Publish and promote content views automatically for system patching

Latest response

Hi,

I am pretty sure there might be a better way to achieve this, i came up with a workaround to publish and promote content view automatically using cron and mini scripts since at the moment there doesn't seem to be a way to set it up from the UI.

Below are the cron jobs set up with crontab -e as an example that run from 1 AM to 4 AM from the Satellite server:

# every 5th of the month from 1AM to 4 am - publish rhel7 server CV RPM to the library
0 1 5 * * /root/cv_promotion_scripts/publish_rhel7-server_library.sh
# promote to dev
0 2 5 * *  /root/cv_promotion_scripts/promote_rhel7-server_dev.sh
#promote to test
0 3 5 * * /root/cv_promotion_scripts/promote_rhel7-server_test.sh
#promote to prod
0 4 5 * * /root/cv_promotion_scripts/promote_rhel7-server_prod.sh

Below how publish and promote scripts look like:

publish_rhel7-server_library.sh

#!/bin/bash

/bin/hammer content-view publish --organization ORG --name 'rhel 7 server' --description 'latest monthly RPMs' --async  > /dev/null 2>&1

promote_rhel7-server_dev.sh

#!/bin/bash

# this variable selects the latest published version available in the content view and will be passed as a parameter to hammer
LATEST_VERS=`/bin/hammer content-view version list --content-view "rhel 7 server"  --organization ORG |awk '{print $6}'|sort -nr | head -n1`

/bin/hammer content-view version promote --version $LATEST_VERS --organization "ORG" --content-view  'rhel 7 server' --to-lifecycle-environment dev --force --async  > /dev/null 2>&1

now it is easy to invoke hammer to trigger a job execution that runs yum update by selecting the host collection id.

hammer job-invocation create --job-template "Run Command - SSH Default" --inputs command="yum update -y" --search-query "host_collection_id = 3" --async  > /dev/null 2>&1

If you browse the UI Monitor --> jobs section there should be a new job entry available with all details for every host added in the host collection group.

It took me a while to figure it this all out, highly appreciated any feedback for a better solution!

Hope it helps
Regards
Nic

ND
Log in to join the conversation

Responses

William Darton's picture Expert 1001 points
29 June 2018 6:56 PM

Looks pretty good.. I ended up writing a python script that does the raw API work and checks for regular as well as composite content views. and publishes and promotes as needed.

I hear that coming soon to a satellite near you, there will be a publish/promote logic which will do this automatically. So that would eliminate part of the problem, but it would be nice to schedule a content-view publish/promote in the Recurring Logics inside Satellite.

ND Community Member 30 points
12 July 2018 2:37 PM

Hi Will, thanks. sounds like an interesting project, do you have a git project online? Yes i agree with you it would be better to have a recurring logic inside the content view section or as a feature available in the job execution.

William Darton's picture Expert 1001 points
13 July 2018 11:42 AM

Unfortunately I do not. I'm part of one of those orgs that limits my ability to contribute upstream or in the open much :/

But I can provide some generalities if you are interested or need a shove in the right direction. Really when you take a look at the API and with a little python or ruby know-how it's pretty simple.. But I also think what you've done above is simple and effective too. It just depends on how much complexity you want/can stand and if you need more flexibility or reporting around your publish/promote activity.

SG Expert 825 points
15 July 2018 12:06 AM

How about doing the same for composite cvs? Any better ideas for automatically updating content views to latest versions under ccvs and publishing/promoting them?

ND Community Member 30 points
16 July 2018 11:48 AM

Hi Shisheer, i am in the process to automate CCV as well so below are steps I was thinking to apply:

Click on the CCV and then select "Content views" tab, in the version column select "Latest" this will make sure the latest published version for that particular CV will be used.

example below: CV-RHEL7-BASE | Latest (Currently 5.0) | Library, dev, test, prod

A this point the process should be similar to the one above in the original post. Get a list of CCV and CV by running hammer:

hammer content-view list

Now you can run hammer to trigger the publication and promotion using either CCV name or Content Views ID. Examples:

hammer content-view publish --organization ORG --name 'CCV-NAME' --description 'latest monthly RPMs' --async

#Promote to dev

#select the latest CCV version
LATEST_VERS=`/bin/hammer content-view version list --content-view "CCV-NAME"  --organization ORG |awk '{print $6}'|sort -nr | head -n1`

/bin/hammer content-view version promote --version $LATEST_VERS --organization "ORG" --content-view  'CCV-NAME' --to-lifecycle-environment dev --force --async

Hope it helps

AK Newbie 10 points
16 April 2019 10:08 AM

is there any way to find new errata sync happened or not by using hammer command? I would like to auto publish and promote only when the new errata sync happened.

Please advice

Pavel Moravec's picture Red Hat Guru 4721 points
20 April 2019 7:50 AM

If I understood the question as "how to identify a repository got a new content from the last time?", then yes there are options:

1) get current repository content stats and compare with previously stored:

(before sync that added some content)

hammer> repository info --id 756
ID:                 756
Name:               Red Hat Satellite 6.4 for RHEL 7 Server RPMs x86_64
Label:              Red_Hat_Satellite_6_4_for_RHEL_7_Server_RPMs_x86_64
Organization:       RedHat
Red Hat Repository: yes
Content Type:       yum
Mirror on Sync:     yes
URL:                https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/satellite/6.4/os
Publish Via HTTP:   no
Published At:       https://pmoravec-sat64-on-rhev.gsslab.brq2.redhat.com/pulp/repos/RedHat/Library/content/dist/rhel/server/7/7Server/x86_64/satellite/6.4/os/
Relative Path:      RedHat/Library/content/dist/rhel/server/7/7Server/x86_64/satellite/6.4/os
Download Policy:    on_demand
Product:            
    ID:   119
    Name: Red Hat Satellite
GPG Key:            

Sync:               
    Status: Not Synced
Created:            2018/12/11 17:12:03
Updated:            2018/12/11 17:13:23
Content Counts:     
    Packages:       406
    Source RPMS:    0
    Package Groups: 1
    Errata:         3

(after the sync)

hammer> repository info --id 756
ID:                 756
Name:               Red Hat Satellite 6.4 for RHEL 7 Server RPMs x86_64
Label:              Red_Hat_Satellite_6_4_for_RHEL_7_Server_RPMs_x86_64
Organization:       RedHat
Red Hat Repository: yes
Content Type:       yum
Mirror on Sync:     yes
URL:                https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/satellite/6.4/os
Publish Via HTTP:   no
Published At:       https://pmoravec-sat64-on-rhev.gsslab.brq2.redhat.com/pulp/repos/RedHat/Library/content/dist/rhel/server/7/7Server/x86_64/satellite/6.4/os/
Relative Path:      RedHat/Library/content/dist/rhel/server/7/7Server/x86_64/satellite/6.4/os
Download Policy:    on_demand
Product:            
    ID:   119
    Name: Red Hat Satellite
GPG Key:            

Sync:               
    Status:         Success
    Last Sync Date: 2 minutes
Created:            2018/12/11 17:12:03
Updated:            2018/12/11 17:13:23
Content Counts:     
    Packages:       446
    Source RPMS:    0
    Package Groups: 1
    Errata:         6

2) Similarly, you can list erratum per a repository and compare the counts (this gives you bit more detailed overview, redundant for decision if a new content was synced or not):

hammer> erratum list --repository-id 756
-----|----------------|----------|-------------------------------------------------------------------
ID   | ERRATA ID      | TYPE     | TITLE                                                             
-----|----------------|----------|-------------------------------------------------------------------
4251 | RHBA-2019:0779 | bugfix   | Satellite 6.4.2 Async Bug Fix Update                              
4252 | RHSA-2019:0735 | security | Important: katello-installer-base security and enhancement update 
4159 | RHBA-2019:0345 | bugfix   | Satellite 6.4.2 Async Bug Fix Update                              
107  | RHBA-2018:3799 | bugfix   | Satellite 6.4.1 Async Bug Fix Update                              
106  | RHBA-2018:2928 | bugfix   | Satellite 6.4 Discovery Image Release                             
105  | RHSA-2018:2927 | security | Important: Satellite 6.4 security, bug fix, and enhancement update
-----|----------------|----------|-------------------------------------------------------------------

3) Some other ways would be possible via direct API (like get UUID of the latest sync task of given repo and get details about the task) but that isnt available via hammer.

AK Newbie 10 points
4 November 2019 9:53 AM

Hi Pavel Moravec,

Thank you very much

Andrew Puch's picture Expert 1062 points
16 September 2021 7:39 AM

Note redhat has Ansible playbooks see my comment at the end

Note:Fyi: use Ansible redhat sat6 playbook/roles installed via Ansible-galaxy to have current /supported by redhat/ibm playbooks , as sat6 has been shipping with Ansible playbooks but they are not as uptodate as galaxy , see blog for details and howto install galaxy. blog:automating-red-hat-satellite-with-ansible

Since sat6.8 install instructions via rpm , note may not be latest in Ansible galaxy

This is fully supported and customer can open tickets on playbooks.