Chapter 8. Managing Errata


Software packages in Red Hat products are subject to updates, referred to as errata, that are released at regular intervals as well as asynchronously. This section shows how to inspect and apply errata using hammer. For web UI equivalents of the following procedures see the Red Hat Satellite Host Configuration Guide.

8.1. Inspecting Available Errata

To view errata that are available for all organizations, issue the following command:

$ hammer erratum list

Example 8.1. Filtering Errata

The hammer erratum list command provides numerous options for filtering and ordering the output list. For example, to find an erratum that contains a specific security fix, issue:

$ hammer erratum list --cve CVE-2014-0453

The following command displays applicable errata for the selected product that contain the specified bugs ordered so that the security errata are displayed on top:

$ hammer erratum list \
--product-id 7 \
--search "bug = 1213000 or bug = 1207972" \
--errata-restrict-applicable 1 \
--order "type desc"

For more information on syntax used in the --search option, refer to the Red Hat Satellite Host Configuration Guide. For more information on filtering options implemented in hammer, see the output of hammer erratum list --help.

To view details of a specific erratum, issue the following command:

$ hammer erratum info --id <erratum_ID>

Replace <erratum_ID> with a unique identifier of the erratum found in the output of the hammer erratum list command. You can identify errata also by name and repository name, see the output of hammer erratum info --help for details.

8.2. Applying Errata to a Host

To list errata available for a host, issue the following command:

$ hammer host errata list --host <hostname>

To apply selected errata to the host, issue the following command:

$ hammer host errata apply \
--host <hostname> \
--errata-ids <erratum_ID1>,<erratum_ID2>...

Example 8.2. Applying All Available Errata to a Host

The following Bash script applies all errata available to a host (auth01.example.com):

HOST="auth01.example.com"
for i in $(hammer --csv host errata list --host $HOST | grep -vi '^ID' | awk -F, {'print $1'})
do
  hammer host errata apply --host $HOST --errata-ids $i
done

Example 8.3. Applying a Security Advisory

This example shows how to apply a security fix to hosts using hammer:

  1. Find the erratum that contains a fix for a selected issue (CVE-2015-3238):

    $ hammer erratum list --cve CVE-2015-3238
    -------|----------------|----------|------------------------------
    ID     | ERRATA ID      | TYPE     | TITLE
    -------|----------------|----------|------------------------------
    f30e66 | RHSA-2015:1640 | security | Moderate: pam security update
    -------|----------------|----------|------------------------------
  2. Verify if the security erratum (RHSA-2015:1640) is applicable for your host (auth01.example.com):

    $ hammer host errata list \
    --host auth01.example.com \
    --search "RHSA-2015:1640"
  3. Apply the erratum to the host:

    $ hammer host errata apply \
    --host auth01.example.com \
    --errata-ids "RHSA-2015:1640"

You can use the following Bash script to apply a security erratum (for example RHSA-2015:1640) to all hosts where it is applicable:

ORG="ACME"
RHSA="RHSA-2015:1640"

for i in $(hammer --csv host list --organization $ORG | grep -vi '^ID' | awk -F, {'print $2'})
do
  hammer host errata apply --host $i --errata-ids $RHSA
done

To see if errata were applied successfully, find the corresponding task in the output of the following command:

$ hammer task list

To review the state of a selected task, issue the following command:

$ hammer task progress --id <task_ID>

8.3. Applying Errata to a Host Collection

To apply selected errata to a Host Collection, enter a command as follows:

$ hammer host-collection erratum install \
--errata "<erratum_ID1>,<erratum_ID2>,..." \
--name "my-collection" --organization $ORG

This command is available in Red Hat Satellite 6.2.8 or later.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.