SUSE Linux Enterprise Server 12
Red Hat Enterprise Linux 7.x
Red Hat Enterprise Linux 6.x
SUSE Subscription Management Tool (SMT) enables customers that possess the required entitlements to mirror updates for Red Hat Enterprise Linux.
This document discusses the actions required to configure the SMT server and clients (RHEL servers) for this solution.
This document is for informational purposes only. You are fully responsible for compliance with the terms of your agreements with your suppliers.
On the SMT server perform the following steps to prepare it for mirroring and publishing updates for RHEL.
- Install SUSE Linux Enterprise Server (SLES) 12 Service Pack 1 or higher with the Subscription management tool pattern. (or install smt on existing SLES12 system using YaST> Software > Software Management, select View > Patterns and select the SMT pattern there.)
- It is recommended to check for update immediately after installing SLES using “zypper patch” command.
- Set up SMT using YaST> Network Services > SMT Configuration Wizard.Check “Open port in firewall” checklist if you have firewall enabled.
- Fill in Organization mirroring credentials that have access to SUSE-provided Red Hat Enterprise Linux update catalog (Login to https://scc.suse.com => Organization => Organization Credentials)
- Fill in your SCC email.
- For security reasons, SMT requires a separate user to connect to the database. In the Database Password for "SMT User" screen, set the database password for this user
- Enter all e-mail addresses for receiving SMT reports using the Add button. Use the Edit and Delete buttons to modify and delete the existing addresses. When you have done that, click Next.
- If the current database root password is empty, you will be prompted to specify it.
- By default, SMT is set to communicate with the client hosts via a secure protocol. For this, the server needs to have a server SSL certificate. The wizard displays a warning if the certificate does not exist. You can create a certificate using the Run CA Management button. Refer to Section 17.2, YaST Modules for CA Management, (↑Security Guide) for detailed information on managing certificates with YaST.
- Set up SMT mirroring :
- either via Yast => Network Services => SMT Server Management
- Select Services (e.g. RES7, target x86_64) and toggle mirroring
- When finished, run 'Mirror now'
- or if you do not want to use yast2, run on command line as root:
- Verify that the mirror credentials have access to download updates for the RedHat products with : # smt-repos -m | grep RES
- Enable mirroring of the RHEL update catalog(s) for the desired architecture(s) # smt-repos -e <repo-name> <architecture>
- Mirror the updates and log verbose output : # smt-mirror -d -L /var/log/smt/smt-mirror.log
- The updates for RHEL will also be mirrored automatically as part of the default nightly SMT mirroring cron job.
- When the mirror process of the catalogs for your RHEL products has completed, the updates are available via http://<smt-server.your-domain.top/repo/$RCE/<catalog-name>/<architecture>/.
- To enable gpg checking of the repositories, the key used to sign the repositories needs to be made available to the RHEL clients. This key is now available in the res-signingkeys package, which is included in the SMT installation source.
- Install the res-signingkeys package with the command # zypper in -y res-signingkeys
- The installation of the package stores the key file as /srv/www/htdocs/repo/keys/res-signingkeys.key.
- Now the key is available to the clients and can be imported into their RPM database as described later.
Configuring the YUM client on RHEL 6.x and RHEL 7.x to consume updates from SMT :
- Import the repository signing key downloaded above into the local RPM database with a command like : # rpm --import http://<smt-server.domain.top>/repo/keys/res-signingkeys.key
- Create a file in /etc/yum.repos.d/ and name it RES6.repo or RES7.repo respectively
- Edit the file and enter the repository data and point to the catalog on the SMT server as follows :
Examples of baseurl : http://smt.mycompany.com/repo/$RCE/RES6/i386/
- Save the file
- Disable the stadard RedHat repositories by setting "enabled=0" in the repository entries in other files in /etc/yum.repos.d/ (if any are enabled).
Both yum and the update notification applet should work correctly now and notify of available updates when applicable. It might be needed to restart the applet.
Registering RHEL 6.x and RHEL 7.x against SMT
# wget http://<smt-server.domain.top>/smt.crt
# cat smt.crt >> /etc/pki/tls/cert.pem
- Edit /etc/suseRegister.conf to point to SMT by changing the url value to :
url = https://<smt-server.domain.top>/center/regsvc/
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.