SUSE Manager Client registration

Step by step procedure to add a new client in SUSE Manager.

In this article, we will walk you through step by step procedure to register a client in SUSE Manager. The complete process can be split into 5 parts as below where first 4 are pre-requisite –

Create custom channels
Create Activation Keys
Create bootstrap scripts
Create bootstrap repo
Register client

If you already have an established SUSE Manager in your infra then the first 4 steps must have been already completed and configured. Let’s go one by one now –

Create custom channels

We already covered it in another article here.

Create Activation Keys

For this step, we will use dev channel we created in the previous step. So we will create Activation Key (AK) for channel year-1-dev-SLE-Product-SLES15-Pool for x86_64

Navigate to Systems > Activation Keys

Hit Create Key button

I next screen there are 3 important fields you need to fill in –

Key : which starts with 1-. Rest you need to fill in some standard format so that its easier for you to identify later. We used 1-dev-sles15 here
Base Channel: You need to select the proper custom channels from the drop-down menu. Here custom channels created by Content Lifecycle Management and SUSE product channels will be listed. Choose wisely.
Child channels: Select child channels from your main base custom channel.

Leave rest to default. Every option has help text as well which will help you to understand it and its pretty simple. Finally, click Create Activation Key button at the bottom of the page.

Your key will be created and can be checked at the Activation Keys home menu we visited in the first step.

Create bootstrap scripts

Don’t worry you don’t have to script the code on your own. SUSE Manager got you covered. You just need to edit Activation Key in the ready-made script.

Navigate to Admin > Manager Configuration > Bootstrap Script

Here you can see the location of bootstrap script located in your SUSE Manager along with few options like a proxy (mainly) which can be tweaked. Make sure to hit Update button at bottom of the page to generate a script on the mentioned location for the first time before you use it.

Bootstrap script location on SUSE Manager

As you can see the bootstrap script is located in /srv/www/htdocs/pub/bootstrap on SUSE Manager. Log in to the SUSE Manager server using putty and make a copy of the script.

kerneltalks:~ # cp /srv/www/htdocs/pub/bootstrap/bootstrap.sh dev_sles15_bootstrap.sh
kerneltalks:~ # vi dev_sles15_bootstrap.sh

And in the copy edit below parameter to your Activation key.

ACTIVATION_KEYS=1-dev-sles15

That’s it. Your bootstrap script is ready to register client under dev channel.

Create bootstrap repo

Now, you need to create a bootstrap repo as well. This repo will be added to the client temporarily to fetch all SUSE Manager registration-related packages and their dependent packages so that registration can be initiated on the client. All this happens in the background when you run the bootstrap script on the client.

To create bootstrap repo run below command on SUSE Manager. Make sure all SUSE product repos are synced completely before running this command –

kerneltalks:~ # mgr-create-bootstrap-repo  -c SLE-15-x86_64 --with-custom-channel

Make sure you edit command and choose OS distribution as per your channel you are selecting. We are working on dev SLES15 channel here so I chose SLE-15-x86_64 product in command.

You can see it copies all packages and their dependencies to the new repo for new clients. Sample output :

#  mgr-create-bootstrap-repo  -c SLE-15-x86_64 --with-custom-channel
Creating bootstrap repo for SLE-15-x86_64

copy 'libgudev-1_0-0-232-1.33.x86_64'
copy 'libnewt0_52-0.52.20-5.35.x86_64'
copy 'libslang2-2.3.1a-3.13.x86_64'
copy 'newt-0.52.20-5.35.x86_64'
copy 'python3-asn1crypto-0.24.0-1.20.noarch'
copy 'python3-cffi-1.11.2-4.3.1.x86_64'
copy 'python3-cryptography-2.1.4-4.6.1.x86_64'
copy 'python-dmidecode-3.12.2-1.24.x86_64'
copy 'python3-dmidecode-3.12.2-1.24.x86_64'
copy 'python3-idna-2.6-1.20.noarch'
copy 'python3-libxml2-python-2.9.7-3.12.1.x86_64'
copy 'python3-netifaces-0.10.6-1.31.x86_64'
copy 'python3-newt-0.52.20-5.35.x86_64'
copy 'python3-pyasn1-0.4.2-1.20.noarch'
copy 'python3-pycparser-2.17-1.24.noarch'
copy 'python3-pyOpenSSL-17.5.0-3.6.1.noarch'
copy 'python3-pyudev-0.21.0-3.22.noarch'
copy 'python3-rpm-4.14.1-10.16.1.x86_64'
copy 'python3-packaging-16.8-1.23.noarch'
copy 'python3-setuptools-38.4.1-1.18.noarch'
copy 'python3-appdirs-1.4.3-1.21.noarch'
copy 'python3-pyparsing-2.2.0-1.28.noarch'
copy 'hwdata-0.320-3.8.1.noarch'
copy 'python3-hwdata-2.3.5-1.21.noarch'
copy 'python3-rhnlib-4.0.11-3.10.1.noarch'
copy 'spacewalk-check-4.0.10-3.11.1.noarch'
copy 'spacewalk-client-setup-4.0.10-3.11.1.noarch'
copy 'spacewalk-client-tools-4.0.10-3.11.1.noarch'
copy 'python3-spacewalk-check-4.0.10-3.11.1.noarch'
copy 'python3-spacewalk-client-setup-4.0.10-3.11.1.noarch'
copy 'python3-spacewalk-client-tools-4.0.10-3.11.1.noarch'
copy 'python3-spacewalk-usix-4.0.9-3.3.16.noarch'
copy 'mgr-daemon-4.0.8-1.11.1.noarch'
copy 'suseRegisterInfo-4.0.4-3.3.16.noarch'
copy 'python3-suseRegisterInfo-4.0.4-3.3.16.noarch'
copy 'zypp-plugin-spacewalk-1.0.5-3.6.9.noarch'
copy 'python3-zypp-plugin-0.6.3-2.18.noarch'
copy 'python3-zypp-plugin-spacewalk-1.0.5-3.6.9.noarch'
copy 'libpgm-5_2-0-5.2.122-3.15.x86_64'
copy 'libsodium23-1.0.16-2.20.x86_64'
copy 'libzmq5-4.2.3-3.8.1.x86_64'
copy 'python3-Babel-2.5.1-1.26.noarch'
copy 'python3-certifi-2018.1.18-1.18.noarch'
copy 'python3-chardet-3.0.4-3.23.noarch'
copy 'python3-Jinja2-2.10.1-3.5.1.noarch'
copy 'python3-MarkupSafe-1.0-1.29.x86_64'
copy 'python3-msgpack-0.5.4-2.9.x86_64'
copy 'python3-psutil-5.4.3-1.19.x86_64'
copy 'python3-py-1.5.2-1.24.noarch'
copy 'python3-pycrypto-2.6.1-1.28.x86_64'
copy 'python3-pytz-2017.3-1.20.noarch'
copy 'python3-PyYAML-3.12-1.32.x86_64'
copy 'python3-pyzmq-17.0.0-1.25.x86_64'
copy 'python3-requests-2.18.4-1.35.noarch'
copy 'python3-simplejson-3.13.2-1.21.x86_64'
copy 'python3-six-1.11.0-2.21.noarch'
copy 'python3-tornado-4.5.3-1.26.x86_64'
copy 'python3-urllib3-1.22-6.7.1.noarch'
copy 'timezone-2019c-3.23.1.x86_64'
copy 'salt-2019.2.0-5.52.1.x86_64'
copy 'python3-salt-2019.2.0-5.52.1.x86_64'
copy 'salt-minion-2019.2.0-5.52.1.x86_64'
copy 'libunwind-1.2.1-2.13.x86_64'
Directory walk started
Directory walk done - 75 packages
Temporary output repo path: /srv/www/htdocs/pub/repositories/sle/15/0/bootstrap/.repodata/
Preparing sqlite DBs
Pool started (with 5 workers)
Pool finished

Register client to SUSE Manager

And we came to the last step for which we have been sweating on all the above pre-requisite!

Its a very simple one command step to be executed on the client machine. The client can be registered from the SUSE Manager console itself as well. We will see both steps here.

Before that one point to note – If your system is VM built from template or clone or if it’s a clone system in any way then you should run below commands on client systems to assign unique system Id and then proceed with registration.

# rm /etc/machine-id; rm /var/lib/dbus/machine-id; rm /etc/salt/minion_id
# dbus-uuidgen --ensure; systemd-machine-id-setup
# service salt-minion stop
# rm -rf /etc/salt
# rm -rf /var/cache/salt

These commands will also wipe out any previous salt registration details if any from the clone procedure.

Register client to SUSE Manager from client putty login

curl -Sks https://<suse-manager>/pub/bootstrap/<bootstrap-script>.sh | /bin/bash

Where –

<suse-manager> is SUSE Manager IP or hostname
<bootstrap-script> is bootstrap script name you prepared in the earlier step

As per our setup below is a command –

k-client # curl -Sks https://kerneltalks/pub/bootstrap/dev-sles15_bootstrap.sh | /bin/bash

It will do all the work for you and once the script finishes the execution you should see the client’s key is pending for approval in the SUSE Manager console. Unless you approve it, the client won’t be registered to SUSE Manager. Script has a long output so I am not mentioning it here.

To approve client key navigate to SUSE Manager > Salt > Keys

Click the tick button and your client is registered! It will be shown as accepted in Salt then. You can view it under SUSE Manager > Systems > Overview

You can system is registered in SUSE Manager under dev channel!

To view more details about the system, click on hostname and you will see client details along with a tabbed menu bar which will help you manage that client from the SUSE Manager console.

Register client to SUSE Manager from the console itself

You can provide SSH login to the SUSE Manager console and it will do all the above steps which you need to do manually by logging into the client using putty.

Navigate to SUSE Manager > Systems > Bootstrapping

Fill in details and hit Bootstrap button. It will start connecting system via SSH in backend and execute stuff. On console you will be shown message Your system is bootstrapping: waiting for a response..

Once completed, your system is registered and you can view it in system overview as explained above. You need not accept key in this case since SUSE Manager auto approves this salt request.

Issue on SUSE clients

You may face issues on some SUSE clients where even after bootstrap completes properly salt-minion process wont start and hence you can not register server with SUSE Manager.

You might see below error in such case :

root@kerneltalks # systemctl status salt-minion
● salt-minion.service - The Salt Minion
   Loaded: loaded (/usr/lib/systemd/system/salt-minion.service; enabled; vendor preset: disabled)
   Active: activating (auto-restart) (Result: exit-code) since Tue 2020-07-21 18:19:14 IST; 3s ago
  Process: 3708 ExecStart=/usr/bin/salt-minion (code=exited, status=1/FAILURE)
 Main PID: 3708 (code=exited, status=1/FAILURE)

Jul 21 18:19:14 kerneltalks systemd[1]: salt-minion.service: Unit entered failed state.
Jul 21 18:19:14 kernelatalks systemd[1]: salt-minion.service: Failed with result 'exit-code'.

And you can check /var/log/messges for below error messages :

2020-07-21T18:32:04.575062+02:00 kerneltalks salt-minion[6530]: /usr/lib/python2.7/site-packages/salt/scripts.py:198: DeprecationWarning: Python 2.7 will reach the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 won't be maintained after that date.  Salt will drop support for Python 2.7 in the Sodium release or later.
2020-07-21T18:32:04.778852+02:00 kerneltalks salt-minion[6530]: Process Process-1:
2020-07-21T18:32:04.779245+02:00 kerneltalks salt-minion[6530]: Traceback (most recent call last):
2020-07-21T18:32:04.779495+02:00 kerneltalks salt-minion[6530]:   File "/usr/lib64/python2.7/multiprocessing/process.py", line 258, in _bootstrap
2020-07-21T18:32:04.779891+02:00 kerneltalks salt-minion[6530]:     self.run()
2020-07-21T18:32:04.780163+02:00 kerneltalks salt-minion[6530]:   File "/usr/lib64/python2.7/multiprocessing/process.py", line 114, in run
2020-07-21T18:32:04.780408+02:00 kerneltalks salt-minion[6530]:     self._target(*self._args, **self._kwargs)
2020-07-21T18:32:04.780642+02:00 kerneltalks salt-minion[6530]:   File "/usr/lib/python2.7/site-packages/salt/scripts.py", line 157, in minion_process
2020-07-21T18:32:04.781024+02:00 kerneltalks salt-minion[6530]:     minion.start()
2020-07-21T18:32:04.781263+02:00 kerneltalks salt-minion[6530]:   File "/usr/lib/python2.7/site-packages/salt/cli/daemons.py", line 343, in start
2020-07-21T18:32:04.781684+02:00 kerneltalks salt-minion[6530]:     super(Minion, self).start()
2020-07-21T18:32:04.781923+02:00 kerneltalks salt-minion[6530]:   File "/usr/lib/python2.7/site-packages/salt/utils/parsers.py", line 1064, in start
2020-07-21T18:32:04.782900+02:00 kerneltalks salt-minion[6530]:     self.prepare()
2020-07-21T18:32:04.783141+02:00 kerneltalks salt-minion[6530]:   File "/usr/lib/python2.7/site-packages/salt/cli/daemons.py", line 311, in prepare
2020-07-21T18:32:04.783385+02:00 kerneltalks salt-minion[6530]:     import salt.minion
2020-07-21T18:32:04.783613+02:00 kerneltalks salt-minion[6530]:   File "/usr/lib/python2.7/site-packages/salt/minion.py", line 69, in <module>
2020-07-21T18:32:04.784700+02:00 kerneltalks salt-minion[6530]:     import salt.client
2020-07-21T18:32:04.784942+02:00 kerneltalks salt-minion[6530]:   File "/usr/lib/python2.7/site-packages/salt/client/__init__.py", line 40, in <module>
2020-07-21T18:32:04.785631+02:00 kerneltalks salt-minion[6530]:     import salt.utils.minions
2020-07-21T18:32:04.785870+02:00 kerneltalks salt-minion[6530]:   File "/usr/lib/python2.7/site-packages/salt/utils/minions.py", line 24, in <module>
2020-07-21T18:32:04.786399+02:00 kerneltalks salt-minion[6530]:     import salt.auth.ldap
2020-07-21T18:32:04.786634+02:00 kerneltalks salt-minion[6530]:   File "/usr/lib/python2.7/site-packages/salt/auth/ldap.py", line 21, in <module>
2020-07-21T18:32:04.787043+02:00 kerneltalks salt-minion[6530]:     from jinja2 import Environment
2020-07-21T18:32:04.787300+02:00 kerneltalks salt-minion[6530]: ImportError: No module named jinja2
2020-07-21T18:32:04.818391+02:00 kerneltalks systemd[1]: salt-minion.service: Main process exited, code=exited, status=1/FAILURE
2020-07-21T18:32:04.818897+02:00 kerneltalks systemd[1]: salt-minion.service: Unit entered failed state.
2020-07-21T18:32:04.819261+02:00 kerneltalks systemd[1]: salt-minion.service: Failed with result 'exit-code'.

In this case, you should be able to run the salt-minion process manually by exporting the python path. Check the salt-minion binary to make sure which python is being used for this process in case your system has multiple versions installed.

root@kerneltalks # head -1 /usr/bin/salt-minion
root@kerneltalks # export PATH=$PATH:/usr/lib64/python2.6/site-packages/
root@kerneltalks # export PYTHONPATH=/usr/lib64/python2.6/site-packages/
root@kerneltalks # salt-minion start &amp;

Once salt-minion is running you will be able to register a client to SUSE Manager. After registration update python by zypper up python* and then your salt-minion process will run using systemctl properly.

Issue of RHEL/OEL clients

I observed a peculiar problem where patch update tasks are sitting idle in a pending state for a long time and not being picked up by the client.

It shows in SUSE Manager GUI that –

This action will be executed after 1/10/20 10:28:00 AM IST
This action's status is: Queued.
This action has not yet been picked up.

and it sits there and does nothing.

The solution is to run rhn_check -vvvv on the client machine for which the job is stuck on SUSE Manager. It will be checked, picked up and executed!

Content Lifecycle Management in SUSE Manager

3 Replies

How to create custom channels using Content Lifecycle Management in SUSE Manager

In this article, we will discuss Content Lifecycle Management in SUSE Manager for controlling patching in your infrastructure.

What is Content Lifecycle Management in SUSE Manager

Content Lifecycle management is managing how patches flow through your infra in a staged manner. In ideal infra, the latest patches will always be applied on development servers. If everything is good there then those patches will be applied to QA servers and lastly to production servers. This enables sysadmins to catch issues if any and hence preventing patching of the prod system which may create downtime of live environments.

SUSE Manager gives you this control via the content lifecycle. In this, you create custom channels in SUSE Manager for example dev, QA and prod. Then you register your systems to those channels according to their criticality. Now whenever channels get the new patches it will be available to respective systems (registered to those channels) to install. So if you control channels you control the patch availability to systems.

In content lifecycle management, SUSE manager enables you to push patches to channels manually. Like on first deploy all latest patches will be available to dev channels and hence dev systems. At this stage, if you run update commands (zypper up, yum update) they will show the latest patches only on dev servers. QA and prod servers won’t show any new patches.

Once dev is found to be ok after updates, you can go and manually promote patches to QA so now QA channels will have new latest patches and hence QA servers. Finally the same for prod. This is how you control and hence manage the patch lifecycle using SUSE Manager.

If it found confusing to you then go through the below process and screenshots, it will be more clear for you.

How to create custom channels in SUSE Manager

Now we will start with Content Lifecycle Management in SUSE Manager we setup. Log in to SUSE Manager and navigate to Content Lifecycle > Projects and click Create Project button.

Creating a project in Content Lifecycle Management of SUSE Manager

You will be presented with the below page: Fill in all relevant details and hit Create button. You can create a project for each flavor of Linux you have in your infra. For example, you can create projects for Suse Linux 11, Suse Linux 12, Suse Linux 12 sp 3, etc. So that you can select respective source channels in each of these projects and keep your SUSE Manager organized.

In our SUSE Manager, I synced only one product channels i.e. of Suse Linux 15 so I simply keyed in patch deploy as a name.

Once the project is created, you will be prompted to add source channels to it. Means from those channels packages, updates will be sourced (from SUSE) and distributed to your project channels.

These source channels are the ones you synced during initial setup of SUSE Manager. Read how to sync SUSE product channels in SUSE Manager for more details. So you need to select channels from these ones according to project requirement. Like for project Suse Linux 11 select only source channels of Suse Linux 11 and so on.

