| Deployment GuidePart II. Package ManagementAll software on a Red Hat Enterprise Linux system is divided into RPM packages, which can be installed, upgraded, or removed. This part focuses on product subscriptions and entitlements, and describes how to manage packages on Red Hat Enterprise Linux using both Yum and the PackageKit suite of graphical package management tools. Chapter 5. Registering a System and Managing SubscriptionsEffective asset management requires a mechanism to handle the software inventory - both the type of products and the number of systems that the software is installed on. The subscription service provides that mechanism and gives transparency into both global allocations of subscriptions for an entire organization and the specific subscriptions assigned to a single system. Red Hat Subscription Manager works with yum to unite content delivery with subscription management. The Subscription Manager handles only the subscription-system associations. yum or other package management tools handle the actual content delivery. Chapter 6, Yum describes how to use yum. 5.1. Using Red Hat Subscription Manager ToolsBoth registration and subscriptions are managed on the local system through GUI and CLI tools called Red Hat Subscription Manager. The Red Hat Subscription Manager tools are always run as root because of the nature of the changes to the system. However, Red Hat Subscription Manager connects to the subscription service as a user account for the subscription service. 5.1.1. Launching the Red Hat Subscription Manager GUIRed Hat Subscription Manager is listed as one of the administrative tools in the menu in the top management bar. Alternatively, the Red Hat Subscription Manager GUI can be opened from the command line with a single command: [root@server1 ~]# subscription-manager-gui 5.1.2. Running the subscription-manager Command-Line ToolAny of the operations that can be performed through the Red Hat Subscription Manager UI can also be performed by running the subscription-manager tool. This tool has the following format: [root@server1 ~]# subscription-manager command [options] Each command has its own set of options that are used with it. The subscription-manager help and manpage have more information. Table 5.1. Common subscription-manager Commands | Command | Description |
|---|
| register | Registers or identifies a new system to the subscription service. | | unregister | Unregisters a machine, which strips its subscriptions and removes the machine from the subscription service. | | subscribe | Attaches a specific subscription to the machine. | | redeem | Auto-attaches a machine to a pre-specified subscription that was purchased from a vendor, based on its hardware and BIOS information. | | unsubscribe | Removes a specific subscription or all subscriptions from the machine. | | list | Lists all of the subscriptions that are compatible with a machine, either subscriptions that are actually attached to the machine or unused subscriptions that are available to the machine. |
5.2. Registering and Unregistering a SystemSystems can be registered with a subscription service during the firstboot process or as part of the kickstart setup (both described in the Installation Guide). Systems can also be registered after they have been configured or removed from the subscription service inventory (unregistered) if they will no longer be managed within that subscription service. 5.2.1. Registering from the GUILaunch Subscription Manager. For example: [root@server ~]# subscription-manager-gui If the system is not already registered, then there will be a Register button at the top of the window in the top right corner of the My Installed Products tab. To identify which subscription server to use for registration, enter the hostname of the service. The default service is Customer Portal Subscription Management, with the hostname subscription.rhn.redhat.com. To use a different subscription service, such as Subscription Asset Manager, enter the hostname of the local server. There are seveal different subscription services which use and recognize certificate-based subscriptions, and a system can be registered with any of them in firstboot: Customer Portal Subscription Management, hosted services from Red Hat (the default) Subscription Asset Manager, an on-premise subscription server which proxies content delivery back to the Customer Portal's services CloudForms System Engine, an on-premise service which handles both subscription services and content delivery
Enter the user credentials for the given subscription service to log in. The user credentials to use depend on the subscription service. When registering with the Customer Portal, use the Red Hat Network credentials for the administrator or company account. However, for Subscription Asset Manager or CloudForms System engine, the user account to use is created within the on-premise service and probably is not the same as the Customer Portal user account. Optionally, select the Manually assign subscriptions after registration checkbox. When registration begins, Subscription Manager scans for organizations and environments (sub-domains within the organization) to which to register the system. IT environments that use Customer Portal Subscription Management have only a single organization, so no further configuration is necessary. IT infrastructures that use a local subscription service like Subscription Asset Manager might have multiple organizations configured, and those organizations may have multiple environments configured within them. If multiple organizations are detected, Subscription Manager prompts to select the one to join. With the default setting, subscriptions are automatically selected and attached to the system. Review and confirm the subscriptions to attach to the system. If prompted, select the service level to use for the discovered subscriptions. Subscription Manager lists the selected subscription. This subscription selection must be confirmed by clicking the Subscribe button for the wizard to complete.
