Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 22. Registering the system by using RHEL system roles

The rhc RHEL system role enables administrators to automate the registration of multiple systems with Red Hat Subscription Management (RHSM) and Satellite servers. The role also supports Red Hat Lightspeed-related configuration and management tasks by using Ansible.

By default, when you register a system by using rhc, the system is connected to Red Hat Lightspeed. Additionally, with rhc, you can:

  • Configure connections to Red Hat Lightspeed
  • Enable and disable repositories
  • Configure the proxy to use for the connection
  • Configure Red Hat Lightspeed remediations and, auto updates
  • Set the release of the system
  • Configure Red Hat Lightspeed tags

You can register multiple systems at scale with Red Hat subscription management (RHSM) by using the rhc RHEL system role. By default, rhc connects the system to Red Hat Lightspeed when you register it.

Prerequisites

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create ~/vault.yml
New Vault password: <password>
Confirm New Vault password: <vault_password>
      Copy to Clipboard Toggle word wrap

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      activationKey: <activation_key>
organizationID: <organizationID>
username: <username>
password: <password>
      Copy to Clipboard Toggle word wrap
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file, for example, ~/playbook.yml, with the following content:

    • To register by using an activation key and organization ID (recommended), use the following playbook: 

      ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  vars_files:
    - ~/vault.yml
  tasks:
    - name: Registering system using activation key and organization ID
      ansible.builtin.include_role:
        name: redhat.rhel_system_roles.rhc
      vars:
        rhc_auth:
          activation_keys:
            keys:
              - "{{ activationKey }}"
        rhc_organization: "{{ organizationID }}"
      Copy to Clipboard Toggle word wrap

      The settings specified in the example playbook include the following:

      rhc_auth: activation_keys
      The key activation_keys specifies that you want to register by using the activation keys.

    • To register by using a username and password, use the following playbook: 

      ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  vars_files:
    - ~/vault.yml
  tasks:
    - name: Registering system with username and password
      ansible.builtin.include_role:
        name: redhat.rhel_system_roles.rhc
      vars:
        rhc_auth:
          login:
            username: "{{ username }}"
            password: "{{ password }}"
      Copy to Clipboard Toggle word wrap

    The settings specified in the example playbook include the following:

    rhc_auth: login
    The key login specifies that you want to register by using the username and password.

  3. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check --ask-vault-pass ~/playbook.yml
    Copy to Clipboard Toggle word wrap

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml
    Copy to Clipboard Toggle word wrap

When you register a system by using the rhc RHEL system role, the role, by default, enables the connection to Red Hat Lightspeed. You can disable Red Hat Lightspeed by using the rhc RHEL system role, if not required.

Red Hat Lightspeed is a managed service in the Hybrid Cloud Console that uses predictive analytics, remediation capabilities, and deep domain expertise to simplify complex operational tasks.

Prerequisites

Procedure

  1. Create a playbook file, for example, ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  tasks:
    - name: Disable Insights connection
      ansible.builtin.include_role:
        name: redhat.rhel_system_roles.rhc
      vars:
        rhc_insights:
          state: absent
    Copy to Clipboard Toggle word wrap

    The settings specified in the example playbook include the following:

    rhc_insights absent|present
    Enables or disables system registration with Red Hat Lightspeed for proactive analytics and recommendations.

  2. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check ~/playbook.yml
    Copy to Clipboard Toggle word wrap

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook: 

    $ ansible-playbook ~/playbook.yml
    Copy to Clipboard Toggle word wrap

Enabling repositories on a RHEL system is essential for accessing, installing, and updating software packages from verified sources. You can remotely enable or disable repositories on managed nodes by using rhc RHEL system role to ensure the system security, stability, and compatibility.

Prerequisites

Procedure

  1. Create a playbook file, for example, ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  tasks:
    - name: Enable repository
      ansible.builtin.include_role:
        name: redhat.rhel_system_roles.rhc
      vars:
        rhc_repositories:
          - name: "RepositoryName"
            state: enabled
    Copy to Clipboard Toggle word wrap

    The settings specified in the example playbook include the following:

    name: RepositoryName
    Name of the repository that should be enabled.
    state: enabled|disabled
    Optional, enables or disables the repository. Default is enabled.

  2. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check ~/playbook.yml
    Copy to Clipboard Toggle word wrap

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook: 

    $ ansible-playbook ~/playbook.yml
    Copy to Clipboard Toggle word wrap

You can lock your system to a specific RHEL release to maintain stability and prevent unintended updates in production environments.

To ensure system stability and compatibility, it is sometimes necessary to limit the RHEL system to use only repositories from a specific minor version rather than automatically upgrading to the latest available release. Locking the system to a particular minor version helps maintain consistency in production environments, which prevents unintended updates that might introduce compatibility issues.

Prerequisites

  • You have prepared the control node and the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions for these nodes.
  • You know the RHEL version to which you want to lock the system. Note that you can only lock the system to the RHEL minor version that the managed node currently runs or a later minor version.
  • You have registered the system.

Procedure

  1. Create a playbook file, for example, ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  tasks:
    - name: Lock the system to a particular release
      ansible.builtin.include_role:
        name: redhat.rhel_system_roles.rhc
      vars:
        rhc_release: "8.6"
    Copy to Clipboard Toggle word wrap

    The settings specified in the example playbook include the following:

    rhc_release: version
    The version of RHEL to set for the system, so the available content will be limited to that version.

  2. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check ~/playbook.yml
    Copy to Clipboard Toggle word wrap

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook: 

    $ ansible-playbook ~/playbook.yml
    Copy to Clipboard Toggle word wrap

If your security restrictions allow access to the Internet only through a proxy server, you can specify the proxy settings of the rhc role when you register the system using rhc.

Prerequisites

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create ~/vault.yml
New Vault password: <password>
Confirm New Vault password: <vault_password>
      Copy to Clipboard Toggle word wrap

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      username: <username>
password: <password>
proxy_username: <proxyusernme>
proxy_password: <proxypassword>
      Copy to Clipboard Toggle word wrap
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file, for example, ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  vars_files:
    - ~/vault.yml
  tasks:
  - name: Register to the Red Hat Customer Portal by using proxy
    ansible.builtin.include_role:
       name: redhat.rhel_system_roles.rhc
    vars:
      rhc_auth:
        login:
          username: "{{ username }}"
          password: "{{ password }}"
      rhc_proxy:
        hostname: proxy.example.com
        port: 3128
        username: "{{ proxy_username }}"
        password: "{{ proxy_password }}"
    Copy to Clipboard Toggle word wrap

    The settings specified in the example playbook include the following:

    hostname: proxy.example.com
    A fully qualified domain name (FQDN) of the proxy server.
    port: 3128
    Defines the network port used for communication with the proxy server.
    username: proxy_username
    Specifies the username for authentication. This is required only if the proxy server requires authentication.
    password: proxy_password
    Specifies the password for authentication. This is required only if the proxy server requires authentication.

  3. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check --ask-vault-pass ~/playbook.yml
    Copy to Clipboard Toggle word wrap

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml
    Copy to Clipboard Toggle word wrap

You can enable or disable the automatic collection rule updates for Red Hat Lightspeed by using the rhc RHEL system role. By default, when you connect your system to Red Hat Lightspeed, this option is enabled. You can disable it by using rhc.

Warning

If you disable this feature, you risk using outdated rule definition files and not getting the most recent validation updates.

Prerequisites

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create ~/vault.yml
New Vault password: <password>
Confirm New Vault password: <vault_password>
      Copy to Clipboard Toggle word wrap

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      username: <username>
password: <password>
      Copy to Clipboard Toggle word wrap
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file, for example, ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  vars_files:
    - ~/vault.yml
  tasks:
    - name: Enable Red Hat Lightspeed autoupdates
      ansible.builtin.include_role:
        name: redhat.rhel_system_roles.rhc
      vars:
        rhc_auth:
          login:
            username: "{{ username }}"
            password: "{{ password }}"
        rhc_insights:
          autoupdate: true
          state: present
    Copy to Clipboard Toggle word wrap

    The settings specified in the example playbook include the following:

    autoupdate: true|false
    Enables or disables the automatic collection rule updates for Red Hat Lightspeed.

  3. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check --ask-vault-pass ~/playbook.yml
    Copy to Clipboard Toggle word wrap

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml
    Copy to Clipboard Toggle word wrap

You can use the rhc RHEL system role to configure Red Hat Lightspeed remediations on your systems. When you connect your system to Red Hat Lightspeed, it is enabled by default.

You can use the rhc role to ensure your system is ready for remediation when connected directly to Red Hat. For more information about Red Hat Insights remediations, see Red Hat Lightspeed Remediations Guide.

Prerequisites

Procedure

  1. Create a playbook file, for example, ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  tasks:
    - name: Disable remediation
      ansible.builtin.include_role:
        name: redhat.rhel_system_roles.rhc
      vars:
        rhc_insights:
          remediation: absent
          state: present
    Copy to Clipboard Toggle word wrap

  2. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check ~/playbook.yml
    Copy to Clipboard Toggle word wrap

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook: 

    $ ansible-playbook ~/playbook.yml
    Copy to Clipboard Toggle word wrap

You can use the rhc RHEL system role to configure Red Hat Lightspeed tags. With these tags you can efficiently filter and group systems based on attributes, such as their location. This simplifies automation and enhances security compliance across large infrastructures.

Prerequisites

Procedure

  1. Store your sensitive variables in an encrypted file:

    1. Create the vault: 

      $ ansible-vault create ~/vault.yml
New Vault password: <password>
Confirm New Vault password: <vault_password>
      Copy to Clipboard Toggle word wrap

    2. After the ansible-vault create command opens an editor, enter the sensitive data in the <key>: <value> format: 

      username: <username>
password: <password>
      Copy to Clipboard Toggle word wrap
    3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

  2. Create a playbook file, for example, ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  vars_files:
    - ~/vault.yml
  tasks:
    - name: Creating tags
      ansible.builtin.include_role:
        name: redhat.rhel_system_roles.rhc
      vars:
        rhc_auth:
          login:
            username: "{{ username }}"
            password: "{{ password }}"
        rhc_insights:
          tags:
            group: group-name-value
            location: location-name-value
            description:
              - RHEL8
              - SAP
            sample_key: value
          state: present
    Copy to Clipboard Toggle word wrap

    The settings specified in the example playbook include the following:

    group: group-name-value
    Specifies the system group for organizing and managing registered hosts.
    location: location-name-value
    Defines the location associated with the registered system.
    description
    Provides a brief summary or identifier for the registered system.
    state: present|absent

    Indicates the current status of the registered system.

    Note

    The content inside the tags is a YAML structure representing the tags desired by the administrator for the configured systems. The example provided here is for illustrative purposes only and is not exhaustive. Administrators can customize the YAML structure to include any additional keys and values as needed.

  3. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check --ask-vault-pass ~/playbook.yml
    Copy to Clipboard Toggle word wrap

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  4. Run the playbook: 

    $ ansible-playbook --ask-vault-pass ~/playbook.yml
    Copy to Clipboard Toggle word wrap

You can use the rhc RHEL system role to unregister the system from the Red Hat subscription service if you no longer want to receive content from the registration server on a specific system, for example, system decommissioning, VM deletion, or when switching to a local content mirror.

Prerequisites

Procedure

  1. Create a playbook file, for example, ~/playbook.yml, with the following content: 

    ---
- name: Managing systems with the rhc RHEL system role
  hosts: managed-node-01.example.com
  tasks:
    - name: Unregister the system
      ansible.builtin.include_role:
        name: redhat.rhel_system_roles.rhc
      vars:
        rhc_state: absent
    Copy to Clipboard Toggle word wrap

    The settings specified in the example playbook include the following:

    rhc_state: absent
    Specifies the system should be unregistered from the registration server, RHSM, or Satellite.

  2. Validate the playbook syntax: 

    $ ansible-playbook --syntax-check ~/playbook.yml
    Copy to Clipboard Toggle word wrap

    Note that this command only validates the syntax and does not protect against a wrong but valid configuration.

  3. Run the playbook: 

    $ ansible-playbook ~/playbook.yml
    Copy to Clipboard Toggle word wrap
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top