How To Use Subscription Manager To Register

Softpanorama May the source exist with you, but remember the KISS principle ;-)	Domicile	Switchboard	Unix Administration	Blood-red Hat	TCP/IP Networks	Neoliberalism	Toxic Managers
	(slightly skeptical) Educational society promoting "Dorsum to nuts" movement against IT overcomplexity and bastardization of classic Unix

Registering a server using Ruby-red Hat Subscription Manager (RHSM)

News	RHEL subscription management	Recommended Books	Recommended Links	Migrating systems from RHN to RHNSM	Registering a server using Red Lid Subscription Managing director (RHSM)	Redhat Networking	Unix A dministration
RHEL4 registration	RHEL5 registration on proxy protected network	RHEL6 registration on proxy protected network	Oracle Linux Registration	Xinetd	How to change IP address in RHEL	Sense of humour	Etc

Introduction
Checklist for consistency of your setting
If y'all are an unlucky guy who dwell backside proxy with an authoritarian firewall administrator
Registering your server on Ruddy Chapeau Subscription Direction Portal
- Attach the necessary puddle
- Subscribe to the necessary channels/repositories
- Enabling repo
Troubleshooting
- If yous run into problem with certificates
- If the communication via proxy is not properly established with the correct certificates
- Diagnostic Steps (from Cerise Lid)
- Testing connectivity to subscription.rhn.redhat.com

Introduction

"New" subscription system (RHSM) is slightly better then RHN for big organizations. It allows to assign specific license to specific box and list the current status of licensing. But like RHN information technology requires to use proxy setting in configuration file, it does not take them from the environment. If the visitor has several proxies and y'all have mismatch you tin be royally screwed. In general yous need always to cheque consistently of your environment with conf file settings using

The level of agreement of proxies surround by RHEL tech support is basic of worse, so they are using the database of manufactures instead of actually troubleshooting based on sosreport data. Moreover each day there might a new person working on your ticket, so at that place no continuity. RHEL System Registration Guide (https://access.redhat.com/articles/737393) is weak and does not cover more than circuitous cases and typical mishaps.

NOTE: An update to subscription-manager packages and dependencies is required for Blood-red Chapeau Enterprise Linux lower then 6.ane or v.viii to annals successfully. See manually updating subscription-manager earlier proceeding.

But there are a log of gotchas, peculiarly if server moved from one datacenter to another in proxies environment and proxy accept changed.

If your system supports RHSM you can jump to Registering your server on Red Hat Subscription Management Portal

If you are lucky you lot need to result just a half dozen commands to annals the server and, optionally, enable additional repositories. The three key command that do the job are every bit post-obit:

        subscription-director register --username                  subscription-managing director list --available --all  subscription-manager attach --puddle=8a85........0f

If you attached wrong poll (happens, if, for case, y'all use HPC licenses and assigned such a license to regular server) you can remove it using the command

subscription-director remove --pool=8a85........0f

After that you need to enable additional repos, if you need them (the key repo with patches and packages typically is enabled by default when you attach the puddle)

        subscription-manager repos --enable rhel-7....

Checklist for consistency of your setting

This is a circuitous and not well documented subsystem. And so sometimes yous encounter problem and can't register the server. The consistency of your settings is the kickoff area to verity. The nearly important of them you tin bank check by checking the content of /etc/rhsm/rhsm.conf and the output of the command subscription-managing director config (run into below)

Using different settings, especially proxy settings, in dissimilar places is that most common trouble. Here are some steps that might help:

i. Cheque if /etc/rhsm/rhsm.conf contains right entries that are the same as in /etc/yum/conf and /etc/sysconfig/proxy setting of environment variables (if whatsoever)

ii. Make clean Red Hat repositories definition in /etc/yum.repos.d directory. I am not certain that there is a yum command for that then you need to do information technology manually.

iii. Clean all other yum settings. From the yum transmission:

"CLEAN OPTIONS
The post-obit are the ways which yous tin invoke yum in make clean mode.

yum make clean packages

Eliminate any cached packages from the system. Note that packages are non automatically deleted after they are downloaded.

yum make clean headers

Eliminate all of the files which yum uses to determine the remote availability of packages. Using this option will force yum to download all the headers the adjacent time it is run.

yum clean all

Runs yum clean packages and yum clean headers every bit above."

The "yum clean all" command will not only remove cached packages, only also any headers. You need affluent out everything in case there are obsolete headers

Now subscribe to bachelor repos again:

# yum repolist all # ( to run into all available repositories )

Now you can see to what repositories you are subscribed and if you wish what repositories are bachelor for subscription.

To enable it, you need to utilise the command

yum-config-manager --enable        <the_name_of_repository>

subscription-director repos --enable        <the_name_of_repository>

For example:

yum-config-director --enable rhel-6-server-extras-rpms

subscription-manager repos --enable rhel-6-server-extras-rpms

If you are an unlucky guy who dwell backside proxy with an authoritarian firewall administrator

If you are backside proxy y'all demand first to edit /etc/rhsm/rhsm.conf as follows:

        # an http proxy server to apply (enter server FQDN) proxy_hostname =  # port for http proxy server proxy_port =  # user proper noun for authenticating to an http proxy, if needed proxy_user =  # password for basic http proxy auth, if needed proxy_password =

Important: While this sucker will accept the proxy in the form http://yourproxy.yourdomain.com this will cause troubles. You lot need to specify server without http:// prefix

You should not put prefix http:// into proxy server specification in /etc/rhsm/rhsm.conf This is like shooting fish in a barrel to do, frequent and nasty error if you copy the setting from environment variable. RHEL diagnostic for this fault is abysmal

Those giants of system programming even manage to embed proxy settings from /etc/rhsm/rhsm.conf into yum file /etc/yum.repos.d/redhat.repo, so the proxy value is taken from this file. Not from your /etc/yum.conf settings, as you would expect. Moreover this is washed without whatsoever elementary checks for consistency: if yous make a pretty innocent mistake and specify proxy setting in /etc/rhsm/rhsm.conf as

proxy = http://yourproxy.yourdomain.com

The Crimson Hat registration manager will have this and will work file. But for yum to work properly /etc/rhsm/rhsm.conf proxy specification requires just DNS name without prefix http:// or https:// -- prefix https volition exist added blindly (and that's wrong) in redhat.repo without checking if yous specified http:// (or https://) prefix or non. This SNAFU will lead to generation in redhat.repo the proxy statement of the form https://http://yourproxy.yourdomain.com

At this point you are up for a nasty surprise -- yum will not work with any Redhat repository and there is no any meaningful diagnostic messages. Looks like RHEL managers are iether engaged in binge drinking, or sentinel too much porn on the job ;-).

In add-on if your proxy is really restrictive, you need to submit a ticket to open the following host names and ports on the approachable network firewall to enable yum and subscription-director to sync Satellite Server to Red Chapeau Satellite vi repositories:

subscription.rhn.redhat.com:443 [https]
cdn.redhat.com:443 [https]
*.akamaiedge.internet:443 [https] OR *.akamaitechnologies.com:443 [https]

Information technology is not recommended to specify the IP addresses considering the packages are distributed through the Akamai network and the IP addresses are subject field to change. However, if your firewall is unable to utilise host proper noun filtering, Red Hat provides a pool of IP addresses that should provide CDN commitment.

NOTE: If the system is behind an HTTP proxy, recheck entries as if you make a fault, for example in the proxy_hostname field it volition be propagated down stream into /etc/yum-repos.d directory and create hard to troubleshoot error.

Here is an instance:

        # an http proxy server to employ (enter server FQDN) proxy_hostname = companyproxy.mycompany.com  # port for http proxy server proxy_port = 8080  # user proper noun for authenticating to an http proxy, if needed proxy_user = joeuser  # password for basic http proxy auth, if needed proxy_password = my-wife-linda

Registering your server on Red Hat Subscription Management Portal

With RHSM registration is a two footstep process: first you need to register server and then assign the subscription to it.

To register interactively with the Crimson Hat Subscription Direction Portal service, run:

        subscription-managing director register --username <username> --password <password>

To very that the server is fastened to the pool

subscription-manager list

To list all available subscriptions, run:

subscription-manager listing --bachelor --all

This showtime task is to run subscription manager with register option, just has a caveat (see to a higher place) if you have a proxy (encounter also How to access Blood-red Hat Subscription Manager (RHSM) through a firewall or proxy - Red Lid Customer Portal

        # subscription-director register Username: <redacted> Password: The system has been registered with ID: 293d8a12-15cd-43fc-be7d-447aa4999bfe

Adhere the necessary pool

Now the system registered, but with no gear up of repositories assigned (repository puddle or only pool).

First we tin see what polls are available. In other words what your subscriptions are not expired.

        # subscription-managing director list --all --available  Subscription Proper noun:   Red Lid Enterprise Linux Server, Premium (Physical or Virtual Nodes) Provides:            Red Hat S-JIS Support (for RHEL Server) - Extended Update Support

        ... ... ...      Pool ID:             9c675f2bbcd54257a5950047cedfb6ee Provides Management: No Available:           2 Suggested:           one Service Level:       Premium Service Type:        L1-L3 Subscription Type:   Instance Based Ends:                08/04/2016 System Type:         Physical

        ... ... ...

Find the pool ID for the appropriate subscription in the list, and and then run the command. For example

        # subscription-manager attach --puddle 9c675f2bbcd54257a5950047cedfb6ee Successfully attached a subscription for: Scarlet Hat Enterprise Linux Server, Premium (Physical or Virtual Nodes)

Subscribe to the necessary channels/repositories

If your previous subscription expired and you just assignee a new pool to the server which corresponds to the same subscription, you will inherit repositories you used to have. But still information technology make sense to check the list of repositories to which y'all are subscribed using yum repolist control

It tin well be empty. (see also How to add a new yum repository )

To cheque the list of repositories to which you are subscribed employ: yum repolist
To check the listing of availed repositories utilize yum repolist all

To ascertain a new repository, you need to add a .repo file in the /etc/yum.repos.d/ directory. This is done using yum-config-manager --add-repo command

For example

# yum-config-manager --add-repo http://www.case.com/example.repo Loaded plugins: langpacks, presto, refresh-packagekit adding repo from: http://www.example.com/example.repo grabbing file http://www.example.com/instance.repo to /etc/yum.repos.d/example.repo example.repo                                             |  413 B     00:00 repo saved to /etc/yum.repos.d/example.repo

NOTES:

If EPEL is registered on some other system, you can copy relevant files directly into /etc/yum.repos.d. See also How to Enable EPEL Repository. All files with the .repo extension in this directory are read by yum but in order for yum to be able to install packages form it you lot demand explicitly enable it
If y'all use self support subscript y'all need manually add together rhel-6-server-extras-rpms/x86_64 or rhel-7-server-extras-rpms/x86_64 repository yous that you take two repositories in yum repolist listing.

Enabling repo

After you added repo you need to enable it. For RHEL repositories listed in yum repolist all you just need to enable it, you do not need to add them.

To enable it, you need to utilise the control

yum-config-manager --enable        <the_name_of_repository>

equally root

NOTES:

You demand to supply the repo name up to the first slash as list in yum repolist all. If you supply info provided past yum repolist all after slash this sucker does not work and there is non meaningful diagnostics.
If enable command is successful it list the repo information on console

For case:

yum-config-manager --enable rhel-half-dozen-server-extras-rpms

subscription-manager repos --enable rhel-6-server-extras-rpms

Sometimes EPEL repositories prevent RHEL patching (this is oftentimes the case with R RPMs installed from EPEL) you tin can simply disable them via command. For instance:

yum-config-manager --disable epel

and subsequently patching is done re-enable it

yum-config-managing director --enable  epel

You can always check the results with the command

yum repolist disabled you lot may listing the disabled repositories
yum repolist enabled and re-enable them

Troubleshooting

Inconsistent settings between various config file is the most mutual crusade of problems. Ruby-red Chapeau expertise in this area is extremely weak and they does not verify them for you lot.

yous can check you configuration using the command How to enable repository using subscription-manager in RHEL - Kernel Talks

# subscription-manager config

You can effort to remove all setting and to star afresh:

# subscription-manager remove --all  # subscription-manager unregister  # subscription-manager make clean

Then do the registration again with the settings that work on another server.

You can as well type the clarification of the problem in Google or Bing, or both (actually Bing is sometimes better) and see if everyone encountered and resolved it. Then based on the issue reformulate your search and try again. Oftentimes in a couple of hours, after earthworks tons of junk, y'all might become to a useful mail service of web log entry.

If yous run into problem with certificates

Sometimes in enterprise surround y'all run into problem with certificates. One mutual state of affairs is when proxy substitutes cocky-signed certificate How to troubleshoot subscription-manager and yum problems - Blood-red Chapeau Client Portal

Allow'southward troubleshoot this fault for instance:

Raw

              # yum bank check-update Loaded plugins: downloadonly, production-id, subscription-manager Updating certificate-based repositories. https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/cf-tools/1.0/bone/repodata/repomd.xml: [Errno 14] problem making ssl connexion Trying other mirror. Error: Cannot retrieve repository metadata (repomd.xml) for repository: rhel-6-server-cf-tools-1-rpms. Please verify its path and attempt again

Cheque if a proxy (or annihilation betwixt the server and Blood-red Hat) is not irresolute the SSL certificate. Sometimes proxies are configured to reassign SSL communication (similar to human being-in-the-eye attack).
Crosscheck if UUID of system matches on the Customer Portal:
1. Get the UUID from the system:
```
                  # openssl x509 -in /etc/pki/consumer/cert.pem -noout -text| grep 'Subject field: CN'                
```
2. Check the system'southward UUID on the Customer Portal: Go to admission.redhat.com --> Subscriptions --> Systems (under the subheading Subscriber Inventory) or open: https://access.redhat.com/management/consumers?type=system. Then enter the system's UUID in the filter box to see if it matches.
3. If the UUID does non match, refresh the subscription data from system:
```
                  # subscription-manager refresh # subscription-manager attach --auto                
```
  -or-
```
                  # subscription-manager attach --pool=POOLID                
```
When using a http proxy with RHSM, the proxy settings need to be put in /etc/rhsm/rhsm.conf (and not /etc/yum.conf).

If the communication via proxy is not properly established with the right certificates

The communication is not properly established with the correct certificates:

              # coil -v --proxy-user user:password --proxy proxy.example.com:8080 https://subscription.rhn.redhat.com --cacert /etc/rhsm/ca/redhat-uep.pem * Almost to connect() to proxy proxy.instance.com port 8080 (#0) *   Trying 10.0.0.1... connected * Connected to proxy.example.com (10.0.0.i) port 8080 (#0) * Establish HTTP proxy tunnel to subscription.rhn.redhat.com:443 * Proxy auth using Bones with user 'username' > CONNECT subscription.rhn.redhat.com:443 HTTP/one.1 > Host: subscription.rhn.redhat.com:443 > Proxy-Authorization: Basic XXEEAA = > User-Agent: scroll/7.xix.vii (i386-redhat-linux-gnu) libcurl/7.nineteen.vii NSS/iii.12.9.0 zlib/1.two.3 libidn/one.18 libssh2/i.2.2 > Proxy-Connection: Keep-Alive > < HTTP/1.one 200 Connectedness established < Date: Tue, 03 Jul 2012 xiii:03:51 GMT < Age: ii < Proxy-Connection: Keep-Alive < Via: 1.0 localhost.localdomain < * Proxy replied OK to CONNECT request * Initializing NSS with certpath: /etc/pki/nssdb *   CAfile: /etc/rhsm/ca/redhat-uep.pem   CApath: none * Peer'due south document issuer is not recognized: 'CN=proxy.example.com,O=My,L=RedHat,ST=South Carolina,C=U.s.a.' * NSS error -8179 * Closing connection #0 * Peer certificate cannot be authenticated with known CA certificates curlicue: (60) Peer certificate cannot exist authenticated with known CA certificates More details here: http://scroll.haxx.se/docs/sslcerts.html  curl performs SSL certificate verification past default, using a "bundle"  of Certificate Authority (CA) public keys (CA certs). If the default  bundle file isn't adequate, you can specify an alternate file  using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in  the packet, the document verification probably failed due to a  problem with the certificate (it might exist expired, or the name might  not match the domain name in the URL). If you'd similar to plow off curl's verification of the certificate, utilize  the -k (or --insecure) choice.

Diagnostic Steps (from Reddish Lid)

Find the troubleshooting steps which can help you to find the cause of the issue:

Make sure that the organisation'southward time and date is correct to the fourth dimension and appointment of the geographical location.
Adjacent thing to do is to unregister and register again the subscription manager - to be sure the server is properly registered using RHSM:

Unregister the server:

              gear up -x # appointment && subscription-manager --proxy=proxy.example.com:3128 make clean All local information removed  #date && subscription-director --proxy=proxy.instance.com:3128 unsubscribe --all This machine has been unsubscribed from all subscriptions  # appointment && subscription-manager --proxy=proxy.instance.com:3128 unregister Consumer 11111111-2222-3333-4444-555555555556 has been deleted

Get the information about the server:

              # date && subscription-director --proxy=proxy.instance.com:3128 facts --list

              # date && subscription-director --proxy=proxy.example.com:3128 annals The system has been registered with id: 11111111-2222-3333-4444-555555555555  # date && subscription-manager --proxy=proxy.example.com:3128 identity Current identity is: 11111111-2222-3333-4444-555555555555 name: gss01.example.com org name: 1111111 org id: 11111112222222333333334444444555  engagement && subscription-managing director --proxy=proxy.example.com:3128 subscribe --pool=<PoolId_from_the_previous_command>  #Or use simply: # engagement && subscription-director --proxy=proxy.example.com:3128 list --available +-------------------------------------------+     Available Subscriptions +-------------------------------------------+  ProductName:            Ruddy Hat Enterprise Linux Server, Self-support (1-2 sockets)                         (Upwards to i guest) ProductId:              RH0197181                 PoolId:                 11111111111111111111111111111111 Quantity:               x                        Multi-Entitlement:      No                        Expires:                01/01/2013                MachineType:            physical . .  # engagement && subscription-manager --proxy=proxy.example.com:3128 subscribe --auto Installed Product Electric current Condition: Production Name:           Red Hat Enterprise Linux Server Status:                 Subscribed   # date && subscription-manager --proxy=proxy.example.com:3128 list --consumed +-------------------------------------------+     Consumed Product Subscriptions +-------------------------------------------+  Production Name:           Crimson Hat Enterprise Linux Server Contract Number:        4444444 Account Number:         333333 Serial Number:          2222222222222222222 Active:                 True                      Quantity Used:          1                         Service Level:          None                      Service Type :          None                      Begins:                 22/09/xi                  Expires:                01/01/22 . . .   # date && subscription-manager --proxy=proxy.example.com:3128 repos --list +----------------------------------------------------------+     Entitled Repositories in /etc/yum.repos.d/redhat.repo +----------------------------------------------------------+ . . . Repo Name:              Scarlet Hat Enterprise Linux vi Server (RPMs) Repo Id:                rhel-6-server-rpms        Repo Url:               https://cdn.redhat.com/content/dist/rhel/server/6/$releasever/$basearch/os Enabled:                1                          Repo Proper noun:              Red Hat CloudForms Tools for RHEL six (RPMs) Repo Id:                rhel-6-server-cf-tools-1-rpms Repo Url:               https://cdn.redhat.com/content/dist/rhel/server/vi/$releasever/$basearch/cf-tools/1.0/os Enabled:                i . .

Generate and check the strace:

              yum clean all export URLGRABBER_DEBUG=1,-  sed -i.orig 'southward/debuglevel = 0/debuglevel = 1/g' /usr/lib64/python2.6/httplib.py  strace -ttT -s1024 -v -o /tmp/yum.update.strace yum -d10 cheque-update mv /usr/lib64/python2.6/httplib.py.orig /usr/lib64/python2.6/httplib.py

There should be something like this in the strace:

The system was able to connect to subscription.rhn.redhat.com:443 through the proxy server:

              2012-03-12 10:04:36,002 [DEBUG]  @connection.py:194 - Using proxy: proxy.server.com:3128 2012-03-12 10:04:36,002 [DEBUG]  @connectedness.py:209 - Making asking: GET https://subscription.rhn.redhat.com:443/subscription/consumers/8c1cb059-xxxx-xxxx-xxxx-46025d2b9d35/certificates?serials=50 27624092264466693 2012-03-12 10:04:37,952 [DEBUG]  @connection.py:218 - Response status: 200

The strace of the client'southward yum attempt shows an initially successful connection to cdn.redhat.com:443 through the proxy proxy.server.com:3128:

              14:59:05.914373 connect(vii, {sa_family=AF_INET, sin_port=htons(3128), sin_addr=inet_addr("192.168.0.two")}, xvi) = -ane EINPROGRESS (Performance now in progress) <0.000022> 14:59:05.914423 poll([{fd=7, events=POLLOUT|POLLWRNORM}], 1, 29998) = 1 ([{fd=7, revents=POLLOUT|POLLWRNORM}]) <0.000227> 14:59:05.914693 getsockopt(7, SOL_SOCKET, SO_ERROR, [0], [4]) = 0 <0.000017> 14:59:05.914749 sendto(7, "CONNECT cdn.redhat.com:443 HTTP/1.1\r\nHost: cdn.redhat.com:443\r\nUser-Agent: urlgrabber/3.9.1 yum/3.2.29\r\nProxy-Connection: Keep-Live\r\n\r\n", 136, MSG_NOSIGNAL, NU LL, 0) = 136 <0.000012> 14:59:05.914794 poll([{fd=7, events=POLLIN|POLLPRI|POLLRDNORM|POLLRDBAND}], 1, 1000) = one ([{fd=7, revents=POLLIN|POLLRDNORM}]) <0.231993> fourteen:59:06.146848 recvfrom(7, "HTTP/1.0 200 Connection established\r\n\r\n", 16384, 0, NULL, Null) = 39 <0.000024>

It'south showing the problem is between proxy server and RHN. Check if there are some restrictions on the firewall or proxy itself How do I configure my firewall so that I can access the Red Chapeau Subscription Manager (RHSM) and Red Hat Network (RHN)?
Test the connection with proxy:

              whorl --caput --fundamental /etc/pki/entitlement/4790939584130415916-key.pem -Due east /etc/pki/entitlement/4790939584130415916.pem -k https://cdn.redhat.com/content/dist/rhel/server/5/5Server/x86_64/cf-tools/one.0/bone/repodata/repomd.xml -ten proxy.example.com:3128 --verbose -H "Cache-command: no-cache" -H "Pragma: no-cache" --cacert /etc/rhsm/ca/redhat-uep.pem * Nigh to connect() to proxy proxy.case.com port 3128 (#0)                                                                                                                                               *   Trying 10.0.0.1... connected                                                                                                                                                                             * Connected to proxy.example.com (10.0.0.1) port 3128 (#0)                                                                                                                                                * Establish HTTP proxy tunnel to cdn.redhat.com:443                                                                                                                                                             > CONNECT cdn.redhat.com:443 HTTP/1.1                                                                                                                                                                           > Host: cdn.redhat.com:443                                                                                                                                                                                      > User-Amanuensis: curl/7.xix.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.12.9.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2                                                                                            > Proxy-Connectedness: Keep-Alive                                                                                                                                                                                  >                                                                                                                                                                                                               < HTTP/ane.0 200 Connection established                                                                                                                                                                           <                                                                                                                                                                                                               * Proxy replied OK to CONNECT request * Initializing NSS with certpath: /etc/pki/nssdb * warning: ignoring value of ssl.verifyhost * skipping SSL peer certificate verification * NSS: customer certificate: PEM Token #1:5027624092264466693.pem *       subject area: CN=8a85f98435edb09d01360626e0924712 *       start engagement: January 01 05:00:00 2012 GMT *       expire appointment: Jan 01 04:59:59 2013 GMT *       common name: 8a85f98435edb09d01360626e0924712 *       issuer: E=ca-support@redhat.com,CN=Red Hat Candlepin Authority,OU=Red Hat Network,O="Red Hat, Inc.",ST=North Carolina,C=US * SSL connexion using TLS_RSA_WITH_AES_256_CBC_SHA * Server certificate: *       subject: CN=cdn.redhat.com,OU=IT,O="Red Hat, Inc.",L=Raleigh,ST=NORTH CAROLINA,C=US *       first date: Jul 19 16:16:fourteen 2010 GMT *       expire date: Jul 16 xvi:16:fourteen 2020 GMT *       common proper noun: cdn.redhat.com *       issuer: E=ca-support@redhat.com,CN=Red Hat Entitlement Operations Say-so,OU=Red Hat Network,O="Carmine Lid, Inc.",ST=North Carolina,C=US > Become /content/dist/rhel/server/5/5Server/x86_64/cf-tools/1.0/os/repodata/repomd.xml HTTP/1.i > User-Agent: ringlet/7.19.vii (x86_64-redhat-linux-gnu) libcurl/7.19.vii NSS/iii.12.ix.0 zlib/i.2.3 libidn/one.18 libssh2/1.ii.2 > Host: cdn.redhat.com > Accept: */* >  < HTTP/1.1 200 OK

Without proxy using openssl:

              openssl s_client -port 443 -CApath /etc/pki/entitlement/ -host cdn.redhat.com -prexit -cert 6666666666666666666.pem -key 6666666666666666666-primal.pem CONNECTED(00000003) depth=1 C = US, ST = Due north Carolina, O = "Red Hat, Inc.", OU = Reddish Hat Network, CN = Red Hat Entitlement Operations Authority, emailAddress = ca-support@redhat.com verify mistake:num=20:unable to get local issuer certificate verify return:0 --- Certificate chain  0 s:/C=U.s./ST=North CAROLINA/L=Raleigh/O=Red Hat, Inc./OU=IT/CN=cdn.redhat.com    i:/C=United states/ST=Due north Carolina/O=Red Lid, Inc./OU=Red Hat Network/CN=Red Chapeau Entitlement Operations Authority/emailAddress=ca-support@redhat.com  one s:/C=U.s.a./ST=North Carolina/O=Red Hat, Inc./OU=Cherry Lid Network/CN=Scarlet Hat Entitlement Operations Authority/emailAddress=ca-support@redhat.com    i:/C=Usa/ST=North Carolina/L=Raleigh/O=Cerise Lid, Inc./OU=Crimson Lid Network/CN=Entitlement Main CA/emailAddress=ca-support@redhat.com --- Server certificate -----BEGIN Document----- MIIENjCCAh6gAwIBAgIBJzANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMCVVMx FzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMu MRgwFgYDVQQLDA9SZWQgSGF0IE5ldHdvcmsxMTAvBgNVBAMMKFJlZCBIYXQgRW50 aXRsZW1lbnQgT3BlcmF0aW9ucyBBdXRob3JpdHkxJDAiBgkqhkiG9w0BCQEWFWNh LXN1cHBvcnRAcmVkaGF0LmNvbTAeFw0xMDA3MTkxNjE2MTRaFw0yMDA3MTYxNjE2 MTRaMHYxCzAJBgNVBAYTAlVTMRcwFQYDVQQIEw5OT1JUSCBDQVJPTElOQTEQMA4G A1UEBxMHUmFsZWlnaDEWMBQGA1UEChMNUmVkIEhhdCwgSW5jLjELMAkGA1UECxMC SVQxFzAVBgNVBAMTDmNkbi5yZWRoYXQuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQDcVN7OoMTenrvBx2GEdW+t5GYaWd/rg2dyFooyItr+snRgyTkeBQOL ZmvGH/VbwQxrUmDCWnaxWX84hcZMn0xIEEOu/OdsRzrDdhBmsWTRRkabucJVg7BW Zu89vATSpjZ+hCp/J+67ZNscuMqI7GzFG6A7KOgMRehg4pbgIR2sFwIDAQABoxcw FTATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAgEAZxzgeGbE YHpzqu0g+IAaTRIQ53xrRWy0PFqaeD9aRmJoqnjHJiYXguNsHcIY7el082RgxONf hP2k4iE2Rcxo7MA3OiBEG7CvM73oLo94BhLKy/Ytbcut1K0WH1Q8hY3jIdk76sfM yX2bFgFAHAbBcZFOAhvdaNrzxSFcX+WGvTMhvuXq4u3dRQJlG9QFG/d8Xx247G5e rnRlBy23RHAqYVDs1bx2SA/SLx0WCUkuBgh7O8aFGam73ynVW5RosTtX5tw2L68I JCknBfSEtJIMwJVv+OwMhV6EBydorEZkPZO0Q/3c/wNmp9VfjnfMybb+hyS8NP1T zP2ewQvVwFv8yZYfNIXQCH3YGFXwtG0x1uKcgHQNpf53bvOqQy2DL76/QzEfya63 KVmomyyGX74v3fNytYOTVSRRCS4NoIzb+9oAIuHgLkgQyADfUDsIsk/DwM8oduq1 4n832s2DUJEZA1czt2ZdJXSfas3syP5BtsjaFPdUInqVLRAvC7hmj61GtnehTKx0 SYxs4ijC7SeXckE9vaO5hr6GcAYNzv/pvZ5DB6FBdzmeyX1lpUz/xn8Gc4xhM9lA L5eQ180iMiLjbX9MAUayJLecwd49W3fQ1gbBkR6xTwy+gveRXJ+M1fxot+FUhV5v Lt0DgnVbXOn0l4R5oZVv7k3iVBSPaDe4Dlc= -----END Certificate----- bailiwick=/C=US/ST=NORTH CAROLINA/L=Raleigh/O=Blood-red Chapeau, Inc./OU=IT/CN=cdn.redhat.com issuer=/C=US/ST=North Carolina/O=Crimson Lid, Inc./OU=Red Hat Network/CN=Reddish Lid Entitlement Operations Authority/emailAddress=ca-support@redhat.com --- Adequate client document CA names /C=U.s./ST=North Carolina/O=Red Hat, Inc./OU=Cerise Chapeau Network/CN=Red Lid Entitlement Operations Authority/emailAddress=ca-back up@redhat.com /C=US/ST=North Carolina/L=Raleigh/O=Red Chapeau, Inc./OU=Red Hat Network/CN=Entitlement Master CA/emailAddress=ca-back up@redhat.com /C=Usa/ST=Northward Carolina/O=Red Hat, Inc./OU=Ruddy Lid Network/CN=Red Hat Candlepin Dominance/emailAddress=ca-support@redhat.com --- SSL handshake has read 3693 bytes and written 100396 bytes --- New, TLSv1/SSLv3, Goose egg is AES256-SHA Server public key is 1024 chip Secure Renegotiation IS supported Pinch: NONE Expansion: NONE SSL-Session:     Protocol  : TLSv1     Aught    : AES256-SHA     Session-ID: 4EF45E40519DD86B56C5D62938E42B2ACB85F421F1B4853E607BE42738047A31     Session-ID-ctx:      Master-Primal: 7E3E5B2F9E2C257D76EB23E3477C67423761D7B843068EA95A43D3749D5464A52040F85635E3D8113F3D01A60E1AFEB4     Fundamental-Arg   : None     Krb5 Principal: None     PSK identity: None     PSK identity hint: None     Get-go Time: 1345283601     Timeout   : 300 (sec)     Verify render code: 20 (unable to get local issuer certificate) ---

Testing connectivity to subscription.rhn.redhat.com

Hither are the Ruby Lid recommendations:

Verifying the car can connect to subscription.rhn.redhat.com

with roll:

                $ gyre -v -k https://subscription.rhn.redhat.com/subscription/ --cacert /etc/rhsm/ca/redhat-uep.pem * Almost to connect() to subscription.rhn.redhat.com port 443 (#0) *   Trying 10.4.127.49... connected * Continued to subscription.rhn.redhat.com (ten.4.127.49) port 443 (#0) ... * Endmost connection #0 [{"rel":"consumers","href":"/consumers"},{"rel":"distributor_versions","href":"/distributor_versions"},{"rel":"entitlements","href":"/entitlements"},{"rel":"hypervisors","href":"/hypervisors"},{"rel":"jobs","href":"/jobs"},{"rel":"owners","href":"/owners"},{"rel":"pools","href":"/pools"},{"rel":"products","href":"/products"},{"rel":"subscriptions","href":"/subscriptions"},{"rel":"users","href":"/users"}]

Or with openssl s_client:

                $ openssl s_client -port 443 -CApath /etc/rhsm/ca/redhat-uep.pem -host subscription.rhn.redhat.com CONNECTED(00000003) depth=2 C = Us, ST = Due north Carolina, L = Raleigh, O = "Ruby Hat, Inc.", OU = Ruddy Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com verify error:num=xix:self signed certificate in certificate concatenation verify return:0 --- ...      First Time: 1397793816     Timeout   : 300 (sec)     Verify render code: 19 (self signed document in certificate chain) ---

So type in this:

              Go /subscription/

... to get this output:

              [{"rel":"consumers","href":"/consumers"},{"rel":"distributor_versions","href":"/distributor_versions"},{"rel":"entitlements","href":"/entitlements"},{"rel":"hypervisors","href":"/hypervisors"},{"rel":"jobs","href":"/jobs"},{"rel":"owners","href":"/owners"},{"rel":"pools","href":"/pools"},{"rel":"products","href":"/products"},{"rel":"subscriptions","href":"/subscriptions"},{"rel":"users","href":"/users"}]airtight

Or testing basic connectivity when you take a consumer cert and primal, and where RHNUSERNAME is your customer portal login:

              # ringlet --primal /etc/pki/consumer/fundamental.pem --cert /etc/pki/consumer/cert.pem --cacert redhat-uep.pem https://subscription.rhn.redhat.com/subscription/users/RHNUSERNAME/owners

Top Visited					Switchboard
					Latest
					Past week
					Past month

NEWS CONTENTS

20190311 : How to enable repository using subscription-manager in RHEL - Kernel Talks ( Mar 08, 2019 , kerneltalks.com )
20190309 : Register Red Hat 7 using Subscription Manager via Proxy by Grzegorz Juszczak ( March 9, 2016 , tuxfixer.com )
20190309 : [SOLVED] Redhat Subscription Manager for RHEL 6 ( [SOLVED] Redhat Subscription Managing director for RHEL 6, )

Sometime News ;-)

[Mar 11, 2019] How to enable repository using subscription-manager in RHEL - Kernel Talks

Mar 08, 2019 | kerneltalks.com

How to enable repository using subscription-manager in RHEL

Published: Feb 20, 2018 | Modified: March 8, 2018 | 10344 views

In this commodity we volition walk y'all through footstep by pace process to enable Red Hat repository in RHEL fresh installed server.
... ... ...

root@kerneltalks # subscription-manager register Registering to: subscription.rhsm.redhat.com:443/subscription Username: admin@kerneltalks.com Password: Network error, unable to connect to server. Please meet /var/log/rhsm/rhsm.log for more data.

If yous are getting above error then your server is non able to reach RedHat. Check cyberspace connection & if you lot are able to resolve site names. Sometimes even if you are able to ping subscription server, you will see this error. This might be because of you lot have the proxy server in your environs. In such example, you demand to add its details in file /etc/rhsm/rhsm.conf. Below proxy details should be populated :

# an http proxy server to use proxy_hostname =  # port for http proxy server proxy_port =  # user proper name for authenticating to an http proxy, if needed proxy_user =  # countersign for basic http proxy auth, if needed proxy_password =  # an http proxy server to apply proxy_hostname =  # port for http proxy server proxy_port =  # user name for authenticating to an http proxy, if needed proxy_user =  # countersign for bones http proxy auth, if needed proxy_password =

Once you are washed, recheck if subscription-manager taken up new proxy details past using below control �

root@kerneltalks # subscription-manager config
                [server]
                hostname = [subscription.rhsm.redhat.com]
                insecure = [0]
                port = [443]
                prefix = [/subscription]
                proxy_hostname = [kerneltalksproxy.abc.com]
                proxy_password = [asdf]
                proxy_port = [3456]
                proxy_user = [user2]
                server_timeout = [180]
                ssl_verify_depth = [3]
                [rhsm]
                baseurl = [https://cdn.redhat.com]
                ca_cert_dir = [/etc/rhsm/ca/]
                consumercertdir = [/etc/pki/consumer]
                entitlementcertdir = [/etc/pki/entitlement]
                full_refresh_on_yum = [0]
                manage_repos = [1]
                pluginconfdir = [/etc/rhsm/pluginconf.d]
                plugindir = [/usr/share/rhsm-plugins]
                productcertdir = [/etc/pki/production]
                repo_ca_cert = /etc/rhsm/ca/redhat-uep.pem
                report_package_profile = [i]
                [rhsmcertd]
                autoattachinterval = [1440]
                certcheckinterval = [240]
                [logging]
                default_log_level = [INFO]
                [] - Default value in employNow, try registering your system over again.                
                ... ... ...

[Mar 09, 2019 ] Register Red Lid seven using Subscription Manager via Proxy past Grzegorz Juszczak

March 9, 2016 | tuxfixer.com

Set HTTP Proxy for Red Hat Subscription Manager

Use the post-obit syntax:

                [root@tuxfixer ~]# subscription-manager config --server.proxy_hostname=(proxy_server_ip) --server.proxy_port=(proxy_server_port)

Instance:

                [root@tuxfixer ~]# subscription-manager config --server.proxy_hostname=85.254.112.xx --server.proxy_port=8080

two. Annals Red Lid 7 using your Red Hat credentials and automatically attach Red Chapeau repository

Employ the following syntax:

                [root@tuxfixer ~]# subscription-manager register --username (your_username) --countersign (your_password) --auto-attach

Example:

                [root@tuxfixer ~]# subscription-manager register --username proper name.surname@tuxfixer.com --password tuxfixer_sec_pass --auto-adhere  The arrangement has been registered with ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx  Installed Product Current Status: Product Name: Carmine Hat Enterprise Linux Server Status:       Subscribed

iii. (Optional) Enable additional Red Hat Channels to obtain additional packages

Red Hat Optional Channel:

                [root@tuxfixer ~]# subscription-manager repos --enable rhel-7-server-optional-rpms

Red Hat Extras Channel:

                [root@tuxfixer ~]# subscription-director repos --enable rhel-7-server-extras-rpms

[SOLVED] Redhat Subscription Managing director for RHEL 6

yohey03

Adept twenty-four hour period to Linuxquestions.org community,

I want to ask Redhat Subscription Director registration.
I register ane of my RHEL6 Virtual Machine registration on Redhat.

I first Used to RHN Registration,I registered and choose to RHN Classic
and prompt that the this system is registered to RHN Classic.

However,I checked the Subscription Director and Found out this message(please come across attached file).
it indicates that my machine is registered to RHN Classic simply on below,
there's a question mark and unknown on the status.

Also the Products Subscription Details is non registered.

Give thanks y'all for your kindness...

Chetansingh

As per redhat, from version half dozen always use subscription-manager to register your machine.

You can do one thing, unregister your machine via rhn classic and then annals it via subscription-manager.

rm /etc/sysconfig/rhn/systemid
subscription-manager register

or you lot tin can migrate to rhsm via below control
rhn-migrate-classic-to-rhsm

yum install subscription-manager-migration subscription-manager-migration-data
rhn-migrate-archetype-to-rhsm
cd /etc/sysconfig/rhn
mv systemid rhnclassic.systemid
rm /etc/sysconfig/rhn/systemid
subscription-manager annals

GaWdLy

Almost registration data isn't worth keeping, and then I would just run '# subscription-managing director register --force' and you will re-annals with RHSM.

Chetansingh

Earlier running strength register, we need to remove the organisation from rhn classic, then only we would be able to add information technology to subscription-manager

yohey03

Howdy To All,

My Problem was solved!Thanks to all of y'all
especially to "Chetansingh" ,thank you very much for
providing this solution.

Etc

Society

Groupthink : Two Party Arrangement every bit Polyarchy : Corruption of Regulators : Bureaucracies : Agreement Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Advice : Surviving a Bad Operation Review : Insufficient Retirement Funds every bit Immanent Problem of Neoliberal Authorities : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

State of war and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An ascertainment about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Deject providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Issues Bulletin, 2004 : Financial Humor Bulletin, 2011 : Free energy Message, 2010 : Malware Protection Message, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (Nov, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit equally a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Constabulary

History:

Fifty glorious years (1950-2000): the triumph of the Us figurer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix beat out history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/ane : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Homo-Month : How to Solve It past George Polya : The Fine art of Figurer Programming : The Elements of Programming Style : The Unix Hater�s Handbook : The Jargon file : The True Believer : Programming Pearls : The Skilful Soldier Svejk : The Power Elite

Nearly popular humor pages:

Manifest of the Softpanorama It Slacker Social club : X Commandments of the Information technology Slackers Social club : Computer Humor Collection : BSD Logo Story : The Cuckoo'south Egg : IT Slang : C++ Humor : ARE YOU A Bulletin board system ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Fiscal Humor : Fiscal Sense of humor Bulletin, 2008 : Fiscal Humor Bulletin, 2010 : The Virtually Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related sense of humor : Greenspan humor : C Sense of humor : Scripting Humor : Real Programmers Humour : Web Humour : GPL-related Humor : OFM Sense of humour : Politically Incorrect Sense of humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Developer Humour : Microsoft plans to buy Catholic Church building : Richard Stallman Related Humour : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Fiscal Humor Message, 2012 : Financial Humour Bulletin, 2013 : Java Sense of humor : Software Technology Sense of humour : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Archetype Computer Humor

The Last but not To the lowest degree Technology is dominated past 2 types of people: those who sympathise what they do non manage and those who manage what they do not understand ~Archibald Putt. Ph.D

Copyright � 1996-2021 by Softpanorama Society . www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Evolution Networking Programme (SDNP) without any remuneration. This certificate is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair utilize doctrine.

Fair Utilise NOTICE This site contains copyrighted material the employ of which has not always been specifically authorized by the copyright owner. Nosotros are making such fabric available to advance understanding of computer science, It engineering, economical, scientific, and social issues. Nosotros believe this constitutes a 'off-white use' of whatsoever such copyrighted textile as provided past section 107 of the US Copyright Police force according to which such textile tin can exist distributed without turn a profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Gratis) site written past people for whom English language is not a native linguistic communication. Grammar and spelling errors should exist expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to purchase a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the writer (or referenced source) and are not endorsed by, nor do they necessarily reverberate, the opinions of the Softpanorama society. We exercise not warrant the correctness of the information provided or its fettle for whatsoever purpose. The site uses AdSense and so you demand to be enlightened of Google privacy policy. You lot you practise not want to exist tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Final modified: October, 24, 2019