5.2.2. Registering from the Command LineThe simplest way to register a machine is to pass the register command with the user account information required to authenticate to Customer Portal Subscription Management. When the system is successfully authenticated, it echoes back the newly-assigned system inventory ID and the user account name which registered it. Example 5.1. Registering a System to the Customer Portal [root@server1 ~]# subscription-manager register --username admin-example --password secretThe system has been registered with id: 7d133d55-876f-4f47-83eb-0ee931cb0a97 Example 5.2. Automatically Subscribing While Registering The register command has an option, --autosubscribe, which allows the system to be registered to the subscription service and immediately attaches the subscription which best matches the system's architecture, in a single step. [root@server1 ~]# subscription-manager register --username admin-example --password secret --autosubscribe This is the same behavior as when registering with the default settings in the Subscription Manager UI. Example 5.3. Registering a System with Subscription Asset Manager With Subscription Asset Managr or CloudForms System Engine, an account can have multiple, independent subdivisions called organizationst is required that you specify which organization (essentially an independent group or unit within the main account) to join the system to. This is done by using the --org option in addition to the username and password. The given user must also have the access permissions to add systems to that organization. To register with a subscription service other than Customer Portal Subscription Management, several additional options must be used to identify the environment and organizational divisions that the system is being registered to: The username and password for the user account withint the subscription service itself --serverurl to give the hostname of the subscription service
--baseurl to give the hostname of the content delivery service (for CloudForms System Engine only)
--org to give the name of the organization under which to register the system
--environment to give the name of an environment (group) within the organization to which to add the system; this is optional, since a default environment is set for any organization
A system can only be added to an environment during registration.
[root@server1 ~]# subscription-manager register --username=admin-example --password=secret --org="IT Department" --environment="dev" --serverurl=sam-server.example.comThe system has been registered with id: 7d133d55-876f-4f47-83eb-0ee931cb0a97 If the system is in a multi-org environment and no organization is given, the register command returns a Remote Server error. Table 5.2. register Options | Options | Description | Required |
|---|
| --username=name | Gives the content server user account name. | Required | | --password=password | Gives the password for the user account. | Required | | --serverurl=hostname | Gives the hostname of the subscription service to use. The default is for Customer Portal Subcription Management, subscription.rhn.redhat.com. If this option is not used, the system is registered with Customer Portal Subscription Management. | Required for Subscription Asset Manager or CloudForms System Engine | | --baseurl=URL | Gives the hostname of the content delivery server to use to receive updates. Both Customer Portal Subscription Management and Subscription Asset Manager use Red Hat's hosted content delivery services, with the URL https://cdn.redhat.com. Since CloudForms System Engine hosts its own content, the URL must be used for systems registered with System Engine. | Required for CloudForms System Engine | | --org=name | Gives the organization to which to join the system. | Required, except for hosted environments | | --environment=name | Registers the system to an environment within an organization. | Optional | | --name=machine_name | Sets the name of the system to register. This defaults to be the same as the hostname. | Optional | | --autosubscribe | Automatically ataches the best-matched compatible subscription. This is good for automated setup operations, since the system can be configured in a single step. | Optional | | --activationkey=key | Attaches existing subscriptions as part of the registration process. The subscriptions are pre-assigned by a vendor or by a systems administrator using Subscription Asset Manager. | Optional | | --servicelevel=None|Standard|Premium | Sets the service level to use for subscriptions on that machine. This is only used with the --autosubscribe option. | Optional | | --release=NUMBER | Sets the operating system minor release to use for subscriptions for the system. Products and updates are limited to that specific minor release version. This is used only used with the --autosubscribe option. | Optional | | --force | Registers the system even if it is already registered. Normally, any register operations will fail if the machine is already registered. | Optional |
The only thing required to unregister a machine is to run the unregister command. This removes the system's entry from the subscription service, removes any subscriptions, and, locally, deletes its identity and subscription certificates. From the command line, this requires only the unregister command. Example 5.4. Unregistering a System [root@server1 ~]# subscription-manager unregister To unregister from the Subscription Manager GUI: Open the Subscription Manager UI. [root@server ~]# subscription-manager-gui Open the System menu, and select the item. Confirm that the system should be unregistered.
5.3. Attaching and Removing SubscriptionsAssigning a subscription to a system gives the system the ability to install and update any Red Hat product in that subscription. A subscription is a list of all of the products, in all variations, that were purchased at one time, and it defines both the products and the number of times that subscription can be used. When one of those licenses is associated with a system, that subscription is attached to the system. 5.3.1. Attaching and Removing Subscriptions through the GUI5.3.1.1. Attaching a SubscriptionLaunch Subscription Manager. For example: [root@server ~]# subscription-manager-gui Open the All Available Subscriptions tab. Optionally, set the date range and click the Filters button to set the filters to use to search for available subscriptions. Subscriptions can be filtered by their active date and by their name. The checkboxes provide more fine-grained filtering: match my system shows only subscriptions which match the system architecture. match my installed products shows subscriptions which work with currently installed products on the system. have no overlap with existing subscriptions excludes subscriptions with duplicate products. If a subscription is already attached to the system for a specific product or if multiple subscriptions supply the same product, then the subscription service filters those subscriptions and shows only the best fit. contain the text searches for strings, such as the product name, within the subscription or pool.
After setting the date and filters, click the Update button to apply them. Select one of the available subscriptions. Click the Subscribe button.
5.3.1.2. Removing SubscriptionsLaunch Subscription Manager. For example: [root@server ~]# subscription-manager-gui Open the My Subscriptions tab. All of the active subscriptions to which the system is currently attached are listed. (The products available through the subscription may or may not be installed.) Select the subscription to remove. Click the Unsubscribe button in the bottom right of the window.
5.3.2. Attaching and Removing Subscriptions through the Command Line5.3.2.1. Attaching SubscriptionsAttaching subscriptions to a system requires specifying the individual product or subscription to attach, using the --pool option. [root@server1 ~]# subscription-manager subscribe --pool=XYZ01234567 The ID of the subscription pool for the purchased product must be specified. The pool ID is listed with the product subscription information, which is available from running the list command: [root@server1 ~]# subscription-manager list --available+-------------------------------------------+ Available Subscriptions+-------------------------------------------+ProductName: RHEL for Physical ServersProductId: MKT-rhel-serverPoolId: ff8080812bc382e3012bc3845ca000cbQuantity: 10Expires: 2011-09-20 Alternatively,the best-fitting subscriptions, as identified by the subscription service, can be attached to the system by using the --auto option (which is analogous to the --autosubscribe option with the register command). [root@server1 ~]# subscription-manager subscribe --auto Table 5.3. subscribe Options | Options | Description | Required |
|---|
| --pool=pool-id | Gives the ID for the subscription to attach to the system. | Required, unless --auto is used | | --auto | Automatically attaches the system to the best-match subscription or subscriptions. | Optional | | --quantity=number | Attaches multiple counts of a subscription to the system. This is used to cover subscriptions that define a count limit, like using two 2-socket server subscriptions to cover a 4-socket machine. | Optional | | --servicelevel=None|Standard|Premium | Sets the service level to use for subscriptions on that machine. This is only used with the --auto option. | Optional |
