Red Hat Satellite 6 Administration

Bookmark this page
P12345678910111213
PreviousNext

Guided Exercise: Manage and Apply Errata to Hosts

Create an errata content view filter, add errata to an incremental content view, and apply errata to managed hosts.

Outcomes

  • Create an errata content view filter.

  • Apply errata to managed hosts.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start software-errata

Instructions

  1. Log in to the Satellite Server web UI, https://satellite.lab.example.com, as admin with redhat as the password.

  2. In the upper-left corner of the web page, set the organization to Operations. Set the location to Any Location.

  3. Create a filter in the OperationsServerBase content view that excludes all non-security errata dated January 1, 2022 and later. Publish a new version of the content view with the filter, and promote the version to the Development lifecycle environment.

    1. Click ContentContent Views, and then click the OperationsServerBase content view. Click the Filters tab and then click Create filter.

    2. Create a filter with the following details. Verify that the fields are correct, and then click Create filter.

      FieldValue
      NameNon-security Errata
      Content TypeErrata - by date range
      Inclusion TypeExclude
      DescriptionExclude non-security errata dated January 1, 2022 and later.

    3. Clear the Security checkbox in the Errata type list.

    4. Select January 1, 2022 in the Start Date field, and then click Edit rule.

    5. Click Publish new version for the OperationsServerBase content view. Enter Added non-security errata in the Description field. Click the Promote switch, and then select the Development checkbox. Click Next. Verify the information, and then click Finish. Wait for the process to complete.

    6. Click the Versions tab. Verify that the new content view version has fewer packages than the previous version.

  4. Deploy the Foreman SSH key to root@servera to enable the Katello SSH job invocation method.

    Important

    By default, RHEL 9 disables root SSH access using passwords. The configuration restricts you from remotely copying SSH keys to the root account. The lab start script modified the servera system's sshd configuration to add the PermitRootLogin yes setting to enable the root SSH access using passwords.

    An alternative method is to manually add the required SSH key contents to the root account's ~/.ssh/authorized_keys file.

    1. On workstation, log in to the satellite system as the student user and switch to the root user.

      [student@workstation ~]$ ssh student@satellite
[student@satellite ~]$ sudo -i
[sudo] password for student: student
[root@satellite ~]#

    2. From the satellite system, copy the Foreman SSH key manually to the root@servera account.

      [root@satellite ~]# ssh-copy-id \
-i ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub \
root@servera
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy.pub"
The authenticity of host 'servera (172.25.250.10)' can't be established.
ECDSA key fingerprint is SHA256:NJAyJMx8B2AeIYHRnVLAuJ1XZwblomyOKowyfTwGrTY.
ECDSA key fingerprint is MD5:48:f8:c7:7d:b8:3c:93:07:60:7b:e7:7a:2e:c1:c7:09.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@servera's password: redhat

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@servera'"
and check to make sure that only the key(s) you wanted were added.

    3. Verify that you successfully copied the key to the root@servera account. If the key is correctly installed, you can access the root@servera account without being prompted for a password. If you are prompted for a password, diagnose the issue and copy the satellite system's Foreman SSH key again. Keep open the servera system's terminal session.

      [root@satellite ~]# ssh -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy root@servera
...output omitted...
[root@servera ~]#

  5. Apply the previous version of the OperationsServerBase content view with errata to the servera host.

    1. Click HostsContent Hosts and click servera.lab.example.com. Click the Errata tab.

    2. Search for the errata with the RHSA-2022:5242 identifier. Enter id = RHSA-2022:5242 in the Filter field, and then click Search. Click the RHSA-2022:5242 link to display the errata. Scroll down, if necessary, to verify that the vim-common-8.2.2637-16.el9_0.2.x86_64 package is included in this erratum.

    3. Click the Errata tab, and select the checkbox for the RHSA-2022:5242 row. Click Apply Selected. Click Apply in the Apply Errata to Content Host dialog box. Wait until the process completes.

  6. Return to the servera terminal and verify that the vim-common-8.2.2637-16.el9_0.2.x86_64 package was upgraded.

    1. Verify that the vim-common-8.2.2637-16.el9_0.2.x86_64 package is upgraded.

      [root@servera ~]# dnf history info
Updating Subscription Management repositories.
Transaction ID : 5
Begin time     : Tue 02 Aug 2022 07:08:25 AM EDT
Begin rpmdb    : 3d28023a687eb2...d7e81403
End time       : Tue 02 Aug 2022 07:08:31 AM EDT (6 seconds)
End rpmdb      : c93abd666f031c...adffcf63
User           : root <root>
Return-Code    : Success
Releasever     : 9
Command Line   : -y update-minimal --advisory=RHSA-2022:5242
Comment        :
Packages Altered:
    Upgrade  vim-filesystem-2:8.2.2637-16.el9_0.2.noarch @rhel-9-for-x86_64-baseos-rpms
    Upgraded vim-filesystem-2:8.2.2637-15.el9.noarch     @@System
    Upgrade  vim-minimal-2:8.2.2637-16.el9_0.2.x86_64    @rhel-9-for-x86_64-baseos-rpms
    Upgraded vim-minimal-2:8.2.2637-15.el9.x86_64        @@System
    Upgrade  vim-common-2:8.2.2637-16.el9_0.2.x86_64     @rhel-9-for-x86_64-appstream-rpms
    Upgraded vim-common-2:8.2.2637-15.el9.x86_64         @@System
    Upgrade  vim-enhanced-2:8.2.2637-16.el9_0.2.x86_64   @rhel-9-for-x86_64-appstream-rpms
    Upgraded vim-enhanced-2:8.2.2637-15.el9.x86_64       @@System

    2. Return to the satellite system as the root user.

      [root@servera ~]# exit
logout
[root@satellite ~]#

  7. Delete the Non-security Errata filter from the OperationsServerBase content view, and republish the content view.

    Important

    In the following steps, you must delete the filter that you created in this exercise, because an active filter can significantly increase a content view's synchronization time. Deleting the filter from your content view shortens your synchronization wait time in later exercises.

    1. In the terminal window on the satellite system, delete the Non-security Errata filter.

      [root@satellite ~]# hammer content-view filter delete \
--name "Non-security Errata" \
--content-view OperationsServerBase \
--organization Operations
Filter deleted.

    2. Publish and promote a new version of the OperationsServerBase content view to the Development lifecycle environment.

      [root@satellite ~]# hammer content-view publish \
--name OperationsServerBase \
--lifecycle-environments Development \
--organization Operations
[.....................................................................] [100%]

    3. Return to the workstation system as the student user.

      [root@satellite ~]# exit
logout
[student@satellite ~]$ exit
logout
[student@workstation ~]$

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

The lab command removes the filter, publishes and promotes the content views related to the filter.

[student@workstation ~]$ lab finish software-errata

PreviousNext
Revision: rh403-6.11-3ad886e