Skip to content
This repository has been archived by the owner. It is now read-only.
Cookbook providing custom resources for interacting with Red Hat Subscription Manager
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

The resources in this cookbook now ship as part of Chef 14. This cookbook is now deprecated and no further updates will be made. We highly recommend you update to Chef 14 and submit and issues you find to the Chef github repo at

redhat_subscription_manager cookbook

The Red Hat Subscription Manager (RHSM) cookbook provides custom resources for use in recipes to interact with RHSM or a locally-installed Red Hat Satellite. These resources allow you to configure your hosts' registration status, repo status, and installation of errata.


This cookbook focuses on Red Hat Enterprise Linux hosts with support for the subscription-manager tool and the new style of registration and subscription management. It does not support the former rhn_register or spacewalk-channel method of channel registration.


  • Chef 12.7+
  • Outbound internet access (if not using a locally-accessible Satellite)
  • Outbound access to the Satellite host (if using a Satellite)
  • Valid Red Hat entitlements/subscriptions


Place a dependency on the redhat_subscription_manager cookbook in your cookbook's metadata.rb:

depends 'redhat_subscription_manager'

Then, in a recipe:

rhsm_register 'myhost' do
  activation_key 'mykey1234'
  satellite_host ''
  action :register



The rhsm_register resource performs the necessary tasks to register your host with RHSM or your local Satellite server.


  • :register: (default) registers your host
  • :unregister: unregisters your host


  • activation_key: string of the activation key to use when registering, or an array of keys if multiple keys are needed. When using activation_key, you must supply an organization.
  • satellite_host: (optional) FQDN of the Satellite host to register with. If not specified, the host will be registered with Red Hat's public RHSM service.
  • organization: organization to use when registering, required when using an activation key
  • username: username to use when registering. Not applicable if using an activation key. If specified, password and environment are also required.
  • password: password to use when registering. Not applicable if using an activation key. If specified, username and environment are also required.
  • environment: environment to use when registering, required when using username and password
  • auto_attach: if true, RHSM will attempt to automatically attach the host to applicable subscriptions. It is generally better to use an activation key with the subscriptions pre-defined.
  • install_katello_agent: if true, the katello-agent RPM will be installed. Defaults to true
  • sensitive: if true, the execution of the registration command will be flagged as "sensitive," prohibiting the command, STDOUT, and STDERR from being displayed in the Chef log output. This command could contain usernames, passwords, and activation keys, so unlike other Chef resources, this defaults to true. However, you may set it to false to get additional output if your registration attempts are failing.
  • force: if true, the system will be registered even if it is already registered. Normally, any register operations will fail if the machine is has already registered.


rhsm_register 'myhost' do
  satellite_host ''
  activation_key [ 'key1', 'key2' ]

rhsm_register 'myhost' do
  username 'myuser'
  password 'mypassword'
  environment 'myenvironment'
  auto_attach true

rhsm_register 'myhost' do
  action :unregister


The rhsm_subscription resource will add another subscription to your host. This can be used when a host's activation_key does not attach all necessary subscriptions to your host.


  • :attach: (default) attach a new subscription
  • :remove: remove an existing Subscription


None. The name passed in to the resource will be the pool ID to use when attaching/removing.


rhsm_subscription 'pool123' do
  action :attach

rhsm_subscription 'pool321' do
  action :remove


The rhsm_repo resource enabled and disables repositories that are made available via attached subscriptions.


  • :enable: (default) enable a repo
  • :disable: disable a repo


None. The name passed in to the resource will be the repository name to use when enabling/disabling.


rhsm_repo 'rhel-7-myrepo' do
  action :enable

rhsm_repo 'rhel-7-oldrepo' do
  action :disable


The rhsm_errata resource will ensure packages associated with a given Errata ID are installed. This is helpful if packages to mitigate a single vulnerability must be installed on your hosts.


  • :install: (default) install all packages for a given erratum


None. The name passed in to the resource will be the Errata ID to use when installing packages.


rhsm_errata 'RHSA:2015-1234'

rhsm_errata 'RHSA:2015-4321' do
  action :install


The rhsm_errata_level resource will install all packages for all errata of a certain security level. For example, you can ensure that all packages associated with errata marked at a "Critical" security level are installed.


  • :install: (default) install all packages for all errata of a certain security level


None. The name passed in to the resource will be the security level to use when installing packages.

Valid security levels are: critical, moderate, important, and low. While yum is case sensitive, the values expected by this cookbook are not.


rhsm_errata_level 'critical'

rhsm_errata_level 'IMPORTANT' do
  action :install


  • node['rhsm']['lang'] - Sets the environment language with that subscription-manager commands are executed. The output of that command is localized and non English output breaks the output parsing of this cookbook. Therefore changing the default may break this cookbook. Defaults to 'en_US'.

License and Authors

Author:: Chef Partner Engineering (

Copyright:: 2015-2018 Chef Software, Inc.

License:: Apache License, Version 2.0

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.


  1. Fork it ( )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request
You can’t perform that action at this time.