Over the last few days, I suddenly started to receive SMT registration errors by e-mail. SMT is a SuSE/Novell service to register SuSE Linux clients and to create local patch mirrors.
After some investigation, the following logfile showed the exact same errors as sent by e-mail:
# tailf /var/log/smt/smt-register.log
2012-03-06 07:35:48 SMT::NCCRegTools - [info] Register 1 new clients.
2012-03-06 07:35:49 SMT::NCCRegTools - [error] Invalid response:500 Access to 'http' URIs has been disabled
2012-03-06 07:50:47 SMT::NCCRegTools - [info] Register 1 new clients.
2012-03-06 07:50:48 SMT::NCCRegTools - [error] Invalid response:500 Access to 'http' URIs has been disabled
As one can see, the errors repeat every 15min. So there must be a cronjob launching this thing.
The cronjob was found within the /etc/cron.d folder:
# cat /etc/cron.d/novell.com-smt
*/15 * * * * root /usr/lib/SMT/bin/smt-repeated-register
0 1 * * * root /usr/lib/SMT/bin/smt-daily
0 2 * * * root /usr/lib/SMT/bin/smt-run-jobqueue-cleanup
0 5 * * 1 root /usr/lib/SMT/bin/smt-gen-report
So it is the script /usr/lib/SMT/bin/smt-repeated-register which causes troubles... This script basically checks if a proxy connection should be used and then launches the following command:
/usr/sbin/smt-register -r -L /var/log/smt/smt-register.log --mail
Once executed manually, nothing happened, it seemed to be blocked somewhere. Fortunately there is a debug mode to see what's going on:
# smt-register --debug
Register 1 new clients.
Register 'xxx'
SEND TO: https://secure-www.novell.com/center/regsvc?command=bulkop&lang=en-US&version=1.0
XML:
<?xml version="1.0" encoding="UTF-8"?>
<bulkop xmlns="http://www.novell.com/xml/center/regsvc-1_0" lang="en" client_version="1.2.3"><register force="batch"><guid>xxx</guid><host /><authuser>xxx</authuser><authpass>xxx</authpass><smtguid>xxx</smtguid><product version="11.1" release="DVD" arch="x86_64">SUSE_SLES</product><param id="ostarget">sle-11-x86_64</param><param id="ostarget-bak"><![CDATA["SUSE Linux Enterprise Server 11 (x86_64)"]]></param><param id="platform">x86_64</param><param id="processor">x86_64</param><param id="secret">xxx</param><param id="timezone">Europe/Zurich</param><param id="email">xxx@example.com</param></register></bulkop>
Result: 302 Moved Temporarily
Redirected to http://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
SEND TO: http://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
XML:
<?xml version="1.0" encoding="UTF-8"?>
<bulkop xmlns="http://www.novell.com/xml/center/regsvc-1_0" lang="en" client_version="1.2.3"><register force="batch"><guid>xxx</guid><host /><authuser>xxx</authuser><authpass>xxx</authpass><smtguid>xxx</smtguid><product version="11.1" release="DVD" arch="x86_64">SUSE_SLES</product><param id="ostarget">sle-11-x86_64</param><param id="ostarget-bak"><![CDATA["SUSE Linux Enterprise Server 11 (x86_64)"]]></param><param id="platform">x86_64</param><param id="processor">x86_64</param><param id="secret">xxx</param><param id="timezone">Europe/Zurich</param><param id="email">xxx@example.com</param></register></bulkop>
Result: 500 Access to 'http' URIs has been disabled
Invalid response:500 Access to 'http' URIs has been disabled
So the problem is that the accessed URL (https://secure-www.novell.com/center/regsvc) is forwarding the request to a non-https URL (http://www.novell.com/xml/center/regsvc-1_0). This causes a problem because the smt-register (perl-)script requires the https protocol (take a look at line 82):
81: my $useragent = SMT::Utils::createUserAgent(keep_alive => 1);
82: $useragent->protocols_allowed( [ 'https' ] );
83: $useragent->default_headers->push_header('Content-Type' => 'text/xml');
I experimented by adding the protocol http into the protocols_allowed array but this only caused another error:
2012-03-06 09:05:47 SMT::NCCRegTools - [info] Register 1 new clients.
2012-03-06 09:05:49 SMT::NCCRegTools - [error] Invalid response:409 Conflict
So this isn't the solution.
Then I wondered how the smt-register script knew that it should send the requests to https://secure-www.novell.com - this was nowhere marked in /etc/smt.conf. A short grep later I found this satisfying information:
# grep "secure-www.novell.com" /etc/*
/etc/smt.conf.rpmnew:NURegUrl=https://secure-www.novell.com/center/regsvc/
/etc/suseRegister.conf:url = https://secure-www.novell.com/center/regsvc
/etc/suseRegister.conf-2009-11-11:url = https://secure-www.novell.com/center/regsvc/
So in the file /etc/smt.conf.rpmnew there was a variable NURegUrl, but in the main config file /etc/smt.conf there was none. Strange... There may be several reasons for that. Maybe only since a couple of days this parameter-URL is required, or some other admin accidently removed the line from the config file... who knows.
Anyway, by adding the line into the [NU] section of /etc/smt.conf everything worked fine again:
# cat /etc/smt.conf
[NU]
NUUrl = https://nu.novell.com/
NUUser = xxx
NUPass = xxx
NURegUrl=https://secure-www.novell.com/center/regsvc/
# smt-register --debug
Register 1 new clients.
Register 'xxx'
SEND TO: https://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
...
Result: 200 OK
Registration success: 'xxx'.
Sebastiaan.veld from The Netherlands wrote on May 8th, 2012:
Ran into the same problem and tried your solution and that dit not work for me.
In my case the resolution was that there was missing a forward slash at the end of the url path in /etc/suseRegister.conf
So the path in that file should be:
url=https://secure-www.novell.com/center/regsvc/
AWS Android Ansible Apache Apple Atlassian BSD Backup Bash Bluecoat CMS Chef Cloud Coding Consul Containers CouchDB DB DNS Database Databases Docker ELK Elasticsearch Filebeat FreeBSD Galera Git GlusterFS Grafana Graphics HAProxy HTML Hacks Hardware Icinga Influx Internet Java KVM Kibana Kodi Kubernetes LVM LXC Linux Logstash Mac Macintosh Mail MariaDB Minio MongoDB Monitoring Multimedia MySQL NFS Nagios Network Nginx OSSEC OTRS Office OpenSearch PGSQL PHP Perl Personal PostgreSQL Postgres PowerDNS Proxmox Proxy Python Rancher Rant Redis Roundcube SSL Samba Seafile Security Shell SmartOS Solaris Surveillance Systemd TLS Tomcat Ubuntu Unix VMWare VMware Varnish Virtualization Windows Wireless Wordpress Wyse ZFS Zoneminder