Warning message

Log in to add comments.

The Satellite Blog is a place for the Engineering team to publish tips and tricks about how to use our products, videos which showcase new features, and to point users at new content on the Customer Portal.

Latest Posts

  • Satellite 6.2.9 is released

    Authored by: Rich Jerrido

    Satellite 6.2.9 has been released today. 6.2.9 introduces many fixes based on delivering high priority fixes and RFEs. There is one erratum for the server [1] and one for the hosts [2]. The install ISOs will be updated later this week.

    Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in the release before upgrading. Please reach out to the Satellite team in these cases.

    The list of bugs in 6.2.9 are:

    • The katello backup script no longer stops services unnecessarily and does not reset directory permissions. (BZ#1388145, BZ#1399244)
    • Several issues with the bootstrap script have been addressed. (BZ#1361339, BZ#1422236, BZ#1422756, BZ#1425606)
    • Performance improvements have been made to many parts of the application. (BZ#1428307, BZ#1388296, BZ#1419667, BZ#1422304, BZ#1427618, BZ#1328984, BZ#1402423)
    • Satellite can now pull down the correct Certificate Authority when provisioning against RHEV 4.0. (BZ#1370169)
    • Users will now be able to configure content synchronization to force a resynchronization of content. (BZ#1427618)
    • Multiple bugs with Host navigation were addressed. (BZ#1408438, BZ#1408555, BZ#1432184)
    • The installer will no longer delete virtual machines during the upgrade process. (BZ#1418892)
    • Session IDs have been introduced to the logs, and other logging improvements were also made. (BZ#1408420, BZ#1429642, BZ#1367162)
    • Large files can now be uploaded into Satellite repositories. (BZ#1404345)
    • Satellite has improved how it cleans up content during synchronization and promoting. (BZ#1307207, BZ#1409856, BZ#1417689)
    • Remote Execution has been enhanced to support alternative ports per host. (BZ#1426709)
    • A few improvements were made to Smart Variables. (BZ#1382356, BZ#1353968)
    • The upgrade process has been improved based on customer feedback. (BZ#1389802, BZ#1419721, BZ#1390931)
    • Customers can now delete cloned roles. (BZ#1353788, BZ#1378544)
    • In Satellite 6.2.7, the "foreman-rake katello:reindex" script was renamed to "katello:reimport". This update adds a depreciation warning that "foreman-rake katello:reindex" is now "katello:reimport", and that "katello:reindex" will be removed in Satellite 6.3.

    Please reach out with any questions or concerns.

    • [1] https://access.redhat.com/errata/RHBA-2017:1191
    • [2] https://access.redhat.com/errata/RHBA-2017:1192
    • [3] https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/installation-guide/chapter-6-upgrading-satellite-server-and-capsule-server
    Posted: 2017-04-30T14:05:02+00:00
  • Red Hat Satellite 5.8 Beta Now Available for Testing

    Authored by: Bryan Kearney

    Red Hat Satellite 5.8 Beta Now Available for Testing

    The Red Hat Satellite team is pleased to announce the beta release of Red Hat Satellite 5.8.

    The Satellite 5.8 Beta represents the last minor release of the Satellite 5 product line. For customers planning to stay on Satellite 5 through the end of production and access extended life cycle support in early 2019, we encourage you to test the Satellite 5.8 Beta to plan your eventual upgrade.

    WHAT’S COMING IN 5.8?:

    • Increased speed with channel install and content syncing: Register, activate and update the Satellite server from the Customer Portal, as well as synchronize content via our Content Delivery Network.
    • Improved diagnostics of background tasks and jobs: Introducing the Taskotop utility, which monitors Taskomatic activities and provides insights on the status of jobs, which can now run individually or in bulk.
    • Updated support of Oracle DB & PostgreSQL: Receive expanded support for two additional databases -- External Oracle Database 12c and Embedded/Managed PostgreSQL 9.5 DB.

    BETA PROGRAM DETAILS:

    The Red Hat Satellite 5.8 beta is now available to all customers with an active Red Hat Satellite subscription. To learn more and request temporary beta subscriptions, please visit: https://access.redhat.com/products/red-hat-satellite/beta

    NOTE - Only your company’s Org Admin can request and receive access to the additional beta subscriptions.

    ADDITIONAL RESOURCES:

    Posted: 2017-04-06T15:02:21+00:00
  • Questions and Answers from the February 2017 Satellite Ask-Me-Anything session

    Authored by: Rich Jerrido

    Satellite 6 Ask Me Anything FAQ

    As promised, listed below are the responses to the questions we received in our Feb 2017 Satellite Ask Me Anything session.

    AMA Feb Questions

    January AMA Q&A: https://access.redhat.com/blogs/1169563/posts/2918221

    Next steps: Create 2nd blog post before Tuesday AMA (linking to January Q&A as reference); Later in March, create Satellite 6 Technical FAQ

    Content Views

    Question: Does a composite content view duplicate all content in the content views it contains?
    Answer: No. Content views (and composite views) are merely references to the content on disk. RPM are only stored once on disk. Each content view does having unique yum metadata, but this is measured in the 10s of megabytes.

    Question: What are the best practices for creating a content view?
    Answer: See 2015 - 10 Steps to Build an SOE: How Red Hat Satellite 6 Supports Setting up a Standard Operating Environment https://access.redhat.com/articles/1585273

    Puppet

    Question: Puppet Enterprise only supports integration with Satellite 6 for RHEL 7 or higher puppet masters. Is there any way for RHEL 6 PE users to integrate Satellite with Puppet Enterprise?

    Answer: The integration module is available only for RHEL7 Puppet Masters.

    Question: Is a Continuous Integration/Deployment Workflow possible with Jenkins, r10k and Git possible with Puppet in Satellite 6?

    Answer: Yes. Take a look at the soe-ci to see an example of how one can implement a CI/CD workflow with Satellite 6 + Jenkins

    Question: Is puppet required for provisioning?
    Answer: No

    Install & Upgrades

    Question: I have upgraded my Satellite server from 6.1 to 6.2. However, when viewing my Satellite under access.redhat.com and Subscriptions, it still shows my Satellite Server as version 6.1. Is this serious?

    Answer: It is not serious and you should not be concerned. This is a known bug that will be addressed in future releases of Satellite 6.

    Question: How to automate the installation of RHEL in an environment where dns and dhcp already exists?

    Answer: Simply do not install the DNS and DHCP components on the Satellite.

    Question: We have a number of clients with hostnames that include underscores (''). These clients reported in fine to Satellite 6.1. In order to upgrade to 6.2, I had to delete them in order for the upgrade to be successful. I now find that I cannot add them back. What has changed and why?
    Answer: In Satellite 6.0 and 6.1, there were two definitions of a host, one that was used for provisioning/configuration and another that was used for content/subscription. The content/subscription definition allowed hostnames that were arbitrary, and those could include shortnames & other characters (such as underscores). In Satellite 6.2, one of the major changes was that these definitions were unified, and all hostnames needed to be proper FQDNs. As part of bz1426424, bootstrap.py will allow you to supply an arbitrary hostname when registering that differs from your configured hostname.

    Multi-Org

    Question: We have certain organizations within our organization, which would like to manage their own hosts. How does this work in Satellite 6.x and what's needed to setup multi-org?

    Answer: For each organization, you need to

    • Create a subscription manifest in the Customer Portal
    • Create a new organization in Satellite
    • Import the subscription manifest.

    Question: Is there a way to avoid duplication of sync'd repo data between organizations? We have multiple organizations, and each org seems to need a new copy of repos that are already present in other organizations.

    Answer: RPMs are already deduplicated between organizations. However, each organization needs to 'sync' the repositories that they wish to use in order to get their own copy of them.

    Disconnected Satellites

    Question: My customer is air-gapped from the internet. How can I transfer patches/errata from one Satellite to customer air-gapped Satellite?

    Answer: See Red Hat Satellite 6.2 Feature Overview: Inter-Satellite Sync

    Question: If I have an air-gapped DMZ where I deploy a separate Satellite, will I need to get my subscriptions split as well?

    Answer: Each Satellite will require its own subscription manifest. However, you only need to allocate the subscriptions required to manage each host to the respective Satellite.

    Misc

    Question: What do I need in Satellite 6 to execute remote commands on the guest?

    Answer: SSH Keys need to be setup for each host. Many methods on how to deploy these keys are described in Making systems ready for Satellite 6.2's remote execution

    Question: Any way to extract metadata from Foreman using either hammer or other utilities? I'd like to update our CMDB with this information.
    Answer: Yes, depending on which data you are looking for, this will be accessible via hammer or via the API. Note: hammer can output to CSV, YAML or JSON.

    Question: When should we expect system profile backup feature in Satellite 6?
    Answer: This is currently not planned for an upcoming release of Satellite.

    Question: What do I need to configure our install in order to enable reporting for all hosts under the Host tab?

    Answer: Reporting refers to 'configuration management' reporting. Puppet needs to be installed for this.

    Question: I just applied an errata to a group of systems and it broke and application. How do I figure out what packages were installed if I do not have a profile backup to compare?

    Answer: Each job such as an errata installation submits a background task. You can view these tasks (via Monitor->Tasks) to see which packages were installed.

    Question: We have several VMWare vCenters. What is your recommendation on creating Compute Resources? Should I create 1 Compute Resource for each vCenter?

    Answer: Compute Resources only support a single vCenter, so 1 Compute Resource per vCenter.

    Posted: 2017-03-14T09:36:28+00:00
  • SPECIAL OFFER - Red Hat Satellite 6 Administration Video Classroom

    Authored by: Alice Cockrum

    Newly launched this week is the Red Hat Satellite 6 Administration (RH403) Video Classroom course! Red Hat is offering a discount of 20% off the video classroom course if you register before August 31st, 2017.

    Why did we launch a Satellite 6 video classroom course?
    Video classrooms provide you with an interactive "classroom" experience, anywhere you choose. When traveling to an in-person class and spending a week away from the office isn't feasible, having a self-paced video training option is a great alternative. The video classroom courses are led by our most experienced Red Hat certified instructors, recorded in high definition (HD) video, giving you a virtual "in-classroom" setting. You get 90 days of unlimited access to course videos, 80 hours of cloud-lab access, full and searchable transcripts, high-quality, hands-on lab environments, email support, video functionality, and eBooks with your course content.

    What will I learn during the RH403 course?
    Students will use Satellite 6 to manage the software development life cycle of a subscribed host and its configuration, and learn how to provision hosts integrated with software and Puppet configuration management upon deployment. This includes:
    - Installing Red Hat Satellite 6.
    - Manage software with Satellite environments and content views.
    - Create custom RPM packages.
    - Use Satellite to configure hosts with Puppet.
    - Provision hosts with integrated software and configuration management.

    Who should consider signing up for RH403?
    We recommend this course for Red Hat Enterprise Linux system administrators responsible for the management of multiple servers.

    I'm ready to sign up -- give me instructions!
    - Visit the Red Hat Satellite 6 Administration (RH403) course page.
    - Select your country in the “You are viewing information for” dropdown.
    - Select the “How will you train/test” dropdown and select the “Video Classroom” and then select “Get Started” or “Enroll”.
    - Select “Add to Cart” and begin the checkout process.
    - Once you arrive at the payment page, select your payment method and then use the following code Promotion Code section: RedHatSatellite6_20_170831
    - Finish the process, and you should be all set!

    Are there rules or restrictions related to this offer?
    There always are! Below are the terms and conditions for this promotion:
    - Applies to new RH403 registrations made between March 13, 2017 and August 31, 2017.
    - Valid only for Red Hat Satellite 6 Administration (RH403) video classroom course.
    - Discounts are based on full list price and will be calculated based on local currency.
    - Courses purchased using Red Hat Training Units are excluded.
    - This offer cannot be combined with any other promotions, discounts or savings programs.
    - Red Hat reserves the right to change or cancel this promotion at any time.

    Good luck with the course, and let us know your feedback of the new video classroom training option!

    Posted: 2017-03-13T13:55:23+00:00
  • Satellite 6.2.8 is released

    Authored by: Rich Jerrido

    Satellite 6.2.8 has been released today as part of RHBA-2017:0447

    Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions in the Installation Guide. Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in the release before upgrading. Please reach out to the Satellite team in these cases.

    A number of significant improvements are delivered in this release. A few of these are mentioned below:

    Notification of Subscriptions which require virt-who.

    On the Subscriptions page in the UI, Satellite now prominently displays if a subscription requires virt-who.

    Click to enlarge

    IMAGE ALT TEXT

    Additionally, when importing a subscription manifest that contains subscriptions that require virt-who, the user is directed to the Customer Portal for guidance & documentation regarding virt-who configuration. BZ139544

    Applying Custom Configuration via the installer

    Satellite 6.2.8 now allows the administrator to customize files that the installer manages. Previously, if installer managed files such as /etc/httpd/conf/httpd.conf was manually modified, these changes were reverted on the next installer run. With Satellite 6.2.8, a means to customize these files (and maintain their changes) is provided. Read more in Satellite 6.2 Feature Overview: Applying Custom Configuration via the installer.

    Red Hat Insights Weekly Summary Emails

    The feature is designed to send emails to local users of Insights in
    Satellite. A single summary email will be sent every week for each
    organization per user when all of the following conditions are met:

    • Insights is enabled in the organization
    • At least one host is subscribed to Insights in the organization
    • The user has subscribed to Insights notifications (In UI, top right
      hand corner, select -> My Account ->Email Notifications ->
      (Select "subscribe" for "Insights Notifications" )
    • Your Satellite is correctly configured to send emails

    Remote Execution can be configured to prefer FQDN versus IP

    In many deployments of software clusters, such as Pacemaker, HP Serviceguard, and Oracle's RAC, virtual IP addresses are shared between multiple physical systems. Previously, Remote Execution used the host's IP address to connect to the system. This was troublesome in clustered deployments as some of the IP addresses are shared and 'float' between physical systems. This had the net effect that Remote Execution jobs could be scheduled on a undesired host in the cluster.

    With Satellite 6.2.8, Remote Execution now uses the Fully Qualified Domain Name as the default method to connect to hosts. Host can be configured to use the previously method by setting the remote_execution_connect_by_ip parameter to true, globally, or at the host/hostgroup level. BZ1402432

    Dashboard & Widget improvements

    A number of improvements to the dashboard were delivered in 6.2.8, including, but not limited to:

    • Performance improvements to the latest events dashboard Widget
    • Dashboard search previously failed with foreman_discovery installed. This has been resolved.
    • In many cases, the dashboard failed if the user had a filtered role. This has been resolved
    • Dashboard widget data is now lazily loaded.

    Upgrade Notes

    In addition, customers who upgraded directly from 6.1 to 6.2.7 may be seeing an issue with their capsules. Please see this KCS before upgrading.

    Full list of fixes & enhancements in 6.2.8 are:

    • Dashboard performance improvements from 6.3 have been backported to 6.2.z. (BZ#1413361, BZ#1232877)
    • Several upgrade issues have been addressed. (BZ#1420626, BZ#1419511, BZ#1418747, BZ#1387776, BZ#1404348)
    • Multiple performance issues have been addressed in the UI and Hammer. (BZ#1399765, BZ#1393611, BZ#1395777, BZ#1383378)
    • Provisioning on Atomic Host through a proxy has been fixed. (BZ#1406506, BZ#1366134)
    • Red Hat Insights will now send emails to Satellite users (BZ#1403979)
    • Several issues in Remote Execution have been addressed (BZ#1402432, BZ#1392948, BZ#1388696, BZ#1378915)
    • The installer has been improved to support arbitrary configuration options. (BZ#1305782)
    • Fixes for RHV 4.0 and VMware compute profiles are included (BZ#1393928, BZ#1394290)
    • Several broken Hammer commands have been fixed (BZ#1420673, BZ#1023127, BZ#1372372)
    • Multiple bugs around Content Management have been addressed (BZ#1329689, BZ#1414149, BZ#1388618, BZ#1388173, BZ#1385800, BZ#1371406, BZ#1291960, BZ#1405085, BZ#1355752, BZ#1346816)
    • Several bugs around provisioning have been addressed (BZ#1403393, BZ#1412951, BZ#1406362, BZ#1386334, BZ#1335604)
    • The katello-backup tool now correctly handles re-using the same target directory (BZ#1377636)
    • Navigating to the products page from certain other pages would result in an error. This has been resolved. (BZ#1411800)
    • Users can now search the audit log by type (BZ#1406175)
    • Registration failures due to unexpected hardware facts have been addressed (BZ#1363749, BZ#1405614)
    • Promotion emails were not being sent, and should now work (BZ#1369817)
    • The subscription page will now make it apparent that the user should set up virt-who (BZ#1393544)
    Posted: 2017-03-06T10:33:52+00:00
  • Subscription-manager for the former Red Hat Network User: Part 12 - Subscription Reporting Tools

    Authored by: Rich Jerrido

    Overview

    One of the big changes with Satellite 6 and also Red Hat Subscription Management (RHSM) is that the tools now maintain an accurate inventory of what systems are consuming which subscription. This document will illustrate how to use hammer and other tools to extract subscription consumption information from Satellite. This information is useful for audit/reporting and other usages.

    Prerequisites

    It is important that you have read (or understand) the concepts as presented in:

    Hammer-cli-csv

    One of the most common questions we get is 'How can I see which systems are using which subscription?'. Introduced as a supported tool in Satellite 6.2.2, hammer-cli-csv, can be used to export subscription consumption usage. It can also be used as part of the renewal process to attach subscriptions based upon the contents of a CSV file (as described in Subscription-manager for the former Red Hat Network User: Part 6 - understanding and improving the renewal experience). For now, we'll focus on the export functionality.

    Note: some earlier versions of hammer-cli-csv didn't respect hammer's request_timeout value. This was addressed via RHBA-2017:0197. If you are running Satellite 6.2.7 or newer, you have this erratum already. If you aren't, you'd need to apply it if you are exporting large numbers of hosts.

    Firstly, let's run hammer to export subs

    hammer csv content-hosts \
     --export \
     --file content-hosts-export.csv \
     --itemized-subscriptions \
     --verbose \
     --organization Example
    

    NOTE If you haven't setup hammer's configuration file to store username/password & server, it connects to https://localhost and uses admin as the username.

    The command above writes content-hosts-export.csv to the current directory

    cat content-hosts-export.csv
    Name,Organization,Environment,Content View,Host Collections,Virtual,Guest of Host,OS,Arch,Sockets,RAM,Cores,SLA,Products,Subscription Name,Subscription Type,Subscription Quantity,Subscription SKU,Subscription Contract,Subscription Account,Subscription Start,Subscription End,Subscription Guest
    kvm01.example.com,Example,Infrastructure,RHEL7_Infra,"",No,,Red Hat Enterprise Linux Server 7.3,x86_64,1,16316756,2,"",69|Red Hat Enterprise Linux Server,"Red Hat Enterprise Linux Server, Premium (1-2 sockets) (Unlimited guests) with Smart Management",Red Hat,1,RH0149450,11002744,5699795,07/04/2016,07/04/2017,
    

    Below is an explanation of each of the fields. Note: A full example report is attached to this blog post.

    Item Details Notes
    Name Name of the host
    Organization Organization the host resides in
    Environment Lifecycle Environment of the Host
    Content view Attached Content View
    Host Collections list of 1 or more Host Collections that the host is a member of (comma separated)
    Virtual is the host virtual or physical (as reported by subscription-manager facts)
    Guest of Host on which hosts does the guest reside
    OS Operating system (as reported by subscription-manager facts)
    Arch Architecture (as reported by subscription-manager facts)
    Sockets Sockets (as reported by subscription-manager facts)
    RAM Memory (as reported by subscription-manager facts)
    Cores Cores (as reported by subscription-manager facts)
    SLA Service Level Agreement
    Products Installed Products (from /etc/pki/product*) (comma separated) Covered in Subscription-manager for the former Red Hat Network User: Part 8 - product certificates
    Subscription Name Canonical name of the subscription (as reported by subscription-manager, rct and the UI)
    Subscription Type what type of subscription There are 3 types (Red Hat, Red Hat Guest [for derived subscriptions], and Custom [for 3 party products])
    Subscription Quantity Quantity of attached entitlements Instance based subs counting is interesting see Subscription-manager for the former Red Hat Network User: Part 10 - Instance Based Subscriptions
    Subscription SKU Stock Keeping Unit (SKU)
    Subscription Contract Contract number of the subscription
    Subscription Account Which account are these subscriptions from.
    Subscription Start When does the subscription start
    Subscription End When does the subscription end
    Subscription Guest Host constraint of this subscription only guests of the listed host can use this subscription.

    Expanding hammer-cli-csv to report on custom fields

    While the report above is useful for most use cases, maybe you have a need to report on fields that aren't in the default report.

    Example: I want to create a simple custom report that shows that prints the host name, subscription status, and CPU model name.

    In /etc/hammer/cli.modules.d/csv.yml (or your user's local hammer config file) add:

    :csv:
      :enable_module: true
      :columns:
        :content-hosts:
          :define:
            - :name: Subscription Status
              :json:
                - subscription_status_label
            - :name: Last Checkin
              :json:
                - subscription_facet_attributes
                - last_checkin
            - :name: CPU Model Name
              :json:
                - facts
                - proc_cpuinfo::common::model_name
    

    Then run a hammer export

    hammer csv content-hosts \
     --export \
     --columns "Name,Subscription Status,CPU Model Name" \
     --file custom_report.csv
    

    And let's look at the report.

    Name,Subscription Status,CPU Model Name
    kvm01.example.com,Fully entitled,"Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz"
    

    How do I know what properties to use in my configuration file?

    Any property of the object that your are exporting can be used via hammer csv. In this example, we are exporting data from a (content) host, so any of a (content) hosts properties is valid. Lets look at a host kvm01.example.com via the API to see all of its properties.

    curl -sk \
     -u admin:[redacted] https://satellite.example.com/api/hosts/kvm01.example.com  | json_reformat
     {
         "ip": null,
         "environment_id": 3,
         "environment_name": "KT_Example_infrastructure_rhel7_infra_2",
         "last_report": "2017-02-19 13:00:41 UTC",
         "mac": "b8:ae:ed:7d:0b:aa",
         "realm_id": null,
         "realm_name": null,
         "sp_mac": null,
         "sp_ip": null,
         "sp_name": null,
         "domain_id": 1,
         "domain_name": "example.com",
         "architecture_id": 1,
         "architecture_name": "x86_64",
         "operatingsystem_id": 9,
         "operatingsystem_name": "RedHat 7.3",
         "subnet_id": 1,
         "subnet_name": "Infrastructure",
    
    <!-- OUTPUT REDACTED ->
    }
    

    Any of the above can be used.

    Hammer as an ad-hoc reporting tool.

