Search

Chapter 6. Updating Satellite Server and Capsule Server

download PDF

Use this chapter to update your existing Satellite Server and Capsule Server to a new patch version, for example, from 6.11.0 to 6.11.1.

Updates patch security vulnerabilities and minor issues discovered after code is released, and are often fast and non-disruptive to your operating environment.

Before updating, back up your Satellite Server and all Capsule Servers. For more information, see Backing Up Satellite Server and Capsule Server in the Administering Red Hat Satellite guide.

6.1. Updating Satellite Server

Prerequisites

  • Ensure that you have synchronized Satellite Server repositories for Satellite, Capsule, and Satellite Client 6.
  • Ensure each external Capsule and Content Host can be updated by promoting the updated repositories to all relevant Content Views.
Warning

If you customize configuration files, manually or use a tool such as Hiera, these customizations are overwritten when the installation script runs during upgrading or updating. You can use the --noop option with the satellite-installer script to test for changes. For more information, see the Red Hat Knowledgebase solution How to use the noop option to check for changes in Satellite config files during an upgrade.

Updating Satellite Server to the Next Minor Version

To Update Satellite Server:

  1. Ensure the Satellite Maintenance repository is enabled:

    • For Red Hat Enterprise Linux 8:

      # subscription-manager repos --enable \
      satellite-maintenance-6.11-for-rhel-8-x86_64-rpms
    • For Red Hat Enterprise Linux 7:

      # subscription-manager repos --enable \
      rhel-7-server-satellite-maintenance-6.11-rpms
  2. Check the available versions to confirm the next minor version is listed:

    # satellite-maintain upgrade list-versions
  3. Use the health check option to determine if the system is ready to upgrade. On first use of this command, satellite-maintain prompts you to enter the hammer admin user credentials and saves them in the /etc/foreman-maintain/foreman-maintain-hammer.yml file.

    # satellite-maintain upgrade check --target-version 6.11.z

    Review the results and address any highlighted error conditions before performing the upgrade.

  4. Because of the lengthy update time, use a utility such as tmux to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.

    If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the /var/log/foreman-installer/satellite.log file to check if the process was completed successfully.

  5. Perform the upgrade:

    # satellite-maintain upgrade run --target-version 6.11.z
  6. Check when the kernel packages were last updated:

    # rpm -qa --last | grep kernel
  7. Optional: If a kernel update occurred since the last reboot, stop Satellite services and reboot the system:

    # satellite-maintain service stop
    # reboot

6.2. Updating Disconnected Satellite Server

This section describes the steps needed to update in an Air-gapped Disconnected setup where the connected Satellite Server (which synchronizes content from CDN) is air gapped from a disconnected Satellite Server.

6.2.1. Updating Disconnected Satellite Server on Red Hat Enterprise Linux 8

Complete the following steps on the connected Satellite Server for Red Hat Enterprise Linux 8.

  1. Ensure that you have synchronized the following repositories in your connected Satellite Server.

    rhel-8-for-x86_64-baseos-rpms
    rhel-8-for-x86_64-appstream-rpms
    satellite-6.11-for-rhel-8-x86_64-rpms
    satellite-maintenance-6.11-for-rhel-8-x86_64-rpms
  2. Download the debug certificate of the organization and store it locally at, for example, /etc/pki/katello/certs/org-debug-cert.pem or a location of your choosing. For more information, see Creating an Organization Debug Certificate in Managing Content.
  3. Create a Yum configuration file under /etc/yum.repos.d, such as satellite-disconnected.repo, with the following contents:

    [rhel-8-for-x86_64-baseos-rpms]
    name=Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel8/8/x86_64/baseos/os
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    sslverify = 1
    
    [rhel-8-for-x86_64-appstream-rpms]
    name=Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel8/8/x86_64/appstream/os
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    sslverify = 1
    
