Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Updating Red Hat Satellite

Red Hat Satellite 6.16

Update Satellite Server and Capsule to a new minor release

Red Hat Satellite Documentation Team

Abstract

Update Red Hat Satellite Server and Capsule Server regularly to ensure optimal performance and security.

Providing feedback on Red Hat documentation
Copy link

We appreciate your feedback on our documentation. Let us know how we can improve it.

Use the Create Issue form in Red Hat Jira to provide your feedback. The Jira issue is created in the Red Hat Satellite Jira project, where you can track its progress.

Prerequisites

Procedure

  1. Click the following link: Create Issue. If Jira displays a login error, log in and proceed after you are redirected to the form.
  2. Complete the Summary and Description fields. In the Description field, include the documentation URL, chapter or section number, and a detailed description of the issue. Do not modify any other fields in the form.
  3. Click Create.

You can update your Satellite Server and Capsule Server to a new patch release version, such as from 6.16.0 to 6.16.1, by using the Satellite maintain tool. The patch releases are non-disruptive to your operating environment and often fast.

Always update Satellite Server, Capsule Server, or the operating system by using satellite-maintain update. If there are pending Satellite Server updates, updating the operating system will update both.

Important

Perform updates regularly to resolve security vulnerabilities and other issues.

Chapter 2. Updating Satellite Server
Copy link

Update your connected Satellite Server to the next patch version. You can follow this process to update the underlying operating system between minor release versions. For information to update a disconnected Satellite setup, see Chapter 3, Updating a disconnected Satellite Server.

Prerequisites

Warning

If you customize configuration files, manually or using a tool such as Hiera, these changes are overwritten when the maintenance script runs during upgrading or updating. You can use the --noop option with the satellite-installer to test for changes. For more information, see the Red Hat Knowledgebase solution How to use the noop option to check for changes in Satellite config files during an upgrade.

Procedure

  1. Ensure the Satellite Maintenance repository is enabled:

    • On Red Hat Enterprise Linux 9: 

      # subscription-manager repos --enable \
satellite-maintenance-6.16-for-rhel-9-x86_64-rpms
      Copy to Clipboard Toggle word wrap

    • On Red Hat Enterprise Linux 8: 

      # subscription-manager repos --enable \
satellite-maintenance-6.16-for-rhel-8-x86_64-rpms
      Copy to Clipboard Toggle word wrap

  2. Use the health check option to determine if the system is ready for update. On first use of this command, satellite-maintain prompts you to enter the hammer admin user credentials and saves them in the /etc/foreman-maintain/foreman-maintain-hammer.yml file. 

    # satellite-maintain update check
    Copy to Clipboard Toggle word wrap

    Review the results and address any highlighted error conditions before performing the update.

  3. Because of the lengthy update time, use a utility such as tmux to suspend and reattach a communication session. You can then check the update progress without staying connected to the command shell continuously.

    If you lose connection to the command shell where the update command is running, you can see the logged messages in the /var/log/foreman-installer/satellite.log file to check if the process completed successfully.

  4. Perform the update: 

    # satellite-maintain update run
    Copy to Clipboard Toggle word wrap

  5. If the satellite-maintain command told you to reboot, then reboot the system: 

    # reboot
    Copy to Clipboard Toggle word wrap

Additional resources

Update your air-gapped Satellite setup where the connected Satellite Server, which synchronizes content from CDN, is air gapped from a disconnected Satellite Server, to the next patch version. You can follow this process to update the underlying operating system between minor release versions.

Prerequisites

  • Back up your Satellite Server. For more information, see Backing Up Satellite Server and Capsule Server in Administering Red Hat Satellite.

  • Install reposync that is required for the updating procedure: 

    # dnf install 'dnf-command(reposync)'
    Copy to Clipboard Toggle word wrap

You can update your disconnected Satellite on Red Hat Enterprise Linux 8 by synchronizing the required repositories on the connected Satellite and syncing the content to the disconnected Satellite using reposync.

Procedure on the connected Satellite Server

  1. Ensure that you have synchronized the following repositories in your connected Satellite Server:

    • rhel-8-for-x86_64-baseos-rpms
    • rhel-8-for-x86_64-appstream-rpms
    • satellite-6.16-for-rhel-8-x86_64-rpms
    • satellite-maintenance-6.16-for-rhel-8-x86_64-rpms
  2. Download the debug certificate of the organization and store it locally at /etc/pki/katello/certs/org-debug-cert.pem or a location of your choosing. For more information, see Creating an Organization Debug Certificate in Administering Red Hat Satellite.

  3. Create a Yum configuration file under /etc/yum.repos.d, such as satellite-disconnected.repo, with the following contents: 

    [rhel-8-for-x86_64-baseos-rpms]
name=Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel8/8/x86_64/baseos/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1

[rhel-8-for-x86_64-appstream-rpms]
name=Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel8/8/x86_64/appstream/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1

[satellite-6.16-for-rhel-8-x86_64-rpms]
name=Red Hat Satellite 6.16 for RHEL 8 RPMs x86_64
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel8/x86_64/satellite/6.16/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1

[satellite-maintenance-6.16-for-rhel-8-x86_64-rpms]
name=Red Hat Satellite Maintenance 6.16 for RHEL 8 RPMs x86_64
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel8/x86_64/sat-maintenance/6.16/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1
    Copy to Clipboard Toggle word wrap

  4. In the configuration file, complete the following steps:

    • For the sslclientcert and sslclientkey options, replace /etc/pki/katello/certs/org-debug-cert.pem with the location of the downloaded organization debug certificate.
    • For the baseurl option, replace satellite.example.com with the correct FQDN of your connected Satellite Server.
    • For the baseurl option, replace My_Organization with your organization label.

  5. Obtain the organization label: 

    # hammer organization list
    Copy to Clipboard Toggle word wrap

  6. Enter the reposync command: 

    # dnf reposync \
--delete \
--disableplugin=foreman-protector \
--download-metadata \
--repoid rhel-8-for-x86_64-appstream-rpms \
--repoid rhel-8-for-x86_64-baseos-rpms \
--repoid satellite-maintenance-6.16-for-rhel-8-x86_64-rpms \
--repoid satellite-6.16-for-rhel-8-x86_64-rpms \
-n \
-p ~/Satellite-repos
    Copy to Clipboard Toggle word wrap

    This downloads the contents of the repositories from the connected Satellite Server and stores them in the directory ~/Satellite-repos.

  7. Verify that the RPMs have been downloaded and the repository data directory is generated in each of the sub-directories of ~/Satellite-repos.

  8. Archive the contents of the directory: 

    # tar czf Satellite-repos.tgz -C ~ Satellite-repos
    Copy to Clipboard Toggle word wrap
  9. Use the generated Satellite-repos.tgz file to update in the disconnected Satellite Server.

Procedure on the disconnected Satellite Server

  1. Copy the generated Satellite-repos.tgz file to your disconnected Satellite Server.

  2. Extract the archive to anywhere accessible by the root user. In the following example /root is the extraction location. 

    # tar zxf Satellite-repos.tgz -C /root
    Copy to Clipboard Toggle word wrap

  3. Create a Yum configuration file under /etc/yum.repos.d with the following repository information: 

    [rhel-8-for-x86_64-baseos-rpms]
name=Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
baseurl=file:///root/Satellite-repos/rhel-8-for-x86_64-baseos-rpms
enabled = 1

[rhel-8-for-x86_64-appstream-rpms]
name=Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
baseurl=file:///root/Satellite-repos/rhel-8-for-x86_64-appstream-rpms
enabled = 1

[satellite-6.16-for-rhel-8-x86_64-rpms]
name=Red Hat Satellite 6 for RHEL 8 Server RPMs x86_64
baseurl=file:///root/Satellite-repos/satellite-6.16-for-rhel-8-x86_64-rpms
enabled = 1

[satellite-maintenance-6.16-for-rhel-8-x86_64-rpms]
name=Red Hat Satellite Maintenance 6 for RHEL 8 Server RPMs x86_64
baseurl=file:///root/Satellite-repos/satellite-maintenance-6.16-for-rhel-8-x86_64-rpms
enabled = 1
    Copy to Clipboard Toggle word wrap
  4. In the configuration file, replace the /root/Satellite-repos with the extracted location.

  5. Use the health check option to determine if the system is ready for update. On first use of this command, satellite-maintain prompts you to enter the hammer admin user credentials and saves them in the /etc/foreman-maintain/foreman-maintain-hammer.yml file. 

    # satellite-maintain update check \
--whitelist="check-upstream-repository,repositories-validate"
    Copy to Clipboard Toggle word wrap
  6. Review the results and address any highlighted error conditions before performing the update.

  7. Due to the lengthy update time, use a utility such as tmux to suspend and reattach a communication session. You can then check the update progress without staying connected to the command shell continuously.

    If you lose connection to the command shell where the update command is running, you can see the logged messages in the /var/log/foreman-installer/satellite.log file to check if the process completed successfully.

  8. Perform the update: 

    # satellite-maintain update run \
--whitelist="check-upstream-repository,repositories-setup,repositories-validate"
    Copy to Clipboard Toggle word wrap

  9. If the satellite-maintain command told you to reboot, then reboot the system: 

    # reboot
    Copy to Clipboard Toggle word wrap

Additional resources

You can update your disconnected Satellite on Red Hat Enterprise Linux 9 by synchronizing the required repositories on the connected Satellite and syncing the content to the disconnected Satellite using reposync.

Procedure on the connected Satellite Server

  1. Ensure that you have synchronized the following repositories in your connected Satellite Server:

    • rhel-9-for-x86_64-baseos-rpms
    • rhel-9-for-x86_64-appstream-rpms
    • satellite-6.16-for-rhel-9-x86_64-rpms
    • satellite-maintenance-6.16-for-rhel-9-x86_64-rpms
  2. Download the debug certificate of the organization and store it locally at /etc/pki/katello/certs/org-debug-cert.pem or a location of your choosing. For more information, see Creating an Organization Debug Certificate in Administering Red Hat Satellite.

  3. Create a Yum configuration file under /etc/yum.repos.d, such as satellite-disconnected.repo, with the following contents: 

    [rhel-9-for-x86_64-baseos-rpms]
name=Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel9/9/x86_64/baseos/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1

[rhel-9-for-x86_64-appstream-rpms]
name=Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel9/9/x86_64/appstream/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1

[satellite-6.16-for-rhel-9-x86_64-rpms]
name=Red Hat Satellite 6.16 for RHEL 9 RPMs x86_64
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel9/x86_64/satellite/6.16/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1

[satellite-maintenance-6.16-for-rhel-9-x86_64-rpms]
name=Red Hat Satellite Maintenance 6.16 for RHEL 9 RPMs x86_64
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel9/x86_64/sat-maintenance/6.16/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1
    Copy to Clipboard Toggle word wrap

  4. In the configuration file, complete the following steps:

    • For the sslclientcert and sslclientkey options, replace /etc/pki/katello/certs/org-debug-cert.pem with the location of the downloaded organization debug certificate.
    • For the baseurl option, replace satellite.example.com with the correct FQDN of your connected Satellite Server.
    • For the baseurl option, replace My_Organization with your organization label.

  5. Obtain the organization label: 

    # hammer organization list
    Copy to Clipboard Toggle word wrap

  6. Enter the reposync command: 

    # dnf reposync \
--delete \
--disableplugin=foreman-protector \
--download-metadata \
--repoid rhel-9-for-x86_64-appstream-rpms \
--repoid rhel-9-for-x86_64-baseos-rpms \
--repoid satellite-maintenance-6.16-for-rhel-9-x86_64-rpms \
--repoid satellite-6.16-for-rhel-9-x86_64-rpms \
-n \
-p ~/Satellite-repos
    Copy to Clipboard Toggle word wrap

    This downloads the contents of the repositories from the connected Satellite Server and stores them in the directory ~/Satellite-repos.

  7. Verify that the RPMs have been downloaded and the repository data directory is generated in each of the sub-directories of ~/Satellite-repos.

  8. Archive the contents of the directory: 

    # tar czf Satellite-repos.tgz -C ~ Satellite-repos
    Copy to Clipboard Toggle word wrap
  9. Use the generated Satellite-repos.tgz file to update in the disconnected Satellite Server.

Procedure on the disconnected Satellite Server

  1. Copy the generated Satellite-repos.tgz file to your disconnected Satellite Server.

  2. Extract the archive to anywhere accessible by the root user. In the following example /root is the extraction location. 

    # tar zxf Satellite-repos.tgz -C /root
    Copy to Clipboard Toggle word wrap

  3. Create a Yum configuration file under /etc/yum.repos.d with the following repository information: 

    [rhel-9-for-x86_64-baseos-rpms]
name=Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)
baseurl=file:///root/Satellite-repos/rhel-9-for-x86_64-baseos-rpms
enabled = 1

[rhel-9-for-x86_64-appstream-rpms]
name=Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)
baseurl=file:///root/Satellite-repos/rhel-9-for-x86_64-appstream-rpms
enabled = 1

[satellite-6.16-for-rhel-9-x86_64-rpms]
name=Red Hat Satellite 6 for RHEL 9 Server RPMs x86_64
baseurl=file:///root/Satellite-repos/satellite-6.16-for-rhel-9-x86_64-rpms
enabled = 1

[satellite-maintenance-6.16-for-rhel-9-x86_64-rpms]
name=Red Hat Satellite Maintenance 6 for RHEL 9 Server RPMs x86_64
baseurl=file:///root/Satellite-repos/satellite-maintenance-6.16-for-rhel-9-x86_64-rpms
enabled = 1
    Copy to Clipboard Toggle word wrap
  4. In the configuration file, replace the /root/Satellite-repos with the extracted location.

  5. Use the health check option to determine if the system is ready for update. On first use of this command, satellite-maintain prompts you to enter the hammer admin user credentials and saves them in the /etc/foreman-maintain/foreman-maintain-hammer.yml file. 

    # satellite-maintain update check \
--whitelist="check-upstream-repository,repositories-validate"
    Copy to Clipboard Toggle word wrap
  6. Review the results and address any highlighted error conditions before performing the update.

  7. Due to the lengthy update time, use a utility such as tmux to suspend and reattach a communication session. You can then check the update progress without staying connected to the command shell continuously.

    If you lose connection to the command shell where the update command is running, you can see the logged messages in the /var/log/foreman-installer/satellite.log file to check if the process completed successfully.

  8. Perform the update: 

    # satellite-maintain update run \
--whitelist="check-upstream-repository,repositories-setup,repositories-validate"
    Copy to Clipboard Toggle word wrap

  9. If the satellite-maintain command told you to reboot, then reboot the system: 

    # reboot
    Copy to Clipboard Toggle word wrap

Additional resources

Chapter 4. Updating Capsule Server
Copy link

Update Capsule Servers to the next patch version.

Procedure

  1. Synchronize the satellite-capsule-6.16-for-rhel-8-x86_64-rpms repository in the Satellite Server.
  2. Publish and promote a new version of the content view with which the Capsule is registered.

  3. Ensure that the Satellite Maintenance repository is enabled:

    • On Red Hat Enterprise Linux 9: 

      # subscription-manager repos --enable \
satellite-maintenance-6.16-for-rhel-9-x86_64-rpms
      Copy to Clipboard Toggle word wrap

    • On Red Hat Enterprise Linux 8: 

      # subscription-manager repos --enable \
satellite-maintenance-6.16-for-rhel-8-x86_64-rpms
      Copy to Clipboard Toggle word wrap

  4. Use the health check option to determine if the system is ready for update: 

    # satellite-maintain update check
    Copy to Clipboard Toggle word wrap

    Review the results and address any highlighted error conditions before performing the update.

  5. Because of the lengthy update time, use a utility such as tmux to suspend and reattach a communication session. You can then check the update progress without staying connected to the command shell continuously.

    If you lose connection to the command shell where the update command is running, you can see the logged messages in the /var/log/foreman-installer/capsule.log file to check if the process completed successfully.

  6. Perform the update: 

    # satellite-maintain update run
    Copy to Clipboard Toggle word wrap

  7. If the satellite-maintain command told you to reboot, then reboot the system: 

    # reboot
    Copy to Clipboard Toggle word wrap

Legal Notice
Copy link

Copyright © 2025 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat