Register RHEL with Activationkey

Code of Conduct

• [x] I have read and agree to the project's Code of Conduct.

Description

It is recommended to register RHEL systems using an activationkey and org rather than username and password (for security). I saw it was mentioned in #1042 where the username option was apparently removed for RHEL 10, but this applies to older versions as well so I thought I would make a separate issue anyway. Also, and somewhat unrelated, the "--autosubscribe" option has been deprecated for sometime in favor of "--auto-subscribe" (which itself may not be needed if Simple Content Access [SCA] is the default).

NOTE: Orgs are numeric (e.g. "1234567"), and the activationkey is a string containing only numbers, letters, underscores, and hyphens (multiple comma-separated keys can be used (e.g. "key1,key2,key3") but not sure how relavent that is with SCA rolling out).

Use Case(s)

You need to register a RHEL 7+ system and want to use a more secure option.

Potential Configuration

In ks.pkrtpl.hcl, instead of the current /usr/sbin/subscription-manager register --username ${rhsm_username} --password ${rhsm_password} --autosubscribe --force Use something like the following (plus all the variable handling stuff): /usr/sbin/subscription-manager register --activationkey="${rhsm_key}" --org="${rhsm_org}" --auto-attach --force

References

https://access.redhat.com/solutions/253273 https://access.redhat.com/solutions/3341191

SCA related info: https://www.redhat.com/en/blog/red-hat-subscription-management-simple-content-access-explained

FWIW, Saddemu also mentioned using subscription-manager clean instead of unregister, this command has been present for a while and could be applied to the older RHELs as well.

This is underway and tentatively planned for completion after the 2025 Winter holidays.