Red Hat Summit Red Hat SummitSuporteConsoleDesenvolvedoresComeçar um testeContato

Este conteúdo não está disponível no idioma selecionado.

Chapter 7. Using the rhc System Role to register the system

The rhc RHEL System Role enables administrators to automate the registration of multiple systems with Red Hat Subscription Management (RHSM) and Satellite servers. The role also supports Insights-related configuration and management tasks by using Ansible.

7.1. Introduction to the rhc System Role
Copiar o link

RHEL System Role is a set of roles that provides a consistent configuration interface to remotely manage multiple systems. The remote host configuration (rhc) System Role enables administrators to easily register RHEL systems to Red Hat Subscription Management (RHSM) and Satellite servers. By default, when you register a system by using the rhc System Role, the system is connected to Insights. Additionally, with the rhc System Role, you can:

  • Configure connections to Red Hat Insights
  • Enable and disable repositories
  • Configure the proxy to use for the connection
  • Configure insights remediations and, auto updates
  • Set the release of the system
  • Configure insights tags

7.2. Registering a system by using the rhc System Role
Copiar o link

You can register your system to Red Hat by using the rhc RHEL System Role. By default, the rhc RHEL System Role connects the system to Red Hat Insights when you register it.

Prerequisites

  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The managed nodes or groups of managed nodes on which you want to run this playbook are listed in the Ansible inventory file.

Procedure

  1. Create a vault to save the sensitive information: 

    $ ansible-vault create secrets.yml
New Vault password: password
Confirm New Vault password: password
    Copy to Clipboard Toggle word wrap

  2. The ansible-vault create command creates an encrypted vault file and opens it in an editor. Enter the sensitive data you want to save in the vault, for example: 

    activationKey: activation_key
username: username
password: password
    Copy to Clipboard Toggle word wrap

  3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

    You can later edit the data in the vault by using the ansible-vault edit secrets.yml command.

  4. Optional: Display the vault content: 

    $ ansible-vault view secrets.yml
    Copy to Clipboard Toggle word wrap

  5. Create a playbook file, for example ~/registration.yml, and use one of the following options depending on the action you want to perform:

    1. To register by using an activation key and organization ID (recommended), use the following playbook: 

      ---
- name: Registering system using activation key and organization ID
  hosts: managed-node-01.example.com
  vars_files:
    - secrets.yml
  vars:
    rhc_auth:
      activation_keys:
        keys:
          -  "{{ activationKey }}"
     rhc_organization: organizationID
  roles:
    - role: rhel-system-roles.rhc
      Copy to Clipboard Toggle word wrap

    2. To register by using a username and password, use the following playbook: 

      ---
- name: Registering system with username and password
  hosts:  managed-node-01.example.com
  vars_files:
    - secrets.yml
  vars:
    rhc_auth:
      login:
        username: "{{ username }}"
        password: "{{ password }}"
  roles:
    - role: rhel-system-roles.rhc
      Copy to Clipboard Toggle word wrap

  6. Run the playbook: 

    # ansible-playbook ~/registration.yml --ask-vault-pass
    Copy to Clipboard Toggle word wrap

7.3. Registering a system with Satellite by using the rhc System Role
Copiar o link

When organizations use Satellite to manage systems, it is necessary to register the system through Satellite. You can remotely register your system with Satellite by using the rhc RHEL System Role.

Prerequisites

  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The managed nodes or groups of managed nodes on which you want to run this playbook are listed in the Ansible inventory file.

Procedure

  1. Create a vault to save the sensitive information: 

    $ ansible-vault create secrets.yml
New Vault password: password
Confirm New Vault password: password
    Copy to Clipboard Toggle word wrap

  2. The ansible-vault create command creates an encrypted file and opens it in an editor. Enter the sensitive data you want to save in the vault, for example: 

    activationKey: activation_key
    Copy to Clipboard Toggle word wrap

  3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

    You can later edit the data in the vault by using the ansible-vault edit secrets.yml command.

  4. Optional: Display the vault content: 

    $ ansible-vault view secrets.yml
    Copy to Clipboard Toggle word wrap
  5. Create a playbook file, for example ~/registration-sat.yml.

  6. Use the following text in ~/registration-sat.yml to register the system by using an activation key and organization ID: 

    ---
- name: Register to the custom registration server and CDN
  hosts: managed-node-01.example.com
  vars_files:
    - secrets.yml
  vars:
    rhc_auth:
      login:
        activation_keys:
          keys:
            - "{{ activationKey }}"
        rhc_organization: organizationID
    rhc_server:
      hostname: example.com
        port: 443
        prefix: /rhsm
    rhc_baseurl: http://example.com/pulp/content
   roles:
     - role: rhel-system-roles.rhc
    Copy to Clipboard Toggle word wrap

  7. Run the playbook: 

    # ansible-playbook ~/registration-sat.yml --ask-vault-pass
    Copy to Clipboard Toggle word wrap

When you register a system by using the rhc RHEL System Role, the role by default, enables the connection to Red Hat Insights. You can disable it by using the rhc System Role, if not required.

Prerequisites

  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The managed nodes or groups of managed nodes on which you want to run this playbook are listed in the Ansible inventory file.
  • The system is already registered.

Procedure

  1. Create a playbook file, for example ~/dis-insights.yml and add the following content in it: 

    ---
- name: Disable Insights connection
  hosts: managed-node-01.example.com
  vars:
    rhc_insights:
      state: absent
  roles:
    - role: rhel-system-roles.rhc
    Copy to Clipboard Toggle word wrap

  2. Run the playbook: 

    # ansible-playbook ~/dis-insights.yml
    Copy to Clipboard Toggle word wrap

7.5. Enabling repositories by using the rhc System Role
Copiar o link

You can remotely enable or disable repositories on managed nodes by using the rhc RHEL System Role.

Prerequisites

  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The managed nodes or groups of managed nodes on which you want to run this playbook are listed in the Ansible inventory file.
  • You have details of the repositories which you want to enable or disable on the managed nodes.
  • You have registered the system.

Procedure

  1. Create a playbook file, for example ~/configure-repos.yml:

    1. To enable a repository: 

      ---
- name: Enable repository
  hosts: managed-node-01.example.com
  vars:
    rhc_repositories:
      - {name: "RepositoryName", state: enabled}
   roles:
     - role: rhel-system-roles.rhc
      Copy to Clipboard Toggle word wrap

    2. To disable a repository: 

      ---
- name: Disable repository
  hosts: managed-node-01.example.com
  vars:
    rhc_repositories:
      - {name: "RepositoryName", state: disabled}
   roles:
     - role: rhel-system-roles.rhc
      Copy to Clipboard Toggle word wrap

  2. Run the playbook: 

    # ansible-playbook ~/configure-repos.yml
    Copy to Clipboard Toggle word wrap

7.6. Setting release versions by using the rhc system role
Copiar o link

You can limit the system to use only repositories for a particular minor RHEL version instead of the latest one. This way, you can lock your system to a specific minor RHEL version.

Prerequisites

  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The managed nodes or groups of managed nodes on which you want to run this playbook are listed in the Ansible inventory file.
  • You know the minor RHEL version to which you want to lock the system. Note that you can only lock the system to the RHEL minor version that the host currently runs or a later minor version.
  • You have registered the system.

Procedure

  1. Create a playbook file, for example ~/release.yml: 

    ---
- name: Set Release
  hosts: managed-node-01.example.com
  vars:
    rhc_release: "8.6"
  roles:
    - role: rhel-system-roles.rhc
    Copy to Clipboard Toggle word wrap

  2. Run the playbook: 

    # ansible-playbook ~/release.yml
    Copy to Clipboard Toggle word wrap

7.7. Using a proxy server when registering the host by using the rhc System Role
Copiar o link

If your security restrictions allow access to the Internet only through a proxy server, you can specify the proxy’s settings in the playbook when you register the system using the rhc RHEL System Role.

Prerequisites

  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The managed nodes or groups of managed nodes on which you want to run this playbook are listed in the Ansible inventory file.

Procedure

  1. Create a vault to save the sensitive information: 

    $ ansible-vault create secrets.yml
New Vault password: password
Confirm New Vault password: password
    Copy to Clipboard Toggle word wrap

  2. The ansible-vault create command creates an encrypted file and opens it in an editor. Enter the sensitive data you want to save in the vault, for example: 

    username: username
password: password
proxy_username: proxyusernme
proxy_password: proxypassword
    Copy to Clipboard Toggle word wrap

  3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

    You can later edit the data in the vault by using the ansible-vault edit secrets.yml command.

  4. Optional: Display the vault content: 

    $ ansible-vault view secrets.yml
    Copy to Clipboard Toggle word wrap

  5. Create a playbook file, for example ~/configure-proxy.yml:

    1. To register to the RHEL customer portal by using a proxy: 

      ---
- name: Register using proxy
  hosts: managed-node-01.example.com
  vars_files:
    - secrets.yml
  vars:
    rhc_auth:
      login:
        username: "{{ username }}"
        password: "{{ password }}"
    rhc_proxy:
      hostname: proxy.example.com
      port: 3128
      username: "{{ proxy_username }}"
      password: "{{ proxy_password }}"
  roles:
    - role: rhel-system-roles.rhc
      Copy to Clipboard Toggle word wrap

    2. To remove the proxy server from the configuration of the Red Hat Subscription Manager service: 

      ---
- name: To stop using proxy server for registration
  hosts: managed-node-01.example.com
  vars_files:
    - secrets.yml
  vars:
    rhc_auth:
      login:
        username: "{{ username }}"
        password: "{{ password }}"
     rhc_proxy: {"state":"absent"}
  roles:
    - role: rhel-system-roles.rhc
      Copy to Clipboard Toggle word wrap

  6. Run the playbook: 

    # ansible-playbook ~/configure-proxy.yml --ask-vault-pass
    Copy to Clipboard Toggle word wrap

7.8. Disabling auto updates of Insights rules by using the rhc System Role
Copiar o link

You can disable the automatic collection rule updates for Red Hat Insights by using the rhc RHEL System Role. By default, when you connect your system to Red Hat Insights, this option is enabled. You can disable it by using the rhc RHEL System Role.

Note

If you disable this feature, you risk using outdated rule definition files and not getting the most recent validation updates.

Prerequisites

  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The managed nodes or groups of managed nodes on which you want to run this playbook are listed in the Ansible inventory file.
  • You have registered the system.

Procedure

  1. Create a vault to save the sensitive information: 

    $ ansible-vault create secrets.yml
New Vault password: password
Confirm New Vault password: password
    Copy to Clipboard Toggle word wrap

  2. The ansible-vault create command creates an encrypted file and opens it in an editor. Enter the sensitive data you want to save in the vault, for example: 

    username: username
password: password
    Copy to Clipboard Toggle word wrap

  3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

    You can later edit the data in the vault by using the ansible-vault edit secrets.yml command.

  4. Optional: Display the vault content: 

    $ ansible-vault view secrets.yml
    Copy to Clipboard Toggle word wrap

  5. Create a playbook file, for example ~/auto-update.yml and add following content to it: 

    ---
 - name: Disable Red Hat Insights autoupdates
   hosts: managed-node-01.example.com
   vars_files:
     - secrets.yml
   vars:
    rhc_auth:
      login:
        username: "{{ username }}"
        password: "{{ password }}"
    rhc_insights:
       autoupdate: false
       state: present
    roles:
      - role: rhel-system-roles.rhc
    Copy to Clipboard Toggle word wrap

  6. Run the playbook: 

    # ansible-playbook ~/auto-update.yml --ask-vault-pass
    Copy to Clipboard Toggle word wrap

7.9. Disabling Insights remediations by using the rhc RHEL System Role
Copiar o link

You can configure systems to automatically update the dynamic configuration by using the rhc RHEL System Role. When you connect your system to Red hat Insights, it is enabled by default. You can disable it, if not required.

Note

Enabling remediation with the rhc System Role ensures your system is ready to be remediated when connected directly to Red Hat. For systems connected to a Satellite, or Capsule, enabling remediation must be achieved differently. For more information about Red Hat Insights remediations, see Red Hat Insights Remediations Guide.

Prerequisites

  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The managed nodes or groups of managed nodes on which you want to run this playbook are listed in the Ansible inventory file.
  • You have Insights remediations enabled.
  • You have registered the system.

Procedure

  1. To enable the remediation, create a playbook file, for example ~/remediation.yml: 

    ---
- name: Disable remediation
  hosts: managed-node-01.example.com
  vars:
    rhc_insights:
      remediation: absent
      state: present
  roles:
    - role: rhel-system-roles.rhc
    Copy to Clipboard Toggle word wrap

  2. Run the playbook: 

    # ansible-playbook ~/remediation.yml
    Copy to Clipboard Toggle word wrap

7.10. Configuring Insights tags by using the rhc system role
Copiar o link

You can use tags for system filtering and grouping. You can also customize tags based on the requirements.

Prerequisites

  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The managed nodes or groups of managed nodes on which you want to run this playbook are listed in the Ansible inventory file.

Procedure

  1. Create a vault to save the sensitive information: 

    $ ansible-vault create secrets.yml
New Vault password: password
Confirm New Vault password: password
    Copy to Clipboard Toggle word wrap

  2. The ansible-vault create command creates an encrypted file and opens it in an editor. Enter the sensitive data you want to save in the vault, for example: 

    username: username
password: password
    Copy to Clipboard Toggle word wrap

  3. Save the changes, and close the editor. Ansible encrypts the data in the vault.

    You can later edit the data in the vault by using the ansible-vault edit secrets.yml command.

  4. Optional: Display the vault content: 

    $ ansible-vault view secrets.yml
    Copy to Clipboard Toggle word wrap

  5. Create a playbook file, for example ~/tags.yml, and add following content to it: 

    ---
- name: Creating tags
  hosts: managed-node-01.example.com
  vars_files:
    - secrets.yml
  vars:
    rhc_auth:
      login:
        username: "{{ username }}"
        password: "{{ password }}"
    rhc_insights:
      tags:
        group: group-name-value
          location: location-name-value
          description:
            - RHEL8
            - SAP
           sample_key:value
        state: present
  roles:
    - role: rhel-system-roles.rhc
    Copy to Clipboard Toggle word wrap

  6. Run the playbook: 

    # ansible-playbook ~/remediation.yml --ask-vault-pass
    Copy to Clipboard Toggle word wrap

7.11. Unregistering a system by using the RHC System Role
Copiar o link

You can unregister the system from Red Hat if you no longer need the subscription service.

Prerequisites

  • You are logged in to the control node as a user who can run playbooks on the managed nodes.
  • The account you use to connect to the managed nodes has sudo permissions on them.
  • The managed nodes or groups of managed nodes on which you want to run this playbook are listed in the Ansible inventory file.
  • The system is already registered.

Procedure

  1. To unregister, create a playbook file, for example, ~/unregister.yml and add the following content to it: 

    ---
- name: Unregister the system
  hosts: managed-node-01.example.com
  vars:
    rhc_state: absent
  roles:
    - role: rhel-system-roles.rhc
    Copy to Clipboard Toggle word wrap

  2. Run the playbook: 

    # ansible-playbook ~/unregister.yml
    Copy to Clipboard Toggle word wrap
Voltar ao topo
Red Hat logoGithubredditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar. Explore nossas atualizações recentes.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja o Blog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

Theme

© 2025 Red Hat