====== Linux subscriptions ======

===== Redhat =====

==== subscription ====

<cli prompt='#'>
[root@ibmpvc01 usr]# subscription-manager list
+-------------------------------------------+
    Installed Product Status
+-------------------------------------------+
Product Name:   Red Hat Enterprise Linux for x86_64
Product ID:     479
Version:        8.4
Arch:           x86_64
Status:         Unknown
Status Details:
Starts:
Ends:


WARNING

The yum/dnf plugins: /etc/dnf/plugins/subscription-manager.conf were automatically enabled for the 
benefit of Red Hat Subscription Management. If not desired, use 
"subscription-manager config --rhsm.auto_enable_yum_plugins=0" to block this behavior.
</cli>

==== subscription status ====

<cli prompt='#'>
[root@lnx01 ~]# subscription-manager status
+-------------------------------------------+
   System Status Details
+-------------------------------------------+
Overall Status: Unknown

System Purpose Status: Unknown
</cli>

==== disable subscription ====

Two solutions

  * in the plugin configuration file disable plugin
<cli prompt='#'>
# vim /etc/yum/pluginconf.d/subscription-manager.conf
enabled=0
</cli>
  * register to the satellite

==== Remove subscription ====

<cli prompt='#'>
# subscription-manager unsubscribe --all
# subscription-manager remove --all
# subscription-manager unregister
# subscription-manager clean
# dnf clean all
</cli>

==== Add subscription ====

<cli prompt='#'>
# subscription-manager register
# subscription-manager refresh
# subscription-manager list --available --all
# subscription-manager attach --pool=<POOL_ID>
</cli>

Or Register and automatically subscribe in one step

Use the following command to register the system, then automatically associate any available subscription matching that system:
<cli prompt='#'>
# subscription-manager register --username <username> --password <password> --auto-attach
</cli>

Or 

<cli prompt='#'>
# subscription-manager register --serverurl https://subscription.rhsm.redhat.com:443/subscription --proxy http://<proxy>:8080 --proxyuser user01 --proxypassword XXXXXXXXXX --username xxxxxxx --password XXXXX
</cli>

==== lock version ====

Lock your updates to a specific version
<cli prompt='#'>
# subscription-manager release --set 7.6
</cli>

==== Activate repositories ====

If you want to activate additionnal repositories
<cli prompt='#'>
# yum repolist all

repo id                     repo name                                            status
C5.0-base                   CentOS-5.0 - Base                                    disabled
C5.0-centosplus             CentOS-5.0 - Plus                                    disabled
C5.0-extras                 CentOS-5.0 - Extras                                  disabled
base                        CentOS-5 - Base                                      enabled:  2,725
epel                        Extra Packages for Enterprise Linux 5 - i386         enabled:  5,783
extras                      CentOS-5 - Extras                                    enabled:    282
</cli>

<cli prompt='#'>
# subscription-manager repos --enable=C5.0-base
</cli>
===== Suse =====

==== subscription ====

SMT is:
  * Central licence manager
  * central repository for local clients


On client install only **smt-client** package.

On SMT server
  install the following packages: smt-support yast2-smt smt patterns-smt smt-client
  systemctl enable/start smt.target
  
Repository for local mirror (about 80GB) is:
  "/srv/www/htdocs/repo"
Default vaule is set into /etc/smt.conf
  MirrorTo=/srv/www/htdocs

  smt-repos -m : repositories that are MIRRORABLE
  smt-repos -o : repositories that are enable 
  smt-repos -e SLES12-SP2-Installer-Updates sle-12-x86_64 : enable a repository for mirroring
  smt-repos -d REPOSITORY_NAME TARGET : disable from list
  smt-repos --delete REPOSITORY : delete from disk
  
For example, to enable all repositories belonging to SUSE Linux Enterprise Server 10 SP4 for PowerPC architecture, use the following command:
  smt-repos -p SUSE-Linux-Enterprise-Server-SP4,10,ppc

The list of known products can be obtained with the **smt-list-products**

Listing SMT-registered client machines, use the **smt-list-registrations**

=== How to solve SuSE SMT errors (Access to http URIs has been disabled) ===


Over the last few days, I suddenly started to receive SMT registration errors by e-mail. SMT is a SuSE/Novell service to register SuSE Linux clients and to create local patch mirrors. 

