SupportConsoleDevelopersStart a trialContact

Chapter 3. Updating a disconnected Satellite Server

Update your air-gapped Satellite setup where the connected Satellite Server, which synchronizes content from CDN, is air gapped from a disconnected Satellite Server, to the next patch version. You can follow this process to update the underlying operating system between minor release versions.

Prerequisites

  • Back up your Satellite Server. For more information, see Backing Up Satellite Server and Capsule Server in Administering Red Hat Satellite.

  • Install reposync that is required for the updating procedure: 

    # dnf install 'dnf-command(reposync)'

3.1. Updating a disconnected Satellite Server on Red Hat Enterprise Linux 8

You can update your disconnected Satellite on Red Hat Enterprise Linux 8 by synchronizing the required repositories on the connected Satellite and syncing the content to the disconnected Satellite using reposync.

Procedure on the connected Satellite Server

  1. Ensure that you have synchronized the following repositories in your connected Satellite Server:

    • rhel-8-for-x86_64-baseos-rpms
    • rhel-8-for-x86_64-appstream-rpms
    • satellite-6.16-for-rhel-8-x86_64-rpms
    • satellite-maintenance-6.16-for-rhel-8-x86_64-rpms
  2. Download the debug certificate of the organization and store it locally at /etc/pki/katello/certs/org-debug-cert.pem or a location of your choosing. For more information, see Creating an Organization Debug Certificate in Administering Red Hat Satellite.

  3. Create a Yum configuration file under /etc/yum.repos.d, such as satellite-disconnected.repo, with the following contents: 

    [rhel-8-for-x86_64-baseos-rpms]
name=Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel8/8/x86_64/baseos/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1

[rhel-8-for-x86_64-appstream-rpms]
name=Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel8/8/x86_64/appstream/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1

[satellite-6.16-for-rhel-8-x86_64-rpms]
name=Red Hat Satellite 6.16 for RHEL 8 RPMs x86_64
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel8/x86_64/satellite/6.16/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1

[satellite-maintenance-6.16-for-rhel-8-x86_64-rpms]
name=Red Hat Satellite Maintenance 6.16 for RHEL 8 RPMs x86_64
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel8/x86_64/sat-maintenance/6.16/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1

  4. In the configuration file, complete the following steps:

    • For the sslclientcert and sslclientkey options, replace /etc/pki/katello/certs/org-debug-cert.pem with the location of the downloaded organization debug certificate.
    • For the baseurl option, replace satellite.example.com with the correct FQDN of your connected Satellite Server.
    • For the baseurl option, replace My_Organization with your organization label.

  5. Obtain the organization label: 

    # hammer organization list

  6. Enter the reposync command: 

    # dnf reposync \
--delete \
--disableplugin=foreman-protector \
--download-metadata \
--repoid rhel-8-for-x86_64-appstream-rpms \
--repoid rhel-8-for-x86_64-baseos-rpms \
--repoid satellite-maintenance-6.16-for-rhel-8-x86_64-rpms \
--repoid satellite-6.16-for-rhel-8-x86_64-rpms \
-n \
-p ~/Satellite-repos

    This downloads the contents of the repositories from the connected Satellite Server and stores them in the directory ~/Satellite-repos.

  7. Verify that the RPMs have been downloaded and the repository data directory is generated in each of the sub-directories of ~/Satellite-repos.

  8. Archive the contents of the directory: 

    # tar czf Satellite-repos.tgz -C ~ Satellite-repos
  9. Use the generated Satellite-repos.tgz file to update in the disconnected Satellite Server.

Procedure on the disconnected Satellite Server

  1. Copy the generated Satellite-repos.tgz file to your disconnected Satellite Server.

  2. Extract the archive to anywhere accessible by the root user. In the following example /root is the extraction location. 

    # tar zxf Satellite-repos.tgz -C /root

  3. Create a Yum configuration file under /etc/yum.repos.d with the following repository information: 

    [rhel-8-for-x86_64-baseos-rpms]
name=Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs)
baseurl=file:///root/Satellite-repos/rhel-8-for-x86_64-baseos-rpms
enabled = 1

[rhel-8-for-x86_64-appstream-rpms]
name=Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs)
baseurl=file:///root/Satellite-repos/rhel-8-for-x86_64-appstream-rpms
enabled = 1

[satellite-6.16-for-rhel-8-x86_64-rpms]
name=Red Hat Satellite 6 for RHEL 8 Server RPMs x86_64
baseurl=file:///root/Satellite-repos/satellite-6.16-for-rhel-8-x86_64-rpms
enabled = 1

[satellite-maintenance-6.16-for-rhel-8-x86_64-rpms]
name=Red Hat Satellite Maintenance 6 for RHEL 8 Server RPMs x86_64
baseurl=file:///root/Satellite-repos/satellite-maintenance-6.16-for-rhel-8-x86_64-rpms
enabled = 1
  4. In the configuration file, replace the /root/Satellite-repos with the extracted location.

  5. Use the health check option to determine if the system is ready for update. On first use of this command, satellite-maintain prompts you to enter the hammer admin user credentials and saves them in the /etc/foreman-maintain/foreman-maintain-hammer.yml file. 

    # satellite-maintain update check \
--whitelist="check-upstream-repository,repositories-validate"
  6. Review the results and address any highlighted error conditions before performing the update.

  7. Due to the lengthy update time, use a utility such as tmux to suspend and reattach a communication session. You can then check the update progress without staying connected to the command shell continuously.

    If you lose connection to the command shell where the update command is running, you can see the logged messages in the /var/log/foreman-installer/satellite.log file to check if the process completed successfully.

  8. Perform the update: 

    # satellite-maintain update run \
--whitelist="check-upstream-repository,repositories-setup,repositories-validate"

  9. Determine if the system needs a reboot: 

    # dnf needs-restarting --reboothint

  10. If the previous command told you to reboot, then reboot the system: 

    # reboot

Additional resources

3.2. Updating a disconnected Satellite Server on Red Hat Enterprise Linux 9

You can update your disconnected Satellite on Red Hat Enterprise Linux 9 by synchronizing the required repositories on the connected Satellite and syncing the content to the disconnected Satellite using reposync.

Procedure on the connected Satellite Server

  1. Ensure that you have synchronized the following repositories in your connected Satellite Server:

    • rhel-9-for-x86_64-baseos-rpms
    • rhel-9-for-x86_64-appstream-rpms
    • satellite-6.16-for-rhel-9-x86_64-rpms
    • satellite-maintenance-6.16-for-rhel-9-x86_64-rpms
  2. Download the debug certificate of the organization and store it locally at /etc/pki/katello/certs/org-debug-cert.pem or a location of your choosing. For more information, see Creating an Organization Debug Certificate in Administering Red Hat Satellite.

  3. Create a Yum configuration file under /etc/yum.repos.d, such as satellite-disconnected.repo, with the following contents: 

    [rhel-9-for-x86_64-baseos-rpms]
name=Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel9/9/x86_64/baseos/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1

[rhel-9-for-x86_64-appstream-rpms]
name=Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/rhel9/9/x86_64/appstream/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1

[satellite-6.16-for-rhel-9-x86_64-rpms]
name=Red Hat Satellite 6.16 for RHEL 9 RPMs x86_64
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel9/x86_64/satellite/6.16/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1

[satellite-maintenance-6.16-for-rhel-9-x86_64-rpms]
name=Red Hat Satellite Maintenance 6.16 for RHEL 9 RPMs x86_64
baseurl=https://satellite.example.com/pulp/content/My_Organization/Library/content/dist/layered/rhel9/x86_64/sat-maintenance/6.16/os
enabled = 1
sslclientcert = /etc/pki/katello/certs/org-debug-cert.pem
sslclientkey = /etc/pki/katello/certs/org-debug-cert.pem
sslcacert = /etc/pki/katello/certs/katello-server-ca.crt
sslverify = 1

  4. In the configuration file, complete the following steps:

    • For the sslclientcert and sslclientkey options, replace /etc/pki/katello/certs/org-debug-cert.pem with the location of the downloaded organization debug certificate.
    • For the baseurl option, replace satellite.example.com with the correct FQDN of your connected Satellite Server.
    • For the baseurl option, replace My_Organization with your organization label.

  5. Obtain the organization label: 

    # hammer organization list

  6. Enter the reposync command: 

    # dnf reposync \
--delete \
--disableplugin=foreman-protector \
--download-metadata \
--repoid rhel-9-for-x86_64-appstream-rpms \
--repoid rhel-9-for-x86_64-baseos-rpms \
--repoid satellite-maintenance-6.16-for-rhel-9-x86_64-rpms \
--repoid satellite-6.16-for-rhel-9-x86_64-rpms \
-n \
-p ~/Satellite-repos

    This downloads the contents of the repositories from the connected Satellite Server and stores them in the directory ~/Satellite-repos.

  7. Verify that the RPMs have been downloaded and the repository data directory is generated in each of the sub-directories of ~/Satellite-repos.

  8. Archive the contents of the directory: 

    # tar czf Satellite-repos.tgz -C ~ Satellite-repos
  9. Use the generated Satellite-repos.tgz file to update in the disconnected Satellite Server.

Procedure on the disconnected Satellite Server

  1. Copy the generated Satellite-repos.tgz file to your disconnected Satellite Server.

  2. Extract the archive to anywhere accessible by the root user. In the following example /root is the extraction location. 

    # tar zxf Satellite-repos.tgz -C /root

  3. Create a Yum configuration file under /etc/yum.repos.d with the following repository information: 

    [rhel-9-for-x86_64-baseos-rpms]
name=Red Hat Enterprise Linux 9 for x86_64 - BaseOS (RPMs)
baseurl=file:///root/Satellite-repos/rhel-9-for-x86_64-baseos-rpms
enabled = 1

[rhel-9-for-x86_64-appstream-rpms]
name=Red Hat Enterprise Linux 9 for x86_64 - AppStream (RPMs)
baseurl=file:///root/Satellite-repos/rhel-9-for-x86_64-appstream-rpms
enabled = 1

[satellite-6.16-for-rhel-9-x86_64-rpms]
name=Red Hat Satellite 6 for RHEL 9 Server RPMs x86_64
baseurl=file:///root/Satellite-repos/satellite-6.16-for-rhel-9-x86_64-rpms
enabled = 1

[satellite-maintenance-6.16-for-rhel-9-x86_64-rpms]
name=Red Hat Satellite Maintenance 6 for RHEL 9 Server RPMs x86_64
baseurl=file:///root/Satellite-repos/satellite-maintenance-6.16-for-rhel-9-x86_64-rpms
enabled = 1
  4. In the configuration file, replace the /root/Satellite-repos with the extracted location.

  5. Use the health check option to determine if the system is ready for update. On first use of this command, satellite-maintain prompts you to enter the hammer admin user credentials and saves them in the /etc/foreman-maintain/foreman-maintain-hammer.yml file. 

    # satellite-maintain update check \
--whitelist="check-upstream-repository,repositories-validate"
  6. Review the results and address any highlighted error conditions before performing the update.

  7. Due to the lengthy update time, use a utility such as tmux to suspend and reattach a communication session. You can then check the update progress without staying connected to the command shell continuously.

    If you lose connection to the command shell where the update command is running, you can see the logged messages in the /var/log/foreman-installer/satellite.log file to check if the process completed successfully.

  8. Perform the update: 

    # satellite-maintain update run \
--whitelist="check-upstream-repository,repositories-setup,repositories-validate"

  9. Determine if the system needs a reboot: 

    # dnf needs-restarting --reboothint

  10. If the previous command told you to reboot, then reboot the system: 

    # reboot

Additional resources

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.