Sign up and Register Tutorials [RH-KM] Using Red Hat Subscription Management How to enable Red Hat Subscription on RHEL 8/7 How to register RHEL 8 with subscription manager using command-line 如何在 RHEL 中使用訂閱管理器啟用軟體倉庫 How to activate your no-cost Red Hat Enterprise Linux subscription USING AND CONFIGURING SUBSCRIPTION MANAGER Answers to Common Subscription Questions - Red Hat Customer Portal Unregistered Subscription Manager # yum repolist Updating Subscription Management repositories. This system is registered to Red Hat Subscription Management, but is not receiving updates. You can use subscription-manager to assign subscriptions. NOTE: 在 /etc/yum.repos.d/ 目錄裡,如果曾經有手動設定其它的 repository,請先移除,或者將它們 Disable。 Sign up an account RedHat 訂閱帳號有分付費版與免費版兩種。 付費版) 入口網站: https://access.redhat.com/ 依據主機數量每年購買訂閱數。 免費版 for developer) Developer 帳號申請: https://developers.redhat.com/ 入口網站: https://access.redhat.com/ 訂閱需每年手動續約。 一個 Developer 帳號可用於一個組織,主機數量限制在 16 以下。 組織規模若不是大型企業,可用於 production 主機。 沒有任何技術支援,也不能開 ticket。 可以透過 RHN 作線上更新(這與付費版相同)。 每年手動續約時,必須從 Developer 網站進入並登入帳號,頁面應該會出現 renew account 的按鍵,按下後即可完成免費續約。 NOTE: 如果沒出現 renew account 資訊,反覆登入 Developer 頁面試試。 既使帳號已過期,也還是可以成功手動續約。 相關連結 https://www.redhat.com/zh-tw/blog/new-year-new-red-hat-enterprise-linux-programs-easier-ways-access-rhel https://www.redhat.com/wapps/tnc/viewterms/72ce03fd-1564-41f3-9707-a09747625585?extIdCarryOver=true&sc_cid=701f2000001Css0AAC How to Get Red Hat Enterprise Linux for Free? 申請 Developer 帳號後,在訂閱頁面會有兩個產品,主要是第二項 Red Hat Developer Subscription for Individuals,有了這個,RedHat 主機就可以像付費版那樣作線上更新。 Configure HTTP Proxy (optional) One-liner Command subscription-manager config --server.proxy_hostname=proxy.example.com --server.proxy_port=8080 --server.proxy_user=admin --server.proxy_password=secret Alternatively, proxy information can be added into configuration /etc/rhsm/rhsm.conf : # an http proxy server to use proxy_hostname = # port for http proxy server proxy_port = # user name for authenticating to an http proxy, if needed proxy_user = # password for basic http proxy auth, if needed proxy_password = Testing the connectivity to RHN Without Proxy curl -v https://subscription.rhn.redhat.com/subscription/ --cacert /etc/rhsm/ca/redhat-uep.pem With Proxy curl -v --proxy-user user:password --proxy proxy.example.com:8080 https://subscription.rhn.redhat.com/subscription/ --cacert /etc/rhsm/ca/redhat-uep.pem curl -v --proxy-user user:password --proxy proxy.example.com:8080 https://subscription.rhsm.redhat.com/ --cacert /etc/rhsm/ca/redhat-uep.pem curl -v --proxy-user user:password --proxy proxy.example.com:8080 https://cdn.redhat.com/ --cacert /etc/rhsm/ca/redhat-uep.pem * Trying 10.14.25.128... * TCP_NODELAY set * Connected to tpemispr01.winfoundry.com (10.14.25.128) port 8080 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to subscription.rhn.redhat.com:443 > CONNECT subscription.rhn.redhat.com:443 HTTP/1.1 > Host: subscription.rhn.redhat.com:443 > User-Agent: curl/7.61.1 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection established < * Proxy replied 200 to CONNECT request * CONNECT phase completed! * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/rhsm/ca/redhat-uep.pem CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CONNECT phase completed! * CONNECT phase completed! * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Request CERT (13): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: C=US; ST=North Carolina; O=Red Hat, Inc.; OU=Red Hat Subscription Management; CN=subscription.rhsm.redhat.com; emailAddress=ca-support@redhat.com * start date: May 7 00:43:39 2020 GMT * expire date: May 7 00:43:39 2023 GMT * issuer: C=US; ST=North Carolina; O=Red Hat, Inc.; OU=Red Hat Network; CN=Red Hat Entitlement Operations Authority; emailAddress=ca-support@redhat.com * SSL certificate verify ok. > GET /subscription/ HTTP/1.1 > Host: subscription.rhn.redhat.com > User-Agent: curl/7.61.1 > Accept: */* > < HTTP/1.1 200 OK < Server: openresty/1.19.9.1 < Date: Wed, 16 Feb 2022 06:26:59 GMT < Content-Type: application/json < Transfer-Encoding: chunked < Connection: keep-alive < x-candlepin-request-uuid: 616ae5b2-53a2-4e9d-816e-b359545c4805 < X-Version: 3.2.22-1 < [{"rel":"consumertypes","href":"/consumertypes"},{"rel":"distributor_versions","href":"/distributor_versions"},{"rel":"","href":"/"},{"rel":"admin","href":"/admin"},{"rel":"content","href":"/content"},{"rel":"cdn","href":"/cdn"},{"rel":"jobs","href":"/jobs"},{"rel":"crl","href":"/crl"},{"rel":"deleted_consumers","href":"/deleted_consumers"},{"rel":"rules","href":"/rules"},{"rel":"products","href":"/products"},{"rel":"roles","href":"/roles"},{"rel":"subscriptions","href":"/subscriptions"},{"rel":"activation_keys","href":"/activation_keys"},{"rel":"status","href":"/status"},{"rel":"consumers","href":"/consumers"},{"rel":"content_overrides","href":"/consumers/{consumer_uuid}/content_overrides"},{"rel":"users","href":"/users"},{"rel":"hypervisors","href":"/hypervisors"},{"rel":"guestids","href":"/consumers/{consumer_uuid}/guestids"},{"rel":"entitlements","href":"/entitlements"},{"rel":"owners","href":"/owners"},{"rel":"pools","href":"/pools"},{"rel":"serials","href":"/serials"},{"rel":"packages", "href":"/consume* Connection #0 to host tpemispr01.winfoundry.com left intact Register to RHN subscription-manager remove --all subscription-manager unregister subscription-manager clean yum clean all rm -rf /var/cache/yum/* # Option#1: With the credentials subscription-manager register --username myname --password 'ThisPassword' # Option#2: With an Activation Key # Create a key from the url https://access.redhat.com/management/activation_keys subscription-manager register --org= --activationkey= Update: 指令 subscription-manager attach 已經不需要,預設會啟用 SCA (Simple Content Access),詳細資訊請見: https://access.redhat.com/solutions/7080864   [~]# yum clean all Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. 17 files removed [~]# subscription-manager register --username myuser --password 'mypassword' Registering to: subscription.rhsm.redhat.com:443/subscription The system has been registered with ID: 36e3da57-5896-488e-ab8e-9f95a48c9f8c The registered system name is: haproxy.winfoundry.com [~]# yum repolist Updating Subscription Management repositories. This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions. [~]# subscription-manager attach --auto Installed Product Current Status: Product Name: Red Hat Enterprise Linux for x86_64 Status: Subscribed [~]# subscription-manager status +-------------------------------------------+ System Status Details +-------------------------------------------+ Overall Status: Current System Purpose Status: Matched [~]# yum repolist Updating Subscription Management repositories. repo id repo name rhel-8-for-x86_64-appstream-rpms Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) rhel-8-for-x86_64-baseos-rpms Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) Registered Subscription Manager [~]# yum repolist Updating Subscription Management repositories. repo id repo name rhel-8-for-x86_64-appstream-rpms Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) rhel-8-for-x86_64-baseos-rpms Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 登入 https://access.redhat.com/ ,在系統清單會顯示主機名稱。 Registering an offline system (optional) 如果主機端沒有網際網路,也可以使用離線註冊方式。 Create a system profile. From the systems page in Red Hat Subscription Management, click the New button. Provide the required information to finish creating the new system profile. Attach subscriptions. In your newly created system profile, click the Subscriptions tab, and attach any subscriptions you want to use with the system. Download and import the entitlement certificate(s). From the Subscriptions tab on your system profile, click Download Certificates to download the entitlement certificate(s) for attached subscriptions. The downloaded file will be in zip format. Extract the content and in /export/entitlement_certificates/ folder you will find the certificate xyz.pem. Move it to the client system’s /tmp directory. # subscription-manager import --certificate=/tmp/Name_Of_Downloaded_Entitlement_Cert.pem Restoring a registration 主機端曾經成功註冊過,因為某些原因,系統裡的註冊紀錄遺失、或者系統重新安裝後,可以回復原先的註冊紀錄。 以 System UUID 方式重新註冊原有的主機 # subscription-manager register --consumerid=SYSTEM-UUID --username=MYUSER --password=MYPASS Verifying Subscription [root@haproxy ~]# subscription-manager list +-------------------------------------------+ Installed Product Status +-------------------------------------------+ Product Name: Red Hat Enterprise Linux for x86_64 Product ID: 479 Version: 8.3 Arch: x86_64 Status: Subscribed Status Details: Starts: 03/02/2022 Ends: 03/02/2023 [root@haproxy ~]# yum repolist enabled Updating Subscription Management repositories. repo id repo name rhel-8-for-x86_64-appstream-rpms Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) rhel-8-for-x86_64-baseos-rpms Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) Removing from RHN Commands Overview subscription-manager unsubscribe --all subscription-manager remove --all subscription-manager unregister subscription-manager clean Remove all subscriptions,run: # subscription-manager remove --all 1 local certificate has been deleted. 1 subscription removed at the server. To unregister the system from the Red Hat, run: # subscription-manager unregister Unregistering from: subscription.rhsm.redhat.com:443/subscription System has been unregistered. To remove all local data from the system, run: # subscription-manager clean All local data removed 登入 https://access.redhat.com/ 在訂閱頁面的系統欄,原先註冊的主機名稱會自動移除。 Update System yum list updates yum update FAQ Registering to: subscription.rhsm.redhat.com:443/subscription Network error, unable to connect to server. Please see /var/log/rhsm/rhsm.log for more information. Solution: Check the firewall by following the instructions below. subscription.rhn.redhat.com:443 [https] AND subscription.rhsm.redhat.com:443 [https] (This is the new default address in newer versions of RHEL 7) cdn.redhat.com:443 [https] *.akamaiedge.net:443 [https] OR *.akamaitechnologies.com:443 [https] It is not recommended to specify the IP addresses because the packages are distributed through the Akamai network and the IP addresses are subject to change. However, if your firewall is unable to use host name filtering, Red Hat provides a pool of IP addresses that should provide CDN delivery. Q: subscription-manager attach --auto Installed Product Current Status: Product Name: Red Hat Enterprise Linux for x86_64 Status: Not Subscribed Solution: 登入 https://access.redhat.com/ ,確定帳戶裡有可用的訂閱服務。 如果是免費版 RedHat Developer 帳號,在訂閱清單裡如果沒有看到 Red Hat Developer Subscription for Individuals 這一項,請先登入 https://developers.redhat.com/ 然後再確認一次。  注意: 免費版個人授權需要每年手動更新一次有效期。 執行 subscription-manager refresh This system is registered to Red Hat Subscription Management, but is not receiving updates. You can use subscription-manager to assign subscriptions. Solution: subscription-manager attach --auto Q: subscription-manager is showing Overall Status: Disabled 執行 subscription-manager status   Overall Status: Disabled Content Access Mode is set to Simple Content Access. This host has access to content, regardless of subscription status. System Purpose Status: Disabled 新版的 RHEL 預設會啟用 SCA mode (Simple Content Access),如果要確認註冊是否成功,可以改用 subscription-manager identity ,出現 org name 與 ID 時表示註冊成功。詳細資訊: https://access.redhat.com/solutions/7080864