Activation Keys

Activation keys are used with traditional and Salt clients to ensure that your clients have the correct software entitlements, are connecting to the appropriate channels, and are subscribed to the relevant groups. Each activation key is bound to an organization, which you can set when you create the key.

In SUSE Manager, an activation key is a group of configuration settings with a label. You can apply all configuration settings associated with an activation key by adding its label as a parameter to a bootstrap script. We recommend you use an activation key label in combination with a bootstrap script. When the bootstrap script is executed all configuration settings associated with the label are applied to the system the script is run on.

An activation key can specify:

  • Channel assignment

  • System types or add-on entitlements

  • Contact method

  • Configuration files

  • Packages to be installed

  • System group assignment

Activation keys are used at the time a client is registered, and not used again. After the client has been registered, the client can be changed in any way, regardless of what the activation key specifies. The association between the activation key and the client is recorded only for historical purposes.

provision config keys
Procedure: Creating an Activation Key

  1. In the SUSE Manager Web UI, as an administrator, navigate to Systems  Activation Keys.

  2. Click the Create Key button.

  3. On the Activation Key Details page, in the Description field, enter a description of the activation key.

  4. In the Key field, enter a name for the activation key. For example, SLES15-SP4 for SUSE Linux Enterprise Server 15 SP4.

    • Do not use commas or double quotes in the Key field for any SUSE products. However, you must use commas for Red Hat Products.

    • All other characters are allowed, but <> (){} (this includes the space) are removed automatically.

    • If the field is left empty, a random string is generated.

  5. In the Base Channels drop-down box, select the appropriate base software channel, and allow the relevant child channels to populate. For more information, see Setup Wizard and Custom Channels.

  6. Select the child channels you need (for example, the mandatory SUSE Manager tools and updates channels).

  7. Check the Add-On System Types check box if you need to enable any of the options.

  8. We recommend you leave the Contact Method set to Default.

  9. We recommend you leave the Universal Default setting unchecked.

  10. Click Create Activation Key to create the activation key.

  11. Check the Configuration File Deployment check box to enable configuration management for this key, and click Update Activation Key to save this change.

    The Configuration File Deployment check box does not appear until after you have created the activation key. Ensure you go back and check the box if you need to enable configuration management.

1. Combining Multiple Activation Keys

You can combine activation keys when executing the bootstrap script on your traditional clients. Combining keys allows for more control on what is installed on your systems and reduces duplication of keys for large or complex environments.

Combining activation keys works only on traditional clients. Salt clients do not support combined activation keys. If you use a combined key with a Salt client, only the first key is used.

You can specify multiple activation keys at the command prompt, or in a single autoinstallation profile.

At the command prompt on the SUSE Manager Server, use the rhnreg_ks command, and separate the key names with a comma. To specify multiple keys in a Kickstart profile, navigate to Systems  Autoinstallation and edit the profile you want to use.

Be careful when combining activation keys, as conflicts between some values could cause client registration to fail. Check that these values do not have conflicting information before you begin:

  • Software packages

  • Software child channels

  • Configuration channels.

If conflicts are detected, they are handled like this:

  • Conflicts in base software channels: registration fails.

  • Conflicts in system types: registration fails.

  • Conflicts in the enable configuration flag: configuration management is enabled.

  • If one key is system-specific: registration fails.

2. Reactivation Keys

Reactivation keys can be used once only to re-register a client and regain all SUSE Manager settings. Reactivation keys are client-specific, and include the system ID, history, groups, and channels.

To create a reactivation key, navigate to Systems, click the client to create a reactivation key for, and navigate to the Details  Reactivation tab. Click Generate New Key to create the reactivation key. Record the details of the key for later use. Unlike typical activation keys, which are not associated with a specific system ID, keys created here do not show up on the Systems  Activation Keys page.

For Salt clients, after you have created a reactivation key, you can use it as the management_key grain in /etc/salt/minion.d/susemanager.conf. For example:

grains:
    susemanager:
        management_key: "re-1-daf44db90c0853edbb5db03f2b37986e"

Restart the salt-minion process to apply the reactivation key.

You can use a reactivation key with a bootstrap script. For more information about bootstrap scripts, see Register Clients with a Bootstrap Script.

For traditional clients, after you have created a reactivation key, you can use it with the rhnreg_ks command line utility. This command re-registers the client and restore its SUSE Manager settings. On traditional clients, you can combine reactivation keys with activation keys to aggregate the settings of multiple keys for a single system profile. For example:

rhnreg_ks --server=<server-url>/XMLRPC \
          --activationkey=<reactivation-key>,<activationkey> \
          --force

If you autoinstall a client with its existing SUSE Manager profile, the profile uses the reactivation key to re-register the system and restore its settings. Do not regenerate, delete, or use this key while a profile-based autoinstallation is in progress. Doing so causes the autoinstallation to fail.

3. Activation Key Best Practices

Default Parent Channel

Avoid using the SUSE Manager Default parent channel. This setting forces SUSE Manager to choose a parent channel that best corresponds to the installed operating system, which can sometimes lead to unexpected behavior. Instead, we recommend you create activation keys specific to each distribution and architecture.

Bootstrapping with Activation Keys

If you are using bootstrap scripts, consider creating an activation key for each script. This helps you align channel assignments, package installation, system group memberships, and configuration channel assignments. You also need less manual interaction with your system after registration.

Bootstrapping LTSS clients

If you are boostrapping clients with LTSS subscription, include the LTSS channels during activation key creation.

Bandwidth Requirements

Using activation keys might result in automatic downloading of software at registration time, which might not be desirable in environments where bandwidth is constrained.

These options create bandwidth usage:

  • Assigning a SUSE Product Pool channel results in the automatic installation of the corresponding product descriptor package.

  • Any package in the Packages section is installed.

  • Any Salt state from the Configuration section might trigger downloads depending on its contents.

Key Label Naming

If you do not enter a human-readable name for your activation keys, the system automatically generates a number string, which can make it difficult to manage your keys.

Consider a naming scheme for your activation keys to help you keep track of them. Creating names which are associated with your organization’s infrastructure makes it easier for you when performing more complex operations.

When creating key labels, consider these tips:

  • OS naming (mandatory): Keys should always refer to the OS they provide settings for

  • Architecture naming (recommended): Unless your company is running on one architecture only, for example x86_64, then providing labels with an architecture type is a good idea.

  • Server type naming: What is this server being used for?

  • Location naming: Where is the server located? Room, building, or department?

  • Date naming: Maintenance windows, quarter, etc.

  • Custom naming: What naming scheme suits your organizations needs?

Example activation key label names:

sles15-sp4-web_server-room_129-x86_64
sles15-sp4-test_packages-blg_502-room_21-ppc64le

Do not use commas in the Key field for any SUSE products. However, you must use commas for Red Hat Products. For more information, see Activation Keys.
Included Channels

When creating activation keys you also need to keep in mind which software channels are associated with it. Keys should have a specific base channel assigned to them. Using the default base channel is not recommended. For more information, see the client operating system you are installing at Client Registration.