SuSE Manager: Difference between revisions
Line 128: | Line 128: | ||
Done. | Done. | ||
Note: After some further debugging we found that the system path forces a wrong openssl library to come in place. | |||
<source lang=bash> | |||
# curl --version ; zypper --version | |||
curl 7.37.0 (x86_64-suse-linux-gnu) libcurl/7.37.0 OpenSSL/1.0.2h zlib/1.2.8 libidn/1.28 libssh2/1.4.3 | |||
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp | |||
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP | |||
zypper 1.13.40 | |||
</source> | |||
In our version of curl it should be OpenSSL/1.0.2j. | |||
<source lang=bash> | |||
# rpm -qv openssl | |||
openssl-1.0.2j-60.24.1.x86_64 | |||
# openssl version | |||
WARNING: can't open config file: /usr/local/ssl/openssl.cnf | |||
OpenSSL 1.0.2j-fips 26 Sep 2016 (Library: OpenSSL 1.0.2h-fips 3 May 2016) | |||
</source> | |||
Ha! | |||
Ok... then after lookin at the system library path, we got a clue ;-): | |||
<source lang=bash> | |||
# ldconfig -p | grep ssl | |||
libssl.so.1.0.0 (libc6,x86-64) => /usr/lib/nsr/lib64/libssl.so.1.0.0 | |||
libssl.so.1.0.0 (libc6,x86-64) => /lib64/libssl.so.1.0.0 | |||
libssl.so.1.0.0 (libc6) => /usr/lib/nsr/libssl.so.1.0.0 | |||
libgnutls-xssl.so.0 (libc6,x86-64) => /usr/lib64/libgnutls-xssl.so.0 | |||
libevent_openssl-2.0.so.5 (libc6,x86-64) => /usr/lib64/libevent_openssl-2.0.so.5 | |||
libcommonssl.so (libc6,x86-64) => /usr/lib/nsr/lib64/libcommonssl.so | |||
libcommonssl.so (libc6) => /usr/lib/nsr/libcommonssl.so | |||
libcommonssl-9.2.1.so (libc6,x86-64) => /usr/lib/nsr/lib64/libcommonssl-9.2.1.so | |||
</source> | |||
The problem was a file in /etc/ld.so.conf.d/ which brought /usr/lib/nsr/lib64 in the system library path. There was another libssl.so.1.0.0 which was version 1.0.2h. OK. What to do? | |||
<source lang=bash> | |||
# rm /etc/ld.so.conf.d/problematic.conf | |||
# rm /etc/ld.so.cache | |||
# ldconfig | |||
</source> | |||
Check the success: | |||
<source lang=bash> | |||
# ldconfig -p | grep ssl | |||
libssl.so.1.0.0 (libc6,x86-64) => /lib64/libssl.so.1.0.0 | |||
libgnutls-xssl.so.0 (libc6,x86-64) => /usr/lib64/libgnutls-xssl.so.0 | |||
libevent_openssl-2.0.so.5 (libc6,x86-64) => /usr/lib64/libevent_openssl-2.0.so.5 | |||
</source> | |||
Now you just have to find a way to get your other stuff running without the manipulation at the system library path. | |||
== Remove spacewalk from client == | == Remove spacewalk from client == |
Revision as of 10:02, 17 July 2018
Kategorie:Linux Kategorie:SuSE
SuSE Manager
Channels
Refresh channle list
# mgr-sync refresh
List available channels
# mgr-sync list channels
Add Channel
# mgr-sync add channel <channel>
Delete Channel
# spacewalk-remove-channel -c <channel>
Create a frozen channel
Clone a channel (which is like a snapshot) and add a timestamp at the end of the name:
# spacecmd softwarechannel_clonetree -s '<source channel or pool>' -x "s/\$/-$(date '+%Y-%m-%d_%H:%M:%S')/"
e.g.:
# spacecmd softwarechannel_clonetree -s 'sles12-sp3-pool-x86_64' -x "s/\$/-$(date '+%Y-%m-%d_%H:%M:%S')/"
will result in a new channel pool named e.g. sles12-sp3-pool-x86_64-2017-11-22_14:26:42
Compose your own channel
# spacecmd
spacecmd {SSM:0}> softwarechannel_create -n OpenSuSE -l opensuse -a x86_64 -c sha256
spacecmd {SSM:0}> repo_create -n opensuse-database-sles12-sp2-x86_64 -u https://download.opensuse.org/repositories/server:/database/SLE_12_SP2/
spacecmd {SSM:0}> repo_create -n opensuse-database-sles12-sp3-x86_64 -u https://download.opensuse.org/repositories/server:/database/SLE_12_SP3/
spacecmd {SSM:0}> repo_list
opensuse-database-sles12-sp2-x86_64
opensuse-database-sles12-sp3-x86_64
spacecmd {SSM:0}> softwarechannel_addrepo opensuse opensuse-database-sles12-sp2-x86_64
spacecmd {SSM:0}> softwarechannel_addrepo opensuse opensuse-database-sles12-sp3-x86_64
spacecmd {SSM:0}> quit
# spacewalk-repo-sync -c opensuse
Bootstrap
Create bootstrap repo
Do it for each channel!
# mgr-create-bootstrap-repo
Create bootstrap shell scripts in /srv/www/htdocs/pub/bootstrap
Do not forget to lookup the available activation keys
# mgr-bootstrap --traditional --script=My-New-SLES11-SP4.sh --activation-keys=6-sles11-sp4-x86_64
Activation keys
List available activation keys
web: Systems -> Activation Keys
# spacecmd -q activationkey_list
6-sles11-sp3-x86_64
6-sles11-sp4-x86_64
6-sles12-sp0-x86_64
6-sles12-sp1-x86_64
6-sles12-sp2-x86_64
6-sles12-sp3-x86_64
spacecmd
Just some useful space commands
# spacecmd system_list
rhn-search
Cleanup the search index
# rhn-search cleanindex
Troubleshooting
Clients
Error code: Curl error 59 / Error message: failed setting cipher list: DEFAULT_SUSE
# zypper refresh
...
Error code: Curl error 59
Error message: failed setting cipher list: DEFAULT_SUSE
...
The reason is that zypper in newer versions calls curl with a specific cipher list named "DEFAULT_SUSE" which is not defined in curl version 7.37.0-37.17.1 (version 7.37.0-28.1 is OK).
Now get any kind of repository bound to your SuSE like the ISO this version was installed with:
# zypper addrepo --check --type yast2 'iso:///?iso=/install/OS/suse/iso/SLE-12-SP2-Server-DVD-x86_64-GM-DVD1.iso' 'SLES12-SP2-12.2-0'
Adding repository 'SLES12-SP2-12.2-0' ...........................................................................................................[done]
Repository 'SLES12-SP2-12.2-0' successfully added
Enabled : Yes
Autorefresh : No
GPG Check : Yes
Priority : 99
URI : iso:///?iso=/install/OS/suse/iso/SLE-12-SP2-Server-DVD-x86_64-GM-DVD1.iso
or enable it:
# zypper modifyrepo --enable SLES12-SP2-12.2-0
Reinstall zypper in the old version that does not call curl with the cipher list SUSE_DEFAULT:
# zypper install --force --repo SLES12-SP2-12.2-0 $(rpm --query --all *curl* --queryformat '%{NAME} ')
And disable the ISO repository:
# zypper modifyrepo --disable SLES12-SP2-12.2-0
Done.
Note: After some further debugging we found that the system path forces a wrong openssl library to come in place.
# curl --version ; zypper --version
curl 7.37.0 (x86_64-suse-linux-gnu) libcurl/7.37.0 OpenSSL/1.0.2h zlib/1.2.8 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP
zypper 1.13.40
In our version of curl it should be OpenSSL/1.0.2j.
# rpm -qv openssl
openssl-1.0.2j-60.24.1.x86_64
# openssl version
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
OpenSSL 1.0.2j-fips 26 Sep 2016 (Library: OpenSSL 1.0.2h-fips 3 May 2016)
Ha! Ok... then after lookin at the system library path, we got a clue ;-):
# ldconfig -p | grep ssl
libssl.so.1.0.0 (libc6,x86-64) => /usr/lib/nsr/lib64/libssl.so.1.0.0
libssl.so.1.0.0 (libc6,x86-64) => /lib64/libssl.so.1.0.0
libssl.so.1.0.0 (libc6) => /usr/lib/nsr/libssl.so.1.0.0
libgnutls-xssl.so.0 (libc6,x86-64) => /usr/lib64/libgnutls-xssl.so.0
libevent_openssl-2.0.so.5 (libc6,x86-64) => /usr/lib64/libevent_openssl-2.0.so.5
libcommonssl.so (libc6,x86-64) => /usr/lib/nsr/lib64/libcommonssl.so
libcommonssl.so (libc6) => /usr/lib/nsr/libcommonssl.so
libcommonssl-9.2.1.so (libc6,x86-64) => /usr/lib/nsr/lib64/libcommonssl-9.2.1.so
The problem was a file in /etc/ld.so.conf.d/ which brought /usr/lib/nsr/lib64 in the system library path. There was another libssl.so.1.0.0 which was version 1.0.2h. OK. What to do?
# rm /etc/ld.so.conf.d/problematic.conf
# rm /etc/ld.so.cache
# ldconfig
Check the success:
# ldconfig -p | grep ssl
libssl.so.1.0.0 (libc6,x86-64) => /lib64/libssl.so.1.0.0
libgnutls-xssl.so.0 (libc6,x86-64) => /usr/lib64/libgnutls-xssl.so.0
libevent_openssl-2.0.so.5 (libc6,x86-64) => /usr/lib64/libevent_openssl-2.0.so.5
Now you just have to find a way to get your other stuff running without the manipulation at the system library path.
Remove spacewalk from client
So the way to get rid spacewalk is:
# zypper remove --clean-deps spacewalksd spacewalk-check zypp-plugin-spacewalk spacewalk-client-tools
Register at SuSE Manager
After that reregister your server with the SuSE Manager like this:
# /usr/bin/wget --no-check-certificate -O - https://susemgr.server.tld/pub/bootstrap/yourbootstrap.sh | bash