-Dokumentation / Kapitel 16. Subscription Management
	15.3. Soft-RAID-Konfiguration		16.2. Configuring Clients Using AutoYaST Profile

Subscription Management

Inhaltsverzeichnis

16.1. Using Kernel Parameters to Access an SMT Server
16.2. Configuring Clients Using AutoYaST Profile
16.3. Configuring Clients Using the clientSetup4SMT.sh Script
16.4. Registering Clients Against SMT Test Environment

Any machine running SUSE Linux Enterprise Server 11 or SUSE Linux Enterprise Desktop 11 can be configured to register against local Subscription Management Tool server and download software updates from there instead of communicating directly with the Novell Customer Center and the NU servers. To use an SMT server for client registration and as a local update source, you must configure the SMT server in your network first. The SMT server software is distributed as an add-on for SUSE Linux Enterprise Server and its confuguration is desribed in the Subscription Management Tool Guide. There is no need to install any add-on on the clients to be configured to register against an SMT server.

To register a client against an SMT server, you need to equip the client with the server's URL. As client and server communicate via the HTTPS protocol during registration, you also need to make sure the client trusts the server's certificate. In case your SMT server is set up to use the default server certificate, the CA certificate will be available on the SMT server via HTTP protocol at http://FQDN/smt.crt. In this case you do not have to care about the certificate: The registration process will automatically download the CA certificate from there, unless configured otherwise. You have to enter a path to the server's CA certificate if the certificate was issued by an external certificate authority.

	Registering Against `*.novell.com` Subdomain
If you try to register against any `*.novell.com` subdomain, the certificate will not be downloaded during registration for security reasons, and certificate handling will not be done. In such a case, use a different domain name or a plain IP address.

There are several ways to provide this information and to configure the client machine to use SMT. The first way is to provide the needed information via kernel parameters at boot time. The second way is to configure clients using an AutoYaST profile. There is also a script distributed with Subscription Management Tool, clientSetup4SMT.sh, which can be run on a client to make it register against a specified SMT server. These methods are described in the following sections:

Using Kernel Parameters to Access an SMT Server

Any client can be configured to use SMT by providing the following kernel parameters during machine boot: regurl and regcert. The first parameter is mandatory, the latter is optional.

regurl

URL of the SMT server. The URL needs to be in the following format: https://FQDN/center/regsvc/ with FQDN being the fully qualified hostname of the SMT server. It must be identical to the FQDN of the server certificate used on the SMT server. Example:

regurl=https://smt.example.com/center/regsvc/

regcert

Location of the SMT server's CA certificate. Specify one of the following locations:

URL

Remote location (http, https or ftp) from which the certificate can be downloaded. Example:

regcert=http://smt.example.com/smt.crt

Floppy

Specifies a location on a floppy. The floppy has to be inserted at boot time—you will not be prompted to insert it if it is missing. The value has to start with the string floppy, followed by the path to the certificate. Example:

regcert=floppy/smt/smt-ca.crt

Local Path

Absolute path to the certificate on the local machine. Example:

regcert=/data/inst/smt/smt-ca.cert

Interactive

Use ask to open a pop-up menu during installation where you can specify the path to the certificate. Do not use this option with AutoYaST. Example:

regcert=ask

Deactivate Certificate Installation

Use done if either the certificate will be installed by an add-on product, or if you are using a certificate issued by an official certificate authority. Example:

regcert=done

Beware of Typing Errors

	Beware of Typing Errors
Make sure the values you enter are correct. If `regurl` has not been specified correctly, the registration of the update source will fail. If a wrong value for `regcert` has been entered, you will be prompted for a local path to the certificate. In case `regcert` is not specified at all, it will default to `http://FQDN/smt.crt` with `FQDN` being the name of the SMT server.

Make sure the values you enter are correct. If regurl has not been specified correctly, the registration of the update source will fail.

If a wrong value for regcert has been entered, you will be prompted for a local path to the certificate. In case regcert is not specified at all, it will default to http://FQDN/smt.crt with FQDN being the name of the SMT server.

Change of SMT Server Certificate

	Change of SMT Server Certificate
If the SMT server gets a new certificate from a new and untrusted CA, the clients need to fetch the new CA certificate file. This is done automatically with the registration process but only if a URL was used at installation time to fetch the certificate, or if the `regcert` parameter was omitted and thus, the default URL is used. If the certificate was loaded using any other method, such as floppy or local path, the CA certificate will not be updated.

If the SMT server gets a new certificate from a new and untrusted CA, the clients need to fetch the new CA certificate file. This is done automatically with the registration process but only if a URL was used at installation time to fetch the certificate, or if the regcert parameter was omitted and thus, the default URL is used. If the certificate was loaded using any other method, such as floppy or local path, the CA certificate will not be updated.