Tech Talk 4 by Andreas Taschner
The Update Answer
The Subscription Management Tool for SUSE Linux Enterprise
How would you like a single tool that updates your SUSE Linux Enterprise and Novell Open Enterprise Servers, as well as your Red Hat Enterprise Linux servers? Would you like to be more on top of your company's license compliance? Would you prefer to not have to connect all your machines to the Novell Customer Center? Do you have SUSE Linux Enterprise hosts that are restricted and difficult to update without having to invent your own update management solutions? Does being able to integrate additional software update repositories (either external or internal) into your update solution sound appealing to you? Can you benefit from an out-of-the box staging solution for testing updates before releasing them to the masses? Do you want to be able to get a quick overview of the patch status of your SUSE Linux Enterprise 11 servers and desktops? If you answered “yes” to any of these questions, then the Subscription Management Tool for SUSE Linux Enterprise might be just what you need.
The Subscription Management Tool for SUSE Linux Enterprise 11 allows you to optimize the management of your SUSE Linux Enterprise software updates and subscription entitlements. While Novell Customer Center and Novell Update have been the two primary vehicles through which you could manage your SUSE Linux Enterprise subscriptions, now there's the Subscription Management Tool—a package proxy system that manages your SUSE Linux Enterprise updates while conforming with corporate firewall policy and regulatory compliance requirements. It's fully integrated with Novell Customer Center and provides a repository identical to Novell Update, as well as a registration target syncing with Novell Customer Center. Through this integration and repository mirroring, the Subscription Management Tool ensures that all the Linux devices in your organization can receive their appropriate updates.
The Subscription Management Tool establishes a proxy system for Novell Customer Center with repository and registration targets that help you centrally manage software updates within the firewall on a per-system basis, while maintaining your corporate security policies and regulatory compliance. It lets you set more restrictive firewall policies, as well as avoid significant network usage stemming from repeated downloads of the same updates by each device. When provisioning updates for your devices, the Subscription Management Tool downloads updates once and then distributes those updates throughout the enterprise.
The Subscription Management Tool is fully supported by Novell and is available as a free download to customers with an active SUSE Linux Enterprise product subscription. It’s packaged as an add-on product that can be installed on a SUSE Linux Enterprise Server 11 server on x86, x86_64 and System z architectures. The Subscription Management Tool does not alter your current end-user experience and interactions, including experiences and interactions with Novell Customer Center or on the local system. Your interactions remain the same with Novell Customer Center, which allows you to manage subscriptions, monitor usage and process renewals. Additionally, if you have purchased a SUSE Linux Enterprise Server Subscription with Expanded Support then you are also entitled to mirror updates for Red Hat 3.9, 4.7 and 5.2.
This article only touches a few of the key capabilities the Subscription Management Tool has to offer and how those capabilities can work for you. If you want detailed insights on how to deploy and use the Subscription Management Tool, take a look at the Subscription Management Tool deployment guide that Novell has made available.
Status Monitoring and More
The most obvious capability the Subscription Management Tool provides is the ability to monitor the patch status of your Linux servers and clients. (See Figure 2.) To do this, the Tool creates a job queue for each device that is registered against the Subscription Management Tool server. When the SMT-client package is installed on these registered devices, the installation creates a cron job that will automatically cause the SMT-agent to ask the Subscription Management Tool server if it has any jobs in the queue belonging to these devices. If there are jobs in the queue for the devices, the agent will then execute them. (Note: The SMT-agent only runs on systems with SUSE Linux Enterprise 11.)
All registered devices will automatically have a persistent patchstatus job created within their job queue. Whenever the device runs a patchstatus job, it compares its currently installed updates with what is available in the repositories on the Subscription Management Tool server. The job then reports back the number of missing patches that need to be installed in the categories of Security, Package Manager, Recommended and Optional. (See Figure 1.)
Subscribe to Connection Magazine
The interface also provides a status summary of all registered devices from within the Clients tab of the Subscription Management Tool Server Management YaST module.
In addition to patch reporting, the SMT JobQueue feature can also perform jobs to install software packages, install available updates, eject removable media, reboot the device and execute commands on the registered devices. Every job can have a parent job, which means that the child job only runs after the parent job has successfully finished. It is also possible to configure advanced timing and recurrence/persistence of jobs. As a result, with some creativity, a wide variety of tasks can be carried out using the Subscription Management Tool jobs. Details on how to configure these jobs can be found in the Subscription Management Tool deployment guide.
The Subscription Management Tool lets you stage patches to internal managed areas so you can carry out integration testing before you fully enable new patches in your production environment. Staging allows you to create testing and production repositories based on a "fully" mirrored repository. This makes it possible to test new patches from Novell on a limited number of clients before releasing them to the public. (See Figure 3.) It is also possible to simply prevent individual patches from ever being "released" internally. Patch staging can be easily managed within the Staging tab of the Tool interface by doing the following: (See Figure 4.)
- Mirror a repository.
- Enable the repository for staging.
- Mirror the repository again to create the staging structure.
- Select the patches to be included in a testing snapshot by clicking Change Status and selecting All listed and clicking Enable.
- When the filtering is completed, create a testing snapshot by clicking Create Snapshot and selecting From full mirror to testing.
- Redirect selected clients towards the testing environment by changing the register command in /etc/suseRegister.conf to register = command=register&namespace=testing and then performing a registration against the SMT server. An example of how to easily accomplish this task using the JobQueue feature is available in the Subscription Management Tool deployment guide.
- Install the available updates on the clients and then test them.
- Once the patches in the testing environment have been tested and approved, a production snapshot can be created by clicking Create Snapshot and selecting From Testing to Production.
If desired, staging can also be managed using command-line SMT commands.