How to solve SuSE SMT errors (Access to http URIs has been disabled)

Written by - 1 comments

Published on - Listed in Linux


Over the last few days, I suddenly started to receive SMT registration errors by e-mail. SMT is a SuSE/Novell service to register SuSE Linux clients and to create local patch mirrors. 

After some investigation, the following logfile showed the exact same errors as sent by e-mail:

# tailf /var/log/smt/smt-register.log
2012-03-06 07:35:48 SMT::NCCRegTools - [info]  Register 1 new clients.
2012-03-06 07:35:49 SMT::NCCRegTools - [error]  Invalid response:500 Access to 'http' URIs has been disabled
2012-03-06 07:50:47 SMT::NCCRegTools - [info]  Register 1 new clients.
2012-03-06 07:50:48 SMT::NCCRegTools - [error]  Invalid response:500 Access to 'http' URIs has been disabled

As one can see, the errors repeat every 15min. So there must be a cronjob launching this thing.
The cronjob was found within the /etc/cron.d folder:

# cat /etc/cron.d/novell.com-smt
*/15 * * * * root /usr/lib/SMT/bin/smt-repeated-register
0 1 * * * root /usr/lib/SMT/bin/smt-daily
0 2 * * * root /usr/lib/SMT/bin/smt-run-jobqueue-cleanup
0 5 * * 1 root /usr/lib/SMT/bin/smt-gen-report

So it is the script /usr/lib/SMT/bin/smt-repeated-register which causes troubles... This script basically checks if a proxy connection should be used and then launches the following command:

/usr/sbin/smt-register -r -L /var/log/smt/smt-register.log --mail

Once executed manually, nothing happened, it seemed to be blocked somewhere. Fortunately there is a debug mode to see what's going on:

# smt-register --debug
Register 1 new clients.
Register 'xxx'
SEND TO: https://secure-www.novell.com/center/regsvc?command=bulkop&lang=en-US&version=1.0
XML:
<?xml version="1.0" encoding="UTF-8"?>
<bulkop xmlns="http://www.novell.com/xml/center/regsvc-1_0" lang="en" client_version="1.2.3"><register force="batch"><guid>xxx</guid><host /><authuser>xxx</authuser><authpass>xxx</authpass><smtguid>xxx</smtguid><product version="11.1" release="DVD" arch="x86_64">SUSE_SLES</product><param id="ostarget">sle-11-x86_64</param><param id="ostarget-bak"><![CDATA["SUSE Linux Enterprise Server 11 (x86_64)"]]></param><param id="platform">x86_64</param><param id="processor">x86_64</param><param id="secret">xxx</param><param id="timezone">Europe/Zurich</param><param id="email">xxx@example.com</param></register></bulkop>
Result: 302 Moved Temporarily
Redirected to http://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
SEND TO: http://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
XML:
<?xml version="1.0" encoding="UTF-8"?>
<bulkop xmlns="http://www.novell.com/xml/center/regsvc-1_0" lang="en" client_version="1.2.3"><register force="batch"><guid>xxx</guid><host /><authuser>xxx</authuser><authpass>xxx</authpass><smtguid>xxx</smtguid><product version="11.1" release="DVD" arch="x86_64">SUSE_SLES</product><param id="ostarget">sle-11-x86_64</param><param id="ostarget-bak"><![CDATA["SUSE Linux Enterprise Server 11 (x86_64)"]]></param><param id="platform">x86_64</param><param id="processor">x86_64</param><param id="secret">xxx</param><param id="timezone">Europe/Zurich</param><param id="email">xxx@example.com</param></register></bulkop>
Result: 500 Access to 'http' URIs has been disabled
Invalid response:500 Access to 'http' URIs has been disabled

So the problem is that the accessed URL (https://secure-www.novell.com/center/regsvc) is forwarding the request to a non-https URL (http://www.novell.com/xml/center/regsvc-1_0). This causes a problem because the smt-register (perl-)script requires the https protocol (take a look at line 82):

81: my $useragent = SMT::Utils::createUserAgent(keep_alive => 1);
82: $useragent->protocols_allowed( [ 'https' ] );
83: $useragent->default_headers->push_header('Content-Type' => 'text/xml');

I experimented by adding the protocol http into the protocols_allowed array but this only caused another error:

2012-03-06 09:05:47 SMT::NCCRegTools - [info]  Register 1 new clients.
2012-03-06 09:05:49 SMT::NCCRegTools - [error]  Invalid response:409 Conflict

So this isn't the solution.

Then I wondered how the smt-register script knew that it should send the requests to https://secure-www.novell.com - this was nowhere marked in /etc/smt.conf. A short grep later I found this satisfying information:

# grep "secure-www.novell.com" /etc/*
/etc/smt.conf.rpmnew:NURegUrl=https://secure-www.novell.com/center/regsvc/
/etc/suseRegister.conf:url = https://secure-www.novell.com/center/regsvc
/etc/suseRegister.conf-2009-11-11:url = https://secure-www.novell.com/center/regsvc/

So in the file /etc/smt.conf.rpmnew there was a variable NURegUrl, but in the main config file /etc/smt.conf there was none. Strange... There may be several reasons for that. Maybe only since a couple of days this parameter-URL is required, or some other admin accidently removed the line from the config file... who knows.

Anyway, by adding the line into the [NU] section of /etc/smt.conf everything worked fine again:

# cat /etc/smt.conf
[NU]
NUUrl = https://nu.novell.com/
NUUser = xxx
NUPass = xxx
NURegUrl=https://secure-www.novell.com/center/regsvc/

# smt-register --debug
Register 1 new clients.
Register 'xxx'
SEND TO: https://secure-www.novell.com/center/regsvc/?command=bulkop&lang=en-US&version=1.0
...
Result: 200 OK
Registration success: 'xxx'.



Add a comment

Show form to leave a comment

Comments (newest first)

Sebastiaan.veld from The Netherlands wrote on May 8th, 2012:

Ran into the same problem and tried your solution and that dit not work for me.

In my case the resolution was that there was missing a forward slash at the end of the url path in /etc/suseRegister.conf

So the path in that file should be:
url=https://secure-www.novell.com/center/regsvc/


RSS feed

Blog Tags:

  AWS   Android   Ansible   Apache   Apple   Atlassian   BSD   Backup   Bash   Bluecoat   CMS   Chef   Cloud   Coding   Consul   Containers   CouchDB   DB   DNS   Database   Databases   Docker   ELK   Elasticsearch   Filebeat   FreeBSD   Galera   Git   GlusterFS   Grafana   Graphics   HAProxy   HTML   Hacks   Hardware   Icinga   Influx   Internet   Java   KVM   Kibana   Kodi   Kubernetes   LVM   LXC   Linux   Logstash   Mac   Macintosh   Mail   MariaDB   Minio   MongoDB   Monitoring   Multimedia   MySQL   NFS   Nagios   Network   Nginx   OSSEC   OTRS   Office   PGSQL   PHP   Perl   Personal   PostgreSQL   Postgres   PowerDNS   Proxmox   Proxy   Python   Rancher   Rant   Redis   Roundcube   SSL   Samba   Seafile   Security   Shell   SmartOS   Solaris   Surveillance   Systemd   TLS   Tomcat   Ubuntu   Unix   VMWare   VMware   Varnish   Virtualization   Windows   Wireless   Wordpress   Wyse   ZFS   Zoneminder