Softpanorama

Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)

Registering a server using Red Hat Subscription Manager (RHSM)

News RHEL subscription management Recommended Books Recommended Links Migrating systems from RHN to RHNSM Registering a server using Red Hat Subscription Manager (RHSM) Redhat Networking  Unix Administration
RHEL4 registration RHEL5 registration on proxy protected network RHEL6 registration on proxy protected network  Oracle Linux Registration Xinetd How to change IP address in RHEL Humor Etc

"New" subscription system (RHSM) is slightly better then RHN for large organizations.  It allows to assign specific license to specific box and list the current status of licensing.  But like RHN it requires to use proxy setting in configuration file, it does not take them from the environment. If the company has several proxies and you have mismatch you can be royally screwed. In general you need already to check consistently of your environment with conf file settings.  The level of understanding of proxies environment by RHEL tech support is basic of worse, so they are  using the database of articles instead of actually troubleshooting based on sosreport data. Moreover each day there might a new person working on your ticket, so there no continuity. RHEL System Registration Guide (https://access.redhat.com/articles/737393) is weak and does not cover more complex cases and typical mishaps.

NOTE: An update to subscription-manager packages and dependencies is required for Red Hat Enterprise Linux lower then 6.1 or 5.8 to register successfully. See manually updating subscription-manager before proceeding.

But there are a log of gotchas, especially if server moved from one datacenter to another in proxed environment and proxy have changed.

Checklist

1. Check if /etc/rhsm/rhsm.conf contains correct entries that are the same as in /etc/yum/conf and /etc/proxy settting of env variables (if any)

2. Clean  Red Hat repositories definition in /etc/yum.repos.d directory.  I am not sure that there is a yum command for that so you need to do it manually.

3. Clean all other yum settings. From the yum manual:

"CLEAN OPTIONS
The following are the ways which you can invoke yum in clean mode.

yum clean packages

Eliminate any cached packages from the system. Note that packages are not automatically deleted after they are downloaded.

yum clean headers

Eliminate all of the files which yum uses to determine the remote availability of packages. Using this option will force yum to download all the headers the next time it is run.

yum clean all

Runs yum clean packages and yum clean headers as above."

The "yum clean all" command will not only remove cached packages, but also any headers. You need flush out everything in case there are obsolete headers

# yum repolist # (or if you want to see all avalable repositories yum repolist all )

Now you can see to what repositories you are subscribed and if you wish what repositories are available for subscription.

If you are an unlucky guy who dwell behind proxy with an authoritarian firewall administrator

If you are behind proxy you need first to edit  /etc/rhsm/rhsm.conf as follows:

# an http proxy server to use (enter server FQDN)
proxy_hostname =

# port for http proxy server
proxy_port =

# user name for authenticating to an http proxy, if needed
proxy_user =

# password for basic http proxy auth, if needed
proxy_password =

IMPORTANT: while this sucker will accept the proxy in the form http://yourproxy.yourdomain.com    this will cause troubles. you need to specify server withput http:// prefix

You should not put prefix http:// into proxy server specification in  /etc/rhsm/rhsm.conf  This is easy to do, frequent and nasty error if you copy the setting from env variable. RHEL diagnostic for this error is abysmal 

Those giants of system programming even manage to embed proxy settings from /etc/rhsm/rhsm.conf into yum file /etc/yum.repos.d/redhat.repo, so the proxy value is taken from this file. Not from  your /etc/yum.conf settings, as you would expect.  Moreover this is done without any elementary checks for consistency: if you make a pretty innocent  mistake and specify proxy setting in /etc/rhsm/rhsm.conf as

proxy = http://yourproxy.yourdomain.com

The Red Hat registration manager will accept this and will work file. But for yum to work properly /etc/rhsm/rhsm.conf proxy specification requires just DNS name without prefix http:// or https://  -- prefix https will be added blindly (and that's wrong) in redhat.repo   without checking if you specified http:// (or https://) prefix or not. This SNAFU will lead to generation in  redhat.repo  the proxy statement of the form https://http://yourproxy.yourdomain.com

At this point you are up for a nasty surprise -- yum will not work with any Redhat repository and there is no any meaningful diagnostic messages. Looks like RHEL managers are iether engaged in binge drinking, or watch too much porn on the job ;-). 