    Hammer has a few functionalities that make it useful for ad-hoc reporting. As an example, you may not need system level subscription report, but you may want to know 'of the subscriptions that I've purchased, how many are in use (and conversely, how many do I have free?'). You can do this with hammer, specifically hammer subscription list. Hammer can output to a number of formats, including CSV, YAML and JSON.

    hammer --output json subscription list \
      --organization Example
    [
    {
      "ID": 251,
      "UUID": "2c9180935a41d344015a513e4fcd0c1d",
      "Name": "Red Hat Enterprise Linux for Virtual Datacenters with Smart Management, Standard",
      "Contract": 11002776,
      "Account": [REDACTED],
      "Support": "Standard",
      "Quantity": "Unlimited",
      "Consumed": 0,
      "End Date": "2017-07-04T03:59:59.000+0000",
      "Attached": 0
    },
    {
      "ID": 252,
      "UUID": "2c9180935a568fcf015a58992cce003b",
      "Name": "Red Hat Cloud Infrastructure with Smart Management, Premium (2-sockets)",
      "Contract": 11002794,
      "Account": [REDACTED],
      "Support": "Premium",
      "Quantity": "Unlimited",
      "Consumed": 0,
      "End Date": "2017-07-04T03:59:59.000+0000",
      "Attached": 0
    }
    ]
    
    
    
    

    sat6Inventory

    If you are still on Satellite 6.0 or Satellite 6.1, you do not have access to hammer-cli-csv. We provide in the Red Hat Satellite GitHub Organization the community supported sat6Inventory script, which is useful for subscription reporting for older versions of Satellite. Note: sat6Inventory does work with Satellite 6.2, but we prefer that you use hammer-cli-csv as that is the supported tool. And feel free to file RFEs against hammer-cli-csv.

    rhsmShowConsumerSubs

    If you are using systems registered to Red Hat Subscription Managemen (RHSM), we provide, also in the Red Hat Satellite GitHub Organization the community supported rhsmTools repo, which has the rhsmShowConsumerSubs.py script, which is useful for subscription reporting for Red Hat Subscription Management. It reports subscriptions attached to any consumer registered to RHSM. These include systems (type system) & subscription management applications (type SAM and Satellite)

    Further reading

    Posted: 2017-02-21T14:29:47+00:00
  • Questions and Answers from the January 2017 Satellite Ask-Me-Anything session

    Authored by: Rich Jerrido

    Satellite 6 Ask Me Anything FAQ

    As promised, listed below are the responses to the questions we received in our Jan 2017 Satellite Ask Me Anything session. We are running another Ask Me Anything on 14 Feb, so feel free to join us again.

    SUBSCRIPTIONS

    Question: On the subscription comments... you have to give it a subscription id with hammer. I have a bunch of VMs that came in with the wrong license that should be under the datacenter model. The only way I've found to fix this through the UI remove the subscription and then run auto attach. Shouldn't auto attach fix this on it's own? Or virt who fix it? Is there a way for me to do this in bulk?

    Answer: Generally speaking, once a system has a valid subscription, the tools do not modify it. You can solve this in one of two manners:

    • Remove the subscription from the guest and do nothing. Within the rhsmcertd checkin interval, the guest will consume its hypervisors subscription. (Assuming it has been reported via virt-who)
    • Remove the subscription from the guest, and run auto-attach. With Satellite 6.2.2 and newer, you can do this ‘en masse’ for large numbers of hosts if needed.

    Question: How have subscriptions been remedied in 6.2? I'm currently looking into the upgrade as I have clients losing repo subscriptions.

    Answer: With Satellite 6.2.2 and newer, a number of tools were added to improve the subscription experience:
    - New CLI tooling to attach subscriptions to hosts (via hammer host)
    - New GUI tooling to perform subscription actions (run auto-attach, attach a specific subscription) on large numbers of hosts
    - New CLI tooling to import/export subscription status as a CSV file (for reporting, or modification).
    These are documented in Subscription-manager for the former Red Hat Network User: Part 6 - understanding and improving the renewal experience

    Question: How would I get a report out of Satellite mapping Guests to Hypervisors? The link I know is virt-who.....

    Answer: Assuming you are on Satellite 6.2.2 or newer, ‘hammer csv’ is the best command for this. Earlier versions of Satellite (6.0 -> 6.2.1) can use sat6Inventory

    Question: How do we start candlepin service and what is it for?

    Answer: Candlepin does entitlement management in Satellite 6. It tracks subscriptions, issues entitlement certificates (which provide access to content). Candlepin is started by default as it is a core part of the provide.

    Question: Is there a way to declarate hypervisor node on satellite to benefit datacenter licence without using virt-who ?

    Answer: Subscriptions that require virt-who have to be used with virt-who as the host/guest mapping needs to be created first.

    Question: Are there improvements in virt-who+candlepin coming in 6.3? We currently have a problem (on 6.2.2) where one of our vCenters have >80 hypervisors and more than a thousand linux servers (in Satellite): Candlepin uses >more than 4 minutes chewing through the host-to-guest mapping.

    Answer: There are a number of improvements that you should see in Satellite 6.2 regarding virt-who’s efficiency in larger environments. As virt-who is a critical piece of the subscription toolkit, fixes that impact customers are delivered asynchronously and aren’t always aligned with a product release.

    Question: If I'm having subscription issues, should I simply upgrade from 6.1.9 to 6.2.x or should I build a new environment fresh with 6.2.x?

    Answer: This is a matter of choice. The upgrade from 6.1.9 to 6.2.x is a supported method. If you’d want to build a 6.2 instance and move the clients over, the bootstrap script can do this for you.

    CONTENT/HOW TO USE

    Question: is there an easy way to make a content view only contain the most recent rpms instead of all of them?

    Answer: Not currently.

    Question: I have been looking at Pulp, Katello, and Sat 6 as possible solutions. My question is, can I import non-RHSM channel RPMs into Sat 6 (like OEL (sorry not my choice ...) or Oracle ASMLib for our older RHEL servers)? In this area, Pulp appears to be maybe easier to work with?

    Answer: Satellite 6 includes Pulp as a core component, so the underlying tooling is the same. Satellite 6 can import RPMs from non Red Hat sources, and this is described in our (content management guide)[https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/content-management-guide/chapter-5-importing-custom-content]

    *
    Question: I would like to know how to stand up an automated patching methodology and timetable. Additionally, I'd like to know, if I am subscribed to the 7Server repo, how do I restrict my clients to just 7.2 (now that 7.3 is release)

    Answer:
    Restricting clients to a specific release can be done in one of two ways
    - Using content view filters
    - Using the special dot-release repos (7.1, 7.2, etc)

    Best practices for each repository type are described in Understanding Red Hat Content Delivery Network Repositories and their usage with Satellite 6

    Question: I look at my Sync Status and it says I have new packages for a product e.g. RHEL EPEL had 104(71.5) MB) last sync. How do I see exactly what packages were updated?

    Answer: Today, the best way to accomplish this is to increase pulp’s logging verbosity (in /etc/pulp/server.conf or via ‘hammer admin logging’), and which RPMs are downloaded are logged via syslog

    We have an outstanding RFE) to improve this and deliver this via an email report, similar to what we do for errata.

    Question: What's the best practice on CVs to create say a 7 server CV that contains, optional, extras etc + Oracle Java for RHEL Server

    Answer: A content view, at its core is ‘a grouping of repositories that are managed together’. As Optional, extras, oracle java are all additional repositories for the Base Operating System, it makes sense to combine them into a single CV.

    Question: I'm new to Sat 6 and am having trouble mapping the DevOps environment in Sat 6.x, into our current Sat 5 environment. We just need Satellite in order to manage/patch our Linux systems without the overhead of DevOps. Is that possible in Satellite 6?

    Answer: It depends on the use case. Some customers have rather structured workflows with the desire to move content through a lifecycle (Dev->Test->Prod). Others want a more relaxed workflow of “freeze a content view at a point in time”. Others want just access to the repositories, without freezing the content. Satellite supports them both.

    Question: I have a CV with custom products and RH errata excluding a date. A critical errata comes out which I want to add - I create an incremental view, eg version 10.1. I then want to add RPM's to the custom product. If I publish the view - version 11.0 - will it contain my critical errata added in 10.1?

    Answer: No. Content view versions do not ‘carry over’ changes made via an incremental update between versions. Thus, it is necessary in the scenario above that the administrator explicitly ensures that the errata that were incrementally added is included.

    Question: What's your recommendation about the creation of content views when satellite manage hundred servers ? Per project ? Per OS ? Per product ?

    Answer: Content view are ‘grouping of repositories that share a similar lifecycle’. Generally, you’d have a small number of CVs that represent a BaseOS, additional CVs to represent layered or 3rd party applications. And lastly, you’d use composite views to combine specific versions. (Say v4.0 of your RHEL6 CV + v2.0 of your web stack = v1 of RHEL6 + LAMP CCV)

    Question: How would I get a report out of Satellite mapping Guests to Hypervisors?

    Assuming you are on Satellite 6.2.2 or newer, ‘hammer csv’ is the best command for this. Earlier versions of Satellite (6.0 -> 6.2.1) can use sat6Inventory - https://github.com/RedHatSatellite/sat6Inventory

    Question: What is the recommended way to register host to Satellite 6 which wasn't provisioned from it ?

    Answer: The bootstrap script is the recommended way to register a host that wasn’t provisioned from Satellite.

    Question: When would you use Composite Content View and when just Content View ?

    Answer: Composite Content Views are useful when you have two types of content that are on different lifecycles. Example, your operating system is generally fairly static, but you may content such as a line-of-business (LOB) application which develops on a different cadence. Composite Content Views all you to match (for example) version 2.0 of your RHEL7 Operating System Build with version 52 of your LOB app to create version 1.0 of your ‘RHEL7 + App’ Composite Content View

    TRANSITION

    Question: We have Satellite 5.6, with a dev, stage and production groups, we plan to migrate to satellite 6.2, what would the transition process look like? Would we be able to use the same groups we have? what impact and updates would we need to do for the client servers?

    Answer:
    Transition is pretty straightforward.

    Firstly, you’d get your transaction subscriptions from the transition landing page. This allows you to build your Satellite 6 infrastructure in parallel to your Satellite 5. Next you’d setup your Satellite using the best practices for Satellite 6 such as via the 10 Steps to an SOE guide

    As far as grouping, Satellite 6 has Host collections, which are a direct equivalent to Satellite 5’s system groups. Additionally Satellite 6 has powerful searching allowing you to arbitrarily group systems and perform actions against them.

    Regarding the clients, once you have Satellite 6 configured to your liking, use the bootstrap script to migrate them.

    Question: In Sat 5 I could assign servers to any cloned channel (very flexible approach). In Sat 6 I am forced to move along environment paths (i.e. dev->test->uat->preprod->prod ). (Am I ?) Is there any way to have the flexibility from Sat 5 ?

    Answer: Yes. With Satellite 6, you effectively have two models to manage content for your systems:

    Yes. Customers usually fall into one of two disciplines:
    - define the workflow and move content to the systems.
    - define the content and create a workflow to move the systems to the content.

    The former uses lifecycle environments, the latter does not, if you are interested in doing the latter, you could (as an example):

    • create a content view named Q1_2016 with appropriate filters for Q1.
    • publish Q1_2016 view to the library
    • assign whatever systems to that view using hammer host update

    ...90 days later:

    • create a content view named Q2_2016 with appropriate filters for Q2.
    • publish Q2_2016 view.
    • assign whatever systems to that view.

    Repeat as necessary

    Question: have any tips/hints for least painful ways to port/migrate snippets from Sat 5.x to Sat 6.x to maintain functionality/investment in work we have already done? Sat trans guide was not a lot of help or the way it is described did not import cleanly into Sat 6

    SECURITY & COMPLIANCE

    Question: Do you have any good resources for openscap? Setup/content sources.
    Answer: The scap-security-guide which is shipped in Red Hat Enterprise Linux contains a number of good baseline policies that can be used as a baseline for SCAP. Satellite uses these by default.

    Question: How do you customize compliance policies? For example we're evaluating satellite now and when we run scans, they show failures for items like "install openswan" which does not apply to our systems. Can that be customized so that machines not show as failing compliance for items that do not apply?

    Answer: Compliance policies have the ability to be tailored using an (aptly named) tailoring file. These can be created using the scap-workbench tool. Satellite 6 doesn’t currently support a tailoring file (see bz1292510) , but we do have a document describing how to ‘respin’ a datastream file including your tailored changes. (https://access.redhat.com/solutions/2377951)

    Question: How do you make custom datastreams to install for OpenSCAP (especially for CIS benchmark)? For example, oscap ds sds-compose.

    Answer: You can convert any existing xccdf via oscap ds sds-compose. Alternatively, you can use the OpenSCAP policies that are included in the scap-security-guide package. (which are already in DataStream format)

    Question: OpenSCAP - Is it possible to apply multiple policies (ie, RHEL server base + Oracle), it looks like the current setup is a one-to-one mapping between Host Groups and SCAP policies

    Answer: A policy can apply to one or more host groups. In your example, you’d define two policies (one for RHEL, one for Oracle), and you’d assign BOTH to the host group in question.

    PORTFOLIO/ANSIBLE/PUPPET

    Question: Can you review how Ansible is going to be integrated with Satellite, and how you might recommend somebody start using Ansible now in a way that could be easily integrated later? ETAs on these things would be cool too.

    Answer: Red Hat Satellite 6 currently supports integration with Ansible Tower. We plan to provide integration of Ansible Core into Red Hat Satellite 6 in a future near-term release.

    Question: Will that cost extra to use Ansible in Satellite?

    Answer: Red Hat Satellite 6 currently supports integration with Ansible Tower today, and Ansible Tower is sold separately and have additional capabilities above/beyond Ansible Core. When we integrate Ansible Core technology, it will not cost extra for that functionality. Ansible Tower will remain a separate offering with a separate price.

    Question: Any chance for Chef integration into Satellite 6
    Answer: Integration with Chef is not currently on the Satellite 6 roadmap.

    Question: When Satellite 6.3 arrives will it be a normal upgrade from 6.2. I'm curious because of the addition of Ansible to the Satellite structure.

    Answer: The upgrade to Satellite 6.3 will be similar (with regards to the steps that are required) to the upgrade from Satellite 6.1 to 6.2. More or less, the process will be:

    • Disable Satellite 6.2 repo.
    • Enable Satellite 6.3 repo.
    • Perform some minor pre-upgrade checks.
    • Install 6.3 packages
    • run installer with the --upgrade switches.

    HIGH AVAILABILITY & DISASTER RECOVERY

    Question: Can you talk about Satellite HA and DR setups.

    Answer: Best practices for HA & DR setups can be found in our HA Guide

    Question: So HA requires 2 licenses for Satellite? I was also told that a capsule server could become Satellite in the case of a loss of Satellite. I have been told a few different things regarding this from RH employees.

    Yes, HA requires 2 subscriptions to Satellite. However, the second subscription is sold at 50% similar to a 'disaster recovery' subscription. Reach out to your account team for more details.

    In the event of a 'loss of Satellite', capsule servers cannot be 'promoted' to become Satellites.

    Question: What about HA options for Sat 6 ? Any active-passive supported configuration ?

