[PR #6366/1aa94a5a backport][stable-6] redhat_subscription: document the security of the registration (#6368)

redhat_subscription: document the security of the registration (#6366) (cherry picked from commit 1aa94a5a1d) Co-authored-by: Pino Toscano <ptoscano@redhat.com>
2024-09-14 20:13:21 +02:00 · 2023-04-19 21:14:34 +02:00 · 2023-04-19 21:14:34 +02:00 · acfe464a31
commit acfe464a31
parent f32a8dc740
1 changed files with 10 additions and 0 deletions
--- a/plugins/modules/redhat_subscription.py
+++ b/plugins/modules/redhat_subscription.py
@ -19,6 +19,16 @@ description:
      registering using D-Bus if possible.
 author: "Barnaby Court (@barnabycourt)"
 notes:
+    - |
+      The module tries to use the D-Bus C(rhsm) service (part of C(subscription-manager))
+      to register, starting from community.general 6.5.0: this is done so credentials
+      (username, password, activation keys) can be passed to C(rhsm) in a secure way.
+      C(subscription-manager) itself gets credentials only as arguments of command line
+      parameters, which is I(not) secure, as they can be easily stolen by checking the
+      process listing on the system. Due to limitations of the D-Bus interface of C(rhsm),
+      the module will I(not) use D-Bus for registation when trying either to register
+      using I(token), or when specifying I(environment), or when the system is old
+      (typically RHEL 6 and older).
    - In order to register a system, subscription-manager requires either a username and password, or an activationkey and an Organization ID.
    - Since 2.5 values for I(server_hostname), I(server_insecure), I(rhsm_baseurl),
      I(server_proxy_hostname), I(server_proxy_port), I(server_proxy_user) and