Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 22. Registering the system by using RHEL system roles

The rhc RHEL system role enables administrators to automate the registration of multiple systems with Red Hat Subscription Management (RHSM) and Satellite servers. The role also supports Insights-related configuration and management tasks by using Ansible. By default, when you register a system by using rhc, the system is connected to Red Hat Insights. Additionally, with rhc, you can:

  • Configure connections to Red Hat Insights
  • Enable and disable repositories
  • Configure the proxy to use for the connection
  • Configure Insights remediations and, auto updates
  • Set the release of the system
  • Configure Insights tags

22.1. Registering a system by using the rhc RHEL system role

You can register multiple systems at scale with Red Hat subscription management (RHSM) by using the rhc RHEL system role. By default, rhc connects the system to Red Hat Insights when you register it. Registering your system enables features and capabilities that you can use to manage your system and report data.

Prerequisites

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create vault.yml
New Vault password: <password>
Confirm New Vault password: <vault_password>

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      activationKey: <activation_key>
organizationID: <organizationID>
username: <username>
password: <password>
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file, for example ~/playbook.yml, with the following content:

    • To register by using an activation key and organization ID (recommended), use the following playbook: 

      ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  vars_files:
    - vault.yml
  tasks:
    - name: Registering system by using activation key and organization ID
      ansible.builtin.include_role:
        name: rhel-system-roles.rhc
      vars:
        rhc_auth:
          activation_keys:
            keys:
              - "{{ activationKey }}"
        rhc_organization: "{{ organizationID }}"

      The settings specified in the example playbook include the following:

      rhc_auth: activation_keys
      The key activation_keys specifies that you want to register by using the activation keys.

    • To register by using a username and password, use the following playbook: 

      ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  vars_files:
    - vault.yml
  tasks:
    - name: Registering system with username and password
      ansible.builtin.include_role:
        name: rhel-system-roles.rhc
      vars:
        rhc_auth:
          login:
            username: "{{ username }}"
            password: "{{ password }}"

    The settings specified in the example playbook include the following:

    rhc_auth: login
    The key login specifies that you want to register by using the username and password.

  3. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check --ask-vault-pass ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.rhc/README.md file
  • /usr/share/doc/rhel-system-roles/rhc/ directory
  • Ansible Vault

22.2. Registering a system with Satellite by using the rhc RHEL system role

When organizations use Satellite to manage systems, it is necessary to register the system through Satellite. You can remotely register your system with Satellite by using the rhc RHEL system role.

Prerequisites

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create vault.yml
New Vault password: <password>
Confirm New Vault password: <vault_password>

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      activationKey: <activation_key>
organizationID: <organizationID>
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file, for example ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  vars_files:
    - vault.yml
  tasks:
    - name: Register to the custom registration server and CDN
      ansible.builtin.include_role:
        name: rhel-system-roles.rhc
      vars:
        rhc_auth:
          activation_keys:
            keys:
              - "{{ activationKey }}"
        rhc_organization: "{{ organizationID }}"
        rhc_server:
          hostname: example.com
            port: 443
            prefix: /rhsm
        rhc_baseurl: http://example.com/pulp/content

    The settings specified in the example playbook include the following:

    hostname: example.com
    A fully qualified domain name (FQDN) of the Satellite server for system registration and package management.
    port: 443
    Defines the network port used for communication with the Satellite server.
    prefix: /rhsm
    Specifies the URL path prefix for accessing resources on the Satellite server.
    rhc_baseurl: http://example.com/pulp/content
    Defines the prefix for content URLs. In a Satellite environment, the baseurl must be set to the same server where the system is registered. Refer to the hostname value to ensure the correct server is used.

  3. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check --ask-vault-pass ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.rhc/README.md file
  • /usr/share/doc/rhel-system-roles/rhc/ directory
  • Ansible Vault

22.3. Disabling the connection to Insights after the registration by using the rhc RHEL system role

When you register a system by using the rhc RHEL system role, the role by default, enables the connection to Red Hat Insights. Red Hat Insights is a managed service in the Hybrid Cloud Console that uses predictive analytics, remediation capabilities, and deep domain expertise to simplify complex operational tasks. You can disable it by using the rhc RHEL system role, if not required.

Prerequisites

Procedure

  1. Create a playbook file, for example ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  tasks:
    - name: Disable Insights connection
      ansible.builtin.include_role:
        name: rhel-system-roles.rhc
      vars:
        rhc_insights:
          state: absent

    The settings specified in the example playbook include the following:

    rhc_insights absent|present
    Enables or disables system registration with Red Hat Insights for proactive analytics and recommendations.

  2. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook: 

    $ ansible-playbook ~/playbook.yml

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.rhc/README.md file
  • /usr/share/doc/rhel-system-roles/rhc/ directory

22.4. Managing repositories by using the rhc RHEL system role

Enabling repositories on a RHEL system is essential for accessing, installing, and updating software packages from verified sources. You can remotely enable or disable repositories on managed nodes by using rhc RHEL system role to ensure the system security, stability, and compatibility.

Prerequisites

  • You have prepared the control node and the managed nodes.
  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • You have details of the repositories which you want to enable or disable on the managed nodes.
  • You have registered the system.

Procedure

  1. Create a playbook file, for example ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  tasks:
    - name: Enable repository
      ansible.builtin.include_role:
        name: rhel-system-roles.rhc
      vars:
        rhc_repositories:
          - name: "RepositoryName"
            state: enabled

    The settings specified in the example playbook include the following:

    name: RepositoryName
    Name of the repository that should be enabled.
    state: enabled|disabled
    Optional, enables or disables the repository. Default is enabled.

  2. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook: 

    $ ansible-playbook ~/playbook.yml

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.rhc/README.md file
  • /usr/share/doc/rhel-system-roles/rhc/ directory

22.5. Locking the system to a particular release by using the rhc RHEL system role

To ensure system stability and compatibility, it is sometimes necessary to limit the RHEL system to use only repositories from a specific minor version rather than automatically upgrading to the latest available release. Locking the system to a particular minor version helps maintain consistency in production environments, which prevents unintended updates that might introduce compatibility issues.

Prerequisites

  • You have prepared the control node and the managed nodes.
  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • You know the RHEL version to which you want to lock the system. Note that you can only lock the system to the RHEL minor version that the managed node currently runs or a later minor version.
  • You have registered the system.

Procedure

  1. Create a playbook file, for example ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  tasks:
    - name: Lock the system to a particular release
      ansible.builtin.include_role:
        name: rhel-system-roles.rhc
      vars:
        rhc_release: "8.6"

    The settings specified in the example playbook include the following:

    rhc_release: version
    The version of RHEL to set for the system, so the available content will be limited to that version.

  2. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook: 

    $ ansible-playbook ~/playbook.yml

Additional resources

22.6. Using a proxy server when registering the host by using the rhc RHEL system role

If your security restrictions allow access to the Internet only through a proxy server, you can specify the proxy settings of the rhc role when you register the system using rhc.

Prerequisites

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create vault.yml
New Vault password: <password>
Confirm New Vault password: <vault_password>

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      username: <username>
password: <password>
proxy_username: <proxyusernme>
proxy_password: <proxypassword>
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file, for example ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  vars_files:
    - vault.yml
  tasks:
  - name: Register to the Red Hat Customer Portal by using proxy
      ansible.builtin.include_role:
        name: rhel-system-roles.rhc
    vars:
      rhc_auth:
        login:
          username: "{{ username }}"
          password: "{{ password }}"
      rhc_proxy:
        hostname: proxy.example.com
        port: 3128
        username: "{{ proxy_username }}"
        password: "{{ proxy_password }}"

    The settings specified in the example playbook include the following:

    hostname: proxy.example.com
    A fully qualified domain name (FQDN) of the proxy server.
    port: 3128
    Defines the network port used for communication with the proxy server.
    username: proxy_username
    Specifies the username for authentication. This is required only if the proxy server requires authentication.
    password: proxy_password
    Specifies the password for authentication. This is required only if the proxy server requires authentication.

  3. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check --ask-vault-pass ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.rhc/README.md file
  • /usr/share/doc/rhel-system-roles/rhc/ directory
  • Ansible Vault

22.7. Managing auto updates of Insights rules by using the rhc RHEL system role

You can enable or disable the automatic collection rule updates for Red Hat Insights by using the rhc RHEL system role. By default, when you connect your system to Red Hat Insights, this option is enabled. You can disable it by using rhc.

Warning

If you disable this feature, you risk using outdated rule definition files and not getting the most recent validation updates.

Prerequisites

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create vault.yml
New Vault password: <password>
Confirm New Vault password: <vault_password>

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      username: <username>
password: <password>
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file, for example ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  vars_files:
    - vault.yml
  tasks:
    - name: Enable Red Hat Insights autoupdates
      ansible.builtin.include_role:
        name: rhel-system-roles.rhc
      vars:
        rhc_auth:
          login:
            username: "{{ username }}"
            password: "{{ password }}"
        rhc_insights:
          autoupdate: true
          state: present

    The settings specified in the example playbook include the following:

    autoupdate: true|false
    Enables or disables the automatic collection rule updates for Red Hat Insights.

  3. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check --ask-vault-pass ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.rhc/README.md file
  • /usr/share/doc/rhel-system-roles/rhc/ directory
  • Ansible Vault

22.8. Configuring Insights remediations by using the rhc RHEL system role

You can configure your systems to automatically update the dynamic configuration by using the rhc RHEL system role. When you connect your system to Red Hat Insights, it is enabled by default. You can disable it, if not required. You can use rhc to ensure your system is ready for remediation when connected directly to Red Hat. For more information about Red Hat Insights remediations, see Red Hat Insights Remediations Guide.

Prerequisites

  • You have prepared the control node and the managed nodes.
  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • You have Insights remediations enabled.
  • You have registered the system.

Procedure

  1. Create a playbook file, for example ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  tasks:
    - name: Disable remediation
      ansible.builtin.include_role:
        name: rhel-system-roles.rhc
      vars:
        rhc_insights:
          remediation: absent
          state: present

  2. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook: 

    $ ansible-playbook ~/playbook.yml

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.rhc/README.md file
  • /usr/share/doc/rhel-system-roles/rhc/ directory

22.9. Configuring Insights tags by using the rhc RHEL system role

You can use the rhc RHEL system role to configure Red Hat Insights tags for system filtering and grouping. You can also customize tags based on the requirements. Filtering and grouping systems by using Red Hat Insights tags help administrators efficiently manage, monitor, and apply policies to specific sets of systems based on attributes like environment, location, or function. This improves visibility, simplifies automation, and enhances security compliance across large infrastructures.

Prerequisites

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create vault.yml
New Vault password: <password>
Confirm New Vault password: <vault_password>

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      username: <username>
password: <password>
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file, for example ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  vars_files:
    - vault.yml
  tasks:
    - name: Creating tags
      ansible.builtin.include_role:
        name: rhel-system-roles.rhc
      vars:
        rhc_auth:
          login:
            username: "{{ username }}"
            password: "{{ password }}"
        rhc_insights:
          tags:
            group: group-name-value
            location: location-name-value
            description:
              - RHEL8
              - SAP
            sample_key: value
          state: present

    The settings specified in the example playbook include the following:

    group: group-name-value
    Specifies the system group for organizing and managing registered hosts.
    location: location-name-value
    Defines the location associated with the registered system.
    description
    Provides a brief summary or identifier for the registered system.
    state: present|absent

    Indicates the current status of the registered system.

    Note

    The content inside the tags is a YAML structure representing the tags desired by the administrator for the configured systems. The example provided here is for illustrative purposes only and is not exhaustive. Administrators can customize the YAML structure to include any additional keys and values as needed.

  3. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check --ask-vault-pass ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml

Additional resources

22.10. Unregistering a system by using the rhc RHEL system role

You can use the rhc RHEL system role to unregister the system from the Red Hat subscription service if you no longer want to receive content from the registration server on a specific system, for example, system decommissioning, VM deletion, or when switching to a local content mirror.

Prerequisites

Procedure

  1. Create a playbook file, for example ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  tasks:
    - name: Unregister the system
      ansible.builtin.include_role:
        name: rhel-system-roles.rhc
      vars:
        rhc_state: absent

    The settings specified in the example playbook include the following:

    rhc_state: absent
    Specifies the system should be unregistered from the registration server, RHSM, or Satellite.

  2. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check ~/playbook.yml

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook: 

    $ ansible-playbook ~/playbook.yml

Additional resources

  • /usr/share/ansible/roles/rhel-system-roles.rhc/README.md file
  • /usr/share/doc/rhel-system-roles/rhc/ directory
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.