PDA

View Full Version : System registration through SMT with different lic.



configurationmanagement
03-Aug-2015, 17:34
Hello!

I've got several systems (these are very much world-wide distributed) and I need to register them.
I can use SMT server as a central "proxy for these", I've done SMT server setup and can see this in SCC, however this is my question:
I've got severall different licences for different projects. For example:
EMEA SLES x86-64 1-2 Sockets with Unlimited VM, Standard Subscription
EMEA SLES x86-64 1-2 Sockets or 1-2 VM, Standard Subscription
And I need to register different systems using different licences, how I can do this?
On what stage I'm able to choose the right one? Or when I use SMT I will use the same Lic. as a SMT registered?

Sorry, but I cannot find any find of that information in manuals or in the internet.

jmozdzen
04-Aug-2015, 10:11
Hi configurationmanagement,

Hello!

I've got several systems (these are very much world-wide distributed) and I need to register them.
I can use SMT server as a central "proxy for these", I've done SMT server setup and can see this in SCC, however this is my question:
I've got severall different licences for different projects. For example:
EMEA SLES x86-64 1-2 Sockets with Unlimited VM, Standard Subscription
EMEA SLES x86-64 1-2 Sockets or 1-2 VM, Standard Subscription
And I need to register different systems using different licences, how I can do this?
On what stage I'm able to choose the right one? Or when I use SMT I will use the same Lic. as a SMT registered?

Sorry, but I cannot find any find of that information in manuals or in the internet.

registration of the systems works like without SMT - you specify the license code while running the registration via command line or via YaST on the (SMT client) server machines. Or did I get the question wrong?

Regards,
Jens

configurationmanagement
13-Aug-2015, 16:30
Hello,

If I try to run clientSetup4SMT.sh using hostname I've got error: (If using IP address that's going fine)

# ./clientSetup4SMT.sh --host ukwcmcsmt01.odops.uk.domain.net
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c1:ee:75:75:f0:04:4f:2e
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=GB, CN=YaST Default CA (ukwcmcsmt01)/emailAddress=sysadmins@domain.net
Validity
Not Before: Jun 16 14:20:24 2015 GMT
Not After : Jun 13 14:20:24 2025 GMT
Subject: C=GB, CN=YaST Default CA (ukwcmcsmt01)/emailAddress=sysadmins@domain.net
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:d0:3c:39:29:5a:d2:c7:11:9b:15:e7:51:a8:f5:
.....
f5:d5:dc:cf:9c:69:f7:9b:b5:55:07:2d:72:ea:7d:
d6:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
Netscape Comment:
YaST Generated CA Certificate
Netscape Cert Type:
SSL CA, S/MIME CA
X509v3 Key Usage:
Certificate Sign, CRL Sign
X509v3 Subject Key Identifier:
66:AF:47:EB:E3:64:72:35:89:C0:8E:50:E2:6C:17:C5:B3 :7E:4F:B0
X509v3 Authority Key Identifier:
keyid:66:AF:47:EB:E3:64:72:35:89:C0:8E:50:E2:6C:17 :C5:B3:7E:4F:B0
DirName:/C=GB/CN=YaST Default CA (ukwcmcsmt01)/emailAddress=sysadmins@domain.net
serial:C1:EE:75:75:F0:04:4F:2E

X509v3 Subject Alternative Name:
email:sysadmins@domain.net
X509v3 Issuer Alternative Name:
email:sysadmins@domain.net
Signature Algorithm: sha1WithRSAEncryption
75:c2:a0:37:42:19:3d:f5:a7:04:28:4f:5c:52:0f:b9:d6 :cc:
...
ec:93:7c:d0:3a:2d:32:86:ec:8e:21:ce:a5:dd:d2:a7:c5 :d0:
7e:c2:57:2f
Do you accept this certificate? [y/n] y
Client setup finished.
Start the registration now? [y/n] y
/usr/bin/suse_register -i -L /root/.suse_register.log
Refreshing service 'SMT-http_ukwcmcsmt01_odops_uk_domain_net'.
All services have been refreshed.
Repository 'Puppet' is up to date.
Repository 'SBSOFT-SLE11-SP3-OS' is up to date.
Repository 'SMT-SLE11-SDK-SP3-Pool' is up to date.
Repository 'SMT-SLE11-SDK-SP3-updates' is up to date.
Repository 'SMT-SLE11-SP3-Updates' is up to date.
Repository 'ruby_backports' is up to date.
All repositories have been refreshed.
ERROR: SSL peer certificate or SSH remote key was not OK: (51)
(2)
ERROR: SSL peer certificate or SSH remote key was not OK: (51)
(2)


SSL connection in both cases (using IP address and using hostname) are fine:


# openssl s_client -connect 10.10.10.10:443
CONNECTED(00000003)
depth=1 /C=GB/CN=YaST Default CA (ukwcmcsmt01)/emailAddress=sysadmins@domain.net
verify return:1
depth=0 /C=GB/CN=ukwcmcsmt01.odops.uk.domain.net/emailAddress=sysadmins@domain.net
verify return:1
---
Certificate chain
0 s:/C=GB/CN=ukwcmcsmt01.odops.uk.domain.net/emailAddress=sysadmins@domain.net
i:/C=GB/CN=YaST Default CA (ukwcmcsmt01)/emailAddress=sysadmins@domain.net
1 s:/C=GB/CN=YaST Default CA (ukwcmcsmt01)/emailAddress=sysadmins@domain.net
i:/C=GB/CN=YaST Default CA (ukwcmcsmt01)/emailAddress=sysadmins@domain.net
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEzTCCA7WgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQ YDVQQGEwJHQjEm
...
/JKyGODS4rac/w4oT58JA9SbR2iaeGowBj1tfHRLlhR9XvhQj4tn1IqmWV1b4yg w
B1TLr2GLXCeog7czfcts7YzyNsfDzhcXH0HoIcScWFgA
-----END CERTIFICATE-----
subject=/C=GB/CN=ukwcmcsmt01.odops.uk.domain.net/emailAddress=sysadmins@domain.net
issuer=/C=GB/CN=YaST Default CA (ukwcmcsmt01)/emailAddress=sysadmins@domain.net
---
No client certificate CA names sent
---
SSL handshake has read 2934 bytes and written 300 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : ECDHE-RSA-AES256-SHA
Session-ID: 8C28DBB94229B2C4B42B1D25A144EB749C1E16075C85FCE2FF 4E296153C5F8AD
Session-ID-ctx:
Master-Key: 735B62280C3F2BBAB355D654F239B7AF0458DF192AFD1EDBA1 3391B2EAB251583E2129CE4E71B1E4A225A09B375FFF1E
Key-Arg : None
Start Time: 1439478906
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
closed

Could you advice what could be wrong?

jmozdzen
17-Aug-2015, 15:13
Hi configurationmanagement,

I take it the "openssl s_client" run was from the machine you ran clientSetup4SMT.sh on previously?

Does ~root/.suse_register.log on that host have any clues on what happened and might have caused that error?

Regards,
Jens