Chapter 4. Updating Satellite Server and Capsule Server

Use this chapter to update your existing Satellite Server and Capsule Server to a new patch version, for example, from 6.12.0 to 6.12.1.

Updates patch security vulnerabilities and minor issues discovered after code is released, and are often fast and non-disruptive to your operating environment.

Before updating, back up your Satellite Server and all Capsule Servers. For more information, see Backing Up Satellite Server and Capsule Server in Administering Red Hat Satellite.

4.1. Updating Satellite Server

Prerequisites

  • Ensure that you have synchronized Satellite Server repositories for Satellite, Capsule, and Satellite Client 6.
  • Ensure each external Capsule and Content Host can be updated by promoting the updated repositories to all relevant Content Views.
Warning

If you customize configuration files, manually or using a tool such as Hiera, these changes are overwritten when the installation script runs during upgrading or updating. You can use the --noop option with the satellite-installer script to test for changes. For more information, see the Red Hat Knowledgebase solution How to use the noop option to check for changes in Satellite config files during an upgrade.

Updating Satellite Server to the Next Minor Version

To Update Satellite Server:

  1. Ensure the Satellite Maintenance repository is enabled:

    # subscription-manager repos --enable \
    satellite-maintenance-6.12-for-rhel-8-x86_64-rpms
  2. Check the available versions to confirm the next minor version is listed:

    # satellite-maintain upgrade list-versions
  3. Use the health check option to determine if the system is ready for upgrade. On first use of this command, satellite-maintain prompts you to enter the hammer admin user credentials and saves them in the /etc/foreman-maintain/foreman-maintain-hammer.yml file.

    # satellite-maintain upgrade check --target-version 6.12.z

    Review the results and address any highlighted error conditions before performing the upgrade.

  4. Because of the lengthy update time, use a utility such as tmux to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.

    If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the /var/log/foreman-installer/satellite.log file to check if the process completed successfully.

  5. Perform the upgrade:

    # satellite-maintain upgrade run --target-version 6.12.z
  6. Check when the kernel packages were last updated:

    # rpm -qa --last | grep kernel
  7. Optional: If a kernel update occurred since the last reboot, stop Satellite services and reboot the system:

    # satellite-maintain service stop
    # reboot

4.2. Updating Disconnected Satellite Server

This section describes the steps needed to update in an Air-gapped Disconnected setup where the connected Satellite Server (which synchronizes content from CDN) is air gapped from a disconnected Satellite Server.

Complete the following steps on the connected Satellite Server.

  1. Ensure that you have synchronized the following repositories in your connected Satellite Server.

    rhel-8-for-x86_64-baseos-rpms
    rhel-8-for-x86_64-appstream-rpms
    satellite-6.12-for-rhel-8-x86_64-rpms
    satellite-maintenance-6.12-for-rhel-8-x86_64-rpms
  2. Download the debug certificate of the organization and store it locally at, for example, /etc/pki/katello/certs/org-debug-cert.pem or a location of your choosing. For more information, see Creating an Organization Debug Certificate in Administering Red Hat Satellite.
  3. Create a Yum configuration file under /etc/yum.repos.d, such as satellite-disconnected.repo, with the following contents:

    [rhel-8-for-x86_64-baseos-rpms]
    name=Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel8/8/x86_64/baseos/os
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    sslverify = 1
    
    [rhel-8-for-x86_64-appstream-rpms]
    name=Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel8/8/x86_64/appstream/os
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    sslverify = 1
    
    [satellite-6.12-for-rhel-8-x86_64-rpms]
    name=Red Hat Satellite 6.12 for RHEL 8 RPMs x86_64
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel8/x86_64/satellite/6.12/os
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    
    [satellite-maintenance-6.12-for-rhel-8-x86_64-rpms]
    name=Red Hat Satellite Maintenance 6.12 for RHEL 8 RPMs x86_64
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel8/x86_64/sat-maintenance/6.12/os
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    sslverify = 1
  4. In the configuration file, replace /etc/pki/katello/certs/org-debug-cert.pem in sslclientcert and sslclientkey with the location of the downloaded organization debug certificate.
  5. Update satellite.example.com with correct FQDN for your deployment.
  6. Replace My_Organization with the correct organization label in the baseurl. To obtain the organization label, enter the command:

    # hammer organization list
  7. Enter the reposync command:

    # reposync --delete --download-metadata -p ~/Satellite-repos -n \
     --disableplugin=foreman-protector \
     --repoid rhel-8-for-x86_64-baseos-rpms \
     --repoid rhel-8-for-x86_64-appstream-rpms \
     --repoid satellite-6.12-for-rhel-8-x86_64-rpms \
     --repoid satellite-maintenance-6.12-for-rhel-8-x86_64-rpms

    This downloads the contents of the repositories from the connected Satellite Server and stores them in the directory ~/Satellite-repos.

