Results 1 to 4 of 4

Thread: Suse v11 / v12 fail SMT registration with proxy

Hybrid View

  1. #1

    Suse v11 / v12 fail SMT registration with proxy

    at AWS in Ireland (eu-west-1), we have a severe issue where we are booting suse ec2 instance in a private subnet. We use userdata script to setup connectivity via proxy. We suspect that configuring the proxy via userdata is too late or not accepted by
    the suse in-region smt repo servers, so the server boots with no repos present in the config.

    This same userdata proxy configuration works fine for the base redhat ami in the same private subnet in the same aws account and region using the same proxy.

    Details of our config:

    ec2 host running userdata:
    AMI: suse-sles-12-sp2-v20161214-hvm-ssd-x86_64 (ami-9186a1e2)

    ec2 proxy:
    - Amazon Linux 2016.09 updated to 2016.12
    - squid 3.5.20

    Thank you for any guidance you can provide to connect via proxy at boot or force
    smt registration and onboarding of repos after booting.

    -------------------------------------------------------

    output from /var/log/cloudregister:

    2017-02-09 11:47:57,608 INFO:Using API: regionInfo
    2017-02-09 11:47:57,609 INFO:Using region server: 54.244.244.107
    2017-02-09 11:47:57,613 INFO:Starting new HTTPS connection (1): 54.244.244.107
    2017-02-09 11:48:12,628 ERROR:No response from: 54.244.244.107
    2017-02-09 11:48:12,628 INFO:Using region server: 54.253.118.149
    2017-02-09 11:48:12,629 INFO:Starting new HTTPS connection (1): 54.253.118.149
    2017-02-09 11:48:27,644 ERROR:No response from: 54.253.118.149
    2017-02-09 11:48:27,645 INFO:Using region server: 50.17.208.31
    2017-02-09 11:48:27,645 INFO:Starting new HTTPS connection (1): 50.17.208.31
    2017-02-09 11:48:42,661 ERROR:No response from: 50.17.208.31
    2017-02-09 11:48:42,661 INFO:Using region server: 54.247.166.75
    2017-02-09 11:48:42,662 INFO:Starting new HTTPS connection (1): 54.247.166.75
    2017-02-09 11:48:57,676 ERROR:No response from: 54.247.166.75
    2017-02-09 11:48:57,676 ERROR:None of the servers responded
    2017-02-09 11:48:57,676 ERROR: Attempted: ['54.244.244.107', '54.253.118.149', '50.17.208.31', '54.247.166.75']
    2017-02-09 11:48:57,676 ERROR:Exiting without registration
    2017-02-09 11:49:00,469 INFO:[Service] No SMT server found, nothing to do
    2017-02-09 11:49:00,636 INFO:[Service] No SMT server found, nothing to do
    2017-02-09 11:49:00,960 INFO:[Service] No SMT server found, nothing to do
    2017-02-09 11:49:02,140 INFO:[Service] No SMT server found, nothing to do
    2017-02-09 11:50:53,950 INFO:[Service] No SMT server found, nothing to do

  2. Re: Suse v11 / v12 fail SMT registration with proxy

    Hi,

    Instead of using a proxy we strongly recommend to use a NAT GW [1]. Since the NAT GW is managed by AWS you do not create a bottleneck in your network setup and you avoid this problem. Also when using the NAT GW you do not have to manually fiddle with the registration setup.

    As far as the proxy setup is concerned after the instance is running you need to setup the proxy configuration on the instance (yast proxy is one option) and then run /usr/sbin/registercloudguest --force-new

    [1] https://www.suse.com/communities/blo...aws-vpc-setup/

  3. #3

    Re: Suse v11 / v12 fail SMT registration with proxy

    thanks very much for the guidance, it is greatly appreciated.

    I haven't tried this yet on suse 12, but will assume the --force works to reregister post-boot up on suse 12; however, cloudregister utility is not available on suse v11 sp4.

    Please let us know if you have an alternate for suse 11.

    thank you,

  4. #4

    Re: Suse v11 / v12 fail SMT registration with proxy

    After validating connectivity via proxy for suse v12, I ran /usr/sbin/registercloudguest --force-new

    I get the following error msg to stderr:

    "
    /usr/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:264: SubjectAltNameWarning: Certificate for 54.253.118.149 has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
    SubjectAltNameWarning
    "

    would greatly appreciate any guidance to remedy.

    thank you.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •