Novell Open Enterprise Server 11 - Updated Installation and Patching information

  • 7002931
  • 04-Apr-2012
  • 03-Sep-2012

Environment

Novell Open Enterprise Server 11 (OES 11) Linux

Situation

The latest Novell Open Enterprise Server 11 (OES 11)  Linux release is built on the most advanced Linux: SUSE Linux Enterprise 11.

Novell Open Enterprise Server 11 is fully certified and supported to run on SUSE Linux Enterprise 11.

Novell Open Enterprise Server 11 has been released to the General public on December 13th, 2011. A number of recent updates to the core SLE 11 environment, have introduced few side-effects to the installation procedure since February 2012. These issues could not be anticipated for our during internal testing and QA cycles for the Novell Open Enterprise Server 11 product, prior to release in December 2011.

These issues are described here (as issues 2 & 3), and make the customer experience slightly differ than what is described in our official collateral on the Novell Documentation site that refers to the OES11 Installation Guide.

Problem 1 :
In Section 3.5 Specifying the Add-On Product installation information of the OES11 Installation Guide.
Adding the OES11 media will ask the administrator to import an Untrusted GnuPG key.

See screen shot 1:



Problem 2 :
In section 4.2 Adding/Configuring OES Services on an Existing Server of the OES11 Installation Guide.
Post February 2012, OES11 installations (where SLES11 SP1 is first installed and fully patched, and OES11 has been installed as Add-on product later), selecting any OES pattern for installation, will present a warning that the installation requires ruby-1.8.7.p357-0.7.1 to be downgraded to ruby-1.8.7.p72-5.30.5.

See screen shot 2:



Problem 3 :
Depending on how one installs OES11, whilst applying patches to the server the results is a warning in resolving package dependencies.
The problems resolving packages dependencies is not about a version downgrade however, but refers to a 'Vendor change' notification

In the log this will show as this:
Problem: patch:slessp1-tomcat-6-for-sles-5709.noarch conflicts with tomcat6-servlet-2_5-api.noarch < 6.0.18-20.33.1 provided by tomcat6-servlet-2_5-api-6.0.18-20.30.12.noarch
Problem: patch:slessp1-tomcat6-5759.noarch conflicts with tomcat6-lib.noarch < 6.0.18-20.35.36.1 provided by tomcat6-lib-6.0.18-20.30.12.noarch

Problem: patch:slessp1-tomcat-6-for-sles-5709.noarch conflicts with tomcat6-servlet-2_5-api.noarch < 6.0.18-20.33.1 provided by tomcat6-servlet-2_5-api-6.0.18-20.30.12.noarch
 Solution 1: Following actions will be done:
  install tomcat6-servlet-2_5-api-6.0.18-20.35.36.1.noarch (with vendor change)
    Novell, Inc.  -->  SUSE LINUX Products GmbH, Nuernberg, Germany
  install tomcat6-jsp-2_1-api-6.0.18-20.35.36.1.noarch (with vendor change)
    Novell, Inc.  -->  SUSE LINUX Products GmbH, Nuernberg, Germany
  install tomcat6-6.0.18-20.35.36.1.noarch (with vendor change)
    Novell, Inc.  -->  SUSE LINUX Products GmbH, Nuernberg, Germany
 Solution 2: do not install patch:slessp1-tomcat-6-for-sles-5709.noarch

Choose from above solutions by number or skip, retry or cancel [1/2/s/r/c] (c): 1

Problem: patch:slessp1-tomcat6-5759.noarch conflicts with tomcat6-lib.noarch < 6.0.18-20.35.36.1 provided by tomcat6-lib-6.0.18-20.30.12.noarch
 Solution 1: Following actions will be done:
  install tomcat6-lib-6.0.18-20.35.36.1.noarch (with vendor change)
    Novell, Inc.  -->  SUSE LINUX Products GmbH, Nuernberg, Germany
  install tomcat6-jsp-2_1-api-6.0.18-20.35.36.1.noarch (with vendor change)
    Novell, Inc.  -->  SUSE LINUX Products GmbH, Nuernberg, Germany
  install tomcat6-6.0.18-20.35.36.1.noarch (with vendor change)
    Novell, Inc.  -->  SUSE LINUX Products GmbH, Nuernberg, Germany
 Solution 2: do not install patch:slessp1-tomcat6-5759.noarch

Choose from above solutions by number or skip, retry or cancel [1/2/s/r/c] (c): 1
Resolving dependencies...
Resolving package dependencies...

and further in the process we will see the following :

The following product is going to be upgraded:
  SUSE Linux Enterprise Server 11 SP1

The following packages are going to change vendor:
  tomcat6                  Novell, Inc. -> SUSE LINUX Products GmbH, Nuernberg, Germany
  tomcat6-jsp-2_1-api      Novell, Inc. -> SUSE LINUX Products GmbH, Nuernberg, Germany
  tomcat6-lib              Novell, Inc. -> SUSE LINUX Products GmbH, Nuernberg, Germany
  tomcat6-servlet-2_5-api  Novell, Inc. -> SUSE LINUX Products GmbH, Nuernberg, Germany

or from the GUI



Resolution

Solution 1 :
There is no current workaround to this issue possible, other than manually importing the GnuPG key, and to manually add this into the existing keyring of trusted public keys.

Please verify the GnuPG key to import matches the following :
ID: FE52F79E1111779D
Fingerprint: 279B C0C6 BCEB 21D9 939C C49A FE52 F79E 1111 779D
Name: Novell Bangalore BuildService (Contact security@novell.com) <novell-bangalore-build@novell.com>
Created: 03/18/2011
Expires: 02/24/2013   


Solution 2:
Since February 2012, OES11 installations (where SLES11 SP1 is first installed and fully patched, and OES11 will been installed as Add-on product later), please accept the proposed version downgrade for ruby-1.8.7.p357-0.7.1 to ruby-1.8.7.p72-5.30.5 in order to proceed with the installation.

After SLES11 SP1 installation, the ruby version shows as
rpm -qi ruby-1.8.7.p357-0.7.1 | head
Name        : ruby                         Relocations: (not relocatable)
Version     : 1.8.7.p357                        Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany
Release     : 0.7.1                         Build Date: Fri 27 Jan 2012 12:55:52 AM CET
Install Date: Tue 03 Apr 2012 02:08:20 PM CEST      Build Host: gehrke
Group       : Development/Languages/Ruby    Source RPM: ruby-1.8.7.p357-0.7.1.src.rpm
Size        : 6742358                          License: GPL v2 or later
Signature   : RSA/8, Fri 27 Jan 2012 12:58:12 AM CET, Key ID e3a5c360307e3d54
Packager    : http://bugs.opensuse.org
URL         : http://www.ruby-lang.org/
Summary     : An Interpreted Object-Oriented Scripting Language

After OES11 installation, and accepting to downgrade the module, the ruby version shows as :
rpm -qi ruby-1.8.7.p72-5.30.5 | head
Name        : ruby                         Relocations: (not relocatable)
Version     : 1.8.7.p72                         Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany
Release     : 5.30.5                        Build Date: Wed 17 Aug 2011 07:25:59 PM CEST
Install Date: Wed 04 Apr 2012 08:44:10 AM CEST      Build Host: wichary
Group       : Development/Languages/Ruby    Source RPM: ruby-1.8.7.p72-5.30.5.src.rpm
Size        : 6650676                          License: GPL v2 or later
Signature   : RSA/8, Wed 17 Aug 2011 07:28:04 PM CEST, Key ID e3a5c360307e3d54
Packager    : http://bugs.opensuse.org
URL         : http://www.ruby-lang.org/
Summary     : An Interpreted Object-Oriented Scripting Language

Once the installation of OES11 (with the ruby module downgrade mentioned here above) has completed, ruby can than safely be upgraded to a later versions when required.

Additional note: When installing both SLES11 SP1 and OES11 at the same time (integrated installation), the installation procedure does not ask for the ruby version downgrade.

To avoid ruby conflicts while patching with zypper please add the OES11-Pool repository.
Output for 'zypper lr' should than show the OES11-Pool, SLES11-SP1-Updates and OES11-Updates.

Patch using this method : 
zypper up -t patch -r SLES11-SP1-Updates -r OES11-Updates -r OES11-Pool



Solution 3 :
From the offered solutions (solutions by number or skip, retry or cancel), please proceed by accepting or installing the versions with the Vendor change.

Cause

Cause 1 :
Traditionally, the SUSE keyring contained public keys for the various geographical locations where Novell software was built. One of this locations was Provo. The public GnuPG keys from the Provo build system has since been removed from the SUSE keyring.

Novell is working in pursuing a proper solution for future releases.

Cause 2 :
In order to not enforce customers with certain pre-installation requirements, for OES11 services that require ruby, it has been decided to use the ruby package that comes with the SLES11 SDK, and package the same with the OES11 product as a convenience copy for our customers.

The advantage for this was that this method prevented customers from having to switch media, and/or having a requirement to have an active subscription to the SLE11 SDK catalog.

Cause 3 :
For OES11, the tomcat6 packages listed were build from source by Novell, instead of packaging the binaries built by SUSE. As such, the vendor change is expected because the vendor info for both the SLE and OES packages are different.

As the SUSE team has released tomcat with L3 support in February 2012, this is a one time conflict on any new installations/upgrades post February 2012.

Additional information :
We could argue such messages were never observed on OES 2, however Vendor change issues have previously existed on OES2 as well.
The reason this was never observed by OES2 customers was because SLE10 used ZMD, and ZMD has never cared about vendor changes. ZMD just had a hard-coded set of vendor fields and if the vendor info of a particular was different from that list, it would still go ahead, and install it (without informing the administrator performing the update), and then would tell YaST to "lock" the package from future updates.