Why do I receive errors when I run Zypper commands on my EC2 SLES instance?
Errors occur when I run Zypper commands on my Amazon Elastic Compute Cloud (Amazon EC2) SUSE Enterprise Linux Server (SLES) instance.
Short description
To determine the error, review the output messages of the Zypper command. The following errors might occur when you run Zypper commands:
- "HTTP Error" or "Not ready to read within timeout" or "Timeout"
- "Warning: There are no enabled repositories defined." Or "Missing Repositories or Authentication is required for https://smt-ec2.susecloud.net/services/2145?credentials=Basesystem_Module_x86_64' or or Permission to access 'https://smt-ec2.susecloud.net/repo/SUSE/Products/SLE-Module-Adv-Systems-Management/12/x86_64/product/repodata/repomd.xml?credentials=Advanced_Systems_Management_Module_x86_64 ' denied."
- "System management is locked by the application with PID xxx (zypper). Close this application before trying again."
- "The following xx items are locked and will not be changed by any action."
Resolution
Note: Before you use the following resolutions, create an Amazon Machine Image (AMI) or an Amazon Elastic Block Store (Amazon EBS) snapshot of your instance.
"HTTP Error" or "Not ready to read within timeout" or "Timeout"
Incorrect instance configurations cause these errors. To resolve the error, complete the following steps:
1. Confirm that the security group that's attached to your instance permits outbound HTTP and HTTPS traffic.
2. Verify that the network access control lists (network ACLs) that are associated with your instance's subnet allow outbound HTTP and HTTPS traffic.
Example network ACL rules:
Inbound rules Rule# Type Protocol Port Range Source Allow/Deny 130 Custom TCP Rule TCP (6) 1024-65535 0.0.0.0/0 ALLOW 140 Custom TCP Rule TCP (6) 1024-65535 ::/0 ALLOW * ALL Traffic ALL ALL 0.0.0.0/0 DENY * ALL Traffic ALL ALL ::/0 DENY Outbound rules Rule # Type Protocol Port Range Destination Allow/Deny 100 HTTP (80) TCP (6) 80 0.0.0.0/0 ALLOW 101 HTTPS (443) TCP (6) 443 0.0.0.0/0 ALLOW 102 HTTP (80) TCP (6) 80 ::/0 ALLOW 103 HTTPS (443) TCP (6) 443 ::/0 ALLOW * ALL Traffic ALL ALL ::/0 DENY * ALL Traffic ALL ALL 0.0.0.0/0 DENY
In the preceding example, outbound rules 100 and 101 correspond to inbound rule 130. Outbound rules 102 and 103 correspond to inbound rule 140. The outbound traffic that's allowed on ports 80 and 443 (HTTP and HTTPS) is matched with the inbound traffic that's allowed on the ephemeral ports. Ephemeral ports are dynamically assigned and are used by the source for outbound traffic. You must allow inbound traffic on ephemeral ports so that the outbound connection allows responses from the destination. For more information, see Ephemeral ports.
The example network ACL rules have an ephemeral port range of 1024-65535. The range that you use for your network ACLs depends on your client and the client that you want to communicate with.
For more information and additional network ACL examples, see Custom network ACL.
3. To access SUSE repositories, use one of the following methods for your Amazon EC2 instance:
- The instance is in a public subnet with an internet gateway. For more information, see Turn on internet access.
- The instance is in a private subnet with a NAT gateway. For more information, see NAT gateways.
- The instance is in a private subnet with a NAT instance. For more information, see NAT instances.
- The instance is in a private subnet. To determine if you need a private repository, see Accessing SUSE Updates in AWS. When do you need a private repository? on the SUSE website.
4. After you configure your instance, run a few commands to verify that Zypper performs as expected. For example, run the following command to install telnet:
sudo zypper install telnet
"Warning: There are no enabled repositories defined" or "Missing Repositories or Authentication is required"
These errors occur when registration with the SUSE repositories fails.
1. To verify that the instance has a valid billing code, run the following command:
$ curl -s [http://169.254.169.254/latest/dynamic/instance-identity/document](http://169.254.169.254/latest/dynamic/instance-identity/document) | grep -i billing
If both billingProducts and marketplaceProductCodes are null, then errors occur. All compliant SLES instances must have the billingProducts code.
Example billing code:
"billingProducts": ["bp-xxxxxxxx"],
2. To verify that you registered SUSE, run the following command:
$ sudo SUSEConnect -s
If the command displays Not Registered, then run the following command to register SUSE.
rm /etc/SUSEConnect rm -f /etc/zypp/{repos,services,credentials}.d/* rm -f /usr/lib/zypp/plugins/services/* sed -i '/^# Added by SMT reg/,+1d' /etc/hosts /usr/sbin/registercloudguest --force-new
If you receive errors when you register SUSE, then see AWSSupport-TroubleshootSUSERegistration.
Note: The preceding registration method applies to AWS On-Demand (PAYG) SLES cloud instances. For standard SUSE installations or BYOS cloud images, use the traditional registration method that's specific to the SLE release.
- For SLE11 systems use suse_register for registration.
- For SLE12 systems use SUSEConnect. Note that SLE12/OES2018 uses suse_register to connect to Micro Focus repositories.
Or, you can register these systems against a local mirror, such as SUSE Manager or SMT/RMT server.
For more information, see AWS or Azure SUSE cloud instance missing software repositories on the SUSE website.
3. To confirm that Zypper performs as expected, run a few commands.
System management is locked by the application with PID xxx (zypper). Close this application before trying again.
When this error occurs, some actions are restricted. For example, you can't run the Zypper update command. To resolve this issue, either wait for the process to complete or stop the process. To stop the process, complete the following steps:
1. Connect to your instance.
2. To check for active processes, run the following command. In the command output, note the PID of the active process.
ps -ef | grep zypper
To stop the process, run the following command:
sudo kill -9 xxx
In the preceding example command, replace xxx with the PID that you obtained in step 2.
After the process stops, the Zypper update command runs without the lock error.
The following xx items are locked and will not be changed by any action
This error in the event log indicates that SUSE locked specific packages to prevent unauthorized installations or upgrades. A padlock icon displays next to locked packages.
You can't install, upgrade, or remove locked packages through the SUSE Manager Web UI or with a package manager on the client machine. The Zypper main page provides commands to list and remove any locks. For more information, see System Locking on the SUSE website and SDB: Zypper manual (plain) on the openSUSE website.
To view the current package locks, run the following command:
zypper ll
Command output example:
| Name | Type | Repository | Comment --+-----------+---------+------------+-------- 1 | plymouth* | package | (any) |
To remove a lock, run the following command:
zypper rl plymouth*
After you remove the lock, run the Zypper update command again.
Note: Change the package name according to your instance's requirements.
Relevant content
- Accepted Answerasked a year agolg...
- asked 3 years agolg...
- asked 4 years agolg...
- asked 2 years agolg...
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago