Chapter 6. Updating Satellite Server and Capsule Server
Use this chapter to update your existing Satellite Server and Capsule Server to a new patch version, for example, from 6.11.0 to 6.11.1.
Updates patch security vulnerabilities and minor issues discovered after code is released, and are often fast and non-disruptive to your operating environment.
Before updating, back up your Satellite Server and all Capsule Servers. For more information, see Backing Up Satellite Server and Capsule Server in the Administering Red Hat Satellite guide.
6.1. Updating Satellite Server
Prerequisites
- Ensure that you have synchronized Satellite Server repositories for Satellite, Capsule, and Satellite Client 6.
- Ensure each external Capsule and Content Host can be updated by promoting the updated repositories to all relevant Content Views.
If you customize configuration files, manually or use a tool such as Hiera, these customizations are overwritten when the installation script runs during upgrading or updating. You can use the --noop
option with the satellite-installer script to test for changes. For more information, see the Red Hat Knowledgebase solution How to use the noop option to check for changes in Satellite config files during an upgrade.
Updating Satellite Server to the Next Minor Version
To Update Satellite Server:
Ensure the Satellite Maintenance repository is enabled:
For Red Hat Enterprise Linux 8:
# subscription-manager repos --enable \ satellite-maintenance-6.11-for-rhel-8-x86_64-rpms
For Red Hat Enterprise Linux 7:
# subscription-manager repos --enable \ rhel-7-server-satellite-maintenance-6.11-rpms
Check the available versions to confirm the next minor version is listed:
# satellite-maintain upgrade list-versions
Use the health check option to determine if the system is ready to upgrade. On first use of this command,
satellite-maintain
prompts you to enter the hammer admin user credentials and saves them in the/etc/foreman-maintain/foreman-maintain-hammer.yml
file.# satellite-maintain upgrade check --target-version 6.11.z
Review the results and address any highlighted error conditions before performing the upgrade.
Because of the lengthy update time, use a utility such as
tmux
to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the
/var/log/foreman-installer/satellite.log
file to check if the process was completed successfully.Perform the upgrade:
# satellite-maintain upgrade run --target-version 6.11.z
Check when the kernel packages were last updated:
# rpm -qa --last | grep kernel
Optional: If a kernel update occurred since the last reboot, stop Satellite services and reboot the system:
# satellite-maintain service stop # reboot
6.2. Updating Disconnected Satellite Server
This section describes the steps needed to update in an Air-gapped Disconnected setup where the connected Satellite Server (which synchronizes content from CDN) is air gapped from a disconnected Satellite Server.
6.2.1. Updating Disconnected Satellite Server on Red Hat Enterprise Linux 8
Complete the following steps on the connected Satellite Server for Red Hat Enterprise Linux 8.
Ensure that you have synchronized the following repositories in your connected Satellite Server.
rhel-8-for-x86_64-baseos-rpms rhel-8-for-x86_64-appstream-rpms satellite-6.11-for-rhel-8-x86_64-rpms satellite-maintenance-6.11-for-rhel-8-x86_64-rpms
-
Download the debug certificate of the organization and store it locally at, for example,
/etc/pki/katello/certs/org-debug-cert.pem
or a location of your choosing. For more information, see Creating an Organization Debug Certificate in Managing Content. Create a Yum configuration file under
/etc/yum.repos.d
, such assatellite-disconnected.repo
, with the following contents:[rhel-8-for-x86_64-baseos-rpms] name=Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel8/8/x86_64/baseos/os enabled=1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1 [rhel-8-for-x86_64-appstream-rpms] name=Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel8/8/x86_64/appstream/os enabled=1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1 [satellite-6.11-for-rhel-8-x86_64-rpms] name=Red Hat Satellite 6.11 for RHEL 8 RPMs x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel8/x86_64/satellite/6.11/os enabled=1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt [satellite-maintenance-6.11-for-rhel-8-x86_64-rpms] name=Red Hat Satellite Maintenance 6.11 for RHEL 8 RPMs x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel8/x86_64/sat-maintenance/6.11/os enabled=1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1
-
In the configuration file, replace
/etc/pki/katello/certs/org-debug-cert.pem
insslclientcert
andsslclientkey
with the location of the downloaded organization debug certificate. -
Update
satellite.example.com
with the correct FQDN for your deployment. Replace
My_Organization
with the correct organization label in thebaseurl
. To obtain the organization label, enter the command:# hammer organization list
Enter the
reposync
command:On Satellite Server running Red Hat Enterprise Linux 7:
# reposync --delete --download-metadata -p ~/Satellite-repos -n \ -r rhel-8-for-x86_64-baseos-rpms \ -r rhel-8-for-x86_64-appstream-rpms \ -r satellite-6.11-for-rhel-8-x86_64-rpms \ -r satellite-maintenance-6.11-for-rhel-8-x86_64-rpms
On Satellite Server running Red Hat Enterprise Linux 8:
# reposync --delete --download-metadata -p ~/Satellite-repos -n \ --repoid rhel-8-for-x86_64-baseos-rpms \ --repoid rhel-8-for-x86_64-appstream-rpms \ --repoid satellite-6.11-for-rhel-8-x86_64-rpms \ --repoid {RepoRHEL8ServerSatelliteMaintenanceProductVersion
This downloads the contents of the repositories from the connected Satellite Server and stores them in the
~/Satellite-repos
directory.-
Verify that the RPMs have been downloaded and the repository data directory is generated in each of the sub-directories of
~/Satellite-repos
. Archive the contents of the directory
# cd ~ # tar czf Satellite-repos.tgz Satellite-repos
-
Use the generated
Satellite-repos.tgz
file to upgrade in the disconnected Satellite Server.
Perform the following steps on the disconnected Satellite Server:
-
Copy the generated
Satellite-repos.tgz
file to your disconnected Satellite Server Extract the archive to anywhere accessible by the
root
user. In the following example/root
is the extraction location.# cd /root # tar zxf Satellite-repos.tgz
Create a Yum configuration file under
/etc/yum.repos.d
, such assatellite-disconnected.repo
, with the following contents:[rhel-8-for-x86_64-baseos-rpms] name=Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) baseurl=file:///root/Satellite-repos/rhel-8-for-x86_64-baseos-rpms enabled=1 [rhel-8-for-x86_64-appstream-rpms] name=Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) baseurl=file:///root/Satellite-repos/rhel-8-for-x86_64-appstream-rpms enabled=1 [satellite-6.11-for-rhel-8-x86_64-rpms] name=Red Hat Satellite 6 for RHEL 8 Server RPMs x86_64 baseurl=file:///root/Satellite-repos/satellite-6.11-for-rhel-8-x86_64-rpms enabled=1 [satellite-maintenance-6.11-for-rhel-8-x86_64-rpms] name=Red Hat Satellite Maintenance 6 for RHEL 8 Server RPMs x86_64 baseurl=file:///root/Satellite-repos/satellite-maintenance-6.11-for-rhel-8-x86_64-rpms enabled=1
-
In the configuration file, replace the
/root/Satellite-repos
with the extracted location. Check the available versions to confirm the next minor version is listed:
# satellite-maintain upgrade list-versions
Use the health check option to determine if the system is ready to upgrade. On first use of this command,
satellite-maintain
prompts you to enter the hammer admin user credentials and saves them in the/etc/foreman-maintain/foreman-maintain-hammer.yml
file.# satellite-maintain upgrade check --whitelist="check-upstream-repository,repositories-validate" --target-version 6.11.z
- Review the results and address any highlighted error conditions before performing the upgrade.
Because of the lengthy update time, use a utility such as
tmux
to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the
/var/log/foreman-installer/satellite.log
file to check if the process was completed successfully.Perform the upgrade:
# satellite-maintain upgrade run --whitelist="check-upstream-repository,repositories-validate" --target-version 6.11.z
Check when the kernel packages were last updated:
# rpm -qa --last | grep kernel
Optional: If a kernel update occurred since the last reboot, stop Satellite services and reboot the system:
# satellite-maintain service stop # reboot
6.2.2. Updating Disconnected Satellite Server on Red Hat Enterprise Linux 7
Complete the following steps on the connected Satellite Server for Red Hat Enterprise Linux 7.
Ensure that you have synchronized the following repositories in your connected Satellite Server.
rhel-7-server-ansible-2.9-rpms rhel-7-server-rpms rhel-7-server-satellite-6.11-rpms rhel-7-server-satellite-maintenance-6.11-rpms rhel-server-rhscl-7-rpms
-
Download the debug certificate of the organization and store it locally at, for example,
/etc/pki/katello/certs/org-debug-cert.pem
or a location of your choosing. Create a Yum configuration file under
/etc/yum.repos.d
with the following repository information:[rhel-7-server-ansible-2.9-rpms] name=Ansible 2.9 RPMs for Red Hat Enterprise Linux 7 Server x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/$releasever/$basearch/ansible/2.9/os/ enabled=1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1 [rhel-7-server-rpms] name=Red Hat Enterprise Linux 7 Server RPMs x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/os/ enabled=1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1 [rhel-7-server-satellite-6.11-rpms] name=Red Hat Satellite 6 for RHEL 7 Server RPMs x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/satellite/6.11/os/ enabled=1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt [rhel-7-server-satellite-maintenance-6.11-rpms] name=Red Hat Satellite Maintenance 6 for RHEL 7 Server RPMs x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/sat-maintenance/6/os/ enabled=1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1 [rhel-server-rhscl-7-rpms] name=Red Hat Software Collections RPMs for Red Hat Enterprise Linux 7 Server x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os/ enabled=1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1
-
In the configuration file, replace
/etc/pki/katello/certs/org-debug-cert.pem
insslclientcert
andsslclientkey
with the location of the downloaded organization debug certificate. -
Update
satellite.example.com
with correct FQDN for your deployment. Replace
My_Organization
with the correct organization label in thebaseurl
. To obtain the organization label, enter the command:# hammer organization list
Enter the
reposync
command:# reposync --delete --download-metadata -p ~/Satellite-repos -n \ -r rhel-7-server-ansible-2.9-rpms \ -r rhel-7-server-rpms \ -r rhel-7-server-satellite-6.11-rpms \ -r rhel-7-server-satellite-maintenance-6.11-rpms \ -r rhel-server-rhscl-7-rpms
This downloads the contents of the repositories from the connected Satellite Server and stores them in the directory
~/Satellite-repos
. Thereposync
command in Red Hat Enterprise Linux 7 downloads the RPMs but not the Yum metadata.Because of this, you must manually run
createrepo
in each sub-directory ofSatellite-repos
. Make sure you have thecreaterepo
rpm installed. If not use the following command to install it.# satellite-maintain packages install createrepo
Run the following command to create repodata in each sub-directory of
~/Satellite-repos
. :# cd ~/Satellite-repos # for directory in */ do echo "Processing $directory" cd $directory createrepo . cd .. done
-
Verify that the RPMs have been downloaded and the repository data directory is generated in each of the sub-directories of
~/Satellite-repos
. Archive the contents of the directory
# cd ~ # tar czf Satellite-repos.tgz Satellite-repos
-
Use the generated
Satellite-repos.tgz
file to upgrade in the disconnected Satellite Server.