5.3.2.2. Removing Subscriptions from the Command LineA system can be attached to multiple subscriptions and products. Similarly, a single subscription or all subscriptions can be removed from the system. Running the unsubscribe command with the --all option removes every product subscription and subscription pool that is currently attached to the system. [root@server1 ~]# subscription-manager unsubscribe --all It is also possible to remove a single product subscription. Each product has an identifying X.509 certificate installed with it. The product subscription to remove is identified in the unsubscribe command by referencing the ID number of that X.509 certificate. Get the serial number for the product certificate, if you are removing a single product subscription. The serial number can be obtained from the subscription#.pem file (for example, 392729555585697907.pem) or by using the list command. For example: [root@server1 ~]# subscription-manager list --consumed+-------------------------------------------+ Consumed Product Subscriptions+-------------------------------------------+ProductName: High availability (cluster suite)ContractNumber: 0SerialNumber: 11287514358600162Active: TrueBegins: 2010-09-18Expires: 2011-11-18 Run the subscription-manager tool with the --serial option to specify the certificate. [root@server1 ~]# subscription-manager unsubscribe --serial=11287514358600162
5.4. Redeeming Vendor SubscriptionsSystems can be set up with pre-existing subscriptions already available to that system. For some systems which were purchased through third-party vendors, a subscription to Red Hat products is included with the purchase of the machine. Red Hat Subscription Manager pulls information about the system hardware and the BIOS into the system facts to recognize the hardware vendor. If the vendor and BIOS information matches a certain configuration, then the subscription can be redeemed, which will allow subscriptions to be automatically attached to the system. 5.4.1. Redeeming Subscriptions through the GUIIf the machine does not have any subscriptions to be redeemed, then the Redeem menu item is not there. Launch Subscription Manager. For example: [root@server ~]# subscription-manager-gui Open the menu in the top left of the window, and click the Redeem item. In the dialog window, enter the email address to send the notification to when the redemption is complete. Because the redemption process can take several minutes to contact the vendor and receive information about the pre-configured subscriptions, the notification message is sent through email rather than through the Subscription Manager dialog window. Click the Redeem button.
It can take up to ten minutes for the confirmation email to arrive. 5.4.2. Redeeming Subscriptions through the Command LineThe machine must be registered first so that the subscription service can properly identify the system and its subscriptions. The machine subscriptions are redeemed by running the redeem command, with an email address to send the redemption email to when the process is complete. # subscription-manager redeem [email protected] 5.5. Attaching Subscriptions from a Subscription Asset Manager Activation KeyA local Subscription Asset Manager can pre-configure subscriptions to use for a system, and that pre-configured set of subscriptions is identified by an activation key. That key can then be used to attach those subscriptions on a local system. The Subscription Asset Manager activation key can be used as part of the registration process for the new system: # subscription-manager register --username=jsmith --password=secret --org="IT Dept" --activationkey=abcd1234 If there are multiple organizations, it is still necessary to specify the organization for the system. That information is not defined in the activation key. 5.6. Setting Preferences for SystemsAuto-attaching and healing (updating) subscriptions selects what subscriptions to attach to a system based on a variety of criteria, including current installed products, hardware, and architecture. It is possible to set two additional preferences for Subscription Manager to use: This is especially useful for healing, which runs daily to ensure that all installed products and current subscriptions remain active. 5.6.1. Setting Preferences in the UIBoth a service level preference and an operating system release version preference are set in the System Preferences dialog box in Subscription Manager. Open the Subscription Manager. Open the System menu. Select the System Preferences menu item. Select the desired service level agreement preference from the drop-down menu. Only service levels available to the Red Hat account, based on all of its active subscriptions, are listed. Select the operating system release preference in the Release version drop-down menu. The only versions listed are Red Hat Enterprise Linux versions for which the account has an active subscription. The preferences are saved and applied to future subscription operations when they are set. To close the dialog, click Close.
