How to update Red Hat Enterprise Linux 7 and older with SMT 12

This document (000019620) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12
Red Hat Enterprise Linux 7.x
Red Hat Enterprise Linux 6.x

Situation

SUSE Subscription Management Tool (SMT) enables customers that possess the required entitlements to mirror updates for Red Hat Enterprise Linux.
 
Refer to https://www.suse.com/products/expandedsupport/ for details on SUSE Linux Enterprise Server Subscription with Expanded Support.

This document discusses the actions required to configure the SMT server and clients (RHEL servers) for this solution.

This document is for informational purposes only. You are fully responsible for compliance with the terms of your agreements with your suppliers.
 
NOTE : 
Configuring this with Subscription Management Tool 11 running SUSE Linux Enterprise Server 11 is described in :
7004324 - How to update Red Hat Enterprise Linux with SMT 11
 
NOTE :
Configuring this with Repository Mirroring Tool (RMT) running SUSE Linux Enterprise Server 15 is described in : 
000019542 - How to update Red Hat Enterprise Linux 8 with RMT  or
000019533 - How to update Red Hat Enterprise Linux 8 with SMT 12

Resolution

On the SMT server perform the following steps to prepare it for mirroring and publishing updates for RHEL.
 
  • Install SUSE Linux Enterprise Server (SLES) 12 Service Pack 1 or higher with the Subscription management tool pattern. (or install smt on existing SLES12 system using YaST> Software > Software Management, select View > Patterns and select the SMT pattern there.)
  • It is recommended to check for update immediately after installing SLES using “zypper patch” command.
  • Set up SMT using YaST> Network Services > SMT Configuration Wizard.Check “Open port in firewall” checklist if you have firewall enabled.
    • Fill in Organization mirroring credentials that have access to SUSE-provided Red Hat Enterprise Linux update catalog (Login to https://scc.suse.com => Organization => Organization Credentials)
    • Fill in your SCC email.
    • For security reasons, SMT requires a separate user to connect to the database. In the Database Password for "SMT User" screen, set the database password for this user
    • Enter all e-mail addresses for receiving SMT reports using the Add button. Use the Edit and Delete buttons to modify and delete the existing addresses. When you have done that, click Next.
    • If the current database root password is empty, you will be prompted to specify it.
    • By default, SMT is set to communicate with the client hosts via a secure protocol. For this, the server needs to have a server SSL certificate. The wizard displays a warning if the certificate does not exist. You can create a certificate using the Run CA Management button. Refer to Section 17.2, YaST Modules for CA Management, (↑Security Guide) for detailed information on managing certificates with YaST. 
  • Set up SMT mirroring :
    • either via Yast => Network Services => SMT Server Management 
    1. Select Services (e.g. RES7, target x86_64) and toggle mirroring
    2. When finished, run 'Mirror now'
    • or if you do not want to use yast2, run on command line as root:
      1. Verify that the mirror credentials have access to download updates for the RedHat products with : # smt-repos -m | grep RES
      2. Enable mirroring of the RHEL update catalog(s) for the desired architecture(s)   # smt-repos -e <repo-name> <architecture>
      3. Mirror the updates and log verbose output : # smt-mirror -d -L /var/log/smt/smt-mirror.log
    • The updates for RHEL will also be mirrored automatically as part of the default nightly SMT mirroring cron job.
    • When the mirror process of the catalogs for your RHEL products has completed, the updates are available via  http://<smt-server.your-domain.top/repo/$RCE/<catalog-name>/<architecture>/.
    • To enable gpg checking of the repositories, the key used to sign the repositories needs to be made available to the RHEL clients. This key is now available in the res-signingkeys package, which is included in the SMT installation source.
      1. Install the res-signingkeys package with the command  # zypper in -y res-signingkeys
      2. The installation of the package stores the key file as  /srv/www/htdocs/repo/keys/res-signingkeys.key.
      3. Now the key is available to the clients and can be imported into their RPM database as described later.
 

Configuring the YUM client on RHEL 6.x and RHEL 7.x to consume updates from SMT :
 

  • Import the repository signing key downloaded above into the local RPM database with a command like : # rpm --import http://<smt-server.domain.top>/repo/keys/res-signingkeys.key
  • Create a file in /etc/yum.repos.d/ and name it RES6.repo or RES7.repo respectively
  • Edit the file and enter the repository data and point to the catalog on the SMT server as follows :
[smt]
name=SMT repository
baseurl=http://<smt-server.domain.top>/repo/$RCE/<catalog-name>/<architecture>/
enabled=1
gpgcheck=1
 
Examples of baseurl : http://smt.mycompany.com/repo/$RCE/RES6/i386/

                  http://smt.mycompany.com/repo/$RCE/RES7/x86_64/

  • Save the file
  • Disable the stadard RedHat repositories by setting "enabled=0in the repository entries in other files in /etc/yum.repos.d/ (if any are enabled).
Both yum and the update notification applet should work correctly now and notify of available updates when applicable. It might be needed to restart the applet.
 

Registering RHEL 6.x and RHEL 7.x against SMT
 

  • Install the suseRegisterRES  package :  
    # yum install suseRegisterRES

    Note: you might need to install perl-Crypt-SSLeay and perl-XML-Parser packages from the original RHEL media.

  • Copy the SMT certificate to the system :
# wget http://<smt-server.domain.top>/smt.crt
# cat smt.crt >> /etc/pki/tls/cert.pem
  • Edit /etc/suseRegister.conf  to point to SMT by changing the url value to :
url = https://<smt-server.domain.top>/center/regsvc/
 
  • Register the system :
# suse_register
 

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000019620
  • Creation Date: 19-May-2020
  • Modified Date:19-May-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center