Perform the following steps on the disconnected Satellite Server
-
Copy the generated
Satellite-repos.tgz
file to your disconnected Satellite Server Extract the archive to anywhere accessible by the
root
user. In the following example/root
is the extraction location.# cd /root # tar zxf Satellite-repos.tgz
Create a Yum configuration file under
/etc/yum.repos.d
with the following repository information:[rhel-7-server-ansible-2.9-rpms] name=Ansible 2.9 RPMs for Red Hat Enterprise Linux 7 Server x86_64 baseurl=file:///root/Satellite-repos/rhel-7-server-ansible-2.9-rpms enabled=1 [rhel-7-server-rpms] name=Red Hat Enterprise Linux 7 Server RPMs x86_64 baseurl=file:///root/Satellite-repos/rhel-7-server-rpms enabled=1 [rhel-7-server-satellite-6.11-rpms] name=Red Hat Satellite 6 for RHEL 7 Server RPMs x86_64 baseurl=file:///root/Satellite-repos/rhel-7-server-satellite-6.11-rpms enabled=1 [rhel-7-server-satellite-maintenance-6.11-rpms] name=Red Hat Satellite Maintenance 6 for RHEL 7 Server RPMs x86_64 baseurl=file:///root/Satellite-repos/rhel-7-server-satellite-maintenance-6.11-rpms enabled=1 [rhel-server-rhscl-7-rpms] name=Red Hat Software Collections RPMs for Red Hat Enterprise Linux 7 Server x86_64 baseurl=file:///root/Satellite-repos/rhel-server-rhscl-7-rpms enabled=1
-
In the configuration file, replace the
/root/Satellite-repos
with the extracted location. Check the available versions to confirm the next minor version is listed:
# satellite-maintain upgrade list-versions
Use the health check option to determine if the system is ready for upgrade. On first use of this command,
satellite-maintain
prompts you to enter the hammer admin user credentials and saves them in the/etc/foreman-maintain/foreman-maintain-hammer.yml
file.# satellite-maintain upgrade check --whitelist="check-upstream-repository,repositories-validate" --target-version 6.11.z
- Review the results and address any highlighted error conditions before performing the upgrade.
Because of the lengthy update time, use a utility such as
tmux
to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the
/var/log/foreman-installer/satellite.log
file to check if the process completed successfully.Perform the upgrade:
# satellite-maintain upgrade run --whitelist="check-upstream-repository,repositories-setup,repositories-validate" --target-version 6.11.z
Check when the kernel packages were last updated:
# rpm -qa --last | grep kernel
Optional: If a kernel update occurred since the last reboot, stop Satellite services and reboot the system:
# satellite-maintain service stop # reboot
6.3. Updating Capsule Server
Use this procedure to update Capsule Servers to the next minor version.
Procedure
Ensure that the Satellite Maintenance repository is enabled:
# subscription-manager repos --enable \ rhel-7-server-satellite-maintenance-6.11-rpms
Check the available versions to confirm the next minor version is listed:
# satellite-maintain upgrade list-versions
Use the health check option to determine if the system is ready for upgrade:
# satellite-maintain upgrade check --target-version 6.11.z
Review the results and address any highlighted error conditions before performing the upgrade.
Because of the lengthy update time, use a utility such as
tmux
to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.If you lose connection to the command shell where the upgrade command is running, you can see the logged messages in the
/var/log/foreman-installer/capsule.log
file to check if the process completed successfully.Perform the upgrade:
# satellite-maintain upgrade run --target-version 6.11.z
Check when the kernel packages were last updated:
# rpm -qa --last | grep kernel
Optional: If a kernel update occurred since the last reboot, stop Satellite services and reboot the system:
# satellite-maintain service stop # reboot