Chapter 2. Upgrading Red Hat Satellite
Use the following procedures to upgrade your existing Red Hat Satellite to Red Hat Satellite 6.14:
2.1. Upgrading Satellite Server
This section describes how to upgrade Satellite Server from 6.13 to 6.14. You can upgrade from any minor version of Satellite Server 6.13.
Before You Begin
- Note that you can upgrade Capsules separately from Satellite. For more information, see Section 1.4, “Upgrading Capsules Separately from Satellite”.
- Review and update your firewall configuration prior to upgrading your Satellite Server. For more information, see Preparing your environment for installation in Installing Satellite Server in a Connected Network Environment.
- Ensure that you do not delete the manifest from the Customer Portal or in the Satellite web UI because this removes all the entitlements of your content hosts.
- If you have edited any of the default templates, back up the files either by cloning or exporting them. Cloning is the recommended method because that prevents them being overwritten in future updates or upgrades. To confirm if a template has been edited, you can view its History before you upgrade or view the changes in the audit log after an upgrade. In the Satellite web UI, navigate to Monitor > Audits and search for the template to see a record of changes made. If you use the export method, restore your changes by comparing the exported template and the default template, manually applying your changes.
Capsule Considerations
- If you use Content Views to control updates to a Capsule Server’s base operating system, or for Capsule Server repository, you must publish updated versions of those Content Views.
- Note that Satellite Server upgraded from 6.13 to 6.14 can use Capsule Servers still at 6.13.
If you implemented custom certificates, you must retain the content of both the /root/ssl-build
directory and the directory in which you created any source files associated with your custom certificates.
Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.
Upgrade Scenarios
- To upgrade a Satellite Server connected to the Red Hat Content Delivery Network, proceed to Section 2.2, “Upgrading a Connected Satellite Server”.
- To upgrade a Satellite Server not connected to the Red Hat Content Delivery Network, proceed to Section 2.3, “Upgrading a Disconnected Satellite Server”.
You cannot upgrade a self-registered Satellite. You must migrate a self-registered Satellite to the Red Hat Content Delivery Network (CDN) and then perform the upgrade.
FIPS mode
You cannot upgrade Satellite Server from a RHEL base system that is not operating in FIPS mode to a RHEL base system that is operating in FIPS mode.
To run Satellite Server on a Red Hat Enterprise Linux base system operating in FIPS mode, you must install Satellite on a freshly provisioned RHEL base system operating in FIPS mode. For more information, see Preparing your environment for installation in Installing Satellite Server in a Connected Network Environment.
2.2. Upgrading a Connected Satellite Server
Use this procedure for a Satellite Server with access to the public internet
If you customize configuration files, manually or using a tool such as Hiera, these changes are overwritten when the maintenance script runs during upgrading or updating. You can use the --noop
option with the satellite-installer to test for changes. For more information, see the Red Hat Knowledgebase solution How to use the noop option to check for changes in Satellite config files during an upgrade.
Upgrade Satellite Server
Stop all Satellite services:
# satellite-maintain service stop
Take a snapshot or create a backup:
- On a virtual machine, take a snapshot.
- On a physical machine, create a backup.
Start all Satellite services:
# satellite-maintain service start
-
Optional: If you made manual edits to DNS or DHCP configuration in the
/etc/zones.conf
or/etc/dhcp/dhcpd.conf
files, back up the configuration files because the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required. Optional: If you made manual edits to DNS or DHCP configuration files and do not want to overwrite the changes, enter the following command:
# satellite-installer --foreman-proxy-dns-managed=false \ --foreman-proxy-dhcp-managed=false
Optional: If you use PostgreSQL as an external database
Install the
postgresql-contrib
package on the PostgreSQL server:# dnf install postgresql-contrib
Connect to the Pulp database:
# su - postgres -c "psql pulpcore"
Create the
hstore
extension:pulpcore=# CREATE EXTENSION IF NOT EXISTS "hstore"; CREATE EXTENSION
- In the Satellite web UI, navigate to Hosts > Discovered hosts. On the Discovered Hosts page, power off and then delete the discovered hosts. From the Select an Organization menu, select each organization in turn and repeat the process to power off and delete the discovered hosts. Make a note to reboot these hosts when the upgrade is complete.
Ensure that the Satellite Maintenance repository is enabled:
# subscription-manager repos --enable \ satellite-maintenance-6.14-for-rhel-8-x86_64-rpms
Enable the maintenance module:
# dnf module enable satellite-maintenance:el8
Check the available versions to confirm the version you want is listed:
# satellite-maintain upgrade list-versions
Use the health check option to determine if the system is ready for upgrade. When prompted, enter the hammer admin user credentials to configure
satellite-maintain
with hammer credentials. These changes are applied to the/etc/foreman-maintain/foreman-maintain-hammer.yml
file.# satellite-maintain upgrade check --target-version 6.14
Review the results and address any highlighted error conditions before performing the upgrade.
Because of the lengthy upgrade time, use a utility such as
tmux
to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.If you lose connection to the command shell where the upgrade command is running you can see the logged messages in the
/var/log/foreman-installer/satellite.log
file to check if the process completed successfully.Perform the upgrade:
# satellite-maintain upgrade run --target-version 6.14
Determine if the system needs a reboot:
# dnf needs-restarting --reboothint
Optional: If the previous command told you to reboot, then reboot the system:
# reboot
2.3. Upgrading a Disconnected Satellite Server
Use this procedure if your Satellite Server is not connected to the Red Hat Content Delivery Network.
-
If you customized configuration files, either manually or using a tool such as Hiera, these changes are overwritten when you enter the
satellite-maintain
command during upgrading or updating. You can use the--noop
option with thesatellite-installer
command to review the changes that are applied during upgrading or updating. For more information, see the Red Hat Knowledgebase solution How to use the noop option to check for changes in Satellite config files during an upgrade. The hammer import and export commands have been replaced with
hammer content-import
andhammer content-export
tooling.If you have scripts that are using
hammer content-view version export
,hammer content-view version export-legacy
,hammer repository export
, or their respective import commands, you have to adjust them to use thehammer content-export
command instead, along with its respective import command.If you implemented custom certificates, you must retain the content of both the
/root/ssl-build
directory and the directory in which you created any source files associated with your custom certificates.Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.
Before You Begin
- Review and update your firewall configuration before upgrading your Satellite Server. For more information, see Ports and Firewalls Requirements in Installing Satellite Server in a Disconnected Network Environment.
- Ensure that you do not delete the manifest from the Customer Portal or in the Satellite web UI because this removes all the entitlements of your content hosts.
- Back up and remove all Foreman hooks before upgrading. Reinstate hooks only after Satellite is known to be working after the upgrade is complete.
- All Satellite Servers must be on the same version.
Upgrade Disconnected Satellite Server
Stop all Satellite services:
# satellite-maintain service stop
Take a snapshot or create a backup:
- On a virtual machine, take a snapshot.
- On a physical machine, create a backup.
Start all Satellite services:
# satellite-maintain service start
-
Optional: If you made manual edits to DNS or DHCP configuration in the
/etc/zones.conf
or/etc/dhcp/dhcpd.conf
files, back up the configuration files because the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required. Optional: If you made manual edits to DNS or DHCP configuration files and do not want to overwrite the changes, enter the following command:
# satellite-installer --foreman-proxy-dns-managed=false \ --foreman-proxy-dhcp-managed=false
Optional: If you use PostgreSQL as an external database
Install the
postgresql-contrib
package on the PostgreSQL server:# dnf install postgresql-contrib
Connect to the Pulp database:
# su - postgres -c "psql pulpcore"
Create the
hstore
extension:pulpcore=# CREATE EXTENSION IF NOT EXISTS "hstore"; CREATE EXTENSION
-
In the Satellite web UI, navigate to Hosts > Discovered hosts. If there are discovered hosts available, turn them off and then delete all entries under the
Discovered hosts
page. Select all other organizations in turn using the organization setting menu and repeat this action as required. Reboot these hosts after the upgrade has completed. Remove old repositories:
# rm /etc/yum.repos.d/*
- Obtain the latest ISO files by following the Downloading the Binary DVD Images procedure in Installing Satellite Server in a Disconnected Network Environment.
Create directories to serve as a mount point, mount the ISO images, and configure the
rhel8
repository by following the Configuring the Base Operating System with Offline Repositories in RHEL 8 procedure in Installing Satellite Server in a Disconnected Network Environment.Do not install or update any packages at this stage.
Configure the Satellite 6.14 repository from the ISO file.
Copy the ISO file’s repository data file for the Red Hat Satellite packages:
# cp /media/sat6/Satellite/media.repo /etc/yum.repos.d/satellite.repo
Edit the
/etc/yum.repos.d/satellite.repo
file:# vi /etc/yum.repos.d/satellite.repo
Change the default
InstallMedia
repository name toSatellite-6.14
:[Satellite-6.14]
Add the
baseurl
directive:baseurl=file:///media/sat6/Satellite
Configure the Red Hat Satellite Maintenance repository from the ISO file.
Copy the ISO file’s repository data file for Red Hat Satellite Maintenance packages:
# cp /media/sat6/Maintenance/media.repo /etc/yum.repos.d/satellite-maintenance.repo
Edit the
/etc/yum.repos.d/satellite-maintenance.repo
file:# vi /etc/yum.repos.d/satellite-maintenance.repo
Change the default
InstallMedia
repository name toSatellite-Maintenance
:[Satellite-Maintenance]
Add the
baseurl
directive:baseurl=file:///media/sat6/Maintenance/
Enable the maintenance module:
# dnf module enable satellite-maintenance:el8
Because of the lengthy upgrade time, use a utility such as
tmux
to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.If you lose connection to the command shell where the upgrade command is running you can see the logs in
/var/log/foreman-installer/satellite.log
to check if the process completed successfully.Check the available versions to confirm the version you want is listed:
# satellite-maintain upgrade list-versions
Use the health check option to determine if the system is ready for upgrade. When prompted, enter the hammer admin user credentials to configure
satellite-maintain
with hammer credentials. These changes are applied to the/etc/foreman-maintain/foreman-maintain-hammer.yml
file.# satellite-maintain upgrade check --target-version 6.14 \ --whitelist="repositories-validate,repositories-setup"
Review the results and address any highlighted error conditions before performing the upgrade.
Perform the upgrade:
# satellite-maintain upgrade run --target-version 6.14 \ --whitelist="repositories-validate,repositories-setup"
If the script fails due to missing or outdated packages, you must download and install these separately. For more information, see Resolving Package Dependency Errors in Installing Satellite Server in a Disconnected Network Environment.
Determine if the system needs a reboot:
# dnf needs-restarting --reboothint
Optional: If the previous command told you to reboot, then reboot the system:
# reboot
- Optional: If you made manual edits to DNS or DHCP configuration files, check and restore any changes required to the DNS and DHCP configuration files using the backups that you made.
If you make changes in the previous step, restart Satellite services:
# satellite-maintain service restart
If you have the OpenSCAP plug-in installed, but do not have the default OpenSCAP content available, enter the following command.
# foreman-rake foreman_openscap:bulk_upload:default
- In the Satellite web UI, go to Configure > Discovery Rules and associate selected organizations and locations with discovery rules.
2.4. Synchronizing the New Repositories
You must enable and synchronize the new 6.14 repositories before you can upgrade Capsule Servers and Satellite clients.
Procedure
- In the Satellite web UI, navigate to Content > Red Hat Repositories.
- Toggle the Recommended Repositories switch to the On position.
From the list of results, expand the following repositories and click the Enable icon to enable the repositories:
- To upgrade Satellite clients, enable the Red Hat Red Hat Satellite Client 6 repositories for all Red Hat Enterprise Linux versions that clients use.
If you have Capsule Servers, to upgrade them, enable the following repositories too:
Red Hat Satellite Capsule 6.14 (for RHEL 8 x86_64) (RPMs)
Red Hat Satellite Maintenance 6.14 (for RHEL 8 x86_64) (RPMs)
Red Hat Enterprise Linux 8 (for x86_64 – BaseOS) (RPMs)
Red Hat Enterprise Linux 8 (for x86_64 – AppStream) (RPMs)
NoteIf the 6.14 repositories are not available, refresh the Red Hat Subscription Manifest. In the Satellite web UI, navigate to Content > Subscriptions, click Manage Manifest, then click Refresh.
- In the Satellite web UI, navigate to Content > Sync Status.
- Click the arrow next to the product to view the available repositories.
- Select the repositories for 6.14. Note that Red Hat Red Hat Satellite Client 6 does not have a 6.14 version. Choose Red Hat Red Hat Satellite Client 6 instead.
Click Synchronize Now.
ImportantIf an error occurs when you try to synchronize a repository, refresh the manifest. If the problem persists, raise a support request. Do not delete the manifest from the Customer Portal or in the Satellite web UI; this removes all the entitlements of your content hosts.
- If you use Content Views to control updates to the base operating system of Capsule Server, update those Content Views with new repositories, publish, and promote their updated versions. For more information, see Managing Content Views in Managing Content.
2.5. Performing Post-Upgrade Tasks
Optional: If the default provisioning templates have been changed during the upgrade, recreate any templates cloned from the default templates. If the custom code is executed before and/or after the provisioning process, use custom provisioning snippets to avoid recreating cloned templates. For more information about configuring custom provisioning snippets, see Creating Custom Provisioning Snippets in Provisioning Hosts.
2.6. Upgrading Capsule Servers
This section describes how to upgrade Capsule Servers from 6.13 to 6.14.
