Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 6. Upgrading Satellite Server and Capsule Server

Upgrading is the process of migrating your Satellite and Capsule Server installations from a y-stream release to the next, for example Satellite 6.1 to Satellite 6.2; while updating is the process of migrating your Satellite and Capsule Server installations from a z-stream release to the next, for example Satellite 6.2.7 to Satellite 6.2.8. This section covers upgrading instructions. For more information on updating, see Chapter 7, Updating Satellite Server, Capsule Server, and Content Hosts. Upgrades are usually done in order to take advantage of significant new features or capabilities. Because upgrades can involve deprecation of installed code, they can require a significant amount of time. You should plan your workflow to avoid disruption to your operating environment when performing upgrades. Before upgrading, check the Red Hat Satellite Release Notes for potential conflicts.

The Satellite Server and Capsule Servers are upgraded independently. Upgrade the Satellite Server first, and then upgrade any Capsule Servers. Satellite 6.1 Capsule Servers are not compatible with Satellite 6.2, and must be upgraded before attempting to synchronize any repositories.

You must also manually upgrade Satellite clients to the new version of katello-agent after upgrading the Satellite Server and Capsule Servers. See Section 6.7, “Upgrading Satellite Clients” for more information.

Important

The Red Hat Satellite Server and Capsule Server y-stream versions must match. For example, a 6.1 Satellite Server cannot run a 6.2 Capsule Server and a 6.2 Satellite Server cannot run a 6.1 Capsule Server. Mismatching Satellite Server and Capsule Server versions will result in the Capsule Server failing silently. However, a Capsule Server using one z-stream version older than the Satellite Server is supported. For example, a Satellite 6.2.8 Satellite Server can run a 6.2.7 Capsule Server.

Supported upgrade paths for Satellite 6.2:

  • Satellite 6.0.X GA to 6.1.X GA.
  • Satellite 6.1.9 GA or later to 6.2.X GA or later.

You must perform the upgrade from each version to the next. Upgrading from the Beta to GA version is not supported.

Storage Requirements for Satellite 6.2

The storage requirements for Satellite have changed from the previous version. Before upgrading, review the storage requirements as detailed in Section 2.2, “Storage Requirements and Recommendations” and ensure that the requirements are met before attempting an upgrade.

I/O Speed Requirements for Satellite 6.2

Upgrading from Satellite or Capsule 6.1 to 6.2 is a lengthy operation that can take many hours depending on the size of the repositories on the Satellite or Capsule. The upgrade processing rate for the content of the /var/lib/pulp/ directory is estimated at between 50 GB and 100 GB per hour. If you have 500 GB of content, the upgrade could take from 5 to 10 hours.

Note

If the Pulp directory is stored on an NFS device, the upgrade takes significantly more time. For example, testing with 600 GB of Pulp storage took 30 hours to migrate over NFS.

To check the size of the /var/lib/pulp/ directory, enter the following command: 

# df -h /var/lib/pulp
Copy to Clipboard

Checking I/O speed is important because it affects the duration of the upgrade. Testing with the hdparm tool, and examining the reported timing buffered disk reads element, can identify a potential performance problem. You need to check where the location of the /var/lib/pulp/ directory is mounted, and with this information you are then able to determine the I/O speed.

  1. First of all, install hdparm in order to be able to measure I/O speed. 

    # yum install hdparm
    Copy to Clipboard

  2. Display information about the /var directory. 

    # df /var
    Copy to Clipboard

    Examine the output and identify the logical device used by the var directory. In this example, it is /dev/mapper/rhel_vm37—​118-root. 

    Filesystem                      1K-blocks     Used Available Use% Mounted on
/dev/mapper/rhel_vm37--118-root 200303044 41739160 158563884  21% /
    Copy to Clipboard

  3. Display information about the logical volume. 

    # lvs -a -o +devices
    Copy to Clipboard

    Examine the output and identify the device associated with the logical volume. In this example, it is the root device, which located at /dev/vda2. 

    LV   VG            Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert Devices
root rhel_vm37-118 -wi-ao---- 191.12g                                                     /dev/vda2(0)
swap rhel_vm37-118 -wi-ao----   7.88g                                                     /dev/vda2(48926)
    Copy to Clipboard

  4. Measure the I/O speed to the relevant device. Use the location of the device that you identified in the previous step. In this example, it is /dev/vda2. The result is reported under the timing buffered disk reads element. 

    # hdparm -tT /dev/vda2
    Copy to Clipboard

    Remember /dev/vda2 will vary depending on where the /var/lib/pulp/ directory is mounted on your system, which is why it is vital to correctly identify the location by following the above steps.

A minimum of 80 MB/s Buffered Read Time is recommended for read access to the device used in the /var partition. Throughput lower than this can cause extreme performance issues with your Satellite installation, upgrade, and day-to-day operations. In extreme situations, slow I/O (in the order of 10–20 MB/s) to the /var partition has caused Satellite 6.1 to 6.2 upgrades to take in excess of 24 hours.

Following the Progress of the Upgrade

Due to the lengthy upgrade time, consider using a utility such as screen that allows suspending and reattaching a communication session so that you can check the upgrade progress without having to stay connected to the command shell continuously. The Red Hat Knowledgebase article How do I use the screen command? describes installing screen; alternately see the screen manual page for more information. If you lose connection to the shell where the installation command is running you can see the logs in /var/log/foreman-installer/satellite.log to determine if the process completed successfully.

Foreman Hooks' Report Class Renamed to ConfigReport

In Satellite 6.2 the Report class has been changed to ConfigReport. This means the hooks triggered by Rails events no longer look for a script stored in the /hooks/report/ directory. Upgrading requires removing all hooks until the upgrade has completed successfully. After completing the upgrade and verifying that Satellite is working as expected, restore the Foreman hooks. Create a directory /usr/share/foreman/config/hooks/config_report/ and move hooks such as after_create and before_create to the new directory. Rails events and Foreman hooks are described in Using Foreman Hooks in the Red Hat Satellite Server Administration Guide.

Docker Support in Satellite 6.2

Satellite 6.2 has upgraded Docker support from version 1 to version 2. With that change, Docker has altered its data model removing support of Docker images and introducing support for manifests. As a result of this fundamental change, Docker version 1 support is completely removed; therefore, any existing Docker version 1 repositories are deleted as part of the upgrade.

The previously created containers will still be visible in Satellite Server and can still be started, however you will not be able to create new containers as the images will no longer be present.

To assist in creating Docker version 2 repositories post upgrade, obtain and save the details of any Docker version 1 repositories prior to the upgrade.

This can be accomplished using the Satellite web UI or the Hammer CLI.

To view existing Docker repositories using the Satellite web UI:

  1. Go to Content > Products
  2. Select the repositories to display the settings.

To view existing Docker repositories using the CLI:

  1. List all docker repositories for a specific organization: 

    # hammer repository list --organization-id 1 --content-type docker
    Copy to Clipboard

  2. Obtain docker repository information for a specific repository: 

    # hammer repository info --id 3
    Copy to Clipboard

Once the upgrade has been completed, if the above repositories are available from a Docker version 2 registry, they can be recreated with the appropriate details (such as name, docker-upstream-name, and URL). The process to manage Docker version 2 content is similar to the process in Satellite 6.1 with Docker version 1 and other content types: create and synchronize repositories, then create, publish, and promote Content Views.

6.1. Migrating from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7

Red Hat Satellite 6.2 is the last y-stream version that Red Hat Enterprise Linux 6 supports. To upgrade to a later version of Red Hat Satellite 6, you must first migrate to Red Hat Enterprise Linux 7. You might also want to migrate your existing Satellite installation to Red Hat Enterprise Linux 7 and later upgrade Red Hat Satellite.

Red Hat Satellite 6.2.13 introduces satellite-clone. This tool copies an existing Satellite installation from an existing Red Hat Enterprise Linux server to a new Red Hat Enterprise Linux 7 server.

The Satellite clone tool does not support migrating a Capsule Server to Red Hat Enterprise Linux 7. Instead you must backup the existing Capsule Server, restore it on Red Hat Enterprise Linux 7, then reconfigure the Capsule Server.

6.1.1. Exclusions

The Satellite migration process includes only the Red Hat Satellite environment. Any customizations made outside the Satellite environment, for example manually configured cron jobs, are outside scope.

6.1.2. Before You Begin

Terminology

Throughout this procedure, ensure that you understand the following terminology:

  • Source server - existing Satellite Server or Capsule Server
  • Target server - new server, to which Satellite Server or Capsule Server is being migrated

In migrating a Satellite Server or Capsule Server, the following requirements apply:

  • Install only a minimal Red Hat Enterprise Linux 7 instance. Do not install any Red Hat Enterprise Linux 7 software groups, or third-party applications. Complete the prerequisites in the Preparing your environment for installation section of the Installation Guide.
  • The target server must have capacity to store the backup files, which the source server transfers to the target server, and the backup files when they are restored.

  • If you are registering the target server using an activation key, obtain it from the Red Hat Customer Portal.

    For more information, see Subscription Asset Manager: Activation Key in the Subscription Concepts and Workflows Guide.

6.1.3. Satellite Server Migration Overview

The high-level steps of migrating Satellite Server or a Capsule Server are as follows:

  1. Backup the source Satellite Server or Capsule Server.
  2. Stop all Satellite services.
  3. Copy the backup files to the target server.
  4. Migrate the source Satellite Server or Capsule Server.
  5. Shut down the source Satellite Server or Capsule Server.
  6. Finalize the target Satellite Server or Capsule Server configuration.
  7. Decommission the source Satellite Server or Capsule Server.
Warning

Isolate the target server from internal networks to avoid unwanted communication with Capsule Servers and hosts. Reconnect the target server after the source server is decommissioned.

A connection to the Red Hat Content Delivery Network (CDN) is required for subscription activation and Satellite installation, unless installing from ISO files.

6.1.4. Migrating a Satellite Server

The following procedure outlines how to migrate an existing Satellite Server installation to the target server.

  1. On the source server, identify the current Red Hat Satellite subscription: 

    # subscription-manager list --consumed \
--matches 'Red Hat Satellite'|grep "Pool ID:"|awk '{print $3}'
    Copy to Clipboard

    Note the Red Hat Satellite subscription pool ID because you need this in a later step.

  2. On the source server, remove the Red Hat Satellite subscription: 

    # subscription-manager remove --serial=$(subscription-manager list \
--consumed \
--matches 'Red Hat Satellite'|grep "Serial:"|awk '{print $2}')
    Copy to Clipboard

  3. On the source server, perform an online Satellite backup with only the databases active. The backup files are output to the backup directory: 

    # katello-service stop
# service postgresql start
# service mongod start
# katello-backup --online-backup /backup/
    Copy to Clipboard

  4. On the source server, stop and disable Katello services.

    1. To stop all Katello services, enter the following command: 

      # katello-service stop
      Copy to Clipboard

    2. Disable all Katello services.

      On Red Hat Enterprise Linux 7, run the following script: 

      # for i in $(katello-service list | cut -d' ' -f1);do systemctl disable $i;done
      Copy to Clipboard

      On Red Hat Enterprise Linux 6, run the following script: 

      # for i in $(katello-service list | cut -d' ' -f1);do chkconfig $i off;done
      Copy to Clipboard
  5. Shut down the Red Hat Enterprise Linux server hosting the source server.

  6. Register the target server to the Customer Portal, add the necessary subscriptions, and enable the Satellite repositories. For more information, see Installing Satellite Server from a Connected Network in the Installation Guide. Optionally you can choose to register using an activation key in the Customer Portal which is explained in later steps.

    1. Register the target server to the Customer Portal, entering your Customer Portal user name and password when prompted: 

      # subscription-manager register
      Copy to Clipboard

    2. Attach the subscription to the target server: 

      # subscription-manager attach --pool=pool_ID
      Copy to Clipboard

      The Red Hat Satellite subscription pool ID is identified earlier in this procedure.

    3. Ensure only the required Red Hat Enterprise Linux 7 repositories are enabled: 

      # subscription-manager repos --disable=*
# subscription-manager repos \
--enable=rhel-7-server-rpms \
--enable=rhel-server-rhscl-7-rpms \
--enable=rhel-7-server-satellite-maintenance-6-rpms \
--enable=rhel-7-server-satellite-6.2-rpms
      Copy to Clipboard

  7. On the target server, either mount the shared storage or copy the following files and folder from the source Satellite Server. The default destination directory is /backup. You can choose another directory if there is not enough storage space.

    • candlepin.dump
    • config_files.tar.gz
    • foreman.dump
    • mongo_dump folder
    • pulp_data.tar

  8. On the target server, install the satellite-clone package: 

    # yum install satellite-clone
    Copy to Clipboard

  9. On the target server, customize the satellite-clone configuration file.

    Edit the configuration file /etc/satellite-clone/satellite-clone-vars.yml. To change an item from the default, remove the comment character (#), and edit its value.

    1. If the backup files were not copied to the directory /backup on the target server, change the backup_dir to the path containing the backup files.
    2. Change the rhel_migration to yes.

    3. If you did not register the target server to the Customer Portal, you can use an activation key in the Customer Portal to register it:

      1. Change the register_to_portal to true.
      2. Change the activationkey to the name of your activation key in the Customer Portal.
      3. Change the orgname to your Satellite organization in the Customer Portal.
    4. Change other values to suit your requirements.

  10. Start the satellite-clone process: 

    # satellite-clone
    Copy to Clipboard

  11. On the target server, reconfigure DHCP, DNS, TFTP and remote execution services. The cloning process disables these services on the target Satellite Server to avoid conflict with the source Satellite Server.

    Reconfigure and enable DHCP, DNS, TFTP in the Satellite web UI. For more information, see Configuring DNS, DHCP, and TFTP on Satellite Server in the Installation Guide.

    Enable remote execution: 

    # satellite-installer --scenario satellite --enable-foreman-plugin-remote-execution --enable-foreman-proxy-plugin-remote-execution-ssh
    Copy to Clipboard
  12. Log in to the Satellite web UI as user admin and password changeme. Change the admin user’s password.

  13. Refresh the Satellite’s manifest.

    1. Log in to the Satellite web UI.
    2. Ensure that the correct organization is selected.
    3. Navigate to Content > Red Hat Subscriptions, then click Manage Manifest.
    4. Click Refresh Manifest.
    5. Navigate to Content > Red Hat Subscriptions and verify the available subscriptions are correct.

  14. Edit Capsules' association with lifecycles.

    The cloning process breaks the association between Capsule Servers and their lifecycle environments to avoid interference with existing infrastructure. On the target Satellite Server, follow the instructions in file /usr/share/satellite-clone/logs/reassociate_capsules.txt to reverse these changes.

  15. Update your network configuration, for example, DNS, to match the target server’s IP address with its new host name.

  16. If the source server uses the virt-who daemon, install and configure it on the target server.

    1. Complete the prerequisite steps for the virt-who daemon. For more information, see Prerequisites in the Virtual Instances Guide.
    2. Copy all the virt-who configuration files in directory /etc/virt-who.d/ from the source server to the same directory on the target server.
    3. Configure and start the virt-who daemon. For more information, see Configuring and Starting virt-who Service in the Virtual Instances Guide.

  17. Restart goferd on all registered content hosts and Capsules. 

    # systemctl restart goferd
    Copy to Clipboard
  18. Decommission the source server.

6.1.5. Migrating a Capsule Server

The following procedure outlines how to migrate an existing Capsule Server installation to the target server.

  1. Install Red Hat Enterprise Linux 7 server. This is the new Capsule Server.
  2. Install the new Capsule Server, but do not proceed to run the satellite-installer. For more information, see Installing Capsule Server in the Installation Guide, but stop after completing the Installing Capsule Server section.
  3. Backup the source Capsule Server. For more information, see Backing up Red Hat Satellite Server in the Server Administration Guide.

  4. Stop all Satellite services on the source Capsule Server. 

    # katello-service stop
    Copy to Clipboard
  5. Copy all backup files from the source server to the target server.
  6. Restore the Capsule Server on the target server.
  7. Shut down the source Capsule Server.
  8. Update your network configuration, for example, DNS, to match the target server’s IP address with its new host name.
  9. Decommission the source Capsule Server.

6.2. Upgrading to Satellite Server 6.2

Important

The Satellite 6 upgrading program is based on Puppet, which means that any manual configuration changes might be overwritten to the installation defaults. To avoid this, use the --noop argument when you run the upgrading program to determine what changes would be applied after you perform the upgrade. This argument ensures that no actual changes are made. Potential changes are written to /var/log/foreman-installer/satellite.log.

6.3. Upgrading a Connected Satellite Server

Before You Begin

  • You have upgraded to the minor version 6.1.9 or later of Red Hat Satellite Server 6.1. The requirement is to be at least on 6.1.9, upgrading to a higher minor version past 6.1.9 is not needed for the upgrade to Red Hat Satellite 6.2. Direct upgrades from earlier minor versions are not supported. For more information, see Upgrading Between Minor Versions of Satellite in the Red Hat Satellite 6.1 Installation Guide.
  • Review and update your firewall configuration prior to upgrading your Satellite Server. For additional information, see Section 2.5, “Ports and Firewalls Requirements”.
  • Make sure you DO NOT delete the manifest from the Customer Portal or in the Satellite Web UI as this will unregister all of your content hosts.
  • Backup and remove all Foreman hooks before upgrading. Put any hooks back only after Satellite is known to be working after the upgrade is complete.
Warning

You must retain the content of both the root/ssl-build directory and the directory in which you created any source files associated with your custom certificates. Even if you choose to implement custom certificates, you must retain the content of the /root/ssl-build directory when performing upgrades. Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.

Upgrade Satellite Server

  1. Create a backup.

    • On a virtual machine, take a snapshot.
    • On a physical machine, create a backup.

  2. A pre-upgrade script is available to detect conflicts and list hosts which have duplicate entries in Satellite Server that can be unregistered and deleted after upgrade. In addition, it will detect hosts which are not assigned to an organization. If a host is listed under Hosts > All hosts without an organization association and if a content host with same name has an organization already associated with it then the content host will automatically be unregistered. This can be avoided by associating such hosts to an organization before upgrading.

    Run the pre-upgrade check script to get a list of hosts that can be deleted after upgrading. If any unassociated hosts are found, associating them to an organization before upgrading is recommended.

    1. To use the pre-upgrade script, ensure you have ruby193-rubygem-katello-2.2.0.90-1-sat or later. 

      # yum update ruby193-rubygem-katello
      Copy to Clipboard

    2. Run the pre-upgrade check script to get a list of hosts that can be deleted after upgrading. If any unassociated hosts are found, associating them to an organization before upgrading is recommended. 

      # foreman-rake katello:upgrade_check
      Copy to Clipboard

      If the upgrade check reports a failure due to running tasks, then it is recommended that you wait for the tasks to complete. It is possible to cancel some tasks, but you should follow the guidance in the Red Hat Knowledgebase solution How to manage paused tasks on Red Hat Satellite 6 to understand which tasks are safe to cancel and which are not safe to cancel.

  3. Backup the DNS and DHCP configuration files /etc/zones.conf and /etc/dhcp/dhcpd.conf as the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required.

  4. If you have made manual edits to DNS or DHCP configuration files and do not want the changes overwritten, run the following command. 

    # katello-installer --capsule-dns-managed=false \
--capsule-dhcp-managed=false
    Copy to Clipboard

  5. Disable the repository for Red Hat Satellite 6.1.

    • On Red Hat Enterprise Linux 6, run the following command: 

      # subscription-manager repos \
--disable rhel-6-server-satellite-6.1-rpms
      Copy to Clipboard

    • On Red Hat Enterprise Linux 7, run the following command: 

      # subscription-manager repos \
--disable rhel-7-server-satellite-6.1-rpms
      Copy to Clipboard

  6. If required, to verify that the Satellite 6.1 repositories are now disabled, enter a command as follows: 

    # subscription-manager repos --list-enabled
    Copy to Clipboard

  7. Enable the repositories for Red Hat Satellite 6.2.

    • On Red Hat Enterprise Linux 6, run the following command: 

      # subscription-manager repos --enable=rhel-6-server-rpms \
--enable=rhel-server-rhscl-6-rpms \
--enable=rhel-6-server-satellite-6.2-rpms
      Copy to Clipboard

    • On Red Hat Enterprise Linux 7, run the following command: 

      # subscription-manager repos --enable=rhel-7-server-rpms \
--enable=rhel-server-rhscl-7-rpms \
--enable=rhel-7-server-satellite-6.2-rpms
      Copy to Clipboard

  8. Clear out any metadata left from any non-Red Hat yum repositories. 

    # yum clean all
    Copy to Clipboard

  9. Verify that the repositories have been enabled. 

    # yum repolist enabled
    Copy to Clipboard

    Output similar to the following displays: 

    Loaded plugins: product-id, subscription-manager
repo id                                        repo name                                                                   status
!rhel-7-server-rpms/x86_64                     Red Hat Enterprise Linux 7 Server (RPMs)                                    9,889
!rhel-7-server-satellite-6.2-rpms/x86_64       Red Hat Satellite 6.2 (for RHEL 7 Server) (RPMs)                            545
!rhel-server-rhscl-7-rpms/x86_64               Red Hat Software Collections RPMs for Red Hat Enterprise Linux 7 Server     4,279
repolist: 14,713
    Copy to Clipboard
  10. In the Satellite web UI, go to Hosts > Discovered hosts. If there are discovered hosts available, turn them off and then delete all entries under the Discovered hosts page. Select all other organizations in turn using the organization setting menu and repeat this action as required. Reboot these hosts after the upgrade has completed.
  11. Make sure all external Capsule Servers are assigned to an organization, otherwise they might get unregistered due to host-unification changes.

  12. Configure the repositories in the Satellite web UI.

    1. In the Satellite web UI, go to Content > Red Hat Repositories and select the RPM tab.
    2. Find and expand the Red Hat Enterprise Linux Server Product.
    3. Find and expand Red Hat Satellite Tools 6.2 (for Red Hat Enterprise Linux X Server) (RPMs).
    4. Select Red Hat Satellite Tools 6.2 for Red Hat Enterprise Linux X Server RPMs x86_64.

  13. Synchronize the newly enabled repositories.

    1. In the Satellite web UI, go to Content > Sync Status.
    2. Click the arrow next to the product to view available repositories.
    3. Select the repositories for 6.2.

    4. Click Synchronize Now.

      If you get an error when trying to update the Satellite Tools repository, make sure you DO NOT delete the manifest from the Customer Portal or in the Satellite Web UI as this will unregister all of your content hosts. See the Red Hat Knowledgebase solution Cannot enable Red Hat Satellite Tools Repo on Satellite 6.2 for more information.

  14. Update any pre-existing Content Views that utilize 6.1 version repositories with the new version for 6.2. Publish and promote updated versions of any Content Views that now have the new 6.2 version repositories.

  15. Clear the repository cache. 

    # yum clean all
    Copy to Clipboard

  16. Run the upgrade check again to ensure that the steps that we have already undertaken have not resulted in a situation in which tasks might get stuck during the upgrade: 

    # foreman-rake katello:upgrade_check
    Copy to Clipboard

  17. Stop Katello services. 

    # katello-service stop
    Copy to Clipboard

  18. Update all packages. 

    # yum update
    Copy to Clipboard

  19. If you have custom Apache server configurations, they will be reverted to the installation defaults in the next step. If you want to see what will be changed when you perform the upgrade, you can enter the upgrade command with the --noop (no operation) option and review the changes that will be applied when you enter the upgrade command in the following step. If you choose not to do this test, skip to the next step now. Alternatively, proceed as follows:

    1. Add the following line to the /etc/httpd/conf/httpd.conf configuration file. 

      Include /etc/httpd/conf.modules.d/*.conf
      Copy to Clipboard

    2. Restart the httpd service.

      • On Red Hat Enterprise Linux 6, enter the following command: 

        # service httpd restart
        Copy to Clipboard

      • On Red Hat Enterprise Linux 7, enter the following command: 

        # systemctl restart httpd
        Copy to Clipboard

    3. Start the postgresql and mongod database services.

      • On Red Hat Enterprise Linux 6, enter the following command: 

        # service postgresql start
# service mongod start
        Copy to Clipboard

      • On Red Hat Enterprise Linux 7, enter the following command: 

        # systemctl start postgresql
# systemctl start mongod
        Copy to Clipboard

    4. Enter the command with the --noop option as follows. 

      # satellite-installer --scenario satellite --upgrade --verbose --noop
      Copy to Clipboard

      Review the /var/log/foreman-installer/satellite.log to see what changes would be applied if the --noop option was omitted. Look for the +++ and --- symbols indicating changes to configurations files. Because the above "no operation" command does not actually create the files, and some Puppet resources in the module expect them to be there, some failure messages are to be expected.

