Publish and promote content views automatically for system patching
Hi,
I am pretty sure there might be a better way to achieve this, i came up with a workaround to publish and promote content view automatically using cron and mini scripts since at the moment there doesn't seem to be a way to set it up from the UI.
Below are the cron jobs set up with crontab -e as an example that run from 1 AM to 4 AM from the Satellite server:
# every 5th of the month from 1AM to 4 am - publish rhel7 server CV RPM to the library
0 1 5 * * /root/cv_promotion_scripts/publish_rhel7-server_library.sh
# promote to dev
0 2 5 * * /root/cv_promotion_scripts/promote_rhel7-server_dev.sh
#promote to test
0 3 5 * * /root/cv_promotion_scripts/promote_rhel7-server_test.sh
#promote to prod
0 4 5 * * /root/cv_promotion_scripts/promote_rhel7-server_prod.sh
Below how publish and promote scripts look like:
publish_rhel7-server_library.sh
#!/bin/bash
/bin/hammer content-view publish --organization ORG --name 'rhel 7 server' --description 'latest monthly RPMs' --async > /dev/null 2>&1
promote_rhel7-server_dev.sh
#!/bin/bash
# this variable selects the latest published version available in the content view and will be passed as a parameter to hammer
LATEST_VERS=`/bin/hammer content-view version list --content-view "rhel 7 server" --organization ORG |awk '{print $6}'|sort -nr | head -n1`
/bin/hammer content-view version promote --version $LATEST_VERS --organization "ORG" --content-view 'rhel 7 server' --to-lifecycle-environment dev --force --async > /dev/null 2>&1
now it is easy to invoke hammer to trigger a job execution that runs yum update by selecting the host collection id.
hammer job-invocation create --job-template "Run Command - SSH Default" --inputs command="yum update -y" --search-query "host_collection_id = 3" --async > /dev/null 2>&1
If you browse the UI Monitor --> jobs section there should be a new job entry available with all details for every host added in the host collection group.
It took me a while to figure it this all out, highly appreciated any feedback for a better solution!
Hope it helps
Regards
Nic
Responses
Looks pretty good.. I ended up writing a python script that does the raw API work and checks for regular as well as composite content views. and publishes and promotes as needed.
I hear that coming soon to a satellite near you, there will be a publish/promote logic which will do this automatically. So that would eliminate part of the problem, but it would be nice to schedule a content-view publish/promote in the Recurring Logics inside Satellite.
Unfortunately I do not. I'm part of one of those orgs that limits my ability to contribute upstream or in the open much :/
But I can provide some generalities if you are interested or need a shove in the right direction. Really when you take a look at the API and with a little python or ruby know-how it's pretty simple.. But I also think what you've done above is simple and effective too. It just depends on how much complexity you want/can stand and if you need more flexibility or reporting around your publish/promote activity.
How about doing the same for composite cvs? Any better ideas for automatically updating content views to latest versions under ccvs and publishing/promoting them?
is there any way to find new errata sync happened or not by using hammer command? I would like to auto publish and promote only when the new errata sync happened.
Please advice
If I understood the question as "how to identify a repository got a new content from the last time?", then yes there are options:
1) get current repository content stats and compare with previously stored:
(before sync that added some content)
hammer> repository info --id 756
ID: 756
Name: Red Hat Satellite 6.4 for RHEL 7 Server RPMs x86_64
Label: Red_Hat_Satellite_6_4_for_RHEL_7_Server_RPMs_x86_64
Organization: RedHat
Red Hat Repository: yes
Content Type: yum
Mirror on Sync: yes
URL: https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/satellite/6.4/os
Publish Via HTTP: no
Published At: https://pmoravec-sat64-on-rhev.gsslab.brq2.redhat.com/pulp/repos/RedHat/Library/content/dist/rhel/server/7/7Server/x86_64/satellite/6.4/os/
Relative Path: RedHat/Library/content/dist/rhel/server/7/7Server/x86_64/satellite/6.4/os
Download Policy: on_demand
Product:
ID: 119
Name: Red Hat Satellite
GPG Key:
Sync:
Status: Not Synced
Created: 2018/12/11 17:12:03
Updated: 2018/12/11 17:13:23
Content Counts:
Packages: 406
Source RPMS: 0
Package Groups: 1
Errata: 3
(after the sync)
hammer> repository info --id 756
ID: 756
Name: Red Hat Satellite 6.4 for RHEL 7 Server RPMs x86_64
Label: Red_Hat_Satellite_6_4_for_RHEL_7_Server_RPMs_x86_64
Organization: RedHat
Red Hat Repository: yes
Content Type: yum
Mirror on Sync: yes
URL: https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/satellite/6.4/os
Publish Via HTTP: no
Published At: https://pmoravec-sat64-on-rhev.gsslab.brq2.redhat.com/pulp/repos/RedHat/Library/content/dist/rhel/server/7/7Server/x86_64/satellite/6.4/os/
Relative Path: RedHat/Library/content/dist/rhel/server/7/7Server/x86_64/satellite/6.4/os
Download Policy: on_demand
Product:
ID: 119
Name: Red Hat Satellite
GPG Key:
Sync:
Status: Success
Last Sync Date: 2 minutes
Created: 2018/12/11 17:12:03
Updated: 2018/12/11 17:13:23
Content Counts:
Packages: 446
Source RPMS: 0
Package Groups: 1
Errata: 6
2) Similarly, you can list erratum per a repository and compare the counts (this gives you bit more detailed overview, redundant for decision if a new content was synced or not):
hammer> erratum list --repository-id 756
-----|----------------|----------|-------------------------------------------------------------------
ID | ERRATA ID | TYPE | TITLE
-----|----------------|----------|-------------------------------------------------------------------
4251 | RHBA-2019:0779 | bugfix | Satellite 6.4.2 Async Bug Fix Update
4252 | RHSA-2019:0735 | security | Important: katello-installer-base security and enhancement update
4159 | RHBA-2019:0345 | bugfix | Satellite 6.4.2 Async Bug Fix Update
107 | RHBA-2018:3799 | bugfix | Satellite 6.4.1 Async Bug Fix Update
106 | RHBA-2018:2928 | bugfix | Satellite 6.4 Discovery Image Release
105 | RHSA-2018:2927 | security | Important: Satellite 6.4 security, bug fix, and enhancement update
-----|----------------|----------|-------------------------------------------------------------------
3) Some other ways would be possible via direct API (like get UUID of the latest sync task of given repo and get details about the task) but that isnt available via hammer.
Note redhat has Ansible playbooks see my comment at the end
Note:Fyi: use Ansible redhat sat6 playbook/roles installed via Ansible-galaxy to have current /supported by redhat/ibm playbooks , as sat6 has been shipping with Ansible playbooks but they are not as uptodate as galaxy , see blog for details and howto install galaxy. blog:automating-red-hat-satellite-with-ansible
Since sat6.8 install instructions via rpm , note may not be latest in Ansible galaxy
This is fully supported and customer can open tickets on playbooks.