Before You Begin
- You must upgrade Satellite Server before you can upgrade any Capsule Servers. Note that you can upgrade Capsules separately from Satellite. For more information, see Section 1.4, “Upgrading Capsules Separately from Satellite”.
- Ensure the Red Hat Satellite Capsule 6.14 repository is enabled in Satellite Server and synchronized.
- Ensure that you synchronize the required repositories on Satellite Server. For more information, see Section 2.4, “Synchronizing the New Repositories”.
- If you use Content Views to control updates to the base operating system of Capsule Server, update those Content Views with new repositories, publish, and promote their updated versions. For more information, see Managing Content Views in Managing Content.
- Ensure the Capsule’s base system is registered to the newly upgraded Satellite Server.
- Ensure the Capsule has the correct organization and location settings in the newly upgraded Satellite Server.
- Review and update your firewall configuration prior to upgrading your Capsule Server. For more information, see Preparing Your Environment for Capsule Installation in Installing Capsule Server.
If you implemented custom certificates, you must retain the content of both the /root/ssl-build
directory and the directory in which you created any source files associated with your custom certificates.
Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.
Upgrading Capsule Servers
Create a backup.
- On a virtual machine, take a snapshot.
On a physical machine, create a backup.
For information on backups, see Backing Up Satellite Server and Capsule Server in Administering Red Hat Satellite.
Clean yum cache:
# yum clean metadata
-
Synchronize the
satellite-capsule-6.14-for-rhel-8-x86_64-rpms
repository in the Satellite Server. - Publish and promote a new version of the content view with which the Capsule is registered.
The
rubygem-foreman_maintain
is installed from the Satellite Maintenance repository or upgraded from the Satellite Maintenance repository if currently installed.Ensure Capsule has access to
satellite-maintenance-6.14-for-rhel-8-x86_64-rpms
and execute:# satellite-maintain self-upgrade
On Capsule Server, verify that the
foreman_url
setting points to the Satellite FQDN:# grep foreman_url /etc/foreman-proxy/settings.yml
Check the available versions to confirm the version you want is listed:
# satellite-maintain upgrade list-versions
Because of the lengthy upgrade time, use a utility such as
tmux
to suspend and reattach a communication session. You can then check the upgrade progress without staying connected to the command shell continuously.If you lose connection to the command shell where the upgrade command is running you can see the logged messages in the
/var/log/foreman-installer/capsule.log
file to check if the process completed successfully.Use the health check option to determine if the system is ready for upgrade:
# satellite-maintain upgrade check --target-version 6.14
Review the results and address any highlighted error conditions before performing the upgrade.
Perform the upgrade:
# satellite-maintain upgrade run --target-version 6.14
Determine if the system needs a reboot:
# dnf needs-restarting --reboothint
Optional: If the previous command told you to reboot, then reboot the system:
# reboot
- Optional: If you made manual edits to DNS or DHCP configuration files, check and restore any changes required to the DNS and DHCP configuration files using the backups made earlier.
- Optional: If you use custom repositories, ensure that you enable these custom repositories after the upgrade completes.
Upgrading Capsule Servers using remote execution
Create a backup or take a snapshot.
For more information on backups, see Backing Up Satellite Server and Capsule Server in Administering Red Hat Satellite.
- In the Satellite web UI , navigate to Monitor > Jobs.
- Click Run Job.
- From the Job category list, select Maintenance Operations.
- From the Job template list, select Capsule Upgrade Playbook.
- In the Search Query field, enter the host name of the Capsule.
- Ensure that Apply to 1 host is displayed in the Resolves to field.
- In the target_version field, enter the target version of the Capsule.
- In the whitelist_options field, enter the options.
- Select the schedule for the job execution in Schedule.
- In the Type of query section, click Static Query.
2.7. Upgrading the External Database
You can upgrade an external database from Red Hat Enterprise Linux 7 to Red Hat Enterprise Linux 8 while upgrading Satellite from 6.13 to 6.14.
Prerequisites
- Create a new Red Hat Enterprise Linux 8 based host for PostgreSQL server that follows the external database on Red Hat Enterprise Linux 8 documentation. For more information, see Using External Databases with Satellite.
Procedure
- Create a backup.
- Restore the backup on the new server.
If Satellite reaches the new database server via the old name, no further changes are required. Otherwise reconfigure Satellite to use the new name:
# satellite-installer \ --foreman-db-host newpostgres.example.com \ --katello-candlepin-db-host newpostgres.example.com \ --foreman-proxy-content-pulpcore-postgresql-host newpostgres.example.com