Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 22. Registering the system by using RHEL system roles
The rhc RHEL system role enables administrators to automate the registration of multiple systems with Red Hat Subscription Management (RHSM) and Satellite servers. The role also supports Red Hat Lightspeed-related configuration and management tasks by using Ansible.
By default, when you register a system by using rhc, the system is connected to Red Hat Lightspeed. Additionally, with rhc, you can:
- Configure connections to Red Hat Lightspeed
- Enable and disable repositories
- Configure the proxy to use for the connection
- Configure Red Hat Lightspeed remediations and, auto updates
- Set the release of the system
- Configure Red Hat Lightspeed tags
22.1. Registering a system by using the rhc RHEL system role
You can register multiple systems at scale with Red Hat subscription management (RHSM) by using the rhc RHEL system role. By default, rhc connects the system to Red Hat Lightspeed when you register it.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions for these nodes.
Procedure
Store your sensitive variables in an encrypted file:
Create the vault:
$ ansible-vault create ~/vault.yml New Vault password: <password> Confirm New Vault password: <vault_password>After the
ansible-vault createcommand opens an editor, enter the sensitive data in the<key>: <value>format:activationKey: <activation_key> organizationID: <organizationID> username: <username> password: <password>- Save the changes, and close the editor. Ansible encrypts the data in the vault.
Create a playbook file, for example,
~/playbook.yml, with the following content:To register by using an activation key and organization ID (recommended), use the following playbook:
--- - name: Managing systems with the rhc RHEL system role hosts: managed-node-01.example.com vars_files: - ~/vault.yml tasks: - name: Registering system by using activation key and organization ID ansible.builtin.include_role: name: redhat.rhel_system_roles.rhc vars: rhc_auth: activation_keys: keys: - "{{ activationKey }}" rhc_organization: "{{ organizationID }}"The settings specified in the example playbook include the following:
rhc_auth: activation_keysThe key
activation_keysspecifies that you want to register by using the activation keys.For details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.rhc.README.mdfile on the control node.
To register by using a username and password, use the following playbook:
--- - name: Managing systems with the rhc RHEL system role hosts: managed-node-01.example.com vars_files: - ~/vault.yml tasks: - name: Registering system with username and password ansible.builtin.include_role: name: redhat.rhel_system_roles.rhc vars: rhc_auth: login: username: "{{ username }}" password: "{{ password }}"
The settings specified in the example playbook include the following:
rhc_auth: login-
The key
loginspecifies that you want to register by using the username and password.
Validate the playbook syntax:
$ ansible-playbook --syntax-check --ask-vault-pass ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook --ask-vault-pass ~/playbook.yml
22.2. Disabling the connection to Red Hat Lightspeed after the registration by using the rhc RHEL system role
When you register a system by using the rhc RHEL system role, the role, by default, enables the connection to Red Hat Lightspeed. You can disable Red Hat Lightspeed by using the rhc RHEL system role, if not required.
Red Hat Lightspeed is a managed service in the Hybrid Cloud Console that uses predictive analytics, remediation capabilities, and deep domain expertise to simplify complex operational tasks.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions for these nodes. - You have registered the system.
Procedure
Create a playbook file, for example,
~/playbook.yml, with the following content:--- - name: Managing systems with the rhc RHEL system role hosts: managed-node-01.example.com tasks: - name: Disable Insights connection ansible.builtin.include_role: name: redhat.rhel_system_roles.rhc vars: rhc_insights: state: absentThe settings specified in the example playbook include the following:
rhc_insights absent|presentEnables or disables system registration with Red Hat Lightspeed for proactive analytics and recommendations.
For details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.rhc/README.mdfile on the control node.
Validate the playbook syntax:
$ ansible-playbook --syntax-check ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook ~/playbook.yml
22.3. Managing repositories by using the rhc RHEL system role
Enabling repositories on a RHEL system is essential for accessing, installing, and updating software packages from verified sources. You can remotely enable or disable repositories on managed nodes by using rhc RHEL system role to ensure the system security, stability, and compatibility.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions for these nodes. - You have details of the repositories which you want to enable or disable on the managed nodes.
- You have registered the system.
Procedure
Create a playbook file, for example,
~/playbook.yml, with the following content:--- - name: Managing systems with the rhc RHEL system role hosts: managed-node-01.example.com tasks: - name: Enable repository ansible.builtin.include_role: name: redhat.rhel_system_roles.rhc vars: rhc_repositories: - name: "RepositoryName" state: enabledThe settings specified in the example playbook include the following:
name: RepositoryName- Name of the repository that should be enabled.
state: enabled|disabled-
Optional, enables or disables the repository. Default is
enabled.
For details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.rhc/README.mdfile on the control node.Validate the playbook syntax:
$ ansible-playbook --syntax-check ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook ~/playbook.yml
22.4. Locking the system to a particular release by using the rhc RHEL system role
You can lock your system to a specific RHEL release to maintain stability and prevent unintended updates in production environments.
To ensure system stability and compatibility, it is sometimes necessary to limit the RHEL system to use only repositories from a specific minor version rather than automatically upgrading to the latest available release. Locking the system to a particular minor version helps maintain consistency in production environments, which prevents unintended updates that might introduce compatibility issues.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions for these nodes. - You know the RHEL version to which you want to lock the system. Note that you can only lock the system to the RHEL minor version that the managed node currently runs or a later minor version.
- You have registered the system.
Procedure
Create a playbook file, for example,
~/playbook.yml, with the following content:--- - name: Managing systems with the rhc RHEL system role hosts: managed-node-01.example.com tasks: - name: Lock the system to a particular release ansible.builtin.include_role: name: redhat.rhel_system_roles.rhc vars: rhc_release: "8.6"The settings specified in the example playbook include the following:
rhc_release: versionThe version of RHEL to set for the system, so the available content will be limited to that version.
For details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.rhc/README.mdfile on the control node.
Validate the playbook syntax:
$ ansible-playbook --syntax-check ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook ~/playbook.yml
22.5. Using a proxy server when registering the host by using the rhc RHEL system role
If your security restrictions allow access to the Internet only through a proxy server, you can specify the proxy settings of the rhc role when you register the system using rhc.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions for these nodes.
Procedure
Store your sensitive variables in an encrypted file:
Create the vault:
$ ansible-vault create ~/vault.yml New Vault password: <password> Confirm New Vault password: <vault_password>After the
ansible-vault createcommand opens an editor, enter the sensitive data in the<key>: <value>format:username: <username> password: <password> proxy_username: <proxyusernme> proxy_password: <proxypassword>- Save the changes, and close the editor. Ansible encrypts the data in the vault.
Create a playbook file, for example,
~/playbook.yml, with the following content:--- - name: Managing systems with the rhc RHEL system role hosts: managed-node-01.example.com vars_files: - ~/vault.yml tasks: - name: Register to the Red Hat Customer Portal by using proxy ansible.builtin.include_role: name: redhat.rhel_system_roles.rhc vars: rhc_auth: login: username: "{{ username }}" password: "{{ password }}" rhc_proxy: hostname: proxy.example.com port: 3128 username: "{{ proxy_username }}" password: "{{ proxy_password }}"The settings specified in the example playbook include the following:
hostname: proxy.example.com- A fully qualified domain name (FQDN) of the proxy server.
port: 3128- Defines the network port used for communication with the proxy server.
username: proxy_username- Specifies the username for authentication. This is required only if the proxy server requires authentication.
password: proxy_password- Specifies the password for authentication. This is required only if the proxy server requires authentication.
For details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.rhc/README.mdfile on the control node.Validate the playbook syntax:
$ ansible-playbook --syntax-check --ask-vault-pass ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook --ask-vault-pass ~/playbook.yml
22.6. Managing auto updates of Red Hat Lightspeed rules by using the rhc RHEL system role
You can enable or disable the automatic collection rule updates for Red Hat Lightspeed by using the rhc RHEL system role. By default, when you connect your system to Red Hat Lightspeed, this option is enabled. You can disable it by using rhc.
If you disable this feature, you risk using outdated rule definition files and not getting the most recent validation updates.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions for these nodes. - You have registered the system.
Procedure
Store your sensitive variables in an encrypted file:
Create the vault:
$ ansible-vault create ~/vault.yml New Vault password: <password> Confirm New Vault password: <vault_password>After the
ansible-vault createcommand opens an editor, enter the sensitive data in the<key>: <value>format:username: <username> password: <password>- Save the changes, and close the editor. Ansible encrypts the data in the vault.
Create a playbook file, for example,
~/playbook.yml, with the following content:--- - name: Managing systems with the rhc RHEL system role hosts: managed-node-01.example.com vars_files: - ~/vault.yml tasks: - name: Enable Red Hat Lightspeed autoupdates ansible.builtin.include_role: name: redhat.rhel_system_roles.rhc vars: rhc_auth: login: username: "{{ username }}" password: "{{ password }}" rhc_insights: autoupdate: true state: presentThe settings specified in the example playbook include the following:
autoupdate: true|falseEnables or disables the automatic collection rule updates for Red Hat Lightspeed.
For details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.rhc/README.mdfile on the control node.
Validate the playbook syntax:
$ ansible-playbook --syntax-check --ask-vault-pass ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook --ask-vault-pass ~/playbook.yml
22.7. Configuring Red Hat Lightspeed remediations by using the rhc RHEL system role
You can use the rhc RHEL system role to configure Red Hat Lightspeed remediations on your systems. When you connect your system to Red Hat Lightspeed, it is enabled by default.
You can use rhc to ensure your system is ready for remediation when connected directly to Red Hat. For more information about Red Hat Lightspeed remediations, see Red Hat Lightspeed Remediations.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions for these nodes. - You have Red Hat Lightspeed remediations enabled.
- You have registered the system.
Procedure
Create a playbook file, for example,
~/playbook.yml, with the following content:--- - name: Managing systems with the rhc RHEL system role hosts: managed-node-01.example.com tasks: - name: Disable remediation ansible.builtin.include_role: name: redhat.rhel_system_roles.rhc vars: rhc_insights: remediation: absent state: presentValidate the playbook syntax:
$ ansible-playbook --syntax-check ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook ~/playbook.yml
22.8. Configuring Red Hat Lightspeed tags by using the rhc RHEL system role
You can use the rhc RHEL system role to configure Red Hat Lightspeed tags. With these tags you can efficiently filter and group systems based on attributes, such as their location. This simplifies automation and enhances security compliance across large infrastructures.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions for these nodes.
Procedure
Store your sensitive variables in an encrypted file:
Create the vault:
$ ansible-vault create ~/vault.yml New Vault password: <password> Confirm New Vault password: <vault_password>After the
ansible-vault createcommand opens an editor, enter the sensitive data in the<key>: <value>format:username: <username> password: <password>- Save the changes, and close the editor. Ansible encrypts the data in the vault.
Create a playbook file, for example,
~/playbook.yml, with the following content:--- - name: Managing systems with the rhc RHEL system role hosts: managed-node-01.example.com vars_files: - ~/vault.yml tasks: - name: Creating tags ansible.builtin.include_role: name: redhat.rhel_system_roles.rhc vars: rhc_auth: login: username: "{{ username }}" password: "{{ password }}" rhc_insights: tags: group: group-name-value location: location-name-value description: - RHEL8 - SAP sample_key: value state: presentThe settings specified in the example playbook include the following:
group: group-name-value- Specifies the system group for organizing and managing registered hosts.
location: location-name-value- Defines the location associated with the registered system.
description- Provides a brief summary or identifier for the registered system.
state: present|absent- Indicates the current status of the registered system.
NoteThe content inside the
tagsis a YAML structure representing the tags desired by the administrator for the configured systems. The example provided here is for illustrative purposes only and is not exhaustive. Administrators can customize the YAML structure to include any additional keys and values as needed.Validate the playbook syntax:
$ ansible-playbook --syntax-check --ask-vault-pass ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook --ask-vault-pass ~/playbook.yml
22.9. Unregistering a system by using the rhc RHEL system role
You can use the rhc RHEL system role to unregister the system from the Red Hat subscription service if you no longer want to receive content from the registration server on a specific system, for example, system decommissioning, VM deletion, or when switching to a local content mirror.
Prerequisites
- You have prepared the control node and the managed nodes.
- You are logged in to the control node as a user who can run playbooks on the managed nodes.
-
The account you use to connect to the managed nodes has
sudopermissions for these nodes. - The system is already registered.
Procedure
Create a playbook file, for example,
~/playbook.yml, with the following content:--- - name: Managing systems with the rhc RHEL system role hosts: managed-node-01.example.com tasks: - name: Unregister the system ansible.builtin.include_role: name: redhat.rhel_system_roles.rhc vars: rhc_state: absentThe settings specified in the example playbook include the following:
rhc_state: absentSpecifies the system should be unregistered from the registration server, RHSM, or Satellite.
For details about all variables used in the playbook, see the
/usr/share/ansible/roles/rhel-system-roles.rhc/README.mdfile on the control node.
Validate the playbook syntax:
$ ansible-playbook --syntax-check ~/playbook.ymlNote that this command only validates the syntax and does not protect against a wrong but valid configuration.
Run the playbook:
$ ansible-playbook ~/playbook.yml
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}