In addition if your proxy is really restrictive, you need to submit a ticket to open  the following host names and ports on the outgoing network firewall to enable yum and subscription-manager to sync Satellite Server to Red Hat Satellite 6 repositories:

It is not recommended to specify the IP addresses because the packages are distributed through the Akamai network and the IP addresses are subject to change. However, if your firewall is unable to use host name filtering, Red Hat provides a pool of IP addresses that should provide CDN delivery.

Note: If the system is behind an HTTP proxy, recheck entries as if you make a mistake, for example in proxy_hostname firel it will be propagated down stream into /etc/yu,/repos.d directory and create difficult to troubleshoot error.

Add the details in /etc/rhsm/rhsm.conf as follows:

# an http proxy server to use (enter server FQDN)
proxy_hostname =

# port for http proxy server
proxy_port =

# user name for authenticating to an http proxy, if needed
proxy_user =

# password for basic http proxy auth, if needed
proxy_password =

Registering your server

To register interactively with the Red Hat Subscription Management Portal service, run:
subscription-manager register --username <username> --password <password>

To list the current subscription on the server use

subscription-manager list

To list all available subscriptions, run:

subscription-manager list --available --all 

This first task is to run subscription manager with register option, but has a caveat (see above) if you have a proxy (see also How to access Red Hat Subscription Manager (RHSM) through a firewall or proxy - Red Hat Customer Portal

# subscription-manager register
Username: <redacted>
Password:
The system has been registered with ID: 293d8a12-15cd-43fc-be7d-447aa4999bfe

Attach the necessary pool

Now the system registered, but with no set of repositories assigned (repository pool or simply pool). first we can see what polls are available.

# subscription-manager list --all --available

Subscription Name:   Red Hat Enterprise Linux Server, Premium (Physical or Virtual Nodes)
Provides:            Red Hat S-JIS Support (for RHEL Server) - Extended Update Support
... ... ...
    
Pool ID:             9c675f2bbcd54257a5950047cedfb6ee
Provides Management: No
Available:           2
Suggested:           1
Service Level:       Premium
Service Type:        L1-L3
Subscription Type:   Instance Based
Ends:                08/04/2016
System Type:         Physical 
... ... ... 

Find the pool ID for the appropriate subscription in the list, and then run the command. For example

# subscription-manager attach --pool 9c675f2bbcd54257a5950047cedfb6ee
Successfully attached a subscription for: Red Hat Enterprise Linux Server, Premium (Physical or Virtual Nodes)

You are not done yet: subscription to the necessary channels/repositories

If your previous subscription expired and you just assignee a new pool to the server which corresponds to the same subscription, you will inherit repositories you used to have. But still it make sense to check the list of repositories to which you are subscribed using yum repolist command

It can well be empty. (see also How to add a new yum repository )

To define a new repository, you can either add a .repo file in the /etc/yum.repos.d/ directory. All files with the .repo extension in this directory are read by yum. this is a more modern way to define your repositories here instead the "old way" -- in /etc/yum.conf.

To add such a repository to your system and enable it, you need to use the command yum-config-manager as root

NOTE: If EPEL is registered on some other system, you can copy relevant files directly into /etc/yum.repos.d. See also How to Enable EPEL Repository

To add a repository you need to use the command yum-config-manager --add-repo repository_url

For example

# yum-config-manager --add-repo http://www.example.com/example.repo
Loaded plugins: langpacks, presto, refresh-packagekit
adding repo from: http://www.example.com/example.repo
grabbing file http://www.example.com/example.repo to /etc/yum.repos.d/example.repo
example.repo                                             |  413 B     00:00
repo saved to /etc/yum.repos.d/example.repo

Sometimes repositories prevent patching (this is often the case with R RPMs installed from EPEL) you can simply disable them via command. For example:

pre>yum-config-manager --disable epel

and after patching is done re-enable it

yum-config-manager --enable  epel

You can always check the results with the command

If you got in trouble

You can try:
# subscription-manager remove --all 
# subscription-manager unregister 
# subscription-manager clean

Then do the registration again

Sometimes in enterprise envronment you run into problem with certificates. One common situation is when proxy substitutes self-signed centificate How to troubleshoot subscription-manager and yum issues - Red Hat Customer Portal

  • Let's troubleshoot this error for example:
    Raw
    # yum check-update
    Loaded plugins: downloadonly, product-id, subscription-manager
    Updating certificate-based repositories.
    https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/cf-tools/1.0/os/repodata/repomd.xml: [Errno 14] problem making ssl connection
    Trying other mirror.
    Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-6-server-cf-tools-1-rpms. Please verify its path and try again
    
  • Check if a proxy (or anything between the server and Red Hat) is not changing the SSL certificate. Sometimes proxies are configured to resign SSL communication (similar to man-in-the-middle attack).
  • Crosscheck if UUID of system matches on the Customer Portal:
    1. Get the UUID from the system:
      Raw
      # openssl x509 -in /etc/pki/consumer/cert.pem -noout -text| grep 'Subject: CN'
      
    2. Check the system's UUID on the Customer Portal: Go to access.redhat.com --> Subscriptions --> Systems (under the subheading Subscriber Inventory) or open: https://access.redhat.com/management/consumers?type=system. Then enter the system's UUID in the filter box to see if it matches.
    3. If the UUID does not match, refresh the subscription data from system:
      Raw
      # subscription-manager refresh
      # subscription-manager attach --auto
      

      -or-

      Raw
      # subscription-manager attach --pool=POOLID
      
  • When using a http proxy with RHSM, the proxy settings need to be put in /etc/rhsm/rhsm.conf (and not /etc/yum.conf).

Root Cause

The communication is not properly established with the correct certificates:

Raw
# curl -v --proxy-user user:password --proxy proxy.example.com:8080 https://subscription.rhn.redhat.com --cacert /etc/rhsm/ca/redhat-uep.pem
* About to connect() to proxy proxy.example.com port 8080 (#0)
*   Trying 10.0.0.1... connected
* Connected to proxy.example.com (10.0.0.1) port 8080 (#0)
* Establish HTTP proxy tunnel to subscription.rhn.redhat.com:443
* Proxy auth using Basic with user 'username'
> CONNECT subscription.rhn.redhat.com:443 HTTP/1.1
> Host: subscription.rhn.redhat.com:443
> Proxy-Authorization: Basic XXEEAA =
> User-Agent: curl/7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
< Date: Tue, 03 Jul 2012 13:03:51 GMT
< Age: 2
< Proxy-Connection: Keep-Alive
< Via: 1.0 localhost.localdomain
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: /etc/pki/nssdb
*   CAfile: /etc/rhsm/ca/redhat-uep.pem
  CApath: none
* Peer's certificate issuer is not recognized: 'CN=proxy.example.com,O=My,L=RedHat,ST=South Carolina,C=US'
* NSS error -8179
* Closing connection #0
* Peer certificate cannot be authenticated with known CA certificates
curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

Diagnostic Steps

Find the troubleshooting steps which can help you to find the cause of the issue:

  • Make sure that the system's time and date is correct to the time and date of the geographical location.
  • Next thing to do is to unregister and register again the subscription manager - to be sure the server is properly registered using RHSM:

Unregister the server:

Raw
set -x
# date && subscription-manager --proxy=proxy.example.com:3128 clean
All local data removed

#date && subscription-manager --proxy=proxy.example.com:3128 unsubscribe --all
This machine has been unsubscribed from all subscriptions

# date && subscription-manager --proxy=proxy.example.com:3128 unregister
Consumer 11111111-2222-3333-4444-555555555556 has been deleted

Get the information about the server:

Raw
# date && subscription-manager --proxy=proxy.example.com:3128 facts --list

Register the server:

Raw
# date && subscription-manager --proxy=proxy.example.com:3128 register
The system has been registered with id: 11111111-2222-3333-4444-555555555555

# date && subscription-manager --proxy=proxy.example.com:3128 identity
Current identity is: 11111111-2222-3333-4444-555555555555
name: gss01.example.com
org name: 1111111
org id: 11111112222222333333334444444555

date && subscription-manager --proxy=proxy.example.com:3128 subscribe --pool=<PoolId_from_the_previous_command>

#Or use simply:
# date && subscription-manager --proxy=proxy.example.com:3128 list --available
+-------------------------------------------+
    Available Subscriptions
+-------------------------------------------+

ProductName:            Red Hat Enterprise Linux Server, Self-support (1-2 sockets)
                        (Up to 1 guest)
ProductId:              RH0197181                
PoolId:                 11111111111111111111111111111111
Quantity:               10                       
Multi-Entitlement:      No                       
Expires:                01/01/2013               
MachineType:            physical
.
.

