Chapter 6. Upgrading Satellite Server and Capsule Server
Upgrading is the process of migrating your Satellite and Capsule Server installations from a y-stream release to the next, for example Satellite 6.1 to Satellite 6.2; while updating is the process of migrating your Satellite and Capsule Server installations from a z-stream release to the next, for example Satellite 6.2.7 to Satellite 6.2.8. This section covers upgrading instructions. For more information on updating, see Chapter 7, Updating Satellite Server, Capsule Server, and Content Hosts. Upgrades are usually done in order to take advantage of significant new features or capabilities. Because upgrades can involve deprecation of installed code, they can require a significant amount of time. You should plan your workflow to avoid disruption to your operating environment when performing upgrades. Before upgrading, check the Red Hat Satellite Release Notes for potential conflicts.
The Satellite Server and Capsule Servers are upgraded independently. Upgrade the Satellite Server first, and then upgrade any Capsule Servers. Satellite 6.1 Capsule Servers are not compatible with Satellite 6.2, and must be upgraded before attempting to synchronize any repositories.
You must also manually upgrade Satellite clients to the new version of katello-agent
after upgrading the Satellite Server and Capsule Servers. See Section 6.7, “Upgrading Satellite Clients” for more information.
The Red Hat Satellite Server and Capsule Server y-stream versions must match. For example, a 6.1 Satellite Server cannot run a 6.2 Capsule Server and a 6.2 Satellite Server cannot run a 6.1 Capsule Server. Mismatching Satellite Server and Capsule Server versions will result in the Capsule Server failing silently. However, a Capsule Server using one z-stream version older than the Satellite Server is supported. For example, a Satellite 6.2.8 Satellite Server can run a 6.2.7 Capsule Server.
Supported upgrade paths for Satellite 6.2:
- Satellite 6.0.X GA to 6.1.X GA.
- Satellite 6.1.9 GA or later to 6.2.X GA or later.
You must perform the upgrade from each version to the next. Upgrading from the Beta to GA version is not supported.
Storage Requirements for Satellite 6.2
The storage requirements for Satellite have changed from the previous version. Before upgrading, review the storage requirements as detailed in Section 2.2, “Storage Requirements and Recommendations” and ensure that the requirements are met before attempting an upgrade.
I/O Speed Requirements for Satellite 6.2
Upgrading from Satellite or Capsule 6.1 to 6.2 is a lengthy operation that can take many hours depending on the size of the repositories on the Satellite or Capsule. The upgrade processing rate for the content of the /var/lib/pulp/
directory is estimated at between 50 GB and 100 GB per hour. If you have 500 GB of content, the upgrade could take from 5 to 10 hours.
If the Pulp directory is stored on an NFS device, the upgrade takes significantly more time. For example, testing with 600 GB of Pulp storage took 30 hours to migrate over NFS.
To check the size of the /var/lib/pulp/
directory, enter the following command:
# df -h /var/lib/pulp
Checking I/O speed is important because it affects the duration of the upgrade. Testing with the hdparm
tool, and examining the reported timing buffered disk reads
element, can identify a potential performance problem. You need to check where the location of the /var/lib/pulp/
directory is mounted, and with this information you are then able to determine the I/O speed.
First of all, install
hdparm
in order to be able to measure I/O speed.# yum install hdparm
Display information about the
/var
directory.# df /var
Examine the output and identify the logical device used by the
var
directory. In this example, it is/dev/mapper/rhel_vm37—118-root
.Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/rhel_vm37--118-root 200303044 41739160 158563884 21% /
Display information about the logical volume.
# lvs -a -o +devices
Examine the output and identify the device associated with the logical volume. In this example, it is the
root
device, which located at/dev/vda2
.LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert Devices root rhel_vm37-118 -wi-ao---- 191.12g /dev/vda2(0) swap rhel_vm37-118 -wi-ao---- 7.88g /dev/vda2(48926)
Measure the I/O speed to the relevant device. Use the location of the device that you identified in the previous step. In this example, it is
/dev/vda2
. The result is reported under thetiming buffered disk reads
element.# hdparm -tT /dev/vda2
Remember
/dev/vda2
will vary depending on where the/var/lib/pulp/
directory is mounted on your system, which is why it is vital to correctly identify the location by following the above steps.
A minimum of 80 MB/s Buffered Read Time
is recommended for read access to the device used in the /var
partition. Throughput lower than this can cause extreme performance issues with your Satellite installation, upgrade, and day-to-day operations. In extreme situations, slow I/O (in the order of 10–20 MB/s) to the /var
partition has caused Satellite 6.1 to 6.2 upgrades to take in excess of 24 hours.
Following the Progress of the Upgrade
Due to the lengthy upgrade time, consider using a utility such as screen
that allows suspending and reattaching a communication session so that you can check the upgrade progress without having to stay connected to the command shell continuously. The Red Hat Knowledgebase article How do I use the screen command? describes installing screen
; alternately see the screen
manual page for more information. If you lose connection to the shell where the installation command is running you can see the logs in /var/log/foreman-installer/satellite.log
to determine if the process completed successfully.
Foreman Hooks' Report Class Renamed to ConfigReport
In Satellite 6.2 the Report class has been changed to ConfigReport. This means the hooks triggered by Rails events no longer look for a script stored in the /hooks/report/
directory. Upgrading requires removing all hooks until the upgrade has completed successfully. After completing the upgrade and verifying that Satellite is working as expected, restore the Foreman hooks. Create a directory /usr/share/foreman/config/hooks/config_report/
and move hooks such as after_create
and before_create
to the new directory. Rails events and Foreman hooks are described in Using Foreman Hooks in the Red Hat Satellite Server Administration Guide.
Docker Support in Satellite 6.2
Satellite 6.2 has upgraded Docker support from version 1 to version 2. With that change, Docker has altered its data model removing support of Docker images and introducing support for manifests. As a result of this fundamental change, Docker version 1 support is completely removed; therefore, any existing Docker version 1 repositories are deleted as part of the upgrade.
The previously created containers will still be visible in Satellite Server and can still be started, however you will not be able to create new containers as the images will no longer be present.
To assist in creating Docker version 2 repositories post upgrade, obtain and save the details of any Docker version 1 repositories prior to the upgrade.
This can be accomplished using the Satellite web UI or the Hammer CLI.
To view existing Docker repositories using the Satellite web UI:
- Go to Content > Products
- Select the repositories to display the settings.
To view existing Docker repositories using the CLI:
List all docker repositories for a specific organization:
# hammer repository list --organization-id 1 --content-type docker
Obtain docker repository information for a specific repository:
# hammer repository info --id 3
Once the upgrade has been completed, if the above repositories are available from a Docker version 2 registry, they can be recreated with the appropriate details (such as name, docker-upstream-name, and URL). The process to manage Docker version 2 content is similar to the process in Satellite 6.1 with Docker version 1 and other content types: create and synchronize repositories, then create, publish, and promote Content Views.
6.1. Migrating from Red Hat Enterprise Linux 6 to Red Hat Enterprise Linux 7
Red Hat Satellite 6.2 is the last y-stream version that Red Hat Enterprise Linux 6 supports. To upgrade to a later version of Red Hat Satellite 6, you must first migrate to Red Hat Enterprise Linux 7. You might also want to migrate your existing Satellite installation to Red Hat Enterprise Linux 7 and later upgrade Red Hat Satellite.
Red Hat Satellite 6.2.13 introduces satellite-clone. This tool copies an existing Satellite installation from an existing Red Hat Enterprise Linux server to a new Red Hat Enterprise Linux 7 server.
The Satellite clone tool does not support migrating a Capsule Server to Red Hat Enterprise Linux 7. Instead you must backup the existing Capsule Server, restore it on Red Hat Enterprise Linux 7, then reconfigure the Capsule Server.
6.1.1. Exclusions
The Satellite migration process includes only the Red Hat Satellite environment. Any customizations made outside the Satellite environment, for example manually configured cron jobs, are outside scope.
6.1.2. Before You Begin
Terminology
Throughout this procedure, ensure that you understand the following terminology:
- Source server - existing Satellite Server or Capsule Server
- Target server - new server, to which Satellite Server or Capsule Server is being migrated
In migrating a Satellite Server or Capsule Server, the following requirements apply:
- Install only a minimal Red Hat Enterprise Linux 7 instance. Do not install any Red Hat Enterprise Linux 7 software groups, or third-party applications. Complete the prerequisites in the Preparing your environment for installation section of the Installation Guide.
- The target server must have capacity to store the backup files, which the source server transfers to the target server, and the backup files when they are restored.
If you are registering the target server using an activation key, obtain it from the Red Hat Customer Portal.
For more information, see Subscription Asset Manager: Activation Key in the Subscription Concepts and Workflows Guide.
6.1.3. Satellite Server Migration Overview
The high-level steps of migrating Satellite Server or a Capsule Server are as follows:
- Backup the source Satellite Server or Capsule Server.
- Stop all Satellite services.
- Copy the backup files to the target server.
- Migrate the source Satellite Server or Capsule Server.
- Shut down the source Satellite Server or Capsule Server.
- Finalize the target Satellite Server or Capsule Server configuration.
- Decommission the source Satellite Server or Capsule Server.
Isolate the target server from internal networks to avoid unwanted communication with Capsule Servers and hosts. Reconnect the target server after the source server is decommissioned.
A connection to the Red Hat Content Delivery Network (CDN) is required for subscription activation and Satellite installation, unless installing from ISO files.
6.1.4. Migrating a Satellite Server
The following procedure outlines how to migrate an existing Satellite Server installation to the target server.
On the source server, identify the current Red Hat Satellite subscription:
# subscription-manager list --consumed \ --matches 'Red Hat Satellite'|grep "Pool ID:"|awk '{print $3}'
Note the Red Hat Satellite subscription pool ID because you need this in a later step.
On the source server, remove the Red Hat Satellite subscription:
# subscription-manager remove --serial=$(subscription-manager list \ --consumed \ --matches 'Red Hat Satellite'|grep "Serial:"|awk '{print $2}')
On the source server, perform an online Satellite backup with only the databases active. The backup files are output to the
backup
directory:# katello-service stop # service postgresql start # service mongod start # katello-backup --online-backup
/backup/
On the source server, stop and disable Katello services.
To stop all Katello services, enter the following command:
# katello-service stop
Disable all Katello services.
On Red Hat Enterprise Linux 7, run the following script:
# for i in $(katello-service list | cut -d' ' -f1);do systemctl disable $i;done
On Red Hat Enterprise Linux 6, run the following script:
# for i in $(katello-service list | cut -d' ' -f1);do chkconfig $i off;done
- Shut down the Red Hat Enterprise Linux server hosting the source server.
Register the target server to the Customer Portal, add the necessary subscriptions, and enable the Satellite repositories. For more information, see Installing Satellite Server from a Connected Network in the Installation Guide. Optionally you can choose to register using an activation key in the Customer Portal which is explained in later steps.
Register the target server to the Customer Portal, entering your Customer Portal user name and password when prompted:
# subscription-manager register
Attach the subscription to the target server:
# subscription-manager attach --pool=pool_ID
The Red Hat Satellite subscription pool ID is identified earlier in this procedure.
Ensure only the required Red Hat Enterprise Linux 7 repositories are enabled:
# subscription-manager repos --disable=* # subscription-manager repos \ --enable=rhel-7-server-rpms \ --enable=rhel-server-rhscl-7-rpms \ --enable=rhel-7-server-satellite-maintenance-6-rpms \ --enable=rhel-7-server-satellite-6.2-rpms
On the target server, either mount the shared storage or copy the following files and folder from the source Satellite Server. The default destination directory is
/backup
. You can choose another directory if there is not enough storage space.-
candlepin.dump
-
config_files.tar.gz
-
foreman.dump
-
mongo_dump
folder -
pulp_data.tar
-
On the target server, install the
satellite-clone
package:# yum install satellite-clone
On the target server, customize the
satellite-clone
configuration file.Edit the configuration file
/etc/satellite-clone/satellite-clone-vars.yml
. To change an item from the default, remove the comment character (#
), and edit its value.-
If the backup files were not copied to the directory
/backup
on the target server, change thebackup_dir
to the path containing the backup files. -
Change the
rhel_migration
toyes
. If you did not register the target server to the Customer Portal, you can use an activation key in the Customer Portal to register it:
-
Change the
register_to_portal
totrue
. -
Change the
activationkey
to the name of your activation key in the Customer Portal. -
Change the
orgname
to your Satellite organization in the Customer Portal.
-
Change the
- Change other values to suit your requirements.
-
If the backup files were not copied to the directory
Start the
satellite-clone
process:# satellite-clone
On the target server, reconfigure DHCP, DNS, TFTP and remote execution services. The cloning process disables these services on the target Satellite Server to avoid conflict with the source Satellite Server.
Reconfigure and enable DHCP, DNS, TFTP in the Satellite web UI. For more information, see Configuring DNS, DHCP, and TFTP on Satellite Server in the Installation Guide.
Enable remote execution:
# satellite-installer --scenario satellite --enable-foreman-plugin-remote-execution --enable-foreman-proxy-plugin-remote-execution-ssh
-
Log in to the Satellite web UI as user
admin
and passwordchangeme
. Change theadmin
user’s password. Refresh the Satellite’s manifest.
- Log in to the Satellite web UI.
- Ensure that the correct organization is selected.
- Navigate to Content > Red Hat Subscriptions, then click Manage Manifest.
- Click Refresh Manifest.
- Navigate to Content > Red Hat Subscriptions and verify the available subscriptions are correct.
Edit Capsules' association with lifecycles.
The cloning process breaks the association between Capsule Servers and their lifecycle environments to avoid interference with existing infrastructure. On the target Satellite Server, follow the instructions in file
/usr/share/satellite-clone/logs/reassociate_capsules.txt
to reverse these changes.- Update your network configuration, for example, DNS, to match the target server’s IP address with its new host name.
If the source server uses the
virt-who
daemon, install and configure it on the target server.- Complete the prerequisite steps for the virt-who daemon. For more information, see Prerequisites in the Virtual Instances Guide.
-
Copy all the virt-who configuration files in directory
/etc/virt-who.d/
from the source server to the same directory on the target server. - Configure and start the virt-who daemon. For more information, see Configuring and Starting virt-who Service in the Virtual Instances Guide.
Restart goferd on all registered content hosts and Capsules.
# systemctl restart goferd
- Decommission the source server.
6.1.5. Migrating a Capsule Server
The following procedure outlines how to migrate an existing Capsule Server installation to the target server.
- Install Red Hat Enterprise Linux 7 server. This is the new Capsule Server.
-
Install the new Capsule Server, but do not proceed to run the
satellite-installer
. For more information, see Installing Capsule Server in the Installation Guide, but stop after completing the Installing Capsule Server section. - Backup the source Capsule Server. For more information, see Backing up Red Hat Satellite Server in the Server Administration Guide.
Stop all Satellite services on the source Capsule Server.
# katello-service stop
- Copy all backup files from the source server to the target server.
- Restore the Capsule Server on the target server.
- Shut down the source Capsule Server.
- Update your network configuration, for example, DNS, to match the target server’s IP address with its new host name.
- Decommission the source Capsule Server.
6.2. Upgrading to Satellite Server 6.2
The Satellite 6 upgrading program is based on Puppet, which means that any manual configuration changes might be overwritten to the installation defaults. To avoid this, use the --noop
argument when you run the upgrading program to determine what changes would be applied after you perform the upgrade. This argument ensures that no actual changes are made. Potential changes are written to /var/log/foreman-installer/satellite.log
.
6.3. Upgrading a Connected Satellite Server
Before You Begin
- You have upgraded to the minor version 6.1.9 or later of Red Hat Satellite Server 6.1. The requirement is to be at least on 6.1.9, upgrading to a higher minor version past 6.1.9 is not needed for the upgrade to Red Hat Satellite 6.2. Direct upgrades from earlier minor versions are not supported. For more information, see Upgrading Between Minor Versions of Satellite in the Red Hat Satellite 6.1 Installation Guide.
- Review and update your firewall configuration prior to upgrading your Satellite Server. For additional information, see Section 2.5, “Ports and Firewalls Requirements”.
- Make sure you DO NOT delete the manifest from the Customer Portal or in the Satellite Web UI as this will unregister all of your content hosts.
- Backup and remove all Foreman hooks before upgrading. Put any hooks back only after Satellite is known to be working after the upgrade is complete.
You must retain the content of both the root/ssl-build
directory and the directory in which you created any source files associated with your custom certificates. Even if you choose to implement custom certificates, you must retain the content of the /root/ssl-build
directory when performing upgrades. Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.
Upgrade Satellite Server
Create a backup.
- On a virtual machine, take a snapshot.
- On a physical machine, create a backup.
A pre-upgrade script is available to detect conflicts and list hosts which have duplicate entries in Satellite Server that can be unregistered and deleted after upgrade. In addition, it will detect hosts which are not assigned to an organization. If a host is listed under Hosts > All hosts without an organization association and if a content host with same name has an organization already associated with it then the content host will automatically be unregistered. This can be avoided by associating such hosts to an organization before upgrading.
Run the pre-upgrade check script to get a list of hosts that can be deleted after upgrading. If any unassociated hosts are found, associating them to an organization before upgrading is recommended.
To use the pre-upgrade script, ensure you have
ruby193-rubygem-katello-2.2.0.90-1-sat
or later.# yum update ruby193-rubygem-katello
Run the pre-upgrade check script to get a list of hosts that can be deleted after upgrading. If any unassociated hosts are found, associating them to an organization before upgrading is recommended.
# foreman-rake katello:upgrade_check
If the upgrade check reports a failure due to running tasks, then it is recommended that you wait for the tasks to complete. It is possible to cancel some tasks, but you should follow the guidance in the Red Hat Knowledgebase solution How to manage paused tasks on Red Hat Satellite 6 to understand which tasks are safe to cancel and which are not safe to cancel.
-
Backup the DNS and DHCP configuration files
/etc/zones.conf
and/etc/dhcp/dhcpd.conf
as the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required. If you have made manual edits to DNS or DHCP configuration files and do not want the changes overwritten, run the following command.
# katello-installer --capsule-dns-managed=false \ --capsule-dhcp-managed=false
Disable the repository for Red Hat Satellite 6.1.
On Red Hat Enterprise Linux 6, run the following command:
# subscription-manager repos \ --disable rhel-6-server-satellite-6.1-rpms
On Red Hat Enterprise Linux 7, run the following command:
# subscription-manager repos \ --disable rhel-7-server-satellite-6.1-rpms
If required, to verify that the Satellite 6.1 repositories are now disabled, enter a command as follows:
# subscription-manager repos --list-enabled
Enable the repositories for Red Hat Satellite 6.2.
On Red Hat Enterprise Linux 6, run the following command:
# subscription-manager repos --enable=rhel-6-server-rpms \ --enable=rhel-server-rhscl-6-rpms \ --enable=rhel-6-server-satellite-6.2-rpms
On Red Hat Enterprise Linux 7, run the following command:
# subscription-manager repos --enable=rhel-7-server-rpms \ --enable=rhel-server-rhscl-7-rpms \ --enable=rhel-7-server-satellite-6.2-rpms
Clear out any metadata left from any non-Red Hat yum repositories.
# yum clean all
Verify that the repositories have been enabled.
# yum repolist enabled
Output similar to the following displays:
Loaded plugins: product-id, subscription-manager repo id repo name status !rhel-7-server-rpms/x86_64 Red Hat Enterprise Linux 7 Server (RPMs) 9,889 !rhel-7-server-satellite-6.2-rpms/x86_64 Red Hat Satellite 6.2 (for RHEL 7 Server) (RPMs) 545 !rhel-server-rhscl-7-rpms/x86_64 Red Hat Software Collections RPMs for Red Hat Enterprise Linux 7 Server 4,279 repolist: 14,713
-
In the Satellite web UI, go to Hosts > Discovered hosts. If there are discovered hosts available, turn them off and then delete all entries under the
Discovered hosts
page. Select all other organizations in turn using the organization setting menu and repeat this action as required. Reboot these hosts after the upgrade has completed. - Make sure all external Capsule Servers are assigned to an organization, otherwise they might get unregistered due to host-unification changes.
Configure the repositories in the Satellite web UI.
- In the Satellite web UI, go to Content > Red Hat Repositories and select the RPM tab.
- Find and expand the Red Hat Enterprise Linux Server Product.
- Find and expand Red Hat Satellite Tools 6.2 (for Red Hat Enterprise Linux X Server) (RPMs).
- Select Red Hat Satellite Tools 6.2 for Red Hat Enterprise Linux X Server RPMs x86_64.
Synchronize the newly enabled repositories.
- In the Satellite web UI, go to Content > Sync Status.
- Click the arrow next to the product to view available repositories.
- Select the repositories for 6.2.
Click Synchronize Now.
If you get an error when trying to update the Satellite Tools repository, make sure you DO NOT delete the manifest from the Customer Portal or in the Satellite Web UI as this will unregister all of your content hosts. See the Red Hat Knowledgebase solution Cannot enable Red Hat Satellite Tools Repo on Satellite 6.2 for more information.
- Update any pre-existing Content Views that utilize 6.1 version repositories with the new version for 6.2. Publish and promote updated versions of any Content Views that now have the new 6.2 version repositories.
Clear the repository cache.
# yum clean all
Run the upgrade check again to ensure that the steps that we have already undertaken have not resulted in a situation in which tasks might get stuck during the upgrade:
# foreman-rake katello:upgrade_check
Stop Katello services.
# katello-service stop
Update all packages.
# yum update
If you have custom Apache server configurations, they will be reverted to the installation defaults in the next step. If you want to see what will be changed when you perform the upgrade, you can enter the upgrade command with the
--noop
(no operation) option and review the changes that will be applied when you enter the upgrade command in the following step. If you choose not to do this test, skip to the next step now. Alternatively, proceed as follows:Add the following line to the
/etc/httpd/conf/httpd.conf
configuration file.Include /etc/httpd/conf.modules.d/*.conf
Restart the
httpd
service.On Red Hat Enterprise Linux 6, enter the following command:
# service httpd restart
On Red Hat Enterprise Linux 7, enter the following command:
# systemctl restart httpd
Start the
postgresql
andmongod
database services.On Red Hat Enterprise Linux 6, enter the following command:
# service postgresql start # service mongod start
On Red Hat Enterprise Linux 7, enter the following command:
# systemctl start postgresql # systemctl start mongod
Enter the command with the
--noop
option as follows.# satellite-installer --scenario satellite --upgrade --verbose --noop
Review the
/var/log/foreman-installer/satellite.log
to see what changes would be applied if the--noop
option was omitted. Look for the+++
and---
symbols indicating changes to configurations files. Because the above "no operation" command does not actually create the files, and some Puppet resources in the module expect them to be there, some failure messages are to be expected.Stop Katello services.
# katello-service stop
Perform the upgrade by running the installer script with the
--upgrade
option.# satellite-installer --scenario satellite --upgrade
WarningIf you run the command from a directory containing a config subdirectory, you will encounter the following error:
ERROR: Scenario (config/satellite.yaml) was not found, can not continue.
In such a case, change directory, for example to the root user’s home directory, and run the command again.
- Check and restore any changes required to the DNS and DHCP configuration files using the backups made earlier.
If you made changes in the previous step, restart Katello services.
# katello-service restart
Update the Discovery template in the Satellite web UI.
- Go to Hosts > Provisioning templates.
- Select PXELinux global default.
In the Template editor dialog box, edit the PXELinux global default template discovery menu entry, updating the stanza that begins with LABEL discovery to match the following text:
LABEL discovery MENU LABEL Satellite 6 Discovery MENU DEFAULT KERNEL boot/fdi-image-rhel_7-vmlinuz APPEND initrd=boot/fdi-image-rhel_7-img rootflags=loop root=live:/fdi.iso rootfstype=auto ro rd.live.image acpi=force rd.luks=0 rd.md=0 rd.dm=0 rd.lvm=0 rd.bootif=0 rd.neednet=0 nomodeset proxy.url=https://SATELLITE_CAPSULE_URL:9090 proxy.type=proxy IPAPPEND 2
-
The
proxy.type
option can be eitherproxy
orforeman
. Forproxy
, all communication goes through the Capsule. Forforeman
, the communication goes directly to Satellite Server. -
The
proxy.url
specifies the URL of the Satellite Capsule or Server. Both HTTP and HTTPS protocols are supported.
-
The
If you have the OpenSCAP plug-in installed, but do not have the default OpenSCAP content available, run the following command.
# foreman-rake foreman_openscap:bulk_upload:default
- In the Satellite web UI, go to Configure > Discovery Rules and associate selected organizations and locations with discovery rules.
After upgrading, add the
--assumeyes
parameter tokatello-backup
commands in your backup script.From Satellite 6.2.13, you must add the
--assumeyes
parameter because thekatello-backup
command prompts for confirmation that the backup is to proceed. For more information about backing up Satellite Server, see Backup and Disaster Recovery in the Server Administration Guide.
6.4. Upgrading a Disconnected Satellite Server
Before You Begin
- You should have upgraded to the latest minor release of Red Hat Satellite Server 6.1. Direct upgrade from earlier minor versions is not supported. For more information, see Upgrading Between Minor Versions of Satellite in the Red Hat Satellite 6.1 Installation Guide.
- Review and update your firewall configuration prior to upgrading your Satellite Server. For additional information, see Section 2.5, “Ports and Firewalls Requirements”.
- Make sure you DO NOT delete the manifest from the Customer Portal or in the Satellite Web UI as this will unregister all of your content hosts.
- Backup and remove all Foreman hooks before upgrading. Put any hooks back only after Satellite is known to be working after the upgrade is complete.
You must retain the content of both the root/ssl-build
directory and the directory in which you created any source files associated with your custom certificates. Even if you choose to implement custom certificates, you must retain the content of the /root/ssl-build
directory when performing upgrades. Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.
Upgrade Disconnected Satellite Server
Create a backup.
- On a virtual machine, take a snapshot.
- On a physical machine, create a backup.
A pre-upgrade script is available to detect conflicts and list hosts which have duplicate entries in Satellite Server that can be unregistered and deleted after upgrade. In addition, it will detect hosts which are not assigned to an organization. If a host is listed under Hosts > All hosts without an organization association and if a content host with same name has an organization already associated with it then the content host will automatically be unregistered. This can be avoided by associating such hosts to an organization before upgrading.
Run the pre-upgrade check script to get a list of hosts that can be deleted after upgrading. If any unassociated hosts are found, associating them to an organization before upgrading is recommended.
To use the pre-upgrade script, ensure you have
ruby193-rubygem-katello-2.2.0.90-1-sat
or later.# yum update ruby193-rubygem-katello
Run the pre-upgrade check script to get a list of hosts that can be deleted after upgrading. If any unassociated hosts are found, associating them to an organization before upgrading is recommended.
# foreman-rake katello:upgrade_check
If the upgrade check reports a failure due to running tasks, then it is recommended that you wait for the tasks to complete. It is possible to cancel some tasks, but you should follow the guidance in the Red Hat Knowledgebase solution How to manage paused tasks on Red Hat Satellite 6 to understand which tasks are safe to cancel and which are not safe to cancel.
-
Backup the DNS and DHCP configuration files
/etc/zones.conf
and/etc/dhcp/dhcpd.conf
as the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required. If you have made manual edits to DNS or DHCP configuration files and do not want the changes overwritten, run the following command.
# katello-installer --capsule-dns-managed=false \ --capsule-dhcp-managed=false
-
In the Satellite web UI, go to Hosts > Discovered hosts. If there are discovered hosts available, turn them off and then delete all entries under the
Discovered hosts
page. Select all other organizations in turn using the organization setting menu and repeat this action as required. Reboot these hosts after the upgrade has completed. - Make sure all external Capsule Servers are assigned to an organization, otherwise they might get unregistered due to host-unification changes.
Stop Katello services.
# katello-service stop
- Obtain the ISO file, mount it, and install the packages. For more information, see Section 3.2, “Downloading and Installing from a Disconnected Network”.
If you have custom Apache server configurations, they will be reverted to the installation defaults in the next step. If you want to see what will be changed when you perform the upgrade, you can enter the upgrade command with the
--noop
(no operation) option and review the changes that will be applied when you enter the upgrade command in the following step. If you choose not to do this test, skip to the next step now. Alternatively, proceed as follows:Add the following line to the
/etc/httpd/conf/httpd.conf
configuration file.Include /etc/httpd/conf.modules.d/*.conf
Restart the
httpd
service.On Red Hat Enterprise Linux 6, enter the following command:
# service httpd restart
On Red Hat Enterprise Linux 7, enter the following command:
# systemctl restart httpd
Start the
postgresql
andmongod
database services.On Red Hat Enterprise Linux 6, enter the following command:
# service postgresql start # service mongod start
On Red Hat Enterprise Linux 7, enter the following command:
# systemctl start postgresql # systemctl start mongod
Enter the command with the
--noop
option as follows.# satellite-installer --scenario satellite --upgrade --verbose --noop
Review the
/var/log/foreman-installer/satellite.log
to see what changes would be applied if the--noop
option was omitted. Look for the+++
and---
symbols indicating changes to configurations files. Because the above "no operation" command does not actually create the files, and some Puppet resources in the module expect them to be there, some failure messages are to be expected.Stop Katello services.
# katello-service stop
Perform the upgrade by running the installer script with the
--upgrade
option.# satellite-installer --scenario satellite --upgrade
WarningIf you run the command from a directory containing a config subdirectory, you will encounter the following error:
ERROR: Scenario (config/satellite.yaml) was not found, can not continue.
In such a case, change directory, for example to the root user’s home directory, and run the command again.
- Check and restore any changes required to the DNS and DHCP configuration files using the backups made earlier.
If you made changes in the previous step, restart Katello services.
# katello-service restart
Update the Discovery template in the Satellite web UI.
- Go to Hosts > Provisioning templates.
- Select PXELinux global default.
In the Template editor dialog box, edit the PXELinux global default template discovery menu entry, updating the stanza that begins with LABEL discovery to match the following text:
LABEL discovery MENU LABEL Satellite 6 Discovery MENU DEFAULT KERNEL boot/fdi-image-rhel_7-vmlinuz APPEND initrd=boot/fdi-image-rhel_7-img rootflags=loop root=live:/fdi.iso rootfstype=auto ro rd.live.image acpi=force rd.luks=0 rd.md=0 rd.dm=0 rd.lvm=0 rd.bootif=0 rd.neednet=0 nomodeset proxy.url=https://SATELLITE_CAPSULE_URL:9090 proxy.type=proxy IPAPPEND 2
-
The
proxy.type
option can be eitherproxy
orforeman
. Forproxy
, all communication goes through the Capsule. Forforeman
, the communication goes directly to Satellite Server. -
The
proxy.url
specifies the URL of the Satellite Capsule or Server. Both HTTP and HTTPS protocols are supported.
-
The
If you have the OpenSCAP plug-in installed, but do not have the default OpenSCAP content available, run the following command.
# foreman-rake foreman_openscap:bulk_upload:default
- In the Satellite web UI, go to Configure > Discovery Rules and associate selected organizations and locations with discovery rules.
