Registering Red Hat Enterprise Linux Clients
This section contains information about registering traditional and Salt clients running Red Hat Enterprise Linux operating systems.
Red Hat Enterprise Linux clients are based on Red Hat and are unrelated to SUSE Linux Enterprise Server with Expanded Support, RES, Red Hat, or SUSE Linux Enterprise Server. You are responsible for arranging access to Red Hat base media repositories and RHEL installation media, as well as connecting SUSE Manager Server to the Red Hat content delivery network. You must obtain support from Red Hat for all your RHEL systems. If you do not do this, you might be violating your terms with Red Hat. |
Traditional clients are not available on Red Hat Enterprise Linux 8. Red Hat Enterprise Linux 8 clients are only supported as Salt clients. |
Server Requirements
Before you begin, check that your SUSE Manager Server meets the requirements at installation:hardware-requirements.adoc.
Taskomatic uses one CPU core, and requires at least 3072 MB of RAM.
To ensure that taskomatic has access to enough memory, open the /etc/rhn/rhn.conf
configuration file, and add this line:
taskomatic.java.maxmemory=3072
Restart Taskomatic:
systemctl restart taskomatic
Import Entitlements and CA Certificate
Red Hat clients require a Red Hat certificate authority (CA) and entitlement certificate, and an entitlement key.
Entitlement certificates are embedded with expiration dates, which match the length of the support subscription. To avoid disruption, you will need to repeat this process at the end of every support subscription period.
Red Hat supply a subscription manager tool to manage subscription assignments. It runs locally to track installed products and subscriptions. Clients must be registered with the subscription manager to obtain certificates.
Red Hat clients use a URL to replicate repositories. The URL will change depending on where the Red Hat client is registered.
Red Hat clients can be registered in three different ways:
-
Red Hat content delivery network (CDN) at redhat.com
-
Red Hat Satellite Server
-
Red Hat update infrastructure (RHUI) in the cloud
This guide covers clients registered to Red Hat CDN. You must have at least one system registered to the CDN, with an authorized subscription for repository content.
Entitlement certificates for RHUI (cloud-based systems) only allow you to download content, not repository data. Satellite certificates for client systems require a Satellite server and subscription. Clients using Satellite certificates are not supported with SUSE Manager Server. |
Entitlement certificates are embedded with expiration dates, which match the length of the support subscription. To avoid disruption, you will need to repeat this process at the end of every support subscription period. |
Red Hat supplies the subscription-manager tool to manage subscription assignments. It runs locally on the client system to track installed products and subscriptions. Register to redhat.com with subscription-manager, then follow this procedure to obtain certificates.
-
On the client system, at the command prompt, register with the subscription manager tool:
subscription-manager register
Enter your Red Hat Portal username and password when prompted.
-
Copy your entitlement certificate and key from the client system, to a location that the SUSE Manager Server can access:
cp /etc/pki/entitlement/ /<example>/entitlement/
Your entitlement certificate and key will both have a file extension of
.pem
. The key will also havekey
in the filename. -
Copy the Red Hat CA Certificate file from the client system, to the same web location as the entitlement certificate and key:
cp /etc/rhsm/ca/redhat-uep.pem /example/entitlement
To manage repositories on your Red Hat client, you need to import the CA and entitlement certificates to the SUSE Manager Server. This requires three entries: one each for the entitlement certificate, the entitlement key, and the Red Hat certificate.
-
On the SUSE Manager Server Web UI, navigate to
. -
Click Create Stored Key/Cert and set these parameters for the entitlement certificate:
-
In the
Description
field, typeEntitlement-Cert-date
. -
In the
Type
field, selectSSL
. -
In the
Select file to upload
field, browse to the location where you saved the entitlement certificate, and select the.pem
certificate file.
-
-
Click Create Key.
-
Click Create Stored Key/Cert and set these parameters for the entitlement key:
-
In the
Description
field, typeEntitlement-key-date
. -
In the
Type
field, selectSSL
. -
In the
Select file to upload
field, browse to the location where you saved the entitlement key, and select the.pem
key file.
-
-
Click Create Key.
-
Click Create Stored Key/Cert and set these parameters for the Red Hat certificate:
-
In the
Description
field, typeredhat-uep
. -
In the
Type
field, selectSSL
. -
In the
Select file to upload
field, browse to the location where you saved the Red Hat certificate, and select the certificate file.
-
-
Click Create Key.
Repository Management
You can use the subscription manager tool to get the URLs of the repositories you want to mirror:
subscription-manager repos
You can use these repository URLs to create custom repositories. This allows you to mirror only the content you need to manage your clients.
For Red Hat 8 clients, add both the |
You can only create custom versions of Red Hat repositories if you have the correct entitlements in your Red Hat Portal. |
-
On the SUSE Manager Server Web UI, navigate to
. -
Click Create Repository and set these parameters for the entitlement certificate:
-
In the
Repository Label
field, typerhel-7-server-rpms
. -
In the
Repository URL
field, type the URL of the repository to mirror. For example,https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os/
. -
In the
Has Signed Metadata?
field, uncheck all Red Hat Enterprise Repositories. -
In the
SSL CA Certificate
field, selectredhat-uep
. -
In the
SSL Client Certificate
field, selectEntitlement-Cert-date
. -
In the
SSL Client Key
field, selectEntitlement-Key-date
. -
Leave all other fields as the default values.
-
-
Click Create Repository.
-
Repeat for every repository you want to define.
When you have created the custom repositories, you can create corresponding custom channels.
-
On the SUSE Manager Server Web UI, navigate to
. -
Click Create Channel and set these parameters for the entitlement certificate. Ensure you use the correct RHEL version:
-
In the
Channel Name
field, typeRHEL 7 x86_64
. -
In the
Channel Label
field, typerhel7-x86_64-server
. -
In the
Parent Channel
field, selectNone
. -
In the
Architecture
field, selectx86_64
. -
In the
Repository Checksum Type
field, selectsha1
. -
In the
Channel Summary
field, typeRHEL 7 x86_64
. -
In the
Organization Sharing
field, selectPublic
.
-
-
Click Create Channel.
-
Navigate to the
Repositories
tab, check the appropriate repository, and click Update repositories. -
OPTIONAL: Navigate to the
Sync
tab to set a recurring schedule for synchronization of this repository. -
Click Sync Now to begin synchronization immediately.
Red Hat Enterprise Linux channels can be very large. Synchronization can sometimes take several hours. |
When you have created the custom channels and synchronized them with the repositories, you can create child channels.
-
On the SUSE Manager Server Web UI, navigate to
. -
Click Create Channel and set these parameters for the entitlement certificate. Ensure you use the correct RHEL version:
-
In the
Channel Name
field, typeRHEL 7 x86_64
. -
In the
Channel Label
field, typerhel7-x86_64-extras
. -
In the
Parent Channel
field, selectrhel7-x86_64-server
. -
In the
Architecture
field, selectx86_64
. -
In the
Repository Checksum Type
field, selectsha1
. -
In the
Channel Summary
field, typeRHEL 7 x86_64 Extras
. -
In the
Organization Sharing
field, selectPublic
.
-
-
Click Create Channel.
-
Navigate to the
Repositories
tab, check the appropriate repository, and click Update repositories. -
OPTIONAL: Navigate to the
Sync
tab to set a recurring schedule for synchronization of this repository. -
Click Sync Now to begin synchronization immediately.
Red Hat Enterprise Linux channels can be very large. Synchronization can sometimes take several hours. |
Add Client Tools
When you have set up all the custom channels, you can add the client tools.
For this section, you will require an activation key. For more information about activation keys, see client-configuration:clients-and-activation-keys.adoc.
Your SUSE Manager subscription entitles you to the tools channels for SUSE Linux Enterprise Server with Expanded Support (also known as Red Hat Expanded Support or RES). You must use the client tools channel to create the bootstrap repository. This procedure applies to both traditional and Salt minions.
-
On the SUSE Manager Server, add the appropriate Expanded Support channels:
-
For Expanded Support 6:
From the Web UI, add
RHEL6 Base x86_64
andSUSE Linux Enterprise Client Tools RES6 x86_64
.From the command prompt, add
rhel-x86_64-server-6
andres6-suse-manager-tools-x86_64
. -
For Expanded Support 7:
From the Web UI, add
RHEL7 Base x86_64
andSUSE Linux Enterprise Client Tools RES7 x86_64
.From the command prompt, add
rhel-x86_64-server-7
andres7-suse-manager-tools-x86_64
. -
For Expanded Support 8:
From the Web UI, add
RHEL8 Base x86_64
andSUSE Manager Tools for RHEL and ES 8 x86_64
. You will also need to add theAppstream
channel.From the command prompt, add
rhel-x86_64-server-8
andres8-suse-manager-tools-x86_64
.
-
-
Synchronize the SUSE Manager Server with the SUSE Customer Center. You can do this using the Web UI, or by running
mgr-sync
at the command prompt. -
Add the new channel to your activation key.
You can choose to disable the Red Hat Enterprise Linux subscription-manager yum plugins.
The yum plugins are disabled with a configuration Salt state.
This procedure is optional. |
-
On the SUSE Manager Server Web UI, navigate to
. -
Click Create State Channel
-
In the
Name
field, typesubscription-manager: disable yum plugins
. -
In the
Label
field, typesubscription-manager-disable-yum-plugins
. -
In the
Description
field, typesubscription-manager: disable yum plugins
. -
In the
SLS Contents
field, leave it empty.
-
-
Click Create Config Channel
-
Click Create Configuration File
-
In the
Filename/Path
field type/etc/yum/pluginconf.d/subscription-manager.conf
. -
In the
File Contents
field type:
-
[main] enabled=0
-
Click Create Configuration File
-
Take note of the value of the field
Salt Filesystem Path
`. -
Click on the name of the Configuration Channel.
-
Click on
View/Edit 'init.sls' File
-
In the
File Contents
field, type:
-
configure_subscription-manager-disable-yum-plugins: cmd.run: - name: subscription-manager config --rhsm.auto_enable_yum_plugins=0 - watch: - file: /etc/yum/pluginconf.d/subscription-manager.conf file.managed: - name: /etc/yum/pluginconf.d/subscription-manager.conf - source: salt:///etc/yum/pluginconf.d/subscription-manager.conf
-
Click Update Configuration File
-
On the SUSE Manager Server Web UI, navigate to
. -
Click Create Group.
-
In the
Name
field, typerhel-systems
. -
In the
Description
field, typeAll RHEL systems
.
-
-
Click Create Group.
-
Click
States
tab. -
Click
Configuration Channels
tab. -
Type
subscription-manager: disable yum plugins
at the search box. -
Click Search and the state will appear.
-
Click the checkbox for the state at the
Assign
column. -
Click Save changes.
-
Click Confirm.
If you already have RHEL systems added to SUSE Manager, assign them to the new system group, and then apply the highstate.
You need to modify the activation keys you used for RHEL systems to include the system group created above.
-
On the SUSE Manager Server Web UI, navigate to
. -
For each the Activation Keys you used for RHEL systems, click on it and:
-
Navigate to the
Groups
tab, and theJoin
subtab. -
Check
Select rhel-systems
`. -
Click Join Selected Groups.
Trust GPG Keys on Clients
By default, Red Hat Enterprise Linux does not trust the GPG key for SUSE Manager Expanded Support client tools.
The clients can be successfully bootstrapped without the GPG key being trusted.
However, they will not be able to install new client tool packages or update them.
If this occurs, add GPG key to the ORG_GPG_KEY=
parameter in all Red Hat Enterprise Linux bootstrap scripts.
For example, for SLES ES 6 (RES6-SUSE-Manager-Tools
) use:
sle11-gpg-pubkey-307e3d54.key
For example, for SLES ES 7 (RES7-SUSE-Manager-Tools
) and SLES ES 8 (RES8-SUSE-Manager-Tools
), and Ubuntu 16.04 (Ubuntu-16.04-SUSE-Manager-Tools
) and Ubuntu 18.04 (Ubuntu-18.04-SUSE-Manager-Tools
) use:
sle12-gpg-pubkey-39db7c82.key
You will find all keys available on the server in /srv/www/htdocs/pub/
:
ptf-gpg-pubkey-b37b98a9.key res-gpg-pubkey-0182b964.key sle10-gpg-pubkey-9c800aca.key sle11-gpg-pubkey-307e3d54.key sle12-gpg-pubkey-39db7c82.key sle12-reserve-gpg-pubkey-50a3dd1c.key
You do not need to delete any previously stored keys.
If you are bootstrapping clients from the SUSE Manager Web UI, you will need to use a Salt state to trust the key. Create the Salt state and assign it to the organization. You can then use an activation key and configuration channels to deploy the key to the clients.
Register Clients
To register your Red Hat clients, you will need a bootstrap repository. Create the bootstrap repository at the command prompt, with this command:
mgr-create-bootstrap-repo --with-custom-channels
For more information on registering your clients, see client-configuration:registration-overview.adoc.