Red Hat Training
A Red Hat training course is available for Red Hat Satellite
Errata Management Guide
Installing Errata on Red Hat Satellite 6.3
Red Hat Satellite Documentation Team
satellite-doc-list@redhat.com
Abstract
Chapter 1. Introduction
This document explains how Red Hat Satellite 6 can support a rigid patching lifecycle for Red Hat Enterprise Linux systems.
This document explains how to perform in Satellite 6 patching procedures that are similar to the patching procedures defined in Rich Jerrido’s Red Hat Satellite 5.6 Errata Management Guide. In that guide, the command spacewalk-clone-by-date
was the primary mechanism by which a patching schedule was defined. Satellite 6 has no such command and instead uses hammer
. This guide explains how to use hammer
to define a Content View that performs the same function as spacewalk-clone-by-date
.
1.1. Audience
The audience for this guide is Systems and Security Administrators who are responsible for implementing a scalable and rigid patching schedule.
1.2. Requirements
Readers of this guide should be familiar with Red Hat Satellite and its terminology.
Chapter 2. Configuration
This chapter explains how to configure Satellite 6.
2.1. Updating the Satellite Repositories
Red Hat Satellite’s repositories should be kept up to date with the latest errata available from Red Hat. Run the following command often to ensure that Red Hat Satellite is kept up to date:
# hammer repository synchronize --product "prod_name" --name "repo_name" --organization-id="id"
For the procedures in this guide to work as intended, systems registered to Red Hat Satellite must be updated by means of the Content Views that are defined in this guide.
Your organization should also consider the use of synchronization plans for the purpose of keeping your Satellite repositories up-to-date. Synchronization plans define the automated updating of select repositories at specified intervals. See Creating a Synchronization Plan in the Hammer CLI Guide for information on defining synchronization plans.
Chapter 3. Monthly Patching Example
This chapter explains how to use Satellite to deploy errata to systems each month. In this example, we assume that we are patching systems in March of 2016.
This procedure replicates the functionality of the spacewalk-clone-by-date
command that was present in Satellite 5, and was described in this document written by Rich Jerrido: Satellite 5.6 Errata Management Guide. The command-line tool hammer
is used in Satellite 6 to perform the same functions that the spacewalk-clone-by-date
command performed in Satellite 5.
3.1. Defining a Content View to Filter Errata
In this procedure, we create a Content View, add a filter to the Content View to include the errata in the Content View, and then restrict the filter by date by means of a filter rule.
Create a Content View.
# hammer -p PASSWORD content-view create --name='test_cv' --organization="Default Organization"
NoteThe previous command passes the password in plaintext. This method is included in this guide for the sake of customers who are used to this method of authentication, but a more secure method of storing passwords, involving the storage of the password in a .yml file, is recommended to our customers and is to be found here: Authentication in the Hammer CLI Guide.
Create a filter for the errata.
# hammer -p PASSWORD content-view filter create --name='test_filter' --organization="Default Organization" --content-view='test_cv' --type=erratum
Create the filter rule with the date.
In this example, the date is 30 Mar 2016. This rule means that all errata on or after 30 Mar 2016 will be excluded.
# hammer -p PASSWORD content-view filter rule create --content-view='filter_test' --organization="Default Organization" --content-view-filter='my-filter' --start-date=2016-03-30 --types=security,enhancement,bugfix
Promote the Content View to the lifecycle environment so that the errata in it are available to that lifecycle environment:
$ hammer content-view version promote --content-view cv_name \ --organization-label="Default Organization" --to-lifecycle-environment env_name
Use the following command to add a repository to a Content View without clobbering the existing list of repositories that have been added to that Content View:
$ hammer content-view add-repository --organization-label org_label --name cv_name --repository-id repo_ID
Apply the errata to the host, using the commands in the Hammer CLI Guide:
$ hammer host errata apply --host <hostname> --errata-ids <erratum_ID1>,<erratum_ID2>...
For more detail on commands that apply errata to hosts, see Applying Errata to a Content Host in the Hammer CLI Guide.
Chapter 4. External Links
The following links provide more information about using hammer
, and can be used in conjunction with the procedures in this guide to define more completely your organization’s patching strategy.
- Applying Errata to a Host - This section from the Hammer CLI Guide explains how to apply specific Errata to hosts.
- Adding Repositories to a Content View, from the Hammer CLI Guide.
- Hammer Cheat Sheet
- Satellite 5.6 Errata Management Guide by Rich Jerrido