Click Attach/Detach sources to do that.

How to attach source channels in the SUSE Manager project

Now you can see in the below screenshot that only Suse Linux 15 channels are available for me to select since I synced only the Suse Linux product channel in the initial setup. You will see here all the products which you have synced.

Once selected and clicked save you will see sources are updated with your selected channel list. Also, notice that version history details under Project properties are set to version 1 (draft - Not built)

Now its time to add your destination! This means to create environments. As I explained earlier here we will flow patches from dev to QA to prod. So here it is where you define this hierarchy. In the interest of time, we will follow from dev to prod only.

So we will create the environment as dev and prod as below by clicking Add Environment button –

Once done you can see as below, dev and prod environments and buttons Build and Promote. Whereas version is marked as not built for all of them.

So you have to start patch flow now. As of now, all the latest patches are in source channels. Once you click Build button below they will be made available to the dev environment. Basically it will create child channels for dev where all these patches will be made available from source channel.

Once you click Build button you will see below version keeper window where you can add a version message note so that it will be easy to remember the purpose of this channel syncs or date/time of sync etc.

~~It will take time depending on the number of channels, number of patches within, size of them and of course your internet bandwidth!~~ As Don Vosburg from SUSE commented below – ” This process is database intensive – so having the Postgres database on SSD helps speed it up a bit! “

Patches will be built in new custom channels and only then you will be able to Promote them to the next stage.

What do you mean by promoting patches?

So once build is completed, the latest patches are now available to dev environment from source channels via custom channels. But still, the next environment i.e. prod still don’t have them. At this stage, you can install/test them on dev servers and isolate prod servers from them in case of any issues. If everything is working fine after installing/testing then you can promote them to the next environment (here its prod) and then all latest patches will be made available to the prod environment via custom channels.

You can then click Promote button and the same way they will be synced to the next environment.

View custom channels in SUSE Manager

Now we built and promoted; dev and prod environments. I said they will have now custom channels through which the latest patches will be made available to respective environments. So its time to check these new custom channels created by content lifecycle management.

Navigate to Software > Channel List > All

You can see below dev and prod channel of project year-1 listed there. Where the provider is Personal. Remember, we added our organization name as Personal in our initial SUSE Manager setup.

That’s all for this article! We created new custom channels in SUSE Manager via Content Lifecycle Management feature. Using this feature we able to control the latest patches availability to different environments.

The next step is to create Activation Keys for these custom channels which can be used to register client systems to these channels in your infra.

How to add product channels in SUSE Manager

Leave a reply

A short article explaining product channels in SUSE Manager along with screenshots.

In our previous article, we saw how to configure SUSE Manager 4.0 with screenshots. In this article, we will discuss channel management in SUSE Manager.

To start with you should have base product channels synced to SUSE Manager from Suse. For that goto to Admin > Setup Wizard in SUSE Manager web console. It’s a 3 step process which you need to complete for your first base channel syncs.

How to install SUSE Manager 4.0?
Read here

In the first step, you need to configure for internet access if applicable

In the second step, you need to add your organizational credentials which will be used to verify your subscriptions and accordingly products will be made available to you for sync in SUSE Manager.

Organizational credentials in SUSE manager

You will find your organization credentials at https://scc.suse.com/organization . There you will find the username (same as organization id) and password which you need to fill up in SUSE Manager.

Enter it to the SUSE manager page above and move to the third step i.e. SUSE products. You will have to wait for a few minutes when you visit this page for the first time. It will download all products catalog from SUSE Customer Center depending on your organization’s credentials. Once the refresh is done, you will see a list of products available for you like below –

Product channel sync

Now select product of your choice to sync its channels. It depends on what variety of OS flavors you have in your infra and which all you have subscribed to. I selected only SUSE 15 for now.

And click on Add product button highlighted in the screenshot. They will start syncing. It takes time to sync channels depending on the number of products you selected to sync and the internet bandwidth of the server.

You can track progress in log files on the SUSE Manager server located at /var/log/rhn/reposync . You will see log file for each channel and it contains sync status progress for that channel.

kerneltalks:/var/log/rhn/reposync # ls -lrt
total 540
-rw-rw---- 1 wwwrun www   1474 Dec  3 12:02 sle-product-sles15-pool-x86_64.log
-rw-rw---- 1 wwwrun www   1731 Dec  3 12:02 sle-product-sles15-updates-x86_64.log
-rw-rw---- 1 wwwrun www 245815 Dec  3 12:16 sle-module-basesystem15-pool-x86_64.log
-rw-rw---- 1 wwwrun www 293137 Dec  3 13:05 sle-module-basesystem15-updates-x86_64.log

Once the sync is complete it will show as below –

That’s it! You have added a product and associated channels to SUSE Manager.

How to remove product channels from SUSE Manager

If by mistake, you have added some products which you don’t want then it’s not easy to remove it from SUSE Manager. The webpage does not allow you to just de-select it. You have to follow another method to remove them. I explained all steps to remove product and channels from SUSE manager here

SUSE Manager 4 Setup Configuration

Leave a reply

Step by step setup of SUSE Manager Server 4.0 configuration

In our previous post of SUSE Manager server installation, we walked you through how to install SUSE Manager step by step including screenshots. In this article, we will walk you through the SUSE Manager 4.0 configuration setup.

Considering you have the system installed with SUSE Manager package you can proceed to start SUSE Manager setup by running below command –

kerneltalks:~ # yast2 susemanager_setup

If you see an error saying No such client module susemanger_setup then you must not have susemanger package installed. Install it using zyapper in susemanager command and you will be able to run above setup command.

Once run, you will be presented with a text-based GUI setup and we will go through it step by step along with screenshots.

Obviously keep in mind you completed the disk space requirements before you start setup. Those are explained in the pre-requisite on the SUSE documentation.

SUSE Manager Setup

The first screen to choose the type of setup which is a pretty obvious choice.

On the second screen, you will be asked to enter the SUSE Manager Administrator email address.

On the next screen, you need to provide details to create an SSL certificate of SUSE Manager.

Now it will ask you for database details to be set. You can choose the database user of your choice.

At this stage, all inputs have been collected and setup is ready to complete configurations. It still gives you another chance to modify your responses in answer file and run setup manually later in below window.

We made the obvious choice and hit the Yes button. Now, it will setup the SUSE manager and show you output as it goes. Finally, the SUSE Manager setup will be completed as below.

Hit Next and you will be shown web URL which can be used to administrator your SUSE Manager along with the instruction to create an account first.

SUSE Manager web console

As given in the last screen of setup, open your browser and head to the URL mentioned. Since I installed in VirtualBox, I used port forwards and opened it on loopback IP –

You need to fill in all the details to create your SUSE Administrator user and hit ‘Create Organization‘ button at the end of the page. And you are done! You will see below home page of the SUSE Manager console.

Now your SUSE Manager setup is completed and you have web page console from where you can manage your SUSE Manager.

As very next step after this setup completion is to add subscription details to it and sync product channels so that it can be used in your organization for patching. We have covered it here in how to add product channels in SUSE Manager

How to configure JBOSS EAP 7 as a service in SUSE Linux

Leave a reply

Step by step procedure to configure JBOSS EAP as service in SUSE Linux

One of the major requirements for Jboss’s basic installations is to configure Jboss as a service in Linux. It’s pretty easy to configure it in RedHat and related families but when it comes to SUSE it pretty difficult since few functions of RedHat family don’t work in Suse. And with default ZIP installation we do not get the SUSE startup file as well which is readily available for RedHat.

We are considering Jboss EAP 7.2 on Suse 12 for this article.

RedHat has a pretty simple tutorial here which is not going to work on SUSE. So I will walk you through steps to get your Jboss eap working as service in SUSE Linux.

Pre-requisite

Make sure you have java installed on the server
Make sure JBoss user exists on the server which is defined in jboss-eap.conf file by parameter JBOSS_USER. Default user is jboss-eap
For default standalone configurations, INSTALL_PATH/standalone/ should be owned by JBOSS_USER
Make changes in init script template to match it with SUSE system as defined in below paragraph

Modification in script

You need to edit default init script INSTALL_PATH/bin/init.d/jboss-eap-rhel.sh to make it compatible with Suse.

Replace /etc/init.d/functions with /etc/rc.status
Replace success with rc_status -v

With JBoss zip install, you will have init script jboss-eap-rhel.sh located under INSTALL_PATH/bin/init.d This is init script which won’t be useful in latest Suse versions since they follow LSB format. So we need to make it work with LSB and here is how to do it.

Copy service configuration file and service init script from the installation directory to respective system directories –

root@kerneltalks # cp INSTALL_PATH/bin/init.d/jboss-eap.conf /etc/default
root@kerneltalks # cp INSTALL_PATH/bin/init.d/jboss-eap-rhel.sh /etc/init.d/jboss-eap
root@kerneltalks # chmod +x /etc/init.d/jboss-eap

Please note that while coping over file we trimmed rhel from its name since it does not make sense to keep that name on the SUSE system! It will also alter the next command as well.

Adding it as a service

root@kerneltalks # chkconfig --add jboss-eap

Till this point, its the same process as RedHat mentioned in its tutorial. Now, if you try to start service it won’t. It will throw below error :

root@kerneltalks # service jboss-eap start
jboss-eap.sh is neither service nor target!?

Import service in sytemd

Now we need to get this service into systemd. To do that, You need to add below block on top of /etc/init.d/jboss-eap.sh . Make sure you edit it exactly since its an LSB compliant format read by the system. This needs to go below the shell opening line of script !/bin/sh and before the rest of the script.

### BEGIN INIT INFO
# Provides:          jboss-eap
# Required-Start:
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: jboss eap service
# Description:       jboss eap server for suse linux
### END INIT INFO

You are almost there! Import the service into systemd using below command –

root@kerneltalks # systemctl enable jboss-eap
jboss-eap.service is not a native service, redirecting to systemd-sysv-install
Executing /usr/lib/systemd/systemd-sysv-install enable jboss-eap

Now your service is available in systemctl to control. You can control service using commands like systemctl start jboss-eap, systemctl stop jboss-eap, systemctl status jboss-eap

root@kerneltalks # systemctl start jboss-eap
● jboss-eap-rhel.service - LSB: jboss eap service
   Loaded: loaded (/etc/init.d/jboss-eap-rhel.sh; bad; vendor preset: disabled)
   Active: active (running) since Thu 2019-06-20 1:23:23 IST; 10s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 10625 ExecStart=/etc/init.d/jboss-eap-rhel.sh start (code=exited, status=0/SUCCESS)
 Main PID: 12346 (java)
......

You have configured Jboss eap to run as service in Suse Linux.

How to start, stop and reload postfix

Leave a reply

This is a quick post that lists commands to start, stop postfix service.

Postfix is a free and open-source mailing service. It was developed by IBM and is a common alternative to Sendmail service.

How to start, stop and reload postfix mail service

You can use postfix command directly or you can use OS service management commands.

[root@kerneltalks ~]# postfix start
postfix/postfix-script: starting the Postfix mail system
[root@kerneltalks ~]# postfix stop
postfix/postfix-script: stopping the Postfix mail system
[root@kerneltalks ~]# postfix reload

Using systemctl or service command to control postfix service.

[root@kerneltalks ~]# service postfix start
Redirecting to /bin/systemctl start postfix.service
[root@kerneltalks ~]# service postfix stop
Redirecting to /bin/systemctl stop postfix.service
[root@kerneltalks ~]# systemctl start postfix
[root@kerneltalks ~]# systemctl stop postfix

IPv6 error in postfix

Sometimes you see below error while dealing with postfix service.

[root@kerneltalks ~]# postfix start
postfix: fatal: parameter inet_interfaces: no local interface found for ::1

This is due to your system is using IPv6 as well along with IPv4. If you don’t need IPv6 then you can safely disable IPv6 and then restart postfix service to resolve the above error.

Another way is to disable postfix IPv6 support and get rid of this error. To do that you need to edit /etc/postfix/main.cf configuration file and change inet_protocols to ipv4.

[root@kerneltalks ~]# vi /etc/postfix/main.cf
#inet_protocols = all 
inet_protocols = ipv4

Save changes and restart postfix service.

SUSE Manager Server 4 installation with screenshots

Leave a reply

SUSE Manager 4 server installation walkthrough along with screenshots.

This is SUSE Manager 4 installation walk-through which was done in Oracle VM VirtualBox Manager. The whole installation process can be split into below phases –

Subscription procurement
Installation with DVD
Booting it first time

Let’s go through one by one without any further delay.

Subscription Procurement

The first thing is you need to have a subscription for using the SUSE Manager module. For this exercise, I procured a free 60 days subscription from SUSE. You can navigate to the product page and get a “60 Day free trial” license. You will get to download one Installer DVD after sign up like below.

If you are trying to set up SUSE Manager in corporate setup then your company must have already procured licenses for the same. You can get required subscription details from the respective team. Or you can click buy now on the product page and walk through the purchase procedure.

Suse Manager 4 download page

Once you have downloaded the DVD, its time to boot server with this DVD. Make sure your server meets specified hardware requirements as stated herein the documentation.

Installation with DVD

Once your system is ready and DVD is downloaded, boot system with DVD. Halt at below screen and press F4 if you want to configure a proxy for an internet connection during setup. If you have direct internet access then skip it.

Proceed with installation after proxy config (if applicable) and select product SUSE manager 4 on the next screen.

Click Next. On the next screen accept the license terms and click next. You will be prompted with a registration window.

Fill in your registration details. Here you can configure the network by clicking the ‘network configuration’ box above. It will open up the standard SUSE network configuration setup. You can set up IP details, hostname, DNS here so that your system can go online on the network and access the internet for registration. Click next and your system will be registered to SUSE.

After successful registration, you will be offered to enable repositories. Choose accordingly. I prefer to enable them during installation to receive the latest updates.

Post that you will be prompted to select SUSE manager extensions and modules to install. Mandatory are selected already.

After selection click, next and setup will register modules to SUSE. Remember previous registration was for system and this one is for module/extensions you selected.

On the next screen, you will be prompted to select any add on products you want. I would skip it and click next. It will ask for a system role in the next window.

The choice is obvious here! Select the SUSE manager server and proceed. On the next screen disk partitioning can be done.

Since this is my test system I will go with the default FS layout which setup offers. You can create a custom layout with expert partitioned here. Especially you need to check /var/lib/pgsql and /var/spacewalk sizes since all patch data going to be dumped here by SUSE Manager.

This followed by “Clone & timezone”, “Local User”, “Root password” standard screens which you normally see during any Linux install. I am skipping their screenshots here.

Finally, you will be greeted with an installation summary. Verify things here and change if you want to like firewall etc. and hit ‘Install’ to start the installation.

Now you can see packages are being downloaded from SUSE and then being installed. If you remember we used only 600+ MB DVD to boot system so its obvious it did not have whole OS packages in it. So setup will download packages and complete installation.

Once installation complete, the system will reboot and you are good to login.

Booting it first time

After the system reboot, type in below command to start the SUSE Manager setup!

kerneltalks:~ # yast2 sysemanager_setup

SUSE Manager setup will begin in text mode GUI which we will walk you through in our next post.

You can verify different susemanager packages are installed on the system using rpm -qa |grep susemanager command. Unless susemanager package is installed on server, the above command won’t work. It will throw below error :

No such client module susemanger_setup

It happens mostly when you choose not to register system during setup and opt to install a system with another packages ISO (when your system don’t have internet access). In that case, you just need to register your system with SUSE first and then install susemanager package using zypper and you are good to go.

Follow the next article which explains how to configure SUSE Manager Server 4.0

How to remove product channels in Suse Manager

2 Replies

Quick post about how to remove the products channels in Suse Manager

There is a way you can add products and their channels in the Suse Manager server using the command line and webpage GUI. But once added it’s not easy to get them removed from the web console. Web console does not provide a direct option to remove product channels from Suse Manager. Also, the command used for adding channel i.e.. mgr-sync also does not support any option to remove channels.

So many of first time Suse Manager administrators stumble upon roadblock on how to remove product channels which are no more needed.

So let’s get started on the process to remove product channels (using command spacewalk-remove-channel) you might have added by mistake on Suse Manager or which are no longer needed and eating up your disk space.

First, you need to list out all the channels on your Suse Manager using mgr-sync list command –

root@kerneltalks # mgr-sync list channels
Available Channels:


Status:
  - [I] - channel is installed
  - [ ] - channel is not installed, but is available
  - [U] - channel is unavailable

[ ] RHEL6-Pool for x86_64 RHEL6 Base x86_64 [rhel6-pool-x86_64]
[I] SLE-Product-HPC-15-Pool for x86_64 SUSE Linux Enterprise High Performance Computing 15 x86_64 [sle-product-hpc-15-pool-x86_64]
    [ ] SLE-Module-Basesystem15-Debuginfo-Pool for x86_64 Basesystem Module 15 x86_64 [sle-module-basesystem15-debuginfo-pool-x86_64-hpc]
    [ ] SLE-Module-Basesystem15-Debuginfo-Updates for x86_64 Basesystem Module 15 x86_64 [sle-module-basesystem15-debuginfo-updates-x86_64-hpc]
    [I] SLE-Module-Basesystem15-Pool for x86_64 Basesystem Module 15 x86_64 [sle-module-basesystem15-pool-x86_64-hpc]
    [I] SLE-Module-Basesystem15-Updates for x86_64 Basesystem Module 15 x86_64 [sle-module-basesystem15-updates-x86_64-hpc]
...

Here let’s consider we need to remove channel sle-product-hpc-15-pool-x86_64. So first you need to remove all the child channels from this base product channel & then you will be able to remove the base channel. If you try to remove parent channel directly without removing child channels you will hit below error –

root@kerneltalks # spacewalk-remove-channel -c  sle-product-hpc-15-pool-x86_64
Error: cannot remove channel sle-product-hpc-15-pool-x86_64: subchannel(s) exist:
                        sle-module-basesystem15-pool-x86_64-hpc
                        sle-module-basesystem15-updates-x86_64-hpc
                        sle-module-devtools15-pool-x86_64-hpc
....

You can clearly see child channels to be removed before you try for parent channel. This is also a good way to get a child channel list quickly!