After some investigation, the following logfile showed the exact same errors as sent by e-mail:
<cli prompt='#'>
# tailf /var/log/smt/smt-register.log
2012-03-06 07:35:48 SMT::NCCRegTools - [info]  Register 1 new clients.
2012-03-06 07:35:49 SMT::NCCRegTools - [error]  Invalid response:500 Access to 'http' URIs has been disabled
2012-03-06 07:50:47 SMT::NCCRegTools - [info]  Register 1 new clients.
2012-03-06 07:50:48 SMT::NCCRegTools - [error]  Invalid response:500 Access to 'http' URIs has been disabled
</cli>

As one can see, the errors repeat every 15min. So there must be a cronjob launching this thing.
The cronjob was found within the /etc/cron.d folder:
<cli prompt='#'>
# cat /etc/cron.d/novell.com-smt
*/15 * * * * root /usr/lib/SMT/bin/smt-repeated-register
0 1 * * * root /usr/lib/SMT/bin/smt-daily
0 2 * * * root /usr/lib/SMT/bin/smt-run-jobqueue-cleanup
0 5 * * 1 root /usr/lib/SMT/bin/smt-gen-report
</cli>

So it is the script /usr/lib/SMT/bin/smt-repeated-register which causes troubles... This script basically checks if a proxy connection should be used and then launches the following command:
<cli prompt='#'>
/usr/sbin/smt-register -r -L /var/log/smt/smt-register.log --mail
</cli>

Once executed manually, nothing happened, it seemed to be blocked somewhere. Fortunately there is a debug mode to see what's going on:
<cli prompt='#'>
# smt-register --debug
</cli>
<code>
Register 1 new clients.
Register 'xxx'
SEND TO: https://secure-www.novell.com/center/regsvc?command=bulkop&lang=en-US&version=1.0
XML:
<?xml version="1.0" encoding="UTF-8"?>
<bulkop xmlns="http://www.novell.com/xml/center/regsvc-1_0" lang="en" client_version="1.2.3"><register force="batch"><guid>xxx</guid><host /><authuser>xxx</authuser><authpass>xxx</authpass><smtguid>xxx</smtguid><product version="11.1" release="DVD" arch="x86_64">SUSE_SLES</product><param id="ostarget">sle-11-x86_64</param><param id="ostarget-bak"><![CDATA["SUSE Linux Enterprise Server 11 (x86_64)"]]></param><param id="platform">x86_64</param><param id="processor">x86_64</param><param id="secret">xxx</param><param id="timezone">Europe/Zurich</param><param id="email">xxx@example.com</param></register></bulkop>
Result: 302 Moved Temporarily
Redirected to http://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
SEND TO: http://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
XML:
<?xml version="1.0" encoding="UTF-8"?>
<bulkop xmlns="http://www.novell.com/xml/center/regsvc-1_0" lang="en" client_version="1.2.3"><register force="batch"><guid>xxx</guid><host /><authuser>xxx</authuser><authpass>xxx</authpass><smtguid>xxx</smtguid><product version="11.1" release="DVD" arch="x86_64">SUSE_SLES</product><param id="ostarget">sle-11-x86_64</param><param id="ostarget-bak"><![CDATA["SUSE Linux Enterprise Server 11 (x86_64)"]]></param><param id="platform">x86_64</param><param id="processor">x86_64</param><param id="secret">xxx</param><param id="timezone">Europe/Zurich</param><param id="email">xxx@example.com</param></register></bulkop>
Result: 500 Access to 'http' URIs has been disabled
Invalid response:500 Access to 'http' URIs has been disabled
</code>

So the problem is that the accessed URL (https://secure-www.novell.com/center/regsvc) is forwarding the request to a non-https URL (http://www.novell.com/xml/center/regsvc-1_0). This causes a problem because the smt-register (perl-)script requires the https protocol (take a look at line 82):
<code>
81: my $useragent = SMT::Utils::createUserAgent(keep_alive => 1);
82: $useragent->protocols_allowed( [ 'https' ] );
83: $useragent->default_headers->push_header('Content-Type' => 'text/xml');
</code>

I experimented by adding the protocol http into the protocols_allowed array but this only caused another error:
<code>
2012-03-06 09:05:47 SMT::NCCRegTools - [info]  Register 1 new clients.
2012-03-06 09:05:49 SMT::NCCRegTools - [error]  Invalid response:409 Conflict
</code>

So this isn't the solution.

Then I wondered how the smt-register script knew that it should send the requests to https://secure-www.novell.com - this was nowhere marked in /etc/smt.conf. A short grep later I found this satisfying information:
<cli prompt='#'>
# grep "secure-www.novell.com" /etc/*
/etc/smt.conf.rpmnew:NURegUrl=https://secure-www.novell.com/center/regsvc/
/etc/suseRegister.conf:url = https://secure-www.novell.com/center/regsvc
/etc/suseRegister.conf-2009-11-11:url = https://secure-www.novell.com/center/regsvc/
</cli>

So in the file /etc/smt.conf.rpmnew there was a variable NURegUrl, but in the main config file /etc/smt.conf there was none. Strange... There may be several reasons for that. Maybe only since a couple of days this parameter-URL is required, or some other admin accidently removed the line from the config file... who knows.

Anyway, by adding the line into the [NU] section of /etc/smt.conf everything worked fine again:
<cli prompt='#'>
# cat /etc/smt.conf
[NU]
NUUrl = https://nu.novell.com/
NUUser = xxx
NUPass = xxx
NURegUrl=https://secure-www.novell.com/center/regsvc/
<cli prompt='#'>
# smt-register --debug
Register 1 new clients.
Register 'xxx'
SEND TO: https://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
...
Result: 200 OK
Registration success: 'xxx'.
</cli>