Patching a server using Satellite
A new Linux admin here.
Considering we have a running Satellite in the environment, I had a question (Our main Linux resource is no longer here).
When we apply a patch on RedHat7.6 server using Satellite, does that mean only Installing available Errata's from the "Errata" tab or do I have to install the Packages from the "Packages" tab as well?
In "Packages" tab, I see Package Install, Package Update, Package Remove..etc items in drop down list and also a button called "Update All Packages".
What does actually a server patch mean?
Responses
Guru
22286 points
Hi Pramod Shinde
- Consider examining this redhat.com video of the basics of patching and software management with Red Hat Satellite
- This Red Hat Satellite tips/tricks video, from a Red Hat Summit is a bit longer, about 45 minutes, and in-depth, but it is worthwhile.
- Please see this discussion on best practices to patch servers
- And also see this discussion on best practices
- Please also see this list of useful Frequently asked questions on Satellite Server 6.7
- Additionally, see the Red Hat Satellite blog
- Current documentation on Red Hat Satellite is here
Your question "What does actually a server patch mean?" Please see this Red Hat link first
-Borrowing from that link directly above: What are patches? again, see this link
Patches are new or updated lines of code that determine how an operating system, platform, or application behaves. Patches are usually released as-needed to fix mistakes in code, improve the performance of existing features, or add new features to the software. Patches are always released as updates to existing software and are not newly compiled OSs, platforms, or applications.
Enterprise IT environments can contain hundreds of systems operated by large teams—requiring thousands of security patches, bug fixes, and configuration changes. Even with a scanning tool, manually sifting through data files to identify systems, updates, and patches can be onerous.
When you get to the point of using a satellite server, you are probably at the point where you have a lot of Linux systems and are at the point you need your own satellite server to manage these systems. Ansible seems to be one of the more popular methods to issue patches, one customer I have uses Ansible to send patches to all their systems, in stages. They patch their non-production servers first in an order that makes sense for their environment. Then if that goes well, they take any lessons learned with the first round of patching and patch the second round of servers until they finally do production servers. Generally people "patch" or update their production servers last, and the most critical servers only after they have verified the updates won't break the servers they care about the most for their business. (or they have an action plan to appropriately resolve issues)
Generally, when we patch servers in our environment, we use satellite servers. When we patch, we generally always take all patches that are available. There may be conditions where a specific server for some reason can't be patched beyond a specific point due to third-party software compatibility issues. In the environment where I work, this would be only a very tiny number, if at all.
Hope this gets you started. Please take some time to examine the above and then get back with us. Consider going to youtube and searching for "using satellite server" and look for more current videos (Red Hat Satellite has been around for a while, so use caution that you're not watching a very old satellite topic video.
There are great learning courses on Satellite from Red Hat Training.
Regards,
RJ