Registering Red Hat Enterprise Linux Clients

This section contains information about registering traditional and Salt clients running Red Hat Enterprise Linux operating systems. If you are running Red Hat Enterprise Linux clients directly, rather than using SUSE Linux Enterprise Server with Expanded Support, you need to use the Red Hat content delivery network (CDN) to retrieve and update packages. This is useful if you need to continue a Red Hat agreement, or if you have clients using a variety of operating systems.

Red Hat Enterprise Linux clients are based on Red Hat and are unrelated to SUSE Linux Enterprise Server with Expanded Support, RES, Red Hat, or SUSE Linux Enterprise Server. You are responsible for arranging access to Red Hat base media repositories and RHEL installation media, as well as connecting Uyuni Server to the Red Hat content delivery network. You must obtain support from Red Hat for all your RHEL systems. If you do not do this, you might be violating your terms with Red Hat.

Traditional clients are available on Red Hat Enterprise Linux 6 and 7 only. Red Hat Enterprise Linux 8 clients are supported as Salt clients.

Server Requirements

Before you begin, check that your Uyuni Server meets the requirements at installation:hardware-requirements.adoc.

Taskomatic uses one CPU core, and requires at least 3072 MB of RAM. To ensure that taskomatic has access to enough memory, open the /etc/rhn/rhn.conf configuration file, and add this line:

taskomatic.java.maxmemory=3072

Restart Taskomatic:

systemctl restart taskomatic

Import Entitlements and CA Certificate

Red Hat clients require a Red Hat certificate authority (CA) and entitlement certificate, and an entitlement key.

Entitlement certificates are embedded with expiration dates, which match the length of the support subscription. To avoid disruption, you will need to repeat this process at the end of every support subscription period.

Red Hat supply a subscription manager tool to manage subscription assignments. It runs locally to track installed products and subscriptions. Clients must be registered with the subscription manager to obtain certificates.

Red Hat clients use a URL to replicate repositories. The URL will change depending on where the Red Hat client is registered.

Red Hat clients can be registered in three different ways:

  • Red Hat content delivery network (CDN) at redhat.com

  • Red Hat Satellite Server

  • Red Hat update infrastructure (RHUI) in the cloud

This guide covers clients registered to Red Hat CDN. You must have at least one system registered to the CDN, with an authorized subscription for repository content.

Satellite certificates for client systems require a Satellite server and subscription. Clients using Satellite certificates are not supported with Uyuni Server.

Entitlement certificates are embedded with expiration dates, which match the length of the support subscription. To avoid disruption, you will need to repeat this process at the end of every support subscription period.

Red Hat supplies the subscription-manager tool to manage subscription assignments. It runs locally on the client system to track installed products and subscriptions. Register to redhat.com with subscription-manager, then follow this procedure to obtain certificates.

Procedure: Registering Clients to Subscription Manager
  1. On the client system, at the command prompt, register with the subscription manager tool:

    subscription-manager register

    Enter your Red Hat Portal username and password when prompted.

  2. Copy your entitlement certificate and key from the client system, to a location that the Uyuni Server can access:

    cp /etc/pki/entitlement/ /<example>/entitlement/

    Your entitlement certificate and key will both have a file extension of .pem. The key will also have key in the filename.

  3. Copy the Red Hat CA Certificate file from the client system, to the same web location as the entitlement certificate and key:

    cp /etc/rhsm/ca/redhat-uep.pem /example/entitlement

To manage repositories on your Red Hat client, you need to import the CA and entitlement certificates to the Uyuni Server. This requires three entries: one each for the entitlement certificate, the entitlement key, and the Red Hat certificate.

Procedure: Importing Certificates to the Server
  1. On the Uyuni Server Web UI, navigate to Systems  Autoinstallation  GPG and SSL Keys.

  2. Click Create Stored Key/Cert and set these parameters for the entitlement certificate:

    • In the Description field, type Entitlement-Cert-date.

    • In the Type field, select SSL.

    • In the Select file to upload field, browse to the location where you saved the entitlement certificate, and select the .pem certificate file.

  3. Click Create Key.

  4. Click Create Stored Key/Cert and set these parameters for the entitlement key:

    • In the Description field, type Entitlement-key-date.

    • In the Type field, select SSL.

    • In the Select file to upload field, browse to the location where you saved the entitlement key, and select the .pem key file.

  5. Click Create Key.

  6. Click Create Stored Key/Cert and set these parameters for the Red Hat certificate:

    • In the Description field, type redhat-uep.

    • In the Type field, select SSL.

    • In the Select file to upload field, browse to the location where you saved the Red Hat certificate, and select the certificate file.

  7. Click Create Key.

Repository Management

To mirror the software from the Red Hat CDN, you need to create custom channels and repositories in Uyuni that are linked to the CDN by a URL. You must have entitlements to these products in your Red Hat Portal for this to work correctly. You can use the subscription manager tool to get the URLs of the repositories you want to mirror:

subscription-manager repos

You can use these repository URLs to create custom repositories. This allows you to mirror only the content you need to manage your clients.

For Red Hat 8 clients, add both the BaseOS and Appstream channels. You will require packages from both channels. If you do not add both channels, you will not be able to create the bootstrap repository, due to missing packages.

You can only create custom versions of Red Hat repositories if you have the correct entitlements in your Red Hat Portal.

Procedure: Creating Custom Repositories
  1. On the Uyuni Server Web UI, navigate to Software  Manage  Repositories.

  2. Click Create Repository and set these parameters for the entitlement certificate:

    • In the Repository Label field, type rhel-7-server-rpms.

    • In the Repository URL field, type the URL of the repository to mirror. For example, https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os/.

    • In the Has Signed Metadata? field, uncheck all Red Hat Enterprise Repositories.

    • In the SSL CA Certificate field, select redhat-uep.

    • In the SSL Client Certificate field, select Entitlement-Cert-date.

    • In the SSL Client Key field, select Entitlement-Key-date.

    • Leave all other fields as the default values.

  3. Click Create Repository.

  4. Repeat for every repository you want to define.

When you have created the custom repositories, you can create corresponding custom channels.

Procedure: Creating Custom Channels
  1. On the Uyuni Server Web UI, navigate to Software  Manage  Channels.

  2. Click Create Channel and set these parameters for the entitlement certificate. Ensure you use the correct RHEL version:

    • In the Channel Name field, type RHEL 7 x86_64.

    • In the Channel Label field, type rhel7-x86_64-server.

    • In the Parent Channel field, select None.

    • In the Architecture field, select x86_64.

    • In the Repository Checksum Type field, select sha1.

    • In the Channel Summary field, type RHEL 7 x86_64.

    • In the Organization Sharing field, select Public.

  3. Click Create Channel.

  4. Navigate to the Repositories tab, check the appropriate repository, and click Update repositories.

  5. OPTIONAL: Navigate to the Sync tab to set a recurring schedule for synchronization of this repository.

  6. Click Sync Now to begin synchronization immediately.

There are two ways to check if a channel has finished synchronizing:

  • In the Uyuni Web UI, navigate to Software  Manage  Channels, then click the channel associated to the repository. Navigate to the Repositories tab, then click Sync and check Sync Status.

  • Check the synchronization log file at the command prompt:

    tail -f /var/log/rhn/reposync/<channel-label>.log

    Each child channel will generate its own log during the synchronization progress. You will need to check all the base and child channel log files to be sure that the synchronization is complete.

Red Hat Enterprise Linux channels can be very large. Synchronization can sometimes take several hours.

When you have created the custom channels and synchronized them with the repositories, you can create child channels.

Procedure: Creating Child Channels
  1. On the Uyuni Server Web UI, navigate to Software  Manage  Channels.

  2. Click Create Channel and set these parameters for the entitlement certificate. Ensure you use the correct RHEL version:

    • In the Channel Name field, type RHEL 7 x86_64.

    • In the Channel Label field, type rhel7-x86_64-extras.

    • In the Parent Channel field, select rhel7-x86_64-server.

    • In the Architecture field, select x86_64.

    • In the Repository Checksum Type field, select sha1.

    • In the Channel Summary field, type RHEL 7 x86_64 Extras.

    • In the Organization Sharing field, select Public.

  3. Click Create Channel.

  4. Navigate to the Repositories tab, check the appropriate repository, and click Update repositories.

  5. OPTIONAL: Navigate to the Sync tab to set a recurring schedule for synchronization of this repository.

  6. Click Sync Now to begin synchronization immediately.

Red Hat Enterprise Linux channels can be very large. Synchronization can sometimes take several hours.

Add Client Tools

When you have set up all the custom channels, you can add the client tools.

For this section, you will require an activation key. For more information about activation keys, see client-configuration:clients-and-activation-keys.adoc.

Procedure: Adding Client Tools Channels
  1. On the Uyuni Server Web UI, navigate to Software  Manage  Repositories.

  2. Click Create Repository and set these parameters for the entitlement certificate:

  3. Click Create Repository.

  4. Navigate to Software  Manage  Channels.

  5. Click Create Channel and set these parameters. Ensure you use the correct RHEL version:

    • In the Channel Name field, type Uyuni Client Tools for CentOS 7 (x86_64).

    • In the Channel Label field, type centos7-uyuni-client-x86_64.

    • In the Parent Channel field, select rhel7-x86_64-server.

    • In the Architecture field, select x86_64.

    • In the Repository Checksum Type field, select sha1.

    • In the Channel Summary field, type Uyuni Client Tools for CentOS 7 (x86_64).

    • In the Organization Sharing field, select Public.

  6. Click Create Channel.

  7. Navigate to the Repositories tab, check the centos7-uyuni-client repository, and click Update repositories.

  8. OPTIONAL: Navigate to the Sync tab to set a recurring schedule for synchronization of this repository.

  9. Click Sync Now to begin synchronization immediately.

  10. Add the new channel to your activation key.

You can choose to disable the Red Hat Enterprise Linux subscription-manager yum plugins.

The yum plugins are disabled with a configuration Salt state.

This procedure is optional.

Procedure: Creating a Salt State to Deploy Configuration Files
  1. On the Uyuni Server Web UI, navigate to Configuration  Channels.

  2. Click Create State Channel

    • In the Name field, type subscription-manager: disable yum plugins.

    • In the Label field, type subscription-manager-disable-yum-plugins.

    • In the Description field, type subscription-manager: disable yum plugins.

    • In the SLS Contents field, leave it empty.

  3. Click Create Config Channel

  4. Click Create Configuration File

    • In the Filename/Path field type /etc/yum/pluginconf.d/subscription-manager.conf.

    • In the File Contents field type:

[main]
enabled=0
  1. Click Create Configuration File

  2. Take note of the value of the field Salt Filesystem Path`.

  3. Click on the name of the Configuration Channel.

  4. Click on View/Edit 'init.sls' File

    • In the File Contents field, type:

configure_subscription-manager-disable-yum-plugins:
  cmd.run:
    - name: subscription-manager config --rhsm.auto_enable_yum_plugins=0
    - watch:
      - file: /etc/yum/pluginconf.d/subscription-manager.conf
  file.managed:
    - name: /etc/yum/pluginconf.d/subscription-manager.conf
    - source: salt:///etc/yum/pluginconf.d/subscription-manager.conf
  1. Click Update Configuration File

Procedure: Creating a System Group for Red Hat Enterprise Linux Clients
  1. On the Uyuni Server Web UI, navigate to Systems  System Groups.

  2. Click Create Group.

    • In the Name field, type rhel-systems.

    • In the Description field, type All RHEL systems.

  3. Click Create Group.

  4. Click States tab.

  5. Click Configuration Channels tab.

  6. Type subscription-manager: disable yum plugins at the search box.

  7. Click Search and the state will appear.

  8. Click the checkbox for the state at the Assign column.

  9. Click Save changes.

  10. Click Confirm.

If you already have RHEL systems added to Uyuni, assign them to the new system group, and then apply the highstate.

Procedure: Adding the System Group to Activation Keys

You need to modify the activation keys you used for RHEL systems to include the system group created above.

  1. On the Uyuni Server Web UI, navigate to Systems  Activation Keys.

  2. For each the Activation Keys you used for RHEL systems, click on it and:

  3. Navigate to the Groups tab, and the Join subtab.

  4. Check Select rhel-systems.

  5. Click Join Selected Groups.

Trust GPG Keys on Clients

By default, Red Hat Enterprise Linux does not trust the GPG key for Uyuni CentOS client tools.

The clients can be successfully bootstrapped without the GPG key being trusted. However, they will not be able to install new client tool packages or update them. If this occurs, add GPG key to the ORG_GPG_KEY= parameter in all Red Hat Enterprise Linux bootstrap scripts.

On Uyuni, use:

uyuni-gpg-pubkey-0d20833e.key

You will find all keys available on the server in /srv/www/htdocs/pub/.

You do not need to delete any previously stored keys.

If you are bootstrapping clients from the Uyuni Web UI, you will need to use a Salt state to trust the key. Create the Salt state and assign it to the organization. You can then use an activation key and configuration channels to deploy the key to the clients.

Register Clients

To register your Red Hat clients, you need a bootstrap repository. By default, bootstrap repositories are automatically created, and regenerated daily for all synchronized products. You can manually create the bootstrap repository from the command prompt, using this command:

mgr-create-bootstrap-repo --with-custom-channels

For more information on registering your clients, see client-configuration:registration-overview.adoc.

To register and use Red Hat Enterprise Linux 6 clients, you need to configure the Uyuni Server to support older types of SSL encryption. For more information about how to resolve this error, see Registering Older Clients at client-configuration:tshoot-clients.adoc.

Package Management and Red Hat Enterprise Linux 8 Clients

If you are using Red Hat Enterprise Linux 8 clients, you cannot perform package operations such as installing or upgrading directly from modular repositories like the Red Hat Enterprise Linux Appstream repository. You can use the Appstream filter with content lifecycle management to transform modular repositories into regular repositories.

For more information about content lifecycle management, see administration:content-lifecycle.adoc.