Chapter 8. Managing Errata
Software packages in Red Hat products are subject to updates, referred to as errata, that are released at regular intervals as well as asynchronously. This section shows how to inspect and apply errata using hammer
. For web UI equivalents of the following procedures see the Red Hat Satellite Host Configuration Guide.
8.1. Inspecting Available Errata
To view errata that are available for all organizations, issue the following command:
$ hammer erratum list
Example 8.1. Filtering Errata
The hammer erratum list
command provides numerous options for filtering and ordering the output list. For example, to find an erratum that contains a specific security fix, issue:
$ hammer erratum list --cve CVE-2014-0453
The following command displays applicable errata for the selected product that contain the specified bugs ordered so that the security errata are displayed on top:
$ hammer erratum list \ --product-id 7 \ --search "bug = 1213000 or bug = 1207972" \ --errata-restrict-applicable 1 \ --order "type desc"
For more information on syntax used in the --search
option, refer to the Red Hat Satellite Host Configuration Guide. For more information on filtering options implemented in hammer, see the output of hammer erratum list --help
.
To view details of a specific erratum, issue the following command:
$ hammer erratum info --id <erratum_ID>
Replace <erratum_ID> with a unique identifier of the erratum found in the output of the hammer erratum list
command. You can identify errata also by name and repository name, see the output of hammer erratum info --help
for details.
8.2. Applying Errata to a Host
To list errata available for a host, issue the following command:
$ hammer host errata list --host <hostname>
To apply selected errata to the host, issue the following command:
$ hammer host errata apply \ --host <hostname> \ --errata-ids <erratum_ID1>,<erratum_ID2>...
Example 8.2. Applying All Available Errata to a Host
The following Bash script applies all errata available to a host (auth01.example.com):
HOST="auth01.example.com" for i in $(hammer --csv host errata list --host $HOST | grep -vi '^ID' | awk -F, {'print $1'}) do hammer host errata apply --host $HOST --errata-ids $i done
Example 8.3. Applying a Security Advisory
This example shows how to apply a security fix to hosts using hammer
:
Find the erratum that contains a fix for a selected issue (CVE-2015-3238):
$ hammer erratum list --cve CVE-2015-3238 -------|----------------|----------|------------------------------ ID | ERRATA ID | TYPE | TITLE -------|----------------|----------|------------------------------ f30e66 | RHSA-2015:1640 | security | Moderate: pam security update -------|----------------|----------|------------------------------
Verify if the security erratum (RHSA-2015:1640) is applicable for your host (auth01.example.com):
$ hammer host errata list \ --host auth01.example.com \ --search "RHSA-2015:1640"
Apply the erratum to the host:
$ hammer host errata apply \ --host auth01.example.com \ --errata-ids "RHSA-2015:1640"
You can use the following Bash script to apply a security erratum (for example RHSA-2015:1640) to all hosts where it is applicable:
ORG="ACME" RHSA="RHSA-2015:1640" for i in $(hammer --csv host list --organization $ORG | grep -vi '^ID' | awk -F, {'print $2'}) do hammer host errata apply --host $i --errata-ids $RHSA done
To see if errata were applied successfully, find the corresponding task in the output of the following command:
$ hammer task list
To review the state of a selected task, issue the following command:
$ hammer task progress --id <task_ID>
8.3. Applying Errata to a Host Collection
To apply selected errata to a Host Collection, enter a command as follows:
$ hammer host-collection erratum install \ --errata "<erratum_ID1>,<erratum_ID2>,..." \ --name "my-collection" --organization $ORG
This command is available in Red Hat Satellite 6.2.8 or later.