Solution: Enable LTSS for On-demand Amazon Web Services Images
The Private Repository scenario below applies to SUSE Linux Enterprise Server (SLES) 11 SP4 on-demand subscription images that SUSE publishes for Amazon Web Services (AWS).
If you are running SUSE Linux Enterprise Server (SLES) 11 SP4 on-demand images, there are a few important facts that you need to know:
- SLES 11 SP4 reached the end of General Support on March 31, 2019. [1]
- Purchasing Long Term Service Pack Support (LTSS) provides continued access to technical support, maintenance and security patches for SLES 11 SP4. [2]
- The SLES 11 SP4 on-demand subscription image does not include LTSS.
- SUSE Public Cloud Update Infrastructure does not provide LTSS repositories.
- SUSE Public Cloud Update Infrastructure can no longer register newly created SLES 11 SP4 instances because it uses RMT. [3]
Customer Situation
SUSE and Amazon Web Services (AWS) account and support teams have been working with a number of customers who are running older SAP workloads on AWS with SLES 11 SP4 on-demand images. The AWS on-demand SLES 11 SP4 images are often running older SAP development, user acceptance testing and production workloads that are being targeted to migrate to a newer SAP application.
In each customer engagement, the customer requires that their SLES 11 SP4 instances have access to technical support, maintenance and security patches. For customers that do not have SUSE Manager (SUMA) deployed in their environment, we are recommending customers deploy a private repository server to provide the SLES 11 SP4 instances access to the SUSE LTSS maintenance and security patches.
Customer Solution Private Repository
The customer needs to purchase one additional SUSE Linux Enterprise Server subscription for the private repository Server and purchase LTSS for the AWS SLES 11 SP4 instances. Both SLES and LTSS subscriptions allow a single subscription to cover 2 public cloud instances. [4] For example, a customer with fifty-one SLES 11 SP4 AWS instances will need to purchase twenty-six LTSS subscriptions.
Below are two options for a customer to deploy a private repository server.
Subscription Maintenance Tool (SMT) [9]
- SUSE Linux Enterprise Server 12 includes the SMT role so only the additional SLES subscription needs to be purchased.
- SMT is simple to deploy.
SUSE Manager (SUMA) is available as a public cloud image and is much more than a private repository server. [5]
- SUMA provides automated patch management.
- SUMA has detailed reporting features to track all software changes.
- Requires the SUMA product to be purchased as well as lifecycle subscriptions for each system.
- SUMA is focused on managing your entire Linux and not just the SLES 11 SP4 instances.
- Longer deployment timeline based on SUMA being an enterprise management system that goes beyond patch management.
After reviewing the options, customers are choosing SMT based on the ease and speed at which to deploy. The major factor is that customers have missed an update/patch cycle on their DEV or UAT environments because LTSS repositories were not available and are looking to quickly get back on their update schedule. Based on the customer demand, I will cover at a high-level the SMT deployment.
The customer deployment consists of deploying SMT and connecting the SLES 11 SP4 AWS instances to the new SMT server. Below is the process with links to documentation.
Configure the SMT Server
Launch a SLES BYOS AWS instance.
- The instance is found in the “Community AMIs” tab in the EC2 Quick Start. [6] Use “suse-sles-12-sp4” and “byos” as your search terms.
- The search term, “suse-sles-12-sp4”, has sp4 listed since it is the latest service pack released for 12.
- The search will display multiple AMIs. Please be sure to select the latest released service pack with the latest published date.
- Ensure that the SMT server instance is launched to an Internet accessible subnet.
- The repository size is approximately 25 GB for each SLES version which does not include LTSS. Adding a second 75 GB volume will be sufficient for supporting SLES 11 SP4.
Register the SLES 12 instance using the registration code that was purchased. [8]
Install and configure SMT.
- Running the command “zypper in -t pattern smt” will install the required packages needed to configure SMT.
- Before configuring SMT, update the default language. If this is not done, the SMT configuration will fail when creating a certificate. This can be done by running yast and selecting System > Language.
- Run through the SMT configuration wizard using YaST. [9]
Once the initial SMT configuration has completed, mirror the required repositories and setup a synchronization schedule between the repositories and SUSE Customer Center. [7] [9]
Now that SMT is configured, the clients need to be prepared so that they can connect to SMT.
Two packages need to be removed from the AWS SLES 11 SP4 on-demand images. The packages automate the configuration of the Amazon EC2 instance to connect to the SUSE Public Cloud Update Infrastructure.
zypper rm cloud-regionsrv-client
zypper rm regionServiceClientConfigEC2
Remove the /etc/hosts entry for smt-ec2.susecloud.net. The client automation software adds the host file entry for smt-ec2.susecloud.net which is the SUSE Public Cloud Update Server. Since a private repository server is being created, the entry will not be needed.
Remove the following files before you register your Amazon EC2 instance to your private repository server.
rm /etc/SUSEConnect
rm /etc/zypp/credentials.d/*
rm /etc/zypp/services.d/*
rm /var/lib/cloudregister/*
The Amazon EC2 instance is now ready to connect to the SMT Server through an automated or manual registration process. [9] [11]
Summary
The private repository server provides AWS with SLES 11 SP4 on-demand instances with acess to the SLES 11 SP4 LTSS repository. This enables SUSE customers to continue to access technical support, maintenance and security patches for SLES 11 SP4. This allows organizations to remain in compliance and continue to migrate to a newer platform powered by AWS using a SUSE Linux Enterprise Server 15 for SAP Applications image. LTSS should not be viewed as a long-term solution. The AWS platform is constantly innovating and by staying on older SUSE releases, a customer is not able to take advantage of new instance types or features.
If you have any questions please email aws@suse.com, and we will be happy to assist you!
Links for quick reference
- SUSE Product Support Lifecycle
- Long Term Service Pack (LTSS) Support
- Public Cloud Update Infrastructure
- SUSE Terms and Conditions
- SUSE Manager Product
- Finding a Linux AMI
- Add LTSS Repositories
- Register SLES using SUSEConnect
- SLES 12 SP4 SMT Documentation
- SMT FAQs
- Registration of a Client against a SMT server in non-interactive mode
- Bring Your Own Subscription
Related Articles
Nov 19th, 2024
Top Strategies for Enhancing Linux Server Security
Oct 31st, 2023
Confidential Cloud: Introduction to Confidential Computing
Jul 24th, 2024
Insights & Highlights from Partner Summit 2024
Dec 10th, 2024
No comments yet