Using SMT to register and patch iPrint Appliance ?

Hi,

As our internal networks have limited bandwidth and restricted Internet access, I want to setup an SMT server to handle registration and patching for our iPrint 3.x appliances.

I have installed SLES 12 SP3 and configured SMT. I currently have mirroring credentials for SLES 12 on it.

Then I went looking for details beyond the brief in the iPrint admin guide and cannot find anything on setting it up for iPrint.

Has anyone configured this and gotten it working ? If so, would you care to share your findings ?

Cheers
Ian
Parents
  • iblackwood Wrote in message:

    > As our internal networks have limited bandwidth and restricted Internet
    > access, I want to setup an SMT server to handle registration and
    > patching for our iPrint 3.x appliances.
    >
    > I have installed SLES 12 SP3 and configured SMT. I currently have
    > mirroring credentials for SLES 12 on it.
    >
    > Then I went looking for details beyond the brief in the iPrint admin
    > guide and cannot find anything on setting it up for iPrint.
    >
    > Has anyone configured this and gotten it working ? If so, would you care
    > to share your findings ?


    Since iPrint is a Micro Focus (ex-Novell) product you'll need an
    SMT server registered against the Novell Customer Center (NCC)
    which rules out using SMT included with SLES12 SPx as that will
    only talk to SUSE Customer Center (SCC). You'll therefore need to
    install a server with SLES11 SP4 then install the version of SMT
    available for and register against NCC (i.e. don't migrate it to
    SCC).

    HTH.
    --
    Simon Flood
    Micro Focus Knowledge Partner


    ----Android NewsGroup Reader----
    http://usenet.sinaapp.com/
  • Thanks Simon,

    First response seems to have disappeared...

    Was hoping a SLES 12 could do SLES 12 and earlier and "other" channel packages. Oh well, off to build a SLES 11 VM. :-)

    Thanks for the help.

    Cheers
    Ian
Reply Children
  • iblackwood Wrote in message:

    > First response seems to have disappeared...


    I see your response to Mysterious.

    > Was hoping a SLES 12 could do SLES 12 and earlier and "other" channel
    > packages. Oh well, off to build a SLES 11 VM. :-)


    Well yes a SLES12 SMT server can do SLES12 and earlier (in
    practice that means "and SLES11") but the key thing is that it
    will be registered against SUSE Customer Center (SCC) so won't
    know about non-SUSE products i.e. Micro Focus iPrint. For that
    you'll need an SMT server registered against Micro Focus (a.k.a.
    Novell) Customer Center which means SMT on SLES11 (ideally SP4)
    and since you can't register one server to two (or more) SMT
    servers you need to pick which one so use the SMT11
    one.

    Things may get more interesting/confusing as non-SUSE products
    switch to using SLES12 as a base (OES2018?) and SUSE move forward
    with next release of SUSE Linux Enterprise, SLE15.

    HTH.
    --
    Simon Flood
    Micro Focus Knowledge Partner


    ----Android NewsGroup Reader----
    http://usenet.sinaapp.com/
  • iblackwood Wrote in message:

    > First response seems to have disappeared...


    I see your response to Mysterious.

    > Was hoping a SLES 12 could do SLES 12 and earlier and "other" channel
    > packages. Oh well, off to build a SLES 11 VM. :-)


    Well yes a SLES12 SMT server can do SLES12 and earlier (in
    practice that means "and SLES11") but the key thing is that it
    will be registered against SUSE Customer Center (SCC) so won't
    know about non-SUSE products i.e. Micro Focus iPrint. For that
    you'll need an SMT server registered against Micro Focus (a.k.a.
    Novell) Customer Center which means SMT on SLES11 (ideally SP4)
    and since you can't register one server to two (or more) SMT
    servers you need to pick which one so use the SMT11
    one.

    Things may get more interesting/confusing as non-SUSE products
    switch to using SLES12 as a base (OES2018?) and SUSE move forward
    with next release of SUSE Linux Enterprise, SLE15.

    HTH.
    --
    Simon Flood
    Micro Focus Knowledge Partner


    ----Android NewsGroup Reader----
    http://usenet.sinaapp.com/
  • Grabbed SLES11SP4 from OES2015 in NCC.

    Will update once I have a chance to get it installed and running.

    Thanks.
    Ian
  • Grabbed SLES11SP4 from OES2015 in NCC.

    Will update once I have a chance to get it installed and running.

