Registering and updating a SLES server through an authenticated proxy
In most corporate environments web proxies are implemented as part of an overall security requirement. When implementing a SLES server it is just as important, from a security standpoint, to keep the server patched up to date. Being able to set the server to register and update from the command line did not seem possible until I discovered the following method.
- The suse_register script, which is used to perform the server registration, uses curl in order to interact with the Novell website. The first step is therefore to tell curl to use the proxy, which is done by creating the file
/root/.curlrcand adding the following content. Obviously the settings in the file must correspond to the settings required in your environment.
proxy = "https://10.10.2.10:8080" proxy-user = "username:password"
suse_registeras normal. The registration will appear to fail. What’s happening in the background is that the server is being registered, but is not able to subscribe to the software update channels.
- RCD (Red Carpet Daemon) is the background process which keeps track of available updates and listens for update commands from
rug. Use the following commands after registering the server in order to set RCD to go through the proxy:
rug set proxy-url https://10.10.2.10:8080 rug set proxy-username username rug set proxy-password password
- Initiate a rug refresh so that the available channels can be picked up:
- Check which channels are available.
- Subscribe to the appropriate channels, for example:
rug sub SLES10-SP2-Updates
- Retrieve the available updates.
One could suggest that step 3 gets done before step 2 in order to make the process more efficient. Unfortunately this doesn’t work – suse_register appears to overwrite whatever settings are already in place for RCD. It’d be great if suse_register could take options which allow this all to be done in one shot. At the time of writing this, suse_register does allow a full registration process to be completed through an unauthanticated proxy (if you configure a proxy through YaST before doing the registration), but not an authenticated proxy.