Register RHEL with Activationkey #1065
Description
Code of Conduct
- I have read and agree to the project's Code of Conduct.
Description
It is recommended to register RHEL systems using an activationkey and org rather than username and password (for security). I saw it was mentioned in #1042 where the username option was apparently removed for RHEL 10, but this applies to older versions as well so I thought I would make a separate issue anyway. Also, and somewhat unrelated, the "--autosubscribe" option has been deprecated for sometime in favor of "--auto-subscribe" (which itself may not be needed if Simple Content Access [SCA] is the default).
NOTE: Orgs are numeric (e.g. "1234567"), and the activationkey is a string containing only numbers, letters, underscores, and hyphens (multiple comma-separated keys can be used (e.g. "key1,key2,key3") but not sure how relavent that is with SCA rolling out).
Use Case(s)
You need to register a RHEL 7+ system and want to use a more secure option.
Potential Configuration
In ks.pkrtpl.hcl, instead of the current
/usr/sbin/subscription-manager register --username ${rhsm_username} --password ${rhsm_password} --autosubscribe --force
Use something like the following (plus all the variable handling stuff):
/usr/sbin/subscription-manager register --activationkey="${rhsm_key}" --org="${rhsm_org}" --auto-attach --force
References
https://access.redhat.com/solutions/253273
https://access.redhat.com/solutions/3341191
SCA related info:
https://www.redhat.com/en/blog/red-hat-subscription-management-simple-content-access-explained