Managing activation keys
Activation keys provide a method to automate system registration. You can create multiple keys and associate them with different environments and content views. For example, you might create a basic activation key that enables certain Red Hat repositories and associate it with the appropriate content view.
You can use activation keys during content host registration to improve the speed, simplicity and consistency of the process. Note that activation keys are used only when hosts are registered. If changes are made to an activation key, it is applicable only to hosts that are registered with the amended activation key in the future. The changes are not made to existing hosts.
Activation keys can define the following properties for content hosts:
-
Available products and repositories
-
A lifecycle environment and a content view
-
Host collection membership
-
System purpose
When you provision a host, orcharhino uses provisioning templates and other content from the content view that you set in the host group or host settings. When the host is registered, the content view from the activation key overwrites the original content view from the host group or host settings. Then orcharhino uses the content view from the activation key for every future task, for example, rebuilding a host.
When you rebuild a host, ensure that you set the content view that you want to use in the activation key and not in the host group or host settings.
A host can be associated with multiple activation keys that are combined to define the host settings. In case of conflicting settings, the last specified activation key takes precedence. You can specify the order of precedence by setting a host group parameter as follows:
$ hammer hostgroup set-parameter \ --hostgroup "My_Host_Group" \ --name "My_Activation_Key" \ --value "name_of_first_key", "name_of_second_key", ...
Best practices for activation keys
-
Create an activation key for each use case. This structures, modularizes, and simplifies content management on hosts.
-
Use a naming convention for activation keys to indicate the content and lifecycle environment, for example,
red_hat_enterprise_linux-webserver
. -
Automate activation key management by using a Hammer script or an Ansible Playbook.
Creating an activation key
Create an activation key to assign various attributes to hosts during registration.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Activation Keys and click Create Activation Key.
-
In the Name field, enter the name of the activation key.
-
If you want to set a limit, clear the Unlimited hosts checkbox, and in the Limit field, enter the maximum number of systems you can register with the activation key. If you want unlimited hosts to register with the activation key, ensure the Unlimited Hosts checkbox is selected.
-
Optional: In the Description field, enter a description for the activation key.
-
From the Environment list, select the environment to use.
-
From the Content View list, select a content view to use.
-
Click Save.
-
Optional: In the System Purpose section, you can configure the activation key to set system purpose attributes on hosts during registration. This helps determine which repositories are available on the host. It also helps with reporting in the Subscriptions service of the Red Hat Hybrid Cloud Console.
-
Create the activation key:
# hammer activation-key create \ --name "My_Activation_Key" \ --unlimited-hosts \ --description "Example Stack in the Development Environment" \ --lifecycle-environment "Development" \ --content-view "Stack" \ --organization "My_Organization"
-
Optional: Enter the following command to configure the activation key with system purpose attributes to set on hosts during registration. This helps determine which repositories are available on the host. It also helps with reporting in the Subscriptions service of the Red Hat Hybrid Cloud Console.
# hammer activation-key update \ --organization "My_Organization" \ --name "My_Activation_Key" \ --service-level "Standard" \ --purpose-usage "Development/Test" \ --purpose-role "Red Hat Enterprise Linux" \ --purpose-addons "addons"
-
List the product content associated with the activation key:
# hammer activation-key product-content \ --content-access-mode-all true \ --name "My_Activation_Key" \ --organization "My_Organization"
-
Override the default auto-enable status for the orcharhino Client for Red Hat Enterprise Linux repository. The default status is set to disabled. To enable, enter the following command:
# hammer activation-key content-override \ --name "My_Activation_Key" \ --content-label orcharhino Client \ --value 1 \ --organization "My_Organization"
Using activation keys for host registration
You can use activation keys to complete the following tasks:
-
Registering new hosts during provisioning through orcharhino. The kickstart provisioning templates in orcharhino contain commands to register the host using an activation key that is defined when creating a host.
-
Registering existing Red Hat Enterprise Linux hosts.
You can register hosts with orcharhino using the host registration feature in the orcharhino management UI, Hammer CLI, or the orcharhino API. For more information, see Registering Hosts in Managing Hosts.
-
In the orcharhino management UI, navigate to Hosts > Register Host.
-
From the Activation Keys list, select the activation keys to assign to your host.
-
Click Generate to create the registration command.
-
Click on the files icon to copy the command to your clipboard.
-
Connect to your host using SSH and run the registration command.
-
Ensure that the appropriate repositories have been enabled:
-
On Red Hat Enterprise Linux: Check the
/etc/yum.repos.d/redhat.repo
file and ensure that the appropriate repositories have been enabled.
-
-
Generate the host registration command using the Hammer CLI:
# hammer host-registration generate-command \ --activation-keys "My_Activation_Key"
If your hosts do not trust the SSL certificate of orcharhino Server, you can disable SSL validation by adding the
--insecure
flag to the registration command.# hammer host-registration generate-command \ --activation-keys "My_Activation_Key" \ --insecure true
-
Connect to your host using SSH and run the registration command.
-
Ensure that the appropriate repositories have been enabled:
-
On Red Hat Enterprise Linux: Check the
/etc/yum.repos.d/redhat.repo
file and ensure that the appropriate repositories have been enabled.
-
-
Generate the host registration command using the orcharhino API:
# curl -X POST https://orcharhino.example.com/api/registration_commands \ --user "My_User_Name" \ -H 'Content-Type: application/json' \ -d '{ "registration_command": { "activation_keys": ["My_Activation_Key_1, My_Activation_Key_2"] }}'
If your hosts do not trust the SSL certificate of orcharhino Server, you can disable SSL validation by adding the
--insecure
flag to the registration command.# curl -X POST https://orcharhino.example.com/api/registration_commands \ --user "My_User_Name" \ -H 'Content-Type: application/json' \ -d '{ "registration_command": { "activation_keys": ["My_Activation_Key_1, My_Activation_Key_2"], "insecure": true }}'
Use an activation key to simplify specifying the environments. For more information, see Managing Activation Keys in Managing Content.
To enter a password as a command line argument, use
username:password
syntax. Keep in mind this can save the password in the shell history. Alternatively, you can use a temporary personal access token instead of a password. To generate a token in the orcharhino management UI, navigate to My Account > Personal Access Tokens. -
Connect to your host using SSH and run the registration command.
-
Ensure that the appropriate repositories have been enabled:
-
On Red Hat Enterprise Linux: Check the
/etc/yum.repos.d/redhat.repo
file and ensure that the appropriate repositories have been enabled.
-
You can use multiple activation keys when registering a content host. For example, you can use one activation key to enable specific repositories and another to assign a content view and lifecycle environment.
If there are conflicting settings in activation keys, the rightmost key takes precedence.
-
Settings that conflict: Service Level, Release Version, Environment, Content View, and Product Content.
-
Settings that do not conflict and the host gets the union of them: Host Collections.
-
Settings that influence the behavior of the key itself and not the host configuration: Content Host Limit.
Setting the service level
You can configure an activation key to define a default service level for the new host created with the activation key.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Activation Keys.
-
Click the activation key name you want to edit.
-
Click the edit icon next to Service Level.
-
Select the required service level from the list. The list only contains service levels available to the activation key.
-
Click Save.
-
Set the service level to Premium on your activation key:
# hammer activation-key update \ --name "My_Activation_Key" \ --organization "My_Organization" \ --service-level premium
You can only select a Premium service level if your Red Hat manifest contains premium support for any Red Hat products. |
Enabling and disabling repositories on activation key
You can enable or disable repositories on an activation key in the orcharhino management UI.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Activation Keys.
-
Select an activation key.
-
Select the Repository Sets tab.
-
Optional: Clear the Limit to Environment checkbox to view repositories that are available in the lifecycle environment of the activation key.
-
Optional: Use the Repository type dropdown menu to filter repositories by type.
-
Optional: Use the Status dropdown menu to filter repositories by status.
-
Select the desired repositories or click the Select All checkbox to select all repositories.
-
From the Select Action list, select Override to Enabled, Override to Disabled, or Reset to Default.
The text and illustrations on this page are licensed by ATIX AG under a Creative Commons Attribution Share Alike 4.0 International ("CC BY-SA 4.0") license. This page also contains text from the official Foreman documentation which uses the same license ("CC BY-SA 4.0"). |