Chapter 5. Updating Satellite Server, Capsule Server, and Content Hosts
Use this chapter to update your existing Satellite Server, Capsule Server, and Content Hosts to a new minor version, for example, from 6.10.0 to 6.10.1.
Updates patch security vulnerabilities and minor issues discovered after code is released, and are often fast and non-disruptive to your operating environment.
Before updating, back up your Satellite Server and all Capsule Servers. For more information, see Backing Up Satellite Server and Capsule Server in the Administering Red Hat Satellite guide.
5.1. Updating Satellite Server
Prerequisites
- Ensure that you have synchronized Satellite Server repositories for Satellite, Capsule, and Satellite Tools 6.10.
- Ensure each external Capsule and Content Host can be updated by promoting the updated repositories to all relevant Content Views.
If you customize configuration files, manually or use a tool such as Hiera, these customizations are overwritten when the installation script runs during upgrading or updating. You can use the --noop option with the satellite-installer script to test for changes. For more information, see the Red Hat Knowledgebase solution How to use the noop option to check for changes in Satellite config files during an upgrade.
Updating Satellite Server to the Next Minor Version
To Update Satellite Server:
Ensure the Satellite Maintenance repository is enabled:
# subscription-manager repos --enable \ rhel-7-server-satellite-maintenance-6-rpms
Check the available versions to confirm the next minor version is listed:
# satellite-maintain upgrade list-versions
Use the health check option to determine if the system is ready for upgrade. On first use of this command,
satellite-maintainprompts you to enter the hammer admin user credentials and saves them in the/etc/foreman-maintain/foreman-maintain-hammer.ymlfile.# satellite-maintain upgrade check --target-version 6.10.zReview the results and address any highlighted error conditions before performing the upgrade.
Because of the lengthy update time, use a utility such as
screento suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously. For more information about using the screen command, see How do I use the screen command? article in the Red Hat Knowledge Base.If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the
/var/log/foreman-installer/satellite.logfile to check if the process completed successfully.Perform the upgrade:
# satellite-maintain upgrade run --target-version 6.10.zCheck when the kernel packages were last updated:
# rpm -qa --last | grep kernel
Optional: If a kernel update occurred since the last reboot, stop the
satellite-maintainservices and reboot the system:# satellite-maintain service stop # reboot
5.2. Updating Disconnected Satellite Server
This section describes the steps needed to update in an Air-gapped Disconnected setup where the connected Satellite Server (which synchronizes content from CDN) is air gapped from a disconnected Satellite Server.
Complete the following steps on the connected Satellite Server.
Ensure that you have synchronized the following repositories in your connected Satellite Server.
rhel-7-server-ansible-2.9-rpms rhel-7-server-rpms rhel-7-server-satellite-6.10-rpms rhel-7-server-satellite-maintenance-6-rpms rhel-server-rhscl-7-rpms
-
Download the debug certificate of the organization and store it locally at, for example,
/etc/pki/katello/certs/org-debug-cert.pemor a location of your choosing. Create a Yum configuration file under
/etc/yum.repos.dwith the following repository information:[rhel-7-server-ansible-2.9-rpms] name=Ansible 2.9 RPMs for Red Hat Enterprise Linux 7 Server x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/$releasever/$basearch/ansible/2.9/os/ enabled=1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1 [rhel-7-server-rpms] name=Red Hat Enterprise Linux 7 Server RPMs x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/os/ enabled=1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1 [rhel-7-server-satellite-6.10-rpms] name=Red Hat Satellite 6 for RHEL 7 Server RPMs x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/satellite/6.10/os/ enabled=1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt [rhel-7-server-satellite-maintenance-6-rpms] name=Red Hat Satellite Maintenance 6 for RHEL 7 Server RPMs x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/sat-maintenance/6/os/ enabled=1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1 [rhel-server-rhscl-7-rpms] name=Red Hat Software Collections RPMs for Red Hat Enterprise Linux 7 Server x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os/ enabled=1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1
-
In the configuration file, replace
/etc/pki/katello/certs/org-debug-cert.peminsslclientcertandsslclientkeywith the location of the downloaded organization debug certificate. -
Update
satellite.example.comwith correct FQDN for your deployment. Replace
My_Organizationwith the correct organization label in thebaseurl. To obtain the organization label, enter the command:# hammer organization list
Enter the
reposynccommand:# reposync --delete --download-metadata -p ~/Satellite-repos -n \ -r rhel-7-server-ansible-2.9-rpms \ -r rhel-7-server-rpms \ -r rhel-7-server-satellite-6.10-rpms \ -r rhel-7-server-satellite-maintenance-6-rpms \ -r rhel-server-rhscl-7-rpms
This downloads the contents of the repositories from the connected Satellite Server and stores them in the directory
~/Satellite-repos. Thereposynccommand in Red Hat Enterprise Linux 7 downloads the RPMs but not the Yum metadata.Because of this, you must manually run
createrepoin each sub-directory ofSatellite-repos. Make sure you have thecreatereporpm installed. If not use the following command to install it.# satellite-maintain packages install createrepo
Run the following command to create repodata in each sub-directory of
~/Satellite-repos. :# cd ~/Satellite-repos # for directory in */ do echo "Processing $directory" cd $directory createrepo . cd .. done
-
Verify that the RPMs have been downloaded and the repository data directory is generated in each of the sub-directories of
~/Satellite-repos. Archive the contents of the directory
# cd ~ # tar czf Satellite-repos.tgz Satellite-repos
-
Use the generated
Satellite-repos.tgzfile to upgrade in the disconnected Satellite Server.
