Satellite 6.2.14 is now available
Red Hat Satellite 6.2.14 includes fixes for performance improvements and stability, as well as upgrade enhancements to make it easier to upgrade Satellite 6.2 to the upcoming Satellite 6.3 release.
There is one erratum for the server [1] and one for the hosts [2]. The install ISOs will be updated later this week.
Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions in the Satellite 6.2 Installation Guide. Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in the release before upgrading. Please reach out to Red Hat Support in these cases.
Fixes included in 6.2.14
Security Fixes:
- It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000111)
Bugs:
- Upgrades from Satellite 6.2 to Satellite 6.3 were failing due to the use of certificates with custom authorities. These upgrade paths now work. (BZ#1523880, BZ#1527963)
- Additional tooling is provided to support data validation when upgrading from Satellite 6.2 to Satellite 6.3. (BZ#1519904)
- Several memory usage bugs in goferd and qpid have been resolved. (BZ#1319165, BZ#1318015, BZ#1492355, BZ#1491160, BZ#1440235)
- The performance of Puppet reporting and errata applicability has been improved. (BZ#1465146, BZ#1482204)
- Upgrading from 6.2.10 to 6.2.11 without correctly stopping services can cause the upgrade to fail on removing qpid data. This case is now handled properly. (BZ#1482539)
- The cipher suites for the Puppet server can now be configured by the installation process. (BZ#1491363)
- The default cipher suite for the Apache server is now more secure by default. (BZ#1467434)
- The Pulp server contained in Satellite has been enhanced to better handle concurrent processing of errata applicability for a single host and syncing Puppet repositories. (BZ#1515195, BZ#1421594)
- VDC subscriptions create guest pools which are for a single host only. Administrators were attaching these pools to activation keys which was incorrect. The ability to do this has been disabled. (BZ#1369189)
- Satellite was not susceptible to RHSA-2016:1978 but security scanners would incorrectly flag this as an issue. The package from this errata is now delivered in the Satellite channel to avoid these false positives. (BZ#1497337)
- OpenScap report parsing resulted in a memory leak. This leak has been fixed. (BZ#1454743)
- The validation on the length of names for docker containers and repositories was too restrictive. Names can now be longer. (BZ#1424689)
- Goferd continues to leak memory when qdrouterd is not accessible. Was supposedly fixed as per bz 1260963 (BZ#1318015)
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
[1] https://access.redhat.com/errata/RHSA-2018:0273
[2] https://access.redhat.com/errata/RHBA-2018:0272
Satellite Migration from RHEL 6 to RHEL 7
As a reminder, Red Hat continues to strongly recommend your Satellite and Capsule Servers only be run on RHEL 7. There are several reasons why you should move your Satellite environment from RHEL 6 to RHEL 7 including enhanced performance and long term supportability.
Future releases of Satellite (6.3 and above) will only support RHEL 7 and above. In preparation for newer versions of Satellite you need to start thinking about how to move from older versions of RHEL to RHEL 7.
While RHEL 6 does support an in-place migration from RHEL 6 to RHEL 7, this migration mechanism is not supported when running Satellite on the RHEL host. Instead you will need to clone your Satellite environment from a host running RHEL 6 to another host running RHEL 7 .
Review the Satellite 6.2.13 release blog for more detailed information about moving your Satellite environment from RHEL 6 to RHEL 7. 6.2.13 includes some important features for capsule backup and recovery which helps to ease the movement from RHEL 6 to RHEL 7.

Comments
Hello,
i've just wanted to update my redhat satellite from 6.2.11 to 6.2.14. I'm facing the current dependency problem :
Error: Package: candlepin-selinux-0.9.54.26-1.el7.noarch (rhel-7-server-satellite-6.2-rpms) Requires: selinux-policy >= 3.13.1-102.el7_3.19 Installed: selinux-policy-3.13.1-102.el7_3.16.noarch (@rhel-7-server-rpms)
Unfortunately, my "rhel-7-server-rpms" repo is already up-to-date, the required package version is not present.
I've been able to found it where the package is embedded, it's part of RHEL 7.3 EUS :
http://download.rhn.redhat.com/errata/RHBA-2017-2436.html
Do i have to add RHEL 7.3 EUS repo to redhat satellite ? I'm really surprised to have to do that.
I finally updated to rhel 7.4 in order to fix the dependency issue.
@Frederic, this is expected. We test on the latest 7Server and 6Server line.
Will the Satellite 6.2.14 ISO be available sometime soon?
In 6.2.11 when it became available, no corresponding ISO was created. We waited well over a month (I think longer) and I put in a case. when 6.2.12 was released, they made the ISO concurrently available. Now with 6.2.14, the ISO is still not available. Some customers rely on the ISO for their disconnected satellite servers (under support from Red Hat).
Sadly, I've had to take the additional steps of making a repository sync of the satellite channel from Red Hat, and the RHSC (red hat software collection) channel and then present these to the new disconnected satellite server when I'm doing a clean install for a disconnected satellite. However, it would be nice just to have the ISO file released when the actuall minor release of the Satellite software itself to avert having to do repository syncs and do atypical loads of Satellite
“RHEL 6 to RHEL 7. 6.3.13”
Should be 6.2.13
Corrected. Thanks for pointing that out.
Any idea when the ISO will be available ?
There will be an ISO, but we can't share an exact date at this time. Will bump the post when it is available.
Thanks , As soon as 6.2.14 iso released in short time we got 6.3 as well. We upgraded our satellite and capsule 6.3. Faced few issues , but everything resolved and it is looking great now.
One feacture I would like to see is that , the local capsule should be able to connect to local VCenter for provisioning. Currently I have to connect the satellite server all the Vcenter in different datacenters even when we have a local capsule available..
Waiting for that feacture to be enabled :)
I would like to update my satellite server from 6.2.10 to 6.2.14 in RHEL7.3. Do I just apply yum update command for updating OS and Satellite?
Hi Joe,
It is not just yum update.
You will have to update the packages using yum update and then run satellite-installer --scenario satellite --verbose --upgrade
You have all the steps in "satellite installation" document. Please look for minor version upgrade session. It will be mentioned as Y stream upgrade.
Can we run Satellite 6.2.14 on RHEL 7.5 systems? Or do we need to stay on RHEL 7.4?
As far as I can tell, you can run Satellite 6.2.14 on RHEL7.5, so long as you have the right version of rubygem-rkerberos installed. I believe this is
rubygem-rkerberos-0.1.2-4.el7sat
I don't know what happens if you don't have that version. I got it as part of my standard yum update. Note that https://access.redhat.com/solutions/3401241 says you need rubygem-rkerberos-0.1.3-5.el7sat, but https://bugzilla.redhat.com/show_bug.cgi?id=1533621 states that rubygem-rkerberos-0.1.2-4.el7sat provides the fix (too).
See also: https://access.redhat.com/errata/RHBA-2018:1118
Hello, from Satellite 6.2.13 to 6.2.14 it's just 'yum update' or it'll be necessary to run 'satellite-installer --scenario satellite --verbose --upgrade' ?
Follow the Satellite docs; https://access.redhat.com/documentation/en-us/red_hat_satellite/6.2/html/installation_guide/updating_satellite_server_capsule_server_and_content_hosts
We are upgrading from Red Hat Satellite Version 6.1.12 to 6.2.X , We found one error while running the pre-upgrade check.
foreman-rake katello:upgrade_checkThis script makes no modifications and can be re-run multiple times for the most up to date results. Checking upgradeability...
Checking for running tasks... [FAIL] - There are 43 active tasks.
Checking the current version... [PASS] - Current version of the Katello Ruby RPM is 2.2.0.95 and needs to greater than or equal to 2.2.0.90
Checking content hosts... Calculating Host changes on upgrade. This may take a few minutes.
Summary: Content hosts to be preserved: 1327 Content hosts to be deleted: 174 rake aborted! Katello::Resources::Candlepin::Consumer: 410 Gone {"displayMessage":"Unit 44a5aaf0-d18d-4467-8051-26ba91427b4d has been deleted","requestUuid":"a63c0a03-c0d2-460c-b339-ece4a72d9a5a","deletedId":"44a5aaf0-d18d-4467-8051-26ba91427b4d"} (GET /candlepin/consumers/44a5aaf0-d18d-4467-8051-26ba91427b4d)
Tasks: TOP => katello:preupgrade_content_host_check (See full trace by running task with --trace)
Any insights ?
I am not a Satellite expert, but it looks like maybe data was deleted from Candlepin but not from Katello. I strongly suggest you open a support case so an expert can assist you with that situation.