    5. Stop Katello services. 

      # katello-service stop
      Copy to Clipboard

  20. Perform the upgrade by running the installer script with the --upgrade option. 

    # satellite-installer --scenario satellite --upgrade
    Copy to Clipboard
    Warning

    If you run the command from a directory containing a config subdirectory, you will encounter the following error: 

    ERROR: Scenario (config/satellite.yaml) was not found, can not continue.
    Copy to Clipboard

    In such a case, change directory, for example to the root user’s home directory, and run the command again.

  21. Check and restore any changes required to the DNS and DHCP configuration files using the backups made earlier.

  22. If you made changes in the previous step, restart Katello services. 

    # katello-service restart
    Copy to Clipboard

  23. Update the Discovery template in the Satellite web UI.

    1. Go to Hosts > Provisioning templates.
    2. Select PXELinux global default.

    3. In the Template editor dialog box, edit the PXELinux global default template discovery menu entry, updating the stanza that begins with LABEL discovery to match the following text: 

      LABEL discovery
MENU LABEL Satellite 6 Discovery
MENU DEFAULT
KERNEL boot/fdi-image-rhel_7-vmlinuz
APPEND initrd=boot/fdi-image-rhel_7-img rootflags=loop root=live:/fdi.iso rootfstype=auto ro rd.live.image acpi=force rd.luks=0 rd.md=0 rd.dm=0 rd.lvm=0 rd.bootif=0 rd.neednet=0 nomodeset proxy.url=https://SATELLITE_CAPSULE_URL:9090 proxy.type=proxy
IPAPPEND 2
      Copy to Clipboard
      • The proxy.type option can be either proxy or foreman. For proxy, all communication goes through the Capsule. For foreman, the communication goes directly to Satellite Server.
      • The proxy.url specifies the URL of the Satellite Capsule or Server. Both HTTP and HTTPS protocols are supported.

  24. If you have the OpenSCAP plug-in installed, but do not have the default OpenSCAP content available, run the following command. 

    # foreman-rake foreman_openscap:bulk_upload:default
    Copy to Clipboard
  25. In the Satellite web UI, go to Configure > Discovery Rules and associate selected organizations and locations with discovery rules.

  26. After upgrading, add the --assumeyes parameter to katello-backup commands in your backup script.

    From Satellite 6.2.13, you must add the --assumeyes parameter because the katello-backup command prompts for confirmation that the backup is to proceed. For more information about backing up Satellite Server, see Backup and Disaster Recovery in the Server Administration Guide.

6.4. Upgrading a Disconnected Satellite Server

Before You Begin

  • You should have upgraded to the latest minor release of Red Hat Satellite Server 6.1. Direct upgrade from earlier minor versions is not supported. For more information, see Upgrading Between Minor Versions of Satellite in the Red Hat Satellite 6.1 Installation Guide.
  • Review and update your firewall configuration prior to upgrading your Satellite Server. For additional information, see Section 2.5, “Ports and Firewalls Requirements”.
  • Make sure you DO NOT delete the manifest from the Customer Portal or in the Satellite Web UI as this will unregister all of your content hosts.
  • Backup and remove all Foreman hooks before upgrading. Put any hooks back only after Satellite is known to be working after the upgrade is complete.
Warning

You must retain the content of both the root/ssl-build directory and the directory in which you created any source files associated with your custom certificates. Even if you choose to implement custom certificates, you must retain the content of the /root/ssl-build directory when performing upgrades. Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.

Upgrade Disconnected Satellite Server

  1. Create a backup.

    • On a virtual machine, take a snapshot.
    • On a physical machine, create a backup.

  2. A pre-upgrade script is available to detect conflicts and list hosts which have duplicate entries in Satellite Server that can be unregistered and deleted after upgrade. In addition, it will detect hosts which are not assigned to an organization. If a host is listed under Hosts > All hosts without an organization association and if a content host with same name has an organization already associated with it then the content host will automatically be unregistered. This can be avoided by associating such hosts to an organization before upgrading.

    Run the pre-upgrade check script to get a list of hosts that can be deleted after upgrading. If any unassociated hosts are found, associating them to an organization before upgrading is recommended.

    1. To use the pre-upgrade script, ensure you have ruby193-rubygem-katello-2.2.0.90-1-sat or later. 

      # yum update ruby193-rubygem-katello
      Copy to Clipboard

    2. Run the pre-upgrade check script to get a list of hosts that can be deleted after upgrading. If any unassociated hosts are found, associating them to an organization before upgrading is recommended. 

      # foreman-rake katello:upgrade_check
      Copy to Clipboard

      If the upgrade check reports a failure due to running tasks, then it is recommended that you wait for the tasks to complete. It is possible to cancel some tasks, but you should follow the guidance in the Red Hat Knowledgebase solution How to manage paused tasks on Red Hat Satellite 6 to understand which tasks are safe to cancel and which are not safe to cancel.

  3. Backup the DNS and DHCP configuration files /etc/zones.conf and /etc/dhcp/dhcpd.conf as the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required.

  4. If you have made manual edits to DNS or DHCP configuration files and do not want the changes overwritten, run the following command. 

    # katello-installer --capsule-dns-managed=false \
--capsule-dhcp-managed=false
    Copy to Clipboard
  5. In the Satellite web UI, go to Hosts > Discovered hosts. If there are discovered hosts available, turn them off and then delete all entries under the Discovered hosts page. Select all other organizations in turn using the organization setting menu and repeat this action as required. Reboot these hosts after the upgrade has completed.
  6. Make sure all external Capsule Servers are assigned to an organization, otherwise they might get unregistered due to host-unification changes.

  7. Stop Katello services. 

    # katello-service stop
    Copy to Clipboard
  8. Obtain the ISO file, mount it, and install the packages. For more information, see Section 3.2, “Downloading and Installing from a Disconnected Network”.

  9. If you have custom Apache server configurations, they will be reverted to the installation defaults in the next step. If you want to see what will be changed when you perform the upgrade, you can enter the upgrade command with the --noop (no operation) option and review the changes that will be applied when you enter the upgrade command in the following step. If you choose not to do this test, skip to the next step now. Alternatively, proceed as follows:

    1. Add the following line to the /etc/httpd/conf/httpd.conf configuration file. 

      Include /etc/httpd/conf.modules.d/*.conf
      Copy to Clipboard

    2. Restart the httpd service.

      • On Red Hat Enterprise Linux 6, enter the following command: 

        # service httpd restart
        Copy to Clipboard

      • On Red Hat Enterprise Linux 7, enter the following command: 

        # systemctl restart httpd
        Copy to Clipboard

    3. Start the postgresql and mongod database services.

      • On Red Hat Enterprise Linux 6, enter the following command: 

        # service postgresql start
# service mongod start
        Copy to Clipboard

      • On Red Hat Enterprise Linux 7, enter the following command: 

        # systemctl start postgresql
# systemctl start mongod
        Copy to Clipboard

    4. Enter the command with the --noop option as follows. 

      # satellite-installer --scenario satellite --upgrade --verbose --noop
      Copy to Clipboard

      Review the /var/log/foreman-installer/satellite.log to see what changes would be applied if the --noop option was omitted. Look for the +++ and --- symbols indicating changes to configurations files. Because the above "no operation" command does not actually create the files, and some Puppet resources in the module expect them to be there, some failure messages are to be expected.

