Chapter 3. Upgrading Red Hat Satellite
Use the following procedures to upgrade your existing Red Hat Satellite to Red Hat Satellite 6.11:
3.1. Upgrading Satellite Server
This section describes how to upgrade Satellite Server from 6.10 to 6.11. You can upgrade from any minor version of Satellite Server 6.10.
Before You Begin
- Note that you can upgrade Capsules separately from Satellite. For more information, see Section 1.4, “Upgrading Capsules Separately from Satellite”.
- Review and update your firewall configuration prior to upgrading your Satellite Server. For more information, see Preparing your environment for installation in Installing Satellite Server.
- Ensure that you do not delete the manifest from the Customer Portal or in the Satellite web UI because this removes all the entitlements of your content hosts.
- If you have edited any of the default job or provisioning templates, back up the files either by cloning or exporting them. Cloning is the recommended method because that prevents them being overwritten in future updates or upgrades. To confirm if a template has been edited, you can view its History before you upgrade or view the changes in the audit log after an upgrade. In the Satellite web UI, navigate to Monitor > Audits and search for the template to see a record of changes made. If you use the export method, restore your changes by comparing the exported template and the default template, manually applying your changes.
Capsule Considerations
- If you use Content Views to control updates to a Capsule Server’s base operating system, or for Capsule Server repository, you must publish updated versions of those Content Views.
- Note that Satellite Server upgraded from 6.10 to 6.11 can use Capsule Servers still at 6.10.
If you implemented custom certificates, you must retain the content of both the /root/ssl-build directory and the directory in which you created any source files associated with your custom certificates.
Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.
Upgrade Scenarios
- To upgrade a Satellite Server connected to the Red Hat Content Delivery Network, proceed to Section 3.1.1, “Upgrading a Connected Satellite Server”.
- To upgrade a Satellite Server not connected to the Red Hat Content Delivery Network, proceed to Section 3.1.2, “Upgrading a Disconnected Satellite Server”.
You cannot upgrade a self-registered Satellite. You must migrate a self-registered Satellite to the Red Hat Content Delivery Network (CDN) and then perform the upgrade.
FIPS mode
You cannot upgrade Satellite Server from a RHEL base system that is not operating in FIPS mode to a RHEL base system that is operating in FIPS mode.
To run Satellite Server on a Red Hat Enterprise Linux base system operating in FIPS mode, you must install Satellite on a freshly provisioned RHEL base system operating in FIPS mode. For more information, see Preparing your environment for installation in Installing Satellite Server.
3.1.1. Upgrading a Connected Satellite Server
Use this procedure for a Satellite Server with access to the public internet
If you customize configuration files, manually or using a tool such as Hiera, these changes are overwritten when the installation script runs during upgrading or updating. You can use the --noop option with the satellite-installer script to test for changes. For more information, see the Red Hat Knowledgebase solution How to use the noop option to check for changes in Satellite config files during an upgrade.
Upgrade Satellite Server
Stop all Satellite services:
# satellite-maintain service stop
Take a snapshot or create a backup:
- On a virtual machine, take a snapshot.
- On a physical machine, create a backup.
Start all Satellite services:
# satellite-maintain service start
-
Optional: If you made manual edits to DNS or DHCP configuration in the
/etc/zones.confor/etc/dhcp/dhcpd.conffiles, back up the configuration files because the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required. Optional: If you made manual edits to DNS or DHCP configuration files and do not want to overwrite the changes, enter the following command:
# satellite-installer --foreman-proxy-dns-managed=false \ --foreman-proxy-dhcp-managed=false
- In the Satellite web UI, navigate to Hosts > Discovered hosts. On the Discovered Hosts page, power off and then delete the discovered hosts. From the Select an Organization menu, select each organization in turn and repeat the process to power off and delete the discovered hosts. Make a note to reboot these hosts when the upgrade is complete.
Ensure that the Satellite Maintenance repository is enabled:
# subscription-manager repos --enable \ rhel-7-server-satellite-maintenance-6.11-rpms
Check the available versions to confirm the version you want is listed:
# satellite-maintain upgrade list-versions
Use the health check option to determine if the system is ready for upgrade. When prompted, enter the hammer admin user credentials to configure
satellite-maintainwith hammer credentials. These changes are applied to the/etc/foreman-maintain/foreman-maintain-hammer.ymlfile.# satellite-maintain upgrade check --target-version 6.11
Review the results and address any highlighted error conditions before performing the upgrade.
