Updating Red Hat Satellite
Update Satellite Server and Capsule to a new minor release
Abstract
Providing feedback on Red Hat documentation
We appreciate your feedback on our documentation. Let us know how we can improve it.
Use the Create Issue form in Red Hat Jira to provide your feedback. The Jira issue is created in the Red Hat Satellite Jira project, where you can track its progress.
Prerequisites
- Ensure you have registered a Red Hat account.
Procedure
- Click the following link: Create Issue. If Jira displays a login error, log in and proceed after you are redirected to the form.
- Complete the Summary and Description fields. In the Description field, include the documentation URL, chapter or section number, and a detailed description of the issue. Do not modify any other fields in the form.
- Click Create.
Chapter 1. Updating Satellite to the next patch version
You can update your Satellite Server and Capsule Server to a new patch release version, such as from 6.16.0 to 6.16.1, by using the Satellite maintain tool. The patch releases are non-disruptive to your operating environment and often fast.
You can update the underlying operating system. If there are pending Satellite Server updates, updating the operating system will update both.
Perform updates regularly to resolve security vulnerabilities and other issues.
Chapter 2. Updating Satellite Server
Update your connected Satellite Server to the next patch version. You can follow this process to update the underlying operating system between minor release versions. For information to update a disconnected Satellite setup, see Chapter 3, Updating a disconnected Satellite Server.
Prerequisites
- Back up your Satellite Server. For more information, see Backing Up Satellite Server and Capsule Server in Administering Red Hat Satellite.
If you customize configuration files, manually or using a tool such as Hiera, these changes are overwritten when the maintenance script runs during upgrading or updating. You can use the --noop
option with the satellite-installer to test for changes. For more information, see the Red Hat Knowledgebase solution How to use the noop option to check for changes in Satellite config files during an upgrade.
Procedure
Ensure the Satellite Maintenance repository is enabled:
On Red Hat Enterprise Linux 9:
# subscription-manager repos --enable \ satellite-maintenance-6.16-for-rhel-9-x86_64-rpms
On Red Hat Enterprise Linux 8:
# subscription-manager repos --enable \ satellite-maintenance-6.16-for-rhel-8-x86_64-rpms
Use the health check option to determine if the system is ready for update. On first use of this command,
satellite-maintain
prompts you to enter the hammer admin user credentials and saves them in the/etc/foreman-maintain/foreman-maintain-hammer.yml
file.# satellite-maintain update check
Review the results and address any highlighted error conditions before performing the update.
Because of the lengthy update time, use a utility such as
tmux
to suspend and reattach a communication session. You can then check the update progress without staying connected to the command shell continuously.If you lose connection to the command shell where the update command is running, you can see the logged messages in the
/var/log/foreman-installer/satellite.log
file to check if the process completed successfully.Perform the update:
# satellite-maintain update run
Determine if the system needs a reboot:
# dnf needs-restarting --reboothint
If the previous command told you to reboot, then reboot the system:
# reboot
Additional resources
- To restore the backup of the Satellite Server or Capsule Server, see Restoring Satellite Server or Capsule Server from a Backup
Chapter 3. Updating a disconnected Satellite Server
Update your air-gapped Satellite setup where the connected Satellite Server, which synchronizes content from CDN, is air gapped from a disconnected Satellite Server, to the next patch version. You can follow this process to update the underlying operating system between minor release versions.
Prerequisites
- Back up your Satellite Server. For more information, see Backing Up Satellite Server and Capsule Server in Administering Red Hat Satellite.
Install
reposync
that is required for the updating procedure:# dnf install 'dnf-command(reposync)'
3.1. Updating a disconnected Satellite Server on Red Hat Enterprise Linux 8
You can update your disconnected Satellite on Red Hat Enterprise Linux 8 by synchronizing the required repositories on the connected Satellite and syncing the content to the disconnected Satellite using reposync
.
Procedure on the connected Satellite Server
Ensure that you have synchronized the following repositories in your connected Satellite Server:
- rhel-8-for-x86_64-baseos-rpms
- rhel-8-for-x86_64-appstream-rpms
- satellite-6.16-for-rhel-8-x86_64-rpms
- satellite-maintenance-6.16-for-rhel-8-x86_64-rpms
-
Download the debug certificate of the organization and store it locally at
/etc/pki/katello/certs/org-debug-cert.pem
or a location of your choosing. For more information, see Creating an Organization Debug Certificate in Administering Red Hat Satellite. Create a Yum configuration file under
/etc/yum.repos.d
, such assatellite-disconnected.repo
, with the following contents:[rhel-8-for-x86_64-baseos-rpms] name=Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel8/8/x86_64/baseos/os enabled = 1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1 [rhel-8-for-x86_64-appstream-rpms] name=Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel8/8/x86_64/appstream/os enabled = 1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1 [satellite-6.16-for-rhel-8-x86_64-rpms] name=Red Hat Satellite 6.16 for RHEL 8 RPMs x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel8/x86_64/satellite/6.16/os enabled = 1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1 [satellite-maintenance-6.16-for-rhel-8-x86_64-rpms] name=Red Hat Satellite Maintenance 6.16 for RHEL 8 RPMs x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel8/x86_64/sat-maintenance/6.16/os enabled = 1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1
In the configuration file, complete the following steps:
-
For the
sslclientcert
andsslclientkey
options, replace/etc/pki/katello/certs/org-debug-cert.pem
with the location of the downloaded organization debug certificate. -
For the
baseurl
option, replacesatellite.example.com
with the correct FQDN of your connected Satellite Server. -
For the
baseurl
option, replaceMy_Organization
with your organization label.
-
For the
Obtain the organization label:
# hammer organization list
Enter the
reposync
command:# dnf reposync \ --delete \ --disableplugin=foreman-protector \ --download-metadata \ --repoid rhel-8-for-x86_64-appstream-rpms \ --repoid rhel-8-for-x86_64-baseos-rpms \ --repoid satellite-maintenance-6.16-for-rhel-8-x86_64-rpms \ --repoid satellite-6.16-for-rhel-8-x86_64-rpms \ -n \ -p ~/Satellite-repos
This downloads the contents of the repositories from the connected Satellite Server and stores them in the directory
~/Satellite-repos
.-
Verify that the RPMs have been downloaded and the repository data directory is generated in each of the sub-directories of
~/Satellite-repos
. Archive the contents of the directory:
# tar czf Satellite-repos.tgz -C ~ Satellite-repos
-
Use the generated
Satellite-repos.tgz
file to update in the disconnected Satellite Server.
Procedure on the disconnected Satellite Server
-
Copy the generated
Satellite-repos.tgz
file to your disconnected Satellite Server. Extract the archive to anywhere accessible by the
root
user. In the following example/root
is the extraction location.# tar zxf Satellite-repos.tgz -C /root
Create a Yum configuration file under
/etc/yum.repos.d
with the following repository information:[rhel-8-for-x86_64-baseos-rpms] name=Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) baseurl=file:///root/Satellite-repos/rhel-8-for-x86_64-baseos-rpms enabled = 1 [rhel-8-for-x86_64-appstream-rpms] name=Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) baseurl=file:///root/Satellite-repos/rhel-8-for-x86_64-appstream-rpms enabled = 1 [satellite-6.16-for-rhel-8-x86_64-rpms] name=Red Hat Satellite 6 for RHEL 8 Server RPMs x86_64 baseurl=file:///root/Satellite-repos/satellite-6.16-for-rhel-8-x86_64-rpms enabled = 1 [satellite-maintenance-6.16-for-rhel-8-x86_64-rpms] name=Red Hat Satellite Maintenance 6 for RHEL 8 Server RPMs x86_64 baseurl=file:///root/Satellite-repos/satellite-maintenance-6.16-for-rhel-8-x86_64-rpms enabled = 1
-
In the configuration file, replace the
/root/Satellite-repos
with the extracted location. Use the health check option to determine if the system is ready for update. On first use of this command,
satellite-maintain
prompts you to enter the hammer admin user credentials and saves them in the/etc/foreman-maintain/foreman-maintain-hammer.yml
file.# satellite-maintain update check \ --whitelist="check-upstream-repository,repositories-validate"
- Review the results and address any highlighted error conditions before performing the update.
Due to the lengthy update time, use a utility such as
tmux
to suspend and reattach a communication session. You can then check the update progress without staying connected to the command shell continuously.If you lose connection to the command shell where the update command is running, you can see the logged messages in the
/var/log/foreman-installer/satellite.log
file to check if the process completed successfully.Perform the update:
# satellite-maintain update run \ --whitelist="check-upstream-repository,repositories-setup,repositories-validate"
Determine if the system needs a reboot:
# dnf needs-restarting --reboothint
If the previous command told you to reboot, then reboot the system:
# reboot
Additional resources
- To restore the backup of the Satellite Server or Capsule Server, see Restoring Satellite Server or Capsule Server from a Backup.
3.2. Updating a disconnected Satellite Server on Red Hat Enterprise Linux 9
You can update your disconnected Satellite on Red Hat Enterprise Linux 9 by synchronizing the required repositories on the connected Satellite and syncing the content to the disconnected Satellite using reposync
.
Procedure on the connected Satellite Server
Ensure that you have synchronized the following repositories in your connected Satellite Server:
- rhel-9-for-x86_64-baseos-rpms
- rhel-9-for-x86_64-appstream-rpms
- satellite-6.16-for-rhel-9-x86_64-rpms
- satellite-maintenance-6.16-for-rhel-9-x86_64-rpms
-
Download the debug certificate of the organization and store it locally at
/etc/pki/katello/certs/org-debug-cert.pem
or a location of your choosing. For more information, see Creating an Organization Debug Certificate in Administering Red Hat Satellite. Create a Yum configuration file under
/etc/yum.repos.d
, such assatellite-disconnected.repo
, with the following contents:[rhel-9-for-x86_64-baseos-rpms] name=Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel9/9/x86_64/baseos/os enabled = 1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1 [rhel-9-for-x86_64-appstream-rpms] name=Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs) baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel9/9/x86_64/appstream/os enabled = 1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1 [satellite-6.16-for-rhel-9-x86_64-rpms] name=Red Hat Satellite 6.16 for RHEL 9 RPMs x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel9/x86_64/satellite/6.16/os enabled = 1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1 [satellite-maintenance-6.16-for-rhel-9-x86_64-rpms] name=Red Hat Satellite Maintenance 6.16 for RHEL 9 RPMs x86_64 baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel9/x86_64/sat-maintenance/6.16/os enabled = 1 sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem sslcacert = /etc/pki/katello/certs/katello-server-ca.crt sslverify = 1
In the configuration file, complete the following steps:
-
For the
sslclientcert
andsslclientkey
options, replace/etc/pki/katello/certs/org-debug-cert.pem
with the location of the downloaded organization debug certificate. -
For the
baseurl
option, replacesatellite.example.com
with the correct FQDN of your connected Satellite Server. -
For the
baseurl
option, replaceMy_Organization
with your organization label.
-
For the
Obtain the organization label:
# hammer organization list
Enter the
reposync
command:# dnf reposync \ --delete \ --disableplugin=foreman-protector \ --download-metadata \ --repoid rhel-9-for-x86_64-appstream-rpms \ --repoid rhel-9-for-x86_64-baseos-rpms \ --repoid satellite-maintenance-6.16-for-rhel-9-x86_64-rpms \ --repoid satellite-6.16-for-rhel-9-x86_64-rpms \ -n \ -p ~/Satellite-repos
This downloads the contents of the repositories from the connected Satellite Server and stores them in the directory
~/Satellite-repos
.-
Verify that the RPMs have been downloaded and the repository data directory is generated in each of the sub-directories of
~/Satellite-repos
. Archive the contents of the directory:
# tar czf Satellite-repos.tgz -C ~ Satellite-repos
-
Use the generated
Satellite-repos.tgz
file to update in the disconnected Satellite Server.
Procedure on the disconnected Satellite Server
-
Copy the generated
Satellite-repos.tgz
file to your disconnected Satellite Server. Extract the archive to anywhere accessible by the
root
user. In the following example/root
is the extraction location.# tar zxf Satellite-repos.tgz -C /root
Create a Yum configuration file under
/etc/yum.repos.d
with the following repository information:[rhel-9-for-x86_64-baseos-rpms] name=Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs) baseurl=file:///root/Satellite-repos/rhel-9-for-x86_64-baseos-rpms enabled = 1 [rhel-9-for-x86_64-appstream-rpms] name=Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs) baseurl=file:///root/Satellite-repos/rhel-9-for-x86_64-appstream-rpms enabled = 1 [satellite-6.16-for-rhel-9-x86_64-rpms] name=Red Hat Satellite 6 for RHEL 9 Server RPMs x86_64 baseurl=file:///root/Satellite-repos/satellite-6.16-for-rhel-9-x86_64-rpms enabled = 1 [satellite-maintenance-6.16-for-rhel-9-x86_64-rpms] name=Red Hat Satellite Maintenance 6 for RHEL 9 Server RPMs x86_64 baseurl=file:///root/Satellite-repos/satellite-maintenance-6.16-for-rhel-9-x86_64-rpms enabled = 1
-
In the configuration file, replace the
/root/Satellite-repos
with the extracted location. Use the health check option to determine if the system is ready for update. On first use of this command,
satellite-maintain
prompts you to enter the hammer admin user credentials and saves them in the/etc/foreman-maintain/foreman-maintain-hammer.yml
file.# satellite-maintain update check \ --whitelist="check-upstream-repository,repositories-validate"
- Review the results and address any highlighted error conditions before performing the update.
Due to the lengthy update time, use a utility such as
tmux
to suspend and reattach a communication session. You can then check the update progress without staying connected to the command shell continuously.If you lose connection to the command shell where the update command is running, you can see the logged messages in the
/var/log/foreman-installer/satellite.log
file to check if the process completed successfully.Perform the update:
# satellite-maintain update run \ --whitelist="check-upstream-repository,repositories-setup,repositories-validate"
Determine if the system needs a reboot:
# dnf needs-restarting --reboothint
If the previous command told you to reboot, then reboot the system:
# reboot
Additional resources
- To restore the backup of the Satellite Server or Capsule Server, see Restoring Satellite Server or Capsule Server from a Backup.
Chapter 4. Updating Capsule Server
Update Capsule Servers to the next patch version.
Procedure
-
Synchronize the
satellite-capsule-6.16-for-rhel-8-x86_64-rpms
repository in the Satellite Server. - Publish and promote a new version of the content view with which the Capsule is registered.
Ensure that the Satellite Maintenance repository is enabled:
On Red Hat Enterprise Linux 9:
# subscription-manager repos --enable \ satellite-maintenance-6.16-for-rhel-9-x86_64-rpms
On Red Hat Enterprise Linux 8:
# subscription-manager repos --enable \ satellite-maintenance-6.16-for-rhel-8-x86_64-rpms
Use the health check option to determine if the system is ready for update:
# satellite-maintain update check
Review the results and address any highlighted error conditions before performing the update.
Because of the lengthy update time, use a utility such as
tmux
to suspend and reattach a communication session. You can then check the update progress without staying connected to the command shell continuously.If you lose connection to the command shell where the update command is running, you can see the logged messages in the
/var/log/foreman-installer/capsule.log
file to check if the process completed successfully.Perform the update:
# satellite-maintain update run
Determine if the system needs a reboot:
# dnf needs-restarting --reboothint
If the previous command told you to reboot, then reboot the system:
# reboot