patches (errata) for an organization for ease of replication and distribution across an organization.
Channels — View and manage the available SUSE Manager channels and the files they contain.
Software Channels — View a list of all software channels and those applicable to your systems.
Package Search — Search packages using all or some portion of the package name, description, or summary, with support for limiting searches to supported platforms.
Manage Software Channels — [Prov] — Create and edit channels used to deploy configuration files.
Configuration — Keep track of and manage configuration channels, actions, and individual configuration files.
Overview — A general dashboard view that shows a configuration summary.
Configuration Channels — List and create configuration channels from which any subscribed system can receive configuration files.
Configuration Files — List and create files from which systems receive configuration input.
Systems — List the systems that have SUSE Manager-managed configuration files.
Schedule — Keep track of your scheduled actions.
Pending Actions — List scheduled actions that have not been completed.
Failed Actions — List scheduled actions that have failed.
Completed Actions — List scheduled actions that have been completed. Completed actions can be archived at any time.
Archived Actions — List completed actions that have been selected to archive.
Users — [Prov] — View and manage users for your organization.
User List — [Prov] — List users for your organization.
Monitoring — [Mon] — Run probes and receive notifications regarding systems.
Status — [Mon] — View probes by state.
Scout Config Push — [Mon] — Display the status of your monitoring infrastructure.
Notification — [Mon] — View contact methods established for your organization.
Probe Suites — [Mon] — Manage your monitoring infrastructure using suites of monitoring probes that apply to one or more assigned systems.
Admin (visible only to SUSE Manager administrators) — List, create, and manage one or more SUSE Manager organizations, from which the SUSE Manager administrator can assign channel entitlements, create and assign administrators for each organization, and other tasks.
Organizations — List and create new organizations.
Subscriptions — List and manage the software and system entitlements for all organizations covered by SUSE Manager.
Users — List all users known by SUSE Manager, across all organizations. Click individual usernames to change administrative privileges for the user.
![]() | |
Users created for organization administration can only be configured by the organization administrator, not the SUSE Manager administrator. |
SUSE Manager Configuration — Make General configuration changes to the SUSE Manager server, including Proxy settings, Certificate configuration, Bootstrap Script configuration, Organization changes, and Restart the SUSE Manager server.
Show Tomcat Logs — Display the log entries of the Tomcat server, on which the SUSE Manager server is running.
Help — List references to available help resources.
Throughout SUSE Manager you will see three patch (errata) alert icons.
represents a security alert.
represents a bug fix alert.
represents an enhancement alert.
In the Overview page, click on the patch advisory to view details about the patch or click on the number of affected systems to see which are affected by the patch alert. Both links take you to tabs of the Patch Details page. Refer to Section 3.5.2.2, “Patch Details” for more information.
In addition to the Advanced Search functionality for Packages, Patches (Errata), Documentation, and Systems offered within some categories, SUSE Manager also offers a Quick Search tool near the the top of each page. To use it, select the search item (choose from Systems, Packages, Documentation, and Patches) and type a keyword to look for a name match. Click the button. Your results appear at the bottom of the page.
If you misspell a word during your search query, the SUSE Manager search engine institutes approximate string (or fuzzy string) matching, giving you results that may be similar in spelling to your misspelled queries.
For example, if you want to search for a certain development system
called test-1.example.com
that is registered with
SUSE Manager, but you misspell your query tset
,
the test-1.example.com
system still appears in the
search results.
![]() | |
If you add a distribution or register a system with a SUSE Manager server, it may take several minutes for it to be indexed and appear in search results. |
For advanced System searches, refer to Section 3.4.5, “Advanced Search — [Mgmt]”.
For advanced Patch or Errata searches, refer to Section 3.5.3, “Advanced Search”.
For advanced Package searches, refer to Section 3.6.2, “Package Search”.
For advanced Documentation searches, refer to Section 3.12.5, “Search”.
Also near the top of the page is a tool for keeping track of the systems you have selected for use in the System Set Manager. It identifies the number of selected systems at all times and provides the means to work with them. Clicking the
button deselects all systems, while clicking the button launches the System Set Manager with your selected systems in place.These systems can be selected in a number of ways. Only systems with at least a Management entitlement are eligible for selection. On all system and system group lists, a Select column exists for this purpose. Select the checkboxes next to the systems or groups and click the Section 3.4.4, “ for details. — [Mgmt]”
button below the column. Each time, the Systems Selected tool at the top of the page changes to reflect the new number of systems ready for use in the System Set Manager. Refer toThe information within most categories is presented as lists. These lists have some common features for navigation. For instance, you can navigate through virtually all lists by clicking the back and next arrows above and below the right side of the table. Some lists also offer the ability to retrieve items alphabetically by clicking the letters above the table.
![]() | Performing Large List Operations |
---|---|
Performing operations on large lists— such as removing RPM packages from the database with the SUSE Manager Web interface— may take some time and the system may become unresponsive or signal “Internal Server Error 500”. Nevertheless, the command will succeed in the background, if you wait long enough. |
Use a Web browser to navigate to http://novell.com/center to display the Novell Customer Center (NCC) login page. You need to log in and view your mirror credentials to see all your entitlements for your registered systems. If you have not registered a system yet or do not have a Novell account, create a new account by following the Create Account link. After creating a new user account, you must register a system before using SUSE Manager. On the Web page, click + to get your channels for your Novell products. For detailed information about the NCC, refer to the NCC guide available at http://www.novell.com/documentation/ncc.
After logging into the web interface of SUSE Manager, the first page to appear is Overview. This page contains important information about your systems, including summaries of system status, actions, and patch alerts.
![]() | |
If you are new to the SUSE Manager Web interface, read Section 3.1, “Navigation” to become familiar with the layout and symbols used throughout the interface. |
This page is broken into functional areas, with the most critical areas displayed first. Users can control which of the following areas are displayed by making selections on the Overview+Your Preferences page. Refer to Section 3.3.2, “Your Preferences” for more information.
The Tasks area lists the most common tasks that an administrator performs via the web. Click on any of the links to be taken to the page within SUSE Manager that allows you to accomplish that task.
To the right is the Inactive System listing. If any systems have not been checking in to SUSE Manager, they are listed here. Highlighting them in this way allows an administrator to quickly select those systems for troubleshooting.
[Mon] — Customers with monitoring enabled on their SUSE Manager can also choose to include a list of all probes in the Warning state.
[Mon] — Customers with monitoring enabled on their SUSE Manager can also choose to include a list of all probes in the Critical state.
The Critical Systems section lists the most critical systems within your organization. It provides a link to quickly view those systems, and displays a summary of the patch updates that have yet to be applied to those systems. Click on the name of the system to be taken to the System Details page of that system and apply the patch updates. Below the list is a link to the Out of Date systems page.
Next is the Recently Scheduled Actions section. Action that are less than thirty days old are considered recent. This section allows you to see all actions and their status: whether they have failed, completed, or are still pending. Click on the label of any given actions to view the details page for that action. Below the list is a link to the Pending Actions page, which lists all actions that have not yet been picked up by your client systems.
The Relevant Security Patches section lists the security patches that are available and have yet to be applied to some or all of your client systems. It is critical that you apply these security patches to keep your systems secure. Below this section are links to all patches and to those patches that apply to your systems.
The System Groups section lists the groups (if any) and indicates whether the systems in those groups are fully updated. Click on the link below this section to be taken to the System Groups page, from which you can chose System Groups to use with the System Set Manager.
The Recently Registered Systems lists the systems that have been added to the SUSE Manager in the past 30 days. Click the system's name to go the System Details page for that particular system.
You can return to this page by clicking Overview on the left navigation bar.
The Your Account page allows you to modify your personal information, such as name, password, and title. To modify any of this information, make the changes in the appropriate text fields and click the button in the bottom right-hand corner.
Remember, if you change your SUSE Manager password (the one used to log into SUSE Manager), you will not see your new one as you type it for security reasons. Replace the asterisks in the Password and Confirm Password text fields with your new password.
The Addresses page allows you to manage your mailing, billing and shipping addresses, as well as the associated phone numbers. Just click Edit this address below the address to be modified, make the changes, and click .
The email address listed in the Your Account page is the address to which SUSE Manager sends email notifications if you select to receive patch alerts or daily summaries for your systems on the Your Preferences page.
To change your preferred email address, click @localhost
are filtered and rejected.
The Account Deactivation page provides a means to cancel your SUSE Manager service. Click the button to deactivate your account. The Web interface returns you to the login screen. If you attempt to log back in, an error message advises you to contact the SUSE Manager administrator for your organization. Note that if you are the only SUSE Manager Administrator for your organization, you are unable to deactivate your account.
The Your Preferences page allows you to configure SUSE Manager options, including:
Email Notifications — Determine whether you want to receive email every time an patch alert is applicable to one or more systems in your account.
![]() | |
This setting also enables Management and Provisioning customers to receive a daily summary of system events. These include actions affecting packages, such as scheduled patches, system reboots, or failures to check in. In addition to selecting this checkbox, you must identify each system to be included in this summary email. (By default, all Management and Provisioning systems are included in the summary.) This can be done either individually through the System Details page or for multiple systems at once through the System Set Manager interface. Note that SUSE Manager sends these summaries only to verified email addresses. To disable all messages, simply deselect this checkbox. |
SUSE Manager List Page Size — Maximum number of items that appear in a list on a single page. If more items are in the list, clicking the Next button displays the next group of items. This preference applies to system lists, patch lists, package lists, and so on.
"Overview" Start Page — Select the information areas that are displayed on the Overview Start Page. Check the box to the left of the information area you would like to include.
After making changes to any of these options, click the
button in the bottom right-hand corner.The Overview+Locale Preferences page allows each user to tailor their SUSE Manager interface to the local time and their preferred language. Select the appropriate timezone from the Time Zone dropdown box, then click the button to apply the selection.
When the language preference is set to Use Browser Settings, SUSE Manager uses the language preference from the user's browser (such as Firefox) to determine which language to use for the web interface. When one of the listed languages is selected, the user sees the web interface in that language each time they log in, regardless of their browser's settings. Choosing a preferred language may be helpful for users traveling abroad. To select a default language, click the radio button to the left of the appropriate language and click the button to apply the change.
To use all of the features of SUSE Manager, your systems must be entitled — subscribed to Novell Customer Center. Use the System Entitlements page to configure which systems are entitled to which service offerings.
The Organization Trusts page displays the trusts established with your organization (that is, the organization with which you, the logged-in user, are associated). The page also lists Channels Shared: that is channels available to your organisation via others in the established trusts.
You can filter the list of trusts by keyword using the Filter by Organization text box and clicking .
For more information about organizational trusts, refer to Section 5.6, “Organizational Trusts”.
If you click the Systems tab on the top navigation bar, the Systems category and links appear. The pages in the Systems category allow you to select systems so that you can perform actions on them and create System Profiles.
The Overview page provides a summary of your systems, including their status, number of associated patches (errata) and packages, and entitlement level. Clicking on the name of a system takes you to its System Details page. Refer to Section 3.4.2.9, “System Details” for more information.
Clicking the View System Groups link at the top of the Overview page takes you to a similar summary of your system groups. It identifies group status and displays the number of systems contained. Clicking on the number of systems takes you to the Systems tab of the System Group Details page, while clicking on the system name takes you to the Details tab for that system. Refer to Section 3.4.3.3, “System Group Details — [Mgmt]” for more information.
You can also click the System Groups section of the Overview page to go directly to the System Set Manager. Refer to Section 3.4.4, “ for more information. — [Mgmt]”
button in theThe Systems page displays a list of all of your registered systems. The Systems list contains several columns of information for each system:
Select — Update or unentitled systems cannot be selected. To select systems, mark the appropriate checkboxes. Selected systems are added to the System Set Manager. After adding systems to the System Set Manager, you can use it to perform actions on them simultaneously. Refer to Section 3.4.4, “ for details. — [Mgmt]”
Status — Shows which type of patch alerts are applicable to the system or confirms that it is up-to-date. Some icons are linked to pages providing resolution. For instance, the standard Updates icon is linked to the Upgrade subtab of the packages list, while the Critical Updates icon links directly to the Update Confirmation page. Also, the Not Checking In icon is linked to instructions for resolving the issue.
— System is up-to-date
— Critical patch (errata) available, update
strongly recommended
— Updates available and recommended
— System is locked; Actions prohibited
— System is being deployed using AutoYaST or
Kickstart
— Updates have been scheduled
— System not checking in properly (for 24
hours or more)
— System not entitled to any update service
Patches — Total number of patch alerts applicable to the system.
Packages — Total number of package updates for the system. Includes packages from patch alerts as well as newer packages that are not from patch alerts. For example, imagine a client system that has an early version of a package installed. If this client is then subscribed to the appropriate base channel of SUSE Manager (such as SUSE Linux Enterprise11 SP1), that channel may have an updated version of the package. If so, the package appears in the list of available package updates.
![]() | |
If SUSE Manager identifies package updates for the system, yet the
package updater such as Red Hat Update
Agent or YaST responds with a message such as
"Your system is fully updated" when run, a conflict likely
exists in the system's package profile or in the
|
System — The name of the system as configured when registering it. The default name is the hostname of the system. Clicking on the name of a system takes you to the System Details page for the system. Refer to Section 3.4.2.9, “System Details” for more information.
Base Channel — The primary channel for the system, based upon its operating system distribution. Refer to Section 3.6.1, “Software Channels” for more information.
Entitlement — Whether or not the system is entitled and at what service level.
Links in the left navigation bar below
enable you to select and view predefined sets of your systems. All of the options described above can be applied within these pages.The All page contains the default set of your systems. It displays every system you have permission to manage. A user has permission to manage a system if he is the only user in his organization, if he is an SUSE Manager Administrator, or if the system is a member of a group to which he has admin rights.
To reach this page, select the Systems tab, followed by the Systems subtab from the left navigation bar, and finally select Virtual Systems from the left navigation bar. This page lists each virtual host of which SUSE Manager is aware and the guest systems on those hosts.
This column displays the name of each guest system.
This column indicates whether the guest systems have any patches (errata updates) that have not yet been applied to them.
This column indicates whether a guest is running, paused, or stopped.
This column indicates the base channel to which the guest is currently subscribed.
Only those guests that are registered with SUSE Manager are displayed in blue text. Clicking on the hostname of such a guest system displays that system's System Details page.
The Out of Date page displays the systems that have applicable patch alerts that have not been applied.
The Unentitled page displays the systems that have not yet been entitled for SUSE Manager service.
The Ungrouped page displays the systems that have not yet been assigned to a specific system group.
The Inactive page displays the systems that have not checked into SUSE Manager for 24 hours or more. When the Red Hat Update Agent on Red Hat Enterprise Linux or the YaST Online Update on SUSE Linux Enterprise client systems connect to SUSE Manager to see if there are any updates available or if any actions have been scheduled, this is considered a check-in. If you are seeing a message indicating check-ins are not taking place, the client system is not successfully reaching SUSE Manager for some reason. This indicates:
The system is not entitled to any SUSE Manager service. System Profiles that remain unentitled for 180 days (6 months) are removed.
The system is entitled, but the SUSE Manager Daemon
(rhnsd
) has been disabled on the system.
Refer to Chapter 2, SUSE Manager Daemon for instructions on
restarting and troubleshooting.
The system is behind a firewall that does not allow connections over
https
(port 443).
The system is behind an HTTP proxy server that has not been properly configured.
The system itself has not been properly configured, perhaps pointing at the wrong SUSE Manager Server.
The system is not on the network.
Some other barrier exists between the system and the SUSE Manager Server.
The Recently Registered page displays any new systems that have been registered in a given period of time. Use the drop-down menu to specify new systems registered in days, weeks, 30- and 180-day increments, and yearly.
The Duplicate Systems page lists current systems and any active and inactive entitlements associated with them. Active entitlements are in gray, while inactive entitlements are highlighted in yellow and their checkboxes checked by default for you to delete them as needed by clicking the button. (Entitlements are inactive, if the system has not checked into SUSE Manager in a time specified by the A system profile is inactive if its system has not checked in for: drop-down.)
You can filter duplicate entitlements by IP Address, Hostname, or MAC address by clicking on the respective subheader. You may filter further by typing in the system's hostname, IP address, or MAC address in the corresponding Filter by: text box.
To compare up to three duplicate entitlements at one time, click the Compare Systems link in the Last Checked In column. Inactive components of the systems are highlighted in yellow. You can then determine which systems are inactive or duplicate and delete them by clicking the button. Click the button that appears to confirm your choice.
Click the name of a system on any page and SUSE Manager displays the System Details page for that client. From here, you may modify the displayed information or remove the system altogether by clicking the delete system link on the top-right corner.
![]() | |
The delete system link in the upper right of this screen refers to the system profile only. Deleting a host system profile will not destroy or remove the registration of guest systems. Deleting a guest system profile does not remove it from the list of guests for its host, nor does it stop or pause the guest. It does, however, remove your ability to manage it via SUSE Manager. If you mistakenly delete a system profile from SUSE Manager, you may re-register the system using the bootstrap script (see Chapter Using Bootstrap (↑Client Configuration Guide)) or rhnreg_ks manuallly. |
The System Details page is further divided into the following tabs:
Details
Software
Configuration
Provisioning — [Prov]
Monitoring — [Mon]
Groups
Events
The following sections discuss these tabs and their subtabs in detail.
This page is not accessible from any of the standard navigation bars. However, clicking on the name of a system anywhere in the web interface brings you to this page. The default tab displayed on this page is the Details+Overview subtab. Other tabs are available, depending on the current entitlement level of the system.
