Embed Size (px)
Citation preview
1
Managing Linux In The Cloud With SUSE® ManagerManage all your Linux instances in AWS, Azure and GCP (and inside your
own data center, too)
TUT-1089
Don Vosburg
Sales Engineer
Niel Bornstein
Sales Engineer
2
Why SUSE Manager in the Cloud?
• More workloads are moving to the cloud
• Need to schedule updates and security patches, just like on prem
• Security exposure can be even higher in the cloud, depending on how you
set things up
• SUSE Manager can run in the cloud and manage cloud workloads – in
fact, it can cross between on prem and different cloud providers
(Data transit charges may apply!)
• More than just SLES – RHEL, CentOS, and Ubuntu too!
3
What Can We Deliver?
• All the great things about SUSE Manager
• Shown today on Amazon AWS, Azure, and Google Cloud Platform
• IT infrastructure management across clouds
• Visibility and flexibility in content delivery to your managed instances
4
What’s Common Across Cloud Providers
• Web UI, command line, and REST APIs
• Marketplace SUSE Manager images – DON'T start with just SLES
• Cloning templates – need to reset machine-id
• Differences between BYOS and on-demand, for SUSE Manager Server,
Proxy and managed instances
• Need to set a static hostname
• Private,cloud-specific FQDNs cause issues
• Additional storage volume needs to be added
• /usr/bin/suma-storage script
• SUSE Manager setup scripting (YaST)
• We treat all managed systems as equal, for good or bad
5
On-Demand (Managed) Instances
You can manage on-demand/paygo/reserved instances with SUSE Manager!
You just have to...
• Remove the cloud region packages
• AWS example: 'zypper rm regionServiceClientConfigEC2'
• Remove the cloud SMT repos
• '.repo' files in /etc/zypp/repos.d
• '.service' files in /etc/zypp/services.d
• Use bootstrap script to onboard with SUSE Manager
• Specifics are here:
https://www.suse.com/c/suse-manager-3-0-arrives-public-cloud-long-last/
6
Default Organization Pre-Defined on Image
7
What’s Different: Amazon EC2
• Availability zones and visibility
• Network setup separated from
instance setup
• Storage options
• Sizing without visible pricing
• Native management tools
8
9
• Note the "memory-optimized" image choice (r5ad.large)
• Storage can help optimize the instance (NVMe, faster SSD)
10
Building a SUSE
Manager Server
(in Amazon EC2)
Demo
11
What’s Different: Microsoft Azure
• Sizing – Many choices, but pricing listed
• Networking setup
• Storage options – SSD and HDD in
combination
• Hyper-V
• Native management tools
12
Azure – Selecting image
13
Azure – Adding Storage
14
Azure – Networking Setup
15
Azure – Networking Setup
16
What’s Different: Google Cloud Platform
• Native management tools (Stackdriver)
• Opportunity for you to set precedents
17
18
19
20
SUSE Manager in the Cloud:Things to Watch Out For
• Sizing
• Adding the storage for postgresql – might need a postgresql reinstall
• Swapfile (vs partition) on cached disk
• Hostname/DNS – make sure it persists
• SUSEConnect and product registration – BYOS
• SSH connection for proxy configuration script
• Setting webUI password – satwho, satpasswd
21
Hybrid and Multi-Cloud
• Network traversal to/from cloud providers is expensive
• This can apply to populating channels in SUSE Manager as well as updating your
systems from SUSE Manager
• Network traversal across cloud regions can also be expensive
• For example, you might have systems in multiple regions but only one SUSE Manager
server
• ZeroMQ tuning and salt ports – settings we have usedping_interval: 2
auth_timeout: 10
auth_tries: 2
auth_safemode: False
random_reauth_delay: 10
tcp_keepalive: True
tcp_keepalive_idle: 60
22
SUSE Manager Communication
23
SUSE Manager Meets Monitoring
Self-monitoring of SUSE Manager Server and Proxy
• Easily enable monitoring of SUSE Manager Server
• Pre-installed Prometheus exporters can expose metrics about:
• Hardware
• Java virtual machines
• Apache and PostgreSQL
• SUSE Manager’s internals
• SUSE Manager Proxy can be monitored via squid exporter
24
SUSE Manager Meets Monitoring
Setup and automate Prometheus monitoring with SUSE Manager
• Packages provided via supported, official channels:
• Main packages (Prometheus, Grafana) from SUSE Manager channels
• Specific metrics exporters alongside the respective applications
• Enable exporters on managed clients using Salt Formulas
• Group systems to define data exporter templates
• Integration with Prometheus service discovery
25
Monitoring
Demo
26
Every platform has its k8s
SUSE AWS Azure GCP
Kubernetes
Implementation
CaaS Platform Elastic Kubernetes
Service (Amazon
EKS)
Azure Kubernetes
Service (AKS)
Kubernetes Engine
(GKE)
Container Registry docker registry (registry-
tools package),
Portus
Elastic Container
Registry (Amazon
ECR)
Azure Container
Registry
Container Registry
27
Building
Container Images
Demo
28
Subscription Matching
In addition to the existing support for VMware and generic hypervisors,
subscription matching now has the ability to gather virtual instances from
Amazon EC2, Azure, and GCP.
• Requires installation of the virtual-host-gatherer-libcloud package.
• May lead to unexpected results due to the comingling of on-demand and BYOS instance
types.
• SUSE Manager team actively improving functionality
29
What Do You Want Next?
• Topology awareness (CPI)?
• Virtualization hosts/cloud-init awareness?
• "Bare metal" provisioning?
• Automating onboarding?
• ????
30
Resources
• SUSE Manager Documentation
https://documentation.suse.com/en-us/suma/4.0/
(search for 'public cloud')
• Blog – David Rocha
https://www.suse.com/communities/blog/setting-suse-manager-public-cloud/
• Monitoring
https://documentation.suse.com/external-tree/en-us/suma/4.0/suse-manager/administration/monitoring.html
• Subscription-matching
https://documentation.suse.com/external-tree/en-us/suma/4.0/suse-manager/client-configuration/vhm-aws.html
33
General Disclaimer
This document is not to be construed as a promise by any participating company to
develop, deliver, or market a product. It is not a commitment to deliver any material,
code, or functionality, and should not be relied upon in making purchasing
decisions. SUSE makes no representations or warranties with respect to the contents of
this document, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. The development, release, and
timing of features or functionality described for SUSE products remains at the sole
discretion of SUSE. Further, SUSE reserves the right to revise this document and to
make changes to its content, at any time, without obligation to notify any person or entity
of such revisions or changes. All SUSE marks referenced in this presentation are
trademarks or registered trademarks of SUSE, LLC, Inc. in the United States and other
countries. All third-party trademarks are the property of their respective owners.
