PDA

View Full Version : no SMT repos available for specific client



jmroth
08-May-2012, 09:47
Hi there,
got problems registering to SMT server:


Server 1, not working:

# ./clientSetup4SMT.sh --host smt
Do you accept this certificate? [y/n] y
Client setup finished.
Start the registration now? [y/n] y
/usr/bin/suse_register -i -L /root/.suse_register.log
All services have been refreshed.
All repositories have been refreshed.
ERROR: Peer certificate cannot be authenticated with known CA certificates: (60)
(2)
ERROR: Peer certificate cannot be authenticated with known CA certificates: (60)
(2)
# zypper lr
# | Alias | Name | Enabled | Refresh
--+--------------------------------------------------+--------------------------------------------------+---------+--------
1 | Novell-Open-Enterprise-Server-11_11.0-1.320 | Novell Open Enterprise Server 11 | Yes | No
2 | SUSE-Linux-Enterprise-Server-11-SP1 11.1.1-1.152 | SUSE-Linux-Enterprise-Server-11-SP1 11.1.1-1.152 | Yes | No

Server 2, is working:


# ./clientSetup4SMT.sh --host smt
Do you accept this certificate? [y/n] y
Client setup finished.
Start the registration now? [y/n] y
/usr/bin/suse_register -i -L /root/.suse_register.log
Refreshing service 'SMT-http_smt'.
All services have been refreshed.
Repository 'OES11-Pool' is up to date.
Repository 'OES11-Updates' is up to date.
Repository 'SLES11-SP1-Pool' is up to date.
Repository 'SLES11-SP1-Updates' is up to date.
All repositories have been refreshed.
ERROR: Peer certificate cannot be authenticated with known CA certificates: (60)
(2)
ERROR: Peer certificate cannot be authenticated with known CA certificates: (60)
(2)
# zypper lr
# | Alias | Name | Enabled | Refresh
--+--------------------------------------------------+--------------------------------------------------+---------+--------
1 | Novell-Open-Enterprise-Server-11_11.0-1.320 | Novell Open Enterprise Server 11 | Yes | No
2 | SMT-http_smt:OES11-Pool | OES11-Pool | Yes | Yes
3 | SMT-http_smt:OES11-Updates | OES11-Updates | Yes | Yes
4 | SMT-http_smt:SLES11-SP1-Pool | SLES11-SP1-Pool | Yes | Yes
5 | SMT-http_smt:SLES11-SP1-Updates | SLES11-SP1-Updates | Yes | Yes
6 | SUSE-Linux-Enterprise-Server-11-SP1 11.1.1-1.152 | SUSE-Linux-Enterprise-Server-11-SP1 11.1.1-1.152 | Yes | No

Both servers are exactly the same:
# rpm -qa | sort | md5sum
8ad0e3dfa82b88029e065dd15590619e -

The SMT GUID is NOT the same obviously, I have checked that! (They are not exact clones)

The first server does not appear in the client list on the SMT server.

What else can I check??

Thanks
Marki

malcolmlewis
08-May-2012, 15:12
Hi
Are there any clues in the /root/.suse_register.log?

jmroth
08-May-2012, 16:24
Hi
Are there any clues in the /root/.suse_register.log?

You tell me (tried suse_register manually):


# suse_register -d 2 -i
Execute Command: /usr/bin/zypper ref --service
All services have been refreshed.
All repositories have been refreshed.
GUID:f238276d7af34366.....
Execute command: /usr/bin/zypper --no-refresh --quiet --xmlout --non-interactive products --installed-only
Execute command exit(0):
installed products: $VAR1 = [
[
'SUSE_SLES',
'11.1',
'',
'x86_64'
],
[
'Open_Enterprise_Server',
'11',
'cd',
'x86_64'
]
];

Execute command: /usr/bin/lscpu
Execute command exit(0):
Execute command: /usr/sbin/hwinfo --gfxcard
Execute command exit(0):
Execute command: /usr/bin/zypper --non-interactive targetos
Execute command exit(0):
list-parameters: 0
xml-output: 0
no-optional: 0
batch: 0
forcereg: 0
no-hw-data: 0
log: /root/.suse_register.log
locale: undef
no-proxy: 0
yastcall: 0
arg: $VAR1 = {
'timezone' => {
'kind' => 'mandatory',
'value' => '...',
'flag' => 'i',
'description' => 'Timezone'
},
'ostarget' => {
'kind' => 'mandatory',
'value' => 'sle-11-x86_64',
'flag' => 'i',
'description' => 'Target operating system identifier'
},
'processor' => {
'kind' => 'mandatory',
'value' => 'x86_64',
'flag' => 'i',
'description' => 'Processor type'
},
'platform' => {
'kind' => 'mandatory',
'value' => 'x86_64',
'flag' => 'i',
'description' => 'Hardware platform type'
}
};

extra-curl-option:$VAR1 = [];

URL: https://smt/center/regsvc
listParams: command=listparams
register: command=register
lang: POSIX
initialDomain: .xxx
SEND DATA to URI: https://smt/center/regsvc?command=listproducts&lang=en-US&version=1.0:


About to connect() to smt port 443 (#0)
Trying 130.1.1.93...
connected
Connected to smt (130.1.1.93) port 443 (#0)
successfully set certificate verify locations:
CAfile: none
CApath: /etc/ssl/certs/
SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS alert, Server hello (2):
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Closing connection #0
ERROR: Peer certificate cannot be authenticated with known CA certificates: (60)
(2)
ERROR: Peer certificate cannot be authenticated with known CA certificates: (60)
(2)


Command

/usr/bin/zypper ref --service
seems to work on one host but not the other.

jmroth
08-May-2012, 17:18
Ok forget it. I guess ignoring the error about the SSL conversation was a mistake:
The server certificate on the SMT server had expired.

Not sure why SMT chose not to display anything anymore on one but not the other client/server.

In fact, after the issue of the expired SSL server certificate was fixed, clientSetup4SMT/suse_register said



WARNING: Some repositories were manually disabled. They are not restored.
If you want to restore them, call suse_register with the --restore-repos parameter.


which I did and everything was fine again.