Environment
Novell Open Enterprise Server 11 (OES 11) Linux
Situation
The latest Novell Open Enterprise Server 11 (OES 11) Linux release is built on the most advanced Linux: SUSE
Linux Enterprise 11.
Novell Open Enterprise Server 11 is fully certified and supported to run on SUSE Linux Enterprise 11.
Novell Open Enterprise Server 11 has been released to the General public on December 13th, 2011. A number of recent updates to the core SLE 11 environment, have introduced few side-effects to the installation procedure since February 2012. These issues could not be anticipated for our during internal testing and QA cycles for the Novell Open Enterprise Server 11 product, prior to release in December 2011.
These issues are described here (as issues 2 & 3), and make the customer experience slightly differ than what is described in our official collateral on the Novell Documentation site that refers to the OES11 Installation Guide.
Problem 1 :
In Section 3.5 Specifying the Add-On Product installation information of the OES11 Installation Guide.
Adding the OES11 media will ask the administrator to import an Untrusted GnuPG key.
Problem 2 :
In section 4.2 Adding/Configuring OES Services on an Existing Server of the OES11 Installation Guide.
Post February 2012, OES11 installations (where SLES11 SP1 is first installed and fully patched, and OES11 has been installed as Add-on product later), selecting any OES pattern for installation, will present a warning that the installation requires ruby-1.8.7.p357-0.7.1 to be downgraded to ruby-1.8.7.p72-5.30.5.
Problem 3 :
Depending on how one installs OES11, whilst applying patches to the server the results is a warning in resolving package dependencies.
The problems resolving packages dependencies is not about a version downgrade however, but refers to a 'Vendor change' notification
In the log this will show as this:
The following product is going to be upgraded:
SUSE Linux Enterprise Server 11 SP1
The following packages are going to change vendor:
tomcat6 Novell, Inc. -> SUSE LINUX Products GmbH, Nuernberg, Germany
tomcat6-jsp-2_1-api Novell, Inc. -> SUSE LINUX Products GmbH, Nuernberg, Germany
tomcat6-lib Novell, Inc. -> SUSE LINUX Products GmbH, Nuernberg, Germany
tomcat6-servlet-2_5-api Novell, Inc. -> SUSE LINUX Products GmbH, Nuernberg, Germany
or from the GUI
Novell Open Enterprise Server 11 is fully certified and supported to run on SUSE Linux Enterprise 11.
Novell Open Enterprise Server 11 has been released to the General public on December 13th, 2011. A number of recent updates to the core SLE 11 environment, have introduced few side-effects to the installation procedure since February 2012. These issues could not be anticipated for our during internal testing and QA cycles for the Novell Open Enterprise Server 11 product, prior to release in December 2011.
These issues are described here (as issues 2 & 3), and make the customer experience slightly differ than what is described in our official collateral on the Novell Documentation site that refers to the OES11 Installation Guide.
Problem 1 :
In Section 3.5 Specifying the Add-On Product installation information of the OES11 Installation Guide.
Adding the OES11 media will ask the administrator to import an Untrusted GnuPG key.
See screen shot 1:
Problem 2 :
In section 4.2 Adding/Configuring OES Services on an Existing Server of the OES11 Installation Guide.
Post February 2012, OES11 installations (where SLES11 SP1 is first installed and fully patched, and OES11 has been installed as Add-on product later), selecting any OES pattern for installation, will present a warning that the installation requires ruby-1.8.7.p357-0.7.1 to be downgraded to ruby-1.8.7.p72-5.30.5.
See screen shot 2:
Problem 3 :
Depending on how one installs OES11, whilst applying patches to the server the results is a warning in resolving package dependencies.
The problems resolving packages dependencies is not about a version downgrade however, but refers to a 'Vendor change' notification
In the log this will show as this:
Problem: patch:slessp1-tomcat-6-for-sles-5709.noarch conflicts with tomcat6-servlet-2_5-api.noarch < 6.0.18-20.33.1 provided by tomcat6-servlet-2_5-api-6.0.18-20.30.12.noarch
Problem: patch:slessp1-tomcat6-5759.noarch conflicts with tomcat6-lib.noarch < 6.0.18-20.35.36.1 provided by tomcat6-lib-6.0.18-20.30.12.noarch
Problem: patch:slessp1-tomcat-6-for-sles-5709.noarch conflicts with tomcat6-servlet-2_5-api.noarch < 6.0.18-20.33.1 provided by tomcat6-servlet-2_5-api-6.0.18-20.30.12.noarch
Solution 1: Following actions will be done:
install tomcat6-servlet-2_5-api-6.0.18-20.35.36.1.noarch (with vendor change)
Novell, Inc. --> SUSE LINUX Products GmbH, Nuernberg, Germany
install tomcat6-jsp-2_1-api-6.0.18-20.35.36.1.noarch (with vendor change)
Novell, Inc. --> SUSE LINUX Products GmbH, Nuernberg, Germany
install tomcat6-6.0.18-20.35.36.1.noarch (with vendor change)
Novell, Inc. --> SUSE LINUX Products GmbH, Nuernberg, Germany
Solution 2: do not install patch:slessp1-tomcat-6-for-sles-5709.noarch
Choose from above solutions by number or skip, retry or cancel [1/2/s/r/c] (c): 1
Problem: patch:slessp1-tomcat6-5759.noarch conflicts with tomcat6-lib.noarch < 6.0.18-20.35.36.1 provided by tomcat6-lib-6.0.18-20.30.12.noarch
Solution 1: Following actions will be done:
install tomcat6-lib-6.0.18-20.35.36.1.noarch (with vendor change)
Novell, Inc. --> SUSE LINUX Products GmbH, Nuernberg, Germany
install tomcat6-jsp-2_1-api-6.0.18-20.35.36.1.noarch (with vendor change)
Novell, Inc. --> SUSE LINUX Products GmbH, Nuernberg, Germany
install tomcat6-6.0.18-20.35.36.1.noarch (with vendor change)
Novell, Inc. --> SUSE LINUX Products GmbH, Nuernberg, Germany
Solution 2: do not install patch:slessp1-tomcat6-5759.noarch
Choose from above solutions by number or skip, retry or cancel [1/2/s/r/c] (c): 1
Resolving dependencies...
Resolving package dependencies...
and further in the process we will see the following :Problem: patch:slessp1-tomcat6-5759.noarch conflicts with tomcat6-lib.noarch < 6.0.18-20.35.36.1 provided by tomcat6-lib-6.0.18-20.30.12.noarch
Problem: patch:slessp1-tomcat-6-for-sles-5709.noarch conflicts with tomcat6-servlet-2_5-api.noarch < 6.0.18-20.33.1 provided by tomcat6-servlet-2_5-api-6.0.18-20.30.12.noarch
Solution 1: Following actions will be done:
install tomcat6-servlet-2_5-api-6.0.18-20.35.36.1.noarch (with vendor change)
Novell, Inc. --> SUSE LINUX Products GmbH, Nuernberg, Germany
install tomcat6-jsp-2_1-api-6.0.18-20.35.36.1.noarch (with vendor change)
Novell, Inc. --> SUSE LINUX Products GmbH, Nuernberg, Germany
install tomcat6-6.0.18-20.35.36.1.noarch (with vendor change)
Novell, Inc. --> SUSE LINUX Products GmbH, Nuernberg, Germany
Solution 2: do not install patch:slessp1-tomcat-6-for-sles-5709.noarch
Choose from above solutions by number or skip, retry or cancel [1/2/s/r/c] (c): 1
Problem: patch:slessp1-tomcat6-5759.noarch conflicts with tomcat6-lib.noarch < 6.0.18-20.35.36.1 provided by tomcat6-lib-6.0.18-20.30.12.noarch
Solution 1: Following actions will be done:
install tomcat6-lib-6.0.18-20.35.36.1.noarch (with vendor change)
Novell, Inc. --> SUSE LINUX Products GmbH, Nuernberg, Germany
install tomcat6-jsp-2_1-api-6.0.18-20.35.36.1.noarch (with vendor change)
Novell, Inc. --> SUSE LINUX Products GmbH, Nuernberg, Germany
install tomcat6-6.0.18-20.35.36.1.noarch (with vendor change)
Novell, Inc. --> SUSE LINUX Products GmbH, Nuernberg, Germany
Solution 2: do not install patch:slessp1-tomcat6-5759.noarch
Choose from above solutions by number or skip, retry or cancel [1/2/s/r/c] (c): 1
Resolving dependencies...
Resolving package dependencies...
The following product is going to be upgraded:
SUSE Linux Enterprise Server 11 SP1
The following packages are going to change vendor:
tomcat6 Novell, Inc. -> SUSE LINUX Products GmbH, Nuernberg, Germany
tomcat6-jsp-2_1-api Novell, Inc. -> SUSE LINUX Products GmbH, Nuernberg, Germany
tomcat6-lib Novell, Inc. -> SUSE LINUX Products GmbH, Nuernberg, Germany
tomcat6-servlet-2_5-api Novell, Inc. -> SUSE LINUX Products GmbH, Nuernberg, Germany
Resolution
Solution 1 :
There is no current workaround to this issue possible, other than manually importing the GnuPG key, and to manually add this into the existing keyring of trusted public keys.
Please verify the GnuPG key to import matches the following :
Solution 2:
Since February 2012, OES11 installations (where SLES11 SP1 is first installed and fully patched, and OES11 will been installed as Add-on product later), please accept the proposed version downgrade for ruby-1.8.7.p357-0.7.1 to ruby-1.8.7.p72-5.30.5 in order to proceed with the installation.
After SLES11 SP1 installation, the ruby version shows as
After OES11 installation, and accepting to downgrade the module, the ruby version shows as :
Once the installation of OES11 (with the ruby module downgrade mentioned here above) has completed, ruby can than safely be upgraded to a later versions when required.
Additional note: When installing both SLES11 SP1 and OES11 at the same time (integrated installation), the installation procedure does not ask for the ruby version downgrade.
Patch using this method :
zypper up -t patch -r SLES11-SP1-Updates -r OES11-Updates -r OES11-Pool
Solution 3 :
From the offered solutions (solutions by number or skip, retry or cancel), please proceed by accepting or installing the versions with the Vendor change.
There is no current workaround to this issue possible, other than manually importing the GnuPG key, and to manually add this into the existing keyring of trusted public keys.
Please verify the GnuPG key to import matches the following :
ID: FE52F79E1111779D
Fingerprint: 279B C0C6 BCEB 21D9 939C C49A FE52 F79E 1111 779D
Name: Novell Bangalore BuildService (Contact security@novell.com) <novell-bangalore-build@novell.com>
Created: 03/18/2011
Expires: 02/24/2013
Fingerprint: 279B C0C6 BCEB 21D9 939C C49A FE52 F79E 1111 779D
Name: Novell Bangalore BuildService (Contact security@novell.com) <novell-bangalore-build@novell.com>
Created: 03/18/2011
Expires: 02/24/2013
Solution 2:
Since February 2012, OES11 installations (where SLES11 SP1 is first installed and fully patched, and OES11 will been installed as Add-on product later), please accept the proposed version downgrade for ruby-1.8.7.p357-0.7.1 to ruby-1.8.7.p72-5.30.5 in order to proceed with the installation.
After SLES11 SP1 installation, the ruby version shows as
rpm -qi ruby-1.8.7.p357-0.7.1 | head
Name : ruby Relocations: (not relocatable)
Version : 1.8.7.p357 Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany
Release : 0.7.1 Build Date: Fri 27 Jan 2012 12:55:52 AM CET
Install Date: Tue 03 Apr 2012 02:08:20 PM CEST Build Host: gehrke
Group : Development/Languages/Ruby Source RPM: ruby-1.8.7.p357-0.7.1.src.rpm
Size : 6742358 License: GPL v2 or later
Signature : RSA/8, Fri 27 Jan 2012 12:58:12 AM CET, Key ID e3a5c360307e3d54
Packager : http://bugs.opensuse.org
URL : http://www.ruby-lang.org/
Summary : An Interpreted Object-Oriented Scripting Language
Name : ruby Relocations: (not relocatable)
Version : 1.8.7.p357 Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany
Release : 0.7.1 Build Date: Fri 27 Jan 2012 12:55:52 AM CET
Install Date: Tue 03 Apr 2012 02:08:20 PM CEST Build Host: gehrke
Group : Development/Languages/Ruby Source RPM: ruby-1.8.7.p357-0.7.1.src.rpm
Size : 6742358 License: GPL v2 or later
Signature : RSA/8, Fri 27 Jan 2012 12:58:12 AM CET, Key ID e3a5c360307e3d54
Packager : http://bugs.opensuse.org
URL : http://www.ruby-lang.org/
Summary : An Interpreted Object-Oriented Scripting Language
After OES11 installation, and accepting to downgrade the module, the ruby version shows as :
rpm -qi ruby-1.8.7.p72-5.30.5 | head
Name : ruby Relocations: (not relocatable)
Version : 1.8.7.p72 Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany
Release : 5.30.5 Build Date: Wed 17 Aug 2011 07:25:59 PM CEST
Install Date: Wed 04 Apr 2012 08:44:10 AM CEST Build Host: wichary
Group : Development/Languages/Ruby Source RPM: ruby-1.8.7.p72-5.30.5.src.rpm
Size : 6650676 License: GPL v2 or later
Signature : RSA/8, Wed 17 Aug 2011 07:28:04 PM CEST, Key ID e3a5c360307e3d54
Packager : http://bugs.opensuse.org
URL : http://www.ruby-lang.org/
Summary : An Interpreted Object-Oriented Scripting Language
Name : ruby Relocations: (not relocatable)
Version : 1.8.7.p72 Vendor: SUSE LINUX Products GmbH, Nuernberg, Germany
Release : 5.30.5 Build Date: Wed 17 Aug 2011 07:25:59 PM CEST
Install Date: Wed 04 Apr 2012 08:44:10 AM CEST Build Host: wichary
Group : Development/Languages/Ruby Source RPM: ruby-1.8.7.p72-5.30.5.src.rpm
Size : 6650676 License: GPL v2 or later
Signature : RSA/8, Wed 17 Aug 2011 07:28:04 PM CEST, Key ID e3a5c360307e3d54
Packager : http://bugs.opensuse.org
URL : http://www.ruby-lang.org/
Summary : An Interpreted Object-Oriented Scripting Language
Once the installation of OES11 (with the ruby module downgrade mentioned here above) has completed, ruby can than safely be upgraded to a later versions when required.
To avoid ruby conflicts while patching with zypper please add the OES11-Pool repository.
Output for 'zypper lr' should than show the OES11-Pool, SLES11-SP1-Updates and OES11-Updates.
Output for 'zypper lr' should than show the OES11-Pool, SLES11-SP1-Updates and OES11-Updates.
Patch using this method :
zypper up -t patch -r SLES11-SP1-Updates -r OES11-Updates -r OES11-Pool
Solution 3 :
From the offered solutions (solutions by number or skip, retry or cancel), please proceed by accepting or installing the versions with the Vendor change.
Cause
Cause 1 :
Traditionally, the SUSE keyring contained public keys for the various geographical locations where Novell software was built. One of this locations was Provo. The public GnuPG keys from the Provo build system has since been removed from the SUSE keyring.
Novell is working in pursuing a proper solution for future releases.
Cause 2 :
In order to not enforce customers with certain pre-installation requirements, for OES11 services that require ruby, it has been decided to use the ruby package that comes with the SLES11 SDK, and package the same with the OES11 product as a convenience copy for our customers.
The advantage for this was that this method prevented customers from having to switch media, and/or having a requirement to have an active subscription to the SLE11 SDK catalog.
Cause 3 :
For OES11, the tomcat6 packages listed were build from source by Novell, instead of packaging the binaries built by SUSE. As such, the vendor change is expected because the vendor info for both the SLE and OES packages are different.
As the SUSE team has released tomcat with L3 support in February 2012, this is a one time conflict on any new installations/upgrades post February 2012.
Additional information :
We could argue such messages were never observed on OES 2, however Vendor change issues have previously existed on OES2 as well.
The reason this was never observed by OES2 customers was because SLE10 used ZMD, and ZMD has never cared about vendor changes. ZMD just had a hard-coded set of vendor fields and if the vendor info of a particular was different from that list, it would still go ahead, and install it (without informing the administrator performing the update), and then would tell YaST to "lock" the package from future updates.
Traditionally, the SUSE keyring contained public keys for the various geographical locations where Novell software was built. One of this locations was Provo. The public GnuPG keys from the Provo build system has since been removed from the SUSE keyring.
Novell is working in pursuing a proper solution for future releases.
Cause 2 :
In order to not enforce customers with certain pre-installation requirements, for OES11 services that require ruby, it has been decided to use the ruby package that comes with the SLES11 SDK, and package the same with the OES11 product as a convenience copy for our customers.
The advantage for this was that this method prevented customers from having to switch media, and/or having a requirement to have an active subscription to the SLE11 SDK catalog.
Cause 3 :
For OES11, the tomcat6 packages listed were build from source by Novell, instead of packaging the binaries built by SUSE. As such, the vendor change is expected because the vendor info for both the SLE and OES packages are different.
As the SUSE team has released tomcat with L3 support in February 2012, this is a one time conflict on any new installations/upgrades post February 2012.
Additional information :
We could argue such messages were never observed on OES 2, however Vendor change issues have previously existed on OES2 as well.
The reason this was never observed by OES2 customers was because SLE10 used ZMD, and ZMD has never cared about vendor changes. ZMD just had a hard-coded set of vendor fields and if the vendor info of a particular was different from that list, it would still go ahead, and install it (without informing the administrator performing the update), and then would tell YaST to "lock" the package from future updates.