Chapter 9. Managing activation keys
Activation keys provide a method to automate system registration. You can create multiple keys and associate them with different environments and content views. For example, you might create a basic activation key that enables certain Red Hat repositories and associate it with the appropriate content view.
You can use activation keys during content host registration to improve the speed, simplicity and consistency of the process. Note that activation keys are used only when hosts are registered. If changes are made to an activation key, it is applicable only to hosts that are registered with the amended activation key in the future. The changes are not made to existing hosts.
Activation keys can define the following properties for content hosts:
- Available products and repositories
- A lifecycle environment and a content view
- Host collection membership
- System purpose
Content view conflicts between host creation and registration
When you provision a host, Satellite uses provisioning templates and other content from the content view that you set in the host group or host settings. When the host is registered, the content view from the activation key overwrites the original content view from the host group or host settings. Then Satellite uses the content view from the activation key for every future task, for example, rebuilding a host.
When you rebuild a host, ensure that you set the content view that you want to use in the activation key and not in the host group or host settings.
Using multiple activation keys with a content host
A host can be associated with multiple activation keys that are combined to define the host settings. In case of conflicting settings, the last specified activation key takes precedence. You can specify the order of precedence by setting a host group parameter as follows:
$ hammer hostgroup set-parameter \ --hostgroup "My_Host_Group" \ --name "My_Activation_Key" \ --value "name_of_first_key", "name_of_second_key", ...
9.1. Best practices for activation keys
- Create an activation key for each use case. This structures, modularizes, and simplifies content management on hosts.
-
Use a naming convention for activation keys to indicate the content and lifecycle environment, for example,
red-hat-enterprise-linux-webserver. - Automate activation key management by using a Hammer script or an Ansible Playbook.
9.2. Creating an activation key
Create an activation key to assign various attributes to hosts during registration.
To use the CLI instead of the Satellite web UI, see the CLI procedure.
Procedure
- In the Satellite web UI, navigate to Content > Lifecycle > Activation Keys and click Create Activation Key.
- In the Name field, enter the name of the activation key.
- If you want to set a limit, clear the Unlimited hosts checkbox, and in the Limit field, enter the maximum number of systems you can register with the activation key. If you want unlimited hosts to register with the activation key, ensure the Unlimited Hosts checkbox is selected.
- Optional: In the Description field, enter a description for the activation key.
- From the Environment list, select the environment to use.
- From the Content View list, select a content view to use.
- In the Repository Sets tab, override repositories to Enabled or Disabled as desired. For more information, see Section 9.5, “Enabling and disabling repositories on activation key”.
- Click Save.
- Optional: In the System Purpose section, you can configure the activation key to set system purpose attributes on hosts during registration. This helps determine which repositories are available on the host. It also helps with reporting in the Subscriptions service of the Red Hat Hybrid Cloud Console.
CLI procedure
Create the activation key:
# hammer activation-key create \ --name "My_Activation_Key" \ --unlimited-hosts \ --description "Example Stack in the Development Environment" \ --lifecycle-environment "Development" \ --content-view "Stack" \ --organization "My_Organization"
Optional: Enter the following command to configure the activation key with system purpose attributes to set on hosts during registration. This helps determine which repositories are available on the host. It also helps with reporting in the Subscriptions service of the Red Hat Hybrid Cloud Console.
# hammer activation-key update \ --organization "My_Organization" \ --name "My_Activation_Key" \ --service-level "Standard" \ --purpose-usage "Development/Test" \ --purpose-role "Red Hat Enterprise Linux Server" \ --purpose-addons "addons"
List the product content associated with the activation key:
# hammer activation-key product-content \ --content-access-mode-all true \ --name "My_Activation_Key" \ --organization "My_Organization"
Override the default auto-enable status for the Red Hat Satellite Client 6 repository. The default status is set to disabled. To enable, enter the following command:
# hammer activation-key content-override \ --name "My_Activation_Key" \ --content-label rhel-7-server-satellite-client-6-rpms \ --value 1 \ --organization "My_Organization"
9.3. Using activation keys for host registration
You can use activation keys to complete the following tasks:
- Registering new hosts during provisioning through Red Hat Satellite. The Kickstart provisioning templates in Red Hat Satellite contain commands to register the host using an activation key that is defined when creating a host.
- Registering existing Red Hat Enterprise Linux hosts.
You can register hosts with Satellite using the host registration feature in the Satellite web UI, Hammer CLI, or the Satellite API. For more information, see Registering hosts and setting up host integration in Managing hosts.
Procedure
- In the Satellite web UI, navigate to Hosts > Register Host.
- From the Activation Keys list, select the activation keys to assign to your host.
- Click Generate to create the registration command.
- Click on the files icon to copy the command to your clipboard.
- Connect to your host using SSH and run the registration command.
-
Check the
/etc/yum.repos.d/redhat.repofile and ensure that the appropriate repositories have been enabled.
CLI procedure
Generate the host registration command using the Hammer CLI:
# hammer host-registration generate-command \ --activation-keys "My_Activation_Key"If your hosts do not trust the SSL certificate of Satellite Server, you can disable SSL validation by adding the
--insecureflag to the registration command.# hammer host-registration generate-command \ --activation-keys "My_Activation_Key" \ --insecure true- Connect to your host using SSH and run the registration command.
-
Check the
/etc/yum.repos.d/redhat.repofile and ensure that the appropriate repositories have been enabled.
API procedure
Generate the host registration command using the Satellite API:
# curl -X POST https://satellite.example.com/api/registration_commands \ --user "My_User_Name" \ -H 'Content-Type: application/json' \ -d '{ "registration_command": { "activation_keys": ["My_Activation_Key_1, My_Activation_Key_2"] }}'
If your hosts do not trust the SSL certificate of Satellite Server, you can disable SSL validation by adding the
--insecureflag to the registration command.# curl -X POST https://satellite.example.com/api/registration_commands \ --user "My_User_Name" \ -H 'Content-Type: application/json' \ -d '{ "registration_command": { "activation_keys": ["My_Activation_Key_1, My_Activation_Key_2"], "insecure": true }}'
Use an activation key to simplify specifying the environments. For more information, see Managing Activation Keys in Managing content.
To enter a password as a command line argument, use
username:passwordsyntax. Keep in mind this can save the password in the shell history. Alternatively, you can use a temporary personal access token instead of a password. To generate a token in the Satellite web UI, navigate to My Account > Personal Access Tokens.- Connect to your host using SSH and run the registration command.
-
Check the
/etc/yum.repos.d/redhat.repofile and ensure that the appropriate repositories have been enabled.
Multiple activation keys
You can use multiple activation keys when registering a content host. For example, you can use one activation key to enable specific repositories and another to assign a content view and lifecycle environment.
Settings conflicts
If there are conflicting settings in activation keys, the rightmost key takes precedence.
- Settings that conflict: Service Level, Release Version, Environment, Content View, and Product Content.
- Settings that do not conflict and the host gets the union of them: Host Collections.
- Settings that influence the behavior of the key itself and not the host configuration: Content Host Limit.
9.4. Setting the service level
You can configure an activation key to define a default service level for the new host created with the activation key.
Procedure
- In the Satellite web UI, navigate to Content > Lifecycle > Activation Keys.
- Click the activation key name you want to edit.
- Click the edit icon next to Service Level.
- Select the required service level from the list. The list only contains service levels available to the activation key.
- Click Save.
CLI procedure
Set the service level to Premium on your activation key:
# hammer activation-key update \ --name "My_Activation_Key" \ --organization "My_Organization" \ --service-level premium
9.5. Enabling and disabling repositories on activation key
You can enable or disable repositories on an activation key in the Satellite web UI.
Procedure
- In the Satellite web UI, navigate to Content > Lifecycle > Activation Keys.
- Select an activation key.
- Select the Repository Sets tab.
- Optional: Clear the Limit to Environment checkbox to view repositories that are available in the lifecycle environment of the activation key.
- Optional: Use the Repository type dropdown menu to filter repositories by type.
- Optional: Use the Status dropdown menu to filter repositories by status.
- Select the desired repositories or click the Select All checkbox to select all repositories.
- From the Select Action list, select Override to Enabled, Override to Disabled, or Reset to Default.
