DevOpsil
Linux
87%
Needs Review

openSUSE and SUSE Linux Enterprise: YaST Administration and zypper Package Management

Raafay AsifRaafay Asif6 min read

SUSE's Tooling Takes Getting Used To

SUSE Linux (openSUSE Leap, openSUSE Tumbleweed, and the commercial SUSE Linux Enterprise) has its own administration philosophy. YaST — Yet Another Setup Tool — centralizes nearly everything. zypper handles packages differently from apt or dnf. And SUSE's release model has no direct equivalent elsewhere.

This guide covers the practical administration you'll need: package management, repository setup, and system configuration with YaST.


The SUSE Linux Family

DistributionDescriptionTarget
openSUSE LeapRegular releases, tracks SLEWorkstations, servers
openSUSE TumbleweedRolling releaseUp-to-date workstations, CI
SUSE Linux Enterprise (SLE)Commercial, certified, long-termEnterprise production

Leap and SLE share the same core packages — code flows from SLE to Leap. Tumbleweed is a separate rolling-release track.


zypper: Package Management

zypper is SUSE's package manager. It's equivalent to apt or dnf but with different flags.

Basic Operations

# Update repository metadata
sudo zypper refresh
sudo zypper ref            # shorthand

# List available updates
sudo zypper list-updates
sudo zypper lu             # shorthand

# Apply all updates
sudo zypper update
sudo zypper up

# Install a package
sudo zypper install nginx
sudo zypper in nginx       # shorthand

# Remove a package
sudo zypper remove nginx
sudo zypper rm nginx

# Search for a package
zypper search nginx
zypper se nginx

# Show package info
zypper info nginx

# List installed packages
zypper packages --installed-only
zypper pa -i

# Find which package provides a file
zypper what-provides /usr/sbin/nginx
zypper wp /usr/sbin/nginx

Patches (SUSE's Security Update Mechanism)

SUSE distinguishes between packages (individual RPMs) and patches (advisories that may update multiple packages). Patch-level management is how you apply security fixes properly.

# List available patches
zypper list-patches
zypper lp

# Apply security patches only
sudo zypper patch --category security

# Apply all patches
sudo zypper patch

# Show details of a specific patch
zypper patch-info <patch-name>

# Check if a reboot is needed
sudo zypper needs-rebooting

Locks: Preventing Package Updates

# Lock a package version (prevent updates)
sudo zypper addlock nginx
sudo zypper al nginx

# List locks
zypper locks
zypper ll

# Remove a lock
sudo zypper removelock nginx
sudo zypper rl nginx

Repository Management

Adding and Managing Repositories

# List configured repositories
zypper repos
zypper lr

# Add a repository by URL
sudo zypper addrepo https://download.opensuse.org/repositories/home:/user/openSUSE_Leap_15.6/ home-user
sudo zypper ar https://download.opensuse.org/repositories/home:/user/openSUSE_Leap_15.6/ home-user

# Add with auto-refresh enabled
sudo zypper ar --refresh https://example.com/repo myrepo

# Remove a repository
sudo zypper removerepo home-user
sudo zypper rr home-user

# Enable/disable a repository
sudo zypper modifyrepo --enable home-user
sudo zypper modifyrepo --disable home-user

# Refresh a specific repository
sudo zypper refresh home-user

Official Repositories

For openSUSE Leap 15.6:

# OSS (main free packages)
sudo zypper ar -f https://download.opensuse.org/distribution/leap/15.6/repo/oss/ repo-oss

# Non-OSS (proprietary packages like codecs)
sudo zypper ar -f https://download.opensuse.org/distribution/leap/15.6/repo/non-oss/ repo-non-oss

# Update repositories
sudo zypper ar -f https://download.opensuse.org/update/leap/15.6/oss/ repo-update

# Packman (multimedia codecs — community)
sudo zypper ar -cfp 90 https://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Leap_15.6/ packman

YaST: Centralized System Administration

YaST is SUSE's GUI and TUI (text-based UI) administration tool. It covers:

  • Software management
  • Network configuration
  • User management
  • Storage/partitioning
  • Services
  • Security settings
  • System registration (SLE)
# Launch YaST TUI (text mode — works over SSH)
sudo yast

# Launch specific YaST modules directly
sudo yast software          # Package manager
sudo yast firewall          # Firewall configuration
sudo yast network           # Network interfaces
sudo yast users             # User management
sudo yast services-manager  # systemd service management
sudo yast disk              # Disk/partition management
sudo yast nfs               # NFS configuration
sudo yast sysconfig         # /etc/sysconfig editor

Key YaST Modules

Software Management (yast software):

  • Search, install, remove packages
  • Manage patterns (groups of packages for a purpose — e.g., "Web and LAMP Server")

Patterns — install a full workload:

# List available patterns
zypper patterns

# Install a pattern (e.g., minimal server)
sudo zypper install -t pattern minimal_base

# Other useful patterns:
# basic_desktop — minimal desktop
# lamp_server — Apache + MariaDB + PHP
# container_runtime — Docker/Podman
# yast2_basis — YaST core modules

System Registration (SLE):

# Register SLE with subscription
sudo yast registration

# Or via command line
sudo SUSEConnect -r <registration-code> -e <email>

# List available extensions/modules
sudo SUSEConnect --list-extensions

# Activate an extension (e.g., Containers Module)
sudo SUSEConnect -p sle-module-containers/15.6/x86_64

firewalld on SUSE

SUSE uses firewalld (same as RHEL):

# Check status
sudo firewall-cmd --state

# List active zones and rules
sudo firewall-cmd --list-all

# Allow a service
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

# Allow a specific port
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

# Allow a service in a specific zone
sudo firewall-cmd --zone=public --permanent --add-service=http

Or configure via YaST: sudo yast firewall


System Configuration: /etc/sysconfig

SUSE has a SUSE-specific layer of configuration files under /etc/sysconfig/. These are shell-variable format files that feed into systemd and init scripts.

# View network configuration
cat /etc/sysconfig/network/ifcfg-eth0

# Network interface config example
BOOTPROTO='static'
IPADDR='192.168.1.100/24'
GATEWAY='192.168.1.1'
STARTMODE='auto'
NAME='eth0'

# After editing, restart network
sudo systemctl restart network

# Or use YaST (safer — validates config)
sudo yast network

Snapper: File System Snapshots

SUSE installs Btrfs by default and integrates snapper for automatic snapshots before/after package operations. This gives you rollback capability.

# List existing snapshots
sudo snapper list

# Create a manual snapshot
sudo snapper create --description "Before config change"

# Compare snapshots
sudo snapper diff 1..2

# Rollback to a previous snapshot (requires reboot)
sudo snapper rollback 3

# Configure snapshot retention
sudo snapper -c root set-config "NUMBER_LIMIT=10" "NUMBER_LIMIT_IMPORTANT=4"

Every zypper install/update automatically creates a pre/post snapshot pair — if an update breaks something, roll back to the pre-snapshot state.


Useful One-Liners

# Check SUSE version
cat /etc/os-release

# Verify package integrity (all installed packages)
sudo rpm -Va 2>/dev/null | grep -v "^......G"

# Find what package owns a file
rpm -qf /usr/bin/nginx

# List files installed by a package
rpm -ql nginx

# Show changelog for a package
rpm -q --changelog nginx | head -20

# System health check via supportconfig (generates tarball for SUSE support)
sudo supportconfig

openSUSE vs SLE Cheat Sheet

TaskopenSUSESLE
Register systemNot requiredSUSEConnect -r <code>
Get security patcheszypper patchzypper patch
Add reposOBS or manual URLSUSEConnect -p <module>
Long-term supportLeap: ~18 monthsSLE: 10+ years (LTSS)
Rollback supportSnapper (Btrfs)Snapper (Btrfs)
Container runtimezypper in podmanContainers Module via SUSEConnect

SUSE's tooling — YaST, zypper, snapper — is distinctive but coherent once you understand the model. The snapshot-before-update workflow in particular is something most other distros don't offer out of the box.

Share:

Was this article helpful?

Raafay Asif
Raafay Asif

Linux Systems Engineer

Everything runs on Linux — I make sure it runs well. From kernel tuning to systemd debugging, I live in the terminal. If your server is misbehaving, I've probably seen that exact dmesg output before.

Related Articles

More in Linux

View all →

Discussion