This system summary page displays the system status message and the following key information about the system:
System Status
This message indicates the current state of your system in relation to SUSE Manager.
![]() | |
If updates are available for any entitled system, the message Critical updates available appears. To apply these updates, click the update now link. |
System Info
The hostname as defined by the client system.
The IP address of the client.
The kernel that is installed and operating on the client system.
A unique identifier generated each time a system registers with SUSE Manager.
![]() | |
The system ID can be used to eliminate duplicate profiles from
SUSE Manager. Compare the system ID listed on this page with the
information stored on the client system in the
|
Indicates whether a system has been locked.
Actions cannot be scheduled for locked systems through the Web interface until the lock is removed manually. This does not include preventing automated patch updates scheduled through the Web interface. To prevent the application of automated patch updates, de-select Auto Patch Update from the System Details+Details+Properties subtab. For more information, refer to Section 3.4.2.9.1.2, “. + + ”
Locking a system can help to prevent you from accidentally making any changes to a system until you are ready to do so. For example, the system may be a production system that you do not wish to receive updates or new packages until you decide to unlock it.
![]() | |
Locking a system in the Web interface will not prevent any actions that originate from the client system. For example, if a user logs into the client directly and runs YaST Online Update (on SLE) or up2date (resp. pup on RHEL), the update tool will install available patches whether or not the system is locked in the Web interface. Further, locking a system does not restrict the number of users who can access the system via the Web interface. If you wish to restrict access to the system, associate that system with a System Group and assign it a System Group Administrator. Refer to Section 3.4.3, “System Groups — [Mgmt]” for more information about System Groups. |
It is also possible to lock multiple systems via the System Set Manager. Refer to Section 3.4.4.10.4, “ to learn how to do so. + + — [Mgmt]”
Subscribed Channels
List of subscribed channels. Click the Section 3.4.2.9.2.3, “. + + ”
link right beside the title to select from the available base and child channels for this system. When finished making selections, click the button to confirm the changes. For more information, refer toThe first line indicates the base channel to which this client is subscribed. The base channel should match the operating system of the system.
The subsequent lines of text, which depend from the base channel, are child channels. An example is the SUSE Manager Tools channel.
System Events
The date and time at which the system last checked in with SUSE Manager.
The date and time at which the system registered with SUSE Manager and created this profile.
The date and time at which the system was last started or restarted.
![]() | |
Systems with a Management entitlement can be rebooted from this screen.
When the client checks in after the scheduled start time, SUSE Manager will instruct the system to restart itself. |
[Prov] — OSA status is also displayed for client systems registered with SUSE Manager that have a Provisioning entitlement and have enabled OSA. For more information about OSA, refer to Section “Enabling Push to Clients” (↑Installation Guide).
Push enables SUSE Manager customers to immediately initiate tasks on Provisioning-entitled systems rather than wait for those systems to check in with SUSE Manager. Scheduling actions through push is identical to the process of scheduling any other action, except that the task begins immediately instead of waiting the set interval.
In addition to the configuration of SUSE Manager, each client system to
receive pushed actions must have the osad
package
installed and its service started. Refer to the
Section “Enabling Push to Clients” (↑Installation Guide) for details.
System Properties
The base entitlement currently applied to this system.
Indicates the notification options for this system. You can choose whether you wish to receive email notifying you of available patch updates for this system. In addition, you may choose to include Management-entitled systems in the daily summary e-mail.
Indicates whether this system is configured to accept updates automatically.
This information is automatically generated at registration. You can edit this to include any information you wish.
If entered, this field displays the physical address of the system.
Clicking the Edit These Properties link right beside the title opens the System Details+Properties subtab. On this page, edit any text you choose, then click the button to confirm.
This subtab allows you to alter the following basic properties of your system:
System Details Properties
By default, this is the hostname of the system. You can however alter the profile name to anything that allows you to distinguish this profile from others.
Select a base channel for the system from the available base entitlements.
If available, apply a Monitoring, Provisioning, Virtualization, or Virtualization Platform entitlement to the system.
Toggle whether notifications about this system are sent and whether this system is included in the daily summary. (By default, all Management and Provisioning systems are included in the summary.) This setting keeps you abreast of all advisories pertaining to the system. Anytime an update is produced and released for the system, a notification is sent via e-mail.
The daily summary reports system events that affect packages, such as scheduled patch updates, system reboots, or failures to check in. In addition to including the system here, you must choose to receive e-mail notification in the Your Preferences page of the Overview category.
If this box is checked, available patches are automatically applied
to the system when it checks in. This action takes place without
user intervention. The SUSE Manager Daemon
(rhnsd
) must be enabled on the system for
this feature to work.
![]() | Conflicts With Third Party Packages |
---|---|
Enabling auto-update might lead to failures because of conflicts between system updates and third party packages. To avoid failures caused by those issues, it is better to let this box unchecked. |
By default, this text box records the operating system, release, and architecture of the system when it first registers. You may edit this information to include anything you like.
The remaining fields record the physical address at which the system is stored. To confirm any changes to these fields, click the
button.![]() | Setting Properties to Multiple Systems |
---|---|
Many of these properties can be set for multiple systems at once through the System Set Manager interface. Refer to Section 3.4.4, “ for details. — [Mgmt]” |
This subtab allows you to run a remote command on the system if the system possesses a Provisioning entitlement. Before doing so, you must first configure the system to accept such commands.
On SLE clients, subscribe the system to the SUSE Manager Tools child channel and use zypper to install the rhncfg, rhncfg-client, and rhncfg-actions packages, if not already installed:
zypper in rhncfg rhncfg-client rhncfg-actions
On RHEL clients, subscribe the system to the Tools child channel and use up2date or yum to install the rhncfg, rhncfg-client, and rhncfg-actions packages, if not already installed.
up2date rhncfg rhncfg-client rhncfg-actions
Log into the system as root and add the following file to the local
SUSE Manager configuration directory:
allowed-actions/scripts/run
.
Create the necessary directory on the target system:
mkdir -p /etc/sysconfig/rhn/allowed-actions/script
Create an empty run
file in that directory to
act as a flag to SUSE Manager signaling permission to allow remote
commands:
touch /etc/sysconfig/rhn/allowed-actions/script/run
Once the setup is complete, refresh the page in order to view the text fields for remote commands. You may then identify a specific user, group, and timeout period, as well as the script itself on this page. Select a date and time to begin attempting the command, and click
.An activation key specific to this System Profile. Reactivation keys, available only for systems that have a Provisioning entitlement, include this system's ID, history, groups, and channels. This key can then be used only once with the rhnreg_ks command line utility to re-register this system and regain all SUSE Manager settings. Refer to Section 1.3.5, “Registering with Activation Keys” for instructions. Unlike typical activation keys, which are not associated with a specific system ID, keys created here do not show up within the Activation Keys page.
Reactivation keys can be combined with activation keys to aggregate the settings of multiple keys for a single system profile. For example:
rhnreg_ks --server=server-url
\ --activationkey=reactivation-key
,activationkey
--force
![]() | |
When autoinstalling a system with its existing SUSE Manager profile, the profile uses the system-specific activation key created here to re-register the system and return its other SUSE Manager settings. For this reason, you should not regenerate, delete, or use this key (with rhnreg_ks) while a profile-based autoinstallation is in progress. If you do, the autoinstallation will fail. |
This subtab provides detailed information about the system, including
networking, BIOS, memory, and other devices. This appears only if you
selected to include the hardware profile for this machine during
registration. If the hardware profile looks incomplete or outdated,
click the rhnsd
) connects to
SUSE Manager, it will update your System Profile with the latest list of
hardware.
This subtab provides a place to migrate systems between organizations. Select an Organization Name and click Migrate System to initiate the migration.
This subtab provides a place to create notes about the system. To add a new note, click the create new note link, type a subject and details, and click the button. To modify a note, click on its subject in the list of notes, make your changes, and click the button. To remove a note, click on its subject in the list of notes and then click the link.
This subtab, available for systems with a Provisioning entitlement, provides completely customizable information about the system. Unlike Notes, Custom Info is structured, formalized, and can be searched upon. Before you can provide custom information about a system, you must first have Custom Information Keys. This is done via the Custom System Info page, available from the left navigation bar. Refer to Section 3.4.8, “Custom System Info — [Prov]” for instructions.
Once you have created one or more Keys, you may assign a value for this system by select the create new value link. Click the name of the key in the resulting list and enter a value for it in the Description field, then click the button.
This tab and its accompanying subtabs allow you to manage the software of the system: patches (errata), packages and package profiles, and software channel memberships.
This subtab contains a list of patch (errata) alerts applicable to the system. Refer to Section 3.1.3, “Patch Alert Icons” for meanings of the icons on this tab. To apply updates, select them and click the button. Double-check the updates to be applied on the confirmation page, then click the button. After confirming, the action is added to the Pending Actions list under Schedule. Patches that have been scheduled cannot be selected for update. In the place of a checkbox is a clock icon that, when clicked, takes you to the Action Details page.
To help users determine whether an update has been scheduled, a
Status column exists within the patches table.
Possible values are: None, Pending, Picked Up, Completed, and Failed.
This column identifies only the latest action related to a patch. For
instance, if an action fails and you reschedule it, this column shows
the status of the patch as >Pending
only (with no
mention of the previous failure). Clicking a status other
thanNone
takes you to the Action
Details page. This column corresponds to the one on the
Affected Systems tab of the Patch
Details page.
This subtab allows you to manage the packages on the system.
[Prov] — When selecting packages to install, upgrade, or remove, Provisioning customers have the option of running a remote command automatically before or after the package installation. Refer to Section 3.4.2.9.1.3, “ for more information. + + — [Prov]”
The default display of the Packages tab
describes the options available to you and provides the means to
update your package list. To update or complete a potentially
outdated list, possibly due to the manual installation of packages,
click the Update Package List button on the
bottom right-hand corner of this page. The next time the SUSE Manager
Daemon (rhnsd
) connects to SUSE Manager, it
updates your System Profile with the latest list of installed
packages.
Lists installed packages and enables you to remove them. View and sort packages by name, architecture, and the date it was installed on the system. Search for the desired packages by typing it in the Filter by Package Name text box, or by clicking the letter or number corresponding the first character of the package name. Click on a package name to view its Package Details page. To delete packages from the system, select their checkboxes and click the button on the bottom right-hand corner of the page. A confirmation page appears with the packages listed. Click the button to remove the packages.
Displays a list of packages that have a new version available based on the package versions in the channels for the system. Click on the latest package name to view its Package Details page. To upgrade packages immediately, select them and click the button. To download the packages as a .tar file, select them and click the button.
Enables you to install new packages on the system from the available channels. Click on the package name to view its Package Details page. To install packages, select them and click the button.
Validates the packages installed on the system against its RPM database. This is the equivalent of running rpm -V. Specifically, this tab allows you to compare the metadata of the system's packages with information from the database, such as file checksum, file size, permissions, owner, group and type. To verify a package or packages, select them, click the button, and confirm this action. Once finished, you can view the results by selecting this action within the History subtab under Events.
Gives you the ability to compare the packages on this system with the packages of stored profiles and other Management and Provisioning systems. To make the comparison with a stored profile, select that profile from the pulldown menu and click the Compare button. To make the comparison with another system, select it from the associated pulldown menu and click the Compare button. To create a stored profile based upon the existing system, click the button, enter any additional information you desire, and click the button. These profiles are kept within the Stored Profiles page linked from the left navigation bar.
[Prov] — Once package profiles have been compared, Provisioning customers have the ability to synchronize the packages of the selected system with the package manifest of the compared profile. Note that this action may delete packages on the system not in the profile, as well as install packages from the profile. To install specific packages, select the checkboxes of packages from the profile. To remove specific packages already installed on the system itself, select the checkboxes of packages showing a difference of This system only. To synchronize fully the system's packages with the compared profile, select the master checkbox at the top of the column. Then click the button. On the confirmation screen, review the changes, select a time frame for the action, and click the button.
Software channels provide a well-defined method to determine which packages should be available to a system for installation or upgrade based upon its operating systems, packages, and functionality. Click a channel name to view its Channel Details page. To modify the child channels associated with this system, use the checkboxes next to the channels and click the button. You will receive a success message or be notified of any errors. To change the system's base channel, select the new one from the pulldown menu and click the button. Refer to Section 3.6.1, “Software Channels” for more information.
This tab and its subtabs, which do not appear without a Provisioning entitlement, assist in managing the configuration files associated with the system. These configuration files may be managed solely for the current system, or may be distributed widely via a Configuration Channel. The following section describe these and other available options on the System Details+Configuration subtabs.
![]() | |
To manage the configuration of a system, it must have the latest
|
This section is available to normal users with access to systems that have configuration management enabled. Like software channels, configuration channels store files to be installed on systems. While software updates are provided by NCC, configuration files are managed solely by you. Also unlike software packages, various versions of configuration files may prove useful to a system at any given time. Remember, only the latest version can be deployed.
This subtab provides access to the configuration statistics of your system and to the most common tasks used to manage configuration files. You may change the settings listed under Configuration Stats by clicking on the blue text for that setting. Alternatively, you may perform any of the common configuration management tasks listed on the right of the screen by clicking one of the links.
This subtab lists all configuration files currently associated with the system.
This column shows both the name and the deployment path for this file.
This column increments any time you make a change to the managed file.
This column indicates the name of the channel that contains the file, or displays (system override) for files available to this system only.
If this configuration file overrides another, the overridden file is listed in this column along with its host channel.
If you wish to deploy any of these files to the client system, overwriting any changes that have been made locally, check the box to the left of the file and click the
button. On the following screen, choose a deployment time and click the button to confirm.![]() | |
If you click on the Filename of a (system override) file, you can edit its contents. |
The Overrides column identifies the configuration
file in an unsubscribed channel that would replace the same file in a
currently subscribed channel. For example, if a system has
/etc/foo
from channel bar
and /etc/foo
from channel
baz
is in the Overrides column, then
unsubscribing from channel bar
will mean that
the file from channel baz
will be applicable.
Also, if nothing is in the Overrides column for a
given file path, then unsubscribing from the channel providing the
file will mean that the file is no longer managed (though it will
not remove the file from the system).
This subtab compares a configuration file as stored on the SUSE Manager with the file as it exists on the client. (It does not, for example, compare versions of the same file stored in different channels.) Select the files to be diffed, click the
button, select a time to perform the diff, and click the button to confirm. After the diff has been performed, you may return to this page to view the results.This subtab allows you to subscribe to and rank configuration channels that may be associated with the system, lowest first.
The List/Unsubscribe from Channels subtab contains a list of the system's configuration channel subscriptions. Click the checkbox next to the Channel and click to remove the subscription to the channel.
The Subscribe to Channels subtab lists all available configuration channels. To subscribe to a channel, select the checkbox next to it and press . To subscribe to all configuration channels, click and press . The View/Modify Rankings page automatically loads.
The View/Modify Rankings subtab allows users rank
the priority in which files from a particular configuration channel
are weighted. The higher the channel is on the list, the more its
files take precedence over files on lower-ranked channels (for
example, the higher-ranked channel may have an
httpd.conf
file that will take precedence over
the file on lower-ranked channel).
This subtab displays the default configuration files for the system and allows you to manage them. If no files exist, you may use the add files, upload files, and add directories links within the page description to associate files with this system. These tabs correspond to those within the Configuration Channel Details page, affecting your entire organization and available only to Configuration Administrators. Refer to Section 3.7.3.1, “ for more information. + + ”
If a file exists, click its name to go to the Configuration File Details page. Refer to Section 3.7.4, “Configuration Files” for instructions. To replicate the file within a config channel, select its checkbox, click the button, and select the destination channel. To remove a file, select it and click .
This subtab allows you to manipulate configuration files without deploying them. This sandbox provides you with an area in which to experiment with files without affecting your systems. To add files, click the import new files link, enter the path to the file on you local system, and click the button. Select the button to confirm.
This tab and its subtabs allow you to schedule and monitor AutoYaST or Kickstart intallations and to return your system to a previous state. AutoYaST is a SUSE Linux and Kickstart is a Red Hat utility—both allow you to automate the re-installation of a system. Snapshot rollbacks provide the ability to revert certain changes to the system. For example, you can roll back a set of RPM packages, but rolling back across multiple update levels is not supported. Both features are described in the sections that follow.
This subtab is further divided into Session Status, which tracks the progress of previously scheduled autoinstallations, and Schedule, which allows you to configure and schedule an autoinstallation for this system.
The Schedule subtab allows you to schedule the selected system for autoinstallation. Choose from the list of available profiles, select a time for the autoinstallation to begin, and click the button to begin the autoinstallation. You may first alter autoinstallation settings by clicking the button.
![]() | |
You must first create a profile before it appears on this subtab. If you have not created any profiles, refer to Section 3.4.9.4, “Create a New Kickstart Profile” before scheduling a autoinstallation for a system. |
The Variables subtab can be used to create
Kickstart variables, which substitute values into kickstart files. To
define a variable, create a name-value pair
(name/value
) in the text box.
For example, if you wanted to kickstart a system that joins the network for specified department (for example the Engineering organization) you can create a profile variable to set the IP address and the gateway server address to a variable that any system using that profile will use. Add the following line to the Variables text box.