    5. Stop Katello services. 

      # katello-service stop
      Copy to Clipboard

  10. Perform the upgrade by running the installer script with the --upgrade option. 

    # satellite-installer --scenario satellite --upgrade
    Copy to Clipboard
    Warning

    If you run the command from a directory containing a config subdirectory, you will encounter the following error: 

    ERROR: Scenario (config/satellite.yaml) was not found, can not continue.
    Copy to Clipboard

    In such a case, change directory, for example to the root user’s home directory, and run the command again.

  11. Check and restore any changes required to the DNS and DHCP configuration files using the backups made earlier.

  12. If you made changes in the previous step, restart Katello services. 

    # katello-service restart
    Copy to Clipboard

  13. Update the Discovery template in the Satellite web UI.

    1. Go to Hosts > Provisioning templates.
    2. Select PXELinux global default.

    3. In the Template editor dialog box, edit the PXELinux global default template discovery menu entry, updating the stanza that begins with LABEL discovery to match the following text: 

      LABEL discovery
MENU LABEL Satellite 6 Discovery
MENU DEFAULT
KERNEL boot/fdi-image-rhel_7-vmlinuz
APPEND initrd=boot/fdi-image-rhel_7-img rootflags=loop root=live:/fdi.iso rootfstype=auto ro rd.live.image acpi=force rd.luks=0 rd.md=0 rd.dm=0 rd.lvm=0 rd.bootif=0 rd.neednet=0 nomodeset proxy.url=https://SATELLITE_CAPSULE_URL:9090 proxy.type=proxy
IPAPPEND 2
      Copy to Clipboard
      • The proxy.type option can be either proxy or foreman. For proxy, all communication goes through the Capsule. For foreman, the communication goes directly to Satellite Server.
      • The proxy.url specifies the URL of the Satellite Capsule or Server. Both HTTP and HTTPS protocols are supported.

  14. If you have the OpenSCAP plug-in installed, but do not have the default OpenSCAP content available, run the following command. 

    # foreman-rake foreman_openscap:bulk_upload:default
    Copy to Clipboard
  15. In the Satellite web UI, go to Configure > Discovery Rules and associate selected organizations and locations with discovery rules.

  16. After upgrading, add the --assumeyes parameter to katello-backup commands in your backup script.

    From Satellite 6.2.13, you must add the --assumeyes parameter because the katello-backup command prompts for confirmation that the backup is to proceed. For more information about backing up Satellite Server, see Backup and Disaster Recovery in the Server Administration Guide.

6.5. Upgrading Capsule Servers

Before You Begin

  • You should have upgraded the Satellite Server before upgrading any Capsule Servers.
  • The capsule should be on at least the 6.1.9 minor version of Red Hat Satellite Server 6.1. The requirement is to be at least on 6.1.9, upgrading to a higher minor version past 6.1.9 is not needed for the upgrade to Red Hat Satellite 6.2. Direct upgrades from earlier minor versions are not supported. For more information, see Upgrading Between Minor Versions of Satellite in the Red Hat Satellite 6.1 Installation Guide.
  • Ensure the Capsule’s base system is registered to the newly upgraded Satellite Server.
  • Ensure the Capsule has the correct organization and location settings in the newly upgraded Satellite Server.
  • Review and update your firewall configuration prior to upgrading your Capsule Server. For additional information, see Section 2.5, “Ports and Firewalls Requirements”.
Warning

You must retain the content of both the root/ssl-build directory and the directory in which you created any source files associated with your custom certificates. Even if you choose to implement custom certificates, you must retain the content of the /root/ssl-build directory when performing upgrades. Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.

Upgrading Capsule Servers

  1. Create a backup.

    • On a virtual machine, take a snapshot.
    • On a physical machine, create a backup.
  2. Backup the DNS and DHCP configuration files /etc/zones.conf and /etc/dhcp/dhcpd.conf as the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required.

  3. If you have made manual edits to DNS or DHCP configuration files and do not want the changes overwritten, enter the following command. 

    # capsule-installer --foreman-proxy-dns-managed=false \
--foreman-proxy-dhcp-managed=false
    Copy to Clipboard

  4. Disable the repository for Red Hat Satellite 6.1.

    • On Red Hat Enterprise Linux 6, run the following command: 

      # subscription-manager repos \
--disable rhel-6-server-satellite-capsule-6.1-rpms
      Copy to Clipboard

    • On Red Hat Enterprise Linux 7, run the following command: 

      # subscription-manager repos \
--disable rhel-7-server-satellite-capsule-6.1-rpms
      Copy to Clipboard

  5. Enable the new repositories.

    The Red Hat Software Collections repository provides a later version of Ruby required by some Red Hat Satellite features, including the Remote Execution feature.

    • On Red Hat Enterprise Linux 7, run the following command: 

      # subscription-manager repos \
--enable rhel-7-server-satellite-capsule-6.2-rpms \
--enable rhel-server-rhscl-7-rpms
      Copy to Clipboard

    • On Red Hat Enterprise Linux 6, run the following command: 

      # subscription-manager repos \
--enable rhel-6-server-satellite-capsule-6.2-rpms \
--enable rhel-server-rhscl-6-rpms
      Copy to Clipboard
  6. In the Satellite web UI, go to Hosts > Discovered hosts. If there are discovered hosts available, turn them off and then delete all entries under the Discovered hosts page. Select all other organizations in turn using the organization setting menu and repeat this action as required. Reboot these hosts after the upgrade has completed.

  7. Clear the repository cache. 

    # yum clean all
    Copy to Clipboard

  8. Stop Katello services: 

    # katello-service stop
    Copy to Clipboard

  9. Update all packages. 

    # yum update
    Copy to Clipboard

  10. On the Satellite Server, generate an archive with new certificates. 

    # capsule-certs-generate --capsule-fqdn "mycapsule.example.com" \
--certs-tar "mycapsule.example.com-certs.tar"
    Copy to Clipboard

    You should replace mycapsule.example.com with the fully qualified domain name of the Capsule Server.

  11. Copy the archive file to the Capsule Server. 

    # scp mycapsule.example.com-certs.tar mycapsule.example.com:~/
    Copy to Clipboard
    Warning

    Do not remove the certificate archive file after the upgrade, it is required for future updates.

  12. If you plan to use Capsule Server as a proxy for discovered hosts, install the Discovery plug-in. 

    # yum install rubygem-smart_proxy_discovery.noarch
    Copy to Clipboard

  13. On the Capsule Server, verify that the foreman_url setting is correct. 

    # grep foreman_url /etc/foreman-proxy/settings.yml
    Copy to Clipboard

    The fully qualified domain name of the Satellite Server should display.

  14. If you have custom Apache server configurations, they will be reverted to the installation defaults in the next step. If you want to see what will be changed when you perform the upgrade, you can enter the upgrade command with the --noop (no operation) option and review the changes that will be applied when you enter the upgrade command in the following step. If you choose not to do this test, skip to the next step now. Alternatively, proceed as follows:

    1. Add the following line to the /etc/httpd/conf/httpd.conf configuration file. 

      Include /etc/httpd/conf.modules.d/*.conf
      Copy to Clipboard

    2. Restart the httpd service.

      • On Red Hat Enterprise Linux 6, enter the following command: 

        # service httpd restart
        Copy to Clipboard

      • On Red Hat Enterprise Linux 7, enter the following command: 

        # systemctl restart httpd
        Copy to Clipboard

    3. Start the mongod database service.

      • On Red Hat Enterprise Linux 6, enter the following command: 

        # service mongod start
        Copy to Clipboard

      • On Red Hat Enterprise Linux 7, enter the following command: 

        # systemctl start mongod
        Copy to Clipboard

    4. Enter the command with the --noop option as follows. 

      # satellite-installer --scenario capsule --upgrade --verbose --noop
      Copy to Clipboard

      Review the /var/log/foreman-installer/capsule.log to see what changes would be applied if the --noop option was omitted. Look for the +++ and --- symbols indicating changes to configurations files. Because the above "no operation" command does not actually create the files, and some Puppet resources in the module expect them to be there, some failure messages are to be expected.

    5. Stop Katello services. 

      # katello-service stop
      Copy to Clipboard

  15. Perform the upgrade by running the installer script with the --upgrade option, and specify the path to the certificate archive previously created on the Satellite Server. 

    # satellite-installer --scenario capsule --upgrade \
--capsule-certs-tar mycapsule.example.com-certs.tar
    Copy to Clipboard
    Warning

    If you run the command from a directory containing a config subdirectory, you will encounter the following error: 

    ERROR: Scenario (config/capsule.yaml) was not found, can not continue.
    Copy to Clipboard

    In such a case, change directory, for example to the root user’s home directory, and run the command again.

  16. Check and restore any changes required to the DNS and DHCP configuration files using the backups made earlier.
  17. Upgrade the foreman-discovery package on Satellite Server and turn on the hosts that were shut down prior to the upgrade.

  18. After upgrading, add the --assumeyes parameter to katello-backup commands in your backup script.

    From Satellite 6.2.13, you must add the --assumeyes parameter because the katello-backup command prompts for confirmation that the backup is to proceed. For more information about backing up Satellite Server, see Backup and Disaster Recovery in the Server Administration Guide.

6.6. Upgrading Discovery on Capsule Servers

  1. Verify that all relevant packages are current on the Satellite Server. 

    # yum upgrade tfm-rubygem-foreman_discovery
    Copy to Clipboard

  2. Restart Katello services, if applicable. 

    # katello-service restart
    Copy to Clipboard

  3. Upgrade the Discovery image on the Satellite Capsule that is either connected to the provisioning network with discovered hosts or provides TFTP services for discovered hosts. 

    # yum upgrade foreman-discovery-image
    Copy to Clipboard

  4. On the same instance, install the package which provides the Proxy service, and then restart foreman-proxy service. 

    # yum install rubygem-smart_proxy_discovery
# service foreman-proxy restart
    Copy to Clipboard
  5. In the Satellite web UI, go to Infrastructure > Capsules and verify that the relevant proxy lists the Discovery feature. Click Refresh features if necessary.
  6. Go to Infrastructure > Subnets and select the required Smart Proxy for each subnet on which you want to use discovery, and verify that it is connected to the Discovery Proxy.

Update the Discovery template in the Satellite web UI.

  1. Go to Hosts > Provisioning Templates.
  2. Select PXELinux global default.

  3. In the Template editor dialog box, edit the PXELinux global default template discovery menu entry, updating the stanza that begins with LABEL discovery to match the following text: 

    LABEL discovery
MENU LABEL Satellite 6 Discovery
MENU DEFAULT
KERNEL boot/fdi-image-rhel_7-vmlinuz
APPEND initrd=boot/fdi-image-rhel_7-img rootflags=loop root=live:/fdi.iso rootfstype=auto ro rd.live.image acpi=force rd.luks=0 rd.md=0 rd.dm=0 rd.lvm=0 rd.bootif=0 rd.neednet=0 nomodeset proxy.url=https://SATELLITE_CAPSULE_URL:9090 proxy.type=proxy
IPAPPEND 2
    Copy to Clipboard
    • The proxy.type option can be either proxy or foreman. For proxy, all communication goes through the Capsule. For foreman, the communication goes directly to Satellite Server.
    • The proxy.url specifies the URL of the Satellite Capsule or Server. Both HTTP and HTTPS protocols are supported.
    • You can omit the proxy.url option and determine the Capsule DNS name from its SRV record. This is useful if there are multiple discovery subnets. For more information, see Configuring PXE-booting in the Red Hat Satellite Host Configuration Guide.

6.7. Upgrading Satellite Clients

You must upgrade all clients to the new version of katello-agent so that your clients are compatible with Satellite Server. This requires changing the Satellite Tools repository from 6.1 to 6.2, which can be done manually or by installing the satellite-tools-upgrade package. This package only contains a post installation script to change the Satellite Tools repository version.

Before You Begin

  • You must have upgraded Satellite Server.
  • You must have enabled the new Satellite Tools repositories on the Satellite.
  • You must have synchronized the new repositories in the Satellite.
  • If you have not previously installed katello-agent on your clients, use the manual method.
Warning

You must retain the content of both the root/ssl-build directory and the directory in which you created any source files associated with your custom certificates. Even if you choose to implement custom certificates, you must retain the content of the /root/ssl-build directory when performing upgrades. Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.

Upgrade Satellite Clients Using the satellite-tools-upgrade Package

  1. In the Satellite web UI, go to Hosts > Content Hosts or Host Collections and select the Content Hosts to be upgraded.

  2. On the Packages tab, enter the package name satellite-tools-upgrade in the search field.

    1. If upgrading a single host using the Content Host view, select Perform to install the package.
    2. If upgrading a collection of hosts using the Bulk Actions view, select Install to install the package.

  3. On the Packages tab, enter the package name katello-agent in the search field.

    1. If upgrading a single host using the Content Host view, select Package Update and then Perform to update the package.
    2. If upgrading a collection of hosts using the Bulk Actions view, select Update to update the package.
Note

Until Red Hat Bugzilla 1291960 is resolved, you will see duplicate package versions installed on your systems after attempting to upgrade katello-agent using the web UI or the hammer CLI. See the bug for more details.

Upgrade Satellite Clients Manually

  1. Log into the client system.

  2. Disable the repositories for the previous version of Satellite.

    • On Red Hat Enterprise Linux 7, run the following command: 

      # subscription-manager repos \
--disable rhel-7-server-satellite-tools-6.1-rpms
      Copy to Clipboard

    • On Red Hat Enterprise Linux 6, run the following command: 

      # subscription-manager repos \
--disable rhel-6-server-satellite-tools-6.1-rpms
      Copy to Clipboard

  3. Enable the Satellite tools repository for this version of Satellite.

    • On Red Hat Enterprise Linux 7, run the following command: 

      # subscription-manager repos \
--enable=rhel-7-server-satellite-tools-6.2-rpms
      Copy to Clipboard

    • On Red Hat Enterprise Linux 6, run the following command: 

      # subscription-manager repos \
--enable=rhel-6-server-satellite-tools-6.2-rpms
      Copy to Clipboard

  4. Upgrade the Katello Agent package. 

    # yum upgrade katello-agent
    Copy to Clipboard

6.8. Upgrading a Self-Registered Satellite Server

You can synchronize your self-registered Satellite Server with the Red Hat Customer Portal, publish and promote Content Views, and upgrade your self-registered Satellite Server.

Before You Begin

  • You have upgraded to at least the minor version 6.1.9 of Red Hat Satellite Server 6.1. The requirement is to be at least on 6.1.9, upgrading to a higher minor version past 6.1.9 is not needed for the upgrade to Red Hat Satellite 6.2. Direct upgrades from earlier minor versions are not supported. For more information, see Upgrading Between Minor Versions of Satellite in the Red Hat Satellite 6.1 Installation Guide.
  • Review and update your firewall configuration prior to upgrading your Satellite Server. For additional information, see Section 2.5, “Ports and Firewalls Requirements”.
  • Make sure you DO NOT delete the manifest from the Customer Portal or in the Satellite Web UI as this will unregister all of your content hosts.
  • Backup and remove all Foreman hooks before upgrading. Put any hooks back only after Satellite is known to be working after the upgrade is complete.
Warning

You must retain the content of both the root/ssl-build directory and the directory in which you created any source files associated with your custom certificates. Even if you choose to implement custom certificates, you must retain the content of the /root/ssl-build directory when performing upgrades. Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.

Upgrade Self-Registered Satellite Server

  1. Create a backup.

    • On a virtual machine, take a snapshot.
    • On a physical machine, create a backup.

  2. A pre-upgrade script is available to detect conflicts and list hosts which have duplicate entries in Satellite Server that can be unregistered and deleted after upgrade. In addition, it will detect hosts which are not assigned to an organization. If a host is listed under Hosts > All hosts without an organization association and if a content host with same name has an organization already associated with it then the content host will automatically be unregistered. This can be avoided by associating such hosts to an organization before upgrading.

    Run the pre-upgrade check script to get a list of hosts that can be deleted after upgrading. If any unassociated hosts are found, associating them to an organization before upgrading is recommended.

    1. To use the pre-upgrade script, ensure you have ruby193-rubygem-katello-2.2.0.90-1-sat or later. 

      # yum update ruby193-rubygem-katello
      Copy to Clipboard

    2. Run the pre-upgrade check script to get a list of hosts that can be deleted after upgrading. If any unassociated hosts are found, associating them to an organization before upgrading is recommended. 

      # foreman-rake katello:upgrade_check
      Copy to Clipboard

      If the upgrade check reports a failure due to running tasks, then it is recommended that you wait for the tasks to complete. It is possible to cancel some tasks, but you should follow the guidance in the Red Hat Knowledgebase solution How to manage paused tasks on Red Hat Satellite 6 to understand which tasks are safe to cancel and which are not safe to cancel.

  3. Backup the DNS and DHCP configuration files /etc/zones.conf and /etc/dhcp/dhcpd.conf as the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required.

  4. If you have made manual edits to DNS or DHCP configuration files and do not want the changes overwritten, run the following command. 

    # katello-installer --capsule-dns-managed=false \
--capsule-dhcp-managed=false
    Copy to Clipboard

  5. List the enabled repositories: 

    # subscription-manager repos --list-enabled
    Copy to Clipboard

  6. Ensure you have the following repositories enabled and no others: 

    rhel-X-server-satellite-tools-6.1-rpms
rhel-server-rhscl-X-rpms
rhel-X-server-satellite-6.1-rpms
rhel-X-server-rpms
    Copy to Clipboard

    Where X is the major version of the base system. If other repositories are found, follow the Section 3.1.3, “Configuring Repositories” procedure to remove them.

  7. Disable the repositories for the previous version of Satellite on the base system.

    • On Red Hat Enterprise Linux 6, enter the following commands: 

      # subscription-manager repos \
--disable rhel-6-server-satellite-6.1-rpms
# subscription-manager repos \
--disable rhel-6-server-satellite-tools-6.1-rpms
      Copy to Clipboard

    • On Red Hat Enterprise Linux 7, enter the following commands: 

      # subscription-manager repos \
--disable rhel-7-server-satellite-6.1-rpms
# subscription-manager repos \
--disable rhel-7-server-satellite-tools-6.1-rpms
      Copy to Clipboard

  8. If required, to verify that the Satellite 6.1 repositories are now disabled, enter a command as follows: 

    # subscription-manager repos --list-enabled
    Copy to Clipboard

  9. Configure the repositories in the Satellite web UI.

    1. In the Satellite web UI, go to Content > Red Hat Repositories and select the RPM tab.
    2. Find and expand the Red Hat Satellite Product.
    3. Find and expand the Repository Set Red Hat Satellite 6.1 (for Red Hat Enterprise Linux X Server) (RPMs).
    4. Unselect Red Hat Satellite 6.1 for Red Hat Enterprise Linux X Server RPMs x86_64.
    5. Find and expand the Repository Set Red Hat Satellite 6.2 (for Red Hat Enterprise Linux X Server) (RPMs).
    6. Select Red Hat Satellite 6.2 for Red Hat Enterprise Linux X Server RPMs x86_64.
    7. Find and expand the Red Hat Enterprise Linux Server Product.
    8. Find and expand Red Hat Satellite Tools 6.2 (for Red Hat Enterprise Linux X Server) (RPMs).
    9. Select Red Hat Satellite Tools 6.2 for Red Hat Enterprise Linux X Server RPMs x86_64.
    10. In the Other tab, find and expand Red Hat Software Collections for RHEL Server.
    11. Find and expand Red Hat Software Collections RPMs (for Red Hat Enterprise Linux X Server).
    12. Select Red Hat Software Collections RPMs for Red Hat Enterprise Linux X Server x86_64.

  10. Synchronize the newly enabled repositories.

    1. In the Satellite web UI, go to Content > Sync Status.
    2. Click the arrow next to the product to view available repositories.
    3. Select the repositories for 6.2.

    4. Click Synchronize Now.

      If you get an error when trying to update the Satellite Tools repository, make sure you DO NOT delete the manifest from the Customer Portal or in the Satellite Web UI as this will unregister all of your content hosts. See the Red Hat Knowledgebase solution Cannot enable Red Hat Satellite Tools Repo on Satellite 6.2 for more information.

  11. Update any pre-existing Content Views that utilize 6.1 version repositories with the new version for 6.2. Publish and promote updated versions of any Content Views that now have the new 6.2 version repositories.

  12. Enable the new repositories on the base system when the repositories have finished synchronizing.

    • On Red Hat Enterprise Linux 6, enter the following commands: 

      # subscription-manager repos \
--enable rhel-6-server-satellite-6.2-rpms \
--enable rhel-6-server-satellite-tools-6.2-rpms \
--enable rhel-6-server-rpms \
--enable rhel-server-rhscl-6-rpms
      Copy to Clipboard

    • On Red Hat Enterprise Linux 7, enter the following commands: 

      # subscription-manager repos \
--enable rhel-7-server-satellite-6.2-rpms \
--enable rhel-7-server-satellite-tools-6.2-rpms \
--enable rhel-7-server-rpms \
--enable rhel-server-rhscl-7-rpms
      Copy to Clipboard
  13. In the Satellite web UI, go to Hosts > Discovered hosts. If there are discovered hosts available, turn them off and then delete all entries under the Discovered hosts page. Select all other organizations in turn using the organization setting menu and repeat this action as required. Reboot these hosts after the upgrade has completed.
  14. Make sure all external Capsule Servers are assigned to an organization, otherwise they might get unregistered due to host-unification changes.

  15. Clear the repository cache. 

    # yum clean all
    Copy to Clipboard

  16. Download the following packages. 

    # yum install --downloadonly rubygem-smart_proxy_remote_execution_ssh \
rubygem-smart_proxy_openscap rubygem-smart_proxy_dynflow \
tfm-rubygem-smart_proxy_dynflow_core \
tfm-rubygem-foreman_remote_execution katello-client-bootstrap
    Copy to Clipboard

  17. Download all updated packages. 

    # yum update --downloadonly
    Copy to Clipboard

  18. Stop Katello services. 

    # katello-service stop
    Copy to Clipboard

  19. Install the previously downloaded packages. 

    # yum install rubygem-smart_proxy_remote_execution_ssh \
rubygem-smart_proxy_openscap rubygem-smart_proxy_dynflow \
tfm-rubygem-smart_proxy_dynflow_core \
tfm-rubygem-foreman_remote_execution katello-client-bootstrap
    Copy to Clipboard

  20. Install all updated packages from the yum cache. 

    # yum update --cacheonly
    Copy to Clipboard

  21. If you have custom Apache server configurations, they will be reverted to the installation defaults in the next step. If you want to see what will be changed when you perform the upgrade, you can enter the upgrade command with the --noop (no operation) option and review the changes that will be applied when you enter the upgrade command in the following step. If you choose not to do this test, skip to the next step now. Alternatively, proceed as follows:

    1. Add the following line to the /etc/httpd/conf/httpd.conf configuration file. 

      Include /etc/httpd/conf.modules.d/*.conf
      Copy to Clipboard

    2. Restart the httpd service.

      • On Red Hat Enterprise Linux 6, enter the following command: 

        # service httpd restart
        Copy to Clipboard

      • On Red Hat Enterprise Linux 7, enter the following command: 

        # systemctl restart httpd
        Copy to Clipboard

    3. Start the postgresql and mongod database services.

      • On Red Hat Enterprise Linux 6, enter the following command: 

        # service postgresql start
# service mongod start
        Copy to Clipboard

      • On Red Hat Enterprise Linux 7, enter the following command: 

        # systemctl start postgresql
# systemctl start mongod
        Copy to Clipboard

    4. Enter the command with the --noop option as follows. 

      # satellite-installer --scenario satellite --upgrade --verbose --noop
      Copy to Clipboard

      Review the /var/log/foreman-installer/satellite.log to see what changes would be applied if the --noop option was omitted. Look for the +++ and --- symbols indicating changes to configurations files. Because the above "no operation" command does not actually create the files, and some Puppet resources in the module expect them to be there, some failure messages are to be expected.

    5. Stop Katello services. 

      # katello-service stop
      Copy to Clipboard

  22. Perform the upgrade by running the installer script with the --upgrade option. 

    # satellite-installer --scenario satellite --upgrade
    Copy to Clipboard
    Warning

    If you run the command from a directory containing a config subdirectory, you will encounter the following error: 

    ERROR: Scenario (config/satellite.yaml) was not found, can not continue.
    Copy to Clipboard

    In such a case, change directory, for example to the root user’s home directory, and run the command again.

  23. Check and restore any changes required to the DNS and DHCP configuration files using the backups made earlier.

  24. If you made changes in the previous step, restart Katello services. 

    # katello-service restart
    Copy to Clipboard

  25. Update the Discovery template in the Satellite web UI.

    1. Go to Hosts > Provisioning templates.
    2. Select PXELinux global default.

    3. In the Template editor dialog box, edit the PXELinux global default template discovery menu entry, updating the stanza that begins with LABEL discovery to match the following text: 

      LABEL discovery
MENU LABEL Satellite 6 Discovery
MENU DEFAULT
KERNEL boot/fdi-image-rhel_7-vmlinuz
APPEND initrd=boot/fdi-image-rhel_7-img rootflags=loop root=live:/fdi.iso rootfstype=auto ro rd.live.image acpi=force rd.luks=0 rd.md=0 rd.dm=0 rd.lvm=0 rd.bootif=0 rd.neednet=0 nomodeset proxy.url=https://SATELLITE_CAPSULE_URL:9090 proxy.type=proxy
IPAPPEND 2
      Copy to Clipboard
      • The proxy.type option can be either proxy or foreman. For proxy, all communication goes through the Capsule. For foreman, the communication goes directly to Satellite Server.
      • The proxy.url specifies the URL of the Satellite Capsule or Server. Both HTTP and HTTPS protocols are supported.

  26. If you have the OpenSCAP plug-in installed, but do not have the default OpenSCAP content available, run the following command. 

    # foreman-rake foreman_openscap:bulk_upload:default
    Copy to Clipboard
  27. In the Satellite web UI, go to Configure > Discovery Rules and associate selected organizations and locations with discovery rules.

  28. Synchronize the Satellite Server with the Red Hat Customer Portal.

    1. Go to Content > Sync Status.

      A list of product repositories available for synchronization is displayed.

    2. Click the arrow next to the product content to view available content.
    3. Select the content you want to synchronize.

    4. Click Synchronize Now.

      Content synchronization can take a long time and it depends on the speed of disk drives, network connection speed, and the amount of content selected for synchronization.

  29. (Optional) Publish the required Content Views.

    You must publish the Content View so that it is visible and usable by hosts. Before publishing, you should ensure that the Content View definition has the necessary products, repositories, and filters.

    1. From the Main Menu, select Content > Content Views.
    2. From the Name column, select the Satellite Server Content View.
    3. Click Publish New Version.
    4. Enter a comment and click Save.

  30. (Optional) Promote the Content View.

    1. From the Main Menu, select Content > Content Views.
    2. In the Name column, select the Satellite Server Content View.
    3. On the Versions tab, select the latest version and click Promote.

    4. Identify the promotion path, select the appropriate life-cycle environment, and click Promote Version.

      When the operation completes, you can see the updated Content View status on the Versions tab.

  31. After upgrading, add the --assumeyes parameter to katello-backup commands in your backup script.

    From Satellite 6.2.13, you must add the --assumeyes parameter because the katello-backup command prompts for confirmation that the backup is to proceed. For more information about backing up Satellite Server, see Backup and Disaster Recovery in the Server Administration Guide.

6.9. Post Upgrade Cleanup

All the procedures in this section are optional. You can choose to perform only those procedures that are relevant to your installation.

6.9.1. Removing Redundant Firewall Rules

Red Hat Satellite 6.2 does not use Elasticsearch and therefore firewall rules related to Elasticsearch can be removed. These are the lines with destination port 9200.

Removing Redundant Firewall Rules on Red Hat Enterprise Linux 6

  1. List the firewall rules. 

    # iptables -nL --line-numbers
    Copy to Clipboard

  2. Identify the following lines and remove them. Note that the chain name is OUTPUT and the line numbers might differ. 

    Chain OUTPUT (policy ACCEPT)
num  target   prot opt source         destination
1    ACCEPT   tcp  --  0.0.0.0/0      0.0.0.0/0      tcp dpt:9200 owner UID match 496
2    ACCEPT   tcp  --  0.0.0.0/0      0.0.0.0/0      tcp dpt:9200 owner UID match 0
3    DROP     tcp  --  0.0.0.0/0      0.0.0.0/0      tcp dpt:9200
    Copy to Clipboard

  3. Remove the iptables rules. 

    iptables -D <chain-name> <line-number>
    Copy to Clipboard

    For example, to remove line 1 from the above output, enter a command as follows: 

    # iptables -D OUTPUT 1
    Copy to Clipboard

  4. After removing the lines, save the changes. 

    # service iptables save
    Copy to Clipboard

  5. Make sure the iptables service is started and enabled. 

    # service iptables start
# chkconfig iptables on
    Copy to Clipboard

Removing Redundant Firewall Rules on Red Hat Enterprise Linux 7

  1. List the direct rules.

    1. For IPv4: 

      # firewall-cmd --direct --get-rules ipv4 filter OUTPUT
      Copy to Clipboard

    2. For IPv6: 

      # firewall-cmd --direct --get-rules ipv6 filter OUTPUT
      Copy to Clipboard

  2. Remove the firewall direct rules.

    1. For IPv4: 

      firewall-cmd --direct --remove-rule IPv4 filter <chain_name> rule
      Copy to Clipboard

      Example: 

      # firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o lo -p \
tcp -m tcp --dport 9200 -m owner --uid-owner foreman -j ACCEPT \
&& firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o lo -p \
tcp -m tcp --dport 9200 -m owner --uid-owner root -j ACCEPT \
&& firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 1 -o lo -p \
tcp -m tcp --dport 9200 -j DROP
      Copy to Clipboard

    2. For IPv6: 

      firewall-cmd --direct --remove-rule IPv6 filter <chain_name> rule
      Copy to Clipboard

      Example: 

      # firewall-cmd --direct --remove-rule ipv6 filter OUTPUT 0 -o lo -p \
tcp -m tcp --dport 9200 -m owner --uid-owner foreman -j ACCEPT \
&& firewall-cmd --direct --remove-rule ipv6 filter OUTPUT 0 -o lo -p \
tcp -m tcp --dport 9200 -m owner --uid-owner root -j ACCEPT \
&& firewall-cmd --direct --remove-rule ipv6 filter OUTPUT 1 -o lo -p \
tcp -m tcp --dport 9200 -j DROP
      Copy to Clipboard

  3. Ensure the firewall service is enabled and started. 

    # systemctl enable firewalld
# systemctl start firewalld
    Copy to Clipboard

6.9.2. Removing Elasticsearch

Red Hat Satellite 6.2 does not use Elasticsearch and therefore the packages and directory used by Elasticsearch can be removed.

Removing Elasticsearch and Related Packages

Remove the following packages as they are no longer needed. 

# yum erase elasticsearch sigar-java sigar snappy-java \
lucene4-contrib lucene4
Copy to Clipboard

Removing Elasticsearch User

Remove the user created by Elasticsearch. 

# userdel -r elasticsearch
Copy to Clipboard

Removing Elasticsearch Directory

Remove the database directory and its contents. 

# rm -rf /var/lib/elasticsearch
Copy to Clipboard

6.9.3. Removing the Previous Version of the Satellite Tools Repository

After completing the upgrade to Satellite 6.2, the Red Hat Satellite Tools 6.1 repository can be removed from Content Views and then disabled.

  1. Disable Version 6.1 of the Satellite Tools Repository

    1. In the Satellite web UI, go to Content > Red Hat Repositories and select the RPM tab.
    2. Find and expand the Red Hat Enterprise Linux Server Product.
    3. Find and expand the Repository Set Red Hat Satellite Tools 6.1 (for Red Hat Enterprise Linux X Server) (RPMs).
    4. Unselect Red Hat Satellite Tools 6.1 for Red Hat Enterprise Linux X Server RPMs x86_64.

If the check box is dimmed, then the repository is still contained in a Content View. The orphaned packages in the repository will be removed automatically by a scheduled task (cron job).

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat