Red Hat Training

A Red Hat training course is available for Red Hat Satellite

Errata Management Guide

Red Hat Satellite 6.3

Installing Errata on Red Hat Satellite 6.3

Red Hat Satellite Documentation Team


This guide describes how to install errata on Red Hat Satellite Server 6.

Chapter 1. Introduction

This document explains how Red Hat Satellite 6 can support a rigid patching lifecycle for Red Hat Enterprise Linux systems.

This document explains how to perform in Satellite 6 patching procedures that are similar to the patching procedures defined in Rich Jerrido’s Red Hat Satellite 5.6 Errata Management Guide. In that guide, the command spacewalk-clone-by-date was the primary mechanism by which a patching schedule was defined. Satellite 6 has no such command and instead uses hammer. This guide explains how to use hammer to define a Content View that performs the same function as spacewalk-clone-by-date.

1.1. Audience

The audience for this guide is Systems and Security Administrators who are responsible for implementing a scalable and rigid patching schedule.

1.2. Requirements

Readers of this guide should be familiar with Red Hat Satellite and its terminology.

Chapter 2. Configuration

This chapter explains how to configure Satellite 6.

2.1. Updating the Satellite Repositories

Red Hat Satellite’s repositories should be kept up to date with the latest errata available from Red Hat. Run the following command often to ensure that Red Hat Satellite is kept up to date:

# hammer repository synchronize --product "prod_name" --name "repo_name" --organization-id="id"

For the procedures in this guide to work as intended, systems registered to Red Hat Satellite must be updated by means of the Content Views that are defined in this guide.

Your organization should also consider the use of synchronization plans for the purpose of keeping your Satellite repositories up-to-date. Synchronization plans define the automated updating of select repositories at specified intervals. See Creating a Synchronization Plan in the Hammer CLI Guide for information on defining synchronization plans.

Chapter 3. Monthly Patching Example

This chapter explains how to use Satellite to deploy errata to systems each month. In this example, we assume that we are patching systems in March of 2016.


This procedure replicates the functionality of the spacewalk-clone-by-date command that was present in Satellite 5, and was described in this document written by Rich Jerrido: Satellite 5.6 Errata Management Guide. The command-line tool hammer is used in Satellite 6 to perform the same functions that the spacewalk-clone-by-date command performed in Satellite 5.

3.1. Defining a Content View to Filter Errata

In this procedure, we create a Content View, add a filter to the Content View to include the errata in the Content View, and then restrict the filter by date by means of a filter rule.

  1. Create a Content View.

    # hammer -p PASSWORD content-view create --name='test_cv' --organization="Default Organization"

    The previous command passes the password in plaintext. This method is included in this guide for the sake of customers who are used to this method of authentication, but a more secure method of storing passwords, involving the storage of the password in a .yml file, is recommended to our customers and is to be found here: Authentication in the Hammer CLI Guide.

  2. Create a filter for the errata.

    # hammer -p PASSWORD content-view filter create --name='test_filter' --organization="Default Organization" --content-view='test_cv' --type=erratum
  3. Create the filter rule with the date.

    In this example, the date is 30 Mar 2016. This rule means that all errata on or after 30 Mar 2016 will be excluded.

    # hammer -p PASSWORD content-view filter rule create --content-view='filter_test'  --organization="Default Organization"  --content-view-filter='my-filter' --start-date=2016-03-30  --types=security,enhancement,bugfix
  4. Promote the Content View to the lifecycle environment so that the errata in it are available to that lifecycle environment:

    $ hammer content-view version promote
      --content-view cv_name \
      --organization-label="Default Organization" --to-lifecycle-environment env_name
  5. Use the following command to add a repository to a Content View without clobbering the existing list of repositories that have been added to that Content View:

    $ hammer content-view add-repository --organization-label org_label --name cv_name --repository-id repo_ID
  6. Apply the errata to the host, using the commands in the Hammer CLI Guide:

    $ hammer host errata apply --host <hostname> --errata-ids <erratum_ID1>,<erratum_ID2>...

    For more detail on commands that apply errata to hosts, see Applying Errata to a Content Host in the Hammer CLI Guide.

Legal Notice

Copyright © 2018 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.