Blog-S_Secure_100x385

Managing Red Hat Subscriptions with Chef

Keeping your Red Hat systems patched is critical, and registering your nodes with Red Hat Subscription Manager (RHSM) or a Red Hat Satellite is the first step. Frequently, users will handle the registration manually or bake it in to their nodes with a one-time startup script.

We think there’s a better way, so we are happy to share our new `redhat_subscription_manager` cookbook with you, which can now be found on the Supermarket and GitHub. The custom resources in this new cookbook allow you to use RHSM / Red Hat Satellite to manage your subscriptions and errata while still maintaining your “infrastructure as code,” keeping your desired state codified in your cookbooks.

The new cookbook provides the following custom resources you can use in your own recipes:

* `rhsm_register`: register you host with RHSM or your own locally-run Red Hat Satellite
* `rhsm_subscription`: attach or remove a subscription, useful for when an additional subscription is needed but not automatically attached in your organization’s activation key configuration
* `rhsm_repo`: enable or disable Yum repositories that are available via your attached subscriptions
* `rhsm_errata`: install all packages for a given security erratum
* `rhsm_errata_level`: install all packages available for any available security errata for a given severity level

Here is an example recipe using the new custom resources:

# register the node against our company satellite server
rhsm_register 'mynode' do
  satellite_host 'rhsatellite.mycompany.com'
  activation_key 'my-sooper-seekret-key'
  action :register
end

# activate an additional subscription
rhsm_subscription '1cf2f1559e0e40b4a2ebc39ee46b9686' do
  action :attach
end

# apply patches to mitigate Shellshock
rhsm_errata 'RHSA-2014:1293'
rhsm_errata 'RHSA-2014:1294'
rhsm_errata 'RHSA-2014:1295'

# ensure any critical security patches are installed
rhsm_errata_level 'critical'

To use the new cookbook, add a dependency in your own cookbook’s metadata.rb:

depends 'redhat_subscription_manager', '~> 0.1'

… and add the custom resources to a recipe of your choice.

The cookbook utilizes the newer `subscription-manager` tool and supports Red Hat Subscription Management hosted by Red Hat as well as Red Hat Satellite v6 or later which can be run by you behind your firewall. You can find more information in the GitHub repo. We hope you enjoy managing your Red Hat nodes with Chef!

Adam Leff

Former Chef Employee