openSUSE and SUSE Linux Enterprise: YaST Administration and zypper Package Management
SUSE's Tooling Takes Getting Used To
SUSE Linux (openSUSE Leap, openSUSE Tumbleweed, and the commercial SUSE Linux Enterprise) has its own administration philosophy. YaST — Yet Another Setup Tool — centralizes nearly everything. zypper handles packages differently from apt or dnf. And SUSE's release model has no direct equivalent elsewhere.
This guide covers the practical administration you'll need: package management, repository setup, and system configuration with YaST.
The SUSE Linux Family
| Distribution | Description | Target |
|---|---|---|
| openSUSE Leap | Regular releases, tracks SLE | Workstations, servers |
| openSUSE Tumbleweed | Rolling release | Up-to-date workstations, CI |
| SUSE Linux Enterprise (SLE) | Commercial, certified, long-term | Enterprise production |
Leap and SLE share the same core packages — code flows from SLE to Leap. Tumbleweed is a separate rolling-release track.
zypper: Package Management
zypper is SUSE's package manager. It's equivalent to apt or dnf but with different flags.
Basic Operations
# Update repository metadata
sudo zypper refresh
sudo zypper ref # shorthand
# List available updates
sudo zypper list-updates
sudo zypper lu # shorthand
# Apply all updates
sudo zypper update
sudo zypper up
# Install a package
sudo zypper install nginx
sudo zypper in nginx # shorthand
# Remove a package
sudo zypper remove nginx
sudo zypper rm nginx
# Search for a package
zypper search nginx
zypper se nginx
# Show package info
zypper info nginx
# List installed packages
zypper packages --installed-only
zypper pa -i
# Find which package provides a file
zypper what-provides /usr/sbin/nginx
zypper wp /usr/sbin/nginx
Patches (SUSE's Security Update Mechanism)
SUSE distinguishes between packages (individual RPMs) and patches (advisories that may update multiple packages). Patch-level management is how you apply security fixes properly.
# List available patches
zypper list-patches
zypper lp
# Apply security patches only
sudo zypper patch --category security
# Apply all patches
sudo zypper patch
# Show details of a specific patch
zypper patch-info <patch-name>
# Check if a reboot is needed
sudo zypper needs-rebooting
Locks: Preventing Package Updates
# Lock a package version (prevent updates)
sudo zypper addlock nginx
sudo zypper al nginx
# List locks
zypper locks
zypper ll
# Remove a lock
sudo zypper removelock nginx
sudo zypper rl nginx
Repository Management
Adding and Managing Repositories
# List configured repositories
zypper repos
zypper lr
# Add a repository by URL
sudo zypper addrepo https://download.opensuse.org/repositories/home:/user/openSUSE_Leap_15.6/ home-user
sudo zypper ar https://download.opensuse.org/repositories/home:/user/openSUSE_Leap_15.6/ home-user
# Add with auto-refresh enabled
sudo zypper ar --refresh https://example.com/repo myrepo
# Remove a repository
sudo zypper removerepo home-user
sudo zypper rr home-user
# Enable/disable a repository
sudo zypper modifyrepo --enable home-user
sudo zypper modifyrepo --disable home-user
# Refresh a specific repository
sudo zypper refresh home-user
Official Repositories
For openSUSE Leap 15.6:
# OSS (main free packages)
sudo zypper ar -f https://download.opensuse.org/distribution/leap/15.6/repo/oss/ repo-oss
# Non-OSS (proprietary packages like codecs)
sudo zypper ar -f https://download.opensuse.org/distribution/leap/15.6/repo/non-oss/ repo-non-oss
# Update repositories
sudo zypper ar -f https://download.opensuse.org/update/leap/15.6/oss/ repo-update
# Packman (multimedia codecs — community)
sudo zypper ar -cfp 90 https://ftp.gwdg.de/pub/linux/misc/packman/suse/openSUSE_Leap_15.6/ packman
YaST: Centralized System Administration
YaST is SUSE's GUI and TUI (text-based UI) administration tool. It covers:
- Software management
- Network configuration
- User management
- Storage/partitioning
- Services
- Security settings
- System registration (SLE)
# Launch YaST TUI (text mode — works over SSH)
sudo yast
# Launch specific YaST modules directly
sudo yast software # Package manager
sudo yast firewall # Firewall configuration
sudo yast network # Network interfaces
sudo yast users # User management
sudo yast services-manager # systemd service management
sudo yast disk # Disk/partition management
sudo yast nfs # NFS configuration
sudo yast sysconfig # /etc/sysconfig editor
Key YaST Modules
Software Management (yast software):
- Search, install, remove packages
- Manage patterns (groups of packages for a purpose — e.g., "Web and LAMP Server")
Patterns — install a full workload:
# List available patterns
zypper patterns
# Install a pattern (e.g., minimal server)
sudo zypper install -t pattern minimal_base
# Other useful patterns:
# basic_desktop — minimal desktop
# lamp_server — Apache + MariaDB + PHP
# container_runtime — Docker/Podman
# yast2_basis — YaST core modules
System Registration (SLE):
# Register SLE with subscription
sudo yast registration
# Or via command line
sudo SUSEConnect -r <registration-code> -e <email>
# List available extensions/modules
sudo SUSEConnect --list-extensions
# Activate an extension (e.g., Containers Module)
sudo SUSEConnect -p sle-module-containers/15.6/x86_64
firewalld on SUSE
SUSE uses firewalld (same as RHEL):
# Check status
sudo firewall-cmd --state
# List active zones and rules
sudo firewall-cmd --list-all
# Allow a service
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
# Allow a specific port
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload
# Allow a service in a specific zone
sudo firewall-cmd --zone=public --permanent --add-service=http
Or configure via YaST: sudo yast firewall
System Configuration: /etc/sysconfig
SUSE has a SUSE-specific layer of configuration files under /etc/sysconfig/. These are shell-variable format files that feed into systemd and init scripts.
# View network configuration
cat /etc/sysconfig/network/ifcfg-eth0
# Network interface config example
BOOTPROTO='static'
IPADDR='192.168.1.100/24'
GATEWAY='192.168.1.1'
STARTMODE='auto'
NAME='eth0'
# After editing, restart network
sudo systemctl restart network
# Or use YaST (safer — validates config)
sudo yast network
Snapper: File System Snapshots
SUSE installs Btrfs by default and integrates snapper for automatic snapshots before/after package operations. This gives you rollback capability.
# List existing snapshots
sudo snapper list
# Create a manual snapshot
sudo snapper create --description "Before config change"
# Compare snapshots
sudo snapper diff 1..2
# Rollback to a previous snapshot (requires reboot)
sudo snapper rollback 3
# Configure snapshot retention
sudo snapper -c root set-config "NUMBER_LIMIT=10" "NUMBER_LIMIT_IMPORTANT=4"
Every zypper install/update automatically creates a pre/post snapshot pair — if an update breaks something, roll back to the pre-snapshot state.
Useful One-Liners
# Check SUSE version
cat /etc/os-release
# Verify package integrity (all installed packages)
sudo rpm -Va 2>/dev/null | grep -v "^......G"
# Find what package owns a file
rpm -qf /usr/bin/nginx
# List files installed by a package
rpm -ql nginx
# Show changelog for a package
rpm -q --changelog nginx | head -20
# System health check via supportconfig (generates tarball for SUSE support)
sudo supportconfig
openSUSE vs SLE Cheat Sheet
| Task | openSUSE | SLE |
|---|---|---|
| Register system | Not required | SUSEConnect -r <code> |
| Get security patches | zypper patch | zypper patch |
| Add repos | OBS or manual URL | SUSEConnect -p <module> |
| Long-term support | Leap: ~18 months | SLE: 10+ years (LTSS) |
| Rollback support | Snapper (Btrfs) | Snapper (Btrfs) |
| Container runtime | zypper in podman | Containers Module via SUSEConnect |
SUSE's tooling — YaST, zypper, snapper — is distinctive but coherent once you understand the model. The snapshot-before-update workflow in particular is something most other distros don't offer out of the box.
Was this article helpful?
Linux Systems Engineer
Everything runs on Linux — I make sure it runs well. From kernel tuning to systemd debugging, I live in the terminal. If your server is misbehaving, I've probably seen that exact dmesg output before.
Related Articles
Alpine Linux apk Reference: Package Management, Repositories, and System Administration
A complete reference for Alpine Linux's apk package manager — adding packages, managing repositories, pinning versions, building custom packages, and running Alpine as a minimal server OS.
openSUSE MicroOS and Transactional Updates: Atomic System Updates with Btrfs Snapshots
How openSUSE's transactional-update and Btrfs snapshot integration enables atomic, rollback-safe system updates — and how MicroOS takes this to a fully immutable, container-optimized OS.
Linux Package Management: apt, dnf, and zypper Compared
Install, update, and manage packages across Ubuntu (apt), RHEL (dnf/yum), and SUSE (zypper) — repositories, GPG keys, version pinning, and automation.
RHEL 9 Performance Tuning: tuned, sysctl, and CPU/Memory Optimization
How to tune RHEL 9 performance using tuned profiles, sysctl parameters, CPU governors, NUMA topology, and memory settings — for database servers, web workloads, and latency-sensitive applications.
RHEL 9 Subscription Manager: Attaching Entitlements, Enabling Repos, and Going Offline
A practical guide to RHEL 9's subscription management — attaching entitlements, enabling the right repositories, creating local mirrors for air-gapped environments, and managing subscriptions at scale.
Migrating from CentOS to Rocky Linux: A Practical Conversion Guide
How to migrate existing CentOS 7/8 servers to Rocky Linux 8 or 9 using the migrate2rocky script — including pre-migration checks, the migration process itself, and post-migration validation steps.
More in Linux
View all →Linux Control Groups (cgroups V2): Limiting CPU And Memory For Production Workloads
If you're running production workloads without cgroup constraints, you're one runaway process away from a bad day. Here's everything you need to configure...
Alpine Linux for Docker: Building Minimal, Secure Container Images
How to use Alpine Linux as a Docker base image effectively — understanding musl libc compatibility, multi-stage builds, layer optimization, and the security trade-offs versus glibc-based distributions.
Rocky Linux 9 Server Hardening: Security Baseline from First Boot
A production security baseline for Rocky Linux 9 — covering SELinux configuration, firewalld rules, SSH hardening, auditd, AIDE integrity checking, and CIS Benchmark compliance checks.
Ubuntu 24.04 LTS Server Setup for Production: From Bare Metal to Hardened Baseline
A complete walkthrough for turning a fresh Ubuntu 24.04 LTS installation into a production-ready server — from initial SSH lockdown to swap configuration and kernel parameter tuning.