Ansible on SUSE Linux Enterprise Server 16 Automation Complete Guide
By Luca Berton · Published 2024-01-01 · Category: installation
Automate SLES 16 with Ansible: zypper, SUSEConnect, AppArmor, firewalld, transactional updates, SAP HANA, image-based deployments.
SUSE Linux Enterprise Server 16 is SUSE's next major LTS, released in 2025. It introduces kernel 6.12, Python 3.13, immutable-by-default transactional updates, full image-based deployment, OpenSSH 9.9, and Podman 5. General support runs through 2031, LTSS through 2035. This is the master Ansible guide for SLES 16.
SLES 16 release facts
| Item | Value | |---|---| | GA | 2025-Q4 | | General support | until 2031 | | LTSS | until 2035 | | Default kernel | 6.12 | | Default Python | 3.13 | | Default mode | transactional (immutable) | | Container engine | Podman 5 | | Default firewall | firewalld + nftables |
See also: Ansible on SUSE Linux Enterprise Server 15 SP6 Automation Complete Guide
Ansible-core compatibility
Use ansible-core 2.18 LTS or 2.20.
Inventory
[sles16]
sles16-01.example.com
[sles16:vars]
ansible_user=ec2-user
ansible_python_interpreter=/usr/bin/python3
See also: Ansible on openSUSE Leap 15.6 Automation Complete Guide
Baseline playbook
- name: SLES 16 baseline
hosts: sles16
become: true
tasks:
- name: Register with SCC
ansible.builtin.command: SUSEConnect -r {{ scc_regcode }} -e {{ scc_email }}
args:
creates: /etc/zypp/credentials.d/SCCcredentials
- name: Apply transactional update with packages installed
ansible.builtin.command: |
transactional-update --non-interactive pkg install vim chrony firewalld apparmor-utils cockpit podman
register: tu
changed_when: "'New default snapshot' in tu.stdout"
- name: Reboot to staged snapshot
ansible.builtin.reboot:
when: tu.changed
Transactional update orchestration
- name: Patch SLES 16 fleet (transactional)
hosts: sles16
become: true
serial: 25%
tasks:
- name: transactional-update up
ansible.builtin.command: transactional-update --non-interactive up
register: tu
changed_when: "'New default snapshot' in tu.stdout"
- name: Reboot
ansible.builtin.reboot:
when: tu.changed
- name: Verify snapshot active
ansible.builtin.command: snapper list
register: sn
changed_when: false
See also: Ansible on openSUSE Tumbleweed Automation Complete Guide
Image-based provisioning (SLE Micro lineage)
- name: Pull new SLES 16 image
hosts: sles16
become: true
tasks:
- name: bootc switch
ansible.builtin.command: bootc switch registry.suse.com/suse/sles16:latest
register: bs
changed_when: "'Image' in bs.stdout"
- name: Reboot
ansible.builtin.reboot:
when: bs.changed
SAP HANA on SLES 16
- name: SAP tunings on SLES 16
hosts: sles16_sap
become: true
tasks:
- name: Install SAP pattern via transactional-update
ansible.builtin.command: |
transactional-update --non-interactive pkg install -t pattern sap_server
register: tu
changed_when: "'New default snapshot' in tu.stdout"
- name: Reboot
ansible.builtin.reboot:
when: tu.changed
- name: Apply HANA tuning
ansible.builtin.command: saptune solution apply HANA
Best practices
• Treat SLES 16 as immutable: every change is a transactional update; rollbacks aresnapper rollback.
• Use bootc for greenfield image-based fleets; transactional-update for upgrades on existing nodes.
• For SAP, always run saptune verify after tuning.
Conclusion
SLES 16 doubles down on transactional updates and image mode. Ansible coordinates the snapshot-then-reboot flow rather than mutating files directly, which makes rollbacks deterministic and disaster recovery far simpler.
Category: installation