how to create an outstanding patch per machine report for Satellite 6

Latest response

Does anyone know how to create a report for Satellite 6 the will display the same type of information that is displayed when I go out the REDHAT and look at my classic registration list. It lists how many Errata and how may packages need to be applied to the registered host. We find this info useful for planning and checking on our patch needs. Is there any help out there with this as the books are not a real big help.

Bob

Responses

I just got word from support that this is part of Satellite 6.1 but they are looking for a way to do this earlier.

Bob

https://access.redhat.com/discussions/528013 latest comment

@matthias: That is for Satellite 5.

I have created a script for Satellite 6. See https://access.redhat.com/discussions/1395523.

There are still open tickets for a bunch of these kind of things (but also a load of resolved ones) in the Katello issue tracker.

http://projects.theforeman.org/projects/katello/issues

I'd certainly expect this kind of functionality in 6.1 with more to come later. I'm waiting for the ability to report outstanding errata for a Production system by looking at all Errata that have arrived in the Library. Reporting against the current environment is OK, but doesn't then show Errata that are still only in Dev or Test for example.

Untill 6.1 is release and if it is not bugged, you might want to use "yum updateinfo list available"

The old way, on all of your servers then parse the results.

Is this feature available in Redhat Satelite 6.2?

This is trivial to do with Satellite 6.2 and newer:

Firstly, get a list of hosts. use the hammer host list command. Optionally, provide a search query to limit the number of hosts to a host collection or other subset of hosts

#HOST_LIST=$(hammer --output csv host list --search "host_collection = Infrastructure"| cut -f 2 -d ','| tail --lines=+2)

Then given that list of hosts, show their errata

#for host in $HOST_LIST; do echo $host; hammer host errata list --host $host; done
auth01.example.com
---|------------|------|-------|------------
ID | ERRATUM ID | TYPE | TITLE | INSTALLABLE
---|------------|------|-------|------------
kvm01.example.com
---|------------|------|-------|------------
ID | ERRATUM ID | TYPE | TITLE | INSTALLABLE
---|------------|------|-------|------------
monitoring.example.com
---|------------|------|-------|------------
ID | ERRATUM ID | TYPE | TITLE | INSTALLABLE
---|------------|------|-------|------------
rhevm.example.com
------|----------------|----------|----------------------------------|------------
ID    | ERRATUM ID     | TYPE     | TITLE                            | INSTALLABLE
------|----------------|----------|----------------------------------|------------
16931 | RHBA-2018:0597 | bugfix   | tzdata enhancement update        | true
16891 | RHSA-2018:0592 | security | Important: slf4j security update | true
------|----------------|----------|----------------------------------|------------
rhv-hypervisor1.example.com
------|----------------|--------|---------------------------|------------
ID    | ERRATUM ID     | TYPE   | TITLE                     | INSTALLABLE
------|----------------|--------|---------------------------|------------
16931 | RHBA-2018:0597 | bugfix | tzdata enhancement update | true
16882 | RHBA-2018:0580 | bugfix | glusterfs bug fix update  | true
------|----------------|--------|---------------------------|------------
rhv-hypervisor2.example.com
------|----------------|--------|---------------------------|------------
ID    | ERRATUM ID     | TYPE   | TITLE                     | INSTALLABLE
------|----------------|--------|---------------------------|------------
16931 | RHBA-2018:0597 | bugfix | tzdata enhancement update | true
16882 | RHBA-2018:0580 | bugfix | glusterfs bug fix update  | true
------|----------------|--------|---------------------------|------------

You can get creative with the API if you want, but this works too.

Thanks for the commands. but, Trivial? Really? Your definition of that word might need an edit.

Hi Rich, thanks a lot. Is it also possible to get list of installed errata (possibly with dates)?

Ho w can we create reports in satellite 6.2 ? I do not see any proper documentation

Satellite 6.3:

! /bin/bash

HOSTS=$(hammer host list | cut -d "|" -f2 | grep -v '---' | grep -v 'NAME') for HOST in $HOSTS; do hammer host errata list --host $HOST >> Errata_Reports.txt done

Quick fix on this since the inverse grep wasnt working.

! /bin/bash

HOSTS=$(hammer host list | cut -d "|" -f2 | awk '!/----------------/ && !/NAME/') for HOST in $HOSTS; do hammer host errata list --host $HOST >> host_errata_report.txt; done

Could do it with: grep -v -e '^---' -e 'NAME'; but nm look at this:

for h in $(hammer --output csv host list --organization myOrg|sed 1d|cut -f2 -d,); do echo -n $h,; hammer --output csv host errata list --host $h|sed 1d|wc -l ; done

Hopefully this is amusing for others to decipher...

Thanks for all the hints and mix of bash styles -- this is exactly what I needed. I plan to feed it to a JSON report for "all is well" alongside the CSV output for "what went wrong" detail. (I have to say, though, it's sorely in need of optimization because it's excruciatingly slow.)

If you want counts:

hammer --csv host errata list --host $content_host | awk -F',' '$3!="Type" {print $3}' | sort | uniq -c
    327 bugfix
     62 enhancement
     68 security

for i in hammer host list|cut -d'|' -f 2 | sed -e '1,3d'| sed -e '$d'; do echo -e $i hammer host errata list --host $i --search "type=security=Critical"; done | grep true | awk '{print $1}'

you can schedule cron job and send you alerts saying the following hostnames need Critical Security updates to be applied.

Hi, I like to inform this thread that Satellite 6.5 now has a reporting engine. Please see https://www.youtube.com/watch?v=sBciejh1G80

Hi, I'm looking for a customized patch compliance report based on monthly content-view. We create new content-views every month to patch the servers. Any help will be highly appreciated

In case it is any help to anyone, I run the following daily on my Satellite server from cron to create a nice HTML page report of outstanding errata. Somewhat crude code, but effective simple report:

#!/bin/bash

# Get list of hosts and outstanding errata from Satellite
hammer csv content-hosts --export --columns "Name,OS,Security Errata,Bug Fix Errata,Enhancement Errata" --file /var/www/html/pub/errata.all.csv.txt
# Remove the ESX hosts
egrep -v "^virt-who-" /var/www/html/pub/errata.all.csv.txt > /var/www/html/pub/errata.csv.txt

# Now create an html file from the CSV file
html_file=/var/www/html/pub/errata.html
( echo "<html>
<head><title>Contents Hosts Outstanding Errata</title>
</head>
<body>
<h1>Contents Hosts Outstanding Errata</h1>
<table border=1 cellpadding=4 rules=all>
  <TR>
    <TH>Host</TH>
    <TH>Operating System</TH>
    <TH>Security Errata</TH>
    <TH>Bug Fix Errata</TH>
    <TH>Enhancement Errata</TH>
  </TR>"

awk -F',' '$1!="Name"{print "<TR><TD><A HREF=https://my_satellite_server/content_hosts/"$1">",$1,"</TD><TD>",$2,"</TD><TD>",$3,"</TD><TD>",$4,"</TD><TD>",$5,"</TD></TR>"}' /var/www/html/pub/errata.csv.txt

echo "</table>

<p>This page generated `date`
<br>by `hostname -s`:$0
<br>by user `id`

</body>
</html>" ) > $html_file

# Allow world to see the data
chmod 644 /var/www/html/pub/errata.*

does this work for satellite 6.6

Hi Paul, I have automated our monthly patching including generating a list of errata and emailing. This looks like a nice addition. Regards, Peter

Don't know – we are still on Satellite 6.4, but are upgrading to 6.6 or 6.7 very soon. I would expect it to work – the only Satellite dependant bit is the hammer command, and the syntax and output format should not have changed. Give it a test.

How do you do this against a single host?

Hi Joseph, Assuming you have promoted the content view.

# hammer host errata list --host hostname.domain | grep '^[0-9]'
11101 | RHBA-2020:1982 | bugfix   | tzdata enhancement update                               | true
. . .
10503 | RHBA-2020:1205 | bugfix   | bind bug fix and enhancement update                     | true