IPADDR=192.168.0.28 GATEWAY=192.168.0.1
To use the system variable, you can use the name of the variable
within the profile to substitute in the value. For example, the
network
portion of a kickstart file could look like
the following:
network --bootproto=static --device=eth0 --onboot=on --ip=$IPADDR --gateway=$GATEWAY
The $IPADDR
will be
192.168.0.28
, and the $GATEWAY
will be 192.168.0.1
![]() | |
There is a hierarchy when creating and using variables in kickstart files. System kickstart variables take precedence over Profile variables, which in turn take precendence over Distribution variables. Understanding this hierarchy can alleviate confusion when using variables in kickstarts. |
Using variables are just one part of the larger Cobbler infrastructure for creating templates that can be shared between multiple profiles and systems. For more information about Cobbler and kickstart templates, refer to Chapter 6, Cobbler.
Snapshots enable you to roll back the system's package profile, configuration files, and SUSE Manager settings. Snapshots are captured whenever an action takes place on a Provisioning-entitled system. The Snapshots subtab lists all snapshots for the system, including the reason the snapshot was taken, the time it was taken, and the number of tags applied to each snapshot. To revert to a previous configuration, click the Reason of the snapshot taken and review the potential changes on the provided subtabs, starting with Rollback.
![]() | |
Snapshot roll backs support the ability to revert certain changes to the system, but not in every scenario. For example, you can roll back a set of RPM packages, but rolling back across multiple update levels is not supported. |
Each subtab provides the specific changes that will be made to the system during the rollback:
group memberships
channel subscriptions
installed packages
configuration channel subscriptions
configuration files
snapshot tags
When satisfied with the reversion, return to the Rollback subtab and click the button. To see the list again, click Return to snapshot list.
Provides a means to add meaningful descriptions to your most recent system snapshot. This can be used to indicate milestones, such as a known working configuration or a successful upgrade. To tag the most recent snapshot, click create new system tag, enter a descriptive term in the Tag name field, and click the button. You may then revert using this tag directly by clicking its name in the Snapshot Tags list. To delete tags, select their checkboxes, click , and confirm the action.
This tab is only visible for systems registered with SUSE Manager with Monitoring enabled and that are Monitoring entitled. It displays all of the probes monitoring the system. The State column shows icons representing the status of each probe. Refer to Section 3.10, “Monitoring — [Mon]” for descriptions of these states. Clicking the Probe Description takes you to its Current State page. The Status String column displays the last message received from the probe.
To add a probe to the system, click the create new probe link at the top-right corner of the page and complete the fields on the following page. Refer to Section 4.5.1, “Managing Probes” for detailed instructions.
Once the probe has been added, you must reconfigure your Monitoring infrastructure to recognize it. Refer to Section 3.10.2, “Scout Config Push — [Mon]” for details. After the probe has run, its results become available on the Current State page. Refer to Section 3.10.1.7, “Current State — [Mon]” for details.
To remove a probe from a system, click on the name of the probe, then click the delete probe link in the upper right corner. Finally, click the button to complete the process.
This tab and its subtabs allow you to manage the system's group memberships.
This subtab lists groups to which the system belongs and enables you to cancel those associations. Only System Group Administrators and SUSE Manager Administrators can remove the system from groups. Non-admins just see a Review this system's group membership page. To remove the system from groups, select the groups' checkboxes and click the button. Click on a group's name to go to its System Group Details page. Refer to Section 3.4.3.3, “System Group Details — [Mgmt]” for more information.
Lists groups that the system may be subscribed to. Only System Group Administrators and SUSE Manager Administrators can add the system to groups. Non-admins see a Review this system's group membership page. To add the system to groups, select the groups' checkboxes and click the button.
Displays past, current, and scheduled actions on the system. You may cancel pending events here. The following sections describe the Events subtabs and the features they offer.
Lists events that are scheduled but have not begun. A prerequisite action must complete successfully before a given action is attempted. If an action has a prerequisite, no checkbox is available to cancel that action. Instead, a checkbox appears next to the prerequisite action; canceling the prerequisite action causes the action in question to fail.
Actions can be chained in this manner so that action 'a' requires action 'b' which requires action 'c'. Action 'c' is the first one attempted and has a checkbox next to it until it is completed successfully—if any action in the chain fails, the remaining actions also fail. To unschedule a pending event, select the event and click the
button at the bottom of the page. The following icons indicate the type of events listed here:
— Package Event
— Patch Event
— Preferences Event
— System Event
The default display of the Events tab lists the type and status of events that have failed, occurred or are occurring. To view details of an event, click its summary in the System History list. To again view the table, click Return to history list at the bottom of the page.
The System Groups page allows all SUSE Manager Management and Provisioning users to view the System Groups list. Only System Group Administrators and SUSE Manager Administrators may perform the following additional tasks:
Create system groups. (Refer to Section 3.4.3.1, “Creating Groups”.)
Add systems to system groups. (Refer to Section 3.4.3.2, “Adding and Removing Systems in Groups”.)
Remove systems from system groups. (Refer to Section 3.4.2.9, “System Details”.)
Assign system group permissions to users. (Refer to Section 3.9, “Users — [Mgmt]”.)
The System Groups list displays all of your system groups.
The System Groups list contains several columns for each group:
Select — These checkboxes enable you to add systems in groups to the System Set Manager. To select groups, mark the appropriate checkboxes and click the button below the column. All systems in the selected groups are added to the System Set Manager. You can then use the System Set Manager to perform actions on them simultaneously. It is possible to select only those systems that are members of all of the selected groups, excluding those systems that belong only to one or some of the selected groups. To do so, select them and click the button. To add all systems in all selected groups, select them and click the button. Each system will show up once, regardless of the number of groups to which it belongs. Refer to Section 3.4.4, “ for details. — [Mgmt]”
Updates — Shows which type of patch alerts are applicable to the group or confirms that it is up-to-date. Clicking on a group's status icon takes you to the Patch tab of its System Group Details page. Refer to Section 3.4.3.3, “System Group Details — [Mgmt]” for more information.
The status icons call for differing degrees of attention:
— All systems within group are up-to-date
— Critical patches available, update
strongly recommended
— Updates available and recommended
Group Name — The name of the group as configured during its creation. The name should be explicit enough to easily differentiate between it and other groups. Clicking on the name of a group takes you to Details tab of its System Group Details page. Refer to Section 3.4.3.3, “System Group Details — [Mgmt]” for more information.
Systems — Total number of systems contained by the group. Clicking on the number takes you to the Systems tab of the System Group Details page for the group. Refer to Section 3.4.3.3, “System Group Details — [Mgmt]” for more information.
Use in SSM — Clicking the button in this column loads the group from that row and launches the System Set Manager immediately. Refer to Section 3.4.4, “ for more information. — [Mgmt]”
To add a new system group, click the System Groups list.
link at the top-right corner of the page. Type a name and description and click the button. Make sure you use a name that clearly sets this group apart from others. The new group will appear in theSystems can be added and removed from system groups in two places: the Target Systems tab of the System Group Details page and the Groups tab of the System Details page. The process is similar in both instances. Select the systems to be added or removed and click the or button.
At the top of each System Group Details page are two links: work with group and delete group. Clicking delete group deletes the System Group and should be used with caution. Clicking Work with Group functions similarly to the button from the System Groups list in that it loads the group's systems and launches the System Set Manager immediately. Refer to Section 3.4.4, “ for more information. — [Mgmt]”
The System Group Details page is broken down into tabs:
Provides the group name and group description. To change this information, click Edit Group Properties, make your changes in the appropriate fields, and click the button.
Lists systems that are members of the system group. Clicking links within the table takes you to corresponding tabs within the System Details page for the associated system. To remove systems from the group, select the appropriate checkboxes and click the button on the bottom of the page. Clicking it does not delete systems from SUSE Manager entirely. This is done through the System Set Manager or System Details pages. Refer to Section 3.4.4, “ or — [Mgmt]”Section 3.4.2.9, “System Details”, respectively.
Target Systems — Lists all systems in your organization. This tab enables you to add systems to the specified system group. Select the systems using the checkboxes to the left and click the button on the bottom right-hand corner of the page.
List of relevant patches for systems in the system group. Clicking the Advisory takes you to the Details tab of the Patch Details page. (Refer to Section 3.5.2.2, “Patch Details” for more information.) Clicking the Affected Systems number lists all of the systems addressed by the patch. To apply the patch updates in this list, select the systems and click the button.
List of all organization users that have the ability to manage the system group. SUSE Manager Administrators are clearly identified. System Group Administrators are marked with an asterisk (*). To change the system group's users, select and unselect the appropriate checkboxes and click the
button.List all probes assigned to systems in the system group. The State shows the status of the probe. Click the individual System for details on the probe and to make changes to the probe configuration. Click the Probe to generate a customizable report on the monitoring.
Many actions performed for individual systems through the System Details page may be performed for multiple systems via the System Set Manager, including:
Apply patch updates
Upgrade packages to the most recent versions available
Add/remove systems to/from system groups
Subscribe/unsubscribe systems to/from channels
Update system profiles
Modify system preferences such as scheduled download and installation of packages
Autoinstall several Provisioning-entitled systems at once
Set the subscription and rank of configuration channels for Provisioning-entitled systems
Tag the most recent snapshots of your selected Provisioning-entitled systems
Revert Provisioning-entitled systems to previous snapshots
Run remote commands on Provisioning-entitled systems
Before performing actions on multiple systems, select the systems you wish to modify. To do so, click the List the systems link, check the boxes to the left of the systems you wish to select, and click the Update List button.
You can access the System Set Manager in three ways:
Click the System Set Manager link in the left gray navigation area.
Click the Use Group button in the System Groups list.
Check the Work with Group link on the System Group Details page.
Description of the various options available to you in the remaining tabs.
List of systems now selected. To remove systems from this set, select them and click the
button.List of patch updates applicable to the current system set. Click the number in the Systems column to see to which systems in the System Set Manager the given patch applies. To apply updates, select the patches and click the
button.Options to modify packages on the system within the following subtabs. (Click the number in the Systems column to see to which systems in the System Set Manager the given package applies):
[Prov] — When selecting packages to install, upgrade, or remove, Provisioning customers have the option of running a remote command automatically before or after the package installation. Refer to Section 3.4.2.9.1.3, “ for more information. + + — [Prov]”
A list of all the packages installed on the selected systems that might be upgraded. Systems must be subscribed to a channel providing the package for the system to be able to upgrade the package. If multiple versions of a package appear, note that only the latest version available to each system is upgraded on that system. Select the packages to be upgraded, then click the
button.A list of channels from which you may retrieve packages. This list includes all channels to which systems in the set are subscribed; a package is installed on a system only if the system is subscribed to the channel from which the package originates. Click on the channel name and select the packages from the list. Then click the
button.A list of all the packages installed on the selected systems that might be removed. Multiple versions appear if systems in the System Set Manager have more than one version installed. Select the packages to be deleted, then click the
button.A list of all installed package whose contents, file checksum, and other details may be verified. At the next check in, the verify event issues the command rpm --verify for the specified package. If there are any discrepancies, they are displayed in the System Details page for each system.
Select the checkbox next to all packages to be verified, then click the Verify Packages button. On the next page, select either Schedule actions ASAP or choose a date and time for the verification, then click the Schedule Verifications button.
Tools to create groups and manage group membership. These functions are limited to SUSE Manager Administrators and System Group Administrators. To add a new group, click create new group on the top-right corner. In the resulting page, type its name and description in the identified fields and click the button. To add or remove the selected systems in any of the system groups, toggle the appropriate radio buttons and click the button.
Options to manage channel associations through the following subtabs:
To subscribe or unsubscribe the selected systems in any of the channels, toggle the appropriate checkboxes and click the
button. Keep in mind that subscribing to a channel uses a channel entitlement for each system in the selected group. If too few entitlements are available, some systems fail to subscribe. Systems must subscribe to a base channel before subscribing to a child channel.Like the options within the System Details+Channels+Configuration tab, the subtabs here can be used to subscribe the selected systems to configuration channels and deploy and compare the configuration files on the systems. The channels are created in the Manage Config Channels interface within the Channels category. Refer to Section 3.7.2, “Overview” for channel creation instructions.
To manage the configuration of a system, install the latest
rhncfg*
packages. Refer to
Section 3.7.1, “Preparing Systems for Config Management” for instructions on enabling and
disabling scheduled actions for a system.
Use this subtab to distribute configuration files from your central repository on SUSE Manager to each of the selected systems. The table lists the configuration files associated with any of the selected systems. Clicking its system count displays the systems already subscribed to the file.
To subscribe the selected systems to the available configuration files, select the checkbox for each desired file. When done, click
and schedule the action. Note that the files deployed are of the latest version at the time of scheduling and do not account for versions that may appear before the action takes place.Use this subtab to validate configuration files on the selected systems against copies in your central repository on SUSE Manager. The table lists the configuration files associated with any of the selected systems. Clicking its system count displays the systems already subscribed to the file.
To compare the configuration files deployed on the systems with those in SUSE Manager, select the checkbox for each file to be validated. Then click Schedule category or within the System Details+Events tab.
and schedule the action. Note that the files compared are of the latest version at the time of scheduling and do not account for versions that may appear before the action takes place. Find the results within the mainSubscribe systems to configuration channels according to order of preference. This tab is available only to SUSE Manager Administrators and Configuration Administrators. Enter a number in the Rank column to subscribe to a channel. Channels are accessed in the order of their rank, starting from the number 1. Channels not assigned a numeric value are not associated with the selected systems. Your local configuration channel always overrides all other channels. Once you have established the rank of the config channels, you must decide how they are applied to the selected systems.
The three buttons below the channels reflect your options. Clicking
places all the ranked channels before any other channels to which the selected systems are currently subscribed. Clicking places the ranked channels after those channels to which the selected systems are currently subscribed. Clicking removes any existing association and starts cleanly with the ranked channels, leaving every system with the same config channels in the same order.In the first two cases, if any of the newly ranked config channels is already in a system's existing config channel list, the duplicate channel is removed and replaced according to the new rank, effectively reordering the system's existing channels. When such conflicts exist, you are presented with a confirmation page to ensure the intended action is correct. When the change has taken place, a message appears at the top of the page indicating the update was successful.
Administrators may unsubscribe from configuration channels by clicking the checkbox by the name of the channel and clicking
button.Administrators may enable configuration channel management by clicking the checkbox by the name of the channel and clicking Schedule package installs for no sooner than radio button and using the drop-down menus to configure date and time, then clicking .
button. You can also schedule the action by clicking theOptions for provisioning systems through the following subtabs:
Use this subtab to re-install a client on the selected Provisioning-entitled systems. To schedule autoinstallations for these systems, select a distribution, identify the type (IP address or manual), and click Preserve Existing Configuration radio button or the Use Proxy radio button. If you choose to autoinstall through a Proxy Server, select from the available Proxies listed in the drop-down box beside the Use Proxy radio button. All of the selected systems will autoinstall through the selected Proxy. Click the button to confirm your selections. When the autoinstallations for the selected systems are successfully scheduled, the web interface returns you to the System Set Manager page.
. Finish choosing from the options available on the subsequent screen. If any of the systems connect to SUSE Manager via a Proxy Server, choose either theUse this subtab to add meaningful descriptions to the most recent snapshots of your selected systems. To tag the most recent system snapshots, enter a descriptive term in the Tag name field and click the button.
Use this subtab to rollback selected Provisioning-entitled systems to previous snapshots marked with a tag. Click the name of the tag, verify the systems to be reverted, and click the
button.
Use this subtab to issue remote commands on selected
Provisioning-entitled systems. First create a run
file on the client systems to allow this function to operate. Refer to
Section 3.4.2.9.1.3, “ for instructions.
You may then identify a specific user, group, timeout period, and the
script on this page. Select a date and time to perform the command, and
click + + — [Prov]” .
Misc — Update System Profiles and preferences for the system set through the following links:
Click Update Hardware Profile followed by the button to schedule a hardware profile update. Clicking Update Package Profile,followed by the button schedules a package profile update.
Click Set a custom value for selected systems followed by the name of a key to allow you to provide values for all selected systems. Enter the information and click the button. Click Remove a custom value from selected systems followed by the name of a key to allow you to remove values for all selected systems. Click the button to finalize the deletion.
Select the appropriate systems and click the list of systems link that appears within the confirmation message at the top of the page, select the systems, and click .
link to set those systems for reboot. To immediately cancel this action, click theSelect the appropriate systems and click the
link to prevent the scheduling of any action through SUSE Manager that affects the selected systems. This can be reversed by clicking the link.Click Delete System Profiles, then click the button to remove the selected profiles permanently.
Select, via the radio button, whether to Add, Remove, or make No Change in the entitlements of the selected systems. Click the button to confirm your selection.
Toggle the Yes and No radio buttons and click the button to alter your notification preferences for the selected systems. You may apply these preferences to individual systems through the Properties subtab of the System Details page. Refer to Section 3.4.2.9.1.2, “ for instructions. + + ”
Receive Notifications of Updates/Patches — This setting keeps you abreast of all advisories pertaining to your systems. Any time an update is produced and released for a system under your supervision, a notification is sent via e-mail.
Include system in Daily Summary — This setting includes the selected systems in a daily summary of system events. (By default, all Management and Provisioning systems are included in the summary.) These system events are actions that affect packages, such as scheduled patch updates, system reboots, or failures to check in. In addition to including the systems here, you must choose to receive e-mail notifications in the Your Preferences page. Refer to Section 3.3.2, “Your Preferences” for instructions. Note that SUSE Manager sends these summaries only to verified e-mail addresses.
Automatic application of relevant Patches — This setting enables the automatic application of patch updates to the selected systems. This means packages associated with patches are updated without any user intervention. Customers should note that SUSE Linux does not recommend the use of the auto-update feature for production systems because conflicts between packages and environments can cause system failures.
The System Search page allows you to search through your systems according to specific criteria. These criteria include custom system information, system details, hardware, devices, interface, networking, packages, and location.
Searches can be refined using the Fields to Search drop-down menu, which is set to by default.
The following list details the Fields to Search drop-down menu.
DMI Info — The Desktop Management Interface (DMI) is a standard for management of components on computer system. You can search for SUSE Manager systems using the following DMI retrieval methods:
System — Product names or numbers, Manufacturer names, Serial numbers, and other information that may be unique to a system
BIOS — BIOS support information such as BIOS vendor name and version, hardware support enabled in the BIOS, and more
Asset Tag — A unique identifier assigned by an IT department (or vendor) to a system for better tracking, management and inventory
Location — The physical location of a system, which includes the following:
Address — The address of the system or system set
Building — The building or site in an address
Room — The server or system room within a building
Rack — The designated location within a server room where a system is situated.
Details — The unique identifiers assigned to a system by sytem administrators and particularly SUSE Manager Administrators, including the following:
Name/Description — The name assigned to a system by the SUSE Manager Administrator upon adding it to the SUSE Manager server.
ID — An identifier that is unique to a system or system set.
Custom Info — Information about the system that is unique only to that system.
Snapshot Tag — The name assigned to a new or previous system snapshot
Running Kernel — The currently running kernel on a system registered with SUSE Manager
Hardware — Systems can be searched by particular components in the system, including the following:
CPU Model — The CPU model name (such as Pentium or Athlon
CPU MHz Less Than — Search systems with a processor less than a user-designated speed in Megahertz.
CPU MHz More Than — Search systems with a processor more than a user-designated speed in Megahertz.
Number of CPUs Less Than — Search systems with a sum of processors less than a user-designated quantity.
Number of CPUs Greater Than — Search systems with a sum of processors greater than a user-designated quantity.
RAM Less Than — Search systems with a sum of memory less than a user-designated quantity in megabytes.
RAM More Than — Search systems with a sum of memory more than a user-designated quantity in megabytes.
Packages — Systems can be searched by the packages installed (and not yet installed) on the system.
Installed Packages — Filter systems based on particular installed packages
Needed Packages — Filter systems based on particular packages that have yet to be installed
Activity — Systems can be searched by the amount of time since first or last checked into SUSE Manager.
Days Since Last Check-in — The amount of time (in days) that systems have last checked into SUSE Manager.
Days Since First Check-in — The amount of time (in days) that have passed since the systems first checked into SUSE Manager.
Network Info — Systems can be searched based on specific networking details such as IP address.
Hostname — The name associated with a system registered with SUSE Manager.
IP Address — The network address of the system registered with SUSE Manager.
Hardware Devices — Systems can be searched by specific hardware details such as driver names and Device or Vendor IDs.
Description — Device summary information, such as brand or model
name/number (such as Intel 82801HBM/HEM
)
Driver — The kernel driver or module name (such as
tulip.o
or iwl3945
)
Device ID — The hexadecimal number corresponding to the device installed in the system.
Vendor ID — The hexadecimal number corresponding to the vendor of the device installed in the system.
The Activity selections (Days Since Last Checkin, for instance) can be especially useful in finding and removing outdated System Profiles. Type the keyword, select the criterion to search by, use the radio buttons to identify whether you wish to query all systems or only those loaded in the System Set Manager, and click the button. You may also select the Invert Result checkbox to list those systems that do not match the criteria selected.
The results appear at the bottom of the page. For details about using the resulting system list, refer to Section 3.4.2, “Systems”.
SUSE Manager Management and Provisioning customers with the Activation Key Administrator role (including SUSE Manager Administrators) can generate activation keys in the SUSE Manager Web interface. These keys can then be used to register a SUSE Linux Enterprise or Red Hat Enterprise Linux system, entitle the system to a SUSE Manager service level and subscribe the system to specific channels and system groups through the rhnreg_ks command line utility. Refer to Section 1.3.5, “Registering with Activation Keys” for instructions on use.
![]() | |
System-specific activation keys created through the Reactivation subtab of the System Details page are not part of this list because they are not reusable across systems. |
To create an activation key:
Procedure 3.1. Creating Activation Keys¶
Select Systems from the top and then Activation Keys from the left navigation bar.
Click the create new key link at the upper right corner.
Description — Enter a to identify the generated activation key.
Key — In addition to the fields listed below, SUSE Manager customers may also populate the Key field itself. This user-defined string of characters can then be supplied with rhnreg_ks to register client systems with SUSE Manager. Refer to Section 3.4.6.2, “Using Multiple Activation Keys at Once — [Prov]” for details.
![]() | Allowed Characters |
---|---|
Do not insert commas in the key. All other characters are allowed. Commas are problematic since they are the separator used when including two or more activation keys at once. |
Usage Limit — The maximum number of registered systems that can be registered with the activation key at any one time. Leave blank for unlimited use. Deleting a system profile reduces the usage count by one and registering a system profile with the key increases the usage count by one.
Base Channel — The primary channel for the key.
This can be either the SUSE Manager Default
channel
or a custom base channel.
Selecting SUSE Manager Default
allows client systems
to register with the default SUSE-provided channel that corresponds to
their installed version of SUSE Linux Enterprise. You can also associate the key with
a custom base channel. If a system using this key is not compatible
with the selected channel, it will fall back to the SUSE Manager default
channel.
Add-on Entitlements — The supplemental entitlements for the key, which includes Monitoring, Provisioning, Virtualization, and Virtualization Platform. All systems will be given these entitlements with the key.
Universal default — Whether or not this key should be considered the primary activation key for your organization.
![]() | Changing the Default Activation Key |
---|---|
Only one universal default activation key can be defined per organization. If a universal key already exists for this organization, you will unset the currently used universal key by activating the checkbox. |
Click
.To create more activation keys, repeat the steps above.
After creating the unique key, it appears in the list of activation keys
along with the number of times it has been used (see
Figure 3.5, “Activation Keys”). Note that only
Activation Key Administrators can see this list. At this point, you may
associate child channels (e.g., the Tools child channel), packages
(e.g., the rhncfg-actions
package) and groups
with the key so that systems registered with it automatically subscribe
to them.
To change information about a key, such as the channels or groups, click its description in the key list to display the key's Datails page (see Figure 3.6, “Activation Key Details With Subtabs”), make your modifications in the appropriate tab, and click the button. To disassociate channels and groups from a key, deselect them in their respective menus by Ctrl-clicking their highlighted names. To remove a key entirely, click the delete key link in the upper right corner of the edit page.
A system may be set to subscribe to a base channel during registration with an activation key. However, if the activation key specifies a base channel that is not compatible with the operating system of the systems, the registration fails. For example, a SUSE Linux Enterprise Server for x86 system cannot register with an Activation Key that specifies a SUSE Linux Enterprise Server for x86_64 base channel. A system is always allowed to subscribe to a custom base channel.
To disable system activations with a key, unselect the corresponding checkbox under the Enabled column in the key list. The key can be re-enabled by selecting the checkbox. After making these changes, click the button on the bottom right-hand corner of the page.
Provisioning customers should note that multiple activation keys can be included at the command line or in a single autoinstallation profile. This allows you to aggregate the aspects of various keys without recreating a new key specific to the desired systems, simplifying the registration and autoinstallation processes while slowing the growth of your key list.
Without this stacking ability, your organization would need at least six activation keys to manage four server groups and subscribe a server to any two groups. Factor in two versions of the operating system, such as Red Hat Enterprise Linux 4 and 5, and you need twice the number of activation keys. A larger organization would need keys in the dozens.
Registering with multiple activation keys requires some caution; conflicts between some values cause registration to fail. Conflicts in the following values do not cause registration to fail, a combination of values is applied: software packages, software child channels, and config channels. Conflicts in the remaining properties are resolved in the following manner:
base software channels — registration fails
entitlements — registration fails
enable config flag — configuration management is set
Do not use system-specific activation keys along with other activation keys; registration fails in this event.
You are now ready to use multiple activation keys at once. This is done with comma separation at the command line with rhnreg_ks or in a kickstart profile within the Activation Keys tab of the Autoinstallation Details page. Refer to Section 1.3.5, “Registering with Activation Keys” and Section 3.4.9.4.14, “Activation Keys — [Prov]”, respectively, for instructions.
SUSE Manager Provisioning customers can create package profiles through the Profiles subtab of the Packages tab within the System Details page. Those profiles are displayed on the Stored Profiles page, where they may be edited and even deleted.
To edit a profile, click its name in the list, alter its name and description, and click the Packages subtab. To remove the profile entirely, click delete stored profile at the upper-right corner of the page.
button. To view software associated with the profile, click the
SUSE Manager Provisioning customers may include completely customizable
information about their systems. Unlike notes, the information here is
more formal and may be searched upon. For instance, you may decide to
identify an asset tag for each system. To do this, you must create an
asset
key within the Custom System
Info page.
Click create new key at the upper-right corner of
the page. Enter a descriptive label and description, such as
Asset
and Precise location of each
system
, and click the . The
key will then show up in the custom info keys list.
Once the key exists, you may assign a value to it through the Custom Info tab of the System Details page. Refer to Section 3.4.2.9.1.8, “ for instructions. + + — [Prov]”
In addition to the SUSE Manager Web interface for creating and listing
custom information keys, there is a command-line tool called
mgr-custom-info
(rhn-custom-info
package) that performs the
same actions at a shell prompt, for administrators who may not have
access to the web interface.
The usage of mgr-custom-info is as follows:
mgr-custom-info options key1 value1
For example:
mgr-custom-info --username=admin --password=f00b4rb4z \ --server-url=manager.example.com --list-values
The command lists the custom keys and their values for the manager.example.com SUSE Manager server.
For more information, refer to the help file by typing mgr-custom-info -h.
![]() | Autoinstallation Types: AutoYaST and Kickstart |
---|---|
In the following section AutoYaST and AutoYaST features apply for SUSE Linux Enterprise client systems only. For RHEL systems, use Kickstart and Kickstart features. |
AutoYaST and Kickstart configuration files allow administrators to create an environment for automating otherwise time-consuming system installations, such as multiple servers or workstations. AutoYaST files have to be uploaded to be managed with SUSE Manager. Kickstart files can be created, modified, and managed within and customized with the SUSE Manager Web interface.
SUSE Manager also features the Cobbler installation server that allows administrators to perform unattended installations using a Pre-Execution Environment (PXE) server, installation and configuration of full and para-virtualized guest systems, and re-installation of running systems. For more information on configuring Cobbler, refer to Chapter 6, Cobbler.
To satisfy the provisioning needs of customers, SUSE Manager provides an interface for developing Kickstart and AutoYaST profiles that can be used to install Red Hat Enterprise Linux or SUSE Linux Enterprise systems on either new or already-registered systems. This enables systems to be installed automatically to particular specifications.
This overview page displays the status of automated installation (Kickstart and AutoYaST) on your client systems: the types and number of profiles you have created and the progress of systems that are scheduled to be installed using Kickstart or AutoYaST. In the upper right is the Autoinstallation Actions section, which contains a series of links to management actions for your Kickstart or AutoYaST profiles. Before explaining the various automated installation options that are available from this page, the next two sections provide some introduction to the subject of AutoYaST and Kickstart.
Using AutoYaST, a system administrator can create a single file containing the answers to all the questions that would normally be asked during a typical installation of SUSE Linux Enterprise Server .
AutoYaST files can be kept on a single server system and read by individual computers during the installation. This installation method can support the use of a single AutoYaST file to install SUSE Linux Enterprise on multiple machines.
The SUSE Linux Enterprise Server Deployment Guide ( http://www.novell.com/documentation/sles11/book_sle_deployment/data/cha_deployment_autoinst.html) contains an in-depth discussion of "Automated Installation" using AutoYaST.
When a machine is to receive a network-based AutoYaST installation, the following events must occur in this order:
After being placed on the network and turned on, the machine's PXE logic broadcasts its MAC address and a request to be discovered.
If a static IP address is not being used, the DHCP server recognizes the discovery request and extends an offer of network information needed for the new machine to boot. This includes an IP address, the default gateway to be used, the netmask of the network, the IP address of the TFTP or HTTP server holding the bootloader program, and the full path and file name of that program (relative to the server's root).
The machine applies the networking information and initiates a session with the server to request the bootloader program.
The bootloader, once loaded, searches for its configuration file on
the server from which it was loaded itself. This file dictates which
Kernel and Kernel options, such as the initial RAM disk (initrd)
image, should be executed on the booting machine. Assuming the
bootloader program is SYSLINUX, this file is located in the
pxelinux.cfg
directory on the server and named
the hexadecimal equivalent of the new machine's IP address. For
example, a bootloader configuration file for SUSE Linux Enterprise Server should contain:
port 0 prompt 0 timeout 1 default autoyast label autoyast kernel vmlinuz append autoyast=http://my_susemanager_server
/path
\ install=http://my_susemanager_server
/repo_tree
The machine accepts and uncompresses the initrd and kernel, boots the kernel, fetches the instsys from the install server and initiates the AutoYaST installation with the options supplied in the bootloader configuration file, including the server containing the AutoYaST configuration file.
The new machine is built based upon the parameters established within the AutoYaST configuration file.
Some preparation is required for your infrastructure to handle AutoYaST installations. For instance, before creating AutoYaST profiles, you may consider:
A DHCP server is not required for AutoYaST, but it can make things easier. If you are using static IP addresses, you should select static IP while developing your AutoYaST profile.
Host the AutoYaST distribution trees via HTTP, preperably provided by SUSE Manager.
If conducting a Bare Metal AutoYaST installation, you should do the following:
Configure DHCP to assign required networking parameters and the bootloader program location.
Specify within the bootloader configuration file the Kernel to be used and appropriate Kernel options.>
While you can schedule a registered system to be installed by AutoYaST to a new operating system and package profile, it is also useful to be able to install automatically a system that is not registered with SUSE Manager, or does not yet have an operating system installed. One common method of doing this is to create a bootable CD-ROM that is inserted into the target system. When the system is rebooted, it boots from the CD-ROM, loads the AutoYaST configuration from your SUSE Manager, and proceeds to install SUSE Linux Enterprise Server according to the AutoYaST profile you have created.
To do this, copy the contents of /loader
(e.g.,
/boot/i386/loader/
) from the installation medium
of the target distribution. Then edit the
isolinux.cfg
file to default to
autoyast
and add an autoyast
section:
label autoyast kernel vmlinuz append textmode=1 autoyast=url
initrd=initrd
\ install=url_repo_tree
The AutoYaST distribution selected by the IP range should match the distribution from which you are building, otherwise errors will occur.
Next, you may customize isolinux.cfg
according to
your needs, for example, by adding multiple AutoYaST options, different
boot messages, shorter timeout periods, etc.
Next, issue the command:
mkisofs -o file.iso -b isolinux.bin -c boot.cat -no-emul-boot \ -boot-load-size 4 -boot-info-table -R -J -v -T loader/
Note that loader/
is the relative path to the
directory containing the isolinux files from the distribution medium,
while file.iso
is the output ISO file, which is
placed into the current directory.
You may then burn the ISO to CD-ROM. To use the disc (assuming you left the label for the autoyast boot as 'autoyast'), boot the system and type "autoyast" at the prompt. When you press Enter, the AutoYaST installation begins.
For more information about image creation, refer to the SUSE Linux Enterprise Server Deployment Guide, Part "Imaging and Creating Products".
In addition to CD-ROM-based installations, AutoYaST installation through a Pre-Boot Execution Environment (PXE) is supported. This is less error-prone than CDs, enables AutoYaST installation from Bare Metal, and integrates with existing PXE/DHCP environments.
To use this method, make sure your systems have network interface cards (NIC) that support PXE, install and configure a PXE server, ensure DHCP is running, and place the installation repository on an HTTP server for deployment. Finally upload the AutoYaST profile with the Web interface to the SUSE Manager server. Once the AutoYaST profile has been created, use the URL from the Autoinstallation Overview page, as for CD-ROM-based installations.
To obtain specific instructions for conducting PXE AutoYaST installation, refer to the Using PXE Boot section of the SUSE Linux Enterprise Deployment Guide.
Starting with Section 3.4.9.3, “Autoinstallation Profiles (Kickstart and AutoYaST)”, AutoYaST options available from the Systems+Kickstart are described.
Using Kickstart, a system administrator can create a single file containing the answers to all the questions that would normally be asked during a typical installation of Red Hat Enterprise Linux.
Kickstart files can be kept on a single server system and read by individual computers during the installation. This installation method can support the use of a single Kickstart file to install Red Hat Enterprise Linux on multiple machines.
The Red Hat Enterprise Linux System Administration Guide contains an in-depth discussion of kickstart (http://www.redhat.com/docs/manuals/enterprise/).
When a machine is to receive a network-based kickstart, the following events must occur in this order:
After being placed on the network and turned on, the machine's PXE logic broadcasts its MAC address and a request to be discovered.
If a static IP address is not being used, the DHCP server recognizes the discovery request and extends an offer of network information needed for the new machine to boot. This includes an IP address, the default gateway to be used, the netmask of the network, the IP address of the TFTP or HTTP server holding the bootloader program, and the full path and file name of that program (relative to the server's root).
The machine applies the networking information and initiates a session with the server to request the bootloader program.
The bootloader, once loaded, searches for its configuration file on
the server from which it was itself loaded. This file dictates which
kernel and kernel options, such as the initial RAM disk (initrd)
image, should be executed on the booting machine. Assuming the
bootloader program is SYSLINUX, this file is located in the
pxelinux.cfg
directory on the server and named
the hexadecimal equivalent of the new machine's IP address. For
example, a bootloader configuration file for Red Hat Enterprise Linux
AS 2.1 should contain:
port 0 prompt 0 timeout 1 default My_Label label My_Label kernel vmlinuz append ks=http://my_susemanager_server
/path
\ initrd=initrd.img network apic
The machine accepts and uncompresses the init image and kernel, boots the kernel, and initiates a Kickstart installation with the options supplied in the bootloader configuration file, including the server containing the Kickstart configuration file.
This kickstart configuration file in turn directs the machine to the location of the installation files.
The new machine is built based upon the parameters established within the Kickstart configuration file.
Some preparation is required for your infrastructure to handle kickstarts. For instance, before creating Kickstart profiles, you may consider:
A DHCP server is not required for kickstarting, but it can make things easier. If you are using static IP addresses, you should select static IP while developing your Kickstart profile.
An FTP server can be used in place of hosting the Kickstart distribution trees via HTTP.
If conducting a bare metal kickstart, you should 1)Configure DHCP to assign required networking parameters and the bootloader program location. 2)Specify within the bootloader configuration file the kernel to be used and appropriate kernel options.
While you can schedule a registered system to be kickstarted to a new operating system and package profile, it is also useful to be able to kickstart a system that is not registered with SUSE Manager, or does not yet have an operating system installed. One common method of doing this is to create a bootable CD-ROM that is inserted into the target system. When the system is rebooted, it boots from the CD-ROM, loads the kickstart configuration from your SUSE Manager, and proceeds to install Red Hat Enterprise Linux according to the Kickstart profile you have created.
To do this, copy the contents of /isolinux
from
the first CD-ROM of the target distribution. Then edit the
isolinux.cfg
file to default to 'ks'. Change the
'ks' section to the following template:
label ks kernel vmlinuz append text ks=url
initrd=initrd.img lang= devfs=nomount \ ramdisk_size=16438ksdevice
IP addressed-based kickstart URLs will look something like this:
http://my.manager.server/kickstart/ks/mode/ip_range
The kickstart distribution selected by the IP range should match the
distribution from which you are building, or errors will occur.
ksdevice
is optional, but looks like:
ksdevice=eth0
It is possible to change the distribution for a Kickstart profile within a family, such as Red Hat Enterprise Linux AS 4 to Red Hat Enterprise Linux ES 4, by specifying the new distribution label. Note that you cannot move between versions (4 to 5) or between updates (U1 to U2).
Next, you may customize isolinux.cfg
further for
your needs, such as by adding multiple Kickstart options, different
boot messages, shorter timeout periods, etc.
Next, create the ISO as described in the Making an Installation Boot CD-ROM section of the Red Hat Enterprise Linux Installation Guide. Alternatively, issue the command:
mkisofs -o file.iso -b isolinux.bin -c boot.cat -no-emul-boot \ -boot-load-size 4 -boot-info-table -R -J -v -T isolinux/
Note that isolinux/
is the relative path to the
directory containing the isolinux files from the distribution CD, while
file.iso
is the output ISO file, which is placed
into the current directory.
You may then burn the ISO to CD-ROM. To use the disc (assuming you left the label for the Kickstart boot as 'ks'), boot the system and type "ks" at the prompt. When you press Enter, Kickstart starts running.
In addition to CD-ROM-based installs, Kickstart supports through a Pre-Boot Execution Environment (PXE) are supported. This is less error-prone than CDs, enables kickstarting from bare metal, and integrates with existing PXE/DHCP environments.
To use this method, make sure your systems have network interface cards (NIC) that support PXE, install and configure a PXE server, ensure DHCP is running, and then place the appropriate files on an HTTP server for deployment. Once the kickstart profile has been created, use the URL from the Kickstart Details page, as for CD-ROM-based installs.
To obtain specific instructions for conducting PXE kickstarts, refer to the PXE Network Installations chapter of the Red Hat Enterprise Linux 4 System Administration Guide.
![]() | Tip |
---|---|
Upon running the Network Booting Tool as described in the Red Hat Enterprise Linux 4: System Administration Guide, ensure that you select "HTTP" as the protocol and include the domain name of the SUSE Manager in the Server field if you intend to use it to distribute the installation files. |
The following sections describe the autoinstallation options available from the Systems+Autoinstallation page.
This page lists all profiles for your organization, whether those profiles are active, and the distribution tree to which that profile is associated. You can either create a new Kickstart profile by clicking the create new kickstart profile link, upload or paste the contents of a new profile using the upload new kickstart/autoyast file, or edit an existing Kickstart profile by clicking the name of the profile. Note, you can only update AutoYaST profiles using the upload button. You can also view AutoYaST in the edit box or change the virtualization type using the selection list.
Click on the create new kickstart profile link from the Systems+Autoinstallation page to start the brief wizard that populates the base values needed for a Kickstart profile.
Procedure 3.2. Creating a New Kickstart Profile
On the first line, enter a Kickstart profile label. This label cannot contain spaces, so use dashes (-) or underscores (_) as separators.
Select a Base Channel for this profile, which consists of packages based on a specific architecture and Red Hat Enterprise Linux release.
Select a Autoinstallable Tree for this profile. The autoinstallable tree drop-down menu is only populated if one or more distributions have been created for the selected base channel.
Select the Virtualization Type from the drop-down menu.
On the second page, select (or enter) the location of the Kickstart tree.
On the third page, select a root password for the system.
Depending on your base channel, your newly created Kickstart profile may
be subscribed to a channel that is missing required packages. In order
for kickstart to work properly, the following packages should be present
in its base channel: pyOpenSSL
,
rhnlib
, libxml2-python
, and
spacewalk-koan
and associated packages.
To resolve this issue, ensure that the following items are correct:
Make sure that the Tools software channel for the Kickstart profile's base channel is available to your organization. If it is not, you must request entitlements for the Tools software channel from the SUSE Manager administrator.
Make sure that the Tools software channel for this Kickstart profile's base channel is available to your SUSE Manager as a child channel.
Make sure that rhn-kickstart
and associated
packages corresponding to this kickstart are available in the Tools
child channel.
The final stage of the wizard presents the Autoinstallation Details+Details tab. On this tab and the other subtabs, nearly every option for the new Kickstart profile can be customized.
Once created, you can access the Kickstart profile by downloading it from the Autoinstallation Details page by clicking the Autoinstallation File subtab and clicking the Download Autoinstallation File link.
If the Kickstart file is not managed by SUSE Manager, you can access it using by via the following URL path:
http://my.manager.server/ks/dist/ks-rhel-ARCH
-VARIANT
-VERSION
In the above example, ARCH
is the
architecture of the Kickstart file, VARIANT
is either client
or
server
, and VERSION
is
the release of Red Hat Enterprise Linux associated with the Kickstart
file.
The following sections describe the options available on each subtab.
Figure 3.9, “Autoinstallation Details” shows the subtabs that are available from the Autoinstallation Details tab. From the Autoinstallation Details+Details subtab, you can:
Rename the profile.
Change the operating system it installs by clicking (Change).
Change the Virtualization Type.
![]() | |
Changing the Virtualization Type may require changes to the Kickstart profile bootloader and partition options, potentially overwriting user customizations. Consult the Partitioning tab to verify any new or changed settings. |
Change the amount of Virtual Memory (in Megabytes of RAM) allocated to virtual guests autoinstalled with this profile.
Change the number of Virtual CPUs for each virtual guest.
Change the the Virtual Storage Path from the
default in /var/lib/xen/
.
Change the amount of Virtual Disk Space (in GB) alloted to each virtual guest.
Change the Virtual Bridge for networking of the virtual guest.
Deactivate the profile so that it cannot be used to schedule a kickstart by removing the Active checkmark.
Check whether to enable logging for custom %post
scripts to the /root/ks-post.log
file.
Check whether to enable logging for custom %pre
scripts to the /root/ks-pre.log
file.
Check whether to preserve the ks.cfg
file and
all %include
fragments to the
/root/
directory of all systems autoinstalled
with this profile.
Select whether this profile is the default for all of your organization's kickstarts by checking or unchecking the box.
Add any Kernel Options in the corresponding text box.
Add any Post Kernel Options in the corresponding text box.
Enter comments that are useful to you in distinguishing this profile from others.
From this page, you can make the following changes to the operating system that the Kickstart profile installs:
Select from the available base channels. SUSE Manager administrators can see a list of all base channels that are currently synced to the SUSE Manager.
Subscribe to any available child channels of the base channel, such as the Tools channel.
Use the drop-down menu to choose the available trees that are associated with the base channel.
The exact location from which the Kickstart tree is mounted. This value is determined when the profile is created. You can view it on this page but you cannot change it.
Kickstart variables can be used to substitute values into Kickstart
profiles. To define a variable, create a name-value pair
(name/value
) in the text box.
For example, if you wanted to kickstart a system that joins the network for specified department (for example the Engineering organization) you can create a profile variable to set the ip address and the gateway server address to a variable that any system using that profile will use. Add the following line to the Variables text box.
IPADDR=192.168.0.28 GATEWAY=192.168.0.1
To use the profile variable, you can use the name of the variable
within the profile to substitute in the value. For example, the
network
portion of a Kickstart file looks like the
following:
network --bootproto=static --device=eth0 --onboot=on --ip=$IPADDR \ --gateway=$GATEWAY
The $IPADDR
will be
192.168.0.28
, and the $GATEWAY
will be 192.168.0.1
![]() | |
There is a hierarchy when creating and using variables in Kickstart files. System Kickstart variables take precedence over variables, which in turn take precendence over variables. Understanding this hierarchy can alleviate confusion when using variables in kickstarts. |
Using variables are just one part of the larger Cobbler infrastructure for creating templates that can be shared between multiple profiles and systems. For more information about Cobbler and Kickstart templates, refer to Chapter 6, Cobbler.
From this page, you can toggle several installation options on and off by checking and unchecking the boxes to the left of the option. For most installations, the default options are correct. The Red Hat Enterprise Linux System Administration Guide discusses each of these options in detail.
This subtab provides the information necessary to Kickstart systems that are not currently registered with SUSE Manager. Using the on-screen instructions, you may either autoinstall systems using boot media (CD-ROM) or by IP address.
Figure 3.10, “System Details” shows the subtabs that are available from the System Details tab.
From the System Details+Details subtab, you can:
Select from DHCP and static IP, depending on your network.
Choose the level of SELinux that is configured on kickstarted systems.
Enable configuration management or remote command execution on kickstarted systems.
Change the root password associated with this profile.
From this subtab, you can change the timezone associated with kickstarted systems.
From this subtab, you can indicate the partitions that you wish to be created during installation. For example:
partition /boot --fstype=ext3 --size=200 partition swap --size=2000 partition pv.01 --size=1000 --grow volgroup myvg pv.01 logvol / --vgname=myvg --name=rootvol --size=1000 --grow
If you have previously created a file preservation list, you may include that list as part of the kickstart. This will prevent the files in that list from being over-written during the installation process. Refer to Section 3.4.9.9, “ for information on how to create a file preservation list. + — [Prov]”
From this subtab, select the GPG keys and/or SSL certificates to be imported to the kickstarted system during the %post section of the kickstart. For SUSE Manager customers, this list includes the SSL Certificate used during the installation of SUSE Manager.
![]() | |
Any GPG key you wish to import to the kickstarted system must be in ASCII rather than binary format. |
From this subtab, you can change information that may help with troubleshooting hardware problems:
For some headless systems, it is better to select the non-graphic LILO bootloader.
Enter kernel parameters here that may help to narrow down the source of hardware issues.
Figure 3.11, “Software” shows the sub-tabs that are available from the Software tab.
Enter the package groups, such at @office
or
@admin-tools
you would like to install on the
kickstarted system in the large text box on this page. If you would
like to know what package groups are available, and what packages they
contain, refer to the RedHat/base/
file of your
Kickstart tree.
If you have previously created a Package Profile from one of your registered systems, you can use that profile as a template for the files to be installed on a kickstarted system. Refer to Section 3.4.2.9.2.2, “ for more information about package profiles. + + ”
The Activation Keys tab, which has no subtabs, allows you select Activation Keys to include as part of the Kickstart profile. These keys, which must have been created previous to creating the Kickstart profile, will be used when re-registering kickstarted systems.
The Scripts tab, which has no subtabs, is where %pre and %post scripts are created. This page lists any scripts that have already been created for this Kickstart profile. To create a new Kickstart script:
Click the
link in the upper right.
Enter the path to the scripting language used to create the script,
such as /usr/bin/perl
.
Enter the full script in the large text box.
Indicate whether this script is to be executed in the %pre or %post section of the Kickstart process.
Indicate whether this script is to run outside of the chroot
environment. Refer to the Post-installation
Script section of the Red Hat Enterprise Linux
System Administration Guide for further explanation of
the nochroot
option.
![]() | |
SUSE Manager supports the inclusion of separate files within the
Partition Details section of the Kickstart profile. For instance, you
may dynamically generate a partition file based on the machine type
and number of disks at kickstart time. This file can be created via
%pre script and placed on the system, such as
%include /tmp/part-include |
The Autoinstallation File tab, which has no subtabs, allows you to view or download the profile that has been generated from the options chosen in the previous tabs.
Click on the upload new kickstart/autoyast file link from the Systems+Autoinstallation page to upload an externally prepared AutoYaST or Kickstart profile.
On the first line, enter a profile
for the automated installation. This label cannot contain spaces, so use dashes (-) or underscores (_) as separators.Select a
(installation data) for this profile. The drop-down menu is only populated if one or more distributions have been created for the selected base channel.Select the
from the drop-down menu.![]() | |
If you do not intend to use the autoinstall profile to create virtual guest systems, you can leave the drop-down at the default KVM Virtualized Guest choice. |
Finally, either provide the file contents with cut-and-paste or update the file from the local storage medium:
Paste it into the
box and click , orenter the file name in the
field and click .Once done, four subtabs are available: Section 3.4.9.4.6, “), + — [Prov]” (see Section 3.4.9.4.5, “), + — [Prov]” (see Section 3.4.9.4.3, “), and + ” (see Section 3.4.9.4.16, “Autoinstallation File — [Prov]”) are available.
(seeLists the IP addresses that have been associated with the profiles created by your organization. Click either the range or the profile name to access different tabs of the Autoinstallation Details page.
Lists keys and certificates available for inclusion in kickstart profiles and provides a means to create new ones. This is especially important for customers of SUSE Manager or the Proxy Server because systems kickstarted by them must have the server key imported into SUSE Manager and associated with the relevant kickstart profiles. Import it by creating a new key here and then make the profile association in the GPG and SSL keys subtab of the Autoinstallation Details page.
To develop a new key/certificate, click the create new stored key/cert link in the upper-right corner of the page. Enter a description, select the type, upload the file, and click the button. Note that a unique description is required.
![]() | |
The GPG key you upload to SUSE Manager must be in ASCII format. Using a GPG key in binary format causes anaconda, and therefore the kickstart process, to fail. |
The Distributions page enables you to find and create custom installation trees that may be used for automated installations.
![]() | |
The Distributions page does not display distributions already provided. They can be found within the Distribution dropdown menu of the Autoinstallation Details page. Before creating a distribution, you must make an installation tree available, as described in the Automated Installation chapter of the SUSE Linux Enterprise Deployment Guide or, respectively, the Kickstart Installations chapter of the Red Hat Enterprise Linux System Administration Guide. This tree must be located in a local directory on the SUSE Manager server. |
Procedure 3.3. Creating Distribution for Autoinstallation
To create a new distribution, on the
click in the upper right corner.On the
page, provide the following data:
Enter a label (without spaces) in the Distribution
Label field, such as
my-orgs-sles-11-sp1
or
my-orgs-rhel-as-5
.
In the Tree Path field, paste the path to the base of the installation tree. (For Red Hat Enterprise Linux systems, you can test this by appending "images/pxeboot/README" to the URL in a Web browser, pressing Enter, and ensuring that the readme file appears.)
Select the matching distribution from the Base
Channel and Installer Generation
dropdown menus, such as >SUSE Linux
for
SUSE Linux Enterprise, or Red Hat Enterprise Linux 5
for
Red Hat Enterprise Linux 5 client systems.
When finished, click the
button.
Autoinstallation variables can be used to substitute values into
Kickstart profiles; this feature does not apply for AutoYaST, which
supports rule based autoinstallations. To define a variable, create a
name-value pair (name/value
) in the text
box.
For example, if you wanted to kickstart a system that joins the network for specified department (for example the Engineering organization) you can create a profile variable to set the ip address and the gateway server address to a variable that any system using that profile will use. Add the following line to the Variables text box.
IPADDR=192.168.0.28 GATEWAY=192.168.0.1
To use the distribution variable, you can use the name of the variable
within the profile to substitute in the value. For example, the
network
portion of a kickstart file looks like the
following:
network --bootproto=static --device=eth0 --onboot=on --ip=$IPADDR \ --gateway=$GATEWAY
The $IPADDR
will be
192.168.0.28
, and the $GATEWAY
will be 192.168.0.1
![]() | |
There is a hierarchy when creating and using variables in Kickstart files. System Kickstart variables take precedence over Profile variables, which in turn take precendence over Distribution variables. Understanding this hierarchy can alleviate confusion when using variables in kickstarts. |
Using variables are just one part of the larger Cobbler infrastructure for creating templates that can be shared between multiple profiles and systems. For more information about Cobbler and Kickstart templates, refer to Chapter 6, Cobbler.
Collects lists of files to be protected and re-deployed on systems during kickstart. For instance, if you have many custom configuration files located on a system to be kickstarted, enter them here as a list and associate that list with the Kickstart profile to be used.
To use this feature, click the create new file preservation list link at the top and enter a relevant label and all files and directories to be preserved on the resulting page. Enter absolute paths to all files and directories. Then click .
![]() | |
Although file preservation is useful, it does have limitations. First,
each list is limited to a total size of 1 MB. Further, special devices
like |
When finished, you may include the file preservation list in the Kickstart profile to be used on systems containing those files. Refer to Section 3.4.9.4, “Create a New Kickstart Profile” for precise steps.
Use Kickstart snippets to store common blocks of code that can be shared across multiple Kickstart profiles in SUSE Manager. When you create a Kickstart snippet, all Kickstart profiles including that snippet will be updated accordingly.
Select the Patches tab from the top navigation bar to track the availability and application of patches to your managed systems.
The first page to appear is the Patches Overview page. This page displays relevant patches, which apply to at least one system to which you have administrative access and that have not yet been applied.
![]() | Receiving Patches for Your System |
---|---|
To receive an email when patches are issued for your system, go to Overview+Your Preferences and select Receive email notifications. |
SUSE distinguishes three types of patches: security updates, bug fix updates, and enhancement updates. Each patch is comprised of a summary of the problem and a solution, including the RPM packages required to fix the problem.
Icons are used to identify the three types:
— Security Updates available,
strongly recommended
— Bug Fix Updates available, recommended
— Enhancement Updates available, optional
A summary of each patch is provided in list form. This view instantly informs you of the type, severity (for security updates), and subject of the patch, as well as the number of affected systems.
In addition to the pages described within this chapter, you may view patches by product line at the following location: http://download.novell.com/patch/psdb/. An RSS feed with security updates is available at http://www.novell.com/linux/security/suse_security.xml.
The Relevant Patches page displays a customized list of patches that applies to your registered systems. The list provides a summary of each patch, including its type, severity (for security updates), advisory number, synopsis, systems affected, and date updated.
Clicking on Advisory takes you to the Details tab of the Patch Details page. Clicking on the number of associated systems takes you to the Affected Systems tab of the Patch Details page. Refer to Section 3.5.2.2, “Patch Details” for more information.
The All Patches page displays a list of all patches released by SUSE. It works much the same as the Relevant Patches page in that clicking either Advisory or the number of systems affected takes you to related tabs of the Patch Details page. Refer to Section 3.5.2.2, “Patch Details” for more information.
Patches include a list of updated packages. To apply patches to a system, the system must be entitled.
Apply all applicable patches to a system by clicking on Systems+Systems in the top and left navigation bars. Click on the name of an entitled system, and click the Patches tab of the resulting System Details page. When the relevant patch list appears, click and then on the bottom right-hand corner of the page. Only those patches that have not been scheduled, were scheduled and failed, or were canceled are listed. Updates already pending are excluded from the list.
In addition, management users can apply patches using two other methods:
To apply a specific patch to one or more systems, find the update within the patch lists. In the table, click on the number of systems affected, which takes you to the Affected Systems tab of the Patch Details page. Select the individual systems to be updated and click the button. Double-check the systems to be updated on the confirmation page, then click the button.
To apply more than one patch to one or more systems, select the systems from a Systems list and click the button. Click the System Set Manager link in the left navigation bar, then click the Systems tab. After ensuring the appropriate systems are selected, click the Patch tab, select the patches to apply, and click the button. You can select to apply the patch as soon as possible or schedule a date and time for the patch to occur. Then click the button. You can follow the progress of the patch through the Pending Actions list. Refer to Section 3.8, “Schedule” for more details.
![]() | |
If you use scheduled package installation, the packages are installed via the SUSE Manager daemon. You must enable the SUSE Manager daemon on your systems. Refer to Chapter 2, SUSE Manager Daemon for more details. |
The following rules apply to patches:
Each package is a member of one or more channels. If a selected system is not subscribed to a channel containing the package, the package will not be installed on that system.
If a newer version of the package is already on the system, the package will not be installed on that system.
If an older version of the package is installed, the package will be upgraded.
If you click on the advisory of a patch in the Relevant or All pages, its Patch Details page appears. This page is further divided into the following tabs:
This subtab displays the patch report issued by SUSE. It provides a synopsis of the patch first, including the severity (for security updates), issue date, and any update dates. This is followed by brief and detailed descriptions of the patch and the steps required to resolve the issue.
Below the Affected Channels label, all channels that contain the affected package are listed. Clicking on a channel name displays the Packages subtab of the Channel Details page for that channel. Refer to Section 3.6.1.9, “Software Channel Details” for more information.
Security updates list the specific vulnerability as tracked by http://cve.mitre.org. This information is listed below the CVEs label.
OVAL is an open vulnerability and assessment language promoted by Mitre, http://oval.mitre.org. Clicking on the link below the Oval label downloads this information to your system. More useful is the collected Novell/SUSE Linux security updates on http://support.novell.com/security/cve/.
This subtab provides links to each of the updated RPMs broken down by channel. Clicking on the name of a package displays its Package Details page.
This subtab lists systems affected by the patches. You can apply updates here. (See Section 3.5.2.1, “Apply Patches”.) Clicking on the name of a system takes you to its System Details page. Refer to Section 3.4.2.9, “System Details” for more information.
To help users determine whether an update has been scheduled, a Status column exists within the affected systems table. Possible values are: None, Pending, Picked Up, Completed, and Failed. This column identifies only the latest action related to a patch. For instance, if an action fails and you reschedule it, this column shows the status of the patch as pending (with no mention of the previous failure). Clicking a status other than None takes you to the Action Details page. This column corresponds to one on the Patch tab of the System Details page.
The Patch Search page allows you to search through patches according to specific criteria.
All Fields — Search patches by synopsis, description, topic, or solution.
Patch Advisory — The way SUSE's security team codifies advisories, such as:
SUSE-RU-2011:0030
Searches can be done by year (such as 2011), by type of advisory, or full advisory name, such as the example above.
Package Name — Users concerned with particular packages can search by package name, such as:
kernel
Package search can be beneficial because search results will be grouped
by advisory. For example, searching for kernel-related bugs return
results where all packages with the term
kernel
appear grouped by the advisory
for which the bug is related.
CVE Name — The name assigned to the security advisory (RHSA) by the common vulnerabilities and exposures project at http://cve.mitre.org. For example:
CVE-2006-4535
You may also filter patch search results by the type of patch issued. Check or uncheck the boxes next to the type of advisory to search.
Bug Fix Advisory — Patches that contain fixes to issues that were reported by users or discovered during development or testing.
Security Advisory — Patches that fix a security issue found during development, testing, or reported by users or a software security clearing house. A security advisory usually has one or more CVE names associated with each vulnerability found in each patch.
Product Enhancement Advisory — Patches that contain new features, improved functionality, or enhanced performance in the packaged software.
If you click the Channels tab on the top navigation bar, the Channels category and links appear. The pages in the Channels category enable you to view and manage the channels and packages associated with your systems.
The Software Channels page is the first to appear in the Channels category. A software channel is a list of packages grouped by use. Channels are used to choose packages to be installed on a system.
There are two types of software channels: base channels and child channels.
A base channel consists of a list of packages based on a specific architecture and release. For example, all of the packages in SUSE Linux Enterprise Server 11 for the x86 architecture make up a base channel. The list of packages in SUSE Linux Enterprise Server 11 for the i586 architecture make up a different base channel.
A system must be subscribed to one base channel only. This base channel is assigned automatically during registration based upon the SUSE Linux Enterprise release and system architecture selected. In the case of public free channels, the action always succeeds. In the case of paid base channels, this action fails if an associated entitlement does not exist.
A child channel is a channel associated with a base channel that contains extra packages. For instance, an organization can create a child channel associated with SUSE Linux Enterprise Server for the x86 architecture that contains extra packages needed only for the organization, such as a custom engineering application.
A system can be subscribed to multiple child channels of its base channel. Only packages included in a system's subscribed channels can be installed or updated on that system.
![]() | |
Ensure that you do not create child channels available to client systems that contain packages that are not compatible with the system. |
Channels can be further broken down by their relevance to your systems, including
, , , , , and .As shown in Figure 3.16, “All Channels”, the All Channels page is shown by default when you click in the navigation bar. It displays a list of all channels available to your organization. Links within this list go to different tabs of the Software Channel Details page. Clicking on a channel name takes you to the Details tab. Clicking on the number of packages takes you to the Packages tab. Clicking on the number of systems takes you to the Subscribed Systems tab. Refer to Section 3.6.1.9, “Software Channel Details” for details.
The Novell Channels page displays the Novell channels and their available child channels.
![]() | Novell Channels Cannot Be Deleted |
---|---|
Once imported, Novell channels cannot be deleted. Only custom software channels can be deleted. |
The Popular Channels page displays the software channels most subscribed by systems registered to your organization. You can refine the search further by using the drop-down menu to list only the channels with at least a certain number of systems subscribed.
The My Channels page displays all of the software channels that belong to your organization, which includes both Novell channels and custom channels. You can refine the search further by using the text box to filter by channel name.
The Shared Channels page displays the channels in your organization that you have shared with others in your organizational trust. For more information about organizational trust and channel sharing, refer to Section 5.6.2, “Sharing Content Channels between Organizations in a Trust”.
The Retired Channels page displays channels available to your organization that have reached their end-of-life dates. These channels do not receive updates.
If you click on the name of a channel, the Software Channel Details page appears. This page is broken down into the following tabs:
General information about the channel and the parent channel, if it is a child channel. This is the first tab displayed when you click on a channel. It displays essential information about the channel, such as summary, description, and architecture.
[Mgmt] — In addition, a globally subscribable checkbox can be seen by SUSE Manager administrators and channel administrators. This signifies the default behavior of every channel allowing any user to subscribe systems to it. Unchecking this box and clicking Subscribers tab, which may then be used to grant certain users subscription permissions to the channel. SUSE Manager administrators and channel administrators can always subscribe systems to any channel.
causes the appearance of a[Mgmt] — Only customers with custom base channels may change their systems' base channel assignment. They may do this through the website in two ways:
Customers with a custom base channel may assign the system to that base channel.
Customers may revert system subscriptions from a custom base channel to the appropriate distribution-based base channel.
![]() | |
The system base channel's distribution variant must match the variant
installed on the system. For example, a system that has SUSE Linux Enterprise 10
for x86 cannot be registered to a SUSE Linux Enterprise 11 for x86 base channel.
Use the file |
List of patches affecting the channel. The list displays advisory types, names, summaries, and the dates issued. Clicking on an advisory name takes you to its Patch Details page. Refer to Section 3.5.2.2, “Patch Details” for more information.
List of packages in the channel. To download packages as a
.tar
file, select them and click the
button at the bottom-left
corner of the page. Clicking on a package name takes you to the
Package Details page. This page displays a set of
tabs with information about the package, including which architectures
it runs on, the package size, build date, package dependencies, the
change log, list of files in the package, newer versions, and which
systems have the package installed. From here, you can download the
packages as RPMs or SRPMs.
To search for a specific package or a subset of packages, use the
package filter at the top of the list. Enter a substring to search all
packages in the list for package names that contain the string. For
example, typing ks
in the filter might return:
ksconfig
, krb5-workstation
,
and links
. The filter is case-insensitive.
List of entitled systems subscribed to the channel. The list displays system names, base channels, and their levels of entitlement. Clicking on a system name takes you to its System Details page. Refer to Section 3.4.2.9, “System Details” for more information.
[Mgmt] — If it is a child channel, you also have the option of unsubscribing systems from the channel. Use the checkboxes to select the systems, then click the
button on the bottom right-hand corner.The Package Search page allows you to search through packages using various criteria (the What to search for label):
Free Form — a general keyword search for users that are unsure of the details of particular package and its contents.
Name Only — Targeted search for users that need to find a specific packages and do not want to sift through more generalized search results.
Name and Summary — Specified searches for a certain package name or program that, while not in the name of the package, may be in the one-line summary of the package.
Name and Description — Similar to a Name and Summary search, this search criteria searches package names and the longer Description of the package. So, a search for “web browser” could result in several results that includes both graphical and text-based browsers.
The Free Form field addtionally allows you to search using field names that you prepend to search queries and filter results by that field keyword.
For example, if you wanted to search all of the SUSE Linux Enterprise packages for the
word java
in the description and summary, type the
follwing using the Free Form field:
summary:java and description:java
Other supported field names for documentation search include:
name
— Search the package names for a
particular keyword
version
— Search for a particular package
version
filename
— Search the package filenames for a
particular keyword
description
— Search the packages' detailed
description field for a particular keyword
summary
— Search the packages' brief summary
for a particular keyword
arch
— Search the packages by their
architecture (such as x86, x86_64, or s390)
Along with search criteria, you can also limit searches to Channels relevant to your systems by clicking the checkbox. Additionally, you can restrict your search by platform or architecture.
This tab allows administrators to create, clone, and delete custom channels. These channels may contain altered versions of distribution-based channels or custom packages.
The default screen of the
tab is a listing of all available channels. This includes custom, distribution-based, and child channels.To clone an existing channel, click the clone channels link in the upper right of the screen, select the channel to be cloned from the dropdown menu, and click the button. The next screen presents various options for the new channel, including base architecture and GPG options. Make your selections and click the button to complete the process.
To create a new channel, click the create new channel link in the upper right of the screen. Select the various options for the new channel, including base architecture and GPG options. Make your selections and click the button. Note that a channel created in this manner is blank, containing no packages. You must either upload software packages or add packages from other channels. You may also choose to include patches in your custom channel.
This screen lists the selections you made during the channel creation process. This page includes the Globally Subscribable checkbox that permits all users to subscribe to the channel.
This subtab allows you to select which users may alter or delete this channel. SUSE Manager administrators and channel administrators may alter or delete any channel.
To allow a user to alter the channel, select the checkbox next to the user's name and click the
button. To allow all users to manage the channel, click the button at the bottom of the list followed by the button. To remove a user's ability to manage the channel, uncheck the box next to their name and click the button.This subtab allows channel managers to list, remove, clone, and add patches to their custom channel. Custom channels not cloned from a distribution may not add patches until there are packages in the channel. Only patches that match the base architecture of the channel and apply to a package in that channel may be added to the channel. Finally, only cloned or custom patches may be added to custom channels. Patches may be included in a cloned channel if they are selected during channel creation.
This subtab is similar to the Patches subtab. It allows channel and organization administrators to list, remove, compare, and add packages to the custom channel.
To list all packages in the channel, click the List / Remove Packages link. Check the box to the left of any package you wish to remove, then click the button in the lower right of the page.
To add packages, click the Add Packages link. Choose a channel from which to select packages from the drop-down menu and click the button to continue. Check the box to the left of any package you wish to add to the channel, then click the button in the bottom right of the screen.
To compare packages within the current channel with those of another channel, select the other channel from the drop-down menu and click the
button. All packages present in either channel are compared, and the results displayed on the next screen. This information includes the architecture and version of each package.To make the two channels identical, click the
button in the lower right. The following screen allows you to select how conflicts are resolved. Click the button to view the results of the merging without making any changes to the channels. Finally, select those packages that you wish to merge and click the button followed by the button to perform the merge.This tab allows you to manage custom software packages owned by your organization. You may view a list of all custom software or view only those packages in a selected custom channel. To select the channel whose custom packages you wish to view, select the channel from the drop-down menu and click the
button.This tab allows you to add and manage existing custom or third-party package repositories as well as link the repositories to an existing channel. The repositories feature currently supports repomd repositories.
To create a new repository click the create new
repository link at the top right of the Manage
Repositories page. The Create Repository
screen prompts you to enter a Repository Label
(such as sles-11-x86_64
) as well as a
Repository URL (such as
http://customrepo.example.com). You can also enter URLs pointing to
mirror lists as well as direct download URLs. Upon completion, click the
button.
To link the newly created repository to an existing software channel, click the Manage Software Channels link in the left menu, then click the Channel you want to link. From the channel's Detail page, click the Repositories subtab, then check the box corresponding to the repository you want to link, and click Update Repositories.
To synchronize packages from a custom repository to your channel, click the Sync link from the channel's Repositories subtab, and confirm by clicking the button.
This tab is the portal to managing your configuration channels and files, whether they are centrally managed or limited to a single system. You must be a Configuration Administrator or a SUSE Manager Administrator to see the Configuration tab. In addition, you must have at least one Provisioning entitlement, or the tab does not appear.
Central and local configuration management are discussed in this chapter. Centrally-managed files are available to multiple systems; changes to a single file in a central configuration channel can affect many systems. Each system with a Provisioning entitlement also has a local configuration channel (also referred to as an override channel) and a sandbox channel.
For a system to have its configuration managed through SUSE Manager, it must
have the appropriate tools and the config-enable
file
installed. These tools may already be installed on your system,
especially if you installed the system with configuration management
functionality using AutoYaST or Kickstart. If not, they can be found within
the
Tools child channel for your distribution. Download and install the
latest rhncfg*
packages. They are:
rhncfg
— The base libraries and functions needed
by all rhncfg-*
packages.
rhncfg-actions
— The RPM package required to run
configuration actions scheduled via SUSE Manager.
rhncfg-client — A command line interface to the client features of the Configuration Management system.
rhncfg-management — A command line interface used to manage SUSE Manager configuration.