Because of the lengthy upgrade time, use a utility such as
tmuxto suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.If you lose connection to the command shell where the upgrade command is running you can see the logged messages in the
/var/log/foreman-installer/satellite.logfile to check if the process completed successfully.Perform the upgrade:
# satellite-maintain upgrade run --target-version 6.11
Determine if the system needs a reboot:
Check the version of newest installed kernel:
# rpm --query --last kernel | head -n 1
Compare this to the version of currently running kernel:
# uname --kernel-release
Optional: If the newest kernel differs from the currently running kernel, reboot the system:
# reboot
If using a BASH shell, after a successful or failed upgrade, enter:
# hash -d satellite-maintain service 2> /dev/null
3.1.2. Upgrading a Disconnected Satellite Server
Use this procedure if your Satellite Server is not connected to the Red Hat Content Delivery Network.
-
If you customized configuration files, either manually or using a tool such as Hiera, these changes are overwritten when you enter the
satellite-maintaincommand during upgrading or updating. You can use the--noopoption with thesatellite-installercommand to review the changes that are applied during upgrading or updating. For more information, see the Red Hat Knowledgebase solution How to use the noop option to check for changes in Satellite config files during an upgrade. The hammer import and export commands have been replaced with
hammer content-importandhammer content-exporttooling.If you have scripts that are using
hammer content-view version export,hammer content-view version export-legacy,hammer repository export, or their respective import commands, you have to adjust them to use thehammer content-exportcommand instead, along with its respective import command.If you implemented custom certificates, you must retain the content of both the
/root/ssl-builddirectory and the directory in which you created any source files associated with your custom certificates.Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.
Before You Begin
- Review and update your firewall configuration before upgrading your Satellite Server. For more information, see Ports and Firewalls Requirements in Installing Satellite Server in a Disconnected Network Environment.
- Ensure that you do not delete the manifest from the Customer Portal or in the Satellite web UI because this removes all the entitlements of your content hosts.
- Back up and remove all Foreman hooks before upgrading. Reinstate hooks only after Satellite is known to be working after the upgrade is complete.
Upgrade Disconnected Satellite Server
Stop all Satellite services:
# satellite-maintain service stop
Take a snapshot or create a backup:
- On a virtual machine, take a snapshot.
- On a physical machine, create a backup.
Start all Satellite services:
# satellite-maintain service start
A pre-upgrade script is available to detect conflicts and list hosts which have duplicate entries in Satellite Server that can be unregistered and deleted after upgrade. In addition, it will detect hosts which are not assigned to an organization. If a host is listed under Hosts > All hosts without an organization association and if a content host with same name has an organization already associated with it then the content host will automatically be unregistered. This can be avoided by associating such hosts to an organization before upgrading.
Run the pre-upgrade check script to get a list of hosts that can be deleted after upgrading. If any unassociated hosts are found, associating them to an organization before upgrading is recommended.
# foreman-rake katello:upgrade_check
-
Optional: If you made manual edits to DNS or DHCP configuration in the
/etc/zones.confor/etc/dhcp/dhcpd.conffiles, back up the configuration files because the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required. Optional: If you made manual edits to DNS or DHCP configuration files and do not want to overwrite the changes, enter the following command:
# satellite-installer --foreman-proxy-dns-managed=false \ --foreman-proxy-dhcp-managed=false
-
In the Satellite web UI, navigate to Hosts > Discovered hosts. If there are discovered hosts available, turn them off and then delete all entries under the
Discovered hostspage. Select all other organizations in turn using the organization setting menu and repeat this action as required. Reboot these hosts after the upgrade has completed. - Make sure all external Capsule Servers are assigned to an organization, otherwise they might get unregistered due to host-unification changes.
Remove old repositories:
# rm /etc/yum.repos.d/*
Stop Satellite services:
# satellite-maintain service stop
- Obtain the latest ISO files by following the Downloading the Binary DVD Images procedure in Installing Satellite Server in a Disconnected Network Environment.
Create directories to serve as a mount point, mount the ISO images, and configure the
rhel7-serveror therhel8repository:For Red Hat Enterprise Linux 8
Follow the Configuring the Base Operating System with Offline Repositories in RHEL 8 procedure in Installing Satellite Server in a Disconnected Network Environment.
For Red Hat Enterprise Linux 7
Follow the Configuring the Base Operating System with Offline Repositories in RHEL 7 procedure in Installing Satellite Server in a Disconnected Network Environment.
Do not install or update any packages at this stage.
Configure the Satellite 6.11 repository from the ISO file.
Copy the ISO file’s repository data file for the Red Hat Satellite packages:
# cp /media/sat6/Satellite/media.repo /etc/yum.repos.d/satellite.repo
Edit the
/etc/yum.repos.d/satellite.repofile:# vi /etc/yum.repos.d/satellite.repo
Change the default
InstallMediarepository name toSatellite-6.11:[Satellite-6.11]
Add the
baseurldirective:baseurl=file:///media/sat6/Satellite
Configure the Red Hat Satellite Maintenance repository from the ISO file.
Copy the ISO file’s repository data file for Red Hat Satellite Maintenance packages:
# cp /media/sat6/Maintenance/media.repo /etc/yum.repos.d/satellite-maintenance.repo
Edit the
/etc/yum.repos.d/satellite-maintenance.repofile:# vi /etc/yum.repos.d/satellite-maintenance.repo
Change the default
InstallMediarepository name toSatellite-Maintenance:[Satellite-Maintenance]
Add the
baseurldirective:baseurl=file:///media/sat6/Maintenance/
If your Satellite runs on Red Hat Enterprise Linux 7, configure the Ansible repository from the ISO file.
Copy the ISO file’s repository data file for Ansible packages:
# cp /media/sat6/ansible/media.repo /etc/yum.repos.d/ansible.repo
Edit the
/etc/yum.repos.d/ansible.repofile:# vi /etc/yum.repos.d/ansible.repo
Change the default
InstallMediarepository name toAnsible:[Ansible]
Add the
baseurldirective:baseurl=file:///media/sat6/ansible/
If your Satellite runs on Red Hat Enterprise Linux 7, configure the Red Hat Software Collections repository from the ISO file.
Copy the ISO file’s repository data file for Red Hat Software Collections packages:
# cp /media/sat6/RHSCL/media.repo /etc/yum.repos.d/RHSCL.repo
Edit the
/etc/yum.repos.d/RHSCL.repofile:# vi /etc/yum.repos.d/RHSCL.repo
Change the default
InstallMediarepository name toRHSCL:[RHSCL]
Add the
baseurldirective:baseurl=file:///media/sat6/RHSCL/
Optional: If you have applied custom Apache server configurations, note that the custom configurations are reverted to the installation defaults when you perform the upgrade.
To preview the changes that are applied during the upgrade, enter the
satellite-installercommand with the--noop(no operation) option. These changes are applied when you enter thesatellite-maintain upgradecommand in a following step.Add the following line to the
/etc/httpd/conf/httpd.confconfiguration file.Include /etc/httpd/conf.modules.d/*.conf
Restart the
httpdservice.# systemctl restart httpd
Start the
postgresqldatabase services.# systemctl start postgresql
Enter the
satellite-installercommand with the--noopoption:# satellite-installer --scenario satellite --verbose --noop
Review the
/var/log/foreman-installer/satellite.logto preview the changes that are applied during the upgrade. Locate the+++and---symbols that indicate the changes to the configurations files. Although entering thesatellite-installercommand with the--noopoption does not apply any changes to your Satellite, some Puppet resources in the module expect changes to be applied and might display failure messages.Stop Satellite services:
# satellite-maintain service stop
Because of the lengthy upgrade time, use a utility such as
tmuxto suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.If you lose connection to the command shell where the upgrade command is running you can see the logs in
/var/log/foreman-installer/satellite.logto check if the process completed successfully.Check the available versions to confirm the version you want is listed:
# satellite-maintain upgrade list-versions
Use the health check option to determine if the system is ready for upgrade. When prompted, enter the hammer admin user credentials to configure
satellite-maintainwith hammer credentials. These changes are applied to the/etc/foreman-maintain/foreman-maintain-hammer.ymlfile.# satellite-maintain upgrade check --target-version 6.11 \ --whitelist="repositories-validate,repositories-setup"
Review the results and address any highlighted error conditions before performing the upgrade.
Perform the upgrade:
# satellite-maintain upgrade run --target-version 6.11 \ --whitelist="repositories-validate,repositories-setup"
If the script fails due to missing or outdated packages, you must download and install these separately. For more information, see Resolving Package Dependency Errors in Installing Satellite Server in a Disconnected Network Environment.
If using a BASH shell, after a successful or failed upgrade, enter:
# hash -d satellite-maintain service 2> /dev/null
Check when the kernel packages were last updated:
# rpm -qa --last | grep kernel
Optional: If a kernel update occurred since the last reboot, stop Satellite services and reboot the system:
# satellite-maintain service stop # reboot
- Optional: If you made manual edits to DNS or DHCP configuration files, check and restore any changes required to the DNS and DHCP configuration files using the backups that you made.
If you make changes in the previous step, restart Satellite services:
# satellite-maintain service restart
If you have the OpenSCAP plug-in installed, but do not have the default OpenSCAP content available, enter the following command.
# foreman-rake foreman_openscap:bulk_upload:default
- In the Satellite web UI, go to Configure > Discovery Rules and associate selected organizations and locations with discovery rules.
3.2. Synchronizing the New Repositories
You must enable and synchronize the new 6.11 repositories before you can upgrade Capsule Servers and Satellite clients.
Procedure
- In the Satellite web UI, navigate to Content > Red Hat Repositories.
- Toggle the Recommended Repositories switch to the On position.
From the list of results, expand the following repositories and click the Enable icon to enable the repositories:
- To upgrade Satellite clients, enable the Red Hat Satellite Client 6 repositories for all Red Hat Enterprise Linux versions that clients use.
If you have Capsule Servers, to upgrade them, enable the following repositories too:
Red Hat Satellite Capsule 6.11 (for RHEL 7 Server) (RPMs)
Red Hat Satellite Maintenance 6.11 (for RHEL 7 Server) (RPMs)
Red Hat Ansible Engine 2.9 RPMs for Red Hat Enterprise Linux 7 Server
Red Hat Software Collections RPMs for Red Hat Enterprise Linux 7 Server
NoteIf the 6.11 repositories are not available, refresh the Red Hat Subscription Manifest. In the Satellite web UI, navigate to Content > Subscriptions, click Manage Manifest, then click Refresh.
- In the Satellite web UI, navigate to Content > Sync Status.
- Click the arrow next to the product to view the available repositories.
- Select the repositories for 6.11. Note that Red Hat Satellite Client 6 does not have a 6.11 version. Choose Red Hat Satellite Client 6 instead.
Click Synchronize Now.
ImportantIf an error occurs when you try to synchronize a repository, refresh the manifest. If the problem persists, raise a support request. Do not delete the manifest from the Customer Portal or in the Satellite web UI; this removes all the entitlements of your content hosts.
- If you use Content Views to control updates to the base operating system of Capsule Server, update those Content Views with new repositories, publish, and promote their updated versions. For more information, see Managing Content Views in the Content Management Guide.
3.3. Upgrading Capsule Servers
This section describes how to upgrade Capsule Servers from 6.10 to 6.11.
Before You Begin
- You must upgrade Satellite Server before you can upgrade any Capsule Servers. Note that you can upgrade Capsules separately from Satellite. For more information, see Section 1.4, “Upgrading Capsules Separately from Satellite”.
- Ensure the Red Hat Satellite Capsule 6.11 repository is enabled in Satellite Server and synchronized.
- Ensure that you synchronize the required repositories on Satellite Server. For more information, see Section 3.2, “Synchronizing the New Repositories”.
- If you use Content Views to control updates to the base operating system of Capsule Server, update those Content Views with new repositories, publish, and promote their updated versions. For more information, see Managing Content Views in the Content Management Guide.
- Ensure the Capsule’s base system is registered to the newly upgraded Satellite Server.
- Ensure the Capsule has the correct organization and location settings in the newly upgraded Satellite Server.
- Review and update your firewall configuration prior to upgrading your Capsule Server. For more information, see Preparing Your Environment for Capsule Installation in Installing Capsule Server.
If you implemented custom certificates, you must retain the content of both the /root/ssl-build directory and the directory in which you created any source files associated with your custom certificates.
Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.
Upgrading Capsule Servers
Create a backup.
- On a virtual machine, take a snapshot.
On a physical machine, create a backup.
For information on backups, see Backing Up Satellite Server and Capsule Server in the Administering Red Hat Satellite 6.10 guide.
Regenerate certificates on your Satellite Server:
Regenerate certificates for Capsules that use default certificates:
For Capsule Servers that do not use load balancing:
# capsule-certs-generate --foreman-proxy-fqdn "_capsule.example.com_" \ --certs-update-all \ --certs-tar "~/_capsule.example.com-certs.tar_"
For Capsule Servers that are load-balanced:
# capsule-certs-generate --foreman-proxy-fqdn "_capsule.example.com_" \ --certs-update-all \ --foreman-proxy-cname "_load-balancer.example.com_" \ --certs-tar "~/_capsule.example.com-certs.tar_"
Regenerate certificates for Capsules that use custom certificates:
For Capsule Servers that do not use load balancing:
# capsule-certs-generate --foreman-proxy-fqdn "_capsule.example.com_" \ --certs-tar "~/_capsule.example.com-certs.tar_" \ --server-cert "/root/capsule_cert/_capsule_cert.pem_" \ --server-key "/root/capsule_cert/_capsule_cert_key.pem_" \ --server-ca-cert "/root/capsule_cert/_ca_cert_bundle.pem_" \ --certs-update-server
For Capsule Servers that are load-balanced:
# capsule-certs-generate --foreman-proxy-fqdn "_capsule.example.com_" \ --certs-tar "~/_capsule.example.com-certs.tar_" \ --server-cert "/root/capsule_cert/_capsule_cert.pem_" \ --server-key "/root/capsule_cert/_capsule_cert_key.pem_" \ --server-ca-cert "/root/capsule_cert/_ca_cert_bundle.pem_" \ --foreman-proxy-cname "_load-balancer.example.com_" \ --certs-update-server
For more information on custom SSL certificates signed by a Certificate Authority, see Deploying a Custom SSL Certificate to Capsule Server in Installing Capsule Server.
-
Copy the resulting tarball to your Capsule. The location must match what the installer expects. Use
grep tar_file /etc/foreman-installer/scenarios.d/capsule-answers.yamlon your Capsule to determine this. Clean yum cache:
# yum clean metadata
Ensure Capsule has access to
rhel-7-server-satellite-maintenance-6.11-rpmsand update satellite-maintain.# subscription-manager repos --enable rhel-7-server-satellite-maintenance-6.11-rpms # yum --disableplugin=foreman-protector update rubygem-foreman_maintain satellite-maintain
On Capsule Server, verify that the
foreman_urlsetting points to the Satellite FQDN:# grep foreman_url /etc/foreman-proxy/settings.yml
Check the available versions to confirm the version you want is listed:
# satellite-maintain upgrade list-versions
Because of the lengthy upgrade time, use a utility such as
tmuxto suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the
/var/log/foreman-installer/capsule.logfile to check if the process completed successfully.Use the health check option to determine if the system is ready for upgrade:
# satellite-maintain upgrade check --target-version 6.11
Review the results and address any highlighted error conditions before performing the upgrade.
Perform the upgrade:
# satellite-maintain upgrade run --target-version 6.11
Check when the kernel packages were last updated:
# rpm -qa --last | grep kernel
Optional: If a kernel update occurred since the last reboot, reboot the system:
# reboot
- Optional: If you made manual edits to DNS or DHCP configuration files, check and restore any changes required to the DNS and DHCP configuration files using the backups made earlier.
- Optional: If you use custom repositories, ensure that you enable these custom repositories after the upgrade completes.
3.4. Upgrading Content Hosts
The Satellite Client 6 repository provides katello-agent and katello-host-tools, which provide communication services for managing Errata.
The Katello agent is deprecated and will be removed in a future Satellite version. Migrate your workloads to use the remote execution feature to update clients remotely. For more information, see Migrating from Katello Agent to Remote Execution in the Managing Hosts Guide.
For deployments using katello-agent and goferd, update all clients to the new version of katello-agent. For deployments not using katello-agent and goferd, update all clients to the new version of katello-host-tools. Complete this action as soon as possible so that your clients are fully compatible with Satellite Server.
Prerequisites
- You must have upgraded Satellite Server.
- You must have enabled the new Satellite Client 6 repositories on the Satellite.
- You must have synchronized the new repositories in the Satellite.
-
If you have not previously installed
katello-agenton your clients and you want to install it, use the manual method. For more information, see CLI Procedure.
If you implemented custom certificates, you must retain the content of both the /root/ssl-build directory and the directory in which you created any source files associated with your custom certificates.
Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.
Procedure
- In the Satellite web UI, navigate to Hosts > Content Hosts and select the Content Hosts that you want to upgrade.
- From the Select Action list, select Manage Repository Sets.
- From the Repository Sets Management list, select the Red Hat Satellite Tools 6.10 checkbox.
- From the Select Action list, select Override to Disabled, and click Done.
- When the process completes, on the same set of hosts from the previous steps, from the Select Action list, select Manage Repository Sets.
- From the Repository Sets Management list, select the Red Hat Satellite Client 6 checkbox.
- From the Select Action list, select Override to Enabled, and click Done.
- When the process completes, on the same set of hosts from the previous steps, from the Select Action list, select Manage Packages.
In the Package search field, enter one of the following options depending on your configuration:
-
If your deployment uses
katello-agentand goferd, enterkatello-agent. -
If your deployment does not use
katello-agentand goferd, enterkatello-host-tools.
-
If your deployment uses
- From the Update list, you must select the via remote execution option. This is required because if you update the package using the Katello agent, the package update disrupts the communication between the client and Satellite or Capsule Server, which causes the update to fail. For more information, see Configuring and Setting Up Remote Jobs in the Managing Hosts guide.
CLI Procedure
- Log into the client system.
Disable the repositories for the previous version of Satellite.
# subscription-manager repos \ --disable rhel-7-server-satellite-tools-6.10-rpms
Enable the Satellite Client 6 repository for this version of Satellite.
# subscription-manager repos \ --enable=rhel-7-server-satellite-client-6-rpms
Depending on your configuration, complete one of the following steps:
If your deployment uses
katello-agentand goferd, enter the following command to install or upgradekatello-agent:# yum install katello-agent
If your deployment does not use
katello-agentand goferd, enter the following command to install or upgradekatello-host-tools:# yum install katello-host-tools
3.5. Upgrading the External Database
You can upgrade an external database from Red Hat Enterprise Linux 7 to Red Hat Enterprise Linux 8 while upgrading Satellite from 6.10 to 6.11.
Prerequisites
- Create a new Red Hat Enterprise Linux 8 based host for PostgreSQL server that follows the external database on Red Hat Enterprise Linux 8 documentation. For more information, see Using External Databases with Satellite.
Procedure
- Create a backup.
- Restore the backup on the new server.
If Satellite reaches the new database server via the old name, no further changes are required. Otherwise reconfigure Satellite to use the new name:
# satellite-installer \ --foreman-db-host newpostgres.example.com \ --katello-candlepin-db-host newpostgres.example.com \ --foreman-proxy-content-pulpcore-postgresql-host newpostgres.example.com
3.6. Performing Post-Upgrade Tasks
Some of the procedures in this section are optional. You can choose to perform only those procedures that are relevant to your installation.
3.6.1. Upgrading Discovery
If you use the PXE-based discovery process, then you must complete the discovery upgrade procedure on Satellite and on any Capsule Server with hosts that you want to be listed in Satellite on the Hosts > Discovered hosts page.
This section describes updating the PXELinux template and the boot image passed to hosts that use PXE booting to register themselves with Satellite Server.
From Satellite 6.11, provisioning templates now have a separate association with a subnet, and do not default to using the TFTP Capsule for that subnet. If you create subnets after the upgrade, you must specifically enable the Satellite or a Capsule to provide a proxy service for discovery templates and then configure all subnets with discovered hosts to use a specific template Capsule.
During the upgrade, for every subnet with a TFTP proxy enabled, the template Capsule is set to be the same as the TFTP Capsule. After the upgrade, check all subnets to verify this was set correctly.
These procedures are not required if you do not use PXE booting of hosts to enable Satellite to discover new hosts.
Additional resources
For information about configuring the Discovery service, see Configuring the Discovery Service in Provisioning Hosts.
3.6.1.1. Upgrading Discovery on Satellite Server
Update the Discovery template in the Satellite web UI:
- In the Satellite web UI, navigate to Hosts > Provisioning templates.
-
On the
PXELinux global defaultline, click Clone. -
Enter a new name for the template in the Name field, for example
ACME PXE global default. -
In the template editor field, change the line
ONTIMEOUT localtoONTIMEOUT discoveryand click Submit. - In the Satellite web UI, navigate to Administer > Settings.
-
On the Provisioning tab, set
Default PXE global template entryto a custom value for your environment. -
Locate
Global default PXELinux templateand click on its Value. - Select the name of the newly created template from the menu and click Submit.
- In the Satellite web UI, navigate to Hosts > Provisioning templates.
- Click Build PXE Default, then click OK.
NoteIf the template is modified, a Satellite upgrade overrides it to its default version. Once the PXE Default configuration is built, the template configured in the Settings is deployed to the TFTP. This can result in deploying the default template if the new template is correctly set in the Settings.
- In the Satellite web UI, go to Configure > Discovery Rules and associate selected organizations and locations with discovery rules.
3.6.2. Upgrading Discovery on Capsule Servers
Verify that the Foreman Discovery package is current on Satellite Server.
# satellite-maintain packages install tfm-rubygem-foreman_discovery
If an update occurred in the previous step, restart the
satellite-maintainservices.# satellite-maintain service restart
Upgrade the Discovery image on the Satellite Capsule that is either connected to the provisioning network with discovered hosts or provides TFTP services for discovered hosts.
# satellite-maintain packages install foreman-discovery-image
On the same instance, install the package which provides the Proxy service, and then restart
foreman-proxyservice.# satellite-maintain packages install tfm-rubygem-smart_proxy_discovery # service foreman-proxy restart
- In the Satellite web UI, go to Infrastructure > Capsules and verify that the relevant Capsule lists Discovery in the features column. Select Refresh from the Actions drop-down menu if necessary.
Go to Infrastructure > Subnets and for each subnet on which you want to use discovery:
- Click the subnet name.
- On the Capsules tab, ensure the Discovery Capsule is set to a Capsule you configured above.
3.6.2.1. Verifying Subnets have a Template Capsule
If the Templates feature is enabled in your environment, ensure all subnets with discovered hosts have a template Capsule:
- In the Satellite web UI, navigate to Infrastructure > Subnets.
- Select the subnet you want to check.
- On the Capsules tab, ensure a Template Capsule has been set for this subnet.
For more information about configuring subnets with template Capsules, see Configuring the Discovery Service in the Provisioning guide.
3.6.3. Upgrading virt-who
If virt-who is installed on Satellite Server or a Capsule Server, it will be upgraded when they are upgraded. No further action is required. If virt-who is installed elsewhere, it must be upgraded manually.
Before You Begin
If virt-who is installed on a host registered to Satellite Server or a Capsule Server, first upgrade the host to the latest packages available in the Satellite Client 6 repository. For information about upgrading hosts, see Section 3.4, “Upgrading Content Hosts”.
Upgrade virt-who Manually
Upgrade virt-who.
# yum upgrade virt-who
Restart the virt-who service so the new version is activated.
# systemctl restart virt-who.service
3.6.4. Removing the Previous Version of the Satellite Tools Repository
After completing the upgrade to Satellite 6.11, the Red Hat Satellite Tools 6.10 repository can be removed from Content Views and then disabled.
Disable Version 6.10 of the Satellite Tools Repository:
- In the Satellite web UI, navigate to Content > Red Hat Repositories.
- In the Enabled Repositories area, locate Red Hat Satellite Tools 6.10 for RHEL 7 Server RPMs x86_64.
- Click the Disable icon to the right.
If the repository is still contained in a Content View then you cannot disable it. Packages from a disabled repository are removed automatically by a scheduled task.
3.6.5. Migrating Ansible Content
The upgrade from Red Hat Enterprise Linux 7 to Red Hat Enterprise Linux 8 includes an upgrade from Ansible Engine 2.9 to Ansible Core 2.12.
If you have custom Ansible content such as playbooks, job templates inside REX, roles and collections on disk, and you rely on modules being delivered by the Ansible RPM on Satellite, you have to take additional steps to adapt your Ansible installation or migrate your Ansible content.
Ansible Core contains only essential modules. In terms of FQCN notation namespace.collection.module, you can continue to use ansible.builtin.*, but everything else is missing in Ansible Core. That means you will be no longer able to use non-builtin Ansible modules as you were used to and you have to get them from another source, eventually.
You have the following options to handle your Ansible content after the upgrade:
You can obtain additional community-maintained collections that provide the non-essential functionality from Ansible Galaxy. For more information, see Installing collections in the Galaxy User Guide.
Note that Red Hat does not provide support for this content.
-
If you have a subscription for Red Hat Automation Hub, you can configure your
ansible-galaxyto talk to Automation Hub server and download content from there. That content is supported by Red Hat. For more information on configuring Automation Hub connection foransible-galaxy, see Configuring Red Hat automation hub as the primary source for content. - You can rewrite your Ansible roles, templates and other affected content. Note that Red Hat does not provide support for content that you maintain yourself.
If you want to download and install Ansible content on Capsule that does not have a connection to an external Ansible Galaxy server, then you must pass the content through Satellite Server instead of using the URL of the Ansible Galaxy server in the configuration on the Capsule directly:
- Sync the content from a Ansible Galaxy server to a custom repository on your Satellite Server.
- Configure Ansible on your Capsule to download the content from Satellite Server.
3.6.6. Reclaiming PostgreSQL Space
The PostgreSQL database can use a large amount of disk space especially in heavily loaded deployments. Use this procedure to reclaim some of this disk space on Satellite.
Procedure
Stop all services, except for the
postgresqlservice:# satellite-maintain service stop --exclude postgresql
Switch to the
postgresuser and reclaim space on the database:# su - postgres -c 'vacuumdb --full --all'
Start the other services when the vacuum completes:
# satellite-maintain service start
3.6.7. Updating Templates, Parameters, Lookup Keys and Values
During the upgrade process, Satellite attempts to locate macros that are deprecated for Satellite 6.11 and converts old syntax to new syntax for the default Satellite templates, parameters, and lookup keys and values. However, Satellite does not convert old syntax in cloned templates and in custom job or provisioning templates that you have created.
