SUSE Manager 2.1 and 3

How to Directly Connect SUSE Manager to Red Hat Content Delivery Network

Methods to Receive Your Red Hat Updates and Patches

The described solution allows you to directly connect SUSE Manager to the Red Hat Content Delivery Network (CDN) to retrieve your software updates and patches.

This is useful if you plan on continuing your agreement with Red Hat, and/or you do not want to use Expanded Support from SUSE. It is also useful when you have multiple distributions that you want to update and patch from SUSE Manager. Finally, it is helpful if you use an updated code stream of the Satellite 5 series, and continue your use of an enhanced road map to the Spacewalk project.

You must have a current subscription with Red Hat. This in no way requires that you have a subscription to Satellite Server from Red Hat.

Author: Cameron Seader, Sales Engineer, SUSE
Author: Donald Vosburg, Sales Engineer, SUSE
Publication Date: June 13, 2018

1 Import Red Hat Entitlement and CA Certificate

During the next few paragraphs, you will learn how to import the Red Hat CA and entitlement certificate.

Note
Note: Expiration Dates for Entitlement Certificates

Entitlement certificates have embedded expiration dates tied to the length of the support subscription. You must repeat this process with updated entitlement certificates as needed to avoid disruption in channel mirroring.

1.1 Entitlement Certificate

Red Hat Subscription Manager is a local service which tracks installed products and subscriptions on a local system to help manage subscription assignments. To obtain your certificates, you must register your system using this subscription manager tool supplied by Red Hat.

  1. Register with the subscription manager tool from your Red Hat client. It will prompt you for your user name and password for authentication on the Red Hat Portal:

    subscription-manager register

  2. Navigate to the location of your entitlement certificate and key, and copy these files to where your Web browser connected to SUSE Manager can open them:

    cd /etc/pki/entitlement/

You will see two files with the data file format extension .pem (Program Editor macro). One is the certificate, and the other is the key and it has the word key in the file name.

1.2 Red Hat CA Certificate

The next step is to get the Red Hat CA Certificate file. It is located on this same Red Hat system in the file /etc/rhsm/ca/redhat-uep.pem. Place this file in the same location where, in the previous section, you put the entitlement certificate.

1.3 Obtain Repository URL list

Use the subscription manager tool to obtain the URL’s of the repositories you want to mirror:

subscription-manager repos

1.4 Import

Now you are ready to import the Red Hat CA Certificate and Entitlement Certificate into SUSE Manager for software repository mirroring. You must create three entries here: one each for the entitlement certificate, the entitlement key, and the Red Hat CA certificate.

Start your SUSE Manager. Go to the Systems tab at the top. Click Autoinstallation on the left pane. Then click GPG and SSL Keys also on the left pane, as you can see it from the screenshot below.

SUSE Manager GPG Public Keys and SSL Certificates
Figure 1: SUSE Manager GPG Public Keys and SSL Certificates

Click Create Stored Key/Cert on the right. Another screen opens where you can fill in the required information.

SUSE Manager Create GPG/SSL Keys
Figure 2: SUSE Manager Create GPG/SSL Keys

Enter the following values, and ensure you enter the date:

Description: Entitlement-Cert-date
Type: Ensure you select SSL
Select file to upload: Browse to where you saved the Entitlement Certificate .pem file and select it.

Click the Create Key button at the bottom.

SUSE Manager Create Key Button
Figure 3: SUSE Manager Create Key Button

Repeat the above steps for the Entitlement Key and change the values to match the following:

Description: Entitlement-key-date
Type: SSL
Select file to upload: Browse to the location where you saved the Entitlement key .pem file and select it.

Repeat the above steps for the Red Hat CA Certificate (redhat-uep) and change the values to match the following:

Description: redhat-uep
Type: SSL
Select file to upload: Browse to the location where you saved the Red Hat CA Certificate and select it.

You now have imported the Entitlement certificate, the Entitlement key and the Red Hat CA into SUSE Manager for use. Your outcome should look like the screen below:

SUSE Manager Imported Red Hat Certificates
Figure 4: SUSE Manager Imported Red Hat Certificates

2 Create Software Repositories

To mirror the software from the Red Hat CDN, you need to create custom channels and repositories in SUSE Manager that are linked to the CDN with their respective URL. This will only work if you have entitlements to these products in your Red Hat Portal. To create these software repositories you need to perform the following actions.

On your SUSE Manager screen, go to the Software(or in older SUSE Manager versions, to the Channels) tab at top. Click Manage Software Channels on the left pane. Then click Manage Repositories also on the left pane.

SUSE Manager Repositories
Figure 5: SUSE Manager Repositories

Click Create Repository. The following screen opens, where you can enter the required information to create the repository.

SUSE Manager Create Repository
Figure 6: SUSE Manager Create Repository

Fill in the fields with values, follwing the example below:

Repository Label: rhel-7-server-rpms
Repository URL: https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os/
Has Signed Metadata?: Uncheck (Uncheck for all Red Hat Enterprise Repositories)
SSL CA Certificate: redhat-uep
SSL Client Certificate: Entitlement-Cert-date
SSL Client Key: Entitlement-Key-date

These steps need to be repeated for the Products / Repository URLs you define for your environment.

Repository Values

Use the output of repository URL’s obtained earlier from the subscription manager tool to create other repositories to which you are entitled. Mirror only the content which you need to manage your systems.

3 Create Software Channel Delivery

Next step is to create corresponding channels to which you assign these repositories.

Click Channels, after that click Manage Software Channels .

3.1 Parent Channels Example

Click Create Channel and fill in the fields with at least the following values:

Channel Name: RHEL 7 x86_64
Channel Label: rhel7-x86_64-server
Parent Channel: None
Architecture: x86_64
Repository Checksum Type: sha1
Channel Summary: RHEL 7 x86_64
Organization Sharing: Public

After you have filled in the values, click again Create Channel.

On the screen below, click the tab Repositories, and mark the check box next to the appropriate repository.

Create Parent Channels
Figure 7: Create Parent Channels

On the next screen, click the tab Sync and set your preferred recurring schedule for synchronization for this repository. You can also select Sync Now to launch the synchronization immediately.

Synchronize Parent Channels
Figure 8: Synchronize Parent Channels
Note
Note: Mirroring Duration

Red Hat Server OS channels can grow to be very large. Thus it can take several hours to complete mirroring.

3.2 Child Channels example

Click Create Channel and fill in the fields with at least the following values:

Channel Name: RHEL 7 x86_64
Channel Label: rhel7-x86_64-extras
Parent Channel: rhel7-x86_64-server (from drop-down box)
Architecture: x86_64
Repository Checksum Type: sha1
Channel Summary: RHEL 7 x86_64 Extras
Organization Sharing: Public

After you have filled in the values, click again Create Channel.

On the screen below, click the tab Repositories, and mark the check box next to the appropriate repository.

Create Parent Channels
Figure 9: Create Parent Channels

On the next screen, click the tab Sync and set your preferred recurring schedule for the synchronization of this repository. Ensure you scroll down and click Schedule. You can also select Sync Now to launch the synchronization immediately.

Create Parent Channels
Figure 10: Create Parent Channels

Now you can proceed to create the activation key in the SUSE Manager Web UI, and assign appropriate channels to it.

4 Registration

To register your systems, follow the steps described in the sections below.

4.1 Bootstrap Repository Creation

SUSE Manager subscriptions entitle everyone to the tools channels for Red Hat Expanded Support (RES) distributions. Any Red Hat Enterprise Linux or CentOS 6 or 7 system should use these to create the proper bootstrap repository for either traditional or salt-minion connectivity.

  1. Add the corresponding SUSE Manager RES tools channel and allow it to synchronize from SUSE Customer Center. You will need the 0-package parent channel and the tools. Here is an example command to add it for RES6 on AMD64/Intel 64:

    mgr-sync add channels rhel-x86_64-server-6 res6-suse-manager-tools-x86_64
  2. Follow the instructions to synchronize your base media as a child repository for your distribution based on Red Hat Enterprise Linux, as explained in the SUSE Manager Wiki:

    https://wiki.microfocus.com/index.php/SUSE_Manager/Sync_RHEL_media

  3. Create a bootstrap repository for your Red Hat Enterprise Linux clients with

    mgr-create-bootstrap-repo --with-custom-channels

This will use the base media channel to capture needed dependencies. Ensure that it completes without error.

4.2 Minion Registration

On the client machine(s), perform the following steps to register the minion using a bootstrap script (recommended):

  1. If needed, regenerate the bootstrap script with the Salt option enabled:

    mgr-bootstrap --salt --script=bootstrap-salt.sh
  2. Download and run the appropriately edited bootstrap script after adding the correct activation key and other parameters. This will install the necessary Salt packages, set the proper activation key, and start the salt-minion service:

    curl -Sks http://<server>/pub/bootstrap/bootstrap-salt.sh | /bin/bash
  3. In the SUSE Manager Web UI, go to Salt, click Onboarding and accept the minion's key.

After a few minutes, the new minion will appear in your list of systems with the channels assigned in the activation key you specified in the bootstrap process.

5 References

For more information, see:

6 Legal Notice

Copyright ©2006– 2018 SUSE LLC and contributors. All rights reserved.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled GNU Free Documentation License.

SUSE, the SUSE logo and YaST are registered trademarks of SUSE LLC in the United States and other countries. For SUSE trademarks, see http://www.suse.com/company/legal/. Linux is a registered trademark of Linus Torvalds. All other names or trademarks mentioned in this document may be trademarks or registered trademarks of their respective owners.

This article is part of a series of documents called "SUSE Best Practices". The individual documents in the series were contributed voluntarily by SUSE's employees and by third parties.

The articles are intended only to be one example of how a particular action could be taken. They should not be understood to be the only action and certainly not to be the action recommended by SUSE. Also, SUSE cannot verify either that the actions described in the articles do what they claim to do or that they do not have unintended consequences.

Therefore, we need to specifically state that neither SUSE LLC, its affiliates, the authors, nor the translators may be held liable for possible errors or the consequences thereof. Below we draw your attention to the license under which the articles are published.

Print this page