[sles-beta] php disappeared in beta6?

Wed May 21 03:46:48 MDT 2014

Hello Will

Thank you
With SMT I got a script called clientSetup4SMT.sh which I could wget from the SMT.
This Script then did set the URL and necessary entry into the local file /etc/suseRegister.conf
Personally I only understand the parameter url and hostGUID in this /etc/suseRegister.conf file.
The rest I take as "undocumented" feature, because I did not find a real description of suse_register and the config parameters.
After I got it to work I did not search further, I admit.

v063o7:~ # cat /etc/suseRegister.conf
url=https://172.31.40.8/center/regsvc
listParams = command=listparams
register   = command=register
listProducts = command=listproducts
#hostGUID = 122354

# add update sources provided by the registration server
#
addRegSrvSrc = true

# add additional update sources (only type zypp is supported)
# addAdSrc can be used multiple times
#
#addAdSrc = http://you.suse.de/updates/test?alias=someName
#addAdSrc = http://you.suse.de/updates/test2

hostGUID = 0ed6b3efa4ba41c6ada9b4f57ec68b58
v063o7:~ #

Then with this information I can run suse_register against my internal SMT using my NCC Mail account and the subscription code I need to register on as paframeter
suse_register --no-refresh -a email=urs.frey at post.ch -a regcode-sles=2087161FC7B45F -L /root/suse_register.log

In the code below you can see the shell script I use to register against my internal SMT in autoyast init-script phase

         # if there is /etc/wgetrc active, deactivate for suse_register
         if [ -e /etc/wgetrc ] ; then
           mv -v /etc/wgetrc /etc/_wgetrc
         fi
         #
         # download clientconfig4SMT-Script always the latest version
         cd ${basedir}/bin
         rm -f clientSetup4SMT.sh
         wget --proxy=off -nd -t5 http://${smtserver}/smt/repo/tools/clientSetup4SMT.sh
         if [ -e ./clientSetup4SMT.sh ] ; then
           #
           # only if there was no error with download, do attempt to register
           #
           chmod 755 clientSetup4SMT.sh
           echo "y" | ${basedir}/bin/clientSetup4SMT.sh  --host ${smtserver} --regcert http://${smtserver}/smt/smt/smt.crt
           if [ "${vmwarecl}" != "" ] ; then
             #
             # for virtual clients we put in the hypervirsors, deviceid
             # for NCC will count the license correctly
             hostguid=`grep -v "#" /etc/suseRegister.conf | grep ^hostGUID`
             if [ "${hostguid}" == "" ] ; then
               #
               # we configure Hypervisor hostGUID
               #
               echo "" >> /etc/suseRegister.conf
               echo "hostGUID = 0ed6b3efa4ba41c6ada9b4f57ec68b58" >> /etc/suseRegister.conf
             fi
             licensecode="${licensecode_vmv}"
           else
             #
             licensecode="${licensecode_srv}"
           fi
           suse_register ${suseregparam} -a email=urs.frey at post.ch -a regcode-sles=${licensecode} -L /root/suse_register.log
           #
         fi
         # re-activate
         if [ -e /etc/_wgetrc ] ; then
           mv -v /etc/_wgetrc /etc/wgetrc
         fi

The challenge was to find out how the entire process with suse_register is done.
Our firewalls do allow communication only one way.
One has to define who does open the connection on which protocol and which way the data flow is.
Which way does suse_register open a connection, which protocol to SMT to upload information?
Firewalls do drop packages in silent way, no error code nothing, just no communication and wait for timeout.

One thing you can see above is the use of the --no-refresh parameter.
We cannot use the NU mechanism internally as we specify the repositories used on our production platform ourselves for security reasons.
Our servers do have only specifically granted repositories connected.
So there is a real need for a parameter allowing no refresh of libzypp and connect of NU repositories

So I need again with SUSEConnect a description of the handshake with SMT and I need to know the protocol used.
Within SUSEConnect I miss the parameter --no-refresh
Protocols http, https, are allowed to upload to SMT DMZ

Currently on my SLES12 Beta6 x86_64 I see these SUSEConnect manpages. The SUSEConnect.8.gz I copied manually to /usr/share/man/man8/
h063ur:~ # man SUSEConnect
Man: find all matching manual pages (set MAN_POSIXLY_CORRECT to avoid this)
 * SUSEConnect (1)
   SUSEConnect (8)
Man: What manual page do you want?

Currently SUSEConnect (1) contains some rake command I do not really understand or find a context to.

SUSEConnect (8) is a good step forward

Especially:
COMPARED TO SUSE_REGISTER
   BEFORE
       suse_register -a email=<email> -a regcode-sles=<regcode> -L <logfile>

   AFTER
       SUSEConnect --url <registration-server-url> -r <regcode> >> <logfile>

But the entire process and handshaking is missing. 
How can SUSEConnect find out the correct NCC / SCC account by not providing a NCC account credential as the email address?

Until SMT on SLES11-SP3 works with SLES12 I will not be able to test channels or register or use SUSEConnect in any way
DMZ is a security zone, no way to place Lab servers there.

Best regards

Urs Frey                                              
Post CH AG
Informationstechnologie
IT Betrieb 
Webergutstrasse 12 
3030 Bern (Zollikofen) 
Telefon : ++41 (0)58 338 58 70 
FAX     : ++41 (0)58 667 30 07 
E-Mail:   urs.frey at post.ch

-----Ursprüngliche Nachricht-----
Von: sles-beta-bounces at lists.suse.com [mailto:sles-beta-bounces at lists.suse.com] Im Auftrag von Will Stephenson
Gesendet: Wednesday, May 21, 2014 10:38 AM
An: sles-beta at lists.suse.com
Betreff: Re: [sles-beta] php disappeared in beta6?

On Wednesday 21 May 2014 07:51:20 urs.frey at post.ch wrote:
> When looking at SUSEConnect there is really no usable help around about what
> to enter when trying to register. It is the same pain as I had with
> suse_register and dealing with firewalls etc.

Urs,

I've updated the --help output and manpage for SUSEConnect for beta7 in line 
with your earlier feedback.   An additional section covers using it with SMT. 
However this is currently just a wordy version of  'SUSEConnect registers 
systems via SCC on the internet or a local SMT server using a RESTful JSON api 
over https.  Use SUSEConnect --url <url-of-smt> to register systems with SMT 
instead of SCC, and set proxies in YaST as needed'.

It would help me to know what other steps you had to take to make registration 
work in your firewalled SMT deployment.

I've attached the current (beta7) state of the manpage for your feedback.  
Read with man -l SUSEConnect.8.gz. A second manpage for SUSEConnect.5 (its 
config file) is still to be started. 

best regards

Will Stephenson

--
Will Stephenson | SCC Team
SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 
(AG Nürnberg)
Maxfeldstraße 5
90409 Nürnberg
Germany