Chapter 4. Register Red Hat Update Infrastructure and Attach Subscriptions

4.1. Install Red Hat Enterprise Linux

  1. Install Red Hat Enterprise Linux on the Red Hat Update Appliance (RHUA), each content delivery server (CDS), and on the HAProxy load balancer if you are using it. See the Red Hat Enterprise Linux 7 Installation Guide for installation details.
  2. Attach an appropriate subscription to each node. See Chapter 6 of the Red Hat Enterprise Linux 7 System Administrator’s Guide for subscription details.

4.2. Register Red Hat Update Infrastructure

  1. Register the system that you are going to use as the RHUA instance.

    [root@rhua ~]# subscription-manager register --type=rhui --username <admin-example> --password <secret>
    Registering to: subscription.rhsm.redhat.com:443/subscription
    The system has been registered with ID: <a12b34c5-6d78-9ef1-2345-ghi678jk91l2m>
    Note

    If you are using an existing system as the RHUA and the RHUA has an attached subscription, you will see This system is already registered. Use --force to override when you try to register it using # subscription-manager register --type=rhui. You can override the subscription by adding --force to the command line argument. Another option is to unregister the system (# subscription-manager unregister) and register it again (# subscription-manager register --type=rhui).

  2. Register each CDS node that will be used unless existing, external, already registered systems are used.

    [root@cds1 ~]# subscription-manager register --username <admin-example> --password <secret>
    Registering to: subscription.rhsm.redhat.com:443/subscription
    The system has been registered with ID: <a12b34c5-6d78-9ef1-2345-ghi678jk91l2m>
  3. Register each HAProxy node that will be used unless existing, external, already registered systems are used.

    [root@haproxy1 ~]# subscription-manager register --username <admin-example> --password <secret>
    Registering to: subscription.rhsm.redhat.com:443/subscription
    The system has been registered with ID: <a12b34c5-6d78-9ef1-2345-ghi678jk91l2m>

    The new system will be available on the Customer Portal, and the new RHUA instance will not have any subscriptions applied to it.

4.3. Attach a Subscription to the Red Hat Update Appliance

  1. Check for available subscriptions to add to the RHUA.

    [root@rhua ~]# subscription-manager list --available
    +-------------------------------------------+
        Available Subscriptions
    +-------------------------------------------+
    Subscription Name:   Red Hat Enterprise Linux Atomic Host for Certified Cloud
                         and Service Providers (via Red Hat Update Infrastructure)
    Provides:            Red Hat Enterprise Linux Atomic Host Beta from RHUI
                         Red Hat Enterprise Linux Atomic Host from RHUI
    SKU:                 RH00731
    Contract:            11312089
    Pool ID:             8a85f9815a6c4c9d015a6c6acb373ed9
    Provides Management: No
    Available:           19
    Suggested:           1
    Service Level:       Premium
    Service Type:        L1-L3
    Subscription Type:   Standard
    Ends:                02/22/2018
    System Type:         Physical
    
    Subscription Name:   Red Hat Update Infrastructure and RHEL Add-Ons for
                         Providers
    Provides:            dotNET on RHEL (for RHEL Server) from RHUI
                         Red Hat Enterprise Linux Server from RHUI
                         Red Hat Software Collections (for RHEL Server) from RHUI
                         Red Hat Enterprise Linux for SAP from RHUI
                         Red Hat Enterprise Linux Resilient Storage (for RHEL
                         Server) from RHUI
                         Red Hat Enterprise Linux Scalable File System (for RHEL
                         Server) from RHUI
                         Red Hat Enterprise Linux Server - Extended Update Support
                         from RHUI
                         dotNET on RHEL Beta (for RHEL Server) from RHUI
                         Red Hat Enterprise Linux for SAP Hana from RHUI
                         RHEL Software Test Suite (for RHEL Server) from RHUI
                         Red Hat Enterprise Linux High Availability (for RHEL
                         Server) from RHUI
                         Red Hat Update Infrastructure
                         Red Hat Enterprise Linux Load Balancer (for RHEL Server)
                         from RHUI
    SKU:                 RC1116415
    Contract:            11314314
    Pool ID:             8a85f9815a71f0bd015a72445adf0223
    Provides Management: No
    Available:           20
    Suggested:           1
    Service Level:       Premium
    Service Type:        L1-L3
    Subscription Type:   Standard
    Ends:                02/23/2018
    System Type:         Physical
  2. Use the Pool ID for your subscription to attach the subscription. Because there are two SKUs and two subscription names, you need to run subscription-manager attach --pool=<Pool ID> for each <Pool ID>.

    # subscription-manager attach --pool=<Pool ID>
    Successfully attached a subscription for: <Subscription_Name>
    
    # subscription-manager attach --pool=<Pool ID>
    Successfully attached a subscription for: <Subscription_Name>

4.4. Attach a Subscription to the CDS Nodes

  1. Check for available subscriptions that you can add to the CDS nodes.

    [root@<cds1> ~]# subscription-manager list --available
    +-------------------------------------------+
        Available Subscriptions
    +-------------------------------------------+
    Subscription Name:   <Your_Subscription_Name>
  2. Use the Pool ID of Red Hat Satellite - Add-Ons for Providers subscription. This subscription provides access to Red Hat Enterprise Linux and Gluster Storage.

    # subscription-manager attach --pool=<Pool_ID>
    Successfully attached a subscription for: Red Hat Satellite - Add-Ons for Providers

4.5. Attach a Subscription to the HAProxy Nodes

  1. Check for available subscriptions that you can add to the HAProxy nodes.

    [root@<haproxy1> ~]# subscription-manager list --available
    +-------------------------------------------+
        Available Subscriptions
    +-------------------------------------------+
    Subscription Name:   <Your_Subscription_Name>
  2. Use the Pool ID of Red Hat Satellite - Add-Ons for Providers subscription. This subscription provides access to Red Hat Enterprise Linux and Gluster Storage.

    # subscription-manager attach --pool=<Pool_ID>
    Successfully attached a subscription for: Red Hat Satellite - Add-Ons for Providers

4.6. Download an Entitlement Certificate

In most cases, you download a RHUI entitlement certificate for a RHUA that is already registered to the Red Hat Customer Portal using subscription-manager, as described in Section 4.2, “Register Red Hat Update Infrastructure”. There may be a case where you need to download an entitlement certificate before setting up the RHUA server and registering to the Red Hat Customer Portal.

Section 4.6.1 discusses the first approach, and Section 4.6.2 discusses the second approach.

4.6.1. Download an Entitlement Certificate for a Registered System

An entitlement certificate is an X.509 client certificate that provides access to content within the Red Hat Content Delivery Network (CDN). Entitlement certificates are used for various purposes during installation and ongoing operation of RHUI, including:

  • yum access to Red Hat Enterprise Linux (RHEL) and RHUI packages during RHUA setup.
  • Access to the RHUI installation ISO.
  • Access to ISOs and packages during RHUI repository synchronization.

    1. Log in to the Customer Portal, if you are not already logged in.

      Figure 4.1. Red Hat Customer Portal

      Red Hat Customer Portal Login Dialog
    2. Click on My Subscriptions.

      Figure 4.2. My Subscription Option

      My Subscription Option
    3. Click on the Systems tab in the Red Hat Subscription Management page.

      Figure 4.3. Menu Options in Red Hat Subscription Management

      Subscription Management Menu Options
    4. Click More Filters.

      Figure 4.4. More Filters Option

      More Filters Option
    5. Select RHUI in the System Type pull-down menu.

      Figure 4.5. System Type Option

      System Type Option
    6. Confirm registered RHUI systems are listed.
    7. You can view the details for the RHUI system that you need a certificate for by clicking on the link in the Name column. You do not have to click the check box to the left of the name.

      Figure 4.6. Registerd RHUI System

      Registered RHUI System
    8. Click the Subscriptions tab at the top of the page and select Download Certificates.

      Figure 4.7. Download Certificates Option

      Download Certificates Option
    9. The entitlement certificate is stored in a ZIP archive. See Section 4.6.3, “Work with Downloaded Entitlement Certificates” for information about this archive.

4.6.2. Download an Entitlement Certificate for an Unregistered System

  1. Log in to the Customer Portal, if you are not already logged in.

    Figure 4.8. Red Hat Customer Portal

    Red Hat Customer Portal Login Dialog
  2. Click on My Subscriptions.

    Figure 4.9. My Subscription Option

    My Subscription Option
  3. Click on the Systems tab in the Red Hat Subscription Management page.

    Figure 4.10. Menu Options in Red Hat Subscription Management

    Subscription Management Menu Options
  4. Click New to create a RHUI system profile.

    Figure 4.11. New System Option

    New System Option
  5. Create a RHUI system profile by entering the following parameters:

    1. System Type: Red Hat Update Infrastructure
    2. Name: <RHUA_name>
    3. Version: 2.1.3 and above

      Figure 4.12. Create New System Profile Dialog

      Create New System Profile Dialog
  6. Click Create.

    You may get this message, "A system needs to be registered with this profile’s UUID in order to receive updates from Red Hat Customer Portal Subscription Management." If you do, run the following command.

     # subscription-manager register --consumerid=<UUID>
  7. Click the Systems tab and then click the name of the newly registered system.

    Figure 4.13. Registerd RHUI System

    Registered RHUI System
  8. Click the Subscriptions tab and click Attach Subscriptions.

    Figure 4.14. Attach Subscriptions Option

    Attach Subscriptions Option

    If you are taken to another screen, select the system you want to add subscriptions to and click Attach Subscriptions.

  9. Click Download Certificates to download the entitlement certificate.

    Figure 4.15. Download Certificates Option

    Download Certificates Option
  10. The entitlement certificate is stored in a ZIP archive. See Section 4.6.3, “Work with Downloaded Entitlement Certificates” for information about this archive.

4.6.3. Work with Downloaded Entitlement Certificates

Entitlement certificates are downloaded as a ZIP archive instead of a .pem file. The ZIP archive includes an embedded ZIP file, which you also need to extract. If multiple entitlement certificates are downloaded, the ZIP archive will contain multiple .pem files. The embedded ZIP archive contains the following contents:

  • export/

    • entitlement_certificates/

      • SERIALNUMBER1.pem
      • SERIALNUMBER2.pem
      • …​
    • meta.json

If you have attached only one subscription to the RHUA (either Red Hat Enterprise Linux Atomic Host for Certified Cloud and Service Providers or Red Hat Update Infrastructure and RHEL Add-Ons for Providers), you will have one .pem file. If you attached two subscriptions, you have two files. It may not be clear which one corresponds to which subscription.

You might figure that out by examining the file sizes. The .pem file for Red Hat Enterprise Linux Atomic Host for Certified Cloud and Service Providers tends to be smaller than the one for Red Hat Update Infrastructure and RHEL Add-Ons for Providers, as it contains fewer repositories.

The systematic way to determine which subscription corresponds to which .pem file is to use the rct command–from the subscription-manager package–to view detailed information about either certificate file. For example:

$ rct cat-cert 3840866008033274226.pem

+-------------------------------------------+
	Entitlement Certificate
+-------------------------------------------+

Certificate:
	Path: 3840866008033274226.pem
	Version: 3.2
	Serial: 3840866008033274226
	Start Date: 2017-02-23 05:00:00+00:00
	End Date: 2018-02-23 04:59:59+00:00
	Pool ID: 8a85f9815a6c4c9d015a6c6acb373ed9

Subject:
	CN: 8a85f9845dbce0ca015dbd0399903c5b

Issuer:
	C: US
	CN: Red Hat Candlepin Authority
	O: Red Hat, Inc.
	OU: Red Hat Network
	ST: North Carolina
	emailAddress: ca-support@redhat.com

Product:
	ID: 369
	Name: Red Hat Enterprise Linux Atomic Host from RHUI
	Version:
	Arch: x86_64
	Tags:
	Brand Type:
	Brand Name:

... [output truncated] ...

4.7. Enable the Required Repositories

Note

The rhel-7-server-rhui-rpms repository is the base Red Hat Enterprise Linux repository and should provide the necessary packages. The rhel-7-server-rhui-rpms is the same as the rhel-7-server-rpms repository and is used automatically when you register the system with --type=rhui. The attached subscription for the CDS nodes has to provide the rh-gluster-3-for-rhel-7-server-rpms and rhel-7-server-rpms repositories.

The same concept holds true for the relevant Red Hat Enterprise Linux 6 repositories.

The RHUA and CDS nodes require Red Hat Enterprise Linux installations with the base packages and with all repositories disabled except for rhel-7-server-rpms (or rhel-6-server-rpms for Red Hat Enterprise Linux 6). This requirement also means any third-party configurations or software that is not directly necessary for the direct operation of the server cannot be installed. This restriction includes hardening or other non-Red Hat security software.

  1. List the enabled repositories to verify that your system is correctly subscribed.

    # yum repolist enabled
    Loaded plugins: search-disabled-repos
    rhel-7-server-rhui-rpms
    
    repo id                                           repo name                                                        status
    !local-rhui3                                      local-rhui3                                                         101
    !rhui-REGION-client-config-server-7/x86_64        Red Hat Update Infrastructure 2.0 Client Configuration Server 7       6
    !rhui-REGION-rhel-server-releases/7Server/x86_64  Red Hat Enterprise Linux Server 7 (RPMs)                         13,578
    !rhui-REGION-rhel-server-rh-common/7Server/x86_64 Red Hat Enterprise Linux Server 7 RH Common (RPMs)                  209
    repolist: 13,894
  2. Disable all repositories for the RHUA and enable the relevant repository. Use the first command for RHEL 7 and the second command for RHEL 6.

    [root@<rhua> ~]# subscription-manager repos --disable=*; subscription-manager repos --enable=rhel-7-server-rhui-rpms
    
    [root@<rhua> ~]# subscription-manager repos --disable=*; subscription-manager
    repos --enable=rhel-6-server-rhui-rpms
  3. Disable all repositories for the CDS nodes and enable the relevant repository. Use the first command for RHEL 7 and the second command for RHEL 6.

    [root@<cds$> ~]# subscription-manager repos --disable=*; subscription-manager repos --enable=rhel-7-server-rpms --enable=rh-gluster-3-for-rhel-7-server-rpms
    
    [root@<cds$> ~]# subscription-manager repos --disable=*; subscription-manager repos --enable=rhel-6-server-rpms --enable=rhs-3-for-rhel-6-server-rpms
  4. Disable all repositories for the HAProxy nodes and enable the relevant repository. Use the first command for RHEL 7 and the second command for RHEL 6.

    [root@<haproxy$> ~]# subscription-manager repos --disable=*; subscription-manager repos --enable=rhel-7-server-rpms
    
    [root@<haproxy$> ~]# subscription-manager repos --disable=*; subscription-manager repos --enable=rhel-6-server-rpms --enable=rhel-lb-for-rhel-6-server-rpms

Report a bug