The process uses simple text replacement, for example:
@host.params['parameter1'] -> host_param('parameter1')
@host.param_true?('parameter1') -> host_param_true?('parameter1')
@host.param_false?('parameter1') -> host_param_false?('parameter1')
@host.info['parameters'] -> host_enc['parameters']If you use cloned templates in Satellite, verify whether the cloned templates have diverged from the latest version of the original templates in Satellite. The syntax for the same template can differ between versions of Satellite. If your cloned templates contain outdated syntax, update the syntax to match the latest version of the template.
To ensure that this text replacement does not break or omit any variables in your files during the upgrade, check all templates, parameters, and lookup keys and values for the old syntax and replace manually.
The following error occurs because of old syntax remaining in files after the upgrade:
undefined method '#params' for Host::Managed::Jail
Fixing the outdated subscription_manager_registration snippet
Satellite 6.4 onwards uses the redhat_register snippet instead of the subscription_manager_registration snippet.
If you upgrade from Satellite 6.3 and earlier, you must replace the subscription_manager_registration snippet in your custom job or provisioning templates as follows:
<%= snippet "subscription_manager_registration" %>
↓
<%= snippet 'redhat_register' %>3.6.8. Tuning Satellite Server with Predefined Profiles
If your Satellite deployment includes more than 5000 hosts, you can use predefined tuning profiles to improve performance of Satellite.
Note that you cannot use tuning profiles on Capsules.
You can choose one of the profiles depending on the number of hosts your Satellite manages and available hardware resources.
The tuning profiles are available in the /usr/share/foreman-installer/config/foreman.hiera/tuning/sizes directory.
When you run the satellite-installer command with the --tuning option, deployment configuration settings are applied to Satellite in the following order:
-
The default tuning profile defined in the
/usr/share/foreman-installer/config/foreman.hiera/tuning/common.yamlfile -
The tuning profile that you want to apply to your deployment and is defined in the
/usr/share/foreman-installer/config/foreman.hiera/tuning/sizes/directory -
Optional: If you have configured a
/etc/foreman-installer/custom-hiera.yamlfile, Satellite applies these configuration settings.
Note that the configuration settings that are defined in the /etc/foreman-installer/custom-hiera.yaml file override the configuration settings that are defined in the tuning profiles.
Therefore, before applying a tuning profile, you must compare the configuration settings that are defined in the default tuning profile in /usr/share/foreman-installer/config/foreman.hiera/tuning/common.yaml, the tuning profile that you want to apply and your /etc/foreman-installer/custom-hiera.yaml file, and remove any duplicated configuration from the /etc/foreman-installer/custom-hiera.yaml file.
- default
Number of managed hosts: 0 – 5000
RAM: 20G
Number of CPU cores: 4
- medium
Number of managed hosts: 5001 – 10000
RAM: 32G
Number of CPU cores: 8
- large
Number of managed hosts: 10001 – 20000
RAM: 64G
Number of CPU cores: 16
- extra-large
Number of managed hosts: 20001 – 60000
RAM: 128G
Number of CPU cores: 32
- extra-extra-large
Number of managed hosts: 60000+
RAM: 256G
Number of CPU cores: 48+
Procedure
Optional: If you have configured the
custom-hiera.yamlfile on Satellite Server, back up the/etc/foreman-installer/custom-hiera.yamlfile tocustom-hiera.original. You can use the backup file to restore the/etc/foreman-installer/custom-hiera.yamlfile to its original state if it becomes corrupted:# cp /etc/foreman-installer/custom-hiera.yaml \ /etc/foreman-installer/custom-hiera.original
-
Optional: If you have configured the
custom-hiera.yamlfile on Satellite Server, review the definitions of the default tuning profile in/usr/share/foreman-installer/config/foreman.hiera/tuning/common.yamland the tuning profile that you want to apply in/usr/share/foreman-installer/config/foreman.hiera/tuning/sizes/. Compare the configuration entries against the entries in your/etc/foreman-installer/custom-hiera.yamlfile and remove any duplicated configuration settings in your/etc/foreman-installer/custom-hiera.yamlfile. Enter the
satellite-installercommand with the--tuningoption for the profile that you want to apply. For example, to apply the medium tuning profile settings, enter the following command:# satellite-installer --tuning medium
