Public Cloud On-Demand Virtual Machines (VM’s) cannot receive updates
This document (7023919) is provided subject to the disclaimer at the end of this document.
Environment
Microsoft Azure and Google Compute Platform (GCP) on demand VM for
SUSE Linux Enterprise Server (SLES)
SUSE Linux Enterprise Server for SAP Applications (SLES for SAP)
****************************
This article does not apply to BYOS (Bring your own subscription) images for SUSE Linux Enterprise Server or SUSE Linux Enterprise Server for SAP Applications
*********************************
Situation
The SUSE Public Cloud engineering team builds SLES and SLES for SAP images for AWS, Azure and GCP. For each image published, there are two payment options for the image: BYOS and on-demand. The on-demand virtual machines are configured to connect to the SUSE Public Cloud Update Infrastructure which is maintained by the SUSE Public Cloud Engineering team.
There are three major components that enable on-demand virtual machines to receive updates from SUSE Public Cloud Update Infrastructure.
Registration Client: The registration client obtains public cloud specific update server information from the Region Servers and then uses this information to register the guest instance with the regional update server.
- “zypper se regionServiceClientConfig” will display the available package specific for the distribution and public cloud platform
-
Region Servers: The Region Server provides the on-demand virtual machine an update server available within its region. The goal of the overall architecture is to always deliver updates from a local region. By providing an on-demand virtual machine with access to an update server within region, high-latency connections from the on-demand instance to the update server should be avoided.
-
Update Servers: Each region contains at least two Update Servers available. Update Servers are a cache for the package repositories obtained from SCC (SUSE Customer Center).
The on-demand vm will not receive updates under the conditions below:
-
An on-demand vm is launched in a network that does not have Internet access.
-
An on-demand vm routes traffic through a network device or proxy server that is hosted on-premise or in a different datacenter
-
An on-demand vm routes traffic through a network device or proxy server that is on a different public cloud platform than itself. Example: A GCP on-demand vm routes traffic through a proxy server hosted on Azure.
In the above cases, “zypper” will generate errors similar to the messages below:The registration client will also generate log entries in /var/log/cloudregister similar to the entries below.
# zypper up Refreshing service 'SMT-http_smt-ec2_susecloud_net'. Problem retrieving the repository index file for service 'SMT-http_smt-ec2_susecloud_net': Timeout exceeded when accessing 'http://smt-ec2.susecloud.net/repo/repoindex.xml?cookies=0&credentials=SMT-http_smt-ec2_susecloud_net'. Check if the URI is valid and accessible. Refreshing service 'cloud_update'. Timeout exceeded when accessing 'http://smt-ec2.susecloud.net/repo/SUSE/Updates/SLE-Module-Basesystem/15/x86_64/update/repodata/repomd.xml?credentials=SMT-http_smt-ec2_susecloud_net'. # zypper up Refreshing service 'cloud_update'. Loading repository data... Reading installed packages... Nothing to do. # zypper refresh Refreshing service 'cloud_update'. Warning: There are no enabled repositories defined. Use 'zypper addrepo' or 'zypper modifyrepo' commands to add or enable repositories. 2019-05-20 18:24:30,404 ERROR:==================== 2019-05-20 18:24:30,404 ERROR:Attempt 3 of 3 2019-05-20 18:24:30,404 ERROR:Server 54.244.114.254 is unreachable 2019-05-20 18:24:30,404 ERROR:[Service] Could not find any available SMT server, repo refresh will fail 2019-05-20 18:28:12,873 INFO:Using API: regionInfo 2019-05-20 18:29:12,949 ERROR: Attempted: ['54.253.118.149', '50.17.208.31', '54.244.244.107', '54.223.148.145', '54.247.166.75'] 2019-05-20 18:29:12,949 ERROR:Exiting without registration
Or
2019-05-16 21:24:10,282 ERROR:No response from: 54.247.166.75 2019-05-16 21:24:10,282 ERROR:None of the servers responded 2019-05-16 21:24:10,282 ERROR: Attempted: ['54.244.244.107', '50.17.208.31', '54.223.148.145', '54.253.118.149', '54.247.166.75'] 2019-05-16 21:24:10,282 ERROR:Exiting without registration
Resolution
Enable Internet access from the virtual machines to the Public Cloud Update Infrastructure servers. Once the virtual machine has network connectivity to the Public Cloud Update Infrastructure, you can have the on-demand virtual machine register to the SUSE Public Cloud Update Infrastructure by executing the following command as root:
registercloudguest --force-new
Additional Information
The SUSE Public Cloud Engineering team publishes information about the SUSE Public Cloud Update Infrastructure to a REST API. The published information includes server static IP addresses. For customers that have a security policy that allows only external connections to known IP addresses, the published information can be used to create explicit rules for vms to enable SUSE Public Cloud Update Infrastructure communication.
The REST API can be accessed by installing the package python-susepubliccloudinfo (pint).
Below are the command options available for pint:
pint -h usage: pint -h | --help pint (amazon|google|microsoft) servers [ --filter=<filter> ] [ --json | --xml ] [ --region=<region> ] [ --smt | --regionserver ] pint (amazon|google|microsoft) images [ --active | --deleted | --deprecated ] [ --filter=<filter> ] [ --json | --xml ] [ --region=<region> ] pint -v | --version
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7023919
- Creation Date: 06-Jun-2019
- Modified Date:29-Jun-2020
-
- SUSE Cloud Application Platform
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com