Warning message

Log in to add comments.

The Satellite Blog is a place for the Engineering team to publish tips and tricks about how to use our products, videos which showcase new features, and to point users at new content on the Customer Portal.

Latest Posts

  • Satellite 6.2.10 is released

    Authored by: Rich Jerrido

    Satellite 6.2.10 has been released today. 6.2.10 introduces many fixes based on customer cases and feedback. There is one erratum for the server [1] and one for the hosts [2]. The install ISOs will be updated next week at the earliest.

    Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3].

    PLEASE NOTE: Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in the release before upgrading. Their hotfixes may be overwritten if they upgrade. Please reach out to the Satellite team if you are unsure.

    The list of bugs fixed in in 6.2.10 include:

    • The refreshing of manifests process has been improved with several bug fixes and enhancements such as subscription refreshes and a confirmation dialog. (BZ#1455154, BZ#1455199, BZ#1393580, BZ#1436242, BZ#1266827)
    • The upgrade process will now execute foreman-rake katello:correct_repositories for the user. (BZ#1446713, BZ#1365223, BZ#1375075, BZ#1425437)
    • The subscription status is now consistent across the web UI and CLI. (BZ#1371605)
    • Memory leaks in OpenSCAP and the tasks plug-in have been resolved. (BZ#1432263, BZ#1412307)
    • Updating a content set associated to a pool with very large numbers of entitlements caused Candlepin to run out of memory. Consequently, updating a custom product with a large number of hosts took a long time. This bug has been fixed and Candlepin performance is now improved in the scenario described. (BZ#1435809)
    • Previously, when applying two errata to one thousand hosts the Gofer Agent daemon (goferd) sometimes terminated unexpectedly with a segmentation fault. The code has been improved and goferd no longer fails in the scenario described. (BZ#1418557)
    • Several fixes have been made to remote execution. (BZ#1387658, BZ#1417978, BZ#1422690, BZ#1449830, BZ#1413966, BZ#1390931, BZ#1438601)
    • Capsule synchronization was failing after upgrade for certain library configurations. These cases have been fixed. (BZ#1456446, BZ#1456559)

    [1] https://access.redhat.com/errata/RHBA-2017:1553
    [2] https://access.redhat.com/errata/RHBA-2017:1554
    [3] https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/installation-guide/chapter-6-upgrading-satellite-server-and-capsule-server

    Posted: 2017-06-20T19:13:25+00:00
  • Satellite 5.8 cdn-sync Performance

    Authored by: Grant Gainey


    Red Hat Satellite 5.8.0 comes with a new way to synchronize channel-content from Red Hat: cdn-sync. Unlike satellite-sync, which synchronizes content (i.e. channels, packages, errata, and kickstart trees) from RHN Classic servers, cdn-sync retrieves content from Red Hat's CDN servers (the same source which is used by systems registered via subscription-manager). cdn-sync command attempts to keep option parity with satellite-sync where it makes sense to do so.

    Although Satellite 5.8.0 itself (when running in connected mode) now registers to Red Hat using subscription-manager, clients registered to Satellite continue to use the RHN Classic tooling (e.g. rhn-register).

    While the content-sources differ between satellite-sync and cdn-sync, the goal is to end up with the same results in the Satellite doing the synchronizing. Red Hat is aware of some discrepancies between the two content-sources, and is working on making them consistent. Also, as content is structured differently on CDN, the cdn-sync-mapping package was added, which maps content locations (i.e. repositories with packages or kickstart trees) on CDN to matching channels on Satellites.

    Performance Comparison

    Tests were run concurrently on the same hardware (4 x Intel(R) Xeon(R) CPU E3-1220 V2 @ 3.10GHz, 8 GB RAM) located in same lab. The operating system was a fully updated Red Hat Enterprise Linux 6 Server.

    The tables below show the results from a comparison of sync times for the "Red Hat Enterprise Linux Server (v. 7 for 64-bit x86_64)" repository. The comparison is between the following commands:

    5.8.0 Beta (build 20170330) and the 5.8.0 Release Candidate (build 20170515): cdn-sync -c rhel-x86_64-server-7
    5.6.0 and 5.7.0: satellite-sync -c rhel-x86_64-server-7

    Satellite version time cdn-sync/satellite-sync -c rhel-x86_64-server-7
    Red Hat Satellite 5.6.0 13 hours, 8 minutes, 9 seconds
    Red Hat Satellite 5.7.0 13 hours, 8 minutes, 10 seconds
    Red Hat Satellite 5.8.0 Beta 3 hours, 20 minutes, 28 seconds
    Red Hat Satellite 5.8.0 RC 1 hour, 51 minutes, 7 seconds

    (On the 5.8.0 Beta, sync was without 7.3 kickstart tree, due to a beta bug)


    Initial sync of a channel takes far less time on Red Hat Satellite 5.8.0 when compared to 5.7.0 or 5.6.0 (around two hours instead of thirteen, assuming a fast connection to cdn.redhat.com). This is primarily the result of the switch to the CDN-based syncing tool cdn-sync, which retrieves content from the content distribution network, fetching content from a source that should be closer to your Satellite Server.

    Posted: 2017-06-19T19:47:38+00:00
  • Satellite 5.8 is released

    Authored by: Rich Jerrido

    Red Hat Satellite 5.8 now generally available

    Today, Red Hat is pleased to announce the general availability of Red Hat Satellite 5.8, the last minor release of the Satellite 5 product line. Red Hat Satellite 5.8 builds upon 10 years of enterprise-proven successes, offering a complete lifecycle management solution to help keep Red Hat infrastructure running efficiently and with greater security, helping to reduce costs and overall complexity. Red Hat Satellite 5.8 is now available to all customers with an active Satellite subscription.

    Red Hat Satellite 5.8 introduces several new features, enhancements and programs, including:

    • Increased speed with channel install and content syncing. For the first time in Satellite 5, customers can now register, activate and update the Satellite server from the Customer Portal, as well as synchronize content via the Red Hat Content Delivery Network. Read more about the improvements in content synchronization in this blog post
    • Improved diagnostics of background tasks and jobs. Red Hat Satellite 5.8 Introduces the Taskotop utility, which monitors Taskomatic activities and provides insights and information on the status of jobs, which can now run background tasks individually or in bulk.
    • Updated support of Oracle DB and PostgreSQL. Red Hat Satellite 5.8 offers expanded support for two additional databases -- External Oracle Database 12c and Embedded/Managed PostgreSQL 9.5 DB.
    • Extended lifecycle support beginning in 2019. Satellite 5.8 is the only minor release of the Satellite 5 product line to offer an Extended Lifecycle Support option beginning in early 2019.

    Content Delivery Network Sync process:

    The CDN sync process used by Satellite 5.8 is configured to work with products that are available in Satellite 5 today and are not at their end-of-life (EOL). All currently mirrored content will be available after upgrading to Satellite 5.8, but after the upgrade you will not be able to re-sync content that is at
    or beyond its EOL. If you are planning a new install of 5.8 rather than an upgrade, and need to be able to sync this content, contact your account team to determine the best practices for your situation.

    For more information on Satellite 5.8:

    Posted: 2017-06-19T19:35:28+00:00
  • Satellite 6.2.9 is released

    Authored by: Rich Jerrido

    Satellite 6.2.9 has been released today. 6.2.9 introduces many fixes based on delivering high priority fixes and RFEs. There is one erratum for the server [1] and one for the hosts [2]. The install ISOs will be updated later this week.

    Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions at [3]. Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in the release before upgrading. Please reach out to the Satellite team in these cases.

    The list of bugs in 6.2.9 are:

    • The katello backup script no longer stops services unnecessarily and does not reset directory permissions. (BZ#1388145, BZ#1399244)
    • Several issues with the bootstrap script have been addressed. (BZ#1361339, BZ#1422236, BZ#1422756, BZ#1425606)
    • Performance improvements have been made to many parts of the application. (BZ#1428307, BZ#1388296, BZ#1419667, BZ#1422304, BZ#1427618, BZ#1328984, BZ#1402423)
    • Satellite can now pull down the correct Certificate Authority when provisioning against RHEV 4.0. (BZ#1370169)
    • Users will now be able to configure content synchronization to force a resynchronization of content. (BZ#1427618)
    • Multiple bugs with Host navigation were addressed. (BZ#1408438, BZ#1408555, BZ#1432184)
    • The installer will no longer delete virtual machines during the upgrade process. (BZ#1418892)
    • Session IDs have been introduced to the logs, and other logging improvements were also made. (BZ#1408420, BZ#1429642, BZ#1367162)
    • Large files can now be uploaded into Satellite repositories. (BZ#1404345)
    • Satellite has improved how it cleans up content during synchronization and promoting. (BZ#1307207, BZ#1409856, BZ#1417689)
    • Remote Execution has been enhanced to support alternative ports per host. (BZ#1426709)
    • A few improvements were made to Smart Variables. (BZ#1382356, BZ#1353968)
    • The upgrade process has been improved based on customer feedback. (BZ#1389802, BZ#1419721, BZ#1390931)
    • Customers can now delete cloned roles. (BZ#1353788, BZ#1378544)
    • In Satellite 6.2.7, the "foreman-rake katello:reindex" script was renamed to "katello:reimport". This update adds a depreciation warning that "foreman-rake katello:reindex" is now "katello:reimport", and that "katello:reindex" will be removed in Satellite 6.3.

    Please reach out with any questions or concerns.

    • [1] https://access.redhat.com/errata/RHBA-2017:1191
    • [2] https://access.redhat.com/errata/RHBA-2017:1192
    • [3] https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/installation-guide/chapter-6-upgrading-satellite-server-and-capsule-server
    Posted: 2017-04-30T14:05:02+00:00
  • Red Hat Satellite 5.8 Beta Now Available for Testing

    Authored by: Bryan Kearney

    Red Hat Satellite 5.8 Beta Now Available for Testing

    The Red Hat Satellite team is pleased to announce the beta release of Red Hat Satellite 5.8.

    The Satellite 5.8 Beta represents the last minor release of the Satellite 5 product line. For customers planning to stay on Satellite 5 through the end of production and access extended life cycle support in early 2019, we encourage you to test the Satellite 5.8 Beta to plan your eventual upgrade.

    WHAT’S COMING IN 5.8?:

    • Increased speed with channel install and content syncing: Register, activate and update the Satellite server from the Customer Portal, as well as synchronize content via our Content Delivery Network.
    • Improved diagnostics of background tasks and jobs: Introducing the Taskotop utility, which monitors Taskomatic activities and provides insights on the status of jobs, which can now run individually or in bulk.
    • Updated support of Oracle DB & PostgreSQL: Receive expanded support for two additional databases -- External Oracle Database 12c and Embedded/Managed PostgreSQL 9.5 DB.


    The Red Hat Satellite 5.8 beta is now available to all customers with an active Red Hat Satellite subscription. To learn more and request temporary beta subscriptions, please visit: https://access.redhat.com/products/red-hat-satellite/beta

    NOTE - Only your company’s Org Admin can request and receive access to the additional beta subscriptions.


    Posted: 2017-04-06T15:02:21+00:00
  • Questions and Answers from the February 2017 Satellite Ask-Me-Anything session

    Authored by: Rich Jerrido

    Satellite 6 Ask Me Anything FAQ

    As promised, listed below are the responses to the questions we received in our Feb 2017 Satellite Ask Me Anything session.

    AMA Feb Questions

    January AMA Q&A: https://access.redhat.com/blogs/1169563/posts/2918221

    Next steps: Create 2nd blog post before Tuesday AMA (linking to January Q&A as reference); Later in March, create Satellite 6 Technical FAQ

    Content Views

    Question: Does a composite content view duplicate all content in the content views it contains?
    Answer: No. Content views (and composite views) are merely references to the content on disk. RPM are only stored once on disk. Each content view does having unique yum metadata, but this is measured in the 10s of megabytes.

