AnsiblePilot — Master Ansible Automation

AnsiblePilot is the leading resource for learning Ansible automation, DevOps, and infrastructure as code. Browse over 1,400 tutorials covering Ansible modules, playbooks, roles, collections, and real-world examples. Whether you are a beginner or an experienced engineer, our step-by-step guides help you automate Linux, Windows, cloud, containers, and network infrastructure.

Popular Topics

About Luca Berton

Luca Berton is an Ansible automation expert, author of 8 Ansible books published by Apress and Leanpub including "Ansible for VMware by Examples" and "Ansible for Kubernetes by Example", and creator of the Ansible Pilot YouTube channel. He shares practical automation knowledge through tutorials, books, and video courses to help IT professionals and DevOps engineers master infrastructure automation.

Ansible on SUSE Linux Enterprise Server 15 SP6 Automation Complete Guide

By Luca Berton · Published 2024-01-01 · Category: installation

Automate SLES 15 SP6 with Ansible: zypper, SUSEConnect, AppArmor, firewalld, transactional updates, SAP HANA, salt-vs-ansible patterns.

SUSE Linux Enterprise Server 15 SP6 (released June 2024) is the current SP of the SLES 15 family. It ships kernel 6.4, Python 3.11, OpenSSH 9.6, systemd 254, and AppArmor. General support runs until 2027-07-31 with LTSS extending to 2031-07-31. SLES is the European enterprise Linux of choice and the dominant platform for SAP HANA workloads. This is the master Ansible guide for SLES 15 SP6.

SLES 15 SP6 release facts

| Item | Value | |---|---| | GA | 2024-06-20 | | General support | until 2027-07-31 | | LTSS | until 2031-07-31 | | Default kernel | 6.4 | | Default Python | 3.11 | | Package manager | zypper | | MAC framework | AppArmor | | Transactional updates | yes (via transactional-update) |

See also: Ansible on SUSE Linux Enterprise Server 16 Automation Complete Guide

Ansible-core compatibility

Use ansible-core 2.18 LTS.

Inventory

[sles15]
sles15-01.corp.example.com
sles15-02.corp.example.com

[sles15:vars]
ansible_user=ec2-user
ansible_python_interpreter=/usr/bin/python3

See also: Ansible on openSUSE Leap 15.6 Automation Complete Guide

Subscription registration

- name: Register SLES with SCC
  hosts: sles15
  become: true
  tasks:
    - name: SUSEConnect register
      ansible.builtin.command: SUSEConnect -r {{ scc_regcode }} -e {{ scc_email }}
      args:
        creates: /etc/zypp/credentials.d/SCCcredentials

Baseline playbook

- name: SLES 15 SP6 baseline
  hosts: sles15
  become: true
  tasks:
    - name: Refresh repos
      community.general.zypper_repository:
        autorefresh: true
        runrefresh: true
        repo: "*"

- name: Update packages
      community.general.zypper:
        name: "*"
        state: latest


- name: Install baseline tools
      community.general.zypper:
        name:
          - vim
          - chrony
          - firewalld
          - apparmor-utils
          - cockpit
          - podman
        state: present


- name: Enable services
      ansible.builtin.service:
        name: "{{ item }}"
        enabled: true
        state: started
      loop: [chronyd, firewalld, cockpit.socket]

See also: Ansible on openSUSE Tumbleweed Automation Complete Guide

AppArmor enforcement

- name: Enforce AppArmor
  hosts: sles15
  become: true
  tasks:
    - name: Enable AppArmor service
      ansible.builtin.service: { name: apparmor, enabled: true, state: started }

- name: Set all profiles to enforce
      ansible.builtin.command: aa-enforce /etc/apparmor.d/*
      register: aa
      changed_when: "'Setting' in aa.stdout"

Transactional updates

- name: Apply transactional update
  hosts: sles15
  become: true
  tasks:
    - name: transactional-update apply
      ansible.builtin.command: transactional-update --non-interactive up
      register: tu
      changed_when: "'New default snapshot' in tu.stdout"

- name: Reboot to new snapshot
      ansible.builtin.reboot:
      when: tu.changed

SAP HANA prep tasks

- name: Apply SAP tunings
  hosts: sles15_sap
  become: true
  tasks:
    - name: Install SAP pattern
      community.general.zypper:
        name: patterns-server-enterprise-sap_server
        state: present
        type: pattern

- name: Apply HANA sapconf profile
      ansible.builtin.command: saptune solution apply HANA
      register: st
      changed_when: "'has been applied' in st.stdout"

Best practices

• Always use transactional-update on SLE Micro / immutable variants and prefer it on standard SLES too — every change becomes a btrfs snapshot. • Use saptune profiles via Ansible for SAP workloads instead of hand-rolled sysctl. • Pin AppArmor profiles in /etc/apparmor.d/ and version them in Git.

Conclusion

SLES 15 SP6 with ansible-core 2.18 covers the bulk of European enterprise and SAP automation. Combine community.general.zypper, AppArmor enforcement, transactional updates, and saptune for a complete SLES baseline.

Category: installation

Browse all Ansible tutorials · AnsiblePilot Home