Using RMT with SUSE Liberty Linux

SUSE Liberty Linux (Liberty) is an enterprise support service designed to provide both technical support and long-term software updates for CentOS and RHEL.

To provide package updates and patches for CentOS or RHEL servers with SUSE Liberty Subscriptions and have them registered to our Support Center, SUSE offers two options:

• RMT: SUSE’s Repository Management Tool can serve as a registration and subscription validation proxy to the SUSE Customer Center and also offers full local replication of software repositories provided by SUSE.

• SUSE Manager: This tool includes all the features provided by RMT and surpasses it as a comprehensive platform covering all your Linux management needs, from Day 0 to Day 2. It offers repository management, security audits and patching, automation through Ansible and Salt, monitoring, and many more features.

RMT is included with all Liberty subscriptions, while the advanced Linux management and automation features available in SUSE Manager are included with Basic, Professional, and Enterprise subscriptions, but not with Lite.

Today, we’ll outline the essentials to get you started with SUSE Liberty Linux, focusing on utilizing RMT for long-term updates for CentOS 7. This process is also applicable to other versions, such as CentOS/RHEL 8 and 9. For additional details, please refer to the Resources section at the end of this blog.

Requirements

SUSE Liberty Linux Subscription

The initial step involves ensuring your Liberty subscriptions are ready and activated on the SUSE Customer Center (SCC). For guidance on this process, refer to the user guide on activating and managing subscriptions.

If you’re currently evaluating Liberty and require an evaluation subscription, kindly complete the form at SUSE Contact, and we will reach out to assist you in getting started.

A Server, Virtual Machine, or Kubernetes Cluster for RMT Installation

RMT offers versatile deployment options. It can be installed on a physical server, a virtual machine running the latest SUSE Linux Enterprise Server 15 service pack, or containerized on Kubernetes.

RMT relies on Nginx as the web server and MariaDB for storing configuration. It maintains a local copy of the repositories necessary for updating and patching your servers.

The minimum hardware requirements are:

• 2 vCPUs or physical CPU cores

• 1 GB of RAM

• Adequate disk space for the Linux repositories. For context, the complete CentOS 7 repository requires at least 550GB, plus additional space for patches and updates. Aim for 1.5 times the size of the repositories you intend to mirror.

RMT Server Deployment

Starting with a SLES minimal VM is the most straightforward approach for deploying an RMT server. While you can opt for a traditional SLES image and select the “RMT Server” pattern during the installation wizard, the minimal image tends to be more suited for virtualization environments.

For this guide, we’ll be using Harvester as our virtualization platform. From the SUSE download page, select the cloud-ready image SLES15-SP5-Minimal-VM.x86_64-Cloud-GM.qcow2.

Consistent with our requirements, we’ll allocate 2 vCPUs and 2 GB of RAM to the VM. Additionally, we’ll attach a 500 GB data disk to accommodate the Liberty 7 repository.

To streamline the setup, we’ll use cloud-init to inject necessary configurations. This step ensures that upon the first boot, local users are created, the server is registered with the SUSE Customer Center, and all required packages are installed:

	
#cloud-config - RMT server
package_update: true
packages:
  - qemu-guest-agent
runcmd:
  - - systemctl
    - enable
    - --now
    - qemu-guest-agent.service
  - SUSEConnect -r ZZZXXXXYYYYY
  - zypper --non-interactive in rmt-server yast2-rmt mysql nginx
users:
  - name: rmt
    shell: /bin/bash
    groups: users
    ssh_import_id: None
    lock_passwd: true
    sudo: ALL=(ALL) NOPASSWD:ALL
    ssh_authorized_keys:
      - ssh-rsa      AAAAGf1kpXZ4...2ndIO1QZ   my@pubkey	
	

After the server boots up, the next step is to prepare the partition that will store the repositories. In this example, we’ll use YaST’s partitioner to create an XFS partition mounted at “/mirror”. This partition will then be linked to RMT’s default storage location:

	
#Partition and create filesystem
sudo yast partitioner

#Replace default RMT repo storage folder 
sudo mkdir -p /usr/share/rmt/public/repo
sudo ln -sfn /mirror /usr/share/rmt/public/repo
	

RMT Server Configuration

RMT is a robust tool widely used by cloud providers for supporting SUSE-related deployments, including package updates infrastructure. It’s capable of being deployed in high-availability, multi-region distributed setups. However, for the sake of simplicity in this guide, we’ll stick to a straightforward configuration using the standard YaST wizard. This process involves just five steps to get your RMT server up and running:

1. SCC Credentials: Input the SCC credentials associated with your Liberty subscriptions.

2. Database Credentials: Set up the database credentials.

3. SSL Certificates: Configure SSL certificates to ensure secure connections.

4. Firewall Rules: Adjust firewalld rules to allow necessary traffic.

5. Service Activation and Synchronization: Enable the required services and set up a synchronization timer to keep your packages up to date.

To launch the configuration wizard, use the following command:

	
sudo yast rmt
	

This streamlined approach will quickly set up your RMT server, ready to serve packages and updates.

Configure repository mirroring rules

We’re now at the final step to get our RMT server operational, serving subscription services and package repositories for CentOS 7 servers.

To initiate repository mirroring, we’ll employ the rmt-cli command:

	
#Find SUSE Libery Linux in our subscriptions list (synced from SCC)
rmt-cli products list | grep -i Liberty

#Get repository details
rmt-cli products show 1251

#Enable repository
rmt-cli product enable 1251
	

If you’re eager to see results and don’t want to wait for the scheduled mirroring process, you can trigger it manually:

	
rmt-cli mirror
	

Be prepared for the initial mirroring to take some time, especially since the CentOS 7 repository we’re syncing is approximately 550 GB.

After setting up the mirroring, it’s wise to test your configuration. Connect a CentOS 7 or RHEL 7 server to your RMT server to ensure everything is working as expected. RMT includes a handy script, rmt-client-setup, which facilitates this connection. Simply update the RMT_SERVER variable and initiate the registration process:

	
#Download script and launch registration process
export RMT_SERVER=https://mad-lab-rmt.suse.one
curl $RMT_SERVER/tools/rmt-client-setup --output rmt-client-setup
sh rmt-client-setup $RMT_SERVER

#Check the registration status
SUSEConnect --status-text
	

With your support subscription activated, your server will now receive patches and updates directly from your local mirror, as shown below:

Summary

Leveraging SUSE Liberty Linux’s support services requires setting up an update infrastructure and a registration proxy. As discussed, RMT and SUSE Manager are both viable options for this purpose. While SUSE Manager is recommended for its comprehensive suite of IT management services for your Linux infrastructure—available at no extra cost except for the Lite subscription—RMT serves as an excellent starting point to familiarize yourself with SUSE’s support services and begin your journey with Liberty.

With the steps outlined in this guide, you’re now equipped to connect your CentOS/RHEL 7 servers to RMT and start receiving updates and patches beyond June 30th, 2024.

Welcome to a new era of sustained support and security for your Linux environment!

Resources

SUSE Liberty Linux guides:

• https://documentation.suse.com/liberty/7/

• https://documentation.suse.com/liberty/8/

• https://documentation.suse.com/liberty/9/