Then go ahead, remove the child channel followed by base one. For example, see below child channel removal output –

root@kerneltalks #  spacewalk-remove-channel -c sle-module-devtools15-pool-x86_64-hpc
Deleting package metadata (204):
                  ________________________________________
Removing:         ######################################## - complete

Repeat the process and remove all child channels one by one. You can use shell loops to get it done quicker. Finally, remove your parent channel, and you are done.

root@kerneltalks #  spacewalk-remove-channel -c sle-product-hpc-15-pool-x86_64
Deleting package metadata (3):
                  ________________________________________
Removing:         ######################################## - complete

Once done you can confirm that channel is no more enabled in webpage console or using mgr-sync list command.

How to remove lost physical volume from volume group

Leave a reply

The process to remove the missing disk from LVM configuration.

In this article, we will see how to remove a physical volume from the volume group when the disk is removed from the server. Normally, you need to remove the disk from the volume group first using vgreduce and then remove disk physically. But in some cases where disk went bad or you accidentally remove the disk from the server before you remove from VG, PV status will be shown as unknown in vgdisplay like below.

  --- Physical volumes ---
  PV Name               [unknown]
  PV UUID               fPFkBx-lbnG-R6Zo-3kq5-KOLA-U1ou-LdNIMD
  PV Status             allocatable
  Total PE / Free PE    1535 / 1535

And you will start seeing warnings with disk UUID in LVM commands as below –

WARNING: Device for PV fPFkBx-lbnG-R6Zo-3kq5-KOLA-U1ou-LdNIMD not found or rejected by a filter.
Couldn't find device with uuid fPFkBx-lbnG-R6Zo-3kq5-KOLA-U1ou-LdNIMD.

This is because the disk was removed from the server or disk is disappeared from the server without being gracefully removed from LVM.

How to remove missing PV from VG

Now to clean VG after PV is deleted or removed you need to use vgreduce command with --removemissing switch-

# vgreduce  --removemissing datavg
  WARNING: Device for PV fPFkBx-lbnG-R6Zo-3kq5-KOLA-U1ou-LdNIMD not found or rejected by a filter.
  Couldn't find device with uuid fPFkBx-lbnG-R6Zo-3kq5-KOLA-U1ou-LdNIMD.
  Wrote out consistent volume group datavg.

It will clean up all missing physical volumes from the volume group and thus making VG consistent. You will see no more missing PV warnings now!

How to convert JKS file to KEY file for Apache

Leave a reply

Article explaining how to convert java keystore jks into PEM formatted certificate or key file for Apache configuration

Scenario: I have a key file (*.jks) and CSR file generated in using keytool command i.e. in java. I wanted to convert this jks file to *.key file so that it can be used in Apache webserver configuration.

Read how to create java Keystore file *.jks if you want to know how to create CSR using java keytool.

Solution :

JKS file is Keystore used in java. You need to follow the below steps to get your unencrypted key file. Its a two-step process :

Import key data from keystore to PKC12 format
Convert PKCS12 key to un-encrypted PEM

Import key data from keystore to PKC12 format

We will import key data from jks Keystore to new Keystore in PKC12 format using keytool command where –

-srckeystore : Your jks file
-destkeystore : Name of new keystore to create
-deststoretype : Obv has to be PKCS12

You need to provide a password of the source Keystore and also set a new password to the new Keystore.

[root@kerneltalks ~]# keytool -importkeystore -srckeystore kerneltalks.com.jks -destkeystore keystore.pkcs12 -deststoretype PKCS12
Importing keystore kerneltalks.com.jks to keystore.p12...
Enter destination keystore password:
Re-enter new password:
Enter source keystore password:
Entry for alias server successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

Convert PKCS12 key to un-encrypted PEM

We now need to convert this PKCS12 key in PEM format so that it can be used in the Apache configuration.

[root@kerneltalks ~]# openssl pkcs12 -in keystore.pkcs12  -nodes -nocerts -out kerneltalks.com.key
Enter Import Password:
MAC verified OK

Now verify your private key file.

[root@kerneltalks ~]# file kerneltalks.com.key
kerneltalks.com.key: ASCII text
[root@kerneltalks ~]# file kerneltalks.com.jks
kerneltalks.com.jks: Java KeyStore
[root@kerneltalks ~]# cat kerneltalks.com.key
Bag Attributes
    friendlyName: server
    localKeyID: 54 69 6D 65 20 31 35 35 36 32 30 38 36 31 33 32 36 34
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCLc1bmTilYhwRZ
14CBZEN+TGrzsPAbdg3zBW9nSmnRQRS9qWYLkqSBF1zcTj6T8P5BtDr6MOr7pivZ
DXbS9RPUcJk9JwRskj+FGrOP8qquzCOHXvzgxZNKNYDNdz+YzT3Hz0n4bbhYwYCW
qo+768GSnCJS+i3m+xztTB1hIq881UK4cbujTkm42L3i8YCzycy+Y6my+z4to4yf
kn8t9v2b/18m432+hz/dA+h7aVF8sdterc6c+XC35zdk8kkly+TZPn9DY9piBuPb
DPe/CPa+BTUwHQW/22HcAUwd/T0PWi2MeDWja2KtGrCPB/Tg07ZC8oGnXPF9pADg
ydHR+MHrAgMBAAECggEAD/RQOuUyYciAvO6k6yjXd/myOtNBhULKccVra3veA2zY
vKJG5IgQfhx4KVRiYHawAEBohvtVxxjJ53lc4OHdNO70+UQfg3RwBAB8DroKwRjl
77T0ZZr1MQZSCC/efNLugI+8vMmAz9bDqXk2HJ/qc6WdX7Tzz3tnYdbVfamENwdb
7+w3isHa+XhsJdR9IrpPL35mf2HSeW2WgOMku/GWIdEcCGdxm0cZTx7X1JNBrimm
zAp1+5xVx3ptgrtRYYAihFjQLNvhp5twyAdK2mB4iOpU35c3KPWD2HqNfp0MYPNq
eRlqEdIxFimXMnRw4zSA7GuaSADv5ddS60529KK2IQKBgQC/fK99E/8iSk3UtZvz
/5PUSabnAUK73Z0N5QLZfGwSWF51q0zmxfVQInHXIGIFeqkjt8EOEiOIXi7XyA+c
FG8KBKIkXoeJ/Rzxskzp1yG0L2EePJbUSnxtL4PTqlVCW6H5/C6V4icaMx4nC1Od
4vWmAqtRKBCdF5fMEOKWcn6t8wKBgQC6bqAwQUe4WvcnySN2vjMJiLDPm4RpnnuJ
o1s3pkPDeXaDI+2nD8NJT6GaskJsQhuq9ikdecDljqJIoSi7hCqHO75pUDPWdHIG
QMiyR2OB4NOOCvFf9FuVEz7JMWa7vk+KVgtgaaX3wG7vqsaYJcQ/VgsBqtKDSKS6
j4gaJiECKQKBgEjxcVQfOvBQB8gAinDvKdwTVm3nEAnKiNpTI7u/ZteyLAF9CKVc
QW+OP3loj45wxF+jzvnSNRDsd8GhJzkYm5fgXfemvtD0x4LWne/yEJe3+LHw+K/T
1AQvtnL6DtJhX5l/1CsqZCTZ1iGfcfHSFCtyFtqqfXGqHBwTTo1q/hC7AoGBALbW
2/+3ZjFl9VNtrnw8WS2Wg2F4skorhhkcvs87HuZM72/6Ao9/pBT4JhPjk8U8qIno
1bX0vLvmQT5d3+bX3iW28C203MIMfe+oBazi2rJ73r9F+CgVLORtdXw4GPsz0Cpp
7MpnksACWEpxAEgjce5z4mOGNuNOkU/uiJqsnl7RAoGAb5JbI7nBMJbUQp6QaZjN
tn1ZIaYEF+wyx2XR12iaqWG8RGwLcayZ55wjlAgO+qx3aYoheU4BTlqQiZMP+ytp
vUfV2rbexdqkvQAefg4kFkrFtOMQ7gzVWoIbWIhd5xyEtonvX3lqkm+c/kpxcruP
xe2Elr6dfovdXXadgIBDiSA=
-----END PRIVATE KEY-----

To use this key file in Apache configuration you need to strip off a header. Delete all parts till -----BEGIN PRIVATE KEY----- and save the file. Now you are good to use this *.key file in Apache SSL configuration.

How to export certificate from JKS file

As an addon to this post, I will walk you through how to export a certificate from java Keystore to PEM format. This is again two-step exercise as below –

Export certificate in binary

You read from the Keystore file certificate associated with alias and export it to a binary file. I used alias as server while creating this jks file hence options are –

-export : To export data. This is same as exportcert in newer versions
-alias : Enter same alias you used while creating this java key file
-file : Destination binary file in which you will export
-keystore : Your jks key file

[root@kerneltalks ~]# keytool -export -alias server -file kerneltalks.com.der -keystore kerneltalks.com.jks
Enter keystore password:
Certificate stored in file <kerneltalks.com.der>

Warning:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore kerneltalks.com.jks -destkeystore kerneltalks.com.jks -deststoretype pkcs12".

Convert exported certificate data to PEM format

Now we will convert certificate binary to PEM format using below command where –

-in : Input binary means exported file in last command
-out : Output file in PEM format

Now verify your certificate file.

[root@kerneltalks ~]# openssl x509 -inform der -in kerneltalks.com.der -out certificate.pem
[root@kerneltalks ~]# file certificate.pem
certificate.pem: PEM certificate
[root@kerneltalks ~]# cat  certificate.pem
-----BEGIN CERTIFICATE-----
MIIDhzCCAm+gAwIBAgIEXVVftjANBgkqhkiG9w0BAQsFADB0MQswCQYDVQQGEwJJ
TjEUMBIGA1UECBMLTWFoYXJhc2h0cmExDzANBgNVBAcTBk11bWJhaTERMA8GA1UE
ChMIUGVyc29uYWwxETAPBgNVBAsTCFBlcnNvbmFsMRgwFgYDVQQDEw9rZXJuZWx0
YWxrcy5jb20wHhcNMTkwNDI1MTYwNzQ3WhcNMTkwNzI0MTYwNzQ3WjB0MQswCQYD
VQQGEwJJTjEUMBIGA1UECBMLTWFoYXJhc2h0cmExDzANBgNVBAcTBk11bWJhaTER
MA8GA1UEChMIUGVyc29uYWwxETAPBgNVBAsTCFBlcnNvbmFsMRgwFgYDVQQDEw9r
ZXJuZWx0YWxrcy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCL
c1bmTilYhwRZ14CBZEN+TGrzsPAbdg3zBW9nSmnRQRS9qWYLkqSBF1zcTj6T8P5B
tDr6MOr7pivZDXbS9RPUcJk9JwRskj+FGrOP8qquzCOHXvzgxZNKNYDNdz+YzT3H
z0n4bbhYwYCWqo+768GSnCJS+i3m+xztTB1hIq881UK4cbujTkm42L3i8YCzycy+
Y6my+z4to4yfkn8t9v2b/18m432+hz/dA+h7aVF8sdterc6c+XC35zdk8kkly+TZ
Pn9DY9piBuPbDPe/CPa+BTUwHQW/22HcAUwd/T0PWi2MeDWja2KtGrCPB/Tg07ZC
8oGnXPF9pADgydHR+MHrAgMBAAGjITAfMB0GA1UdDgQWBBTpp/RefN3Sym3rmhFo
oztuqM3H8DANBgkqhkiG9w0BAQsFAAOCAQEAYJ5r7dR/HMpiZis/JQK91njTayYY
v/ucXcc5uFQN6UyteGNmQuC8/7XtURks3gtwJXcrrtOgW9Vc4OSaR05Fwa+IHX53
123SygEfV/3hkTAznHp1xYXtRInOVU8O3U77s9MPbdGEK1mJRn8o0e82OORVd1Zx
u6BJW6K3sNt4odIeWcFJRzh8RA8pN+/zniiVxiM9wzI3pz2u5t8Rb9X/6oWBG75e
BFGzF56rQj2jx0o9aZP55uKHjY0YsTrck52nJi8bRKNfBhM6ojMhWOPu58/Wl0sM
rr6G9sBbkk/jBDf4qXxhDqnuPMXjCyLp7dhScrp5F3Qt61xWWDVnkgmbng==
-----END CERTIFICATE-----