Installation on SUSE & openSUSE
This guide covers installing the PatchCTL agent on SUSE-based distributions.
Supported Versions
| Distribution | Versions |
|---|---|
| SUSE Linux Enterprise | 15 SP4, 15 SP5, 15 SP6 |
| openSUSE Leap | 15.4, 15.5, 15.6 |
| openSUSE Tumbleweed | Rolling (latest) |
Quick Install
Run the automated installer:
curl -fsSL https://downloads.patchctl.com/install.sh | sudo bash -s -- --key=YOUR_LICENSE_KEY
The installer automatically uses the SUSE-compatible binary.
Manual Installation
Step 1: Download the Binary
# Create directory
sudo mkdir -p /opt/patchctl/bin
# Download the SUSE-compatible binary
sudo curl -fsSL -o /opt/patchctl/bin/patchctl-agent \
https://downloads.patchctl.com/latest/patchctl-agent-linux-amd64-suse
# Make executable
sudo chmod +x /opt/patchctl/bin/patchctl-agent
Step 2: Create Configuration
# Create config directory
sudo mkdir -p /etc/patchctl
# Create configuration file
sudo tee /etc/patchctl/config.json > /dev/null << 'EOF'
{
"license_key": "YOUR_LICENSE_KEY",
"api_endpoint": "https://api.patchctl.com",
"heartbeat_interval": 300,
"log_level": "info"
}
EOF
# Secure the config file
sudo chmod 600 /etc/patchctl/config.json
Step 3: Create Systemd Service
sudo tee /etc/systemd/system/patchctl.service > /dev/null << 'EOF'
[Unit]
Description=PatchCTL Agent
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
ExecStart=/opt/patchctl/bin/patchctl-agent
Restart=always
RestartSec=10
User=root
WorkingDirectory=/opt/patchctl
# Hardening
NoNewPrivileges=no
ProtectSystem=full
ProtectHome=read-only
[Install]
WantedBy=multi-user.target
EOF
Step 4: Start the Service
# Reload systemd
sudo systemctl daemon-reload
# Enable and start the agent
sudo systemctl enable patchctl
sudo systemctl start patchctl
# Verify status
sudo systemctl status patchctl
Verification
Check Service Status
sudo systemctl status patchctl
Check Logs
sudo journalctl -u patchctl -f
Verify in Dashboard
Your server should appear in the PatchCTL dashboard within 5 minutes.
SUSE-Specific Notes
Zypper Configuration
The agent uses the system's zypper configuration. Verify your repositories:
# List repositories
sudo zypper repos
# Check for available updates
sudo zypper list-updates
SUSEConnect (SLES)
For SUSE Linux Enterprise, ensure your system is registered:
# Check registration status
sudo SUSEConnect --status
# Register if needed
sudo SUSEConnect -r YOUR_REGISTRATION_CODE
Firewall Configuration
If firewalld or SuSEfirewall2 is enabled:
# Check firewall status (firewalld)
sudo firewall-cmd --state
# Or for SuSEfirewall2
sudo systemctl status SuSEfirewall2
The agent only needs outbound HTTPS, which is typically allowed by default.
Troubleshooting
Zypper Lock Issues
If patching fails due to zypper locks:
# Check for running zypper processes
sudo ps aux | grep zypper
# Remove stale lock (if safe)
sudo rm -f /var/run/zypp.pid
Repository Refresh Errors
If the agent can't check for updates:
# Refresh all repositories
sudo zypper refresh
# Clean cache if needed
sudo zypper clean --all
AppArmor Issues
If AppArmor is blocking the agent:
# Check AppArmor status
sudo aa-status
# If needed, set patchctl-agent to complain mode
sudo aa-complain /opt/patchctl/bin/patchctl-agent