  8. Verify that the RPMs have been downloaded and the repository data directory is generated in each of the sub-directories of ~/Satellite-repos.
  9. Archive the contents of the directory

    # cd ~
    # tar czf Satellite-repos.tgz Satellite-repos
  10. Use the generated Satellite-repos.tgz file to upgrade in the disconnected Satellite Server.

Perform the following steps on the disconnected Satellite Server:

  1. Copy the generated Satellite-repos.tgz file to your disconnected Satellite Server
  2. Extract the archive to anywhere accessible by the root user. In the following example /root is the extraction location.

    # cd /root
    # tar zxf Satellite-repos.tgz
  3. Create a Yum configuration file under /etc/yum.repos.d, such as satellite-disconnected.repo, with the following contents:

    [rhel-8-for-x86_64-baseos-rpms]
    name=Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
    baseurl=file:///root/Satellite-repos/rhel-8-for-x86_64-baseos-rpms
    enabled=1
    
    [rhel-8-for-x86_64-appstream-rpms]
    name=Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
    baseurl=file:///root/Satellite-repos/rhel-8-for-x86_64-appstream-rpms
    enabled=1
    
    [satellite-6.12-for-rhel-8-x86_64-rpms]
    name=Red Hat Satellite 6 for RHEL 8 Server RPMs x86_64
    baseurl=file:///root/Satellite-repos/satellite-6.12-for-rhel-8-x86_64-rpms
    enabled=1
    
    [satellite-maintenance-6.12-for-rhel-8-x86_64-rpms]
    name=Red Hat Satellite Maintenance 6 for RHEL 8 Server RPMs x86_64
    baseurl=file:///root/Satellite-repos/satellite-maintenance-6.12-for-rhel-8-x86_64-rpms
    enabled=1
  4. In the configuration file, replace the /root/Satellite-repos with the extracted location.
  5. Check the available versions to confirm the next minor version is listed:

    # satellite-maintain upgrade list-versions
  6. Use the health check option to determine if the system is ready for upgrade. On first use of this command, satellite-maintain prompts you to enter the hammer admin user credentials and saves them in the /etc/foreman-maintain/foreman-maintain-hammer.yml file.

    # satellite-maintain upgrade check --whitelist="check-upstream-repository,repositories-validate" --target-version 6.12.z
  7. Review the results and address any highlighted error conditions before performing the upgrade.
  8. Because of the lengthy update time, use a utility such as tmux to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.

    If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the /var/log/foreman-installer/satellite.log file to check if the process completed successfully.

  9. Perform the upgrade:

    # satellite-maintain upgrade run --whitelist="check-upstream-repository,repositories-setup,repositories-validate" --target-version 6.12.z
  10. Check when the kernel packages were last updated:

    # rpm -qa --last | grep kernel
  11. Optional: If a kernel update occurred since the last reboot, stop Satellite services and reboot the system:

    # satellite-maintain service stop
    # reboot

4.3. Updating Capsule Server

Use this procedure to update Capsule Servers to the next minor version.

Procedure

  1. Ensure that the Satellite Maintenance repository is enabled:

    # subscription-manager repos --enable \
    satellite-maintenance-6.12-for-rhel-8-x86_64-rpms
  2. Check the available versions to confirm the next minor version is listed:

    # satellite-maintain upgrade list-versions
  3. Use the health check option to determine if the system is ready for upgrade:

    # satellite-maintain upgrade check --target-version 6.12.z

    Review the results and address any highlighted error conditions before performing the upgrade.

  4. Because of the lengthy update time, use a utility such as tmux to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.

    If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the /var/log/foreman-installer/capsule.log file to check if the process completed successfully.

  5. Perform the upgrade:

    # satellite-maintain upgrade run --target-version 6.12.z
  6. Check when the kernel packages were last updated:

    # rpm -qa --last | grep kernel
  7. Optional: If a kernel update occurred since the last reboot, stop Satellite services and reboot the system:

    # satellite-maintain service stop
    # reboot