    [satellite-6.11-for-rhel-8-x86_64-rpms]
    name=Red Hat Satellite 6.11 for RHEL 8 RPMs x86_64
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel8/x86_64/satellite/6.11/os
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    
    [satellite-maintenance-6.11-for-rhel-8-x86_64-rpms]
    name=Red Hat Satellite Maintenance 6.11 for RHEL 8 RPMs x86_64
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel8/x86_64/sat-maintenance/6.11/os
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    sslverify = 1
  4. In the configuration file, replace /etc/pki/katello/certs/org-debug-cert.pem in sslclientcert and sslclientkey with the location of the downloaded organization debug certificate.
  5. Update satellite.example.com with the correct FQDN for your deployment.
  6. Replace My_Organization with the correct organization label in the baseurl. To obtain the organization label, enter the command:

    # hammer organization list
  7. Enter the reposync command:

    • On Satellite Server running Red Hat Enterprise Linux 7:

      # reposync --delete --download-metadata -p ~/Satellite-repos -n \
       -r rhel-8-for-x86_64-baseos-rpms \
       -r rhel-8-for-x86_64-appstream-rpms \
       -r satellite-6.11-for-rhel-8-x86_64-rpms \
       -r satellite-maintenance-6.11-for-rhel-8-x86_64-rpms
    • On Satellite Server running Red Hat Enterprise Linux 8:

      # reposync --delete --download-metadata -p ~/Satellite-repos -n \
       --repoid rhel-8-for-x86_64-baseos-rpms \
       --repoid rhel-8-for-x86_64-appstream-rpms \
       --repoid satellite-6.11-for-rhel-8-x86_64-rpms \
       --repoid {RepoRHEL8ServerSatelliteMaintenanceProductVersion

    This downloads the contents of the repositories from the connected Satellite Server and stores them in the ~/Satellite-repos directory.

  8. Verify that the RPMs have been downloaded and the repository data directory is generated in each of the sub-directories of ~/Satellite-repos.
  9. Archive the contents of the directory

    # cd ~
    # tar czf Satellite-repos.tgz Satellite-repos
  10. Use the generated Satellite-repos.tgz file to upgrade in the disconnected Satellite Server.

Perform the following steps on the disconnected Satellite Server:

  1. Copy the generated Satellite-repos.tgz file to your disconnected Satellite Server
  2. Extract the archive to anywhere accessible by the root user. In the following example /root is the extraction location.

    # cd /root
    # tar zxf Satellite-repos.tgz
  3. Create a Yum configuration file under /etc/yum.repos.d, such as satellite-disconnected.repo, with the following contents:

    [rhel-8-for-x86_64-baseos-rpms]
    name=Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
    baseurl=file:///root/Satellite-repos/rhel-8-for-x86_64-baseos-rpms
    enabled=1
    
    [rhel-8-for-x86_64-appstream-rpms]
    name=Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
    baseurl=file:///root/Satellite-repos/rhel-8-for-x86_64-appstream-rpms
    enabled=1
    
    [satellite-6.11-for-rhel-8-x86_64-rpms]
    name=Red Hat Satellite 6 for RHEL 8 Server RPMs x86_64
    baseurl=file:///root/Satellite-repos/satellite-6.11-for-rhel-8-x86_64-rpms
    enabled=1
    
    [satellite-maintenance-6.11-for-rhel-8-x86_64-rpms]
    name=Red Hat Satellite Maintenance 6 for RHEL 8 Server RPMs x86_64
    baseurl=file:///root/Satellite-repos/satellite-maintenance-6.11-for-rhel-8-x86_64-rpms
    enabled=1
  4. In the configuration file, replace the /root/Satellite-repos with the extracted location.
  5. Check the available versions to confirm the next minor version is listed:

    # satellite-maintain upgrade list-versions
  6. Use the health check option to determine if the system is ready to upgrade. On first use of this command, satellite-maintain prompts you to enter the hammer admin user credentials and saves them in the /etc/foreman-maintain/foreman-maintain-hammer.yml file.

    # satellite-maintain upgrade check --whitelist="check-upstream-repository,repositories-validate" --target-version 6.11.z
  7. Review the results and address any highlighted error conditions before performing the upgrade.
  8. Because of the lengthy update time, use a utility such as tmux to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.

    If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the /var/log/foreman-installer/satellite.log file to check if the process was completed successfully.

  9. Perform the upgrade:

    # satellite-maintain upgrade run --whitelist="check-upstream-repository,repositories-validate" --target-version 6.11.z
  10. Check when the kernel packages were last updated:

    # rpm -qa --last | grep kernel
  11. Optional: If a kernel update occurred since the last reboot, stop Satellite services and reboot the system:

    # satellite-maintain service stop
    # reboot

6.2.2. Updating Disconnected Satellite Server on Red Hat Enterprise Linux 7

Complete the following steps on the connected Satellite Server for Red Hat Enterprise Linux 7.

  1. Ensure that you have synchronized the following repositories in your connected Satellite Server.

    rhel-7-server-ansible-2.9-rpms
    rhel-7-server-rpms
    rhel-7-server-satellite-6.11-rpms
    rhel-7-server-satellite-maintenance-6.11-rpms
    rhel-server-rhscl-7-rpms
  2. Download the debug certificate of the organization and store it locally at, for example, /etc/pki/katello/certs/org-debug-cert.pem or a location of your choosing.
  3. Create a Yum configuration file under /etc/yum.repos.d with the following repository information:

    [rhel-7-server-ansible-2.9-rpms]
    name=Ansible 2.9 RPMs for Red Hat Enterprise Linux 7 Server x86_64
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/$releasever/$basearch/ansible/2.9/os/
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    sslverify = 1
    
    [rhel-7-server-rpms]
    name=Red Hat Enterprise Linux 7 Server RPMs x86_64
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/os/
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    sslverify = 1
    
    [rhel-7-server-satellite-6.11-rpms]
    name=Red Hat Satellite 6 for RHEL 7 Server RPMs x86_64
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/satellite/6.11/os/
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    
    [rhel-7-server-satellite-maintenance-6.11-rpms]
    name=Red Hat Satellite Maintenance 6 for RHEL 7 Server RPMs x86_64
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/sat-maintenance/6/os/
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    sslverify = 1
    
    [rhel-server-rhscl-7-rpms]
    name=Red Hat Software Collections RPMs for Red Hat Enterprise Linux 7 Server x86_64
    baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os/
    enabled=1
    sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
    sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
    sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
    sslverify = 1
  4. In the configuration file, replace /etc/pki/katello/certs/org-debug-cert.pem in sslclientcert and sslclientkey with the location of the downloaded organization debug certificate.
  5. Update satellite.example.com with correct FQDN for your deployment.
  6. Replace My_Organization with the correct organization label in the baseurl. To obtain the organization label, enter the command:

    # hammer organization list
  7. Enter the reposync command:

    # reposync --delete --download-metadata -p ~/Satellite-repos -n \
     -r rhel-7-server-ansible-2.9-rpms \
     -r rhel-7-server-rpms \
     -r rhel-7-server-satellite-6.11-rpms \
     -r rhel-7-server-satellite-maintenance-6.11-rpms \
     -r rhel-server-rhscl-7-rpms

    This downloads the contents of the repositories from the connected Satellite Server and stores them in the directory ~/Satellite-repos. The reposync command in Red Hat Enterprise Linux 7 downloads the RPMs but not the Yum metadata.

    Because of this, you must manually run createrepo in each sub-directory of Satellite-repos. Make sure you have the createrepo rpm installed. If not use the following command to install it.

    # satellite-maintain packages install createrepo

    Run the following command to create repodata in each sub-directory of ~/Satellite-repos. :

    # cd ~/Satellite-repos
    # for directory in */
    do
      echo "Processing $directory"
      cd $directory
      createrepo .
      cd ..
    done
  8. Verify that the RPMs have been downloaded and the repository data directory is generated in each of the sub-directories of ~/Satellite-repos.
  9. Archive the contents of the directory

    # cd ~
    # tar czf Satellite-repos.tgz Satellite-repos
  10. Use the generated Satellite-repos.tgz file to upgrade in the disconnected Satellite Server.

Perform the following steps on the disconnected Satellite Server

  1. Copy the generated Satellite-repos.tgz file to your disconnected Satellite Server
  2. Extract the archive to anywhere accessible by the root user. In the following example /root is the extraction location.

    # cd /root
    # tar zxf Satellite-repos.tgz
  3. Create a Yum configuration file under /etc/yum.repos.d with the following repository information:

    [rhel-7-server-ansible-2.9-rpms]
    name=Ansible 2.9 RPMs for Red Hat Enterprise Linux 7 Server x86_64
    baseurl=file:///root/Satellite-repos/rhel-7-server-ansible-2.9-rpms
    enabled=1
    
    [rhel-7-server-rpms]
    name=Red Hat Enterprise Linux 7 Server RPMs x86_64
    baseurl=file:///root/Satellite-repos/rhel-7-server-rpms
    enabled=1
    
    [rhel-7-server-satellite-6.11-rpms]
    name=Red Hat Satellite 6 for RHEL 7 Server RPMs x86_64
    baseurl=file:///root/Satellite-repos/rhel-7-server-satellite-6.11-rpms
    enabled=1
    
    [rhel-7-server-satellite-maintenance-6.11-rpms]
    name=Red Hat Satellite Maintenance 6 for RHEL 7 Server RPMs x86_64
    baseurl=file:///root/Satellite-repos/rhel-7-server-satellite-maintenance-6.11-rpms
    enabled=1
    
    [rhel-server-rhscl-7-rpms]
    name=Red Hat Software Collections RPMs for Red Hat Enterprise Linux 7 Server x86_64
    baseurl=file:///root/Satellite-repos/rhel-server-rhscl-7-rpms
    enabled=1
  4. In the configuration file, replace the /root/Satellite-repos with the extracted location.
  5. Check the available versions to confirm the next minor version is listed:

    # satellite-maintain upgrade list-versions
  6. Use the health check option to determine if the system is ready for upgrade. On first use of this command, satellite-maintain prompts you to enter the hammer admin user credentials and saves them in the /etc/foreman-maintain/foreman-maintain-hammer.yml file.

    # satellite-maintain upgrade check --whitelist="check-upstream-repository,repositories-validate" --target-version 6.11.z
  7. Review the results and address any highlighted error conditions before performing the upgrade.
  8. Because of the lengthy update time, use a utility such as tmux to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.

    If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the /var/log/foreman-installer/satellite.log file to check if the process completed successfully.

  9. Perform the upgrade:

    # satellite-maintain upgrade run --whitelist="check-upstream-repository,repositories-setup,repositories-validate" --target-version 6.11.z
  10. Check when the kernel packages were last updated:

    # rpm -qa --last | grep kernel
  11. Optional: If a kernel update occurred since the last reboot, stop Satellite services and reboot the system:

    # satellite-maintain service stop
    # reboot

6.3. Updating Capsule Server

Use this procedure to update Capsule Servers to the next minor version.

Procedure

  1. Ensure that the Satellite Maintenance repository is enabled:

    # subscription-manager repos --enable \
    rhel-7-server-satellite-maintenance-6.11-rpms
  2. Check the available versions to confirm the next minor version is listed:

    # satellite-maintain upgrade list-versions
  3. Use the health check option to determine if the system is ready for upgrade:

    # satellite-maintain upgrade check --target-version 6.11.z

    Review the results and address any highlighted error conditions before performing the upgrade.

  4. Because of the lengthy update time, use a utility such as tmux to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.

    If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the /var/log/foreman-installer/capsule.log file to check if the process completed successfully.

  5. Perform the upgrade:

    # satellite-maintain upgrade run --target-version 6.11.z
  6. Check when the kernel packages were last updated:

    # rpm -qa --last | grep kernel
  7. Optional: If a kernel update occurred since the last reboot, stop Satellite services and reboot the system:

    # satellite-maintain service stop
    # reboot
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.