Registering Red Hat Enterprise Linux Clients with RHUI

This section contains information about using Red Hat update infrastructure (RHUI) to register Salt clients running Red Hat Enterprise Linux operating systems.

If you are running your clients in a public cloud, such as Amazon EC2, use this method.

It is possible to use RHUI in conjunction with the Red Hat content delivery network (CDN) to manage your Red Hat Enterprise Linux subscriptions. For information about using Red Hat CDN, see Registering Red Hat Enterprise Linux Clients with CDN.

You are responsible for connecting Uyuni Server to the Red Hat update infrastructure. All clients that get updates using this RHUI certificate need to be correctly licensed, please check with your cloud provider and the Red Hat terms of service for more information.

When Red Hat Enterprise Linux clients registered with RHUI are switched off, Red Hat might declare the certificate invalid. In this case, you need to turn the client on again, or get a new RHUI certificate.

1. Import Entitlements and Certificates

In the past it was required to import the certificates and entitlement data manual into Uyuni Server. We automated this task now by using the same mechanism as for SUSE Pay-as-you-go instances. See also Connect Pay-as-you-go instance.

This guide covers clients registered to Red Hat update infrastructure (RHUI). You must have at least one system registered to RHUI, with an authorized subscription for repository content.

For information about using Red Hat content delivery network (CDN) instead, see Registering Red Hat Enterprise Linux Clients with CDN.

Satellite certificates for client systems require a Satellite server and subscription. Clients using Satellite certificates are not supported with Uyuni Server.

The PAYG connection regular checks with the client to get the latest authentication data. It is important that the client stays running and is regular updated. If this does not happen, repository synchronization will fail with authentication errors at some point in time.

Update any Red Hat 7 instance before connecting it.

A Red Hat 9 instance needs to be configured with the crypto policy LEGACY to be able to connect it. Execute sudo update-crypto-policies --set LEGACY to configure it accordingly.

2. Connecting to Red Hat update infrastructure

Procedure: Connecting new Red Hat instance

  1. In the Uyuni Web UI, navigate to Admin  Setup Wizard  Pay-as-you-go, and click Add Pay-as-you-go.

  2. Start with the page section Pay-as-you-go connection Description.

  3. In the Description field, add the description.

  4. Move to the page section Instance SSH connection data.

  5. In the Host field, enter the instance DNS or IP address to connect from Uyuni.

  6. In the SSH Port field, enter the port number or use default value 22.

  7. In the User field, enter the username as specified in the cloud.

  8. In the Password field, enter the password.

  9. In the SSH Private Key field, enter the instance key.

  10. In the SSH Private Key Passphrase field, enter the key passphrase.

Authentication keys must always be in PEM format.

If you are not connecting directly to the instance, but via SSH bastion, proceed with Procedure: Adding SSH bastion connection data.

Otherwise, continue with Procedure: Finishing Red Hat connecting.

Procedure: Adding SSH bastion connection data

  1. Navigate to the page section Bastion SSH connection data.

  2. In the Host field, enter the bastion hostname.

  3. In the SSH Port field, enter the bastion port number.

  4. In the User field, enter the bastion username.

  5. In the Password field, enter the bastion password.

  6. In the SSH Private Key field, enter the bastion key.

  7. In the SSH Private Key Passphrase field, enter the bastion key passphrase.

Complete the setup with Procedure: Finishing Red Hat connecting.

Procedure: Finishing Red Hat connecting

  1. To complete adding new Red Hat connection data, click Create.

  2. Return to Pay-as-you-go connection data Details page. The updated connection status is displayed on the top section named Information.

  3. Connection status is shown in Admin > Setup Wizard > Pay-as-you-go screen, too.

  4. If the authentication data for the instance is correct, the column Status shows Credentials successfully updated.

If invalid data is entered at any point, the newly created instance is shown in Admin > Setup Wizard > Pay-as-you-go, with column Status displaying an error message.

As soon as the authentication data is available on the server, repositories were added for all available repositories on the connected instance. The repositories can be seen in Software > Manage > Repositories

A Red Hat connection will create custom repositories which are owned by organization 1 by default. If a different organization should own the autogenerated repositories, configure java.rhui_default_org_id in /etc/rhn/rhn.conf

This only defines and updates the repositories. If you want to use a repository for a managed client, you need to specify a Software Channel and connect the repositories to it.

3. Add Software Channels

Before you register Red Hat clients to your Uyuni Server, you need to add the required software channels, and synchronize them.

In the following section, descriptions often default to the x86_64 architecture. Replace it with other architectures if appropriate.

The channels you need for this procedure are:

Table 1. Red Hat Channels - CLI
OS Version Base Channel Client Channel Tools Channel

Red Hat 7

rhel7-pool-uyuni-x86_64

-

rhel7-uyuni-client-x86_64

Red Hat 8

rhel8-pool-uyuni-x86_64

-

rhel8-uyuni-client-x86_64

Red Hat 9

rhel9-pool-uyuni-x86_64

-

rhel9-uyuni-client-x86_64
Procedure: Adding Software Channels at the Command Prompt

  1. At the command prompt on the Uyuni Server, as root, use the spacewalk-common-channels command to add the appropriate channels:

    spacewalk-common-channels \
<base_channel_label> \
<child_channel_label_1> \
<child_channel_label_2> \
... <child_channel_label_n>

  2. If automatic synchronization is turned off, synchronize the channels:

    spacewalk-repo-sync -p <base_channel_label>

  3. Ensure the synchronization is complete before continuing.

The client tools channel provided by spacewalk-common-channels is sourced from Uyuni and not from SUSE.

The AppStream repository provides modular packages. This results in the Uyuni Web UI showing incorrect package information. You cannot perform package operations such as installing or upgrading directly from modular repositories using the Web UI or API.

Alternatively, you can use Salt states to manage modular packages on Salt clients, or use the dnf command on the client. For more information about CLM, see Content Lifecycle Management.

4. Prepare Custom Channels

To mirror the software from RHUI, you need to create custom channels in Uyuni that are linked to autogenerated repositories.

The channels you need for this procedure are:

Table 2. Red Hat Custom Channels
OS Version Base Channel

Red Hat 7

rhel7-pool-uyuni-x86_64

Red Hat 8

rhel8-pool-uyuni-x86_64

Red Hat 9

rhel9-pool-uyuni-x86_64
Procedure: Creating Custom Channels

  1. On the Uyuni Server Web UI, navigate to Software  Manage  Channels.

  2. Click Create Channel and set the appropriate parameters for the channels.

  3. In the Parent Channel field, select the appropriate base channel.

  4. Click Create Channel.

  5. Repeat for all channels you need to create. There should be one custom channel for each custom repository.

You can check that you have created all the appropriate channels and repositories, by navigating to Software  Channel List  All.

For Red Hat 8 clients, add both the Base and AppStream channels. You require packages from both channels. If you do not add both channels, you cannot create the bootstrap repository, due to missing packages.

When you have created all the channels, you can associate them with the repositories you created:

Procedure: Associating Channels with Repositories

  1. On the Uyuni Server Web UI, navigate to Software  Manage  Channels, and click the channel to associate.

  2. Navigate to the Repositories tab, and check the repository to associate with this channel.

  3. Click Update Repositories to associate the channel and the repository.

  4. Repeat for all channels and repositories you need to associate.

  5. OPTIONAL: Navigate to the Sync tab to set a recurring schedule for synchronization of this repository.

  6. Click Sync Now to begin synchronization immediately.

5. Check Synchronization Status

Procedure: Checking Synchronization Progress from the Web UI

  1. In the Uyuni Web UI, navigate to Software  Manage  Channels, then click the channel associated to the repository.

  2. Navigate to the Repositories tab, then click Sync and check Sync Status.

Procedure: Checking Synchronization Progress from the Command Prompt

  1. At the command prompt on the Uyuni Server, as root, use the tail command to check the synchronization log file:

    tail -f /var/log/rhn/reposync/<channel-label>.log

  2. Each child channel generates its own log during the synchronization progress. You need to check all the base and child channel log files to be sure that the synchronization is complete.

Red Hat Enterprise Linux channels can be very large. Synchronization can sometimes take several hours.

6. Manage GPG Keys

Clients use GPG keys to check the authenticity of software packages before they are installed. Only trusted software can be installed on clients.

Trusting a GPG key is important for security on clients. It is the task of the administrator to decide which keys are needed and can be trusted. Because a software channel cannot be used when the GPG key is not trusted, the decision of assigning a channel to a client depends on the decision of trusting the key.

For more information about GPG keys, see GPG Keys.

7. Register Clients

To register your clients, you need a bootstrap repository. By default, bootstrap repositories are automatically created, and regenerated daily for all synchronized products. You can manually create the bootstrap repository from the command prompt, using this command:

mgr-create-bootstrap-repo

For more information on registering your clients, see Client Registration.