Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Registering a server using Red Hat Subscription Manager (RHSM)

News RHEL subscription management Recommended Books Recommended Links Migrating systems from RHN to RHNSM Registering a server using Red Hat Subscription Manager (RHSM) Redhat Networking  Unix Administration
RHEL4 registration RHEL5 registration on proxy protected network RHEL6 registration on proxy protected network  Oracle Linux Registration Xinetd How to change IP address in RHEL Humor Etc

Introduction

"New" subscription system (RHSM) is slightly better then RHN for large organizations.  It allows to assign specific license to specific box and list the current status of licensing.  But like RHN it requires to use proxy setting in configuration file, it does not take them from the environment. If the company has several proxies and you have mismatch you can be royally screwed. In general you need always to check consistently of your environment with conf file settings using  

The level of understanding of proxies environment by RHEL tech support is basic of worse, so they are  using the database of articles instead of actually troubleshooting based on sosreport data. Moreover each day there might a new person working on your ticket, so there no continuity. RHEL System Registration Guide (https://access.redhat.com/articles/737393) is weak and does not cover more complex cases and typical mishaps.

NOTE: An update to subscription-manager packages and dependencies is required for Red Hat Enterprise Linux lower then 6.1 or 5.8 to register successfully. See manually updating subscription-manager before proceeding.

But there are a log of gotchas, especially if server moved from one datacenter to another in proxies environment and proxy have changed.

If your system supports RHSM you can jump to Registering your server on Red Hat Subscription Management Portal

If you are lucky you need to issue just a half-dozen commands to register the server and, optionally, enable additional repositories. The three key command  that do the job are as following:  

 subscription-manager register --username 
 subscription-manager list --available --all
 subscription-manager attach --pool=8a85........0f

If you attached wrong poll (happens, if, for example, you use HPC licenses and assigned such a license to regular server) you can remove it using the command 

subscription-manager remove --pool=8a85........0f
After that you need to enable additional repos, if you need them (the key repo with patches and packages typically is enabled by default when you attach the pool) 
 subscription-manager repos --enable rhel-7....

Checklist for consistency of your setting

This is a complex and not well documented subsystem.  So sometimes you encounter problem and can't register the server.  The consistency of your settings is the first area to verity. The most important of them you can check by checking the content of  /etc/rhsm/rhsm.conf and the output of the command subscription-manager config (see below)

Using different settings, especially proxy settings,  in different places is that most common problem. Here are some steps that might help:

1. Check if /etc/rhsm/rhsm.conf contains correct entries that are the same as in /etc/yum/conf and /etc/sysconfig/proxy setting of environment  variables (if any)

2. Clean  Red Hat repositories definition in /etc/yum.repos.d directory.  I am not sure that there is a yum command for that so you need to do it manually.

3. Clean all other yum settings. From the yum manual:

"CLEAN OPTIONS
The following are the ways which you can invoke yum in clean mode.

yum clean packages

Eliminate any cached packages from the system. Note that packages are not automatically deleted after they are downloaded.

yum clean headers

Eliminate all of the files which yum uses to determine the remote availability of packages. Using this option will force yum to download all the headers the next time it is run.

yum clean all

Runs yum clean packages and yum clean headers as above."

The "yum clean all" command will not only remove cached packages, but also any headers. You need flush out everything in case there are obsolete headers

Now subscribe to available repos again: 

# yum repolist all # ( to see all available repositories )

Now you can see to what repositories you are subscribed and if you wish what repositories are available for subscription.

To enable it, you need to use the command 

yum-config-manager --enable <the_name_of_repository>

or

subscription-manager repos --enable <the_name_of_repository>

 For example: 

yum-config-manager --enable rhel-6-server-extras-rpms

or

subscription-manager repos --enable rhel-6-server-extras-rpms

 

If you are an unlucky guy who dwell behind proxy with an authoritarian firewall administrator

If you are behind proxy you need first to edit  /etc/rhsm/rhsm.conf as follows:

# an http proxy server to use (enter server FQDN)
proxy_hostname =

# port for http proxy server
proxy_port =

# user name for authenticating to an http proxy, if needed
proxy_user =

# password for basic http proxy auth, if needed
proxy_password =

IMPORTANT: While this sucker will accept the proxy in the form http://yourproxy.yourdomain.com    this will cause troubles. You need to specify server without http:// prefix

You should not put prefix http:// into proxy server specification in  /etc/rhsm/rhsm.conf  This is easy to do, frequent and nasty error if you copy the setting from environment variable. RHEL diagnostic for this error is abysmal 

Those giants of system programming even manage to embed proxy settings from /etc/rhsm/rhsm.conf into yum file /etc/yum.repos.d/redhat.repo, so the proxy value is taken from this file. Not from  your /etc/yum.conf settings, as you would expect.  Moreover this is done without any elementary checks for consistency: if you make a pretty innocent  mistake and specify proxy setting in /etc/rhsm/rhsm.conf as

proxy = http://yourproxy.yourdomain.com

The Red Hat registration manager will accept this and will work file. But for yum to work properly /etc/rhsm/rhsm.conf proxy specification requires just DNS name without prefix http:// or https://  -- prefix https will be added blindly (and that's wrong) in redhat.repo   without checking if you specified http:// (or https://) prefix or not. This SNAFU will lead to generation in  redhat.repo  the proxy statement of the form https://http://yourproxy.yourdomain.com

At this point you are up for a nasty surprise -- yum will not work with any Redhat repository and there is no any meaningful diagnostic messages. Looks like RHEL managers are iether engaged in binge drinking, or watch too much porn on the job ;-). 

In addition if your proxy is really restrictive, you need to submit a ticket to open  the following host names and ports on the outgoing network firewall to enable yum and subscription-manager to sync Satellite Server to Red Hat Satellite 6 repositories:

It is not recommended to specify the IP addresses because the packages are distributed through the Akamai network and the IP addresses are subject to change. However, if your firewall is unable to use host name filtering, Red Hat provides a pool of IP addresses that should provide CDN delivery.

NOTE: If the system is behind an HTTP proxy, recheck entries as if you make a mistake, for example in the proxy_hostname field it will be propagated down stream into /etc/yum-repos.d directory and create difficult to troubleshoot error.

Here is an example:

# an http proxy server to use (enter server FQDN)
proxy_hostname = companyproxy.mycompany.com

# port for http proxy server
proxy_port = 8080

# user name for authenticating to an http proxy, if needed
proxy_user = joeuser

# password for basic http proxy auth, if needed
proxy_password = my-wife-linda

Registering your server on Red Hat Subscription Management Portal

With RHSM registration is a two step process: first you need to register server and then assign the subscription to it.

To register interactively with the Red Hat Subscription Management Portal service, run:
subscription-manager register --username <username> --password <password>

To very that the server is attached to the pool 

subscription-manager list

To list all available subscriptions, run:

subscription-manager list --available --all

This first task is to run subscription manager with register option, but has a caveat (see above) if you have a proxy (see also How to access Red Hat Subscription Manager (RHSM) through a firewall or proxy - Red Hat Customer Portal

# subscription-manager register
Username: <redacted>
Password:
The system has been registered with ID: 293d8a12-15cd-43fc-be7d-447aa4999bfe

Attach the necessary pool

Now the system registered, but with no set of repositories assigned (repository pool or simply pool).

First we can see what polls are available. In other words what your subscriptions are not expired. 

# subscription-manager list --all --available

Subscription Name:   Red Hat Enterprise Linux Server, Premium (Physical or Virtual Nodes)
Provides:            Red Hat S-JIS Support (for RHEL Server) - Extended Update Support
... ... ...
    
Pool ID:             9c675f2bbcd54257a5950047cedfb6ee
Provides Management: No
Available:           2
Suggested:           1
Service Level:       Premium
Service Type:        L1-L3
Subscription Type:   Instance Based
Ends:                08/04/2016
System Type:         Physical 
... ... ...

Find the pool ID for the appropriate subscription in the list, and then run the command. For example 

# subscription-manager attach --pool 9c675f2bbcd54257a5950047cedfb6ee
Successfully attached a subscription for: Red Hat Enterprise Linux Server, Premium (Physical or Virtual Nodes)

Subscribe to the necessary channels/repositories

If your previous subscription expired and you just assignee a new pool to the server which corresponds to the same subscription, you will inherit repositories you used to have. But still it make sense to check the list of repositories to which you are subscribed using yum repolist command

It can well be empty. (see also How to add a new yum repository )

To define a new repository, you need to add a .repo file in the /etc/yum.repos.d/ directory. This is done using yum-config-manager --add-repo command

For example

# yum-config-manager --add-repo http://www.example.com/example.repo
Loaded plugins: langpacks, presto, refresh-packagekit
adding repo from: http://www.example.com/example.repo
grabbing file http://www.example.com/example.repo to /etc/yum.repos.d/example.repo
example.repo                                             |  413 B     00:00
repo saved to /etc/yum.repos.d/example.repo

NOTES:

Enabling repo

After you added repo you need to enable it. For RHEL repositories listed in yum repolist all you just need to enable it, you do not need to add them.

To enable it, you need to use the command 

yum-config-manager --enable <the_name_of_repository>

as root

NOTES:

For example: 

yum-config-manager --enable rhel-6-server-extras-rpms

or

subscription-manager repos --enable rhel-6-server-extras-rpms

Sometimes EPEL repositories prevent RHEL patching (this is often the case with R RPMs installed from EPEL) you can simply disable them via command. For example: 

yum-config-manager --disable epel

and after patching is done re-enable it

yum-config-manager --enable  epel

You can always check the results with the command

Troubleshooting

Inconsistent settings between various config file is the most common cause of problems. Red Hat expertise in this area is extremely weak and they does not verify them for you.

you can check you configuration using the command How to enable repository using subscription-manager in RHEL - Kernel Talks

# subscription-manager config
You can try to remove all setting and to star anew:





# subscription-manager remove --all 
# subscription-manager unregister 
# subscription-manager clean



Then do the registration again with the settings that work on another server. 



You can also type the description of the problem in Google or Bing, or both (actually Bing is sometimes better)  and see if 
anybody encountered and resolved it. Then based on the result reformulate your search and try again. Often in a couple of hours, 
after digging tons of junk,  you might get to a useful post of blog entry.  



If you run into problem with certificates



Sometimes in enterprise environment you run into problem with certificates. One common situation is when proxy substitutes self-signed 
certificate How to troubleshoot subscription-manager and yum issues 
- Red Hat Customer Portal








 If the communication via proxy is not properly established 
with the correct certificates



The communication is not properly established with the correct certificates:
# curl -v --proxy-user user:password --proxy proxy.example.com:8080 https://subscription.rhn.redhat.com --cacert /etc/rhsm/ca/redhat-uep.pem
* About to connect() to proxy proxy.example.com port 8080 (#0)
*   Trying 10.0.0.1... connected
* Connected to proxy.example.com (10.0.0.1) port 8080 (#0)
* Establish HTTP proxy tunnel to subscription.rhn.redhat.com:443
* Proxy auth using Basic with user 'username'
> CONNECT subscription.rhn.redhat.com:443 HTTP/1.1
> Host: subscription.rhn.redhat.com:443
> Proxy-Authorization: Basic XXEEAA =
> User-Agent: curl/7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 Connection established
< Date: Tue, 03 Jul 2012 13:03:51 GMT
< Age: 2
< Proxy-Connection: Keep-Alive
< Via: 1.0 localhost.localdomain
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: /etc/pki/nssdb
*   CAfile: /etc/rhsm/ca/redhat-uep.pem
  CApath: none
* Peer's certificate issuer is not recognized: 'CN=proxy.example.com,O=My,L=RedHat,ST=South Carolina,C=US'
* NSS error -8179
* Closing connection #0
* Peer certificate cannot be authenticated with known CA certificates
curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.




Diagnostic Steps (from Red Hat)



Find the troubleshooting steps which can help you to find the cause of the issue:


    

   
  • Make sure that the system's time and date is correct to the time and date of the geographical location. 
    • 

   
  • Next thing to do is to unregister and register again the subscription manager - to be sure the server is properly registered 
   using RHSM:
    • 




Unregister the server: 
set -x
# date && subscription-manager --proxy=proxy.example.com:3128 clean
All local data removed

#date && subscription-manager --proxy=proxy.example.com:3128 unsubscribe --all
This machine has been unsubscribed from all subscriptions

# date && subscription-manager --proxy=proxy.example.com:3128 unregister
Consumer 11111111-2222-3333-4444-555555555556 has been deleted




Get the information about the server: 
# date && subscription-manager --proxy=proxy.example.com:3128 facts --list




Register the server:



# date && subscription-manager --proxy=proxy.example.com:3128 register
The system has been registered with id: 11111111-2222-3333-4444-555555555555

# date && subscription-manager --proxy=proxy.example.com:3128 identity
Current identity is: 11111111-2222-3333-4444-555555555555
name: gss01.example.com
org name: 1111111
org id: 11111112222222333333334444444555

date && subscription-manager --proxy=proxy.example.com:3128 subscribe --pool=<PoolId_from_the_previous_command>

#Or use simply:
# date && subscription-manager --proxy=proxy.example.com:3128 list --available
+-------------------------------------------+
    Available Subscriptions
+-------------------------------------------+

ProductName:            Red Hat Enterprise Linux Server, Self-support (1-2 sockets)
                        (Up to 1 guest)
ProductId:              RH0197181                
PoolId:                 11111111111111111111111111111111
Quantity:               10                       
Multi-Entitlement:      No                       
Expires:                01/01/2013               
MachineType:            physical
.
.

# date && subscription-manager --proxy=proxy.example.com:3128 subscribe --auto
Installed Product Current Status:
Product Name:           Red Hat Enterprise Linux Server
Status:                 Subscribed


# date && subscription-manager --proxy=proxy.example.com:3128 list --consumed
+-------------------------------------------+
    Consumed Product Subscriptions
+-------------------------------------------+

Product Name:           Red Hat Enterprise Linux Server
Contract Number:        4444444
Account Number:         333333
Serial Number:          2222222222222222222
Active:                 True                     
Quantity Used:          1                        
Service Level:          None                     
Service Type :          None                     
Begins:                 22/09/11                 
Expires:                01/01/22
.
.
.


# date && subscription-manager --proxy=proxy.example.com:3128 repos --list
+----------------------------------------------------------+
    Entitled Repositories in /etc/yum.repos.d/redhat.repo
+----------------------------------------------------------+
.
.
.
Repo Name:              Red Hat Enterprise Linux 6 Server (RPMs)
Repo Id:                rhel-6-server-rpms       
Repo Url:               https://cdn.redhat.com/content/dist/rhel/server/6/$releasever/$basearch/os
Enabled:                1                        

Repo Name:              Red Hat CloudForms Tools for RHEL 6 (RPMs)
Repo Id:                rhel-6-server-cf-tools-1-rpms
Repo Url:               https://cdn.redhat.com/content/dist/rhel/server/6/$releasever/$basearch/cf-tools/1.0/os
Enabled:                1
.
.



    

   
  • Generate and check the strace:
    • 




yum clean all
export URLGRABBER_DEBUG=1,- 
sed -i.orig 's/debuglevel = 0/debuglevel = 1/g' /usr/lib64/python2.6/httplib.py 
strace -ttT -s1024 -v -o /tmp/yum.update.strace yum -d10 check-update
mv /usr/lib64/python2.6/httplib.py.orig /usr/lib64/python2.6/httplib.py




There should be something like this in the strace:


    

   
  • The system was able to connect to subscription.rhn.redhat.com:443 through the proxy server:
    • 




2012-03-12 10:04:36,002 [DEBUG]  @connection.py:194 - Using proxy: proxy.server.com:3128
2012-03-12 10:04:36,002 [DEBUG]  @connection.py:209 - Making request: GET https://subscription.rhn.redhat.com:443/subscription/consumers/8c1cb059-xxxx-xxxx-xxxx-46025d2b9d35/certificates?serials=50
27624092264466693
2012-03-12 10:04:37,952 [DEBUG]  @connection.py:218 - Response status: 200



    

   
  • The strace of the client's yum attempt shows an initially successful connection to cdn.redhat.com:443 through the proxy proxy.server.com:3128:
    • 




14:59:05.914373 connect(7, {sa_family=AF_INET, sin_port=htons(3128), sin_addr=inet_addr("192.168.0.2")}, 16) = -1 EINPROGRESS (Operation now in progress) <0.000022>
14:59:05.914423 poll([{fd=7, events=POLLOUT|POLLWRNORM}], 1, 29998) = 1 ([{fd=7, revents=POLLOUT|POLLWRNORM}]) <0.000227>
14:59:05.914693 getsockopt(7, SOL_SOCKET, SO_ERROR, [0], [4]) = 0 <0.000017>
14:59:05.914749 sendto(7, "CONNECT cdn.redhat.com:443 HTTP/1.1\r\nHost: cdn.redhat.com:443\r\nUser-Agent: urlgrabber/3.9.1 yum/3.2.29\r\nProxy-Connection: Keep-Alive\r\n\r\n", 136, MSG_NOSIGNAL, NU
LL, 0) = 136 <0.000012>
14:59:05.914794 poll([{fd=7, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 1000) = 1 ([{fd=7, revents=POLLIN|POLLRDNORM}]) <0.231993>
14:59:06.146848 recvfrom(7, "HTTP/1.0 200 Connection established\r\n\r\n", 16384, 0, NULL, NULL) = 39 <0.000024>





curl --head --key /etc/pki/entitlement/4790939584130415916-key.pem -E /etc/pki/entitlement/4790939584130415916.pem -k https://cdn.redhat.com/content/dist/rhel/server/5/5Server/x86_64/cf-tools/1.0/os/repodata/repomd.xml -x proxy.example.com:3128 --verbose -H "Cache-control: no-cache" -H "Pragma: no-cache" --cacert /etc/rhsm/ca/redhat-uep.pem
* About to connect() to proxy proxy.example.com port 3128 (#0)                                                                                                                                              
*   Trying 10.0.0.1... connected                                                                                                                                                                            
* Connected to proxy.example.com (10.0.0.1) port 3128 (#0)                                                                                                                                               
* Establish HTTP proxy tunnel to cdn.redhat.com:443                                                                                                                                                            
> CONNECT cdn.redhat.com:443 HTTP/1.1                                                                                                                                                                          
> Host: cdn.redhat.com:443                                                                                                                                                                                     
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2                                                                                           
> Proxy-Connection: Keep-Alive                                                                                                                                                                                 
>                                                                                                                                                                                                              
< HTTP/1.0 200 Connection established                                                                                                                                                                          
<                                                                                                                                                                                                              
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: /etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* NSS: client certificate: PEM Token #1:5027624092264466693.pem
*       subject: CN=8a85f98435edb09d01360626e0924712
*       start date: Jan 01 05:00:00 2012 GMT
*       expire date: Jan 01 04:59:59 2013 GMT
*       common name: 8a85f98435edb09d01360626e0924712
*       issuer: [email protected],CN=Red Hat Candlepin Authority,OU=Red Hat Network,O="Red Hat, Inc.",ST=North Carolina,C=US
* SSL connection using TLS_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
*       subject: CN=cdn.redhat.com,OU=IT,O="Red Hat, Inc.",L=Raleigh,ST=NORTH CAROLINA,C=US
*       start date: Jul 19 16:16:14 2010 GMT
*       expire date: Jul 16 16:16:14 2020 GMT
*       common name: cdn.redhat.com
*       issuer: [email protected],CN=Red Hat Entitlement Operations Authority,OU=Red Hat Network,O="Red Hat, Inc.",ST=North Carolina,C=US
> GET /content/dist/rhel/server/5/5Server/x86_64/cf-tools/1.0/os/repodata/repomd.xml HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: cdn.redhat.com
> Accept: */*
> 
< HTTP/1.1 200 OK



    

   
  • Without proxy using openssl:
    • 

openssl s_client -port 443 -CApath /etc/pki/entitlement/ -host cdn.redhat.com -prexit -cert 6666666666666666666.pem -key 6666666666666666666-key.pem
CONNECTED(00000003)
depth=1 C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Red Hat Entitlement Operations Authority, emailAddress = [email protected]
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=NORTH CAROLINA/L=Raleigh/O=Red Hat, Inc./OU=IT/CN=cdn.redhat.com
   i:/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/[email protected]
 1 s:/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/[email protected]
   i:/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=Entitlement Master CA/[email protected]
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIENjCCAh6gAwIBAgIBJzANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMCVVMx
FzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMu
MRgwFgYDVQQLDA9SZWQgSGF0IE5ldHdvcmsxMTAvBgNVBAMMKFJlZCBIYXQgRW50
aXRsZW1lbnQgT3BlcmF0aW9ucyBBdXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFWNh
LXN1cHBvcnRAcmVkaGF0LmNvbTAeFw0xMDA3MTkxNjE2MTRaFw0yMDA3MTYxNjE2
MTRaMHYxCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5OT1JUSCBDQVJPTElOQTEQMA4G
A1UEBxMHUmFsZWlnaDEWMBQGA1UEChMNUmVkIEhhdCwgSW5jLjELMAkGA1UECxMC
SVQxFzAVBgNVBAMTDmNkbi5yZWRoYXQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDcVN7OoMTenrvBx2GEdW+t5GYaWd/rg2dyFooyItr+snRgyTkeBQOL
ZmvGH/VbwQxrUmDCWnaxWX84hcZMn0xIEEOu/OdsRzrDdhBmsWTRRkabucJVg7BW
Zu89vATSpjZ+hCp/J+67ZNscuMqI7GzFG6A7KOgMRehg4pbgIR2sFwIDAQABoxcw
FTATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAgEAZxzgeGbE
YHpzqu0g+IAaTRIQ53xrRWy0PFqaeD9aRmJoqnjHJiYXguNsHcIY7el082RgxONf
hP2k4iE2Rcxo7MA3OiBEG7CvM73oLo94BhLKy/Ytbcut1K0WH1Q8hY3jIdk76sfM
yX2bFgFAHAbBcZFOAhvdaNrzxSFcX+WGvTMhvuXq4u3dRQJlG9QFG/d8Xx247G5e
rnRlBy23RHAqYVDs1bx2SA/SLx0WCUkuBgh7O8aFGam73ynVW5RosTtX5tw2L68I
JCknBfSEtJIMwJVv+OwMhV6EBydorEZkPZO0Q/3c/wNmp9VfjnfMybb+hyS8NP1T
zP2ewQvVwFv8yZYfNIXQCH3YGFXwtG0x1uKcgHQNpf53bvOqQy2DL76/QzEfya63
KVmomyyGX74v3fNytYOTVSRRCS4NoIzb+9oAIuHgLkgQyADfUDsIsk/DwM8oduq1
4n832s2DUJEZA1czt2ZdJXSfas3syP5BtsjaFPdUInqVLRAvC7hmj61GtnehTKx0
SYxs4ijC7SeXckE9vaO5hr6GcAYNzv/pvZ5DB6FBdzmeyX1lpUz/xn8Gc4xhM9lA
L5eQ180iMiLjbX9MAUayJLecwd49W3fQ1gbBkR6xTwy+gveRXJ+M1fxot+FUhV5v
Lt0DgnVbXOn0l4R5oZVv7k3iVBSPaDe4Dlc=
-----END CERTIFICATE-----
subject=/C=US/ST=NORTH CAROLINA/L=Raleigh/O=Red Hat, Inc./OU=IT/CN=cdn.redhat.com
issuer=/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/[email protected]
---
Acceptable client certificate CA names
/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Entitlement Operations Authority/[email protected]
/C=US/ST=North Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=Entitlement Master CA/[email protected]
/C=US/ST=North Carolina/O=Red Hat, Inc./OU=Red Hat Network/CN=Red Hat Candlepin Authority/[email protected]
---
SSL handshake has read 3693 bytes and written 100396 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 4EF45E40519DD86B56C5D62938E42B2ACB85F421F1B4853E607BE42738047A31
    Session-ID-ctx: 
    Master-Key: 7E3E5B2F9E2C257D76EB23E3477C67423761D7B843068EA95A43D3749D5464A52040F85635E3D8113F3D01A60E1AFEB4
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1345283601
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---



Testing connectivity to subscription.rhn.redhat.com



Here are the Red Hat recommendations: 




   
Verifying the machine can connect to subscription.rhn.redhat.com 

   
    

      
  • with curl:
    • 
   


   
$ curl -v -k https://subscription.rhn.redhat.com/subscription/ --cacert /etc/rhsm/ca/redhat-uep.pem
* About to connect() to subscription.rhn.redhat.com port 443 (#0)
*   Trying 10.4.127.49... connected
* Connected to subscription.rhn.redhat.com (10.4.127.49) port 443 (#0)
...
* Closing connection #0
[{"rel":"consumers","href":"/consumers"},{"rel":"distributor_versions","href":"/distributor_versions"},{"rel":"entitlements","href":"/entitlements"},{"rel":"hypervisors","href":"/hypervisors"},{"rel":"jobs","href":"/jobs"},{"rel":"owners","href":"/owners"},{"rel":"pools","href":"/pools"},{"rel":"products","href":"/products"},{"rel":"subscriptions","href":"/subscriptions"},{"rel":"users","href":"/users"}]


   
    

      
  • Or with openssl s_client:
    • 
   


   
$ openssl s_client -port 443 -CApath /etc/rhsm/ca/redhat-uep.pem -host subscription.rhn.redhat.com
CONNECTED(00000003)
depth=2 C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = [email protected]
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
...

    Start Time: 1397793816
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---






Then type in this:



GET /subscription/



... to get this output:



[{"rel":"consumers","href":"/consumers"},{"rel":"distributor_versions","href":"/distributor_versions"},{"rel":"entitlements","href":"/entitlements"},{"rel":"hypervisors","href":"/hypervisors"},{"rel":"jobs","href":"/jobs"},{"rel":"owners","href":"/owners"},{"rel":"pools","href":"/pools"},{"rel":"products","href":"/products"},{"rel":"subscriptions","href":"/subscriptions"},{"rel":"users","href":"/users"}]closed




Or testing basic connectivity when you have a consumer cert and key, and where RHNUSERNAME is your customer portal login:



# curl --key /etc/pki/consumer/key.pem --cert /etc/pki/consumer/cert.pem --cacert redhat-uep.pem https://subscription.rhn.redhat.com/subscription/users/RHNUSERNAME/owners






   

      
      

      Top Visited

      
      		
      Switchboard
   

   

      Latest
   

   

      
      
      Past week
   

   

      
      
      Past month
   











NEWS CONTENTS



Old News ;-) 











[Mar 11, 2019] How to enable repository  using subscription-manager in RHEL - Kernel Talks 





Mar 08, 2019 |  kerneltalks.com  

 


How to enable repository using subscription-manager in RHEL


Published:

            February 20, 2018
 | Modified:

            March 8, 2018
 | 10344 views




In this article we will walk you through step by step process to enable Red Hat repository in RHEL fresh installed server.

... ... ...



root@kerneltalks # subscription-manager register
Registering to: subscription.rhsm.redhat.com:443/subscription
Username: [email protected]
Password:
Network error, unable to connect to server. Please see /var/log/rhsm/rhsm.log for more information.



If you are getting above error then your server is not able to reach RedHat. Check internet connection & if you are able to 
resolve site names. Sometimes even if you are able to ping subscription server, you will see this error. This might be because of 
you have the proxy server in your environment. In such case, you need to add its details in file /etc/rhsm/rhsm.conf. Below proxy 
details should be populated :



# an http proxy server to use
proxy_hostname =

# port for http proxy server
proxy_port =

# user name for authenticating to an http proxy, if needed
proxy_user =

# password for basic http proxy auth, if needed
proxy_password =

# an http proxy server to use
proxy_hostname =

# port for http proxy server
proxy_port =

# user name for authenticating to an http proxy, if needed
proxy_user =

# password for basic http proxy auth, if needed
proxy_password =



Once you are done, recheck if subscription-manager taken up new proxy details by using below command –



root@kerneltalks # subscription-manager config

[server]

hostname = [subscription.rhsm.redhat.com]

insecure = [0]

port = [443]

prefix = [/subscription]

proxy_hostname = [kerneltalksproxy.abc.com]

proxy_password = [asdf]

proxy_port = [3456]

proxy_user = [user2]

server_timeout = [180]

ssl_verify_depth = [3]


[rhsm]

baseurl = [https://cdn.redhat.com]

ca_cert_dir = [/etc/rhsm/ca/]

consumercertdir = [/etc/pki/consumer]

entitlementcertdir = [/etc/pki/entitlement]

full_refresh_on_yum = [0]

manage_repos = [1]

pluginconfdir = [/etc/rhsm/pluginconf.d]

plugindir = [/usr/share/rhsm-plugins]

productcertdir = [/etc/pki/product]

repo_ca_cert = /etc/rhsm/ca/redhat-uep.pem

report_package_profile = [1]

[rhsmcertd]

autoattachinterval = [1440]

certcheckinterval = [240]

[logging]

default_log_level = [INFO]


[] - Default value in use
Now, try registering your system again.




... ... ... 























[Mar 09, 2019 ] Register Red Hat 
7 using Subscription Manager via Proxy by Grzegorz Juszczak 




   
March 9, 2016 |
   tuxfixer.com
   


   
Set HTTP Proxy for Red Hat Subscription Manager


   
Use the following syntax:


   
[root@tuxfixer ~]# subscription-manager config --server.proxy_hostname=(proxy_server_ip) --server.proxy_port=(proxy_server_port)


   
Example:


   
[root@tuxfixer ~]# subscription-manager config --server.proxy_hostname=85.254.112.20 --server.proxy_port=8080


   
2. Register Red Hat 7 using your Red Hat credentials and automatically attach Red Hat repository


   
Use the following syntax:


   
[root@tuxfixer ~]# subscription-manager register --username (your_username) --password (your_password) --auto-attach


   
Example:


   
[root@tuxfixer ~]# subscription-manager register --username [email protected] --password tuxfixer_sec_pass --auto-attach

The system has been registered with ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Installed Product Current Status:
Product Name: Red Hat Enterprise Linux Server
Status:       Subscribed


   
3. (Optional) Enable additional Red Hat Channels to obtain additional packages


   
Red Hat Optional Channel:


   
[root@tuxfixer ~]# subscription-manager repos --enable rhel-7-server-optional-rpms


   
Red Hat Extras Channel:


   
[root@tuxfixer ~]# subscription-manager repos --enable rhel-7-server-extras-rpms















[SOLVED] Redhat Subscription Manager for RHEL 6




   
yohey03

   


      
Good day to Linuxquestions.org community,


      I want to ask Redhat Subscription Manager registration.

      I register one of my RHEL6 Virtual Machine registration on Redhat.


      I first Used to RHN Registration,I registered and choose to RHN Classic

      and prompt that the this system is registered to RHN Classic.


      However,I checked the Subscription Manager and Found out this message(please see attached file).

      it indicates that my machine is registered to RHN Classic but on below,

      there's a question mark and unknown on the status.


      
Also the Products Subscription Details is not registered.


      Thank you for your kindness...

   


   
Chetansingh

   


      
As per redhat, from version 6 always use subscription-manager to register your machine.


      
You can do one thing, unregister your machine via rhn classic and then register it via subscription-manager.


      rm /etc/sysconfig/rhn/systemid

      subscription-manager register


      or you can migrate to rhsm via below command 

      rhn-migrate-classic-to-rhsm


      

      yum install subscription-manager-migration subscription-manager-migration-data

      rhn-migrate-classic-to-rhsm

      cd /etc/sysconfig/rhn

      mv systemid rhnclassic.systemid

      rm /etc/sysconfig/rhn/systemid

      subscription-manager register

   


   
GaWdLy

   


      
Most registration data isn't worth keeping, so I would just run '# subscription-manager register --force' and you will re-register 
      with RHSM.

   


   
Chetansingh

   


      
Before running force register, we need to remove the system from rhn classic, then only we would be able to add it to subscription-manager

   


   
yohey03

   


      
Hi To All,


      My Problem was solved!Thanks to all of you

      especially to "Chetansingh" ,thank you very much for

      providing this solution. 

 

   





Recommended Links





	


Google matched content








Softpanorama Recommended




Top articles
Sites



Top articles



Sites



How to register and subscribe a system to the Red Hat Customer 
Portal using Red Hat Subscription Management (RHSM)




RedHat Subscription Manager  (Unix 
In Depth)



How to enable repository 
using subscription-manager in RHEL - Kernel Talks (Mar 8, 2018)



Best practice for RHSM 
and VMWare templates redhat



POC rhn to rhsm migration script (derived from 
katello-client-bootstrap) · GitHub







Etc



Society





Groupthink :
Two Party System 
as Polyarchy : 

Corruption of Regulators :
Bureaucracies :
Understanding Micromanagers 
and Control Freaks : Toxic Managers :  
Harvard Mafia :
Diplomatic Communication 
: Surviving a Bad Performance 
Review : Insufficient Retirement Funds as 
Immanent Problem of Neoliberal Regime : PseudoScience :
Who Rules America :
Neoliberalism
 : The Iron 
Law of Oligarchy : 
Libertarian Philosophy





Quotes





 
War and Peace 
: Skeptical 
Finance : John 
Kenneth Galbraith :Talleyrand :
Oscar Wilde :
Otto Von Bismarck :
Keynes :
George Carlin :
Skeptics :
Propaganda  : SE 
quotes : Language Design and Programming Quotes :
Random IT-related quotesSomerset Maugham :
Marcus Aurelius :
Kurt Vonnegut :
Eric Hoffer :
Winston Churchill :
Napoleon Bonaparte :
Ambrose BierceBernard Shaw : 
Mark Twain Quotes





Bulletin:






Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient 
markets hypothesis :

Political Skeptic Bulletin, 2013 :

Unemployment Bulletin, 2010 :
 Vol 23, No.10 
(October, 2011) An observation about corporate security departments :

Slightly Skeptical Euromaydan Chronicles, June 2014 :

Greenspan legacy bulletin, 2008 :
Vol 25, No.10 (October, 2013) Cryptolocker Trojan 
(Win32/Crilock.A) :
Vol 25, No.08 (August, 2013) Cloud providers 
as intelligence collection hubs : 

Financial Humor Bulletin, 2010 :

Inequality Bulletin, 2009 :

Financial Humor Bulletin, 2008 :
Copyleft Problems 
Bulletin, 2004 :

Financial Humor Bulletin, 2011 :

Energy Bulletin, 2010 : 
Malware Protection Bulletin, 2010 : Vol 26, 
No.1 (January, 2013) Object-Oriented Cult :

Political Skeptic Bulletin, 2011 :
Vol 23, No.11 (November, 2011) Softpanorama classification 
of sysadmin horror stories : Vol 25, No.05 
(May, 2013) Corporate bullshit as a communication method  : 
Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law





History:





Fifty glorious years (1950-2000): 
the triumph of the US computer engineering :
Donald Knuth : TAoCP 
and its Influence of Computer Science : Richard Stallman 
: Linus Torvalds  :
Larry Wall  :
John K. Ousterhout : 
CTSS : Multix OS Unix 
History : Unix shell history :
VI editor :
History of pipes concept :
Solaris : MS DOSProgramming Languages History :
PL/1 : Simula 67 :
C :
History of GCC developmentScripting Languages :
Perl history   :
OS History : Mail :
DNS : SSH 
: CPU Instruction Sets :
SPARC systems 1987-2006 :
Norton Commander :
Norton Utilities :
Norton Ghost :
Frontpage history :
Malware Defense History :
GNU Screen : 
OSS early history





Classic books:





The Peter 
Principle : Parkinson 
Law : 1984 :
The Mythical Man-MonthHow to Solve It by George Polya :
The Art of Computer Programming :
The Elements of Programming Style :
The Unix Hater’s Handbook :
The Jargon file :
The True Believer :
Programming Pearls :
The Good Soldier Svejk : 
The Power Elite





Most popular humor pages:






Manifest of the Softpanorama IT Slacker Society :
Ten Commandments 
of the IT Slackers Society : Computer Humor Collection 
: BSD Logo Story :
The Cuckoo's Egg :
IT Slang : C++ Humor 
: ARE YOU A BBS ADDICT? :
The Perl Purity Test :
Object oriented programmers of all nations 
: Financial Humor :
Financial Humor Bulletin, 
2008 : Financial 
Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related 
Humor : Programming Language Humor :

Goldman Sachs related humor :

Greenspan humor : C Humor :
Scripting Humor :
Real Programmers Humor :
Web Humor : GPL-related Humor 
: OFM Humor :
Politically Incorrect Humor :
IDS Humor : 
"Linux Sucks" Humor : Russian 
Musical Humor : Best Russian Programmer 
Humor : Microsoft plans to buy Catholic Church 
: Richard Stallman Related Humor :
Admin Humor : Perl-related 
Humor : Linus Torvalds Related 
humor : PseudoScience Related Humor :
Networking Humor :
Shell Humor :
Financial Humor Bulletin, 
2011 : Financial 
Humor Bulletin, 2012 :
Financial Humor Bulletin, 
2013 : Java Humor : Software 
Engineering Humor : Sun Solaris Related Humor :
Education Humor : IBM 
Humor : Assembler-related Humor :
VIM Humor : Computer 
Viruses Humor : Bright tomorrow is rescheduled 
to a day after tomorrow : Classic Computer 
Humor 





The Last but not Least  Technology is dominated by 
two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. 
Ph.D






Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org 
was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) 
without any remuneration. This document is an industrial compilation designed and created exclusively 
for educational use and is distributed under the Softpanorama Content License. 
Original materials copyright belong 
to respective owners. Quotes are made for educational purposes only 
in compliance with the fair use doctrine.  




FAIR USE NOTICE This site contains 
		copyrighted material the use of which has not always been specifically 
		authorized by the copyright owner. We are making such material available 
		to advance understanding of computer science, IT technology, economic, scientific, and social  
		issues. We believe this constitutes a 'fair use' of any such 
		copyrighted material as provided by section 107 of the US Copyright Law according to which 
such material can be distributed without profit exclusively for research and educational purposes.



This is a Spartan WHYFF (We Help You For Free) 
site written by people for whom English is not a native language. Grammar and spelling errors should 
be expected. The site contain some broken links as it develops like a living tree...














You can use PayPal to to buy a cup of coffee for authors 
of this site 






Disclaimer: 



The statements, views and opinions presented on this web page are those of the author (or 
referenced source) and are 
not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness 
of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be 
tracked by Google please disable Javascript for this site. This site is perfectly usable without 
Javascript. 





Last modified: October, 24, 2019