Satellite 6: Filtered Content Views and Errata

Latest response

I'm in the process of building my new Satellite 6.1 environment, transitioning to it from 5.7 in the near future. I have it mostly up and running, doing things that I want it to do. However, I have come across a situation and wanted to ask the community for feedback and ideas. I have a ticket open with RH support as well.

The situation:
I have an oracle database environment that must remain on RHEL 6.5 due to 3rd party vendor support requirements. There is one dev server and two prod servers which are in a RAC.

I created a new content view and added all the 6Server repositories. Then I created a filter that excludes all errata that was released after 10/13/14, the day before 6.6 came out. Created a new view and published it to dev. It works how I would expect it to.

Even though these servers are locked at 6.5, I'm still required to apply critical errata unless that update requires an update past 6.5. To do this, I go into the Content > Errata menu in Satellite. This will show me all available errata that is applicable or installable to the client servers. Since the errata is filtered out in my content view, all errata released after 10/13/14 is available. I go through the list and select all critical errata as well as any errata identified by our internal vulnerability scanner as required. I click apply errata and it creates an incremental content view which I can them promote to dev and then later to prod. Everything is happy and patched as much as it can be.

That is, until I have to publish a new version. Say I add a new custom repository to the content view, I'd have to publish a new version of the content view to make it available to the servers. When I do this, the packages from my new repository are available, but none of the errata I had applied before (in the incremental version) are in this version of the content view.

If I build a new server to be a 3rd member of the RAC cluster, it'll only get whatever packages are in the content view version. None of the errata that was already applied to the other 2 servers would be available since I've promoted the prod lifecycle environment past the original incremental update. I'd have to go back through the errata menu, select everything I selected before and add it to a new incremental version.

This seems like a lot of messing around and wouldn't really work in a situation where servers are being built more often. Am I doing something wrong? Anyone have any ideas how to get around this besides manually keeping a list of errata I added before and readding it every time I publish a new content view?

be

Responses