Highlighted
Absent Member.
Absent Member.
2160 views

Using SMT to register and patch iPrint Appliance ?

Hi,

As our internal networks have limited bandwidth and restricted Internet access, I want to setup an SMT server to handle registration and patching for our iPrint 3.x appliances.

I have installed SLES 12 SP3 and configured SMT. I currently have mirroring credentials for SLES 12 on it.

Then I went looking for details beyond the brief in the iPrint admin guide and cannot find anything on setting it up for iPrint.

Has anyone configured this and gotten it working ? If so, would you care to share your findings ?

Cheers
Ian
0 Likes
11 Replies
Highlighted
Absent Member.
Absent Member.

On 10-11-17 06:24, iblackwood wrote:
>
> Hi,
>
> As our internal networks have limited bandwidth and restricted Internet
> access, I want to setup an SMT server to handle registration and
> patching for our iPrint 3.x appliances.
>
> I have installed SLES 12 SP3 and configured SMT. I currently have
> mirroring credentials for SLES 12 on it.
>
> Then I went looking for details beyond the brief in the iPrint admin
> guide and cannot find anything on setting it up for iPrint.
>
> Has anyone configured this and gotten it working ? If so, would you care
> to share your findings ?
>
> Cheers
> Ian
>
>


https://www.novell.com/documentation/iprint-appliance-3/iprint_admin/data/onlineupdate.html
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

iblackwood Wrote in message:

> As our internal networks have limited bandwidth and restricted Internet
> access, I want to setup an SMT server to handle registration and
> patching for our iPrint 3.x appliances.
>
> I have installed SLES 12 SP3 and configured SMT. I currently have
> mirroring credentials for SLES 12 on it.
>
> Then I went looking for details beyond the brief in the iPrint admin
> guide and cannot find anything on setting it up for iPrint.
>
> Has anyone configured this and gotten it working ? If so, would you care
> to share your findings ?


Since iPrint is a Micro Focus (ex-Novell) product you'll need an
SMT server registered against the Novell Customer Center (NCC)
which rules out using SMT included with SLES12 SPx as that will
only talk to SUSE Customer Center (SCC). You'll therefore need to
install a server with SLES11 SP4 then install the version of SMT
available for and register against NCC (i.e. don't migrate it to
SCC).

HTH.
--
Simon Flood
Micro Focus Knowledge Partner


----Android NewsGroup Reader----
http://usenet.sinaapp.com/
0 Likes
Highlighted
Absent Member.
Absent Member.

Thanks for the link but I already had read that - "beyond the brief in the iPrint admin guide"

I was after what needed to be set on the SMT side which doesn't seem to be covered. Would appear I need to build a SLES 11 box and register against Novell Customer Center. Will see how I go with that.

Cheers,
Ian
0 Likes
Highlighted
Absent Member.
Absent Member.

Thanks Simon,

First response seems to have disappeared...

Was hoping a SLES 12 could do SLES 12 and earlier and "other" channel packages. Oh well, off to build a SLES 11 VM. 🙂

Thanks for the help.

Cheers
Ian
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

iblackwood Wrote in message:

> First response seems to have disappeared...


I see your response to Mysterious.

> Was hoping a SLES 12 could do SLES 12 and earlier and "other" channel
> packages. Oh well, off to build a SLES 11 VM. 🙂


Well yes a SLES12 SMT server can do SLES12 and earlier (in
practice that means "and SLES11") but the key thing is that it
will be registered against SUSE Customer Center (SCC) so won't
know about non-SUSE products i.e. Micro Focus iPrint. For that
you'll need an SMT server registered against Micro Focus (a.k.a.
Novell) Customer Center which means SMT on SLES11 (ideally SP4)
and since you can't register one server to two (or more) SMT
servers you need to pick which one so use the SMT11
one.

Things may get more interesting/confusing as non-SUSE products
switch to using SLES12 as a base (OES2018?) and SUSE move forward
with next release of SUSE Linux Enterprise, SLE15.

HTH.
--
Simon Flood
Micro Focus Knowledge Partner


----Android NewsGroup Reader----
http://usenet.sinaapp.com/
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

iblackwood Wrote in message:

> First response seems to have disappeared...


I see your response to Mysterious.

> Was hoping a SLES 12 could do SLES 12 and earlier and "other" channel
> packages. Oh well, off to build a SLES 11 VM. 🙂


Well yes a SLES12 SMT server can do SLES12 and earlier (in
practice that means "and SLES11") but the key thing is that it
will be registered against SUSE Customer Center (SCC) so won't
know about non-SUSE products i.e. Micro Focus iPrint. For that
you'll need an SMT server registered against Micro Focus (a.k.a.
Novell) Customer Center which means SMT on SLES11 (ideally SP4)
and since you can't register one server to two (or more) SMT
servers you need to pick which one so use the SMT11
one.

Things may get more interesting/confusing as non-SUSE products
switch to using SLES12 as a base (OES2018?) and SUSE move forward
with next release of SUSE Linux Enterprise, SLE15.

HTH.
--
Simon Flood
Micro Focus Knowledge Partner


----Android NewsGroup Reader----
http://usenet.sinaapp.com/
0 Likes
Highlighted
Absent Member.
Absent Member.

Grabbed SLES11SP4 from OES2015 in NCC.

Will update once I have a chance to get it installed and running.

Thanks.
Ian
0 Likes
Highlighted
Absent Member.
Absent Member.

Right, progress so far... (this is becoming a "How To" so I hope it helps others)

Downloaded SLES 11 SP4 ISO from Novell Customer Center (part of OES 2015)
Installed under VMware
Went to register - no keys in Novell CC - only the OES keys !
Used the SLES key from the SUSE Customer Center (we have active maintenance).
Fortunately you get a choice of registering in SCC or NCC, so I chose NCC.
Performed online update of all needed patches.
Downloaded SMT11 SP3 from Novell Download
Installed as Add-on Package
Configured with mirror credentials from NCC which test successful.
Finalise configuration.
Check with online Update - nothing new there.
Enabled Mirror for iPrint 3 and waited for it to Sync.
Confirmed can ping iprint appliance by FQDN

On the iPrint 3 appliance:
Confirmed can ping SMT server by FQDN
installed license (in case that had some effect)
Online Update > Register
Hostname > FQDN of SMT server smtserver.domain.com (name changed obviously)
SSL cert URL > http://smtserver.domain.com/smt.crt (testing in my web browser showed this where it lives - confirmed looking in /srv/www/htdocs)
Namespace > blank as I am not staging

Try to register but I get an RPC comms error 500.

Looking in /var/log/messages on the iprint appliance I see:
Nov 20 13:37:44 vdc0print suse_register[10188]: ERROR: Peer certificate cannot be authenticated with known CA certificates: (60) (2)

This gives me the impression it is failing due to the untrusted https cert on the SMT but isn't that why we are giving it the http URL to the CA cert, so we can import and accept the CA cert ?

What am I doing wrong ?

Cheers
Ian
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

On 20/11/17 04:54, goldingit wrote:

> Right, progress so far... (this is becoming a "How To" so I hope it
> helps others)
>
> Downloaded SLES 11 SP4 ISO from Novell Customer Center (part of OES
> 2015)
> Installed under VMware
> Went to register - no keys in Novell CC - only the OES keys !
> Used the SLES key from the SUSE Customer Center (we have active
> maintenance).
> Fortunately you get a choice of registering in SCC or NCC, so I chose
> NCC.
> Performed online update of all needed patches.
> Downloaded SMT11 SP3 from Novell Download
> Installed as Add-on Package
> Configured with mirror credentials from NCC which test successful.
> Finalise configuration.
> Check with online Update - nothing new there.
> Enabled Mirror for iPrint 3 and waited for it to Sync.
> Confirmed can ping iprint appliance by FQDN
>
> On the iPrint 3 appliance:
> Confirmed can ping SMT server by FQDN
> installed license (in case that had some effect)
> Online Update > Register
> Hostname > FQDN of SMT server smtserver.domain.com (name changed
> obviously)
> SSL cert URL > http://smtserver.domain.com/smt.crt (testing in my web
> browser showed this where it lives - confirmed looking in
> /srv/www/htdocs)
> Namespace > blank as I am not staging
>
> Try to register but I get an RPC comms error 500.
>
> Looking in /var/log/messages on the iprint appliance I see:
> Nov 20 13:37:44 vdc0print suse_register[10188]: ERROR: Peer certificate
> cannot be authenticated with known CA certificates: (60) (2)
>
> This gives me the impression it is failing due to the untrusted https
> cert on the SMT but isn't that why we are giving it the http URL to the
> CA cert, so we can import and accept the CA cert ?
>
> What am I doing wrong ?


Does TID 7018759[1] help? It's targeted at Filr but given the Filr and
iPrint Appliances are built the same way I believe it should also apply
to iPrint.

HTH.

[1] https://www.novell.com/support/kb/doc.php?id=7018759
--
Simon
Micro Focus Knowledge Partner

------------------------------------------------------------------------
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.
------------------------------------------------------------------------
0 Likes
Highlighted
Absent Member.
Absent Member.

Hi Simon,

No that one didn't, but thanks for the link - I have to add Filr later in any case. 🙂

I found TID 7020906 though (which is still Filr based) and although I am NOT using a proxy, it gives the command lines for registering.

These worked !

3.If registering to your local SMT server, run the following commands:
a. /opt/novell/base_config/VAclientSetup4SMT.sh --yes --host <SMT-Server-Address>
b. /usr/bin/suse_register -L /var/opt/novell/va/suse_register.log
c. /usr/bin/zypper mr -ae
d. /usr/bin/zypper --gpg-auto-import-keys -x ref -s

"c" had nothing to change, so "d" might not have been required either, but it certainly didn't hurt to run them.

Now I have a registered appliance and it shows a list of patches.

I will do my updates now and have more appliance to build. If anything changes, I will update this thread - but it looks good at the moment.

Thanks for your assistance.

Cheers
Ian
0 Likes
Highlighted
Absent Member.
Absent Member.

Final update on this:

When I built a fresh iPrint appliance for the next site, it was able to register to the SMT using the web GUI without any special step, so the above is all the SMT setup that is required.

Only the Hostname field should be filled in on the register dialog. The SSL cert URL and Namespace fields (assuming you aren't using staging on the SMT) are left blank.

The remedial steps on the iPrint appliance below this point in the thread are because my original appliance attempted to register and failed - so some mess is left behind. In that case I recommend using the CLI as detailed in TID 7020906

Cheers
Ian
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.