[root@ibmpvc01 usr]# subscription-manager list
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+
Product Name:   Red Hat Enterprise Linux for x86_64
Product ID:     479
Version:        8.4
Arch:           x86_64
Status:         Unknown
Status Details:
Starts:
Ends:


WARNING

The yum/dnf plugins: /etc/dnf/plugins/subscription-manager.conf were automatically enabled for the 
benefit of Red Hat Subscription Management. If not desired, use 
"subscription-manager config --rhsm.auto_enable_yum_plugins=0" to block this behavior.

[root@lnx01 ~]# subscription-manager status
+-------------------------------------------+
   System Status Details
+-------------------------------------------+
Overall Status: Unknown

System Purpose Status: Unknown

Two solutions

• in the plugin configuration file disable plugin

# vim /etc/yum/pluginconf.d/subscription-manager.conf
enabled=0

• register to the satellite

# subscription-manager unsubscribe --all
# subscription-manager remove --all
# subscription-manager unregister
# subscription-manager clean
# dnf clean all

# subscription-manager register
# subscription-manager refresh
# subscription-manager list --available --all
# subscription-manager attach --pool=<POOL_ID>

Or Register and automatically subscribe in one step

Use the following command to register the system, then automatically associate any available subscription matching that system:

# subscription-manager register --username <username> --password <password> --auto-attach

Or

# subscription-manager register --serverurl https://subscription.rhsm.redhat.com:443/subscription --proxy http://<proxy>:8080 --proxyuser user01 --proxypassword XXXXXXXXXX --username xxxxxxx --password XXXXX

Lock your updates to a specific version

# subscription-manager release --set 7.6

If you want to activate additionnal repositories

# yum repolist all

repo id                     repo name                                            status
C5.0-base                   CentOS-5.0 - Base                                    disabled
C5.0-centosplus             CentOS-5.0 - Plus                                    disabled
C5.0-extras                 CentOS-5.0 - Extras                                  disabled
base                        CentOS-5 - Base                                      enabled:  2,725
epel                        Extra Packages for Enterprise Linux 5 - i386         enabled:  5,783
extras                      CentOS-5 - Extras                                    enabled:    282

# subscription-manager repos --enable=C5.0-base

SMT is:

• Central licence manager
• central repository for local clients

On client install only smt-client package.

On SMT server

install the following packages: smt-support yast2-smt smt patterns-smt smt-client
systemctl enable/start smt.target

Repository for local mirror (about 80GB) is:

"/srv/www/htdocs/repo"

Default vaule is set into /etc/smt.conf

MirrorTo=/srv/www/htdocs

smt-repos -m : repositories that are MIRRORABLE
smt-repos -o : repositories that are enable 
smt-repos -e SLES12-SP2-Installer-Updates sle-12-x86_64 : enable a repository for mirroring
smt-repos -d REPOSITORY_NAME TARGET : disable from list
smt-repos --delete REPOSITORY : delete from disk

For example, to enable all repositories belonging to SUSE Linux Enterprise Server 10 SP4 for PowerPC architecture, use the following command:

smt-repos -p SUSE-Linux-Enterprise-Server-SP4,10,ppc

The list of known products can be obtained with the smt-list-products

Listing SMT-registered client machines, use the smt-list-registrations

Over the last few days, I suddenly started to receive SMT registration errors by e-mail. SMT is a SuSE/Novell service to register SuSE Linux clients and to create local patch mirrors.

After some investigation, the following logfile showed the exact same errors as sent by e-mail:

# tailf /var/log/smt/smt-register.log
2012-03-06 07:35:48 SMT::NCCRegTools - [info]  Register 1 new clients.
2012-03-06 07:35:49 SMT::NCCRegTools - [error]  Invalid response:500 Access to 'http' URIs has been disabled
2012-03-06 07:50:47 SMT::NCCRegTools - [info]  Register 1 new clients.
2012-03-06 07:50:48 SMT::NCCRegTools - [error]  Invalid response:500 Access to 'http' URIs has been disabled

As one can see, the errors repeat every 15min. So there must be a cronjob launching this thing. The cronjob was found within the /etc/cron.d folder:

# cat /etc/cron.d/novell.com-smt
*/15 * * * * root /usr/lib/SMT/bin/smt-repeated-register
0 1 * * * root /usr/lib/SMT/bin/smt-daily
0 2 * * * root /usr/lib/SMT/bin/smt-run-jobqueue-cleanup
0 5 * * 1 root /usr/lib/SMT/bin/smt-gen-report

So it is the script /usr/lib/SMT/bin/smt-repeated-register which causes troubles… This script basically checks if a proxy connection should be used and then launches the following command:

/usr/sbin/smt-register -r -L /var/log/smt/smt-register.log --mail

Once executed manually, nothing happened, it seemed to be blocked somewhere. Fortunately there is a debug mode to see what's going on:

# smt-register --debug

Register 1 new clients.
Register 'xxx'
SEND TO: https://secure-www.novell.com/center/regsvc?command=bulkop&lang=en-US&version=1.0
XML:
<?xml version="1.0" encoding="UTF-8"?>
<bulkop xmlns="http://www.novell.com/xml/center/regsvc-1_0" lang="en" client_version="1.2.3"><register force="batch"><guid>xxx</guid><host /><authuser>xxx</authuser><authpass>xxx</authpass><smtguid>xxx</smtguid><product version="11.1" release="DVD" arch="x86_64">SUSE_SLES</product><param id="ostarget">sle-11-x86_64</param><param id="ostarget-bak"><![CDATA["SUSE Linux Enterprise Server 11 (x86_64)"]]></param><param id="platform">x86_64</param><param id="processor">x86_64</param><param id="secret">xxx</param><param id="timezone">Europe/Zurich</param><param id="email">xxx@example.com</param></register></bulkop>
Result: 302 Moved Temporarily
Redirected to http://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
SEND TO: http://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
XML:
<?xml version="1.0" encoding="UTF-8"?>
<bulkop xmlns="http://www.novell.com/xml/center/regsvc-1_0" lang="en" client_version="1.2.3"><register force="batch"><guid>xxx</guid><host /><authuser>xxx</authuser><authpass>xxx</authpass><smtguid>xxx</smtguid><product version="11.1" release="DVD" arch="x86_64">SUSE_SLES</product><param id="ostarget">sle-11-x86_64</param><param id="ostarget-bak"><![CDATA["SUSE Linux Enterprise Server 11 (x86_64)"]]></param><param id="platform">x86_64</param><param id="processor">x86_64</param><param id="secret">xxx</param><param id="timezone">Europe/Zurich</param><param id="email">xxx@example.com</param></register></bulkop>
Result: 500 Access to 'http' URIs has been disabled
Invalid response:500 Access to 'http' URIs has been disabled

So the problem is that the accessed URL (https://secure-www.novell.com/center/regsvc) is forwarding the request to a non-https URL (http://www.novell.com/xml/center/regsvc-1_0). This causes a problem because the smt-register (perl-)script requires the https protocol (take a look at line 82):

81: my $useragent = SMT::Utils::createUserAgent(keep_alive => 1);
82: $useragent->protocols_allowed( [ 'https' ] );
83: $useragent->default_headers->push_header('Content-Type' => 'text/xml');

I experimented by adding the protocol http into the protocols_allowed array but this only caused another error:

2012-03-06 09:05:47 SMT::NCCRegTools - [info]  Register 1 new clients.
2012-03-06 09:05:49 SMT::NCCRegTools - [error]  Invalid response:409 Conflict

So this isn't the solution.

Then I wondered how the smt-register script knew that it should send the requests to https://secure-www.novell.com - this was nowhere marked in /etc/smt.conf. A short grep later I found this satisfying information:

# grep "secure-www.novell.com" /etc/*
/etc/smt.conf.rpmnew:NURegUrl=https://secure-www.novell.com/center/regsvc/
/etc/suseRegister.conf:url = https://secure-www.novell.com/center/regsvc
/etc/suseRegister.conf-2009-11-11:url = https://secure-www.novell.com/center/regsvc/

So in the file /etc/smt.conf.rpmnew there was a variable NURegUrl, but in the main config file /etc/smt.conf there was none. Strange… There may be several reasons for that. Maybe only since a couple of days this parameter-URL is required, or some other admin accidently removed the line from the config file… who knows.

Anyway, by adding the line into the [NU] section of /etc/smt.conf everything worked fine again: