Activation Key Enhancements with Red Hat Satellite 6.1
Updated
Authors
This content is not included.Rich Jerrido - Principal Technical Product Marketing Manager, Red Hat
Overview
As a user of Red Hat Satellite 6.1, you leverage activation keys in lieu of usernames and passwords when registering systems. When using activation keys, flexibility is required in the provisioning process to ensure that systems are registered with the desired subscriptions. This articles provides an overview of new features provided in Red Hat Satellite 6.1 regarding activation keys.
Requirements
- Red Hat Satellite 6.1.x or newer
Use cases
Use Case 1: Use EXACTLY the subscriptions specified
You can associate a subscription (or multiple subscriptions) to a key, and force that (those) subscription(s) to be applied. This was the default and only behavior in Red Hat Satellite 6.0
Use Case 2: Define NO subscriptions, and auto-attach something proper
You can associate no subscription to a key, set the key to auto attach, and the key will pick the best subscription. This is akin to running subscription-manager register --auto-attach.
Use Case 3: Use ANY of a subset of subs
You can associate n subscriptions to a key, set the key to auto attach, and then auto attach wil run only on those subscriptions.
Example Configurations:
For this purposes of this document our organization has the following subscriptions
ORG="Example"
hammer subscription list --organization "$ORG"
-
NAME | CONTRACT | ACCOUNT | SUPPORT | QUANTITY | CONSUMED | END DATE | ID | PRODUCT | QUANTITY | ATTACHED
-|-|-|-|-|-|-|-|-|-|-
Extra Packages for Enterprise Linux | | | | Unlimited | 1 | 2045-06-28 | 2c918f824e5ef0e8014e62b7abcf0a02 | Extra Packages for Enterprise Linux | Unlimited | 1
Red Hat Enterprise Linux for Virtual Datacenters, Premium | 12345678 | 0000000 | Premium | Unlimited | 0 | 2015-10-08 | 2c918f824eb5a83b014ed1ed8e3e06fc | Red Hat Enterprise Linux for Virtual Datacenters, Premium | Unlimited | 0
Red Hat Enterprise Linux for Virtual Datacenters, Premium | 12345678 | 0000000 | Premium | Unlimited | 3 | 2015-10-08 | 2c918f824eb5a83b014ed6fd6cef08ea | Red Hat Enterprise Linux for Virtual Datacenters, Premium | Unlimited | 3
Red Hat Enterprise Linux Server, Premium (Physical or Virtual Nodes) | 12345678 | 0000000 | Premium | 4 | 0 | 2015-10-08 | 2c918f824e5ef0e8014e675ed16d0e63 | Red Hat Enterprise Linux Server, Premium (Physical or Virtual Nodes) | 4 | 0
-|-|-|-|-|-|-|-|-|-|-
Use Case 1: Use EXACTLY the subscriptions specified
- Create the key
hammer activation-key create --organization "$ORG" --name "Exact_Subs_Key"
- Disable auto-attach on the key
hammer activation-key update --organization "$ORG" --name "Exact_Subs_Key" --auto-attach false
- Attach the subscriptions required. In this examples, the following subscriptions are used (from the example above)
- Extra Packages for Enterprise Linux - ID: 2c918f824e5ef0e8014e62b7abcf0a02
- Red Hat Enterprise Linux Server, Premium (Physical or Virtual Nodes) - ID: 2c918f824e5ef0e8014e675ed16d0e63
hammer activation-key add-subscription --organization "$ORG" --name "Exact_Subs_Key" --subscription-id 2c918f824e5ef0e8014e62b7abcf0a02
Subscription added to activation key
hammer activation-key add-subscription --organization "$ORG" --name "Exact_Subs_Key" --subscription-id 2c918f824e5ef0e8014e675ed16d0e63
Subscription added to activation key
- Failure Scenario
This type of key, as it provides an EXACT listing of subscriptions, will fail registration if any of the associated subscriptions cannot be attached.
Use Case 2: Define NO subscriptions, and auto-attach something proper
- Create the key
hammer activation-key create --organization "$ORG" --name "Auto_Attach_Key"
No further action is required. The default behavior is that an activation key has 'Auto-Attach' set to true as shown below:
hammer activation-key info --organization "$ORG" --name "Auto_Attach_Key"
Name: Auto_Attach_Key
ID: 9
Description:
Content Host Limit: Unlimited
Auto Attach: true
Lifecycle Environment:
Content View:
Host Collections:
- Failure Scenario:
Activation keys created in this manner will fail if (and only if?) there are no subscriptions within the organization which cover the installed products on the system (as viewable via rct cat-cert /etc/pki/product/<cert_file>.pem
Use Case 3: Use ANY of a subset of subs
hammer activation-key create --organization "$ORG" --name "Subset_of_Subs_Key"
Again, auto-attach does not have to be explicitly defined on the key, as it is the default behavior.
hammer activation-key info --organization "$ORG" --name "Subset_of_Subs_Key"
Name: Subset_of_Subs_Key
ID: 8
Description:
Content Host Limit: Unlimited
Auto Attach: true
Lifecycle Environment:
Content View:
Host Collections:
- Attach the subscriptions required. In this examples, the following subscriptions are used (from the example above)
- Red Hat Enterprise Linux for Virtual Datacenters, Premium ID: 2c918f824eb5a83b014ed1ed8e3e06fc
- Red Hat Enterprise Linux for Virtual Datacenters, Premium ID: 2c918f824eb5a83b014ed6fd6cef08ea
hammer activation-key add-subscription --organization "$ORG" --name "Subset_of_Subs_Key" --subscription-id 2c918f824eb5a83b014ed1ed8e3e06fc
Subscription added to activation key
hammer activation-key add-subscription --organization "$ORG" --name "Subset_of_Subs_Key" --subscription-id 2c918f824eb5a83b014ed6fd6cef08ea
Subscription added to activation key
- Failure scenario
Activation keys created in this manner only fail if none of the associated subscriptions cannot be attached.
Understanding Activation Key Behavior
Multiple Activation Keys, precedence (and conflict resolution) of Activation Keys
When using multiple activation keys, the following behavior is expected:
- The rightmost key has highest precedence.
- If multiple activation keys provide conflicting settings, the settings on the key that is provided to the right by the user will overwrite the keys listed previously.
Activation Keys behavior with existing hosts
Activation keys are only used at host registration time. If changes are made to an activation key, it is only applicable to hosts that will be registered in the future. The changes are not made to existing hosts.
Difference between Activation Key Behavior with Red Hat Products versus Custom Products.
Activation keys have different behavior when they are being used with Red Hat Products versus Custom Products (which usually are used to reflect non-Red Hat software) Custom Products will always attach regardless of auto-attach settings.
Red Hat products will attach:
- With all subs linked on a key and auto-attach is false (Use Case 1)
- With the minimal necessary if auto-attach is true and there are no subs added to a blank key, but subs are associated to organization. (Use Case 2)
- With the minimal necessary if auto-attach is true and subscriptions are linked to key (Use Case 3)
Real World Use-cases
For the next examples, assume the following subscriptions are loaded into the Satellite
hammer --output json subscription list --organization "$ORG"
[
{
"Name": "Extended Update Support",
"Contract": "********",
"Account": "*******",
"Support": "Layered",
"Quantity": 100,
"Consumed": 0,
"End Date": "2016-08-05",
"ID": "2c91809352db8ab10152db914a8e0695",
"Product": "Extended Update Support",
"Attached": 0
},
{
"Name": "Extra Packages for Enterprise Linux",
"Contract": null,
"Account": null,
"Support": "",
"Quantity": "Unlimited",
"Consumed": 0,
"End Date": "2046-02-05",
"ID": "2c91809352db8ab10152db9c9c770d57",
"Product": "Extra Packages for Enterprise Linux",
"Attached": 0
},
{
"Name": "High Availability",
"Contract": "********",
"Account": "*******",
"Support": "Layered",
"Quantity": 100,
"Consumed": 0,
"End Date": "2016-08-05",
"ID": "2c91809352db8ab10152db9170960984",
"Product": "High Availability",
"Attached": 0
},
{
"Name": "OpenShift Enterprise Premium, 2 Cores",
"Contract": "********",
"Account": "*******",
"Support": "Premium",
"Quantity": 50,
"Consumed": 0,
"End Date": "2016-08-11",
"ID": "2c91809352db8ab10152db91748409d0",
"Product": "OpenShift Enterprise Premium, 2 Cores",
"Attached": 0
},
{
"Name": "Red Hat Enterprise Linux Server, Premium (Physical or Virtual Nodes)",
"Contract": "********",
"Account": "*******",
"Support": "Premium",
"Quantity": 100,
"Consumed": 5,
"End Date": "2016-08-05",
"ID": "2c91809352db8ab10152db913cfe05a6",
"Product": "Red Hat Enterprise Linux Server, Premium (Physical or Virtual Nodes)",
"Attached": 0
},
{
"Name": "Red Hat Enterprise Linux for Virtual Datacenters, Premium",
"Contract": "********",
"Account": "*******",
"Support": "Premium",
"Quantity": 6,
"Consumed": 0,
"End Date": "2016-08-05",
"ID": "2c91809352db8ab10152db91363e04f3",
"Product": "Red Hat Enterprise Linux for Virtual Datacenters, Premium",
"Attached": 0
}
]
Real World Use case 1
In this example, I have a number of 2-socket servers, which are being using to run
Red Hat Enterprise Linux (RHEL) & Red Hat's High Availability (RHEL HA) add-on. Additionally, I wish to
attach the Extra Packages for Enterprise Linux (EPEL) subscription.
The usage here is 'for each server, attach RHEL, RHEL HA, and EPEL subscriptions'
- On the Satellite. Create the activation key. In this use-case, the content view is named RHEL7_w_HA and the system will be registered to the Library environment
ORG=Example
hammer activation-key create --organization "$ORG" --name 'ak-Cluster_Core_Build' --content-view RHEL7_w_HA --lifecycle-environment Library
- Disable auto-attach on the key. (Again, disabling auto-attach means 'attach all subscriptions listed on the key')
hammer activation-key update --organization "$ORG" --name 'ak-Cluster_Core_Build' --auto-attach false
- Attach the subscription for Red Hat Enterprise Linux Server, Premium (Physical or Virtual Nodes)
hammer activation-key add-subscription --organization "$ORG" --name "ak-Cluster_Core_Build" --subscription-id 2c91809352db8ab10152db913cfe05a6
- Attach the subscription for High Availability
hammer activation-key add-subscription --organization "$ORG" --name "ak-Cluster_Core_Build" --subscription-id 2c91809352db8ab10152db9170960984
- Attach the subscription for Extra Packages for Enterprise Linux
hammer activation-key add-subscription --organization "$ORG" --name "ak-Cluster_Core_Build" --subscription-id 2c91809352db8ab10152db9c9c770d57
- On the client
ORG=Example
subscription-manager register --activationkey=ak-Cluster_Core_Build --org "$ORG"
- Verify the subscriptions are attached appropriately.
subscription-manager list --consumed
+-------------------------------------------+
Consumed Subscriptions
+-------------------------------------------+
Subscription Name: Extra Packages for Enterprise Linux
Provides: Extra Packages for Enterprise Linux
SKU: 1455383415560
Contract:
Account:
Serial: 8482590274739059802
Pool ID: 2c91809352db8ab10152db9c9c770d57
Provides Management: No
Active: True
Quantity Used: 1
Service Level:
Service Type:
Status Details: Subscription is current
Subscription Type: Standard
Starts: 02/13/2016
Ends: 02/05/2046
System Type: Physical
Subscription Name: Red Hat Enterprise Linux Server, Premium (Physical or Virtual Nodes)
Provides: Red Hat Beta
Red Hat EUCJP Support (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux Load Balancer (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux Atomic Host
Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux Atomic Host Beta
Oracle Java (for RHEL Server)
Red Hat Container Images
Red Hat Enterprise Linux Scalable File System (for RHEL Server) - Extended Update Support
Red Hat Container Images Beta
Red Hat Developer Toolset (for RHEL Server)
Red Hat Enterprise Linux Server - Extended Update Support
Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux High Performance Networking (for RHEL Server) - Extended Update Support
Red Hat Software Collections (for RHEL Server)
Oracle Java (for RHEL Server) - Extended Update Support
Red Hat S-JIS Support (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux Server
Red Hat Software Collections Beta (for RHEL Server)
SKU: RH00003
Contract: ********
Account: ********
Serial: 258432120563694528
Pool ID: 2c91809352db8ab10152db913cfe05a6
Provides Management: No
Active: True
Quantity Used: 2
Service Level: Premium
Service Type: L1-L3
Status Details: Subscription is current
Subscription Type: Instance Based
Starts: 08/05/2015
Ends: 08/04/2016
System Type: Physical
Subscription Name: High Availability
Provides: Red Hat Enterprise Linux High Availability (for RHEL Server)
SKU: RH00025
Contract: ********
Account: ********
Serial: 5053354386533668681
Pool ID: 2c91809352db8ab10152db9170960984
Provides Management: No
Active: True
Quantity Used: 2
Service Level: Layered
Service Type: L1-L3
Status Details: Subscription is current
Subscription Type: Instance Based
Starts: 08/05/2015
Ends: 08/04/2016
System Type: Physical
Real World Use case 2
In this example, I have 6 hypervisors, which run Red Hat Enterprise Linux workloads.
I wish use the 6 Red Hat Enterprise Linux for Virtual Datacenters, Premium subscriptions to provide
access to Red Hat Enterprise Linux.
The usage here is 'for each virtual machine, ensure that it is consuming the subscription of its hypervisor'
ORG=Example
hammer activation-key create --organization "$ORG" --name 'ak-vDC_Key' --content-view RHEL7_Base --lifecycle-environment Library
hammer activation-key update --organization "$ORG" --name 'ak-vDC_Key' --auto-attach true
Note: You do NOT need to add EACH vDC subscription to your activation key. The client, if known via This content is not included.virt-who, will attach a vDC subscription to the hypervisor it resides on, if one is not attached already. This unlocks the ability for the guest to consume content based upon that subscription. If the guest is not known via virt-who, it will consume a temporary subscription.
- On the client
ORG=Example
subscription-manager register --activationkey=ak-vDC_Key --org "$ORG"
- Verify the subscriptions are attached.
subscription-manager list --consumed
+-------------------------------------------+
Consumed Subscriptions
+-------------------------------------------+
Subscription Name: Red Hat Enterprise Linux for Virtual Datacenters, Premium (DERIVED SKU)
Provides: Red Hat Beta
Red Hat EUCJP Support (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux Load Balancer (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support
Oracle Java (for RHEL Server)
Red Hat Enterprise Linux Scalable File System (for RHEL Server) - Extended Update Support
Red Hat Developer Toolset (for RHEL Server)
Red Hat Enterprise Linux Server - Extended Update Support
Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux High Performance Networking (for RHEL Server) - Extended Update Support
Oracle Java (for RHEL Workstation)
Red Hat Software Collections (for RHEL Server)
Red Hat S-JIS Support (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux Server
Red Hat Software Collections Beta (for RHEL Server)
SKU: RH00049
Contract: *******
Account: *******
Serial: 4796904774626524564
Pool ID: 2c91809352e1f1d70152e22d2719002d
Provides Management: No
Active: True
Quantity Used: 1
Service Level: Premium
Service Type: L1-L3
Status Details: Subscription is current
Subscription Type: Standard
Starts: 08/05/2015
Ends: 08/04/2016
System Type: Virtual
Note: if the client hasn't been reported via virt-who, the output is slightly different:
+-------------------------------------------+
Consumed Subscriptions
+-------------------------------------------+
Subscription Name: Red Hat Enterprise Linux for Virtual Datacenters, Premium (DERIVED SKU)
Provides: Red Hat Beta
Red Hat EUCJP Support (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux Load Balancer (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support
Oracle Java (for RHEL Server)
Red Hat Enterprise Linux Scalable File System (for RHEL Server) - Extended Update Support
Red Hat Developer Toolset (for RHEL Server)
Red Hat Enterprise Linux Server - Extended Update Support
Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux High Performance Networking (for RHEL Server) - Extended Update Support
Oracle Java (for RHEL Workstation)
Red Hat Software Collections (for RHEL Server)
Red Hat S-JIS Support (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux Server
Red Hat Software Collections Beta (for RHEL Server)
SKU: RH00049
Contract: *******
Account: *******
Serial: 4796904774626524564
Pool ID: 2c91809352e1f1d70152e22d2719002d
Provides Management: No
Active: True
Quantity Used: 1
Service Level: Premium
Service Type: L1-L3
Status Details: Guest has not been reported on any host and is using a temporary unmapped guest subscription.
Subscription Type: Stackable (Temporary)
Starts: 08/05/2015
Ends: 08/04/2016
System Type: Virtual
Real World Use case 3
Building on use Real World Use case #2, the need is to provide access to OpenShift for a subset of the virtual machines running on the hypervisors.
The usage here is 'use the vDC subscription for each virtual machine and explicitly add an OpenShift subscription. In this example, multiple
activation keys will be leveraged for desired effect.
- On the Satellite
ORG=Example
hammer activation-key create --organization "$ORG" --name 'ak-OpenShift'
- Disable auto-attach on the key. (Again, disabling auto-attach means 'attach all subscriptions listed on the key')
hammer activation-key update --organization "$ORG" --name 'ak-OpenShift' --auto-attach false
- Attach the OpenShift subscriptions
hammer activation-key add-subscription --organization "$ORG" --name "ak-OpenShift" --subscription-id 2c91809352db8ab10152db91748409d0
- On the client
ORG=Example
subscription-manager register --activationkey=ak-vDC_Key,ak-OpenShift --org "$ORG"
- Verify the subscriptions are attached
subscription-manager list --consumed
+-------------------------------------------+
Consumed Subscriptions
+-------------------------------------------+
Subscription Name: OpenShift Enterprise Premium, 2 Cores
Provides: Red Hat OpenShift Enterprise
Red Hat Beta
Red Hat OpenShift Enterprise Application Node
Red Hat Enterprise Linux Atomic Host
Oracle Java (for RHEL Server)
JBoss Enterprise Web Server
Red Hat OpenShift Enterprise Client Tools
Red Hat Software Collections (for RHEL Server)
Red Hat Enterprise Linux Server
Red Hat Software Collections Beta (for RHEL Server)
SKU: MCT2735
Contract: *******
Account: *******
Serial: 2726932350273242614
Pool ID: 2c91809352db8ab10152db91748409d0
Provides Management: Yes
Active: True
Quantity Used: 1
Service Level: Premium
Service Type: L1-L3
Status Details: Subscription is current
Subscription Type: Standard
Starts: 08/11/2015
Ends: 08/10/2016
System Type: Physical
Subscription Name: Red Hat Enterprise Linux for Virtual Datacenters, Premium (DERIVED SKU)
Provides: Red Hat Beta
Red Hat EUCJP Support (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux Load Balancer (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support
Oracle Java (for RHEL Server)
Red Hat Enterprise Linux Scalable File System (for RHEL Server) - Extended Update Support
Red Hat Developer Toolset (for RHEL Server)
Red Hat Enterprise Linux Server - Extended Update Support
Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux High Performance Networking (for RHEL Server) - Extended Update Support
Oracle Java (for RHEL Workstation)
Red Hat Software Collections (for RHEL Server)
Red Hat S-JIS Support (for RHEL Server) - Extended Update Support
Red Hat Enterprise Linux Server
Red Hat Software Collections Beta (for RHEL Server)
SKU: RH00049
Contract: *******
Account: *******
Serial: 147799866929282388
Pool ID: 2c91809352e1f1d70152e22d2719002d
Provides Management: No
Active: True
Quantity Used: 1
Service Level: Premium
Service Type: L1-L3
Status Details: Subscription is current
Subscription Type: Standard
Starts: 08/05/2015
Ends: 08/04/2016
System Type: Virtual
Product(s)
Category
Article Type