    Thanks.
    Ian
  • Right, progress so far... (this is becoming a "How To" so I hope it helps others)

    Downloaded SLES 11 SP4 ISO from Novell Customer Center (part of OES 2015)
    Installed under VMware
    Went to register - no keys in Novell CC - only the OES keys !
    Used the SLES key from the SUSE Customer Center (we have active maintenance).
    Fortunately you get a choice of registering in SCC or NCC, so I chose NCC.
    Performed online update of all needed patches.
    Downloaded SMT11 SP3 from Novell Download
    Installed as Add-on Package
    Configured with mirror credentials from NCC which test successful.
    Finalise configuration.
    Check with online Update - nothing new there.
    Enabled Mirror for iPrint 3 and waited for it to Sync.
    Confirmed can ping iprint appliance by FQDN

    On the iPrint 3 appliance:
    Confirmed can ping SMT server by FQDN
    installed license (in case that had some effect)
    Online Update > Register
    Hostname > FQDN of SMT server smtserver.domain.com (name changed obviously)
    SSL cert URL > http://smtserver.domain.com/smt.crt (testing in my web browser showed this where it lives - confirmed looking in /srv/www/htdocs)
    Namespace > blank as I am not staging

    Try to register but I get an RPC comms error 500.

    Looking in /var/log/messages on the iprint appliance I see:
    Nov 20 13:37:44 vdc0print suse_register[10188]: ERROR: Peer certificate cannot be authenticated with known CA certificates: (60) (2)

    This gives me the impression it is failing due to the untrusted https cert on the SMT but isn't that why we are giving it the http URL to the CA cert, so we can import and accept the CA cert ?

    What am I doing wrong ?

    Cheers
    Ian
  • On 20/11/17 04:54, goldingit wrote:

    > Right, progress so far... (this is becoming a "How To" so I hope it
    > helps others)
    >
    > Downloaded SLES 11 SP4 ISO from Novell Customer Center (part of OES
    > 2015)
    > Installed under VMware
    > Went to register - no keys in Novell CC - only the OES keys !
    > Used the SLES key from the SUSE Customer Center (we have active
    > maintenance).
    > Fortunately you get a choice of registering in SCC or NCC, so I chose
    > NCC.
    > Performed online update of all needed patches.
    > Downloaded SMT11 SP3 from Novell Download
    > Installed as Add-on Package
    > Configured with mirror credentials from NCC which test successful.
    > Finalise configuration.
    > Check with online Update - nothing new there.
    > Enabled Mirror for iPrint 3 and waited for it to Sync.
    > Confirmed can ping iprint appliance by FQDN
    >
    > On the iPrint 3 appliance:
    > Confirmed can ping SMT server by FQDN
    > installed license (in case that had some effect)
    > Online Update > Register
    > Hostname > FQDN of SMT server smtserver.domain.com (name changed
    > obviously)
    > SSL cert URL > http://smtserver.domain.com/smt.crt (testing in my web
    > browser showed this where it lives - confirmed looking in
    > /srv/www/htdocs)
    > Namespace > blank as I am not staging
    >
    > Try to register but I get an RPC comms error 500.
    >
    > Looking in /var/log/messages on the iprint appliance I see:
    > Nov 20 13:37:44 vdc0print suse_register[10188]: ERROR: Peer certificate
    > cannot be authenticated with known CA certificates: (60) (2)
    >
    > This gives me the impression it is failing due to the untrusted https
    > cert on the SMT but isn't that why we are giving it the http URL to the
    > CA cert, so we can import and accept the CA cert ?
    >
    > What am I doing wrong ?


    Does TID 7018759[1] help? It's targeted at Filr but given the Filr and
    iPrint Appliances are built the same way I believe it should also apply
    to iPrint.

    HTH.

    [1] https://www.novell.com/support/kb/doc.php?id=7018759
    --
    Simon
    Micro Focus Knowledge Partner

    ------------------------------------------------------------------------
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below. Thanks.
    ------------------------------------------------------------------------
  • Hi Simon,

    No that one didn't, but thanks for the link - I have to add Filr later in any case. :-)

    I found TID 7020906 though (which is still Filr based) and although I am NOT using a proxy, it gives the command lines for registering.

    These worked !

    3.If registering to your local SMT server, run the following commands:
    a. /opt/novell/base_config/VAclientSetup4SMT.sh --yes --host <SMT-Server-Address>
    b. /usr/bin/suse_register -L /var/opt/novell/va/suse_register.log
    c. /usr/bin/zypper mr -ae
    d. /usr/bin/zypper --gpg-auto-import-keys -x ref -s

    "c" had nothing to change, so "d" might not have been required either, but it certainly didn't hurt to run them.

    Now I have a registered appliance and it shows a list of patches.

    I will do my updates now and have more appliance to build. If anything changes, I will update this thread - but it looks good at the moment.

    Thanks for your assistance.

    Cheers
    Ian
  • Final update on this:

    When I built a fresh iPrint appliance for the next site, it was able to register to the SMT using the web GUI without any special step, so the above is all the SMT setup that is required.

    Only the Hostname field should be filled in on the register dialog. The SSL cert URL and Namespace fields (assuming you aren't using staging on the SMT) are left blank.

    The remedial steps on the iPrint appliance below this point in the thread are because my original appliance attempted to register and failed - so some mess is left behind. In that case I recommend using the CLI as detailed in TID 7020906

    Cheers
    Ian