Differences

This shows you the differences between two versions of the page.

--- linux:lnx_subscription [2021/09/23 15:44]
manu created
+++ linux:lnx_subscription [2023/11/15 18:15] (current)
manu [Add subscription]
@@ Line 4: / Line 4: @@
 ==== subscription ====
+<cli prompt='#'>
+[root@ibmpvc01 usr]# subscription-manager list
++-------------------------------------------+
+    Installed Product Status
++-------------------------------------------+
+Product Name:   Red Hat Enterprise Linux for x86_64
+Product ID:     479
+Version:        8.4
+Arch:           x86_64
+Status:         Unknown
+Status Details:
+Starts:
+Ends:
+WARNING
+The yum/dnf plugins: /etc/dnf/plugins/subscription-manager.conf were automatically enabled for the
+benefit of Red Hat Subscription Management. If not desired, use
+"subscription-manager config --rhsm.auto_enable_yum_plugins=0" to block this behavior.
+</cli>
+==== subscription status ====
+<cli prompt='#'>
+[root@lnx01 ~]# subscription-manager status
++-------------------------------------------+
+   System Status Details
++-------------------------------------------+
+Overall Status: Unknown
+System Purpose Status: Unknown
+</cli>
 ==== disable subscription ====
@@ Line 10: / Line 44: @@
   * in the plugin configuration file disable plugin
-<cli>
+<cli prompt='#'>
-    vim /etc/yum/pluginconf.d/subscription-manager.conf
+# vim /etc/yum/pluginconf.d/subscription-manager.conf
+enabled=0
+</cli>
+  * register to the satellite
-    enabled=0
+==== Remove subscription ====
+<cli prompt='#'>
+# subscription-manager unsubscribe --all
+# subscription-manager remove --all
+# subscription-manager unregister
+# subscription-manager clean
+# dnf clean all
 </cli>
-  * register to the satellit
+==== Add subscription ====
+<cli prompt='#'>
+# subscription-manager register
+# subscription-manager refresh
+# subscription-manager list --available --all
+# subscription-manager attach --pool=<POOL_ID>
+</cli>
+Or Register and automatically subscribe in one step
+Use the following command to register the system, then automatically associate any available subscription matching that system:
+<cli prompt='#'>
+# subscription-manager register --username <username> --password <password> --auto-attach
+</cli>
+Or
+<cli prompt='#'>
+# subscription-manager register --serverurl https://subscription.rhsm.redhat.com:443/subscription --proxy http://<proxy>:8080 --proxyuser user01 --proxypassword XXXXXXXXXX --username xxxxxxx --password XXXXX
+</cli>
+==== lock version ====
+Lock your updates to a specific version
+<cli prompt='#'>
+# subscription-manager release --set 7.6
+</cli>
+==== Activate repositories ====
+If you want to activate additionnal repositories
+<cli prompt='#'>
+# yum repolist all
+repo id                     repo name                                            status
+C5.0-base                   CentOS-5.0 - Base                                    disabled
+C5.0-centosplus             CentOS-5.0 - Plus                                    disabled
+C5.0-extras                 CentOS-5.0 - Extras                                  disabled
+base                        CentOS-5 - Base                                      enabled:  2,725
+epel                        Extra Packages for Enterprise Linux 5 - i386         enabled:  5,783
+extras                      CentOS-5 - Extras                                    enabled:    282
+</cli>
+<cli prompt='#'>
+# subscription-manager repos --enable=C5.0-base
+</cli>
+===== Suse =====
+==== subscription ====
+SMT is:
+  * Central licence manager
+  * central repository for local clients
+On client install only **smt-client** package.
+On SMT server
+  install the following packages: smt-support yast2-smt smt patterns-smt smt-client
+  systemctl enable/start smt.target
+Repository for local mirror (about 80GB) is:
+  "/srv/www/htdocs/repo"
+Default vaule is set into /etc/smt.conf
+  MirrorTo=/srv/www/htdocs
+  smt-repos -m : repositories that are MIRRORABLE
+  smt-repos -o : repositories that are enable
+  smt-repos -e SLES12-SP2-Installer-Updates sle-12-x86_64 : enable a repository for mirroring
+  smt-repos -d REPOSITORY_NAME TARGET : disable from list
+  smt-repos --delete REPOSITORY : delete from disk
+For example, to enable all repositories belonging to SUSE Linux Enterprise Server 10 SP4 for PowerPC architecture, use the following command:
+  smt-repos -p SUSE-Linux-Enterprise-Server-SP4,10,ppc
+The list of known products can be obtained with the **smt-list-products**
+Listing SMT-registered client machines, use the **smt-list-registrations**
+=== How to solve SuSE SMT errors (Access to http URIs has been disabled) ===
+Over the last few days, I suddenly started to receive SMT registration errors by e-mail. SMT is a SuSE/Novell service to register SuSE Linux clients and to create local patch mirrors.
+After some investigation, the following logfile showed the exact same errors as sent by e-mail:
+<cli prompt='#'>
+# tailf /var/log/smt/smt-register.log
+-03-06 07:35:48 SMT::NCCRegTools - [info]  Register 1 new clients.