Perform the following steps on the disconnected Satellite Server
-
Copy the generated
Satellite-repos.tgzfile to your disconnected Satellite Server Extract the archive to anywhere accessible by the
rootuser. In the following example/rootis the extraction location.# cd /root # tar zxf Satellite-repos.tgz
Create a Yum configuration file under
/etc/yum.repos.dwith the following repository information:[rhel-7-server-ansible-2.9-rpms] name=Ansible 2.9 RPMs for Red Hat Enterprise Linux 7 Server x86_64 baseurl=file:///root/Satellite-repos/rhel-7-server-ansible-2.9-rpms enabled=1 [rhel-7-server-rpms] name=Red Hat Enterprise Linux 7 Server RPMs x86_64 baseurl=file:///root/Satellite-repos/rhel-7-server-rpms enabled=1 [rhel-7-server-satellite-6.10-rpms] name=Red Hat Satellite 6 for RHEL 7 Server RPMs x86_64 baseurl=file:///root/Satellite-repos/rhel-7-server-satellite-6.10-rpms enabled=1 [rhel-7-server-satellite-maintenance-6-rpms] name=Red Hat Satellite Maintenance 6 for RHEL 7 Server RPMs x86_64 baseurl=file:///root/Satellite-repos/rhel-7-server-satellite-maintenance-6-rpms enabled=1 [rhel-server-rhscl-7-rpms] name=Red Hat Software Collections RPMs for Red Hat Enterprise Linux 7 Server x86_64 baseurl=file:///root/Satellite-repos/rhel-server-rhscl-7-rpms enabled=1
-
In the configuration file, replace the
/root/Satellite-reposwith the extracted location. Check the available versions to confirm the next minor version is listed:
# satellite-maintain upgrade list-versions
Use the health check option to determine if the system is ready for upgrade. On first use of this command,
satellite-maintainprompts you to enter the hammer admin user credentials and saves them in the/etc/foreman-maintain/foreman-maintain-hammer.ymlfile.# satellite-maintain upgrade check --whitelist="check-upstream-repository,repositories-validate" --target-version 6.10.z- Review the results and address any highlighted error conditions before performing the upgrade.
Because of the lengthy update time, use a utility such as
screento suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously. For more information about using the screen command, see How do I use the screen command? article in the Red Hat Knowledge Base.If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the
/var/log/foreman-installer/satellite.logfile to check if the process completed successfully.Perform the upgrade:
# satellite-maintain upgrade run --whitelist="check-upstream-repository,repositories-validate" --target-version 6.10.zCheck when the kernel packages were last updated:
# rpm -qa --last | grep kernel
Optional: If a kernel update occurred since the last reboot, stop the
satellite-maintainservices and reboot the system:# satellite-maintain service stop # reboot
5.3. Updating Capsule Server
Use this procedure to update Capsule Servers to the next minor version.
Procedure
Ensure that the Satellite Maintenance repository is enabled:
# subscription-manager repos --enable \ rhel-7-server-satellite-maintenance-6-rpms
Check the available versions to confirm the next minor version is listed:
# satellite-maintain upgrade list-versions
Use the health check option to determine if the system is ready for upgrade:
# satellite-maintain upgrade check --target-version 6.10.zReview the results and address any highlighted error conditions before performing the upgrade.
Because of the lengthy update time, use a utility such as
screento suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously. For more information about using the screen command, see How do I use the screen command? article in the Red Hat Knowledge Base.If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the
/var/log/foreman-installer/satellite.logfile to check if the process completed successfully.Perform the upgrade:
# satellite-maintain upgrade run --target-version 6.10.zCheck when the kernel packages were last updated:
# rpm -qa --last | grep kernel
Optional: If a kernel update occurred since the last reboot, stop the
satellite-maintainservices and reboot the system:# satellite-maintain service stop # reboot