5.6.2. Setting Service Levels Through the Command LineA general service level preference can be set using the service-level --set command. Example 5.5. Setting a Service Level Preference First, list the available service levels for the system, using the --list option with the service-level command. [root@server ~]# subscription-manager service-level --list+-------------------------------------------+ Available Service Levels+-------------------------------------------+StandardNonePremiumSelf-Support Then, set the desired level for the system. [root@server ~]# subscription-manager service-level --set=self-supportService level set to: self-support The current setting for the local system is shown with the --show option: [root#server ~]# subscription-manager service-level --showCurrent service level: self-support A service level preference can be defined when a subscription operation is being run (such as registering a system or attaching subscriptions after registration). This can be used to override a system preference. Both the register and subscribe commands have the --servicelevel option to set a preference for that action. Example 5.6. Autoattaching Subscriptions with a Premium Service Level [root#server ~]# subscription-manager subscribe --auto --servicelevel PremiumService level set to: PremiumInstalled Product Current Status:ProductName: RHEL 6 for WorkstationsStatus: Subscribed The --servicelevel option requires the --autosubscribe option (for register) or --auto option (for subscribe). It cannot be used when attaching a specified pool or when importing a subscription. 5.6.3. Setting a Preferred Operating System Release Version in the Command LineMany IT environments have to be certified to meet a certain level of security or other criteria. In that case, major upgrades must be carefully planned and controlled - so administrators cannot simply run yum update and move from version to version. Setting a release version preference limits the system access to content repositories associated with that operating system version instead of automatically using the newest or latest version repositories. For example, if the preferred operating system version is 6.3, then 6.3 content repositories will be preferred for all installed products and attached subscriptions for the system, even as other repositories become available. Example 5.7. Setting an Operating System Release During Registration A preference for a release version can be set when the system is registered by using --release option with the register. This applies the release preference to any subscriptions selected and auto-attached to the system at registration time. Setting a preference requires the --autosubscribe option, because it is one of the criteria used to select subscriptions to auto-attach. [root#server ~]# subscription-manager register --autosubscribe --release=6.4 [email protected]... Unlike setting a service level preference, a release preference can only be used during registration or set as a preference. It cannot be specified with the subscribe command. Example 5.8. Setting an Operating System Release Preference The release command can display the available operating system releases, based on the available, purchased (not only attached) subscriptions for the organization. [root#server ~]# subscription-manager release --list+-------------------------------------------+ Available Releases+-------------------------------------------+6.26.3 The --set then sets the preference to one of the available release versions: [root#server ~]# subscription-manager release --set=6.3Release version set to: 6.3 5.7. Managing Subscription Expiration and NotificationsSubscriptions are active for a certain period of time, called the validity period. When a subscription is purchased, the start and end dates for the contract are set. On a system, there can be multiple subscriptions attached. Each product requires its own subscription. Additionally, some products may require multiple quantities for it to be fully subscribed. For example, a 16 socket machine may require four 4-socket operating system subscriptions to cover the socket count. The My Installed Software tab shows the subscription status for the entire system. It also shows a date; that is the first date that a product subscription goes from valid to invalid (meaning it expires). The Red Hat Subscription Manager provides a series of log and UI messages that indicate any changes to the valid certificates of any installed products for a system. In the Subscription Manager GUI, the status of the system subscriptions is color-coded, where green means all products are fully subscribed, yellow means that some products may not be subscribed but updates are still in effect, and red means that updates are disabled. The command-line tools also indicate that status of the machine. The green, yellow, and red codes translate to text status messages of subscribed, partially subscribed, and expired/not subscribed, respectively. [root@server ~]# subscription-manager list+-------------------------------------------+ Installed Product Status+-------------------------------------------+ProductName: Red Hat Enterprise Linux ServerStatus: Not SubscribedExpires: SerialNumber: ContractNumber: AccountNumber: Whenever there is a warning about subscription changes, a small icon appears in the top menu bar, similar to a fuel gauge. As any installed product nears the expiration date of the subscription, the Subscription Manager daemon will issue a warning. A similar message is given when the system has products without a valid certificate, meaning either a subscription is not atached that covers that product or the product is installed past the expiration of the subscription. Clicking the Manage My Subscriptions... button in the subscription notification window opens the Red Hat Subscription Manager GUI to view and update subscriptions. When the Subscription Manager UI opens, whether it was opened through a notification or just opened normally, there is an icon in the upper left corner that shows whether products lack a valid certificate. The easiest way to attach subscriptions which match invalidated products is to click the Autosubscribe button. The Subscribe System dialog shows a targeted list of available subscriptions that apply to the specific products that do not have valid certificates (assuming subscriptions are available). |
| |
|
