We worked with a consultant who confirmed that if we follow the steps below, we can still leverage BigFix to patch RHEL:
Create the necessary file path on the root BigFix server for the RHSM SSL certificate as per the documentation and install.
Enable and subscribe applicable Linux patching sites (CentOS 6/7 and/or RHEL 6/7).
Setup the RHSM v2 download plugin on the root BigFix server via the BES console dashboard as a master operator as per the documentation.
Configure any applicable custom repositories as per the documentation.
Update DownloadWhitelist on root BigFix server with applicable repository URLs, etc.
Deploy applicable content to enable custom repositories for specific endpoints.
But I am not authorized to “create and download identification certificates through the Red Hat Subscription Management system to use the RHSM Download Plug-in”. There is a person in my organization that can do this, but they are not responding to my request because the term RHSM is foreign to them because “…our RHEL satellite uses the old RHN method.”
[Question]
What is an RHSM SSL Certificate?
My educated guess (from what i understood from the two links down below) is that an “RHSM SSL Certificate” is an identity certificate which comprises of an entitlement certificate and an identify certificate. Both must be created and downloaded through the Red Hat Subscription Management system.
And I gathered that we “…must register the RHSM download plug-in to avoid download errors” and that “Registration is required though the data that the download plug-in generates will not be used.” And this is an important to note because “…our RHEL satellite uses the old RHN method”.
Could someone please confirm or correct my answer.
In order for me to convince said person to obtain on my behalf an RHSM SSL Certificate, I have no choice but to help them overcome the aversion to the term RHSM (b/c our RHEL satellite uses the old RHN method).
I could send them the link you provided on “using certificates with subscription manager”, but the term RHSM will almost guarantee that said person will reply with our RHEL satellite uses the old RHN method and I am back to square one–or as it has been the case for more than six months, said person will just ignore my request.
Have you or anyone else who uses (or used it at one time) the RHN method ONLY, obtained a RHSM SSL Certificate through the Red Hat Subscription Management system?
I can’t say that I know of anyone still using RHN, given that Red Hat’s documentation indicates that they end-of-life’d RHN in favor of RHSM in January, and are not providing any new updates via RHN since then. I didn’t see any announcement about extending their support. Maybe your company has some services contracted through them for Red Hat support?
The Satellite works and i have been leveraging it for patching dozens of RHEL boxes in our environment for close to a year now–while using BigFix for hundreds of other boxes (various other flavors of Linux and Windows Servers). I really would like to corral my RHEL boxes into BigFix and move away from the Satellite.
Yes we were “grandfathered”; that’s how it was explained to me. But my big problem here is getting our RHEL administrator to trust what the BigFix consultant we hired last year told us:
In order to complete the setup for RHEL patching, we’re going to need to complete the RHSM download plugin and custom repositories setup on the root BigFix server.
to obtain RHSM certificates in order to configure RHEL patching in BigFix despite the fact that their RHEL satellite uses the old RHN method?
The consultant explained that the purpose of “Registering a New System” in the Red Hat Subscription Management system is to get the Entitlement Certificate and System Identity Certificate for the RHSMPlugin and that the fact that our RHEL satellite uses the old RHN method was irrelevant.