How to update Red Hat Enterprise Linux 8 with SMT 12

This document (7024143) is provided subject to the disclaimer at the end of this document.

Environment

Subscription Management Tool (SMT) for SUSE Linux Enterprise 12
Red Hat Enterprise Linux 8.0 
SUSE Linux Enterprise Server 12

Situation

SUSE Subscription Management Tool (SMT) enables customers that possess the required entitlements to mirror updates for Red Hat Enterprise Linux.
 
Refer to https://www.suse.com/products/expandedsupport/ for details on SUSE Linux Enterprise Server Subscription with Expanded Support.

This document discusses the actions required to configure the SMT server and clients (RHEL servers) for this solution.

This document is for informational purposes only. You are fully responsible for compliance with the terms of your agreements with your suppliers.

NOTE :
Configuring this with Subscription Management Tool 11 running SUSE Linux Enterprise Server 11 is described in 7004324 - How to update Red Hat Enterprise Linux with SMT 11
 

NOTE :Configuring this with Repository Mirroring Tool (RMT) running SUSE Linux Enterprise Server 15 is described in 000019542 - How to update Red Hat Enterprise Linux 8 with RMT
 

Resolution

 
On the SMT server perform the following steps to prepare it for mirroring and publishing updates for RHEL.
 
  • Install SUSE Linux Enterprise Server (SLES) 12 Service Pack 1 or higher with the Subscription management tool pattern. (or install smt on existing SLES12 system using YaST> Software > Software Management, select View > Patterns and select the SMT pattern there.)
  • It is recommended to check for update immediately after installing SLES using “zypper patch” command.
  • Set up SMT using YaST> Network Services > SMT Configuration Wizard.Check “Open port in firewall” checklist if you have firewall enabled.
    • Fill in Organization mirroring credentials that have access to SUSE-provided Red Hat Enterpise Linux update catalog (Login to https://scc.suse.com => Organization => Organization Credentials)
    • Fill in your SCC email.
    • For security reasons, SMT requires a separate user to connect to the database. In the Database Password for smt User screen, set the database password for this user
    • Enter all e-mail addresses for receiving SMT reports using the Add button. Use the Edit and Delete buttons to modify and delete the existing addresses. When you have done that, click Next.
    • If the current database root password is empty, you will be prompted to specify it.
    • By default, SMT is set to communicate with the client hosts via a secure protocol. For this, the server needs to have a server SSL certificate. The wizard displays a warning if the certificate does not exist. You can create a certificate using the Run CA Management button. Refer to Section 17.2, YaST Modules for CA Management, (↑Security Guide) for detailed information on managing certificates with YaST. 
  • Verify that the mirror credentials have access to download updates for the RedHat products with
    • # smt-repos -m | grep RES
  • Enable mirroring of the Red Hat Enterpise Linux update catalog(s) for the desired architecture(s)
    • # smt-repos -e <repo-name><architecture>
  • Mirror the updates and log verbose output:
    • # smt-mirror -d -L /var/log/smt/smt-mirror.log
  • 4.-6. can be also set via yast2 => SMT Management.
  • The updates for Red Hat Enterprise Linux will also be mirrored automatically as part of the default nightly SMT mirroring cron job.When the mirror process of the catalogs for your Red Hat Enterprise Linux products has completed, the updates are available via http://<smt-server.your-domain.top/repo/SUSE/Updates/RES/8/{debug,src,x86_64}/update/RPMS.
  • To enable gpg checking of the repositories, the key used to sign the repositories needs to be made available to the Red Hat Enterprise Liux clients. This key is now available in the res-signingkeys package, which is included in the SLES12 installation source.
  • Install the res-signingkeys package with the command
    • # zypper in -y res-signingkeys
  • The installation of the package stores the key file as /srv/www/htdocs/repo/keys/res-signingkeys.key.
  • Now the key is available to the clients and can be imported into their RPM database as described later.
 
Configuring the dnf client on Red Hat Enterprise Linux 8 to consume updates from SMT:
Import the repository signing key downloaded above into the local RPM database:
# rpm --import http://<smt-server.domain.top>/repo/keys/res-signingkeys.key
Either use dnf config-manager plugin to create RES8.repo file or create it manually:
 
# dnf config-manager --add-repo http://<smt-server.domain.top>/repo/SUSE/Updates/RES/8/x86_64/update
# dnf config-manager --add-repo http://<smt-server.domain.top>/repo/SUSE/Updates/RES-AS/8/x86_64/update
First command creates file /etc/yum.repos.d/<smt-server.domain.top>_SUSE_Updates_RES_8_x86_64.repo and fills it with following information:
[smt]
name=SMT repository
baseurl=http://<smt-server.domain.top>/repo/SUSE/Updates/RES-8/x86_64/
enabled=1
 
Second command adds the AppStream repository, that includes ruby, requires by SUSEConnect.
 
Check repositories in /etc/yum.repos.d/
If there is any RedHat repository with “enabled=1”, disable it with setting “enabled=0”, so it will not conflict with our repositories.
Both yum and the update notification applet should work correctly now and notify of available updates when applicable.
 
 
Registering Red Hat Enterprise Linux 8 against SMT:
  • Install the SUSEConnect package and its dependencies (you can install SUSEConnect from RES media or configure update directory according to previous section, RES repository contains SUSEConnect and zypper and libzypp, RES-AS repository contains ruby, so make sure both repositories are added):
# dnf install SUSEConnect sles_es-release librepo-1.9.2
  • Disable all repositories (either with dnf config-manager --set-disabled <repo_name> , where repo_name is first column in dnf repolist output.)
  • Copy the SMT certificate to the system
# wget http://<smt-server.domain.top>/smt.crt
# cat smt.crt >> /etc/pki/tls/cert.pem
  • Invoke SUSEConnect
# SUSEConnect –write-config –url http://<smt-server.domain.top> 
 

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7024143
  • Creation Date: 26-Sep-2019
  • Modified Date:14-May-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center