SMT Server and automatic distribution of patches

Good afternoon all:

We’re running a combination of SLES 11 SP3 (I know its out of date), SP4, SLES12 SP0 - 3 boxes all connected to a SMT server running SLES 12 SP3. I’ve been having a lot of trouble dealing with getting accurate patch compliance information out of SMT and have done a lot of investigation. I have found that if there is any kind of problem with a “zypper ref” command, we will end up with “Unknown” shown in patch information.

To eliminate this problem I have been working hard on getting repos pushed out correctly to the client machines. Some repos are pushed out via Puppet and we have full control over these. Others are not pushed out via Puppet yet still appear on the client machine. I have discovered that during the initial registration of the machine to SMT, SMT will publish a services file which goes into /etc/zypp/services.d which contains several repos. This file is the source of these other repos.

This has raised a number of questions for us:

  • How do I disable this functionality? We have decided that we’d prefer to manage the repos ourselves using Puppet. It would seem repos marked as Optional in the SMT database are not pushed out to client machines in an enabled state, but I don’t want to edit the database. I could fight the process using Puppet but I’d much rather avoid that.

  • Where is this behaviour documented? I have been searching high and low for an explanation of this behaviour and have found none. Eventually we had to reverse engineer the whole process to discover how it worked.

  • What provision in SMT is there for updating the list of repos automatically? Lets say that I decide that I no longer want to mirror a repo that has been automatically pushed out by SMT and stop doing so. Based on my understanding of things, this will result in every machine that has that repo now errorring and not giving us up to date patch information, instead showing “Unknown”. There does not seem to be any repo update service.