Menu Close

Chapter 5. Updating Satellite Server, Capsule Server, and Content Hosts

Use this chapter to update your existing Satellite Server, Capsule Server, and Content Hosts to a new minor version, for example, from 6.10.0 to 6.10.1.

Updates patch security vulnerabilities and minor issues discovered after code is released, and are often fast and non-disruptive to your operating environment.

Before updating, back up your Satellite Server and all Capsule Servers. For more information, see Backing Up Satellite Server and Capsule Server in the Administering Red Hat Satellite guide.

5.1. Updating Satellite Server

Prerequisites

  • Ensure that you have synchronized Satellite Server repositories for Satellite, Capsule, and Satellite Tools 6.10.
  • Ensure each external Capsule and Content Host can be updated by promoting the updated repositories to all relevant Content Views.
Warning

If you customize configuration files, manually or use a tool such as Hiera, these customizations are overwritten when the installation script runs during upgrading or updating. You can use the --noop option with the satellite-installer script to test for changes. For more information, see the Red Hat Knowledgebase solution How to use the noop option to check for changes in Satellite config files during an upgrade.

Updating Satellite Server to the Next Minor Version

To Update Satellite Server:

  1. Ensure the Satellite Maintenance repository is enabled:

    # subscription-manager repos --enable \
    rhel-7-server-satellite-maintenance-6-rpms
  2. Check the available versions to confirm the next minor version is listed:

    # satellite-maintain upgrade list-versions
  3. Use the health check option to determine if the system is ready for upgrade. On first use of this command, satellite-maintain prompts you to enter the hammer admin user credentials and saves them in the /etc/foreman-maintain/foreman-maintain-hammer.yml file.

    # satellite-maintain upgrade check --target-version 6.10.z

    Review the results and address any highlighted error conditions before performing the upgrade.

  4. Because of the lengthy update time, use a utility such as screen to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously. For more information about using the screen command, see How do I use the screen command? article in the Red Hat Knowledge Base.

    If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the /var/log/foreman-installer/satellite.log file to check if the process completed successfully.

  5. Perform the upgrade:

    # satellite-maintain upgrade run --target-version 6.10.z
  6. Check when the kernel packages were last updated:

    # rpm -qa --last | grep kernel
  7. Optional: If a kernel update occurred since the last reboot, stop the satellite-maintain services and reboot the system:

    # satellite-maintain service stop
    # reboot

5.2. Updating Disconnected Satellite Server

This section describes the steps needed to update in an Air-gapped Disconnected setup where the connected Satellite Server (which synchronizes content from CDN) is air gapped from a disconnected Satellite Server.

Complete the following steps on the connected Satellite Server.

  1. Ensure that you have synchronized the following repositories in your connected Satellite Server.

    rhel-7-server-ansible-2.9-rpms
    rhel-7-server-rpms
    rhel-7-server-satellite-6.10-rpms
    rhel-7-server-satellite-maintenance-6-rpms
    rhel-server-rhscl-7-rpms
  2. Download the debug certificate of the organization and store it locally at, for example, /etc/pki/katello/certs/org-debug-cert.pem or a location of your choosing.
  3. Create a Yum configuration file under /etc/yum.repos.d with the following repository information:

    [rhel-7-server-ansible-2.9-rpms]
    name=Ansible 2.9 RPMs for Red Hat Enterprise Linux 7 Server x86_64
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/$releasever/$basearch/ansible/2.9/os/
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    sslverify = 1
    
    [rhel-7-server-rpms]
    name=Red Hat Enterprise Linux 7 Server RPMs x86_64
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/os/
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    sslverify = 1
    
    [rhel-7-server-satellite-6.10-rpms]
    name=Red Hat Satellite 6 for RHEL 7 Server RPMs x86_64
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/satellite/6.10/os/
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    
    [rhel-7-server-satellite-maintenance-6-rpms]
    name=Red Hat Satellite Maintenance 6 for RHEL 7 Server RPMs x86_64
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/sat-maintenance/6/os/
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    sslverify = 1
    
    [rhel-server-rhscl-7-rpms]
    name=Red Hat Software Collections RPMs for Red Hat Enterprise Linux 7 Server x86_64
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os/
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    sslverify = 1
  4. In the configuration file, replace /etc/pki/katello/certs/org-debug-cert.pem in sslclientcert and sslclientkey with the location of the downloaded organization debug certificate.
  5. Update satellite.example.com with correct FQDN for your deployment.
  6. Replace My_Organization with the correct organization label in the baseurl. To obtain the organization label, enter the command:

    # hammer organization list
  7. Enter the reposync command:

    # reposync --delete --download-metadata -p ~/Satellite-repos -n \
     -r rhel-7-server-ansible-2.9-rpms \
     -r rhel-7-server-rpms \
     -r rhel-7-server-satellite-6.10-rpms \
     -r rhel-7-server-satellite-maintenance-6-rpms \
     -r rhel-server-rhscl-7-rpms

    This downloads the contents of the repositories from the connected Satellite Server and stores them in the directory ~/Satellite-repos. The reposync command in Red Hat Enterprise Linux 7 downloads the RPMs but not the Yum metadata.

    Because of this, you must manually run createrepo in each sub-directory of Satellite-repos. Make sure you have the createrepo rpm installed. If not use the following command to install it.

    # satellite-maintain packages install createrepo

    Run the following command to create repodata in each sub-directory of ~/Satellite-repos. :

    # cd ~/Satellite-repos
    # for directory in */
    do
      echo "Processing $directory"
      cd $directory
      createrepo .
      cd ..
    done
  8. Verify that the RPMs have been downloaded and the repository data directory is generated in each of the sub-directories of ~/Satellite-repos.
  9. Archive the contents of the directory

    # cd ~
    # tar czf Satellite-repos.tgz Satellite-repos
  10. Use the generated Satellite-repos.tgz file to upgrade in the disconnected Satellite Server.

Perform the following steps on the disconnected Satellite Server

  1. Copy the generated Satellite-repos.tgz file to your disconnected Satellite Server
  2. Extract the archive to anywhere accessible by the root user. In the following example /root is the extraction location.

    # cd /root
    # tar zxf Satellite-repos.tgz
  3. Create a Yum configuration file under /etc/yum.repos.d with the following repository information:

    [rhel-7-server-ansible-2.9-rpms]
    name=Ansible 2.9 RPMs for Red Hat Enterprise Linux 7 Server x86_64
    baseurl=file:///root/Satellite-repos/rhel-7-server-ansible-2.9-rpms
    enabled=1
    
    [rhel-7-server-rpms]
    name=Red Hat Enterprise Linux 7 Server RPMs x86_64
    baseurl=file:///root/Satellite-repos/rhel-7-server-rpms
    enabled=1
    
    [rhel-7-server-satellite-6.10-rpms]
    name=Red Hat Satellite 6 for RHEL 7 Server RPMs x86_64
    baseurl=file:///root/Satellite-repos/rhel-7-server-satellite-6.10-rpms
    enabled=1
    
    [rhel-7-server-satellite-maintenance-6-rpms]
    name=Red Hat Satellite Maintenance 6 for RHEL 7 Server RPMs x86_64
    baseurl=file:///root/Satellite-repos/rhel-7-server-satellite-maintenance-6-rpms
    enabled=1
    
    [rhel-server-rhscl-7-rpms]
    name=Red Hat Software Collections RPMs for Red Hat Enterprise Linux 7 Server x86_64
    baseurl=file:///root/Satellite-repos/rhel-server-rhscl-7-rpms
    enabled=1
  4. In the configuration file, replace the /root/Satellite-repos with the extracted location.
  5. Check the available versions to confirm the next minor version is listed:

    # satellite-maintain upgrade list-versions
  6. Use the health check option to determine if the system is ready for upgrade. On first use of this command, satellite-maintain prompts you to enter the hammer admin user credentials and saves them in the /etc/foreman-maintain/foreman-maintain-hammer.yml file.

    # satellite-maintain upgrade check --whitelist="check-upstream-repository,repositories-validate" --target-version 6.10.z
  7. Review the results and address any highlighted error conditions before performing the upgrade.
  8. Because of the lengthy update time, use a utility such as screen to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously. For more information about using the screen command, see How do I use the screen command? article in the Red Hat Knowledge Base.

    If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the /var/log/foreman-installer/satellite.log file to check if the process completed successfully.

  9. Perform the upgrade:

    # satellite-maintain upgrade run --whitelist="check-upstream-repository,repositories-validate" --target-version 6.10.z
  10. Check when the kernel packages were last updated:

    # rpm -qa --last | grep kernel
  11. Optional: If a kernel update occurred since the last reboot, stop the satellite-maintain services and reboot the system:

    # satellite-maintain service stop
    # reboot

5.3. Updating Capsule Server

Use this procedure to update Capsule Servers to the next minor version.

Procedure

  1. Ensure that the Satellite Maintenance repository is enabled:

    # subscription-manager repos --enable \
    rhel-7-server-satellite-maintenance-6-rpms
  2. Check the available versions to confirm the next minor version is listed:

    # satellite-maintain upgrade list-versions
  3. Use the health check option to determine if the system is ready for upgrade:

    # satellite-maintain upgrade check --target-version 6.10.z

    Review the results and address any highlighted error conditions before performing the upgrade.

  4. Because of the lengthy update time, use a utility such as screen to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously. For more information about using the screen command, see How do I use the screen command? article in the Red Hat Knowledge Base.

    If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the /var/log/foreman-installer/satellite.log file to check if the process completed successfully.

  5. Perform the upgrade:

    # satellite-maintain upgrade run --target-version 6.10.z
  6. Check when the kernel packages were last updated:

    # rpm -qa --last | grep kernel
  7. Optional: If a kernel update occurred since the last reboot, stop the satellite-maintain services and reboot the system:

    # satellite-maintain service stop
    # reboot