PDA

View Full Version : Suse v11 / v12 fail SMT registration with proxy



blakeca00
28-Feb-2017, 16:12
at AWS in Ireland (eu-west-1), we have a severe issue where we are booting suse ec2 instance in a private subnet. We use userdata script to setup connectivity via proxy. We suspect that configuring the proxy via userdata is too late or not accepted by
the suse in-region smt repo servers, so the server boots with no repos present in the config.

This same userdata proxy configuration works fine for the base redhat ami in the same private subnet in the same aws account and region using the same proxy.

Details of our config:

ec2 host running userdata:
AMI: suse-sles-12-sp2-v20161214-hvm-ssd-x86_64 (ami-9186a1e2)

ec2 proxy:
- Amazon Linux 2016.09 updated to 2016.12
- squid 3.5.20

Thank you for any guidance you can provide to connect via proxy at boot or force
smt registration and onboarding of repos after booting.

-------------------------------------------------------

output from /var/log/cloudregister:

2017-02-09 11:47:57,608 INFO:Using API: regionInfo
2017-02-09 11:47:57,609 INFO:Using region server: 54.244.244.107
2017-02-09 11:47:57,613 INFO:Starting new HTTPS connection (1): 54.244.244.107
2017-02-09 11:48:12,628 ERROR:No response from: 54.244.244.107
2017-02-09 11:48:12,628 INFO:Using region server: 54.253.118.149
2017-02-09 11:48:12,629 INFO:Starting new HTTPS connection (1): 54.253.118.149
2017-02-09 11:48:27,644 ERROR:No response from: 54.253.118.149
2017-02-09 11:48:27,645 INFO:Using region server: 50.17.208.31
2017-02-09 11:48:27,645 INFO:Starting new HTTPS connection (1): 50.17.208.31
2017-02-09 11:48:42,661 ERROR:No response from: 50.17.208.31
2017-02-09 11:48:42,661 INFO:Using region server: 54.247.166.75
2017-02-09 11:48:42,662 INFO:Starting new HTTPS connection (1): 54.247.166.75
2017-02-09 11:48:57,676 ERROR:No response from: 54.247.166.75
2017-02-09 11:48:57,676 ERROR:None of the servers responded
2017-02-09 11:48:57,676 ERROR: Attempted: ['54.244.244.107', '54.253.118.149', '50.17.208.31', '54.247.166.75']
2017-02-09 11:48:57,676 ERROR:Exiting without registration
2017-02-09 11:49:00,469 INFO:[Service] No SMT server found, nothing to do
2017-02-09 11:49:00,636 INFO:[Service] No SMT server found, nothing to do
2017-02-09 11:49:00,960 INFO:[Service] No SMT server found, nothing to do
2017-02-09 11:49:02,140 INFO:[Service] No SMT server found, nothing to do
2017-02-09 11:50:53,950 INFO:[Service] No SMT server found, nothing to do

rjschwei
28-Feb-2017, 16:57
Hi,

Instead of using a proxy we strongly recommend to use a NAT GW [1]. Since the NAT GW is managed by AWS you do not create a bottleneck in your network setup and you avoid this problem. Also when using the NAT GW you do not have to manually fiddle with the registration setup.

As far as the proxy setup is concerned after the instance is running you need to setup the proxy configuration on the instance (yast proxy is one option) and then run /usr/sbin/registercloudguest --force-new

[1] https://www.suse.com/communities/blog/using-suse-linux-enterprise-demand-aws-vpc-setup/

blakeca00
28-Feb-2017, 18:49
thanks very much for the guidance, it is greatly appreciated.

I haven't tried this yet on suse 12, but will assume the --force works to reregister post-boot up on suse 12; however, cloudregister utility is not available on suse v11 sp4.

Please let us know if you have an alternate for suse 11.

thank you,

blakeca00
28-Feb-2017, 20:49
After validating connectivity via proxy for suse v12, I ran /usr/sbin/registercloudguest --force-new

I get the following error msg to stderr:

"
/usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:264: SubjectAltNameWarning: Certificate for 54.253.118.149 has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
SubjectAltNameWarning
"

would greatly appreciate any guidance to remedy.

thank you.