Next, you must enable your system to schedule configuration actions. This
is done using the mgr-actions-control command on the
client system. This command is included in the
rhncfg-actions
RPM. The Actions Control
(mgr-actions-control) enables or disables specific
modes of allowable actions. Refer to
Section A.1, “Actions Control” for instructions.
The Configuration Overview page allows you to assess at a glance the status of your configuration files and the systems that use them.
This panel provides quick reference information about your configuration files. Clicking on any of the blue texts to the right displays an appropriate list of either relevant systems, channel details, or configuration files.
This panel offers direct access to the most common configuration management tasks. You can view or create files or channels, or enable configuration management on your systems.
The list displayed here indicates which files have changed, to which channel they belong, and when they were changed. If no files have been recently changed, no list appears. Click on the name of the file to be taken to that file's Details page. Click on the channel name to be taken to the Channel Details page for that channel.
Each action that has been scheduled is listed here along with the status of the action. Any configuration task that is scheduled, from enabling configuration management on a system to deploying a specific configuration file, is displayed here. This allows you to quickly assess if your tasks have succeeded, and to take action to correct any issues. Clicking on any blue text displays the System Details+Schedule page for the specified system.
As mentioned above, SUSE Manager manages both central and local configuration channels and files. Central configuration management allows you to deploy configuration files to multiple systems. Local configuration management allows you to specify overrides, or configuration files that are not changed by subscribing the system to a central channel.
Central configuration channels must be created via the link on this page. Local configuration channels are not created here; they automatically exist for each system to which a Provisioning entitlement has been applied.
Click on the name of the configuration channel to be taken to the details page for that channel. If you click on the number of files in the channel, you are taken to the List/Remove Files page of that channel. If you click on the number of systems subscribed to the configuration channel, you are taken to the Systems+Subscribed Systems page for that channel.
To create a new central configuration channel:
Click the create new config channel link in the upper right of this screen.
Enter a name for the channel.
Enter a label for the channel. This field must contain only alphanumeric characters, "-", "_", and "."
Enter a description for the channel. You must enter a description, though there is no character restriction. This field can contain any brief information that allows you to distinguish this channel from others.
Press the
button to create the new channel.The following page is a subset of the Channel Details page, and has three subtabs: Overview, Add Files, and Systems. The Channel Details page is discussed fully in Section 3.7.3.1, “. + + ”
This subtab is very similar to the Configuration Overview page. The Channel Information panel provides status information for the contents of the channel. The Configuration Actions panel provides access to the most common configuration tasks. The main difference is the Channel Properties panel. By clicking on the Edit Properties link, you can edit the name, label, and description of the channel.
This tab, which only appears if there are files in the configuration channel, lists the files that this configuration channel contains. You can remove a file or files, or copy the latest version into a set of local overrides or into other central configuration channels. Check the box next to any files you wish to manipulate and click the button corresponding to the desired action at the bottom of the screen.
The Add Files subtab has three subtabs of its own, which allow you to Upload, Import, or Create configuration files to be included in the channel.
To upload a file into the configuration channel, browse for the file on your local system, populate all fields, and click the Filename/Path field is the absolute path where the file will be deployed.
button. TheYou can also indicate the Ownership (the user name and group name) as well as the Permissions of the file when it is deployed.
If the client has SELinux enabled, you can configure SELinux contexts to enable the required file attributes (such as user, role, and file type) that allow it to be used on the system.
Finally, if the configuration file includes a macro, enter the symbol that marks the beginning and end of the macro.
From this page you can import files from other configuration channels, including any locally-managed channels. Check the box to the left of any file you wish to import and press the
button.![]() | |
A sandbox icon indicates that the listed file is currently located in a local sandbox channel. Files in a system's sandbox channel are considered experimental and could be unstable. Use caution when selecting them for a central configuration channel. |
From this page you can create a configuration file, directory, or symbolic link from scratch to be included in the configuration channel.
First, choose whether you want to create a text file, directory,
or symbolic link (symlink) in the File
Type section. Indicate the absolute path along which
the file should be deployed in the
Filename/Path
text box. If you are creating a
symlink, indicate the target file and path in the
Symbolic Link Target Filename/Path text box.
Enter the User name and Group name for the file in the Ownership section, as well as the File Permissions Mode for the file.
If the client has SELinux enabled, you can configure SELinux contexts to enable the required file attributes (such as user, role, and file type) that allow it to be used on the system.
If the configuration file includes a macro, enter the symbol that marks the beginning and end of the macro. Then, enter the configuration file content in the File Contents field, using the script dropdown menu to choose the appropriate scripting language. Finally, press the button to create the new file.
This subtab only appears when there are files present in the channel. You can deploy all files by pressing the
button, or you can check selected files and press the button. You will then be asked to select to which systems the file(s) should be applied. The listed systems are those that are subscribed to this channel. If you wish to apply the file to a system not listed here, first subscribe that system to the channel. When ready, press the button to deploy the files.This tab, which consists of two subtabs, allows you to manage the systems that are subscribed to the configuration channel.
This subtab displays a list of all systems that are subscribed to the current channel. Clicking on the name of the system takes you to the System Details page for that system.
This subtab displays a list of systems that have been enabled for configuration management and that are not yet subscribed to the channel. To add a system to the configuration channel, check the box to the left of the system's name and press the
button.This tab allows you to manage your configuration files independently. Both centrally-managed and locally-managed files can be reached from subtabs.
![]() | |
By default, the maximum file size for configuration files is 128KB. If
you need to change that value, find and modify the following line in the
web.maximum_config_file_size=128
You must also find and change the following line in the
maximum_config_file_size=131072
Change the value in both files from |
Centrally-managed files are those that are available to multiple systems. Changing a file within a centrally-managed channel may result in changes to several systems.
This page lists all files that are currently stored in your central configuration channels. Click on the Path of a file to be taken to the Configuration File Details page for that file. Select the name of the configuration channel to be taken to the Channel Details page of the channel that contains the file. Clicking on the number of systems takes you to a listing of systems currently subscribed to the channel containing that file. Finally, clicking on the number of overriding systems displays a list of systems that have a local (or override) version of the configuration files (which means that the centrally-managed file will not be deployed to those systems).
Locally-managed configuration files are those files that apply to only one system. They may be files in the system's sandbox or they may be files that can be deployed to the system at any time. Local files have higher priority than centrally-managed files - that is, if a system is subscribed to a configuration channel with a given file, and also has a locally-managed version of that same file, the locally-managed version is the one that will be deployed.
This page lists all of the local (override) configuration files for your systems. This includes the local configuration channels and the sandbox channel for each Provisioning-entitled system.
Click the Path of the file to go to the Config File Details page for the file. Click the name of the system to which it belongs to go to the System Details+Configuration+Configuration+Overview page for the system.
Being able to store and share identical configurations is useful, but what if you have many variations of the same configuration file? What do you do if you have configuration files that differ only in system-specific details, such as hostname and MAC address?
In traditional file management, you would be required to upload and distribute each file separately, even if the distinction is nominal and the number of variations is in the hundreds or thousands. SUSE Manager addresses this by allowing the inclusion of macros, or variables, within the configuration files it manages for Provisioning-entitled systems. In addition to variables for custom system information, the following standard macros are supported:
rhn.system.sid
rhn.system.profile_name
rhn.system.description
rhn.system.hostname
rhn.system.ip_address
rhn.system.custom_info(key_name)
rhn.system.net_interface.ip_address(eth_device)
rhn.system.net_interface.netmask(eth_device)
rhn.system.net_interface.broadcast(eth_device)
rhn.system.net_interface.hardware_address(eth_device)
rhn.system.net_interface.driver_module(eth_device)
To use this powerful feature, either upload or create a configuration file through the Configuration Channel Details page. Then, open its Configuration File Details page and include the supported macros of your choosing. Ensure that the delimiters used to offset your variables match those set in the Macro Start Delimiter and Macro End Delimiter fields and do not conflict with other characters in the file. We recommend that the delimiters be two characters in length and must not contain the percent (%) symbol.
As an example, you may have a file applicable to all of your servers
that differs only in IP address and hostname. Rather than manage a
separate configuration file for each server, you may create a single
file, such as server.conf
, with the IP address and
hostname macros included, like so:
hostname={| rhn.system.hostname |} ip_address={| rhn.system.net_interface.ip_address(eth0) |}
Upon delivery of the file to individual systems, whether through a scheduled action in the SUSE Manager website or at the command line with the SUSE Manager Configuration Client (mgrcfg-client), the variables will be replaced with the hostname and IP address of the system, as recorded in SUSE Manager's System Profile. In the above configuration file, for example, the deployed version resembles the following:
hostname=test.example.domain.com ip_address=177.18.54.7
To capture custom system information, insert the key label into the custom information macro (rhn.system.custom_info). For instance, if you developed a key labeled "asset" you can add it to the custom information macro in a configuration file to have the value substituted on any system containing it. The macro would look like this:
asset={@ rhn.system.custom_info(asset) @}
Upon deployment of the file to a system containing a value for that key, the macro gets translated, resulting in a string similar to the following:
asset=Example#456
To include a default value, for instance if one is required to prevent errors, you can append it to the custom information macro, like so:
asset={@ rhn.system.custom_info(asset) = 'Asset #' @}
This default is overridden by the value on any system containing it.
Using the SUSE Manager Configuration Manager (mgrcfg-manager) will not translate or alter files, as that tool is system agnostic— mgrcfg-manager does not depend on system settings. Binary files cannot be interpolated.
This page displays status information about your system in relation to configuration. There are two subtabs: Managed Systems and Target Systems.
This page is the default display for the Configuration+Systems page. The systems displayed here have been fully prepared for configuration file deployment. The number of local and centrally-managed files is displayed. Clicking the name of the system takes you to the System Details+Configuration+Overview page for the system. Clicking on the number of local files takes you to the System Details+Configuration+View/Modify Files+Locally-Managed Files page, which allows you to manage which local (override) files apply to the system. Clicking on the number of centrally-managed files takes you to the System Details+Configuration+Manage Configuration Channels+List/Unsubscribe from Channels page. This allows you to unsubscribe from any channels you wish.
This page displays the systems that are either not prepared for configuration file deployment or have not yet been subscribed to a configuration channel. The table has three columns which identify the system name, whether they are prepared for configuration file deployment, and a list of the steps that have yet to be completed before the system is prepared. By selecting the check box to the left of the profile name and then pressing the
button, all of the preparatory steps that can be automatically performed are scheduled by SUSE Manager.![]() | |
You will have to perform a few manual steps to enable configuration file deployment, follow the on-screen instructions that are provided to assist with this step. |
If you click the Schedule tab on the top navigation bar, the Schedule category and links appear. These pages enable you to track the actions taking place within your systems. An action is a scheduled task that is to be performed on one or more client systems. For example, an action can be scheduled to apply all patches to a system.
SUSE Manager keeps track of the following action types:
Package alteration (installation, upgrade, and removal)
Rollback package actions
System reboots
Patches
Configuration file alteration (deploy, upload, and diff)
Hardware profile updates
Package list profile uipdates
Kickstart Initiation
Remote Commands
Each page in the Schedule category represents an action status.
As shown in Figure 3.18, “Schedule - Pending Actions”, the Pending Actions page is shown by default when you click Schedule in the top navigation bar. It displays actions that have not started or are in progress.
Actions that could not be completed. If the action returns an error, it is displayed here.
Only SUSE Manager administrators can see the Users tab on the top navigation bar. If you click the Users tab, the Users category and links appear. These pages enable you to grant and edit permissions for those who administer your system groups. Click in the User List to modify users within your organization.
To add new users to your organization, click the create new user link on the to right corner of the page. The next page is the Create User page. Carefully fill in each of the required values for the new user.
Once all fields are complete, select the Users+User List page. If you wish to select permissions and options for the newly created user, select their name from the list. Doing so displays the User Details page for that user, which provides several subtabs of options from which to choose. Refer to Section 3.9.1.1, “ for detailed descriptions of each subtab. + + — [Mgmt]”
button. SUSE Manager now sends an email to the specified address and redirects you to theThis tab lists all active users of your SUSE Manager account. It displays the following basic information about each user: their username, real name, roles, and the date of their last sign in.
As shown in Figure 3.19, “User List”, each row in the User List represents a user within your organization. There are four columns of information for each user:
Username — The login name of the user. If you click on a username, the User Details page for the user is displayed. Refer to Section 3.9.1.1, “ for more information. + + — [Mgmt]”
Real Name — The full name of the user (last name first).
Roles — List of the user's privileges, such as organization administrator, Channel administrator and normal user. Users can have multiple roles.
Last Sign In — Shows when the user last logged into SUSE Manager.
The User Details page allows SUSE Manager administrators to manage the permissions and activity of all users. Included in the User Details page is the ability to delete or deactivate users.
Users may now be deactivated directly from the SUSE Manager Web interface. SUSE Manager customers may deactivate or delete users from their systems, although non-SUSE Manager customers must contact Customer Service to delete a user. Users may be deactivated or deleted by SUSE Manager administrators, or users may deactivate their own accounts.
Deactivated users cannot log in to the SUSE Manager web interface, nor may they schedule any actions. SUSE Manager administrators may not be deactivated until that role is removed from their account. Actions scheduled by a user prior to their deactivation remain in the action queue. For added flexibility, deactivated users may be reactivated by SUSE Manager administrators.
User deletion from the Web interface is available exclusively to SUSE Manager customers. The SUSE Manager administrator role must be removed from a user before that individual may be deleted.
![]() | Irreversible Deletion |
---|---|
User deletion is irreversible; exercise it with caution. Consider disabling the user first in order to assess the effect deletion will have on your infrastructure. |
To deactivate a user:
Navigate to the user's User Details tab.
Verify that the user is not an SUSE Manager administrator. If they are, uncheck the box to the left of that role and click the
button in the lower right of the screen.Click the deactivate user link in the upper right of the screen.
Click the
button in the lower right to confirm.To delete a user:
Navigate to the user's User Details tab.
Verify that the user is not an SUSE Manager administrator and remove that role if necessary.
Click the delete user link in the upper right.
Click the
button to permanently delete the user.For instructions regarding deactivating your own account, refer to Section 3.3.1.3, “Account Deactivation”.
This is the default User Details tab, which displays the username, first name, last name, email address, and user roles for the user. All of this information is modifiable. To do so, make your changes and click the button. Remember, when changing a user's password, you will see only asterisks as you type the password.
To delegate responsibilities within your organization, SUSE Manager provides several roles with varying degrees of responsibility and access. This list describes the permissions of each and the differences between them:
User — Also known as a System Group User, this is the standard role associated with any newly created user. This person may be granted access to manage system groups and software channels. The systems must be in system groups to which the user has permissions for them to be manageable or even visible. Remember, however, all globally subscribable channels may be used by anyone.
Activation Key Administrator — This role is designed to manage your organization's collection of activation keys. This person can create, modify, and delete any key within your overarching account.
Channel Administrator — This role has complete access to the software channels and related associations within your organization. It requires SUSE Manager synchronization tool (mgr-ncc-sync). This person may change the base channels of systems, make channels globally subscribable, and create entirely new channels.
Organization Administrator — This role enables the user to get all the permissions of the activation key, configuration, monitoring, channel, and system group administrator.
Configuration Administrator — This role enables the user to manage the configuration of systems in the organization using either the SUSE Manager Web-based interface or the Red Hat Network Configuration Manager.
Monitoring Administrator — This role allows for the scheduling of probes and oversight of other Monitoring infrastructure. This role is available only on Monitoring-enabled SUSE Manager. Activate Monitoring in Admin+SUSE Manager Configuration+General and click on Enable Monitoring.
SUSE Manager Administrator — This role can perform any function available within SUSE Manager. As the master account for your organization, the person holding this role can alter the privileges of all other accounts, as well as conduct any of the tasks available to the other roles. Like the other roles, multiple SUSE Manager administrators may exist. Go to Admin+Users and click the check box in the SUSE Manager Admin? row.
System Group Administrator — This role is one step below SUSE Manager administrator in that it has complete authority over the systems and system groups to which it is granted access. This person can create new system groups, delete any assigned systems groups, add systems to groups, and manage user access to groups.
Being a SUSE Manager administrator enables you to remove administrator rights from other users. It is possible to remove your own privileges as long as you are not the last SUSE Manager administrator.
To assign a user a new role, select the appropriate checkbox. Remember that SUSE Manager administrators are automatically granted administration access to all other roles, signified by grayed-out checkboxes. To grant a user the ability to manage the configuration of systems, select the Configuration Administrator checkbox. When satisfied with the changes, click .
This tab displays a list of system groups that the user may administer. SUSE Manager administrators may use the check boxes to set this user's access permissions to each system group. Check or uncheck the box to the left of the system group and click the
button to save the changes.SUSE Manager administrators may select one or more default system groups for this user. When the user registers a system, that system is assigned to the selected group or groups. This allows the user to have access to the newly-registered system immediately, if he or she has permissions to one or more of the groups to which the system is assigned. System groups to which this user has access are preceded by an (*).
This tab lists all systems to which the user has access permission. These systems come from the system groups assigned to the user on the previous tab. You may choose a set of systems to work with by checking the boxes to the left of the systems and clicking the System Details page. Refer to Section 3.4.2.9, “System Details” for more information.
button. Use the System Set Manager page to execute actions on those systems. Clicking the name of a system takes you to itsThis tab lists all channels available to your organization. You may grant explicit channel subscription permission to this user for each of the channels listed by checking the box to the left of the channel and clicking the
button. Permissions granted through SUSE Manager administrator status, channel administrator status, or because the channel is globally subscribable have no checkbox, but display a check icon instead.Identifies channels to which the user may subscribe systems. To change these, select or unselect the appropriate checkboxes and click the
button. Note that channels subscribable through the user's admin status or the channel's global setting cannot be altered. They are identified with a check icon.Identifies channels the user may manage. To change these, select or unselect the appropriate checkboxes and click the
button. This status does not enable the user to create new channels. Note that channels automatically manageable through the user's admin status cannot be altered. They are identified with a check icon. Remember, SUSE Manager administrators and channel administrators can subscribe to or manage any channel.This page allows you to configure whether the user receives email notifications, the number of entries displayed per list page, and the timezone of the user. Make selections and click the
button to update.Email Notification — Determine whether this user should receive email every time an patch alert is applicable to one or more systems in his or her SUSE Manager account, as well as daily summaries of system events.
SUSE Manager List Page Size — Maximum number of items that appear in a list on a single page. If more items are in the list, clicking the Next button displays the next group of items. This preference applies to the user's view of system lists, Errata lists, package lists, and so on.
“Overview” Start Page — Displays information regarding on the “Overview” page upon login.
To modify any of these options, make your changes and click the
button.This tab lists the addresses associated with the user's account. To update this information, click the appropriate Edit this address link, enter the relevant information, and click the button.
This tab lists email and pager addresses designated to receive alerts from monitoring probes. To create a method, click create new method and complete the fields. If you will receive these alerts via pager, select the associated checkbox to have the messages sent in a shorter format. When finished, click . The method shows up in the methods list, from which it can be edited and deleted.
You may delete notification methods here, as well. If the notification method has probes attached to it, you are presented with a list of the probes. Note that if you are a monitoring administrator and cannot manage the system in question, the System Details and probe's Current State page are not accessible via links in their names. As always, SUSE Manager administrators have full access to all aspects of your SUSE Manager account.
This page lists all users who have been deactivated. To reactivate any of the users listed here, click the check box to the left of their name and click the
button followed by the button. Reactivated users retain the permissions and system group associations they had when they were deactivated. Clicking on the User Name of any individual takes you to their User Details page.The All page lists all users that belong to your organization. In addition to the fields listed in the previous two screens, the table of users includes a Status field. This field indicates whether the user is Active or Deactivated. Deactivated users are also grayed out to indicate their status. Click on the username to move to the user's User Details page.
If you click the Monitoring tab on the top navigation bar, the Monitoring category and links appear. If you do not see the tab, activate monitoring in Admin+SUSE Manager Configuration+General and click the Enable Monitoring checkbox.
These monitoring pages enable you to view the results of probes you have set to run against monitoring-entitled systems and manage the configuration of your monitoring infrastructure.
Initiate monitoring of a system through the Probes tab of the System Details page. Refer to Section 3.4.2.9, “System Details” for a description of the tab. See Appendix C, Probes for the complete list of available probes.
The Probe Status List page is shown by default when you click Monitoring in the top navigation bar.
The Probe Status List page displays the summary count of probes in the various states and provides a simple interface to find problematic probes quickly. Please note that the probe totals in the tabs at the top of the page may not match the numbers of probes displayed in the tables below. The counts at the top include probes for all systems in your organization, while the tables display probes on only those systems to which you have access through the system group administrator role. Also, the probe counts displayed here may be out of sync by as much as one minute.
The following list describes each state and identifies the icons associated with them:
— Critical - The probe
has crossed a CRITICAL threshold.
— Warning - The probe has
crossed a WARNING threshold.
— Unknown - The probe is
not able to accurately report metric or state data.
— Pending - The probe has
been scheduled but has not yet run or is unable to run.
— OK - The probe is
running successfully.
The Probe Status List page contains tabs for each of the possible states, as well as one that lists all probes. Each table contains columns indicating probe state, the monitored system, the probes used, and the date and time the status was last updated.
In these tables, clicking the name of the system takes you to the Probes tab of the System Details page. Clicking the name of the probe takes you to its Current State page. From there, you may edit the probe, delete it, and generate reports based upon its results.
Monitoring data and probe status information that was previously availble only through the web interface of SUSE Manager can now be exported as a CSV file. Click on the Download CSV links throughout the Monitoring pages to download CSV files of relevent information. The exported data may include, but is not limited to:
Probe status
All probes in a given state (OK, WARN, UNKNOWN, CRITICAL, PENDING)
A probe event history
The probes that have crossed their CRITICAL thresholds or reached a critical status by some other means. For instance, some probes become critical (rather than unknown) when exceeding their timeout period.
The probes that cannot collect the metrics needed to determine probe state. Most but not all probes enter an unknown state when exceeding their timeout period. This may mean that the timeout period should be increased, or the connection cannot be established to the monitored system.
It is also possible the probes' configuration parameters are not correct and their data cannot be found. Finally, this state may indicate that a software error has occurred.
The probes whose data have not been received by SUSE Manager. This state is expected for a probe that has just been scheduled but has not yet run. If all probes go into a pending state, your monitoring infrastructure may be failing.
The probes that have run successfully without exception. This is the state desired for all probes.
All probes scheduled on systems in your account, listed in alphabetical order by the name of system.
Identifies the selected probe's status and when it last ran, while providing the ability to generate a report on the probe. Although this page is integral to monitoring, it is found under the Probes tab within the System Details page since its configuration is specific to the system being monitored.
To view a report of the probe's results, choose a relevant duration using the date fields and decide whether you would like to see metric data, the state change history or both. To obtain metric data, select the metric(s) on which you wish to see a report, and decide (using the checkboxes) whether the results should be shown in a graph, an event log, or both. Then click the button at the bottom of the page. If no data exist for the probe's metrics, you are presented with the following message:
NO DATA SELECTED TIME PERIOD AND METRIC
Displays the status of your monitoring infrastructure. Anytime you make a change to your monitoring configuration, such as adding a probe to a system or editing a probe's thresholds, you must reconfigure your monitoring infrastructure. Do this by selecting the SUSE Manager Server's checkbox and clicking
. The table on this page identifies the date and time of requested and completed pushes.Clicking the name of the server opens its SUSE Manager monitoring daemon SSH public key. This allows you to copy and paste the SSH key to the systems that are monitored by the scout. This is required in order for the SUSE Manager network monitoring daemon to connect to SUSE Manager.
Identifies the contact methods that have been established for your organization. These methods contain email or pager addresses designated to receive alerts from probes.
The various notification methods available to your organization are listed here on the default Notification screen. The methods are listed according to the user to which they apply.
To create a new notification method, click on the name of the user to whom the notification will apply. The user's User Details+Notification Methods page appears. Refer to Section 3.9.1.1.7, “ for further information. Click on the title of the notification method to edit the properties of the method. + + + — [Mon]”
Notification filters allow you to create long-term rules that suspend, redirect, or automatically acknowledge standard notifications or send supplemental notifications. This can be helpful in managing verbose or frequent probe communication.
This is the default screen for the Notification Filters tab. It lists all active filters available for your organization. Click the name of the filter to edit the properties of the filter.
To create a notification filter, click the create new notification filter link in the upper right of the screen. Configure each option listed below and click the button to create the filter.
Description: Enter a value that allows you to distinguish this filter from others.
Type: Determine what action the filter should take: redirect, acknowledge, suspend, or supplement the incoming notification.
Send to: The Redirect Notification and Supplemental Notification options in step two require an email address to which to send the notifications. The remaining options require no email address.
Scope: Determine which monitoring components are subject to the filter.
Organization/Scout/Probe: This option allows you to select the organization, scout(s), or probe(s) to which this filter applies. To select multiple items from the list, hold the Ctrl key while clicking the names of the items. To select a range of items, hold the Shift key while clicking on the first and last items in the range.
Probes in State: Select which probe state(s) relate to the filter. For example, you may choose to create a supplemental notification for critical probes only. Un-check the box to the left of any state you want the filter to ignore.
Notifications sent to: This is the method to which the notification would be sent if no filter were in place. You may, for example, redirect notifications that would normally go to a user should that individual go on vacation, leaving all other notifications from the probe unchanged.
Match Output: Select precise notification results by entering a regular expression here. If the "Message:" portion of the notification does not match the regular expression, the filter is not applied.
Recurring: Select whether a filter runs continuously or on a recurring basis. A recurring filter runs multiple times for a period of time smaller than the duration of the filter. For example, a recurring filter could run for 10 minutes of every hour between the start and end times of the filter. A non-recurring filter runs continuously between the start and end times of the filter.
Beginning: Enter a date and time for the filter to begin operation.
Ending: Enter an end date and time for the filter.
Recurring Duration: How long a recurring filter instance is active. This field, applicable to recurring filters only, begins at the Beginning time specified above. Any notification generated outside of the specified duration is not filtered.
Recurring Frequency: How often the filter activates.
Notification filters cannot be deleted. However, a filter may be canceled by setting the end date to some time in the past. (Note that the end date must be equal to or later than the start date, or the change fails.) Another method is to select a set of filters from the Active page and click the button in the lower right. These filters are then canceled and appears in the Expired Filters tab.
This tab lists all notification filters whose end date has passed. Expired filters are stored indefinitely; this allows an organization to recycle useful filters as needed and provides a historical record for troubleshooting.
Probe Suites allow you to configure and apply one or more probes to a system or systems. Probe Suites may be configured once and then applied to any number of systems in a batch. This results in time savings and consistency for Monitoring customers.
To create and apply a probe suite, first create an empty probe suite, then configure member probes, and finally apply the suite to selected systems. Proceed as follows:
From the Monitoring+Probe Suites page, select the create probe suite link. Enter an easily distinguishable name for the probe suite. You may also choose to add a brief description of the suite. Click the button to continue.
Add and configure the probes that comprise the suite. Click the create new probe link in the upper right.
As described in Section 3.4.2.9.5, “, configure the probe and click the + — [Mon]” button in the lower right. Repeat this process until all desired probes have been added.
![]() | |
Your mail transfer agent must be configured correctly on your SUSE Manager server and each client system to which the probe suite is applied must have the rhnmd daemon installed and running. Refer to the Installation Guide (↑Installation Guide) for additional information. |
Add the systems to which the probe suite applies. Click the add systems to probe suite link in the upper right of the screen to continue.
The next page displays a list of all systems with monitoring entitlements. Check the box to the left of the system(s) to which you wish to apply the probe duite, select the monitoring scout you wish to use, and click the
button to complete the creation of the probe suite.You can either delete or detach probes from the suite. Detaching a probe disassociates the probes from the suite and converts them to system-specific probes for the specified system. This means that changes to the detached probes only effect that system. Deleting a probe removes it from the Suite for all systems.
To remove probes from the Probe Suite do the following:
From the Monitoring+Probe Suites page, click on the title of the probe suite you wish to alter.
Select the Probes sub-tab.
Check the box next to the probe you wish to remove.
Click the
button.You may also remove a system from the probe suite. There are two ways to accomplish this. The first method is to detach the system from the probe suite. When you do so, the system still has the same probes assigned to it. However, you now have the ability to configure these probes individually without affecting any other systems. For more information about removing probes from an individual system, refer to Section 3.4.2.9.5, “. + — [Mon]”
To detach a system from the suite:
From the Monitoring+Probe Suites page, click the title of the probe suite you wish to alter.
Select the Systems sub-tab.
Check the box next to the system(s) you wish to remove from the probe suite.
Click the
buttonThe second method is to remove the system from the suite. This removes the system from the suite and deletes all running probes from the system.
![]() | |
This action deletes all of the probe suites' probes from the system as well as all of the historical time series and event log data. This action is irreversible. |
To remove a system from the probe suite and delete all associated probes from the system:
From the Monitoring+Probe Suites page, click on the title of the probe suite you wish to alter.
Select the Systems sub-tab.
Check the box next to the system(s) you wish to remove from the probe suite.
Click the
button.Finally, as with single probes, you may download a CSV file containing information about probe suites. Click the Download CSV link at the bottom of the Monitoring+Probe Suites page to download the file.
Collects information that is universally applicable to your monitoring infrastructure. Modifying anything on this page causes the monitoring services on the SUSE Manager to reset. It also schedules restart events for the monitoring services on all monitoring-enabled SUSE Manager servers that connect to SUSE Manager. This is done so that the monitoring services on these servers immediately reload their configuration.
Typically, the defaults provided in other fields are acceptable, since they are derived from your SUSE Manager installation. Nevertheless, you may use the fields on this page to alter your monitoring configuration. For instance, you may change your mail exchange server here. This page also allows you to alter the destination of all administrative emails from SUSE Manager. When finished, click
.The Admin page allows SUSE Manager customers to manage the basic configuration, including creating and managing the organizations feature. Only the SUSE Manager administrator can access the Admin page.
The multiple organizations feature allows administrators to create and manage multiple organizations across SUSE Manager. The organizations feature allows administrators to appropriate software and system entitlements across various organizations, as well as control an organization's access to systems management tasks. For more information about using the multiple organizations feature, refer to Chapter 5, Multiple Organizations.
This tab is broken down into subtabs that allow you to configure most aspects of SUSE Manager. Once changes have been made, it is important to restart SUSE Manager, which may be accomplished on the final tab.
This page allows you to alter the most basic settings, such as the admin email address.
This page allows you to configure the monitoring aspects of this SUSE Manager. However, this page is only available on monitor-enabled systems. See Section 3.10, “Monitoring — [Mon]” for more details. The local mail exchanger and local main domain are used to mail monitoring notification messages to administration. This is required only if you intend to receive alert notifications from probes. If you do, provide the mail server (exchanger) and domain to be used. Note that sendmail must be configured to handle email redirects of notifications. When finished, click Update Config.
The SUSE Manager Configuration+Certificate page allows you to either upload a new SUSE Manager certificate. To identify the certificate's path, click , navigate to the file, and select it. To input its contents, open your certificate in a text editor, copy all lines, and paste them directly into the large text field at the bottom. SUSE recommends using the file browser as it is less error prone. Click to continue. If you receive errors related to DNS, ensure your SUSE Manager server is configured correctly.
The SUSE Manager Configuration+Bootstrap Script page allows you to
generate a bootstrap script for redirecting client systems from the
central Novell Customer Center to SUSE Manager. This script, to be placed in the
/srv/www/htdocs/pub/bootstrap/
directory of
SUSE Manager, significantly reduces the effort involved in reconfiguring
all systems, which by default obtain packages from the central Novell Customer Center.
The required fields are pre-populated with values derived from previous
installation steps. Ensure this information is accurate.
Checkboxes offer options for including built-in security SSL and GNU Privacy Guard (GPG) features, both of which are advised. In addition, you may enable remote command acceptance and remote configuration management of the systems to be bootstrapped here. Both features are useful for completing client configuration. Finally, if you are using an HTTP proxy server, complete the related fields. When finished, click
.The SUSE Manager Configuration+Organizations page contains details about the organizations feature of SUSE Manager, as well as links to quickly get started creating and configuring organizations. For more information about configuring organizations, refer to Section 3.11.1, “Admin+Organizations”.
The SUSE Manager Configuration+Restart page contains the final step in configuring SUSE Manager. Click the button to restart SUSE Manager in order to incorporate all of the configuration options added on the previous screens. Note that it will take between four and five minutes for the restart to finish.
The Help pages provide access to the full suite of documentation and support available to SUSE Manager users. Click in the Overview category to see a list of options available to you.
The Reference Guide page takes you to this same document, the most comprehensive set of instructions for using SUSE Manager. Note that links to other technical guides may also appear in the left navigation bar, depending on the entitlement level and product offering of the account with which you logged in.
Implementing a fully functional SUSE Manager requires more than installing software and a database. Client systems must be configured to use SUSE Manager. Custom packages and channels should be created for optimal use. Since these tasks extend beyond the basic installation, they are covered in detail in other guides, as well as this SUSE Manager Installation Guide.
Detailed information regarding SUSE Manager server and its installation and initial configuration.
By default, all SUSE client applications are configured to communicate with Novell Customer Center. When connecting clients to SUSE Manager, many of these settings must be altered. Altering client settings for a system or two may be relatively simple. A large enterprise environment, containing hundreds or thousands of systems, will likely benefit from the mass reconfiguration steps described here.
The Client Configuration Guide is a best practices manual intended to help customers of SUSE Manager configure their client systems effeciently.
The Release Notes page lists the notes accompanying every recent release of SUSE Manager. These notes describe all significant changes occurring in a given release cycle, from major enhancements to the user interface to minor changes to the related documentation.
The Documentation Search page features a robust search engine that indexes and searches SUSE Manager documentation.
Users can search the available online documentation and filter them according to the following choices in the What to Search drop-down menu:
Content & Title — Search both the title heading or body content of all available documents
Free Form — Search documents and indices for any keyword matches, which broadens search results.
Content — Search only the body content of documentation for more specific matches
Title — Search only the titles heading of the documentation for targeted, specific search results.
The Free Form field addtionally allows you to search using field names that you prepend to search queries and filter results in that field.
For example, if you wanted to search all of the SUSE Manager manuals for the
word Virtualization
in the title and
install
in the content, type the follwing in the
Free Form field:
title:Virtualization and content:install
Other supported field names for documentation search include:
url
— Search the URL for a particular keyword
title
— Search titles for a particular keyword
content
— Search the body of the documentation
for a particular keyword
If there are several pages of search results, you can limit the amount of
visible results shown on one page by clicking the Display
quantity
items per page drop-down
menu, which offers between 10 and 500 results per page.
To move between pages, click the right or left angle brackets (> to go forward or < to go backward)