SUSE Multi-Linux Manager, formerly known as SUSE Manager (SUMA), is an open-source infrastructure management solution designed to simplify and secure the management of many Linux distribution out there. It provides you with a web console to manage not only SUSE and its distributions but almost any Open Source or payed subscription distro!
It’s already impressive that Multi Linux Manager can handle almost anything you throw at it, but in the wild west of Linux distributions, that’s just not enough! SUSE has gone the extra mile by providing Linux engineers with brand-new repositories for ancient distributions like CentOS 6 or RHEL 5, as well as other dinosaurs that are still running along without a break. Yes, we can finally reassure the security officer at our company that the almost 20-year-old server is patched and secured to the latest standards. No need to re-engineer the entire system with a shiny new server or lose huge sums of money for extended support (if it even exists).
SUSE Multi-Linux Manager in a nutshell:
Lets shortly break down what SUSE Multi-Linux Manager offers you:
- Automated Patching and Updates:
- Multi-Linux Manager automates patch management across your Linux environment, ensuring systems remain secure and compliant.
- It uses certified software supply chains to deliver trusted patches and supports CVE (Common Vulnerabilities and Exposures) lists and OpenSCAP protocols for vulnerability scanning and compliance attestation.
- You can automate updates for entire systems or specific packages, minimizing downtime and human error.
- Content Lifecycle Management (CLM):
- Multi-Linux Manager includes tools for managing the lifecycle of software content, allowing you to test updates in staging environments before deploying them to production.
- This ensures that no untested patches or updates are applied, reducing the risk of system instability.
- Real-Time Monitoring and Reporting:
- Multi-Linux Manager provides real-time insights into the health and status of your Linux systems.
- It offers portfolio-wide reporting for auditing, enabling you to track compliance and security across all managed clients, regardless of their location.
- Automation and Integration:
- Multi-Linux Manager leverages Salt (a powerful configuration management tool) for automation, enabling one-click provisioning, patching, and configuration.
- It integrates with other automation tools like Ansible, enhancing its flexibility in DevOps workflows.
- Features like Cobbler (for bare-metal OS deployment) and Kiwi (for building OS images) further streamline system provisioning.
- Security and Compliance:
- Multi-Linux Manager ensures the highest quality security by providing proactive updates, transparent roadmaps, and predictable lifecycles.
- It offers auditing tools like OpenSCAP which provides you with a simple GUI based CIS scan and reporting.
- Containerized Deployment (SUSE Manager 5.0):
- Starting with version 5.0, the Multi-Linux Manager server is delivered as a container image running on Podman. This decouples the server from the underlying OS, improving resilience and simplifying recovery.
- If the server fails, administrators can spin up a new container and reattach the database, minimizing downtime.
Installing and Using SUSE Multi-Linux Manager
First of all we need to download the SUSE Multi-Linux Manager:
https://www.suse.com/download/suse-manager/
Please Make sure to download the “SUSE-Manager-Server.x86_64-5.0.2-SelfInstall-2024.12.install.iso” because even known the name is almost the same, the “SUSE-Manager-Proxy.x86_64-5.0.2-SelfInstall-2024.12.install.iso” will only install the proxy, which needs the SUSE Manager Server to run.
The Installation Process is straight forward and doesn’t need any explanation. If you need any help please check out the official SUSE Documentation: https://documentation.suse.com/suma/5.0/en/suse-manager/installation-and-upgrade/container-deployment/suma/server-deployment-vm-suma.html
After installation, you need to execute a few commands to use the web console, as described here:
# It is suggested that we activates the SUSE Micro 5.5 and the Multi-Linux Manager Server 5.0 before using it so it can be updated with the newest patches.
# First lets register the SUSE Micro:
transactional-update register -r <REGCODE> -e <your_email>
# Then reboot to activate the changes:
reboot
# Now its time to activate the Multi-Linux Manager Server:
transactional-update register -p SUSE-Manager-Server/5.0/x86_64 -r <REGCODE>
# After activation we can update/ patch the system:
transactional-update
# HINT Multi-Linux Manager Server can absolutely be used without any of the registration steps. The only command really needed to make the web console available:
mgradm install podman hostname.domain.ch
Now we can see the Multi-Linux Manager web console and login to it with the user “admin” and the password we configured at the installation:
Before bootstrapping any server, ensure that you connect your SUSE organization credentials to your Multi-Linux Manager Server. You can find your credentials at the SUSE Customer Center. This will require a existing SUSE License which we can add in: Admin > Organization Credentials:
After adding the SUSE License, we can now add the repositories needed for the bootstrapping process. A bootstrap repository contains the required packages for registering clients during bootstrapping. To bootstrap a SUSE Enterprise Linux 15 SP6, you need to add the following repositories:
For RHEL, CentOS, Debian, or Ubuntu, you can use these repositories:
Note that each of these repositories requires around 50-100 GB of storage, and for Ubuntu, it might even need over 100GB for each repository! So, make sure you have enough space or only activate the products you’ll use. #Ididthatmistake
Now, you can bootstrap all the servers that need managing with Multi-Linux Manager by going to System > System List > Add System:
Once the bootstrapping is complete, you can manage the server from Multi-Linux Manager. The possibilities for server management are nearly endless.
Automated OpenSCAP scan and auditing of servers:
The OpenSCAP scan feature is incredibly powerful, allowing you to execute security audits on servers. To use it, you simply go to the server you wish to check and choose Audit > OpenSCAP > Schedule. Now you only need to add these Command-Line Arguments like “–profile xccdf_org.ssgproject.content_profile_cis_server_l1 –report /tmp/oscap-suma-report.html” along with the path to the XML-Profile, which is usually “/usr/share/xml/scap/content/ssg-sle15-ds.xml”. You can execute it manually or schedule the scan or for recurring security checks.
Update & Patch installation/ management:
Multi-Linux Manager not only manages all repositories but also categorizes patches into various topics like “Security Patch” or “Bug fixes and Improvements” and more. It allows you to see which packages are not properly managed (e.g., not installed from a connected repository) and which ones are no longer updated.
For me, an important feature is the software channels where I can check all repositories connected to each server. Additionally it can help you analyze issues regarding missing repositories and/ or unneeded channels.
Remote commands:
With this tool, you can run any scripts or commands on one or multiple machines, scheduling them to execute with specified user and group privileges.
Summary & Takeaways:
SUSE Multi-Linux Manager (once known as SUSE Manager) can manage a wide variety of Linux systems, giving you one place to handle updates, security, and overall system management. Here’s what makes it special:
- Wide-Ranging Support: It works with all kinds of Linux, even very old versions like CentOS 6 or 7, keeping them safe and up-to-date.
- Automatic Updates: Makes updating your systems easier with automatic patches, keeping track of security issues, and ensuring your setups meet security standards, which helps prevent mistakes and downtime.
- Update Testing: Before applying updates everywhere, you can test them in a safe space to make sure they won’t cause problems.
- System Watch and Reports: Gives you live updates on how your systems are doing and offers detailed checks to keep everything secure and following rules.
- Automation Tools: Uses Salt to automate tasks, works well with Ansible, and has tools like Cobbler and Kiwi for setting up new systems, making things smoother for tech teams.
- Security Checks: Automatically scans your systems to make sure they’re up to security standards.
- Container Use: The latest version (5.0) uses containers, which makes it easier to set up, run, and recover if something goes wrong.
- Easy to get started: It’s easy to install, but remember, each Linux repository can take up a lot of space on your server (50-100GB or more).
SUSE Multi-Linux Manager offers a smart and modern way to manage Linux systems, making it a must-have for IT teams dealing with mixed Linux environments.
![Thumbnail [60x60]](https://www.dbi-services.com/blog/wp-content/uploads/2023/05/STM_web_min.jpg)
![Thumbnail [90x90]](https://www.dbi-services.com/blog/wp-content/uploads/2022/08/ABE_web-min-scaled.jpg)