6 RMT tools and configuration files #
This chapter describes the most important scripts, configuration files and certificates shipped with RMT.
The rmt-cli
command and its sub-commands are used
to manage the mirroring of repositories, registration of clients, and
reporting. systemd
is used for starting, stopping, restarting the
RMT service and for checking its status.
The basic configuration for RMT is stored in the
/etc/rmt.conf
.
6.1 RMT command line interface (rmt-cli
) #
6.1.1 Overview #
The key command to manage the RMT is rmt-cli
(/usr/bin/rmt-cli
). The rmt-cli
command should be used together with the sub-commands described in this
section. If the rmt-cli
command is used alone, it prints
a list of all available sub-commands. To get help for individual
sub-commands, use man rmt-cli
or rmt-cli help
[subcommand]
.
The following sub-commands are available:
rmt-cli sync
Synchronize database with SUSE Customer Center.
rmt-cli products
List and modify products.
rmt-cli repos
List and modify repositories.
rmt-cli mirror
Mirror repositories.
rmt-cli systems
List and modify systems.
rmt-cli import
Import commands for offline mode.
rmt-cli export
Export commands for offline mode.
rmt-cli version
Show RMT version.
The following sections explain each sub-command in detail.
6.1.2 sync
#
This command triggers synchronization with the SUSE Customer Center instantly. The command
has no further options. Synchronization is also triggered each night by the
systemd
timer rmt-server-sync.timer
.
During synchronization, no data is uploaded to the SUSE Customer Center. This command for example updates local product definitions and repository data.
6.1.3 products
#
List and modify products.
rmt-cli products list [--all] [--csv]
Lists the products that are enabled for mirroring. Use the
--all
flag to list all available products. Use the--csv
flag to output the list in CSV format.ls
can be used as a shortcut forlist
.rmt-cli products enable [id | string] [--all-modules]
Enables mandatory repositories of a product by its ID or product string. The
--all-modules
flag enables all modules of a product instead of only the recommended ones.rmt-cli products disable [id | string]
Disables all repositories of a product by its ID or product string.
6.1.4 repos
#
rmt-cli repos list [--all] [--csv]
Lists the repositories that are enabled for mirroring. Use the
--all
flag to list all available repositories. Use the--csv
flag to output the list in CSV format.ls
can be used as a shortcut forlist
.rmt-cli repos enable [id]
Enables mirroring of a single repository by its ID.
rmt-cli repos disable [id]
Disables mirroring of a single repository by its ID.
rmt-cli repos clean
Removes locally mirrored files of repositories that are not marked to be mirrored.
6.1.5 repos custom
#
rmt-cli repos custom list [--csv]
Lists all your custom repositories. Use the
--csv
flag to output the list in CSV format.ls
can be used as a shortcut forlist
.rmt-cli repos custom add [url] [name] [--id]
Adds a new custom repository. Use the
--id
flag to specify a custom alphanumeric ID.rmt-cli repos custom enable [id]
Enables mirroring of a custom repository.
rmt-cli repos custom disable [id]
Disables mirroring of a custom repository.
rmt-cli repos custom remove [id]
Removes a custom repository.
rmt-cli repos custom products [id]
Lists the products attached to the custom repository with the given ID.
rmt-cli repos custom attach [id] [product id]
Attaches an existing custom repository to a product.
rmt-cli repos custom detach [id] [product id]
Detaches an existing custom repository from a product.
6.1.6 mirror
#
rmt-cli mirror
Starts the mirroring process manually.
rmt-cli mirror all
Mirrors all enabled repositories.
rmt-cli mirror repository [IDs]
Mirrors enabled repositories by a list of IDs.
rmt-cli mirror product [IDs]
Mirrors enabled repositories for a product by a list of IDs.
6.1.7 systems
#
rmt-cli systems list
This command lists registered systems.
rmt-cli systems scc-sync
This command forwards registered systems' data to SCC.
rmt-cli systems remove [TARGET]
This command removes a system from RMT as identified by the
column of the output of thermt-cli systems list
command.rmt-cli systems purge
This command lists and optionally deletes inactive systems. It has the following options:
--before DATE
—lists systems that have been inactive since DATE until now. Default is the last 3 months.--no-confirmation
—allows the administrator to delete matching systems without confirmation.
#
rmt-cli systems purge --before 2021-06-16 +------------+----------+---------------------+---------------------+----------+ | Login | Hostname | Registration time | Last seen | Products | +------------+----------+---------------------+---------------------+----------+ | SCC_c5b0.. | 6e485e48b| 2021-06-11 13:38:07 | 2021-06-11 13:52:01 | SLES/15..| | SCC_5fcf.. | node52 | 2021-06-15 13:29:24 | 2021-06-15 13:31:25 | SLES/15..| +------------+----------+---------------------+---------------------+----------+ Do you want to delete these systems? (y/n) y Purged systems that have not contacted this RMT since 2021-06-16.
6.1.8 import
#
This command is required for the offline mode. For details, see Section 4.7, “Exporting and importing repositories”.
rmt-cli import data [path]
Run this on the offline RMT to read the JSON files from the given path and fill the local database with data.
rmt-cli import repos [path]
Run this on the offline RMT to import RPM packages.
6.1.9 export
#
This command is required for the offline mode. For details, see Section 4.7, “Exporting and importing repositories”.
rmt-cli export data [path]
Run this on an online RMT to get the latest data from SUSE Customer Center and save the result as JSON files at the specified path.
rmt-cli export settings [path]
Run this on the offline RMT to save the settings for enabled repositories at a given path as
repos.json
.rmt-cli export repos [path]
Run this regularly on the online RMT to mirror the set of repositories specified in the
repos.json
at the given path. The mirrored repository files are stored in subdirectories of the same path.
6.1.10 clean packages
#
The rmt-cli clean packages
command removes locally
mirrored “dangling” files and their database entries. A file is
considered to be dangling if it matches all the following characteristics:
It exists in a repository directory with primary and metadata
repomd.xml
files.It is no longer referenced in the metadata files.
It is at least 2 days old.
You can pass the following options to the rmt-cli clean
packages
command:
- --dry-run
Generates a report of all affected files without actually cleaning them or their database entries.
- --verbose
Prints detailed information about each cleaned file.
- --non-interactive
Skips confirmation before proceeding with the cleaning process.
6.1.11 version
#
Display the version of rmt-cli
.
6.2 RMT systemd
commands #
You can manage RMT-related services with the standard systemd
commands. The RMT server has the following services and timers:
rmt-server.target
A
systemd
target that starts all required RMT components.rmt-server.service
The RMT server.
rmt-server-migration.service
This service migrates the database to the newest schema, if required. There is no need to manually interact with this service.
rmt-server-sync.timer
This timer is responsible for periodically synchronizing all repository product data from the SUSE Customer Center.
rmt-server-mirror.timer
This timer is responsible for periodically synchronizing all RPMs from the SUSE Customer Center.
Use systemctl
to manage the RMT services and timers.
6.3 RMT configuration files #
The main RMT configuration file is /etc/rmt.conf
.
You can set most of the options with the YaST RMT Server module.
6.3.1 /etc/rmt.conf #
The only supported way of doing the initial configuration is with
yast2 rmt
as described in Section 2.5, “RMT configuration with YaST”. Only the proxy
configuration needs to be entered manually. The other configuration
parameters are documented for reference.
All available configuration options can be found in the
/etc/rmt.conf
file.
6.3.1.1 Mirroring settings #
The mirroring
section lets you adjust mirroring
behavior.
mirror_src
Decides whether to mirror source RPM packages (architecture is
src
).dedup_method
Creates hard links during mirroring when set to
hardlink
. If the file system does not support hard links, it can be set tocopy
instead. Possible values:hardlink
,copy
.
6.3.1.2 HTTP client settings #
The http_client
section defines the global HTTP
connection settings of RMT.
verbose
Enables additional debug output to the
systemd
journal.proxy
The proxy server URL including the protocol and the port number. For example:
http://proxy_url:8080
.noproxy
A list of domains that should not go through the proxy, separated by commas. For example:
localhost,.mylocaldomain
.proxy_auth
This setting determines the proxy authentication mechanism. Possible values are:
none
,basic
,digest
,gssnegotiate
,ntlm
,digest_ie
,ntlm_wb
.proxy_user
The proxy server user name.
proxy_password
The proxy server password.
low_speed_limit
Lower speed limit when a download should be aborted in bytes/sec.
low_speed_time
Time until a download gets aborted, when download speed is below
low_speed_limit
.
6.3.1.3 Settings for accessing SUSE repositories #
The scc
section contains your mirroring
credentials for contacting the SUSE Customer Center. To obtain your mirroring
credentials, see Section 4.1, “Mirroring credentials”.
Valid configuration keys for the section are:
username
Mirroring credentials user name.
password
Mirroring credentials password.
6.3.1.4 Web server settings #
The web_server
section lets you tune the performance of your RMT server.
min_threads
Specifies the minimum number of threads that an RMT server worker should spawn.
Acceptable values: Integer greater than or equal to 1.
max_threads
Specifies the maximum number of threads that an RMT server worker should spawn.
Acceptable values: Integer greater than or equal to 1.
workers
Specifies the number of Web workers for RMT.
Acceptable values: Integer greater than or equal to 1.
6.3.2 SSL certificates and HTTPS #
By default access to API endpoints consumed by
SUSEConnect
is limited to HTTPS only. nginx is
configured to use an SSL certificate and a private key from the following
locations:
Certificate:
/etc/rmt/ssl/rmt-server.crt
Private key:
/etc/rmt/ssl/rmt-server.key
The YaST RMT module generates a custom certificate authority which is used to sign HTTPS certificates. This means that to register, this certificate authority must be trusted by the client machines:
For registrations during installation from the media or with YaST Registration module, a message will appear, prompting to trust the server certificate.
For registering a client system on the command line, use the
rmt-client-setup
script. For details, see Section 5.3, “Configuring clients withrmt-client-setup
”.