Red Hat Satellite 6 Administration
After their initial release, Red Hat software packages might receive updates in the form of errata. Red Hat groups several packages into an erratum, with an advisory with a description of that erratum. The following types of advisories are provided, in descending order of importance:
- Security advisory
Addresses security issues in software packages. The security impact of the issue is categorized as Low, Moderate, Important, or Critical.
- Bug fix advisory
Provides fixes to bugs that were discovered in software packages.
- Product enhancement advisory
Provides enhancements and new features to the package.
Content view errata filtering provides granular control over which updates are propagated to content views. The promotion of content views to lifecycle environments enables precise control over when and to which systems the updates are applied.
Note
A single erratum can address multiple issue types, such as a security issue and a product enhancement. Errata are categorized according to the most important advisory type that they contain. For example, product enhancement errata can contain only enhancement updates, whereas security errata can contain security and bug fixes, as well as product enhancements.
In Red Hat Satellite, errata are further classified as either applicable or installable, to indicate their status in relation to specific content hosts.
Applicable errata updates packages that are installed in content hosts. Applicable errata are not ready for installation until the state changes to Installable.
Installable errata are available to a content host from a lifecycle environment, but are not yet installed. These errata can be installed by users who have permissions to manage content hosts, but are not entitled to errata management.
Navigate to → to review the available errata.
You can filter the list by repository and errata type (applicable or installable).
Use a query string in parameter operator value form to limit the displayed errata.
Refer to SectionTable 4.1, “Summary of Query Parameters for Filtering Errata” for a summary of the query parameters for filtering errata.
Table 4.1. Summary of Query Parameters for Filtering Errata
| Parameter | Description | Example |
|---|---|---|
| bug | Search by Bugzilla ID. | bug = BZ#12345 |
| cve | Search by CVE number. | cve = CVE-2015-0101 |
| id | Search by errata ID. | id = RHBA-2015:2000 |
| issued | Search by errata issue date. Accepted values include exact date, "Feb 16, 2015", or keywords, "Yesterday" or "1 hour ago". Use the less-than (<) and greater-than (>) operators for time ranges. | issued < "Jan 1, 2015" |
| package | Search by the full package build name. | package = glib2-2.22.5-6.el6.i686 |
| package_name | Search by the package name. | package_name = glib2 |
| severity | Search by severity level. This filter applies only to security errata. | severity = Important |
| title | Search by advisory title. The tilde character allows case-insensitive matches. | title ~ apache |
| type | Search by advisory type. | type = bugfix |
| updated | Search by last update date.
Accepts the same search values as the issued parameter. | updated = "2 days ago" |
Use the remote execution feature to run jobs on hosts remotely from Capsules by using shell scripts, Ansible tasks, and Ansible Playbooks.
Applying errata requires configuring passwordless remote job execution. Enabling remote execution and distributing keys are discussed in a later chapter on remote execution.
When the Foreman proxy service's remote execution keys are available, install the public key on each host that you intend to target for remote execution.
Use the ssh-copy-id command to install the public key on the target host's root account.
[root@satellite ~]#ssh-copy-id \ -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub \ root@host...output omitted... root@host's password:...output omitted...password
When the key is installed on the target host, attempt to log in to the target host by using the Foreman proxy private key. If you gain access without being prompted for a password, then the public key is properly installed and remote jobs can successfully access the target host.
[root@satellite ~]# ssh -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy root@host
...output omitted...
[root@host ~]#You can apply errata to a single host or to multiple hosts at the same time. Satellite Server can apply both installable errata and applicable errata. Although applicable errata are pertinent to content hosts, they are not available in the content host's content view and lifecycle environment.
In Satellite 6, administrators can apply applicable errata to content hosts by automatically creating a minor version of the affected content view to include the applicable errata. You can then promote this minor version to the appropriate lifecycle environment. Red Hat recommends to use the minor content view version method to apply errata.
Use the hammer host errata list --host command to list errata to specific content hosts.
You can filter the output by using the host--search option.
[root@satellite ~]#hammer --output base host errata list \--hosthost.example.com\--search tzdataId: 918 Erratum ID: RHBA-2022:1032 Type: bugfix Title: tzdata bug fix and enhancement update Installable: true ...output omitted...
Use the hammer job-invocation create command to apply errata to specific content hosts.
You can identify the erratum to apply by using the erratum ID.
[root@satellite ~]#hammer job-invocation create \--feature katello_errata_install \--inputs errata=918 \--search-query "name = host.example.com"Job invocation 1 created [.....................................................................] [100%] 1 task(s), 1 success, 0 fail
Red Hat recommends the previous method for Red Hat Satellite implementations with a limited number of organizations and content hosts. Some Red Hat Satellite implementations might have several organizations with many content views and content hosts. For installing errata in this scenario, the standard method might take a long time to implement.
Some customers use the following method as a fast strategy to apply errata to several content hosts. Red Hat recommends that you open a proactive support ticket to discuss the errata installation strategy that best fits your environment. This method assumes that in the Red Hat Satellite implementation, Satellite Ansible Collections is installed and configured to perform the tasks.
Locate and save the record of the hosts' content view and lifecycle environment that meet the criteria for the errata installation.
Move the target hosts to the
Default Organizationcontent view and to theLibrarylifecycle environment.On the target hosts, run the
subscription-manager refreshanddnf clean allcommands.Install or update the errata packages on the target hosts.
Move the target hosts back to the corresponding content view and lifecycle environment.
If the packages from the errata are available in a repository that the host is not subscribed to, then you must subscribe to the required repositories and add the repositories to the corresponding content views.
References
For more information, refer to the Managing Errata chapter in the Red Hat Satellite 6.11 Managing Content Guide at https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/managing_content/index#Managing_Errata_content-management
For more information, refer to the Configuring and Setting up Remote Jobs chapter in the Red Hat Satellite 6.11 Managing Hosts at https://access.redhat.com/documentation/en-us/red_hat_satellite/6.11/html-single/managing_hosts/index#Configuring_and_Setting_Up_Remote_Jobs_managing-hosts