# date && subscription-manager --proxy=proxy.example.com:3128 subscribe --auto
Installed Product Current Status:
Product Name:           Red Hat Enterprise Linux Server
Status:                 Subscribed


# date && subscription-manager --proxy=proxy.example.com:3128 list --consumed
+-------------------------------------------+
    Consumed Product Subscriptions
+-------------------------------------------+

Product Name:           Red Hat Enterprise Linux Server
Contract Number:        4444444
Account Number:         333333
Serial Number:          2222222222222222222
Active:                 True                     
Quantity Used:          1                        
Service Level:          None                     
Service Type :          None                     
Begins:                 22/09/11                 
Expires:                01/01/22
.
.
.


# date && subscription-manager --proxy=proxy.example.com:3128 repos --list
+----------------------------------------------------------+
    Entitled Repositories in /etc/yum.repos.d/redhat.repo
+----------------------------------------------------------+
.
.
.
Repo Name:              Red Hat Enterprise Linux 6 Server (RPMs)
Repo Id:                rhel-6-server-rpms       
Repo Url:               https://cdn.redhat.com/content/dist/rhel/server/6/$releasever/$basearch/os
Enabled:                1                        

Repo Name:              Red Hat CloudForms Tools for RHEL 6 (RPMs)
Repo Id:                rhel-6-server-cf-tools-1-rpms
Repo Url:               https://cdn.redhat.com/content/dist/rhel/server/6/$releasever/$basearch/cf-tools/1.0/os
Enabled:                1
.
.
  • Generate and check the strace:
Raw
yum clean all
export URLGRABBER_DEBUG=1,- 
sed -i.orig 's/debuglevel = 0/debuglevel = 1/g' /usr/lib64/python2.6/httplib.py 
strace -ttT -s1024 -v -o /tmp/yum.update.strace yum -d10 check-update
mv /usr/lib64/python2.6/httplib.py.orig /usr/lib64/python2.6/httplib.py

There should be something like this in the strace:

  • The system was able to connect to subscription.rhn.redhat.com:443 through the proxy server:
Raw
2012-03-12 10:04:36,002 [DEBUG]  @connection.py:194 - Using proxy: proxy.server.com:3128
2012-03-12 10:04:36,002 [DEBUG]  @connection.py:209 - Making request: GET https://subscription.rhn.redhat.com:443/subscription/consumers/8c1cb059-xxxx-xxxx-xxxx-46025d2b9d35/certificates?serials=50
27624092264466693
2012-03-12 10:04:37,952 [DEBUG]  @connection.py:218 - Response status: 200
  • The strace of the client's yum attempt shows an initially successful connection to cdn.redhat.com:443 through the proxy proxy.server.com:3128:
Raw
14:59:05.914373 connect(7, {sa_family=AF_INET, sin_port=htons(3128), sin_addr=inet_addr("192.168.0.2")}, 16) = -1 EINPROGRESS (Operation now in progress) <0.000022>
14:59:05.914423 poll([{fd=7, events=POLLOUT|POLLWRNORM}], 1, 29998) = 1 ([{fd=7, revents=POLLOUT|POLLWRNORM}]) <0.000227>
14:59:05.914693 getsockopt(7, SOL_SOCKET, SO_ERROR, [0], [4]) = 0 <0.000017>
14:59:05.914749 sendto(7, "CONNECT cdn.redhat.com:443 HTTP/1.1\r\nHost: cdn.redhat.com:443\r\nUser-Agent: urlgrabber/3.9.1 yum/3.2.29\r\nProxy-Connection: Keep-Alive\r\n\r\n", 136, MSG_NOSIGNAL, NU
LL, 0) = 136 <0.000012>
14:59:05.914794 poll([{fd=7, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 1000) = 1 ([{fd=7, revents=POLLIN|POLLRDNORM}]) <0.231993>
14:59:06.146848 recvfrom(7, "HTTP/1.0 200 Connection established\r\n\r\n", 16384, 0, NULL, NULL) = 39 <0.000024>
Raw
curl --head --key /etc/pki/entitlement/4790939584130415916-key.pem -E /etc/pki/entitlement/4790939584130415916.pem -k https://cdn.redhat.com/content/dist/rhel/server/5/5Server/x86_64/cf-tools/1.0/os/repodata/repomd.xml -x proxy.example.com:3128 --verbose -H "Cache-control: no-cache" -H "Pragma: no-cache" --cacert /etc/rhsm/ca/redhat-uep.pem
* About to connect() to proxy proxy.example.com port 3128 (#0)                                                                                                                                              
*   Trying 10.0.0.1... connected                                                                                                                                                                            
* Connected to proxy.example.com (10.0.0.1) port 3128 (#0)                                                                                                                                               
* Establish HTTP proxy tunnel to cdn.redhat.com:443                                                                                                                                                            
> CONNECT cdn.redhat.com:443 HTTP/1.1                                                                                                                                                                          
> Host: cdn.redhat.com:443                                                                                                                                                                                     
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2                                                                                           
> Proxy-Connection: Keep-Alive                                                                                                                                                                                 
>                                                                                                                                                                                                              
< HTTP/1.0 200 Connection established                                                                                                                                                                          
<                                                                                                                                                                                                              
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: /etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* NSS: client certificate: PEM Token #1:5027624092264466693.pem
*       subject: CN=8a85f98435edb09d01360626e0924712
*       start date: Jan 01 05:00:00 2012 GMT
*       expire date: Jan 01 04:59:59 2013 GMT
*       common name: 8a85f98435edb09d01360626e0924712
*       issuer: E=ca-support@redhat.com,CN=Red Hat Candlepin Authority,OU=Red Hat Network,O="Red Hat, Inc.",ST=North Carolina,C=US
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
*       subject: CN=cdn.redhat.com,OU=IT,O="Red Hat, Inc.",L=Raleigh,ST=NORTH CAROLINA,C=US
*       start date: Jul 19 16:16:14 2010 GMT
*       expire date: Jul 16 16:16:14 2020 GMT
*       common name: cdn.redhat.com
*       issuer: E=ca-support@redhat.com,CN=Red Hat Entitlement Operations Authority,OU=Red Hat Network,O="Red Hat, Inc.",ST=North Carolina,C=US
> GET /content/dist/rhel/server/5/5Server/x86_64/cf-tools/1.0/os/repodata/repomd.xml HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: cdn.redhat.com
> Accept: */*
> 
< HTTP/1.1 200 OK
  • Without proxy using openssl:
Raw
openssl s_client -port 443 -CApath /etc/pki/entitlement/ -host cdn.redhat.com -prexit -cert 6666666666666666666.pem -key 6666666666666666666-key.pem
CONNECTED(00000003)
depth=1 C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Red Hat Entitlement Operations Authority, emailAddress = ca-support@redhat.com
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=NORTH CAROLINA/L=Raleigh/O=Red Hat, Inc./OU=IT/CN=cdn.redhat.com
   i:/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/emailAddress=ca-support@redhat.com
 1 s:/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/emailAddress=ca-support@redhat.com
   i:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=Entitlement Master CA/emailAddress=ca-support@redhat.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIENjCCAh6gAwIBAgIBJzANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMCVVMx
FzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMu
MRgwFgYDVQQLDA9SZWQgSGF0IE5ldHdvcmsxMTAvBgNVBAMMKFJlZCBIYXQgRW50
aXRsZW1lbnQgT3BlcmF0aW9ucyBBdXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFWNh
LXN1cHBvcnRAcmVkaGF0LmNvbTAeFw0xMDA3MTkxNjE2MTRaFw0yMDA3MTYxNjE2
MTRaMHYxCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5OT1JUSCBDQVJPTElOQTEQMA4G
A1UEBxMHUmFsZWlnaDEWMBQGA1UEChMNUmVkIEhhdCwgSW5jLjELMAkGA1UECxMC
SVQxFzAVBgNVBAMTDmNkbi5yZWRoYXQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDcVN7OoMTenrvBx2GEdW+t5GYaWd/rg2dyFooyItr+snRgyTkeBQOL
ZmvGH/VbwQxrUmDCWnaxWX84hcZMn0xIEEOu/OdsRzrDdhBmsWTRRkabucJVg7BW
Zu89vATSpjZ+hCp/J+67ZNscuMqI7GzFG6A7KOgMRehg4pbgIR2sFwIDAQABoxcw
FTATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAgEAZxzgeGbE
YHpzqu0g+IAaTRIQ53xrRWy0PFqaeD9aRmJoqnjHJiYXguNsHcIY7el082RgxONf
hP2k4iE2Rcxo7MA3OiBEG7CvM73oLo94BhLKy/Ytbcut1K0WH1Q8hY3jIdk76sfM
yX2bFgFAHAbBcZFOAhvdaNrzxSFcX+WGvTMhvuXq4u3dRQJlG9QFG/d8Xx247G5e
rnRlBy23RHAqYVDs1bx2SA/SLx0WCUkuBgh7O8aFGam73ynVW5RosTtX5tw2L68I
JCknBfSEtJIMwJVv+OwMhV6EBydorEZkPZO0Q/3c/wNmp9VfjnfMybb+hyS8NP1T
zP2ewQvVwFv8yZYfNIXQCH3YGFXwtG0x1uKcgHQNpf53bvOqQy2DL76/QzEfya63
KVmomyyGX74v3fNytYOTVSRRCS4NoIzb+9oAIuHgLkgQyADfUDsIsk/DwM8oduq1
4n832s2DUJEZA1czt2ZdJXSfas3syP5BtsjaFPdUInqVLRAvC7hmj61GtnehTKx0
SYxs4ijC7SeXckE9vaO5hr6GcAYNzv/pvZ5DB6FBdzmeyX1lpUz/xn8Gc4xhM9lA
L5eQ180iMiLjbX9MAUayJLecwd49W3fQ1gbBkR6xTwy+gveRXJ+M1fxot+FUhV5v
Lt0DgnVbXOn0l4R5oZVv7k3iVBSPaDe4Dlc=
-----END CERTIFICATE-----
subject=/C=US/ST=NORTH CAROLINA/L=Raleigh/O=Red Hat, Inc./OU=IT/CN=cdn.redhat.com
issuer=/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/emailAddress=ca-support@redhat.com
---
Acceptable client certificate CA names
/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/emailAddress=ca-support@redhat.com
/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=Entitlement Master CA/emailAddress=ca-support@redhat.com
/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Candlepin Authority/emailAddress=ca-support@redhat.com
---
SSL handshake has read 3693 bytes and written 100396 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 4EF45E40519DD86B56C5D62938E42B2ACB85F421F1B4853E607BE42738047A31
    Session-ID-ctx: 
    Master-Key: 7E3E5B2F9E2C257D76EB23E3477C67423761D7B843068EA95A43D3749D5464A52040F85635E3D8113F3D01A60E1AFEB4
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1345283601
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---

Testing connectivity to subscription.rhn.redhat.com

  • Verifying the machine can connect to subscription.rhn.redhat.com with curl:
Raw
$ curl -v -k https://subscription.rhn.redhat.com/subscription/ --cacert /etc/rhsm/ca/redhat-uep.pem
* About to connect() to subscription.rhn.redhat.com port 443 (#0)
*   Trying 10.4.127.49... connected
* Connected to subscription.rhn.redhat.com (10.4.127.49) port 443 (#0)
...
* Closing connection #0
[{"rel":"consumers","href":"/consumers"},{"rel":"distributor_versions","href":"/distributor_versions"},{"rel":"entitlements","href":"/entitlements"},{"rel":"hypervisors","href":"/hypervisors"},{"rel":"jobs","href":"/jobs"},{"rel":"owners","href":"/owners"},{"rel":"pools","href":"/pools"},{"rel":"products","href":"/products"},{"rel":"subscriptions","href":"/subscriptions"},{"rel":"users","href":"/users"}]
  • Or with openssl s_client:
Raw
$ openssl s_client -port 443 -CApath /etc/rhsm/ca/redhat-uep.pem -host subscription.rhn.redhat.com
CONNECTED(00000003)
depth=2 C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
...

    Start Time: 1397793816
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---

Then type in this:

Raw
GET /subscription/

... to get this output:

Raw
[{"rel":"consumers","href":"/consumers"},{"rel":"distributor_versions","href":"/distributor_versions"},{"rel":"entitlements","href":"/entitlements"},{"rel":"hypervisors","href":"/hypervisors"},{"rel":"jobs","href":"/jobs"},{"rel":"owners","href":"/owners"},{"rel":"pools","href":"/pools"},{"rel":"products","href":"/products"},{"rel":"subscriptions","href":"/subscriptions"},{"rel":"users","href":"/users"}]closed
  • Or testing basic connectivity when you have a consumer cert and key, and where RHNUSERNAME is your customer portal login:
Raw
# curl --key /etc/pki/consumer/key.pem --cert /etc/pki/consumer/cert.pem --cacert redhat-uep.pem https://subscription.rhn.redhat.com/subscription/users/RHNUSERNAME/owners

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

Register Red Hat 7 using Subscription Manager via Proxy by Grzegorz Juszczak

March 9, 2016 | tuxfixer.com

Set HTTP Proxy for Red Hat Subscription Manager

Use the following syntax:

[root@tuxfixer ~]# subscription-manager config --server.proxy_hostname=(proxy_server_ip) --server.proxy_port=(proxy_server_port)

Example:

[root@tuxfixer ~]# subscription-manager config --server.proxy_hostname=85.254.112.20 --server.proxy_port=8080

2. Register Red Hat 7 using your Red Hat credentials and automatically attach Red Hat repository

Use the following syntax:

[root@tuxfixer ~]# subscription-manager register --username (your_username) --password (your_password) --auto-attach

Example:

[root@tuxfixer ~]# subscription-manager register --username name.surname@tuxfixer.com --password tuxfixer_sec_pass --auto-attach

The system has been registered with ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Installed Product Current Status:
Product Name: Red Hat Enterprise Linux Server
Status:       Subscribed

3. (Optional) Enable additional Red Hat Channels to obtain additional packages

Red Hat Optional Channel:

[root@tuxfixer ~]# subscription-manager repos --enable rhel-7-server-optional-rpms

Red Hat Extras Channel:

[root@tuxfixer ~]# subscription-manager repos --enable rhel-7-server-extras-rpms

[SOLVED] Redhat Subscription Manager for RHEL 6

yohey03

Good day to Linuxquestions.org community,

I want to ask Redhat Subscription Manager registration.
I register one of my RHEL6 Virtual Machine registration on Redhat.

I first Used to RHN Registration,I registered and choose to RHN Classic
and prompt that the this system is registered to RHN Classic.

However,I checked the Subscription Manager and Found out this message(please see attached file).
it indicates that my machine is registered to RHN Classic but on below,
there's a question mark and unknown on the status.

Also the Products Subscription Details is not registered.

Thank you for your kindness...

Chetansingh

As per redhat, from version 6 always use subscription-manager to register your machine.

You can do one thing, unregister your machine via rhn classic and then register it via subscription-manager.

rm /etc/sysconfig/rhn/systemid
subscription-manager register

or you can migrate to rhsm via below command
rhn-migrate-classic-to-rhsm


yum install subscription-manager-migration subscription-manager-migration-data
rhn-migrate-classic-to-rhsm
cd /etc/sysconfig/rhn
mv systemid rhnclassic.systemid
rm /etc/sysconfig/rhn/systemid
subscription-manager register

GaWdLy

Most registration data isn't worth keeping, so I would just run '# subscription-manager register --force' and you will re-register with RHSM.

Chetansingh

Before running force register, we need to remove the system from rhn classic, then only we would be able to add it to subscription-manager

yohey03

Hi To All,

My Problem was solved!Thanks to all of you
especially to "Chetansingh" ,thank you very much for
providing this solution.

Recommended Links

Google matched content

Softpanorama Recommended

Top articles

Sites

Top articles

Sites

How to register and subscribe a system to the Red Hat Customer Portal using Red Hat Subscription Management (RHSM)



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: February, 12, 2018