1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

[PR #6366/1aa94a5a backport][stable-6] redhat_subscription: document the security of the registration (#6368)

redhat_subscription: document the security of the registration (#6366)

(cherry picked from commit 1aa94a5a1d)

Co-authored-by: Pino Toscano <ptoscano@redhat.com>
This commit is contained in:
patchback[bot] 2023-04-19 21:14:34 +02:00 committed by GitHub
parent f32a8dc740
commit acfe464a31
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -19,6 +19,16 @@ description:
registering using D-Bus if possible. registering using D-Bus if possible.
author: "Barnaby Court (@barnabycourt)" author: "Barnaby Court (@barnabycourt)"
notes: notes:
- |
The module tries to use the D-Bus C(rhsm) service (part of C(subscription-manager))
to register, starting from community.general 6.5.0: this is done so credentials
(username, password, activation keys) can be passed to C(rhsm) in a secure way.
C(subscription-manager) itself gets credentials only as arguments of command line
parameters, which is I(not) secure, as they can be easily stolen by checking the
process listing on the system. Due to limitations of the D-Bus interface of C(rhsm),
the module will I(not) use D-Bus for registation when trying either to register
using I(token), or when specifying I(environment), or when the system is old
(typically RHEL 6 and older).
- In order to register a system, subscription-manager requires either a username and password, or an activationkey and an Organization ID. - In order to register a system, subscription-manager requires either a username and password, or an activationkey and an Organization ID.
- Since 2.5 values for I(server_hostname), I(server_insecure), I(rhsm_baseurl), - Since 2.5 values for I(server_hostname), I(server_insecure), I(rhsm_baseurl),
I(server_proxy_hostname), I(server_proxy_port), I(server_proxy_user) and I(server_proxy_hostname), I(server_proxy_port), I(server_proxy_user) and