Chapter 8. Managing Errata

Software packages in Red Hat products are subject to updates, referred to as errata, that are released at regular intervals as well as asynchronously. This section shows how to inspect and apply errata using hammer. For web UI equivalents of the following procedures see Managing Errata in the Content Management Guide.

8.1. Inspecting Available Errata

To view errata that are available for all organizations, issue the following command:

$ hammer erratum list

Example 8.1. Filtering Errata

The hammer erratum list command provides numerous options for filtering and ordering the output list. For example, to find an erratum that contains a specific security fix, issue:

$ hammer erratum list --cve CVE-2014-0453

The following command displays applicable errata for the selected product that contain the specified bugs ordered so that the security errata are displayed on top:

$ hammer erratum list \
--product-id 7 \
--search "bug = 1213000 or bug = 1207972" \
--errata-restrict-applicable 1 \
--order "type desc"

For more information on syntax used in the --search option, see Inspecting Available Errata in the Content Management Guide. For more information on filtering options implemented in hammer, see the output of hammer erratum list --help.

To view details of a specific erratum, issue the following command:

$ hammer erratum info --id erratum_ID

Replace erratum_ID with a unique identifier of the erratum found in the output of the hammer erratum list command. You can identify errata also by name and repository name, see the output of hammer erratum info --help for details.

8.2. Applying Errata to a Host

To list errata available for a host, issue the following command:

$ hammer host errata list --host hostname

To apply selected errata to the host, issue the following command:

$ hammer host errata apply \
--host hostname \
--errata-ids erratum_ID1,erratum_ID2...

Example 8.2. Applying All Available Errata to a Host

The following Bash script applies all errata available to a host (auth01.example.com):

HOST="auth01.example.com"
for i in $(hammer --csv host errata list --host $HOST | grep -vi '^ID' | awk -F, {'print $2'})
do
  hammer host errata apply --host $HOST --errata-ids $i
done

Example 8.3. Applying a Security Advisory

This example shows how to apply a security fix to hosts using hammer:

  1. Find the erratum that contains a fix for a selected issue (CVE-2015-3238):

    $ hammer erratum list --cve CVE-2015-3238
    -------|----------------|----------|------------------------------
    ID     | ERRATA ID      | TYPE     | TITLE
    -------|----------------|----------|------------------------------
    f30e66 | RHSA-2015:1640 | security | Moderate: pam security update
    -------|----------------|----------|------------------------------
  2. Verify if the security erratum (RHSA-2015:1640) is applicable for your host (auth01.example.com):

    $ hammer host errata list \
    --host auth01.example.com \
    --search "RHSA-2015:1640"
  3. Apply the erratum to the host:

    $ hammer host errata apply \
    --host auth01.example.com \
    --errata-ids "RHSA-2015:1640"

You can use the following Bash script to apply a security erratum (for example RHSA-2015:1640) to all hosts where it is applicable:

ORG="ACME"
RHSA="RHSA-2015:1640"

for i in $(hammer --csv host list --organization $ORG | grep -vi '^ID' | awk -F, {'print $2'})
do
  hammer host errata apply --host $i --errata-ids $RHSA
done

To see if errata were applied successfully, find the corresponding task in the output of the following command:

$ hammer task list

To review the state of a selected task, issue the following command:

$ hammer task progress --id task_ID

8.3. Applying Errata to a Host Collection

To apply selected errata to a Host Collection, enter a command as follows:

$ hammer host-collection erratum install \
--errata "erratum_ID1,erratum_ID2,..." \
--name "my-collection" --organization $ORG

This command is available in Red Hat Satellite 6.2.8 or later.