Chapter 7. Patching Your Systems

To patch your systems through Satellite Server, you need to register your systems first, and then choose to install Katello agent or use remote execution. Remote execution is enabled by default. This chapter covers both methods. Choose the option that suits your environment

7.1. Registering Existing Hosts

This section explains how to register Red Hat Enterprise Linux Hosts and Atomic Hosts.

7.1.1. Registering an Existing Red Hat Enterprise Linux Host

  1. On the host, clear any old data to ensure updated data is uploaded correctly.

    # subscription-manager clean
  2. Install the katello-ca-consumer-latest RPM.

    # rpm -Uvh http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm

    This installs the proper certificates which allow communication between the client and the Satellite Server.

  3. Register the host.

    # subscription-manager register --org $ORG \
    --activationkey ak-Reg_To_Dev_EL7

7.1.2. Registering an Atomic Host

The following procedure explains how to register an Atomic Host with Subscription Manager.

  1. Retrieve katello-rhsm-consumer from the Satellite Server:

    [root@atomic_client ~]# wget http://satellite.example.com/pub/katello-rhsm-consumer
  2. Change the mode of katello-rhsm-consumer in order to make it executable:

    [root@atomic_client ~]# chmod +x katello-rhsm-consumer
  3. Run katello-rhsm-consumer:

    [root@atomic_client ~]# ./katello-rhsm-consumer
  4. Register with Red Hat Subscription Manager:

    [root@atomic_client ~]# subscription-manager register
Note

Because Atomic is functionally an appliance, we do not recommend that you try to install katello-agent on it.

7.2. Patching Your System Using Katello Agent

7.2.1. Installing Katello Agent

On the content host, install the katello-agent RPM package.

# yum install katello-agent

The goferd service must be running so that the Red Hat Satellite Server or Capsule Server can provide information about errata that are applicable for content hosts.

Ensure goferd is running:

  • On Red Hat Enterprise Linux 6, run the following command:

    # service goferd start
  • On Red Hat Enterprise Linux 7, run the following command:

    # systemctl start goferd

7.2.2. Applying Errata to Content Hosts

Applying Errata to Content Hosts Using the Web UI

  1. Go to Hosts → Content Hosts and click on auth01.example.com.
  2. Select the Errata tab to view the list of errata applicable to the content host.
  3. From the list, select an errata.
  4. Click Apply Selected.
  5. A confirmation message appears. Click Apply.
  6. Verify that the errata has been applied to the client.

    [root@client ~]# yum list-sec

Applying Errata to Content Hosts Using Hammer CLI

  1. List the errata that apply to the auth01.example.com host.

    # hammer content-host errata list --content-host auth01.example.com \
    --organization "$ORG"
  2. Apply the errata required by the host.

    # hammer host errata apply --content-host auth01.example.com \
    --organization "$ORG" \
    --errata-ids errata_id.
  3. Verify that the errata has been applied to the client.

    [root@client ~]# yum list-sec

7.3. Patching Your System Using Remote Execution

7.3.1. Enabling Remote Execution on a Host

During Satellite Server installation, an internal Capsule Server is automatically installed along with a public SSH key. The internal Capsule Server loads the SSH key from /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy. You can enable remote execution by distributing the public SSH key to a host.

On the Satellite Server, distribute the key to the host.

 # ssh-copy-id -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub root@auth01.example.com

7.3.2. Installing Errata on Your Host

Satellite provides default job templates for executing remote jobs, one of which is for installing errata.

  1. Go to HostsAll hosts and click the check box next to the host’s name.
  2. Click Select Action and select Schedule Remote Job from the drop-down menu.
  3. In the Job category drop-down menu, select Katello.
  4. In the Job template drop-down menu, select Install Errata-Katello SSH Default.
  5. In the errata field, enter the errata ID.
  6. Select Execute now and click Submit.