- Jamf Nation Community
- Products
- Jamf Pro
- Re: NetSUSLP 4.0.0 and CentOS
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-09-2015 12:27 PM
We're running NetSUS 3.0.2 on CentOS 6.7 just for software updates. To support 10.11 I tested out updating it to NetSUSLP 4.0.0. The update went without issue, but after the first sync several current updates, like 10.9.5 and 10.10.5, were marked as deprecated. Once I cleared out the deprecated updates, no 10.9.5 or 10.10.5 updates were available. So, I restored my pre-update snapshot and started testing on a fresh install of CentOS.
In a fresh install, there are only 634 updates available in the web interface and there are several obvious updates missing, like 10.9.5, 10.10.5, and 10.11.1. When I test out the 4.0.0 Ubuntu appliance there are 1,185 updates available and all the updates I expect to see are there.
I'd prefer to run the NetSUSLP in CentOS so I've started investigating the issue. Before I spend too much time on it I thought it would be worthwhile to bring the issue to the group to see if anyone else has experienced this or if anyone has any suggestions. Thanks for your time!
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-12-2015 11:24 AM
To troubleshoot this problem I followed the instructions in reposado_preferences.txt and enabled logging by adding
<key>RepoSyncLogFile</key>
<string>/var/log/reposado_sync.log</string>to /var/lib/reposado/preferences.plist
Then I ran another sync and in the reposado log I came across:
Nov 12 14:04:29 Building index-mountainlion-lion-snowleopard-leopard.merged-1_CCS.sucatalog... Nov 12 14:04:29 Could not replicate https://swscan.apple.com/content/catalogs/others/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog: Error 59: Unknown cipher in list: HIGH Nov 12 14:04:29 Could not replicate https://swscan.apple.com/content/catalogs/others/index-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog: Error 59: Unknown cipher in list: HIGH Nov 12 14:04:29 Could not replicate https://swscan.apple.com/content/catalogs/others/index-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog: Error 59: Unknown cipher in list: HIGH Nov 12 14:04:29 repo_sync run ended
According to this post, RedHat/CentOS's curl is compiled against NSS instead of OpenSSL and it doesn't recognize the parameter 'High' so I added the options below to /var/lib/reposado/preferences.plist to override the default SSL ciphers.
<key>AdditionalCurlOptions</key>
<array>
<string>ciphers = "rsa_aes_128_sha,rsa_aes_256_sha,rsa_3des_sha"</string>
</array>Now it appears to be working without any issue. I'm not sure why I had the trouble and others haven't, but I'm happy it's working again and thought I should document it here.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-09-2015 01:58 PM
I am running it on Centos 7 and all 1180ish updates show up for me.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-10-2015 05:53 AM
Thanks @mattware . What are you installing in CentOS 7 before NetSUSLP? I use a minimal install and have the same problem in CentOS 6 and 7.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-10-2015 06:49 AM
@zmkaylor I didn't do anything other than fully update CentOS before installing. I did also make a change to php.conf after installing so that I could select all updates, but other than that no changes. Also using the minimal install.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-12-2015 11:24 AM
To troubleshoot this problem I followed the instructions in reposado_preferences.txt and enabled logging by adding
<key>RepoSyncLogFile</key>
<string>/var/log/reposado_sync.log</string>to /var/lib/reposado/preferences.plist
Then I ran another sync and in the reposado log I came across:
Nov 12 14:04:29 Building index-mountainlion-lion-snowleopard-leopard.merged-1_CCS.sucatalog... Nov 12 14:04:29 Could not replicate https://swscan.apple.com/content/catalogs/others/index-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog: Error 59: Unknown cipher in list: HIGH Nov 12 14:04:29 Could not replicate https://swscan.apple.com/content/catalogs/others/index-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog: Error 59: Unknown cipher in list: HIGH Nov 12 14:04:29 Could not replicate https://swscan.apple.com/content/catalogs/others/index-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog: Error 59: Unknown cipher in list: HIGH Nov 12 14:04:29 repo_sync run ended
According to this post, RedHat/CentOS's curl is compiled against NSS instead of OpenSSL and it doesn't recognize the parameter 'High' so I added the options below to /var/lib/reposado/preferences.plist to override the default SSL ciphers.
<key>AdditionalCurlOptions</key>
<array>
<string>ciphers = "rsa_aes_128_sha,rsa_aes_256_sha,rsa_3des_sha"</string>
</array>Now it appears to be working without any issue. I'm not sure why I had the trouble and others haven't, but I'm happy it's working again and thought I should document it here.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-23-2015 02:17 PM
This is great- i had this exact issue when installing NetSUS on our CentOS box.
However, I'm still getting an error box on the client that says "Can't Load Data from the Update Server".
I followed the configuration doc, so I'm unsure why it can't communicate.
