Registering CentOS Clients
This section contains information about registering traditional and Salt clients running CentOS operating systems.
CentOS clients are based on CentOS and are unrelated to SUSE Linux Enterprise Server with Expanded Support, RES, Red Hat, or Expanded Support. You are responsible for arranging access to CentOS base media repositories and CentOS installation media, as well as connecting SUSE Manager Server to the CentOS content delivery network.
Before you can register CentOS clients to your SUSE Manager Server, you need to add the required software channels, and synchronize them.
The architectures currently supported are:
For full list of supported products and architectures, see Supported Clients and Features.
In the following section, descriptions often default to the
For example, when working with
x86_64 architecture, you need this products:
CentOS 7 x86_64
In the SUSE Manager Web UI, navigate to.
Locate the appropriate products for your client operating system and architecture using the search bar, and check the appropriate product. This will automatically check all mandatory channels. Also all recommended channels are checked as long as the
include recommendedtoggle is turned on. Click the arrow to see the complete list of related products, and ensure that any extra products you require are checked.
Click Add Products and wait until the products have finished synchronizing.
Alternatively, you can add channels at the command prompt. The channels you need for this procedure are:
At the command prompt on the SUSE Manager Server, as root, use the
mgr-synccommand to add the appropriate channels:
mgr-sync add channel <channel_label_1> mgr-sync add channel <channel_label_2> mgr-sync add channel <channel_label_n>
Synchronization starts automatically. If you want to synchronize the channels manually, use:
mgr-sync sync --with-children <channel_name>
Ensure the synchronization is complete before continuing.
If you are using modular channels, you must enable the Python 3.6 module stream on the client.
If you do not provide Python 3.6, the installation of the
spacecmd package will fail.
You might notice some disparity in the number of packages available in the AppStream channel between upstream and the SUSE Manager channel. You might also see different numbers if you compare the same channel added at a different point in time. This is due to the way that CentOS manages their repositories. CentOS removes older version of packages when a new version is released, while SUSE Manager keeps all of them, regardless of age.
The AppStream repository provides modular packages. This results in the SUSE Manager Web UI showing incorrect package information. You cannot perform package operations such as installing or upgrading directly from modular repositories using the Web UI or API.
Alternatively, you can use Salt states to manage modular packages on Salt clients, or use the
In the SUSE Manager Web UI, navigate toand select the
Productstab. This dialog displays a completion bar for each product when they are being synchronized.
Alternatively, you can navigate to, then click the channel associated to the repository. Navigate to the
Repositoriestab, then click
At the command prompt on the SUSE Manager Server, as root, use the
tailcommand to check the synchronization log file:
tail -f /var/log/rhn/reposync/<channel-label>.log
Each child channel generates its own log during the synchronization progress. You need to check all the base and child channel log files to be sure that the synchronization is complete.
You need to create an activation key that is associated with your CentOS channels.
For more information on activation keys, see Activation Keys.
Clients use GPG keys to check the authenticity of software packages before they are installed. Only trusted software can be installed on clients.
Trusting a GPG key is important for security on clients. It is the task of the administrator to decide which keys are needed and can be trusted. A software channel cannot be assigned to a client when the GPG key is not trusted.
For more information about GPG keys, see GPG Keys.
To register your clients, you need a bootstrap repository. By default, bootstrap repositories are automatically created, and regenerated daily for all synchronized products. You can manually create the bootstrap repository from the command prompt, using this command:
For more information on registering your clients, see Client Registration.
When you update CentOS clients, the packages do not include metadata about the updates. You can use a third-party errata service to obtain this information.
The third-party errata service described here, CEFS, is provided and maintained by the community. It is not supported by SUSE.
The authors of CEFS provide patches or errata on a best-effort basis, in the hope they are useful but with no guarantees of correctness or currency. This could mean that the patch dates could be incorrect, and in at least one case, the published data was shown to be more than a month old. For more information on these cases, see https://github.com/stevemeier/cefs/issues/28#issuecomment-656579382 and https://github.com/stevemeier/cefs/issues/28#issuecomment-656573607.
Any problems or delays with the patch data might result in unreliable patch information being imported to your SUSE Manager Server. This would cause reports, audits, CVE updates, or other patch-related information to also be incorrect. Please consider alternatives to using this service, such as independently verifying patch data, or choosing a different operating system, depending on your security-related requirements and certifications criteria.
On the SUSE Manager Server, from the command prompt, as root, add the
SUSEConnect --product sle-module-development-tools/15.2/x86_64
Install errata service dependencies:
zypper in perl-Text-Unidecode
Add or edit this line in
java.allow_adding_patches_via_api = centos7-x86_64-updates,centos7-x86_64,centos7-x86_64-extras
systemctl restart tomcat
Create a file for your errata script:
Edit the new file to include this script, editing the repository details as required. This script fetches the errata details from an external errata service, unpacks it, and publishes the details:
#!/bin/bash mkdir -p /usr/local/centos cd /usr/local/centos rm *.xml wget -c http://cefs.steve-meier.de/errata.latest.xml wget -c https://www.redhat.com/security/data/oval/v2/RHEL7/rhel-7.oval.xml.bz2 bzip2 -d rhel-7.oval.xml.bz2 wget -c http://cefs.steve-meier.de/errata-import.tar tar xvf errata-import.tar chmod +x /usr/local/centos/errata-import.pl export SPACEWALK_USER='<adminname>';export SPACEWALK_PASS='<password>' /usr/local/centos/errata-import.pl --server '<servername>' \ --errata /usr/local/centos/errata.latest.xml \ --include-channels=centos7-x86_64-updates,centos7-x86_64,centos7-x86_64-extras \ --publish --rhsa-oval /usr/local/centos/rhel-7.oval.xml
Set up a cron job to run the script daily:
ln -s /usr/local/bin/cent-errata.sh /etc/cron.daily
For more information on this tool, see https://cefs.steve-meier.de/.