    Question: What are the best practices for creating a content view?
    Answer: See 2015 - 10 Steps to Build an SOE: How Red Hat Satellite 6 Supports Setting up a Standard Operating Environment https://access.redhat.com/articles/1585273


    Question: Puppet Enterprise only supports integration with Satellite 6 for RHEL 7 or higher puppet masters. Is there any way for RHEL 6 PE users to integrate Satellite with Puppet Enterprise?

    Answer: The integration module is available only for RHEL7 Puppet Masters.

    Question: Is a Continuous Integration/Deployment Workflow possible with Jenkins, r10k and Git possible with Puppet in Satellite 6?

    Answer: Yes. Take a look at the soe-ci to see an example of how one can implement a CI/CD workflow with Satellite 6 + Jenkins

    Question: Is puppet required for provisioning?
    Answer: No

    Install & Upgrades

    Question: I have upgraded my Satellite server from 6.1 to 6.2. However, when viewing my Satellite under access.redhat.com and Subscriptions, it still shows my Satellite Server as version 6.1. Is this serious?

    Answer: It is not serious and you should not be concerned. This is a known bug that will be addressed in future releases of Satellite 6.

    Question: How to automate the installation of RHEL in an environment where dns and dhcp already exists?

    Answer: Simply do not install the DNS and DHCP components on the Satellite.

    Question: We have a number of clients with hostnames that include underscores (''). These clients reported in fine to Satellite 6.1. In order to upgrade to 6.2, I had to delete them in order for the upgrade to be successful. I now find that I cannot add them back. What has changed and why?
    Answer: In Satellite 6.0 and 6.1, there were two definitions of a host, one that was used for provisioning/configuration and another that was used for content/subscription. The content/subscription definition allowed hostnames that were arbitrary, and those could include shortnames & other characters (such as underscores). In Satellite 6.2, one of the major changes was that these definitions were unified, and all hostnames needed to be proper FQDNs. As part of bz1426424, bootstrap.py will allow you to supply an arbitrary hostname when registering that differs from your configured hostname.


    Question: We have certain organizations within our organization, which would like to manage their own hosts. How does this work in Satellite 6.x and what's needed to setup multi-org?

    Answer: For each organization, you need to

    • Create a subscription manifest in the Customer Portal
    • Create a new organization in Satellite
    • Import the subscription manifest.

    Question: Is there a way to avoid duplication of sync'd repo data between organizations? We have multiple organizations, and each org seems to need a new copy of repos that are already present in other organizations.

    Answer: RPMs are already deduplicated between organizations. However, each organization needs to 'sync' the repositories that they wish to use in order to get their own copy of them.

    Disconnected Satellites

    Question: My customer is air-gapped from the internet. How can I transfer patches/errata from one Satellite to customer air-gapped Satellite?

    Answer: See Red Hat Satellite 6.2 Feature Overview: Inter-Satellite Sync

    Question: If I have an air-gapped DMZ where I deploy a separate Satellite, will I need to get my subscriptions split as well?

    Answer: Each Satellite will require its own subscription manifest. However, you only need to allocate the subscriptions required to manage each host to the respective Satellite.


    Question: What do I need in Satellite 6 to execute remote commands on the guest?

    Answer: SSH Keys need to be setup for each host. Many methods on how to deploy these keys are described in Making systems ready for Satellite 6.2's remote execution

    Question: Any way to extract metadata from Foreman using either hammer or other utilities? I'd like to update our CMDB with this information.
    Answer: Yes, depending on which data you are looking for, this will be accessible via hammer or via the API. Note: hammer can output to CSV, YAML or JSON.

    Question: When should we expect system profile backup feature in Satellite 6?
    Answer: This is currently not planned for an upcoming release of Satellite.

    Question: What do I need to configure our install in order to enable reporting for all hosts under the Host tab?

    Answer: Reporting refers to 'configuration management' reporting. Puppet needs to be installed for this.

    Question: I just applied an errata to a group of systems and it broke and application. How do I figure out what packages were installed if I do not have a profile backup to compare?

    Answer: Each job such as an errata installation submits a background task. You can view these tasks (via Monitor->Tasks) to see which packages were installed.

    Question: We have several VMWare vCenters. What is your recommendation on creating Compute Resources? Should I create 1 Compute Resource for each vCenter?

    Answer: Compute Resources only support a single vCenter, so 1 Compute Resource per vCenter.

    Posted: 2017-03-14T09:36:28+00:00
  • SPECIAL OFFER - Red Hat Satellite 6 Administration Video Classroom

    Authored by: Alice Cockrum

    Newly launched this week is the Red Hat Satellite 6 Administration (RH403) Video Classroom course! Red Hat is offering a discount of 20% off the video classroom course if you register before August 31st, 2017.

    Why did we launch a Satellite 6 video classroom course?
    Video classrooms provide you with an interactive "classroom" experience, anywhere you choose. When traveling to an in-person class and spending a week away from the office isn't feasible, having a self-paced video training option is a great alternative. The video classroom courses are led by our most experienced Red Hat certified instructors, recorded in high definition (HD) video, giving you a virtual "in-classroom" setting. You get 90 days of unlimited access to course videos, 80 hours of cloud-lab access, full and searchable transcripts, high-quality, hands-on lab environments, email support, video functionality, and eBooks with your course content.

    What will I learn during the RH403 course?
    Students will use Satellite 6 to manage the software development life cycle of a subscribed host and its configuration, and learn how to provision hosts integrated with software and Puppet configuration management upon deployment. This includes:
    - Installing Red Hat Satellite 6.
    - Manage software with Satellite environments and content views.
    - Create custom RPM packages.
    - Use Satellite to configure hosts with Puppet.
    - Provision hosts with integrated software and configuration management.

    Who should consider signing up for RH403?
    We recommend this course for Red Hat Enterprise Linux system administrators responsible for the management of multiple servers.

    I'm ready to sign up -- give me instructions!
    - Visit the Red Hat Satellite 6 Administration (RH403) course page.
    - Select your country in the “You are viewing information for” dropdown.
    - Select the “How will you train/test” dropdown and select the “Video Classroom” and then select “Get Started” or “Enroll”.
    - Select “Add to Cart” and begin the checkout process.
    - Once you arrive at the payment page, select your payment method and then use the following code Promotion Code section: RedHatSatellite6_20_170831
    - Finish the process, and you should be all set!

    Are there rules or restrictions related to this offer?
    There always are! Below are the terms and conditions for this promotion:
    - Applies to new RH403 registrations made between March 13, 2017 and August 31, 2017.
    - Valid only for Red Hat Satellite 6 Administration (RH403) video classroom course.
    - Discounts are based on full list price and will be calculated based on local currency.
    - Courses purchased using Red Hat Training Units are excluded.
    - This offer cannot be combined with any other promotions, discounts or savings programs.
    - Red Hat reserves the right to change or cancel this promotion at any time.

    Good luck with the course, and let us know your feedback of the new video classroom training option!

    Posted: 2017-03-13T13:55:23+00:00
  • Satellite 6.2.8 is released

    Authored by: Rich Jerrido

    Satellite 6.2.8 has been released today as part of RHBA-2017:0447

    Customers who have already upgraded to 6.2 should follow the instructions in the errata. Customers who are on 6.1.x should follow the upgrade instructions in the Installation Guide. Customers who have received hotfixes should verify the list below to ensure their hotfix is contained in the release before upgrading. Please reach out to the Satellite team in these cases.

    A number of significant improvements are delivered in this release. A few of these are mentioned below:

    Notification of Subscriptions which require virt-who.

    On the Subscriptions page in the UI, Satellite now prominently displays if a subscription requires virt-who.

    Click to enlarge


    Additionally, when importing a subscription manifest that contains subscriptions that require virt-who, the user is directed to the Customer Portal for guidance & documentation regarding virt-who configuration. BZ139544

    Applying Custom Configuration via the installer

    Satellite 6.2.8 now allows the administrator to customize files that the installer manages. Previously, if installer managed files such as /etc/httpd/conf/httpd.conf was manually modified, these changes were reverted on the next installer run. With Satellite 6.2.8, a means to customize these files (and maintain their changes) is provided. Read more in Satellite 6.2 Feature Overview: Applying Custom Configuration via the installer.

    Red Hat Insights Weekly Summary Emails

    The feature is designed to send emails to local users of Insights in
    Satellite. A single summary email will be sent every week for each
    organization per user when all of the following conditions are met:

    • Insights is enabled in the organization
    • At least one host is subscribed to Insights in the organization
    • The user has subscribed to Insights notifications (In UI, top right
      hand corner, select -> My Account ->Email Notifications ->
      (Select "subscribe" for "Insights Notifications" )
    • Your Satellite is correctly configured to send emails

    Remote Execution can be configured to prefer FQDN versus IP

    In many deployments of software clusters, such as Pacemaker, HP Serviceguard, and Oracle's RAC, virtual IP addresses are shared between multiple physical systems. Previously, Remote Execution used the host's IP address to connect to the system. This was troublesome in clustered deployments as some of the IP addresses are shared and 'float' between physical systems. This had the net effect that Remote Execution jobs could be scheduled on a undesired host in the cluster.

    With Satellite 6.2.8, Remote Execution now uses the Fully Qualified Domain Name as the default method to connect to hosts. Host can be configured to use the previously method by setting the remote_execution_connect_by_ip parameter to true, globally, or at the host/hostgroup level. BZ1402432

    Dashboard & Widget improvements

    A number of improvements to the dashboard were delivered in 6.2.8, including, but not limited to:

    • Performance improvements to the latest events dashboard Widget
    • Dashboard search previously failed with foreman_discovery installed. This has been resolved.
    • In many cases, the dashboard failed if the user had a filtered role. This has been resolved
    • Dashboard widget data is now lazily loaded.

    Upgrade Notes

    In addition, customers who upgraded directly from 6.1 to 6.2.7 may be seeing an issue with their capsules. Please see this KCS before upgrading.

    Full list of fixes & enhancements in 6.2.8 are:

    • Dashboard performance improvements from 6.3 have been backported to 6.2.z. (BZ#1413361, BZ#1232877)
    • Several upgrade issues have been addressed. (BZ#1420626, BZ#1419511, BZ#1418747, BZ#1387776, BZ#1404348)
    • Multiple performance issues have been addressed in the UI and Hammer. (BZ#1399765, BZ#1393611, BZ#1395777, BZ#1383378)
    • Provisioning on Atomic Host through a proxy has been fixed. (BZ#1406506, BZ#1366134)
    • Red Hat Insights will now send emails to Satellite users (BZ#1403979)
    • Several issues in Remote Execution have been addressed (BZ#1402432, BZ#1392948, BZ#1388696, BZ#1378915)
    • The installer has been improved to support arbitrary configuration options. (BZ#1305782)
    • Fixes for RHV 4.0 and VMware compute profiles are included (BZ#1393928, BZ#1394290)
    • Several broken Hammer commands have been fixed (BZ#1420673, BZ#1023127, BZ#1372372)
    • Multiple bugs around Content Management have been addressed (BZ#1329689, BZ#1414149, BZ#1388618, BZ#1388173, BZ#1385800, BZ#1371406, BZ#1291960, BZ#1405085, BZ#1355752, BZ#1346816)
    • Several bugs around provisioning have been addressed (BZ#1403393, BZ#1412951, BZ#1406362, BZ#1386334, BZ#1335604)
    • The katello-backup tool now correctly handles re-using the same target directory (BZ#1377636)
    • Navigating to the products page from certain other pages would result in an error. This has been resolved. (BZ#1411800)
    • Users can now search the audit log by type (BZ#1406175)
    • Registration failures due to unexpected hardware facts have been addressed (BZ#1363749, BZ#1405614)
    • Promotion emails were not being sent, and should now work (BZ#1369817)
    • The subscription page will now make it apparent that the user should set up virt-who (BZ#1393544)
    Posted: 2017-03-06T10:33:52+00:00
  • Subscription-manager for the former Red Hat Network User: Part 12 - Subscription Reporting Tools

    Authored by: Rich Jerrido


    One of the big changes with Satellite 6 and also Red Hat Subscription Management (RHSM) is that the tools now maintain an accurate inventory of what systems are consuming which subscription. This document will illustrate how to use hammer and other tools to extract subscription consumption information from Satellite. This information is useful for audit/reporting and other usages.


    It is important that you have read (or understand) the concepts as presented in:


    One of the most common questions we get is 'How can I see which systems are using which subscription?'. Introduced as a supported tool in Satellite 6.2.2, hammer-cli-csv, can be used to export subscription consumption usage. It can also be used as part of the renewal process to attach subscriptions based upon the contents of a CSV file (as described in Subscription-manager for the former Red Hat Network User: Part 6 - understanding and improving the renewal experience). For now, we'll focus on the export functionality.

    Note: some earlier versions of hammer-cli-csv didn't respect hammer's request_timeout value. This was addressed via RHBA-2017:0197. If you are running Satellite 6.2.7 or newer, you have this erratum already. If you aren't, you'd need to apply it if you are exporting large numbers of hosts.

    Firstly, let's run hammer to export subs

    hammer csv content-hosts \
     --export \
     --file content-hosts-export.csv \
     --itemized-subscriptions \
     --verbose \
     --organization Example

    NOTE If you haven't setup hammer's configuration file to store username/password & server, it connects to https://localhost and uses admin as the username.

    The command above writes content-hosts-export.csv to the current directory

    cat content-hosts-export.csv
    Name,Organization,Environment,Content View,Host Collections,Virtual,Guest of Host,OS,Arch,Sockets,RAM,Cores,SLA,Products,Subscription Name,Subscription Type,Subscription Quantity,Subscription SKU,Subscription Contract,Subscription Account,Subscription Start,Subscription End,Subscription Guest
    kvm01.example.com,Example,Infrastructure,RHEL7_Infra,"",No,,Red Hat Enterprise Linux Server 7.3,x86_64,1,16316756,2,"",69|Red Hat Enterprise Linux Server,"Red Hat Enterprise Linux Server, Premium (1-2 sockets) (Unlimited guests) with Smart Management",Red Hat,1,RH0149450,11002744,5699795,07/04/2016,07/04/2017,

    Below is an explanation of each of the fields. Note: A full example report is attached to this blog post.

    Item Details Notes
    Name Name of the host
    Organization Organization the host resides in
    Environment Lifecycle Environment of the Host
    Content view Attached Content View
    Host Collections list of 1 or more Host Collections that the host is a member of (comma separated)
    Virtual is the host virtual or physical (as reported by subscription-manager facts)
    Guest of Host on which hosts does the guest reside
    OS Operating system (as reported by subscription-manager facts)
    Arch Architecture (as reported by subscription-manager facts)
    Sockets Sockets (as reported by subscription-manager facts)
    RAM Memory (as reported by subscription-manager facts)
    Cores Cores (as reported by subscription-manager facts)
    SLA Service Level Agreement
    Products Installed Products (from /etc/pki/product*) (comma separated) Covered in Subscription-manager for the former Red Hat Network User: Part 8 - product certificates
    Subscription Name Canonical name of the subscription (as reported by subscription-manager, rct and the UI)
    Subscription Type what type of subscription There are 3 types (Red Hat, Red Hat Guest [for derived subscriptions], and Custom [for 3 party products])
    Subscription Quantity Quantity of attached entitlements Instance based subs counting is interesting see Subscription-manager for the former Red Hat Network User: Part 10 - Instance Based Subscriptions
    Subscription SKU Stock Keeping Unit (SKU)
    Subscription Contract Contract number of the subscription
    Subscription Account Which account are these subscriptions from.
    Subscription Start When does the subscription start
    Subscription End When does the subscription end
    Subscription Guest Host constraint of this subscription only guests of the listed host can use this subscription.

    Expanding hammer-cli-csv to report on custom fields

    While the report above is useful for most use cases, maybe you have a need to report on fields that aren't in the default report.

    Example: I want to create a simple custom report that shows that prints the host name, subscription status, and CPU model name.

    In /etc/hammer/cli.modules.d/csv.yml (or your user's local hammer config file) add:

      :enable_module: true
            - :name: Subscription Status
                - subscription_status_label
            - :name: Last Checkin
                - subscription_facet_attributes
                - last_checkin
            - :name: CPU Model Name
                - facts
                - proc_cpuinfo::common::model_name

    Then run a hammer export

    hammer csv content-hosts \
     --export \
     --columns "Name,Subscription Status,CPU Model Name" \
     --file custom_report.csv

    And let's look at the report.

    Name,Subscription Status,CPU Model Name
    kvm01.example.com,Fully entitled,"Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz"

    How do I know what properties to use in my configuration file?

    Any property of the object that your are exporting can be used via hammer csv. In this example, we are exporting data from a (content) host, so any of a (content) hosts properties is valid. Lets look at a host kvm01.example.com via the API to see all of its properties.

    curl -sk \
     -u admin:[redacted] https://satellite.example.com/api/hosts/kvm01.example.com  | json_reformat
         "ip": null,
         "environment_id": 3,
         "environment_name": "KT_Example_infrastructure_rhel7_infra_2",
         "last_report": "2017-02-19 13:00:41 UTC",
         "mac": "b8:ae:ed:7d:0b:aa",
         "realm_id": null,
         "realm_name": null,
         "sp_mac": null,
         "sp_ip": null,
         "sp_name": null,
         "domain_id": 1,
         "domain_name": "example.com",
         "architecture_id": 1,
         "architecture_name": "x86_64",
         "operatingsystem_id": 9,
         "operatingsystem_name": "RedHat 7.3",
         "subnet_id": 1,
         "subnet_name": "Infrastructure",

    Any of the above can be used.

    Hammer as an ad-hoc reporting tool.

    Hammer has a few functionalities that make it useful for ad-hoc reporting. As an example, you may not need system level subscription report, but you may want to know 'of the subscriptions that I've purchased, how many are in use (and conversely, how many do I have free?'). You can do this with hammer, specifically hammer subscription list. Hammer can output to a number of formats, including CSV, YAML and JSON.

    hammer --output json subscription list \
      --organization Example
      "ID": 251,
      "UUID": "2c9180935a41d344015a513e4fcd0c1d",
      "Name": "Red Hat Enterprise Linux for Virtual Datacenters with Smart Management, Standard",
      "Contract": 11002776,
      "Account": [REDACTED],
      "Support": "Standard",
      "Quantity": "Unlimited",
      "Consumed": 0,
      "End Date": "2017-07-04T03:59:59.000+0000",
      "Attached": 0
      "ID": 252,
      "UUID": "2c9180935a568fcf015a58992cce003b",
      "Name": "Red Hat Cloud Infrastructure with Smart Management, Premium (2-sockets)",
      "Contract": 11002794,
      "Account": [REDACTED],
      "Support": "Premium",
      "Quantity": "Unlimited",
      "Consumed": 0,
      "End Date": "2017-07-04T03:59:59.000+0000",
      "Attached": 0


    If you are still on Satellite 6.0 or Satellite 6.1, you do not have access to hammer-cli-csv. We provide in the Red Hat Satellite GitHub Organization the community supported sat6Inventory script, which is useful for subscription reporting for older versions of Satellite. Note: sat6Inventory does work with Satellite 6.2, but we prefer that you use hammer-cli-csv as that is the supported tool. And feel free to file RFEs against hammer-cli-csv.


    If you are using systems registered to Red Hat Subscription Managemen (RHSM), we provide, also in the Red Hat Satellite GitHub Organization the community supported rhsmTools repo, which has the rhsmShowConsumerSubs.py script, which is useful for subscription reporting for Red Hat Subscription Management. It reports subscriptions attached to any consumer registered to RHSM. These include systems (type system) & subscription management applications (type SAM and Satellite)

    Further reading

    Posted: 2017-02-21T14:29:47+00:00
  • Questions and Answers from the January 2017 Satellite Ask-Me-Anything session

    Authored by: Rich Jerrido

    Satellite 6 Ask Me Anything FAQ

    As promised, listed below are the responses to the questions we received in our Jan 2017 Satellite Ask Me Anything session. We are running another Ask Me Anything on 14 Feb, so feel free to join us again.


    Question: On the subscription comments... you have to give it a subscription id with hammer. I have a bunch of VMs that came in with the wrong license that should be under the datacenter model. The only way I've found to fix this through the UI remove the subscription and then run auto attach. Shouldn't auto attach fix this on it's own? Or virt who fix it? Is there a way for me to do this in bulk?

    Answer: Generally speaking, once a system has a valid subscription, the tools do not modify it. You can solve this in one of two manners:

    • Remove the subscription from the guest and do nothing. Within the rhsmcertd checkin interval, the guest will consume its hypervisors subscription. (Assuming it has been reported via virt-who)
    • Remove the subscription from the guest, and run auto-attach. With Satellite 6.2.2 and newer, you can do this ‘en masse’ for large numbers of hosts if needed.

    Question: How have subscriptions been remedied in 6.2? I'm currently looking into the upgrade as I have clients losing repo subscriptions.

    Answer: With Satellite 6.2.2 and newer, a number of tools were added to improve the subscription experience:
    - New CLI tooling to attach subscriptions to hosts (via hammer host)
    - New GUI tooling to perform subscription actions (run auto-attach, attach a specific subscription) on large numbers of hosts
    - New CLI tooling to import/export subscription status as a CSV file (for reporting, or modification).
    These are documented in Subscription-manager for the former Red Hat Network User: Part 6 - understanding and improving the renewal experience

    Question: How would I get a report out of Satellite mapping Guests to Hypervisors? The link I know is virt-who.....

    Answer: Assuming you are on Satellite 6.2.2 or newer, ‘hammer csv’ is the best command for this. Earlier versions of Satellite (6.0 -> 6.2.1) can use sat6Inventory

    Question: How do we start candlepin service and what is it for?

    Answer: Candlepin does entitlement management in Satellite 6. It tracks subscriptions, issues entitlement certificates (which provide access to content). Candlepin is started by default as it is a core part of the provide.

    Question: Is there a way to declarate hypervisor node on satellite to benefit datacenter licence without using virt-who ?

    Answer: Subscriptions that require virt-who have to be used with virt-who as the host/guest mapping needs to be created first.

    Question: Are there improvements in virt-who+candlepin coming in 6.3? We currently have a problem (on 6.2.2) where one of our vCenters have >80 hypervisors and more than a thousand linux servers (in Satellite): Candlepin uses >more than 4 minutes chewing through the host-to-guest mapping.

    Answer: There are a number of improvements that you should see in Satellite 6.2 regarding virt-who’s efficiency in larger environments. As virt-who is a critical piece of the subscription toolkit, fixes that impact customers are delivered asynchronously and aren’t always aligned with a product release.

    Question: If I'm having subscription issues, should I simply upgrade from 6.1.9 to 6.2.x or should I build a new environment fresh with 6.2.x?

    Answer: This is a matter of choice. The upgrade from 6.1.9 to 6.2.x is a supported method. If you’d want to build a 6.2 instance and move the clients over, the bootstrap script can do this for you.


    Question: is there an easy way to make a content view only contain the most recent rpms instead of all of them?

    Answer: Not currently.

    Question: I have been looking at Pulp, Katello, and Sat 6 as possible solutions. My question is, can I import non-RHSM channel RPMs into Sat 6 (like OEL (sorry not my choice ...) or Oracle ASMLib for our older RHEL servers)? In this area, Pulp appears to be maybe easier to work with?

    Answer: Satellite 6 includes Pulp as a core component, so the underlying tooling is the same. Satellite 6 can import RPMs from non Red Hat sources, and this is described in our (content management guide)[https://access.redhat.com/documentation/en/red-hat-satellite/6.2/paged/content-management-guide/chapter-5-importing-custom-content]

    Question: I would like to know how to stand up an automated patching methodology and timetable. Additionally, I'd like to know, if I am subscribed to the 7Server repo, how do I restrict my clients to just 7.2 (now that 7.3 is release)

    Restricting clients to a specific release can be done in one of two ways
    - Using content view filters
    - Using the special dot-release repos (7.1, 7.2, etc)

    Best practices for each repository type are described in Understanding Red Hat Content Delivery Network Repositories and their usage with Satellite 6

    Question: I look at my Sync Status and it says I have new packages for a product e.g. RHEL EPEL had 104(71.5) MB) last sync. How do I see exactly what packages were updated?

    Answer: Today, the best way to accomplish this is to increase pulp’s logging verbosity (in /etc/pulp/server.conf or via ‘hammer admin logging’), and which RPMs are downloaded are logged via syslog

    We have an outstanding RFE) to improve this and deliver this via an email report, similar to what we do for errata.

    Question: What's the best practice on CVs to create say a 7 server CV that contains, optional, extras etc + Oracle Java for RHEL Server

    Answer: A content view, at its core is ‘a grouping of repositories that are managed together’. As Optional, extras, oracle java are all additional repositories for the Base Operating System, it makes sense to combine them into a single CV.

    Question: I'm new to Sat 6 and am having trouble mapping the DevOps environment in Sat 6.x, into our current Sat 5 environment. We just need Satellite in order to manage/patch our Linux systems without the overhead of DevOps. Is that possible in Satellite 6?

    Answer: It depends on the use case. Some customers have rather structured workflows with the desire to move content through a lifecycle (Dev->Test->Prod). Others want a more relaxed workflow of “freeze a content view at a point in time”. Others want just access to the repositories, without freezing the content. Satellite supports them both.

    Question: I have a CV with custom products and RH errata excluding a date. A critical errata comes out which I want to add - I create an incremental view, eg version 10.1. I then want to add RPM's to the custom product. If I publish the view - version 11.0 - will it contain my critical errata added in 10.1?

    Answer: No. Content view versions do not ‘carry over’ changes made via an incremental update between versions. Thus, it is necessary in the scenario above that the administrator explicitly ensures that the errata that were incrementally added is included.

    Question: What's your recommendation about the creation of content views when satellite manage hundred servers ? Per project ? Per OS ? Per product ?

    Answer: Content view are ‘grouping of repositories that share a similar lifecycle’. Generally, you’d have a small number of CVs that represent a BaseOS, additional CVs to represent layered or 3rd party applications. And lastly, you’d use composite views to combine specific versions. (Say v4.0 of your RHEL6 CV + v2.0 of your web stack = v1 of RHEL6 + LAMP CCV)

    Question: How would I get a report out of Satellite mapping Guests to Hypervisors?

    Assuming you are on Satellite 6.2.2 or newer, ‘hammer csv’ is the best command for this. Earlier versions of Satellite (6.0 -> 6.2.1) can use sat6Inventory - https://github.com/RedHatSatellite/sat6Inventory

    Question: What is the recommended way to register host to Satellite 6 which wasn't provisioned from it ?

    Answer: The bootstrap script is the recommended way to register a host that wasn’t provisioned from Satellite.

    Question: When would you use Composite Content View and when just Content View ?

    Answer: Composite Content Views are useful when you have two types of content that are on different lifecycles. Example, your operating system is generally fairly static, but you may content such as a line-of-business (LOB) application which develops on a different cadence. Composite Content Views all you to match (for example) version 2.0 of your RHEL7 Operating System Build with version 52 of your LOB app to create version 1.0 of your ‘RHEL7 + App’ Composite Content View


    Question: We have Satellite 5.6, with a dev, stage and production groups, we plan to migrate to satellite 6.2, what would the transition process look like? Would we be able to use the same groups we have? what impact and updates would we need to do for the client servers?

    Transition is pretty straightforward.

    Firstly, you’d get your transaction subscriptions from the transition landing page. This allows you to build your Satellite 6 infrastructure in parallel to your Satellite 5. Next you’d setup your Satellite using the best practices for Satellite 6 such as via the 10 Steps to an SOE guide

    As far as grouping, Satellite 6 has Host collections, which are a direct equivalent to Satellite 5’s system groups. Additionally Satellite 6 has powerful searching allowing you to arbitrarily group systems and perform actions against them.

    Regarding the clients, once you have Satellite 6 configured to your liking, use the bootstrap script to migrate them.

    Question: In Sat 5 I could assign servers to any cloned channel (very flexible approach). In Sat 6 I am forced to move along environment paths (i.e. dev->test->uat->preprod->prod ). (Am I ?) Is there any way to have the flexibility from Sat 5 ?

    Answer: Yes. With Satellite 6, you effectively have two models to manage content for your systems:

    Yes. Customers usually fall into one of two disciplines:
    - define the workflow and move content to the systems.
    - define the content and create a workflow to move the systems to the content.

    The former uses lifecycle environments, the latter does not, if you are interested in doing the latter, you could (as an example):

    • create a content view named Q1_2016 with appropriate filters for Q1.
    • publish Q1_2016 view to the library
    • assign whatever systems to that view using hammer host update

    ...90 days later:

    • create a content view named Q2_2016 with appropriate filters for Q2.
    • publish Q2_2016 view.
    • assign whatever systems to that view.

    Repeat as necessary

    Question: have any tips/hints for least painful ways to port/migrate snippets from Sat 5.x to Sat 6.x to maintain functionality/investment in work we have already done? Sat trans guide was not a lot of help or the way it is described did not import cleanly into Sat 6


    Question: Do you have any good resources for openscap? Setup/content sources.
    Answer: The scap-security-guide which is shipped in Red Hat Enterprise Linux contains a number of good baseline policies that can be used as a baseline for SCAP. Satellite uses these by default.

    Question: How do you customize compliance policies? For example we're evaluating satellite now and when we run scans, they show failures for items like "install openswan" which does not apply to our systems. Can that be customized so that machines not show as failing compliance for items that do not apply?

    Answer: Compliance policies have the ability to be tailored using an (aptly named) tailoring file. These can be created using the scap-workbench tool. Satellite 6 doesn’t currently support a tailoring file (see bz1292510) , but we do have a document describing how to ‘respin’ a datastream file including your tailored changes. (https://access.redhat.com/solutions/2377951)

    Question: How do you make custom datastreams to install for OpenSCAP (especially for CIS benchmark)? For example, oscap ds sds-compose.

    Answer: You can convert any existing xccdf via oscap ds sds-compose. Alternatively, you can use the OpenSCAP policies that are included in the scap-security-guide package. (which are already in DataStream format)

    Question: OpenSCAP - Is it possible to apply multiple policies (ie, RHEL server base + Oracle), it looks like the current setup is a one-to-one mapping between Host Groups and SCAP policies

    Answer: A policy can apply to one or more host groups. In your example, you’d define two policies (one for RHEL, one for Oracle), and you’d assign BOTH to the host group in question.


    Question: Can you review how Ansible is going to be integrated with Satellite, and how you might recommend somebody start using Ansible now in a way that could be easily integrated later? ETAs on these things would be cool too.

    Answer: Red Hat Satellite 6 currently supports integration with Ansible Tower. We plan to provide integration of Ansible Core into Red Hat Satellite 6 in a future near-term release.

    Question: Will that cost extra to use Ansible in Satellite?

    Answer: Red Hat Satellite 6 currently supports integration with Ansible Tower today, and Ansible Tower is sold separately and have additional capabilities above/beyond Ansible Core. When we integrate Ansible Core technology, it will not cost extra for that functionality. Ansible Tower will remain a separate offering with a separate price.

    Question: Any chance for Chef integration into Satellite 6
    Answer: Integration with Chef is not currently on the Satellite 6 roadmap.

    Question: When Satellite 6.3 arrives will it be a normal upgrade from 6.2. I'm curious because of the addition of Ansible to the Satellite structure.

    Answer: The upgrade to Satellite 6.3 will be similar (with regards to the steps that are required) to the upgrade from Satellite 6.1 to 6.2. More or less, the process will be:

    • Disable Satellite 6.2 repo.
    • Enable Satellite 6.3 repo.
    • Perform some minor pre-upgrade checks.
    • Install 6.3 packages
    • run installer with the --upgrade switches.


    Question: Can you talk about Satellite HA and DR setups.

    Answer: Best practices for HA & DR setups can be found in our HA Guide

    Question: So HA requires 2 licenses for Satellite? I was also told that a capsule server could become Satellite in the case of a loss of Satellite. I have been told a few different things regarding this from RH employees.

    Yes, HA requires 2 subscriptions to Satellite. However, the second subscription is sold at 50% similar to a 'disaster recovery' subscription. Reach out to your account team for more details.

    In the event of a 'loss of Satellite', capsule servers cannot be 'promoted' to become Satellites.

    Question: What about HA options for Sat 6 ? Any active-passive supported configuration ?

    Answer: See our HA Guide


    Question: with bootstrap files, do we have to provide a user name/passwd in order to register a system using the bootstrap process

    Answer The information required by the bootstrap script is dependent on which features are being used. If you are registering a system and want to configure it with puppet (and in the correct organization/location/hostgroup), it requires a username/password to create the host record via the API. If you are merely registering the system for content, you can leverage the --skip-foreman switch which does not require username/password (only an activation key and organization)

    Question: Can you tell me what the difference is between 7Server and 7Server EUS repos? I get the 7.X and 7.X EUS repos differences, but the other ones?

    Answer: See Understanding Red Hat Content Delivery Network Repositories and their usage with Satellite 6

    Question: does the roadmap for Satellite 6.x include any support for using external DHCP providers beyond ISC DHCP? As an example Foreman can use a smart proxy to use an MS DHCP provider.

    Answer: Not currently.

    Question: If I use say 7.2 EUS repos, and I have a client who says, "Can I have version X.Y of Postgres?" that I discover is in 7.3 repo or 7.4 repo....how do I get that to them with dependencies resolved etc etc…

    Answer: That is difficult to do. As the 7.2 repo gets no content after 7.3 is released, there is no way for Satellite to 'backport' newer RPMs into a 7.2 repo. It is suggested for this usage to use the 7Server repo, locked to a specific date via content view filters, and selectively add errata as needed.

    Question: is it possible to run remote scripts as a non-root user? The default info for ssh keys appears to assume root can ssh to a system, which we can't do.

    Answer: You can set the effective user via the remote_execution_ssh_user setting/parameter.

    Question: Concerning Lazy sync when configured with "on demand", how will that work with available errata for clients?

    Answer: on_demand doesn't change anything in the errata workflow. Clients will still have errata applicability calculated based on their pubished content views and last Synchronization of the Satellite with the Red Hat CDN.

    Question: What is the preferred provisioning methodology when DHCP/PXE/TFTP are not available w/in the env...FDI is the path we are tracking down, is this a reasonable option or do you have a better suggestion? Trying to simulate as close to as possible our legacy kickstarts out of Sat 5.x

    Answer: Correct. PXE-Less Discovery is the path here. I'd suggest leveraging the Discovery Rules to further automate the provisioning process.

    Question: Can you use a pfx certificate as a custom certificate for Red Hat Satellite 6.2 or do you need to break them out in pem files?

    Answer: They need to be PEM files. Use the openssl command to convert them.

    Posted: 2017-02-09T22:49:02+00:00