+-03-06 07:35:49 SMT::NCCRegTools - [error]  Invalid response:500 Access to 'http' URIs has been disabled
+-03-06 07:50:47 SMT::NCCRegTools - [info]  Register 1 new clients.
+-03-06 07:50:48 SMT::NCCRegTools - [error]  Invalid response:500 Access to 'http' URIs has been disabled
+</cli>
+As one can see, the errors repeat every 15min. So there must be a cronjob launching this thing.
+The cronjob was found within the /etc/cron.d folder:
+<cli prompt='#'>
+# cat /etc/cron.d/novell.com-smt
+*/15 * * * * root /usr/lib/SMT/bin/smt-repeated-register
+1 * * * root /usr/lib/SMT/bin/smt-daily
+2 * * * root /usr/lib/SMT/bin/smt-run-jobqueue-cleanup
+5 * * 1 root /usr/lib/SMT/bin/smt-gen-report
+</cli>
+So it is the script /usr/lib/SMT/bin/smt-repeated-register which causes troubles... This script basically checks if a proxy connection should be used and then launches the following command:
+<cli prompt='#'>
+/usr/sbin/smt-register -r -L /var/log/smt/smt-register.log --mail
+</cli>
+Once executed manually, nothing happened, it seemed to be blocked somewhere. Fortunately there is a debug mode to see what's going on:
+<cli prompt='#'>
+# smt-register --debug
+</cli>
+<code>
+Register 1 new clients.
+Register 'xxx'
+SEND TO: https://secure-www.novell.com/center/regsvc?command=bulkop&lang=en-US&version=1.0
+XML:
+<?xml version="1.0" encoding="UTF-8"?>
+<bulkop xmlns="http://www.novell.com/xml/center/regsvc-1_0" lang="en" client_version="1.2.3"><register force="batch"><guid>xxx</guid><host /><authuser>xxx</authuser><authpass>xxx</authpass><smtguid>xxx</smtguid><product version="11.1" release="DVD" arch="x86_64">SUSE_SLES</product><param id="ostarget">sle-11-x86_64</param><param id="ostarget-bak"><![CDATA["SUSE Linux Enterprise Server 11 (x86_64)"]]></param><param id="platform">x86_64</param><param id="processor">x86_64</param><param id="secret">xxx</param><param id="timezone">Europe/Zurich</param><param id="email">xxx@example.com</param></register></bulkop>
+Result: 302 Moved Temporarily
+Redirected to http://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
+SEND TO: http://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
+XML:
+<?xml version="1.0" encoding="UTF-8"?>
+<bulkop xmlns="http://www.novell.com/xml/center/regsvc-1_0" lang="en" client_version="1.2.3"><register force="batch"><guid>xxx</guid><host /><authuser>xxx</authuser><authpass>xxx</authpass><smtguid>xxx</smtguid><product version="11.1" release="DVD" arch="x86_64">SUSE_SLES</product><param id="ostarget">sle-11-x86_64</param><param id="ostarget-bak"><![CDATA["SUSE Linux Enterprise Server 11 (x86_64)"]]></param><param id="platform">x86_64</param><param id="processor">x86_64</param><param id="secret">xxx</param><param id="timezone">Europe/Zurich</param><param id="email">xxx@example.com</param></register></bulkop>
+Result: 500 Access to 'http' URIs has been disabled
+Invalid response:500 Access to 'http' URIs has been disabled
+</code>
+So the problem is that the accessed URL (https://secure-www.novell.com/center/regsvc) is forwarding the request to a non-https URL (http://www.novell.com/xml/center/regsvc-1_0). This causes a problem because the smt-register (perl-)script requires the https protocol (take a look at line 82):
+<code>
+: my $useragent = SMT::Utils::createUserAgent(keep_alive => 1);
+: $useragent->protocols_allowed( [ 'https' ] );
+: $useragent->default_headers->push_header('Content-Type' => 'text/xml');
+</code>
+I experimented by adding the protocol http into the protocols_allowed array but this only caused another error:
+<code>
+-03-06 09:05:47 SMT::NCCRegTools - [info]  Register 1 new clients.
+-03-06 09:05:49 SMT::NCCRegTools - [error]  Invalid response:409 Conflict
+</code>
+So this isn't the solution.
+Then I wondered how the smt-register script knew that it should send the requests to https://secure-www.novell.com - this was nowhere marked in /etc/smt.conf. A short grep later I found this satisfying information:
+<cli prompt='#'>
+# grep "secure-www.novell.com" /etc/*
+/etc/smt.conf.rpmnew:NURegUrl=https://secure-www.novell.com/center/regsvc/
+/etc/suseRegister.conf:url = https://secure-www.novell.com/center/regsvc
+/etc/suseRegister.conf-2009-11-11:url = https://secure-www.novell.com/center/regsvc/
+</cli>
+So in the file /etc/smt.conf.rpmnew there was a variable NURegUrl, but in the main config file /etc/smt.conf there was none. Strange... There may be several reasons for that. Maybe only since a couple of days this parameter-URL is required, or some other admin accidently removed the line from the config file... who knows.
+Anyway, by adding the line into the [NU] section of /etc/smt.conf everything worked fine again:
+<cli prompt='#'>
+# cat /etc/smt.conf
+[NU]
+NUUrl = https://nu.novell.com/
+NUUser = xxx
+NUPass = xxx
+NURegUrl=https://secure-www.novell.com/center/regsvc/
+<cli prompt='#'>
+# smt-register --debug
+Register 1 new clients.
+Register 'xxx'
+SEND TO: https://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
+...
+Result: 200 OK
+Registration success: 'xxx'.
+</cli>

wiki

User Tools

Site Tools

Differences

Page Tools