Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 10. Managing activation keys

Activation keys provide a method to automate system registration. You can create multiple keys and associate them with different environments and content views. For example, you might create a basic activation key that enables certain Red Hat repositories and associate it with the appropriate content view.

You can use activation keys during content host registration to improve the speed, simplicity and consistency of the process. Note that activation keys are used only when hosts are registered. If changes are made to an activation key, it is applicable only to hosts that are registered with the amended activation key in the future. The changes are not made to existing hosts.

Activation keys can define the following properties for content hosts:

  • Available products and repositories
  • Content view environments
  • Host collection membership
  • System purpose

Content view conflicts between host creation and registration

When you provision a host, Satellite uses provisioning templates and other content from the content view that you set in the host group or host settings. When the host is registered, the content view environments from the activation key overwrite the original content view from the host group or host settings. Then Satellite uses the content view environments from the activation key for every future task, for example, rebuilding a host.

When you rebuild a host, ensure that you set the content view that you want to use in the activation key and not in the host group or host settings.

Using multiple activation keys with a content host

A host can be associated with multiple activation keys that are combined to define the host settings. In case of conflicting settings, the last specified activation key takes precedence. You can specify the order of precedence by setting a host group parameter as follows: 

$ hammer hostgroup set-parameter \
--hostgroup "My_Host_Group" \
--name "My_Activation_Key" \
--value "name_of_first_key", "name_of_second_key", ...
Copy to Clipboard Toggle word wrap

10.1. Best practices for activation keys
Copy link

  • Create an activation key for each use case. This structures, modularizes, and simplifies content management on hosts.
  • Use a naming convention for activation keys to indicate the content and lifecycle environment, for example, red-hat-enterprise-linux-webserver.
  • Automate activation key management by using a Hammer script or an Ansible Playbook.

10.2. Creating an activation key
Copy link

Create an activation key to assign various attributes to hosts during registration.

To use the CLI instead of the Satellite web UI, see the CLI procedure.

Procedure

  1. In the Satellite web UI, navigate to Content > Lifecycle > Activation Keys and click Create Activation Key.
  2. In the Name field, enter the name of the activation key.
  3. If you want to set a limit, clear the Unlimited hosts checkbox, and in the Limit field, enter the maximum number of systems you can register with the activation key. If you want unlimited hosts to register with the activation key, ensure the Unlimited Hosts checkbox is selected.
  4. Optional: In the Description field, enter a description for the activation key.
  5. From the Environment list, select the environment to use.
  6. From the Content View list, select a content view to use.
  7. In the Repository Sets tab, override repositories to Enabled or Disabled as desired. For more information, see Section 10.5, “Enabling and disabling repositories on activation key”.
  8. Click Save.
  9. Optional: In the System Purpose section, you can configure the activation key to set system purpose attributes on hosts during registration. This helps determine which repositories are available on the host. It also helps with reporting in the Subscriptions service of the Red Hat Hybrid Cloud Console.

CLI procedure

  1. Create the activation key: 

    $ hammer activation-key create \
--name "My_Activation_Key" \
--unlimited-hosts \
--description "Example Stack in the Development Environment" \
--content-view-environments "Development/Stack" \
--organization "My_Organization"
    Copy to Clipboard Toggle word wrap

  2. Optional: Enter the following command to configure the activation key with system purpose attributes to set on hosts during registration. This helps determine which repositories are available on the host. It also helps with reporting in the Subscriptions service of the Red Hat Hybrid Cloud Console. 

    $ hammer activation-key update \
--organization "My_Organization" \
--name "My_Activation_Key" \
--service-level "Standard" \
--purpose-usage "Development/Test" \
--purpose-role "Red Hat Enterprise Linux Server"
    Copy to Clipboard Toggle word wrap

  3. List the product content associated with the activation key: 

    $ hammer activation-key product-content \
--content-access-mode-all true \
--name "My_Activation_Key" \
--organization "My_Organization"
    Copy to Clipboard Toggle word wrap

  4. Override the default auto-enable status for the Red Hat Satellite Client 6 repository. The default status is set to disabled. To enable, enter the following command: 

    $ hammer activation-key content-override \
--name "My_Activation_Key" \
--content-label rhel-7-server-satellite-client-6-rpms \
--value 1 \
--organization "My_Organization"
    Copy to Clipboard Toggle word wrap

10.3. Using activation keys for host registration
Copy link

You can use activation keys to complete the following tasks:

  • Registering new hosts during provisioning through Red Hat Satellite. The Kickstart provisioning templates in Red Hat Satellite contain commands to register the host using an activation key that is defined when creating a host.
  • Registering existing Red Hat Enterprise Linux hosts.

You can register hosts with Satellite using the host registration feature in the Satellite web UI, Hammer CLI, or the Satellite API. For more information, see Registering hosts and setting up host integration in Managing hosts.

Procedure

  1. In the Satellite web UI, navigate to Hosts > Register Host.
  2. From the Activation Keys list, select the activation keys to assign to your host.
  3. Click Generate to create the registration command.
  4. Click on the files icon to copy the command to your clipboard.
  5. Connect to your host using SSH and run the registration command.
  6. Check the /etc/yum.repos.d/redhat.repo file and ensure that the appropriate repositories have been enabled.

CLI procedure

  1. Generate the host registration command using the Hammer CLI: 

    $ hammer host-registration generate-command \
--activation-keys "My_Activation_Key"
    Copy to Clipboard Toggle word wrap

    If your hosts do not trust the SSL certificate of Satellite Server, you can disable SSL validation by adding the --insecure flag to the registration command. 

    $ hammer host-registration generate-command \
--activation-keys "My_Activation_Key" \
--insecure true
    Copy to Clipboard Toggle word wrap
  2. Connect to your host using SSH and run the registration command.
  3. Check the /etc/yum.repos.d/redhat.repo file and ensure that the appropriate repositories have been enabled.

API procedure

  1. Generate the host registration command using the Satellite API: 

    # curl -X POST https://satellite.example.com/api/registration_commands \
--user "My_User_Name" \
-H 'Content-Type: application/json' \
-d '{ "registration_command": { "activation_keys": ["My_Activation_Key_1, My_Activation_Key_2"] }}'
    Copy to Clipboard Toggle word wrap

    If your hosts do not trust the SSL certificate of Satellite Server, you can disable SSL validation by adding the --insecure flag to the registration command. 

    # curl -X POST https://satellite.example.com/api/registration_commands \
--user "My_User_Name" \
-H 'Content-Type: application/json' \
-d '{ "registration_command": { "activation_keys": ["My_Activation_Key_1, My_Activation_Key_2"], "insecure": true }}'
    Copy to Clipboard Toggle word wrap

    Use an activation key to simplify specifying the environments. For more information, see Managing Activation Keys in Managing content.

    To enter a password as a command line argument, use username:password syntax. Keep in mind this can save the password in the shell history. Alternatively, you can use a temporary personal access token instead of a password. To generate a token in the Satellite web UI, navigate to My Account > Personal Access Tokens.

  2. Connect to your host using SSH and run the registration command.
  3. Check the /etc/yum.repos.d/redhat.repo file and ensure that the appropriate repositories have been enabled.

Multiple activation keys

You can use multiple activation keys when registering a content host. For example, you can use one activation key to enable specific repositories and another to assign content view environments.

Settings conflicts

If there are conflicting settings in activation keys, the rightmost key takes precedence.

  • Settings that conflict: Service Level, Release Version, Environment, Content View, and Product Content.
  • Settings that do not conflict and the host gets the union of them: Host Collections.
  • Settings that influence the behavior of the key itself and not the host configuration: Content Host Limit.

10.4. Setting the service level
Copy link

You can configure an activation key to define a default service level for the new host created with the activation key.

Procedure

  1. In the Satellite web UI, navigate to Content > Lifecycle > Activation Keys.
  2. Click the activation key name you want to edit.
  3. Click the edit icon next to Service Level.
  4. Select the required service level from the list. The list only contains service levels available to the activation key.
  5. Click Save.

CLI procedure

  • Set the service level to Premium on your activation key: 

    $ hammer activation-key update \
--name "My_Activation_Key" \
--organization "My_Organization" \
--service-level premium
    Copy to Clipboard Toggle word wrap

You can enable or disable repositories on an activation key in the Satellite web UI.

Procedure

  1. In the Satellite web UI, navigate to Content > Lifecycle > Activation Keys.
  2. Select an activation key.
  3. Select the Repository Sets tab.
  4. Optional: Clear the Limit to Environment checkbox to view repositories that are available in the lifecycle environment of the activation key.
  5. Optional: Use the Repository type dropdown menu to filter repositories by type.
  6. Optional: Use the Status dropdown menu to filter repositories by status.
  7. Select the desired repositories or click the Select All checkbox to select all repositories.
  8. From the Select Action list, select Override to Enabled, Override to Disabled, or Reset to Default.

Registering a host with multiple activation keys assigns different attributes from each key, and their combined settings determine the configuration of the host. Note that multiple activation keys and multiple content view environments are not the same. Activation keys assign specific attributes to hosts during registration. For instance, one activation key assigns system purpose attributes, another assigns repository set content overrides, and a third assigns the content view environments for the host. When you register a host with these three activation keys, it inherits the system purpose attributes, content overrides, and content view environments from all the keys combined.

When multiple activation keys assign the same attributes, Satellite decides how to resolve conflicts. In general, the host receives the union of non-conflicting settings and the setting from the last activation key for conflicting settings.

Conflicting settings, where the setting from the last activation key wins, include:

  • System purpose attributes
  • Release version

Non-conflicting settings, where the host receives the union of them, include:

  • Host collections

Behavior according to the Allow multiple content views setting

Activation key behavior regarding multiple content view environments depends on the Allow multiple content views setting. If you enable Allow multiple content views, content view environments are treated as non-conflicting. If you disable Allow multiple content views, content view environments are considered conflicting.

When you enable Allow multiple content views and register a host with multiple activation keys, the host receives all content view environments from each activation key, in the order they are passed.

Example 10.1. Example with Allow multiple content views enabled

Assuming that:

  • Activation key ak_multi assigns content view environments dev/cv2, dev/cv3.
  • Activation key ak4 assigns content view environments dev/cv4.

A host registered with activation keys ak_multi and ak4 receives content view environments dev/cv2, dev/cv3, and dev/cv4.

If the order is reversed, with ak4 followed by ak_multi, the host receives content view environments dev/cv4, dev/cv2, and dev/cv3.

When you disable Allow multiple content views and register a host with multiple activation keys, the host receives the content view environments from the last activation key with any content view environments. If any of the activation keys is a multi-environment activation key, registration fails with an error, regardless of the order.

Example 10.2. Example with Allow multiple content views disabled

Assuming that:

  • Activation key ak_multi assigns content view environments dev/cv2, dev/cv3.
  • Activation key ak4 assigns content view environment dev/cv4.
  • Activation key ak5 assigns content view environment dev/cv5.
  • Activation key ak_none assigns no content view environments.

If you attempt to register a host with activation keys ak_multi, ak4, registration fails because ak_multi is a multi-environment activation key.

If you register a host with activation keys ak4, ak5, the host receives dev/cv5, as ak5 is the last activation key with content view environments.

If you register a host with activation keys ak4, ak5, ak_none, the host receives dev/cv5 because ak5 is the last activation key with content view environments.

If you register a host with activation keys ak5, ak4, the host receives dev/cv4, as ak4 is the last activation key with content view environments.

You can assign multiple content view environments to an activation key to provide hosts with access to content from each assigned environment. Hosts registered with the activation key receive the environments in the order they are stored. For more information, see Section 8.3, “Content view environment ordering and priority”.

Note

You cannot reassign a multi-environment activation key’s content view environments using the Satellite web UI. To change content view environments, update the activation key with Hammer CLI.

Prerequisites

  • The Allow multiple content views setting must be enabled. For more information on content settings, see Content settings in Administering Red Hat Satellite.

CLI procedure

  1. Display the available content view environments to obtain their labels or IDs: 

    $ hammer content-view-environment list
    Copy to Clipboard Toggle word wrap

  2. Assign content view environments to an activation key:

    • By using their labels: 

      $ hammer activation-key update \
--id My_Activation_Key_ID \
--organization-id My_Organization_ID \
--content-view-environments "My_env1/My_cv1,My_env2/My_cv2"
      Copy to Clipboard Toggle word wrap

    • By using their IDs: 

      $ hammer activation-key update \
--id My_Activation_Key_ID \
--organization-id My_Organization_ID \
--content-view-environment-ids [My_content_view_env_ID_1, My_content_view_env_ID_2]
      Copy to Clipboard Toggle word wrap

You can remove all content view environments from an activation key by doing either of the following:

CLI procedure

  • Remove all content view environments from the activation key by passing an empty array: 

    $ hammer activation-key update \
--content-view-environment-ids [] \
--name My_Activation_Key \
--organization-id My_Organization_ID
    Copy to Clipboard Toggle word wrap

  • Remove all content view environments from an activation key by passing an empty string: 

    $ hammer activation-key update \
--content-view-environments "" \
--name My_Activation_Key \
--organization-id My_Organization_ID
    Copy to Clipboard Toggle word wrap
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat