PDA

View Full Version : Where are mirror credentials now?



aborzenkov
01-Dec-2014, 14:46
I'm rather confused with new SCC. In the old NCC I had mirror credentials and could access repositories. Now I have links to repositories listed in Subscriptions tab, but attempting to access any of them returns 403 Forbidden. It does not ask me about user/password either.

kwk
01-Dec-2014, 16:14
Mirror credentials are called 'Organization credentials' and are available in the respective tab of the https://scc.suse.com/organization page.

Use zypper (if the SLE 12 system is directly registered to scc.suse.com), SMT, or SUSE Manager to download repositories. Manual browsing is discouraged.

Technical details:

tl;dr SLE 12 is served via a different server which does not use mirror credentials


Usage of these credentials depends on the repository server.

For SLE 10 and SLE 11 (and associated products), repositories are served via nu.novell.com
Access to nu.novell.com is protected by mirror credentials, authorized by nu.novell.com. Each authorization required a round trip to NCC.

For SLE 12 (and associated products), repositories are served via updates.suse.com
Access to updates.suse.com is protected by token, authorized by the content delivery network (CDN). Each authentication is handled by the nearest CDN server. This makes repository access to update.suse.com much faster and more reliable than nu.novell.com

smflood
01-Dec-2014, 18:21
On 01/12/2014 15:24, kwk wrote:

> Mirror credentials are called 'Organization credentials' and are
> available in the respective tab of the https://scc.suse.com/organization
> page.
>
> Use zypper (if the SLE 12 system is directly registered to
> scc.suse.com), SMT, or SUSE Manager to download repositories. Manual
> browsing is discouraged.
>
> Technical details:
>
> tl;dr SLE 12 is served via a different server which does not use mirror
> credentials
>
>
> Usage of these credentials depends on the repository server.
>
> For SLE 10 and SLE 11 (and associated products), repositories are served
> via nu.novell.com
> Access to nu.novell.com is protected by mirror credentials, authorized
> by nu.novell.com. Each authorization required a round trip to NCC.
>
> For SLE 12 (and associated products), repositories are served via
> updates.suse.com
> Access to updates.suse.com is protected by token, authorized by the
> content delivery network (CDN). Each authentication is handled by the
> nearest CDN server. This makes repository access to update.suse.com much
> faster and more reliable than nu.novell.com

So the only way to get access to the repos served via updates.suse.com
are directly from a SLE12 machine registered to SCC, via SMT11 SP3
configured to talk to SCC, or (in future) SUSE Manager 2.1?

Is it no longer possible to mirror the repos some other way?

Thanks.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

bobino
03-Dec-2014, 13:38
Hi,
SLES 11 SP3, fresh installation
I'm using our 'Organization credentials' and getting invalid credentials. Did not worked...
Should I see our SMT server in the list under scc/systems ?
thank you

aborzenkov
03-Dec-2014, 15:41
Access to updates.suse.com is protected by token

And the only way to generate this token is to register SLES with SCC? What if system does not have internet access? Yes, this happens. I may still want to download selected available updates and install them offline.

aborzenkov
03-Dec-2014, 15:44
For SLE 10 and SLE 11 (and associated products), repositories are served via nu.novell.com
For SLE 12 (and associated products), repositories are served via updates.suse.com


That's not what I see. If I go to my subscriptions page and list repositories, I get links to updates.suse.com for SLES11 as well.

smflood
03-Dec-2014, 16:38
On 03/12/2014 12:44, bobino wrote:

> SLES 11 SP3, fresh installation
> I'm using our 'Organization credentials' and getting invalid
> credentials. Did not worked...
> Should I see our SMT server in the list under scc/systems ?
> thank you

Is your SMT Server fully patched and have you migrated it to access SCC
rather than NCC? Please see TID 7015836[1].

HTH.

[1] https://www.suse.com/support/kb/doc.php?id=7015836
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

smflood
03-Dec-2014, 16:42
On 03/12/2014 14:54, aborzenkov wrote:

> That's not what I see. If I go to my subscriptions page and list
> repositories, I get links to updates.suse.com for SLES11 as well.

It's my understanding that repos for earlier versions of SUSE Linux
Enterprise (SLE) are available via both NCC and SCC but SLE12 repos are
only available via SCC. That way SMT servers that have been switched
from NCC to SCC will be able to offer the earlier SLE repos (but not
Novell OES ones).

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

kwk
04-Dec-2014, 08:08
[color=blue]

> So the only way to get access to the repos served via updates.suse.com
> are directly from a SLE12 machine registered to SCC, via SMT11 SP3
> configured to talk to SCC, or (in future) SUSE Manager 2.1?



Yes, these are the preferred ways.




[color=blue]

> Is it no longer possible to mirror the repos some other way?



Of course it is still possible to mirror the repos in another way.

For nu.novell.com, you need to provide the organizational (mirror) credentials as https://<username>:<password>@nu.novell.cm/... to access nu.novell.com hosted repositories.

For updates.suse.com, you need to attach the correct token to the https://updates.suse.com/... url.

Everything else works as usual.

kwk
04-Dec-2014, 08:11
And the only way to generate this token is to register SLES with SCC?

Currently, yes.

We are working to provide tokens via scc.suse.com, this will be available shortly.

With the token, you can selectively download updates from updates.suse.com

kwk
04-Dec-2014, 08:14
[color=blue]

> It's my understanding that repos for earlier versions of SUSE Linux
> Enterprise (SLE) are available via both NCC and SCC but SLE12 repos are
> only available via SCC. That way SMT servers that have been switched
> from NCC to SCC will be able to offer the earlier SLE repos (but not
> Novell OES ones).



Exactly.

For syncing repositories into SMT or SUSE Manager, it's just more convenient to talk to one update server only.

aborzenkov
04-Dec-2014, 10:57
Thank you. All your answers were very helpful.

mwiese
02-Feb-2015, 11:46
Hi,

I have installed a SLES12 Server and registered with SCC. Now I would like to mirror the update repository from SUSE. But I don't know, how to do this. What I've done yet:

1. Establish connection to SCC and download patches for my SLES12 - works.
2. In the repo section I see URL in format of https://updates.suse.com/SUSE/Updates/SLE-SERVER/12/x86_64/update?LONGTOKEN
3. I found credentials on the system with username SCC_xxxxxxxxxx and password
4. I tried https://username:password@updates.suse.com/SUSE/Updates/SLE-SERVER/12/x86_64/update?LONGTOKEN but got HTTP 401 Unauthorized.

How can I mirror the update repository?
Any help would be appreciated!

Thanks and best regards
Marco

smflood
02-Feb-2015, 16:55
On 02/02/2015 10:54, mwiese wrote:

> I have installed a SLES12 Server and registered with SCC. Now I would
> like to mirror the update repository from SUSE. But I don't know, how to
> do this. What I've done yet:
>
> 1. Establish connection to SCC and download patches for my SLES12 -
> works.
> 2. In the repo section I see URL in format of
> https://updates.suse.com/SUSE/Updates/SLE-SERVER/12/x86_64/update?LONGTOKEN
> 3. I found credentials on the system with username SCC_xxxxxxxxxx and
> password
> 4. I tried
> https://username:password@updates.suse.com/SUSE/Updates/SLE-SERVER/12/x86_64/update?LONGTOKEN
> but got HTTP 401 Unauthorized.
>
> How can I mirror the update repository?

Currently the only way to mirror updates from SCC is via SMT11 SP3 (on
SLES11 SP3).

HTH.
--
Simon
SUSE Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------

kwk
03-Feb-2015, 09:29
Marco,

what are you trying to accomplish ?

A simple mirroring application is 'SMT', a complete management application is 'SUSE Manager'. Both can mirror repositories.

If you want to mirror with a 3rd party tool, the https://updates.suse.com/SUSE/Updates/SLE-SERVER/12/x86_64/update?LONGTOKEN url is all you need.

robertw399
03-Feb-2015, 15:05
Marco,

what are you trying to accomplish ?

A simple mirroring application is 'SMT', a complete management application is 'SUSE Manager'. Both can mirror repositories.

If you want to mirror with a 3rd party tool, the https://updates.suse.com/SUSE/Updates/SLE-SERVER/12/x86_64/update?LONGTOKEN url is all you need.

I am trying this with Spacewalk 2.2 and am getting errors.

Sync started: Tue Feb 3 07:42:59 2015
['/usr/bin/spacewalk-repo-sync', '--channel', 'sles12-pool', '--type', 'yum', '']
Repo URL: https://updates.suse.com/SUSE/Products/SLE-SERVER/12/s390x/product?<very long token>
ERROR: Cannot retrieve repository metadata (repomd.xml) for repository: sles12-pool. Please verify its path and try again
Sync completed.
Total time: 0:00:02

Chris

kwk
03-Feb-2015, 15:27
Repo URL: https://updates.suse.com/SUSE/Products/SLE-SERVER/12/s390x/product?<very long token>

Chris

s390x ?! I guess you're just synching the wrong architecture here.

the <very long token> is per-user, per-repository. It's different from the old 'mirror credentials'.

robertw399
03-Feb-2015, 18:59
s390x ?! I guess you're just synching the wrong architecture here.

the <very long token> is per-user, per-repository. It's different from the old 'mirror credentials'.

I obtained the token by doing inquires to
curl -u SCC_<userid>:<password> https://scc.suse.com/access/services/1104?credentials=SUSE_Linux_Enterprise_Server_12_s 390x

so I don't think the token is wrong. I could see in the returned repoindex the various tokens for the repositories.

kwk
04-Feb-2015, 08:41
Hmm, then I'd recommend you to open a support request. Then we can check your subscription status.
You might also be missing a PTF for SUSE Manager, the support request will give you access to that too.

aborzenkov
21-May-2015, 07:12
We are working to provide tokens via scc.suse.com, this will be available shortly.
With the token, you can selectively download updates from updates.suse.com

Hi again,

as we just got customer question regarding repo access ... is it now possible to generate token via SCC? I do not see anything obvious browsing it right now - just organizational credentials.

FrankSteiner
24-Mar-2016, 11:29
You can generate an xml output of all the products you can download with a certain subscription, and this will contain the URLs with tokens:

curl -H "Authorization: Token token=<token>" https://scc.suse.com/connect/subscriptions/products

where <token> is the "Registration code" for you subscription that you can find in the SCC web portal. You will find URLs like
https://updates.suse.com/SUSE/Updates/SLE-SERVER/12-SP1/x86_64/update/?...
and the part after the ? is the token.

Btw, mirroring can be done with the tool "yup" by Marcus Meissner, look at the opensuse build service. yup12 is not fully up-to-date at the moment, missing link for SLED 12. It uses other URLs for fetching the tokens but those cannot be guessed, they contain a number that you just need to know...