    Answer: See our HA Guide

    OTHER

    Question: with bootstrap files, do we have to provide a user name/passwd in order to register a system using the bootstrap process

    Answer The information required by the bootstrap script is dependent on which features are being used. If you are registering a system and want to configure it with puppet (and in the correct organization/location/hostgroup), it requires a username/password to create the host record via the API. If you are merely registering the system for content, you can leverage the --skip-foreman switch which does not require username/password (only an activation key and organization)

    Question: Can you tell me what the difference is between 7Server and 7Server EUS repos? I get the 7.X and 7.X EUS repos differences, but the other ones?

    Answer: See Understanding Red Hat Content Delivery Network Repositories and their usage with Satellite 6

    Question: does the roadmap for Satellite 6.x include any support for using external DHCP providers beyond ISC DHCP? As an example Foreman can use a smart proxy to use an MS DHCP provider.

    Answer: Not currently.

    Question: If I use say 7.2 EUS repos, and I have a client who says, "Can I have version X.Y of Postgres?" that I discover is in 7.3 repo or 7.4 repo....how do I get that to them with dependencies resolved etc etc…

    Answer: That is difficult to do. As the 7.2 repo gets no content after 7.3 is released, there is no way for Satellite to 'backport' newer RPMs into a 7.2 repo. It is suggested for this usage to use the 7Server repo, locked to a specific date via content view filters, and selectively add errata as needed.

    Question: is it possible to run remote scripts as a non-root user? The default info for ssh keys appears to assume root can ssh to a system, which we can't do.

    Answer: You can set the effective user via the remote_execution_ssh_user setting/parameter.

    Question: Concerning Lazy sync when configured with "on demand", how will that work with available errata for clients?

    Answer: on_demand doesn't change anything in the errata workflow. Clients will still have errata applicability calculated based on their pubished content views and last Synchronization of the Satellite with the Red Hat CDN.

    Question: What is the preferred provisioning methodology when DHCP/PXE/TFTP are not available w/in the env...FDI is the path we are tracking down, is this a reasonable option or do you have a better suggestion? Trying to simulate as close to as possible our legacy kickstarts out of Sat 5.x

    Answer: Correct. PXE-Less Discovery is the path here. I'd suggest leveraging the Discovery Rules to further automate the provisioning process.

    Question: Can you use a pfx certificate as a custom certificate for Red Hat Satellite 6.2 or do you need to break them out in pem files?

    Answer: They need to be PEM files. Use the openssl command to convert them.

    Posted: 2017-02-09T22:49:02+00:00
  • Satellite 6.2.7 is released

    Authored by: Rich Jerrido

    Satellite 6.2.7 has been released today. There is one erratum for the server [1] and one for the hosts[2]. The install ISOs will be updated later this week.

    Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in the release before upgrading. Please reach out to the Satellite team in these cases.

    The list of bugs in 6.2.7 are:

    • The API has been enhanced to expose ENC information and content_source_id. (BZ#1362372, BZ#1390153)
    • The hammer-csv command has been improved based on user feedback, and enhanced to support activation keys with Virtual Datacenter subscriptions. (BZ#1374072, BZ#1394218, BZ#1405134, BZ#1281346, BZ#1400101)
    • Several errors in the installer have been fixed. (BZ#1386919, BZ#1394970, BZ#1375697, BZ#1163452)
    • Several errors in the upgrade process have been fixed. (BZ#1394177, BZ#1410783, BZ#1389558, BZ#1364980, BZ#1368085, BZ#1354623, BZ#1406900, BZ#1356714, BZ#1412486)
    • Several performance improvements have been made in the application. (BZ#1399877, BZ#1392550, BZ#1396642, BZ#1383436, BZ#1388631)
    • Remote Execution against many hosts was causing errors to appear. This case is now handled correctly. (BZ#1367606, BZ#1372708)
    • Content Syncing and promotion bugs are addressed in this release. (BZ#1355858, BZ#1327212, BZ#1328092)
    • Subscription views and processing have been improved. (BZ#1180573, BZ#1397467, BZ#1367851, BZ#1400101, BZ#1400697)
    • Several fixes to Smart Class parameters have been addressed. (BZ#1393773, BZ#1391556, BZ#1334514)
    • Documentation links and information about the running Satellite have been improved. (BZ#1368230)
    • Two search bugs have been fixed. (BZ#1372069, BZ#1372757)

    Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.

    [1] https://access.redhat.com/errata/RHBA-2017:0197
    [2] https://access.redhat.com/errata/RHBA-2017:0198
    [3] https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/installation-guide/chapter-6-upgrading-satellite-server-and-capsule-server

    Posted: 2017-01-26T13:40:20+00:00
  • Subscription-manager for the former Red Hat Network User: Part 11 - Identity Certificates

    Authored by: Rich Jerrido

    Overview

    Alternate title: Better living, via X.509, part two

    Identity certificates are an important component of the subscription-manager toolkit. Understanding their usage makes working with subscription-manager significantly easier.

    Prerequisites

    It is important that you have read (or understand) the concepts as presented in:

    What is an Identity Certificate & why are they important?

    Identity certificates are x.509 certificates, that are issued by a Subscription Management System (Red Hat Subscription Management or Satellite 6), which are used to identity registered systems. They are the means that systems authenticate to the system they are registered to and are used to upload data such as system facts and attached subscriptions. Conversely, they can be used to on a client to gather information about itself, via the API.

    How do I get an Identity Certificate?

    Identity certificates are stored in /etc/pki/consumer and are issued at registration time. Let's register a client and see:

    #subscription-manager register
    Registering to: subscription.rhsm.redhat.com:443/subscription
    Username: [REDACTED]
    Password:
    The system has been registered with ID: 760d71de-f96f-4483-9d87-3f3307f02052
    
    

    The UUID (760d71de-f96f-4483-9d87-3f3307f02052) that is returned by the subscription-manager command is the systems consumerid, and it can be used when troubleshooting, or for some advanced use cases. We can see the identity certificate in /etc/pki/consumer.

    #ls -l /etc/pki/consumer/
    total 8.2k
    -rw-r-----. 1 root root 2.1k Jan 19 18:22 cert.pem
    -rw-r-----. 1 root root 1.7k Jan 19 18:22 key.pem
    

    We can view these certificates using the openssl command, but it is STRONGLY preferred to use the rct command.

    # rct cat-cert /etc/pki/consumer/cert.pem
    
    +-------------------------------------------+
        Identity Certificate
    +-------------------------------------------+
    
    Certificate:
        Path: /etc/pki/consumer/cert.pem
        Version: 1.0
        Serial: 2356622119501078906
        Start Date: 2017-01-20 13:10:58+00:00
        End Date: 2018-01-20 13:10:58+00:00
        Alt Name: URI:CN=client.example.com
    
    Subject:
        CN: 760d71de-f96f-4483-9d87-3f3307f02052
    
    Issuer:
        C: US
        CN: Red Hat Candlepin Authority
        O: Red Hat, Inc.
        OU: Red Hat Network
        ST: North Carolina
        emailAddress: ca-support@redhat.com
    
    

    A note on subscription-manager clean.

    When troubleshooting subscription related issues, you might be tempted to run the subscription-manager clean command. Under most normal circumstances you do not want to run this command. As the subscription-manager manual states:

    CLEAN OPTIONS
        The clean command removes all of the subscription and identity data from the local system without affecting the system information  in
        the  subscription management service.  This means that any of the subscriptions applied to the system are not available for other sys‐
        tems to use. The clean command is useful in cases where the local subscription information is corrupted or lost somehow, and the  sys‐
        tem will be re-registered using the register --consumerid=EXISTING_ID command.
    
    

    More often than not, you'd want to use the subscription-manager refresh or subscription-manager unregister commands (depending on the circumstances)

    The subscription-manager clean command is equivalent to wiping the local system's identity WITHOUT informing the system it is registered to. (For the former RHN users, this is equivalent to deleting /etc/sysconfig/rhn/systemid). Ifsubscription-manager clean` is run, one of the following should happen:

    • Manual intervention should occur to delete the systems profile if the system is being retired, as its profile may still have subscriptions attached that you may want to use elsewhere. OR
    • Manual intervention should occur to reconnect the system to its old profile.

    Assume that by accident, the subscription-manager clean command was run on a system. How do we recover from accidentally running subscription-manager clean?

    On this test system, let's attach a subscription. I'll use a Satellite subscription in this example:

    Find a Satellite sub.

    #subscription-manager list --all \
      --available --matches 'Red Hat Satellite'
    +-------------------------------------------+
        Available Subscriptions
    +-------------------------------------------+
    Subscription Name:   Red Hat Satellite
    Provides:            Red Hat Satellite Capsule Beta
                         Red Hat Software Collections (for RHEL Server)
                         Red Hat Satellite Capsule
                         Red Hat Satellite with Embedded Oracle
                         Red Hat Beta
                         Red Hat Satellite Beta
                         Red Hat Satellite 6 Beta
                         Red Hat Enterprise Linux High Availability (for RHEL Server)
                         Red Hat Enterprise Linux Server
                         Red Hat Satellite
                         Red Hat Software Collections Beta (for RHEL Server)
                         Red Hat Enterprise Linux Load Balancer (for RHEL Server)
                         Red Hat Satellite 5 Managed DB
    SKU:                 MCT0370
    Contract:            10881778
    Pool ID:             8a85f98152d000770152d1d330140fee
    Provides Management: Yes
    Available:           12
    Suggested:           1
    Service Level:       Premium
    Service Type:        L1-L3
    Subscription Type:   Standard
    Ends:                02/10/2017
    System Type:         Physical
    
    

    Attach the Satellite sub.

    #subscription-manager attach --pool 8a85f98152d000770152d1d330140fee
    

    Next, let's run subscription-manager clean to wipe the systems identity.

    # subscription-manager clean
    All local data removed
    

    And now let's run yum or subscription-manager commands to try to install content or work with subscriptions.

    #yum repolist
    Loaded plugins: product-id, search-disabled-repos, subscription-manager
    This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
    repolist: 0
    
    #subscription-manager identity
    This system is not yet registered. Try 'subscription-manager register --help' for more information.
    

    The system believes it is unregistered. We could re-register the system normally, but that would potentially consume an additional subscription. (Since we may not have deleted the old profile yet). How do we reconnect this system to its old profile?

    Luckily, subscription-manager has an option for this provided via the --consumerid parameter to the subscription-manager register command.

    But we need the consumerid. And it can be found in one of two ways:

    • In /var/log/rhsm/rhsm.log.
    # grep 'Consumer Identity' /var/log/rhsm/rhsm.log
     @managercli.py:359 - Consumer Identity name=client.example.com uuid=760d71de-f96f-4483-9d87-3f3307f02052
    
    
    • Or via the Customer Portal.

    Visit the systems page, find the system in question and you'll find the system's UUID listed.

    Example (Click to Enlarge)

    IMAGE ALT TEXT

    Now that we have the systems UUID (760d71de-f96f-4483-9d87-3f3307f02052) again, we can re-register with using the --consumerid parameter

    # subscription-manager register \
     --consumerid=760d71de-f96f-4483-9d87-3f3307f02052
    Registering to: subscription.rhsm.redhat.com:443/subscription
    Username:[REDACTED]
    Password:
    The system has been registered with ID: 760d71de-f96f-4483-9d87-3f3307f02052
    

    And let's check with subscription-manager status & subscription-manager list --consumed

    # subscription-manager status
    +-------------------------------------------+
       System Status Details
    +-------------------------------------------+
    Overall Status: Current
    
    
    #subscription-manager list --consumed
    +-------------------------------------------+
       Consumed Subscriptions
    +-------------------------------------------+
    Subscription Name:   Red Hat Satellite
    Provides:            Red Hat Satellite
                         Red Hat Enterprise Linux Server
                         Red Hat Beta
                         Red Hat Software Collections (for RHEL Server)
                         Red Hat Satellite Beta
                         Red Hat Satellite 5 Managed DB Beta
                         Red Hat Software Collections Beta (for RHEL Server)
                         Red Hat Satellite 6 Beta
                         Red Hat Satellite Capsule Beta
                         Red Hat Enterprise Linux Load Balancer (for RHEL Server)
                         Red Hat Satellite 5 Managed DB
                         Red Hat Satellite with Embedded Oracle
                         Red Hat Satellite Capsule
                         Red Hat Enterprise Linux High Availability (for RHEL Server)
    SKU:                 MCT0370
    Contract:            10881778
    Account:             5644938
    Serial:              8242148226459104076
    Pool ID:             8a85f98152d000770152d1d330140fee
    Provides Management: Yes
    Active:              True
    Quantity Used:       1
    Service Level:       Premium
    Service Type:        L1-L3
    Status Details:      Subscription is current
    Subscription Type:   Standard
    Starts:              02/11/2016
    Ends:                02/10/2017
    System Type:         Physical
    
    
    
    

    SUCCESS!!. The --consumerid parameter is useful not only in this usage, but also if a server is rebuilt and you want to attach to its previous profile.

    Advanced usage

    As the identity certificate is used to authenticate the client, it can be leveraged to grab information about the guest from the API.

    Using the curl command you can determine this information for Red Hat Subscription Management. First, you need to know the UUID of the system you wish to grab this data for. This can be gathered from the 'system identity' field of the subscription-manager identity command. (or from rct cat-cert /etc/pki/consumer/cert.pem as previously shown)

    $ subscription-manager identity
    system identity: 760d71de-f96f-4483-9d87-3f3307f02052
    name: client.example.com
    org name: [REDACTED]
    org ID: [REDACTED]
    
    

    Next, issue a curl command to gather this data

    UUID=760d71de-f96f-4483-9d87-3f3307f02052
    curl -sk \
     --cert /etc/pki/consumer/cert.pem \
     --key /etc/pki/consumer/key.pem \
     -X GET https://subscription.rhsm.redhat.com/subscription/consumers/$UUID/ | json_reformat
    

    Note, as you are using the systems own identity certificate for authentication, it can only query data about itself. Username/password authentication is needed to query all the hosts in an account. This method can be used to gather other properties of hosts, which may not be exposed via RHSM's Web UI, or to get data (like the system's facts) in a more structured format (JSON)

    Further reading

    Posted: 2017-01-20T13:24:03+00:00
  • Subscription-manager for the former Red Hat Network User: Part 10 - Instance Based Subscriptions

    Authored by: Rich Jerrido

    Overview

    Instance Based Subscriptions are a type of subscription that allows the end user flexible deployment options. This article describes their usage with the subscription tooling.

    Prerequisites

    It is important that you have read (or understand) the concepts as presented in:

    What is an Instance Based Subscription?

    To provide a more flexible and intuitive way of managing your Red Hat Enterprise Linux subscriptions, Red Hat introduced a new Red Hat Enterprise Linux (RHEL) 2013 packaging model. This model was designed to suit customers with growing needs to deploy both physical and virtual systems in large, constantly changing datacenters.

    One of the subscription types that was created is the Red Hat Enterprise Linux Server, (Physical or Virtual Nodes) subscription. This subscription type allows the end user to deploy either 2 virtual machines (regardless of size) or 1 two socket system.

    While this subscription is flexible, it does present some interesting challenges when working with the subscription tooling.

    Example:

    As an customer, I've purchased Quantity 20 of RH00004 - Red Hat Enterprise Linux Server, Standard (Physical or Virtual Nodes), and I can see this via the Customer Portal's new subscription page as shown below

    UI Example (Click to Enlarge)

    IMAGE ALT TEXT

    You'd note that there are two columns, Quantity & Entitlement Usage:

    • Quantity - The actual number of purchased subscriptions (which is in this case 20)
    • Entitlement Usage - The number of entitlements created (which is in this case 40)

    The quantity of the pool as shown in the Entitlement Usage column is the purchased Quantity multiplied by the instance multiplier. For the Physical or Virtual Nodes subscription, this is 2. Other subscriptions may have different multipliers.

    As stated above, the Physical or Virtual Nodes subscription allows the end user to deploy either 2 virtual machines (regardless of size) or 1 two socket system. As I have in this example, purchased 20 of them, any of the following are valid deployment scenarios:

    • Ten (10) 2-socket systems + 20 virtual machines OR
    • Twenty (20) 2-socket systems OR
    • Forty (40) virtual machines OR
    • Two (2) 8-socket systems, Four (4) 4-socket systems + Four (4) virtual machines OR
    • various combinations thereof.

    How do I know a subscription is an instance based subscription?

    In the Customer Portal's new subscription page, various subscription properties are now more prominently exposed. In the case of instance based subscriptions, you'd see the Instance Based property set to Yes

    IMAGE ALT TEXT

    How are instance based subscriptions counted?

    With instance based subscriptions, a registering system will decrement an entitlement from the pool in the following fashion:

    • Virtual machines (regardless of size) decrement by 1.
    • 2 socket systems decrement by 2
    • 4 socket systems decrement by 4
    • 8 socket systems decrement by 8
    • etc.

    Let's take a look at that from a client perspective.

    How do instance based subscriptions work with the client tools?

    Let's take a look at a virtual guest that has been deployed. Our virtual guest has been given 4 sockets (as it is expected to run a workload that requires a large amount of processing power)

    We'll show its system facts via the subscription-manager facts command.

    [root@virtual:] ~ #subscription-manager facts | egrep '(cpu_socket|is_guest)'
    cpu.cpu_socket(s): 4
    virt.is_guest: True
    
    

    Next, let's list what subscriptions do we have available:

    [root@virtual:] ~ #subscription-manager list\
     --all --available \
    --matches \
    'Red Hat Enterprise Linux Server, Standard (Physical or Virtual Nodes)'
    +-------------------------------------------+
        Available Subscriptions
    +-------------------------------------------+
    Subscription Name:   Red Hat Enterprise Linux Server, Standard (Physical or Virtual Nodes)
    Provides:            Red Hat Container Images Beta
                         Red Hat Beta
                         dotNET on RHEL Beta (for RHEL Server)
                         Red Hat Software Collections (for RHEL Server)
                         Red Hat Enterprise Linux Atomic Host Beta
                         Oracle Java (for RHEL Server)
                         Red Hat Container Images
                         Red Hat Enterprise Linux Server
                         dotNET on RHEL (for RHEL Server)
                         Red Hat Software Collections Beta (for RHEL Server)
                         Red Hat Enterprise Linux Atomic Host
                         Red Hat Developer Toolset (for RHEL Server)
    SKU:                 RH00004
    Contract:            10881781
    Pool ID:             8a85f98352d124000152d1d759ca4f68
    Provides Management: No
    Available:           40
    Suggested:           1
    Service Level:       Standard
    Service Type:        L1-L3
    Subscription Type:   Instance Based
    Ends:                02/10/2017
    System Type:         Physical
    

    Note, we can see that only a quantity of 1 is suggested for this virtual system. The fact that it is a guest (virt.is_guest: True) supercedes the reported hardware topology.

    Next, let's look at an 8-socket system's facts:

    [root@eight-socket:] ~ #subscription-manager facts | egrep '(cpu_socket|is_guest)'
    cpu.cpu_socket(s): 8
    virt.is_guest: False
    

    And show which subscriptions are available. Note the suggested quantity is now 8 due to the system's facts.

    [root@eight-socket] ~ #subscription-manager list\
     --all --available \
    --matches \
    'Red Hat Enterprise Linux Server, Standard (Physical or Virtual Nodes)'
    +-------------------------------------------+
        Available Subscriptions
    +-------------------------------------------+
    Subscription Name:   Red Hat Enterprise Linux Server, Standard (Physical or Virtual Nodes)
    Provides:            Red Hat Container Images Beta
                         Red Hat Beta
                         dotNET on RHEL Beta (for RHEL Server)
                         Red Hat Software Collections (for RHEL Server)
                         Red Hat Enterprise Linux Atomic Host Beta
                         Oracle Java (for RHEL Server)
                         Red Hat Container Images
                         Red Hat Enterprise Linux Server
                         dotNET on RHEL (for RHEL Server)
                         Red Hat Software Collections Beta (for RHEL Server)
                         Red Hat Enterprise Linux Atomic Host
                         Red Hat Developer Toolset (for RHEL Server)
    SKU:                 RH00004
    Contract:            10881781
    Pool ID:             8a85f98352d124000152d1d759ca4f68
    Provides Management: No
    Available:           40
    Suggested:           8
    Service Level:       Standard
    Service Type:        L1-L3
    Subscription Type:   Instance Based
    Ends:                02/10/2017
    System Type:         Physical
    
    

    Next, let's actually attach that subscription to our 8-socket system:

    [root@eight-socket] ~ #subscription-manager attach --pool 8a85f98352d124000152d1d759ca4f68
    Successfully attached a subscription for: Red Hat Enterprise Linux Server, Standard (Physical or Virtual Nodes)
    

    And let's look at subscription consumption via the client.

    [root@eight-socket] ~ #subscription-manager list --consumed
    Subscription Name:   Red Hat Enterprise Linux Server, Standard (Physical or Virtual Nodes)
    Provides:            Oracle Java (for RHEL Server)
                         Red Hat Enterprise Linux Atomic Host
                         Red Hat Enterprise Linux Server
                         Red Hat Software Collections (for RHEL Server)
                         Red Hat Beta
                         dotNET on RHEL Beta (for RHEL Server)
                         dotNET on RHEL (for RHEL Server)
                         Red Hat Enterprise Linux Atomic Host Beta
                         Red Hat Developer Toolset (for RHEL Server)
                         Red Hat Software Collections Beta (for RHEL Server)
                         Red Hat Container Images
                         Red Hat Container Images Beta
    SKU:                 RH00004
    Contract:            10881781
    Account:             5644938
    Serial:              6819453414623957537
    Pool ID:             8a85f98352d124000152d1d759ca4f68
    Provides Management: No
    Active:              True
    Quantity Used:       8
    Service Level:       Standard
    Service Type:        L1-L3
    Status Details:      Subscription is current
    Subscription Type:   Instance Based
    Starts:              02/11/2016
    Ends:                02/10/2017
    System Type:         Physical
    
    

    And via the portal:

    UI Example (Click to Enlarge)

    IMAGE ALT TEXT

    How many systems can I actually deploy then?

    As the Physical or Virtual Nodes subscriptions allow you to consume flexibly (albeit at different quantities based on system facts), it can be difficult to understand what is available. In the case of an instance based subscription, the Entitlement Usage column reflects is the maximum number of virtual machines you can subscribe (if you deploy nothing BUT virtual machines). If you deploy physical systems (or combinations of physical systems and virtual machines), you'll consume from this pool faster.

    Instance Based subscriptions with Satellite 6

    Instance based subscriptions work the same in Satellite 6 as they do with the Red Hat Customer Portal. It is to be noted that when creating a subscription manifest, you are selecting which entitlements you wish to use on-premise, so the same logic applies (virtual machines decrement by 1, 2 socket servers by 2, etc, etc)

    IMAGE ALT TEXT

    Further reading

    Posted: 2017-01-20T09:33:49+00:00