After upgrading, add the
--assumeyes
parameter tokatello-backup
commands in your backup script.From Satellite 6.2.13, you must add the
--assumeyes
parameter because thekatello-backup
command prompts for confirmation that the backup is to proceed. For more information about backing up Satellite Server, see Backup and Disaster Recovery in the Server Administration Guide.
6.5. Upgrading Capsule Servers
Before You Begin
- You should have upgraded the Satellite Server before upgrading any Capsule Servers.
- The capsule should be on at least the 6.1.9 minor version of Red Hat Satellite Server 6.1. The requirement is to be at least on 6.1.9, upgrading to a higher minor version past 6.1.9 is not needed for the upgrade to Red Hat Satellite 6.2. Direct upgrades from earlier minor versions are not supported. For more information, see Upgrading Between Minor Versions of Satellite in the Red Hat Satellite 6.1 Installation Guide.
- Ensure the Capsule’s base system is registered to the newly upgraded Satellite Server.
- Ensure the Capsule has the correct organization and location settings in the newly upgraded Satellite Server.
- Review and update your firewall configuration prior to upgrading your Capsule Server. For additional information, see Section 2.5, “Ports and Firewalls Requirements”.
You must retain the content of both the root/ssl-build
directory and the directory in which you created any source files associated with your custom certificates. Even if you choose to implement custom certificates, you must retain the content of the /root/ssl-build
directory when performing upgrades. Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.
Upgrading Capsule Servers
Create a backup.
- On a virtual machine, take a snapshot.
- On a physical machine, create a backup.
-
Backup the DNS and DHCP configuration files
/etc/zones.conf
and/etc/dhcp/dhcpd.conf
as the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required. If you have made manual edits to DNS or DHCP configuration files and do not want the changes overwritten, enter the following command.
# capsule-installer --foreman-proxy-dns-managed=false \ --foreman-proxy-dhcp-managed=false
Disable the repository for Red Hat Satellite 6.1.
On Red Hat Enterprise Linux 6, run the following command:
# subscription-manager repos \ --disable rhel-6-server-satellite-capsule-6.1-rpms
On Red Hat Enterprise Linux 7, run the following command:
# subscription-manager repos \ --disable rhel-7-server-satellite-capsule-6.1-rpms
Enable the new repositories.
The Red Hat Software Collections repository provides a later version of Ruby required by some Red Hat Satellite features, including the Remote Execution feature.
On Red Hat Enterprise Linux 7, run the following command:
# subscription-manager repos \ --enable rhel-7-server-satellite-capsule-6.2-rpms \ --enable rhel-server-rhscl-7-rpms
On Red Hat Enterprise Linux 6, run the following command:
# subscription-manager repos \ --enable rhel-6-server-satellite-capsule-6.2-rpms \ --enable rhel-server-rhscl-6-rpms
-
In the Satellite web UI, go to Hosts > Discovered hosts. If there are discovered hosts available, turn them off and then delete all entries under the
Discovered hosts
page. Select all other organizations in turn using the organization setting menu and repeat this action as required. Reboot these hosts after the upgrade has completed. Clear the repository cache.
# yum clean all
Stop Katello services:
# katello-service stop
Update all packages.
# yum update
On the Satellite Server, generate an archive with new certificates.
# capsule-certs-generate --capsule-fqdn "mycapsule.example.com" \ --certs-tar "mycapsule.example.com-certs.tar"
You should replace mycapsule.example.com with the fully qualified domain name of the Capsule Server.
Copy the archive file to the Capsule Server.
# scp mycapsule.example.com-certs.tar mycapsule.example.com:~/
WarningDo not remove the certificate archive file after the upgrade, it is required for future updates.
If you plan to use Capsule Server as a proxy for discovered hosts, install the Discovery plug-in.
# yum install rubygem-smart_proxy_discovery.noarch
On the Capsule Server, verify that the
foreman_url
setting is correct.# grep foreman_url /etc/foreman-proxy/settings.yml
The fully qualified domain name of the Satellite Server should display.
If you have custom Apache server configurations, they will be reverted to the installation defaults in the next step. If you want to see what will be changed when you perform the upgrade, you can enter the upgrade command with the
--noop
(no operation) option and review the changes that will be applied when you enter the upgrade command in the following step. If you choose not to do this test, skip to the next step now. Alternatively, proceed as follows:Add the following line to the
/etc/httpd/conf/httpd.conf
configuration file.Include /etc/httpd/conf.modules.d/*.conf
Restart the
httpd
service.On Red Hat Enterprise Linux 6, enter the following command:
# service httpd restart
On Red Hat Enterprise Linux 7, enter the following command:
# systemctl restart httpd
Start the
mongod
database service.On Red Hat Enterprise Linux 6, enter the following command:
# service mongod start
On Red Hat Enterprise Linux 7, enter the following command:
# systemctl start mongod
Enter the command with the
--noop
option as follows.# satellite-installer --scenario capsule --upgrade --verbose --noop
Review the
/var/log/foreman-installer/capsule.log
to see what changes would be applied if the--noop
option was omitted. Look for the+++
and---
symbols indicating changes to configurations files. Because the above "no operation" command does not actually create the files, and some Puppet resources in the module expect them to be there, some failure messages are to be expected.Stop Katello services.
# katello-service stop
Perform the upgrade by running the installer script with the
--upgrade
option, and specify the path to the certificate archive previously created on the Satellite Server.# satellite-installer --scenario capsule --upgrade \ --capsule-certs-tar mycapsule.example.com-certs.tar
WarningIf you run the command from a directory containing a config subdirectory, you will encounter the following error:
ERROR: Scenario (config/capsule.yaml) was not found, can not continue.
In such a case, change directory, for example to the root user’s home directory, and run the command again.
- Check and restore any changes required to the DNS and DHCP configuration files using the backups made earlier.
- Upgrade the foreman-discovery package on Satellite Server and turn on the hosts that were shut down prior to the upgrade.
After upgrading, add the
--assumeyes
parameter tokatello-backup
commands in your backup script.From Satellite 6.2.13, you must add the
--assumeyes
parameter because thekatello-backup
command prompts for confirmation that the backup is to proceed. For more information about backing up Satellite Server, see Backup and Disaster Recovery in the Server Administration Guide.
6.6. Upgrading Discovery on Capsule Servers
Verify that all relevant packages are current on the Satellite Server.
# yum upgrade tfm-rubygem-foreman_discovery
Restart Katello services, if applicable.
# katello-service restart
Upgrade the Discovery image on the Satellite Capsule that is either connected to the provisioning network with discovered hosts or provides TFTP services for discovered hosts.
# yum upgrade foreman-discovery-image
On the same instance, install the package which provides the Proxy service, and then restart foreman-proxy service.
# yum install rubygem-smart_proxy_discovery # service foreman-proxy restart
- In the Satellite web UI, go to Infrastructure > Capsules and verify that the relevant proxy lists the Discovery feature. Click Refresh features if necessary.
- Go to Infrastructure > Subnets and select the required Smart Proxy for each subnet on which you want to use discovery, and verify that it is connected to the Discovery Proxy.
Update the Discovery template in the Satellite web UI.
- Go to Hosts > Provisioning Templates.
- Select PXELinux global default.
In the Template editor dialog box, edit the PXELinux global default template discovery menu entry, updating the stanza that begins with LABEL discovery to match the following text:
LABEL discovery MENU LABEL Satellite 6 Discovery MENU DEFAULT KERNEL boot/fdi-image-rhel_7-vmlinuz APPEND initrd=boot/fdi-image-rhel_7-img rootflags=loop root=live:/fdi.iso rootfstype=auto ro rd.live.image acpi=force rd.luks=0 rd.md=0 rd.dm=0 rd.lvm=0 rd.bootif=0 rd.neednet=0 nomodeset proxy.url=https://SATELLITE_CAPSULE_URL:9090 proxy.type=proxy IPAPPEND 2
-
The
proxy.type
option can be eitherproxy
orforeman
. Forproxy
, all communication goes through the Capsule. Forforeman
, the communication goes directly to Satellite Server. -
The
proxy.url
specifies the URL of the Satellite Capsule or Server. Both HTTP and HTTPS protocols are supported. - You can omit the proxy.url option and determine the Capsule DNS name from its SRV record. This is useful if there are multiple discovery subnets. For more information, see Configuring PXE-booting in the Red Hat Satellite Host Configuration Guide.
-
The
6.7. Upgrading Satellite Clients
You must upgrade all clients to the new version of katello-agent
so that your clients are compatible with Satellite Server. This requires changing the Satellite Tools repository from 6.1 to 6.2, which can be done manually or by installing the satellite-tools-upgrade
package. This package only contains a post installation script to change the Satellite Tools repository version.
Before You Begin
- You must have upgraded Satellite Server.
- You must have enabled the new Satellite Tools repositories on the Satellite.
- You must have synchronized the new repositories in the Satellite.
-
If you have not previously installed
katello-agent
on your clients, use the manual method.
You must retain the content of both the root/ssl-build
directory and the directory in which you created any source files associated with your custom certificates. Even if you choose to implement custom certificates, you must retain the content of the /root/ssl-build
directory when performing upgrades. Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.
Upgrade Satellite Clients Using the satellite-tools-upgrade Package
- In the Satellite web UI, go to Hosts > Content Hosts or Host Collections and select the Content Hosts to be upgraded.
On the Packages tab, enter the package name
satellite-tools-upgrade
in the search field.- If upgrading a single host using the Content Host view, select Perform to install the package.
- If upgrading a collection of hosts using the Bulk Actions view, select Install to install the package.
On the Packages tab, enter the package name
katello-agent
in the search field.- If upgrading a single host using the Content Host view, select Package Update and then Perform to update the package.
- If upgrading a collection of hosts using the Bulk Actions view, select Update to update the package.
Until Red Hat Bugzilla 1291960 is resolved, you will see duplicate package versions installed on your systems after attempting to upgrade katello-agent
using the web UI or the hammer CLI. See the bug for more details.
Upgrade Satellite Clients Manually
- Log into the client system.
Disable the repositories for the previous version of Satellite.
On Red Hat Enterprise Linux 7, run the following command:
# subscription-manager repos \ --disable rhel-7-server-satellite-tools-6.1-rpms
On Red Hat Enterprise Linux 6, run the following command:
# subscription-manager repos \ --disable rhel-6-server-satellite-tools-6.1-rpms
Enable the Satellite tools repository for this version of Satellite.
On Red Hat Enterprise Linux 7, run the following command:
# subscription-manager repos \ --enable=rhel-7-server-satellite-tools-6.2-rpms
On Red Hat Enterprise Linux 6, run the following command:
# subscription-manager repos \ --enable=rhel-6-server-satellite-tools-6.2-rpms
Upgrade the Katello Agent package.
# yum upgrade katello-agent
6.8. Upgrading a Self-Registered Satellite Server
You can synchronize your self-registered Satellite Server with the Red Hat Customer Portal, publish and promote Content Views, and upgrade your self-registered Satellite Server.
Before You Begin
- You have upgraded to at least the minor version 6.1.9 of Red Hat Satellite Server 6.1. The requirement is to be at least on 6.1.9, upgrading to a higher minor version past 6.1.9 is not needed for the upgrade to Red Hat Satellite 6.2. Direct upgrades from earlier minor versions are not supported. For more information, see Upgrading Between Minor Versions of Satellite in the Red Hat Satellite 6.1 Installation Guide.
- Review and update your firewall configuration prior to upgrading your Satellite Server. For additional information, see Section 2.5, “Ports and Firewalls Requirements”.
- Make sure you DO NOT delete the manifest from the Customer Portal or in the Satellite Web UI as this will unregister all of your content hosts.
- Backup and remove all Foreman hooks before upgrading. Put any hooks back only after Satellite is known to be working after the upgrade is complete.
You must retain the content of both the root/ssl-build
directory and the directory in which you created any source files associated with your custom certificates. Even if you choose to implement custom certificates, you must retain the content of the /root/ssl-build
directory when performing upgrades. Failure to retain these files during an upgrade causes the upgrade to fail. If these files have been deleted, they must be restored from a backup in order for the upgrade to proceed.
Upgrade Self-Registered Satellite Server
Create a backup.
- On a virtual machine, take a snapshot.
- On a physical machine, create a backup.
A pre-upgrade script is available to detect conflicts and list hosts which have duplicate entries in Satellite Server that can be unregistered and deleted after upgrade. In addition, it will detect hosts which are not assigned to an organization. If a host is listed under Hosts > All hosts without an organization association and if a content host with same name has an organization already associated with it then the content host will automatically be unregistered. This can be avoided by associating such hosts to an organization before upgrading.
Run the pre-upgrade check script to get a list of hosts that can be deleted after upgrading. If any unassociated hosts are found, associating them to an organization before upgrading is recommended.
To use the pre-upgrade script, ensure you have
ruby193-rubygem-katello-2.2.0.90-1-sat
or later.# yum update ruby193-rubygem-katello
Run the pre-upgrade check script to get a list of hosts that can be deleted after upgrading. If any unassociated hosts are found, associating them to an organization before upgrading is recommended.
# foreman-rake katello:upgrade_check
If the upgrade check reports a failure due to running tasks, then it is recommended that you wait for the tasks to complete. It is possible to cancel some tasks, but you should follow the guidance in the Red Hat Knowledgebase solution How to manage paused tasks on Red Hat Satellite 6 to understand which tasks are safe to cancel and which are not safe to cancel.
-
Backup the DNS and DHCP configuration files
/etc/zones.conf
and/etc/dhcp/dhcpd.conf
as the installer only supports one domain or subnet, and therefore restoring changes from these backups might be required. If you have made manual edits to DNS or DHCP configuration files and do not want the changes overwritten, run the following command.
# katello-installer --capsule-dns-managed=false \ --capsule-dhcp-managed=false
List the enabled repositories:
# subscription-manager repos --list-enabled
Ensure you have the following repositories enabled and no others:
rhel-X-server-satellite-tools-6.1-rpms rhel-server-rhscl-X-rpms rhel-X-server-satellite-6.1-rpms rhel-X-server-rpms
Where X is the major version of the base system. If other repositories are found, follow the Section 3.1.3, “Configuring Repositories” procedure to remove them.
Disable the repositories for the previous version of Satellite on the base system.
On Red Hat Enterprise Linux 6, enter the following commands:
# subscription-manager repos \ --disable rhel-6-server-satellite-6.1-rpms # subscription-manager repos \ --disable rhel-6-server-satellite-tools-6.1-rpms
On Red Hat Enterprise Linux 7, enter the following commands:
# subscription-manager repos \ --disable rhel-7-server-satellite-6.1-rpms # subscription-manager repos \ --disable rhel-7-server-satellite-tools-6.1-rpms
If required, to verify that the Satellite 6.1 repositories are now disabled, enter a command as follows:
# subscription-manager repos --list-enabled
Configure the repositories in the Satellite web UI.
- In the Satellite web UI, go to Content > Red Hat Repositories and select the RPM tab.
- Find and expand the Red Hat Satellite Product.
- Find and expand the Repository Set Red Hat Satellite 6.1 (for Red Hat Enterprise Linux X Server) (RPMs).
- Unselect Red Hat Satellite 6.1 for Red Hat Enterprise Linux X Server RPMs x86_64.
- Find and expand the Repository Set Red Hat Satellite 6.2 (for Red Hat Enterprise Linux X Server) (RPMs).
- Select Red Hat Satellite 6.2 for Red Hat Enterprise Linux X Server RPMs x86_64.
- Find and expand the Red Hat Enterprise Linux Server Product.
- Find and expand Red Hat Satellite Tools 6.2 (for Red Hat Enterprise Linux X Server) (RPMs).
- Select Red Hat Satellite Tools 6.2 for Red Hat Enterprise Linux X Server RPMs x86_64.
- In the Other tab, find and expand Red Hat Software Collections for RHEL Server.
- Find and expand Red Hat Software Collections RPMs (for Red Hat Enterprise Linux X Server).
- Select Red Hat Software Collections RPMs for Red Hat Enterprise Linux X Server x86_64.
Synchronize the newly enabled repositories.
- In the Satellite web UI, go to Content > Sync Status.
- Click the arrow next to the product to view available repositories.
- Select the repositories for 6.2.
Click Synchronize Now.
If you get an error when trying to update the Satellite Tools repository, make sure you DO NOT delete the manifest from the Customer Portal or in the Satellite Web UI as this will unregister all of your content hosts. See the Red Hat Knowledgebase solution Cannot enable Red Hat Satellite Tools Repo on Satellite 6.2 for more information.
- Update any pre-existing Content Views that utilize 6.1 version repositories with the new version for 6.2. Publish and promote updated versions of any Content Views that now have the new 6.2 version repositories.
Enable the new repositories on the base system when the repositories have finished synchronizing.
On Red Hat Enterprise Linux 6, enter the following commands:
# subscription-manager repos \ --enable rhel-6-server-satellite-6.2-rpms \ --enable rhel-6-server-satellite-tools-6.2-rpms \ --enable rhel-6-server-rpms \ --enable rhel-server-rhscl-6-rpms
On Red Hat Enterprise Linux 7, enter the following commands:
# subscription-manager repos \ --enable rhel-7-server-satellite-6.2-rpms \ --enable rhel-7-server-satellite-tools-6.2-rpms \ --enable rhel-7-server-rpms \ --enable rhel-server-rhscl-7-rpms
-
In the Satellite web UI, go to Hosts > Discovered hosts. If there are discovered hosts available, turn them off and then delete all entries under the
Discovered hosts
page. Select all other organizations in turn using the organization setting menu and repeat this action as required. Reboot these hosts after the upgrade has completed. - Make sure all external Capsule Servers are assigned to an organization, otherwise they might get unregistered due to host-unification changes.
Clear the repository cache.
# yum clean all
Download the following packages.
# yum install --downloadonly rubygem-smart_proxy_remote_execution_ssh \ rubygem-smart_proxy_openscap rubygem-smart_proxy_dynflow \ tfm-rubygem-smart_proxy_dynflow_core \ tfm-rubygem-foreman_remote_execution katello-client-bootstrap
Download all updated packages.
# yum update --downloadonly
Stop Katello services.
# katello-service stop
Install the previously downloaded packages.
# yum install rubygem-smart_proxy_remote_execution_ssh \ rubygem-smart_proxy_openscap rubygem-smart_proxy_dynflow \ tfm-rubygem-smart_proxy_dynflow_core \ tfm-rubygem-foreman_remote_execution katello-client-bootstrap
Install all updated packages from the
yum
cache.# yum update --cacheonly
If you have custom Apache server configurations, they will be reverted to the installation defaults in the next step. If you want to see what will be changed when you perform the upgrade, you can enter the upgrade command with the
--noop
(no operation) option and review the changes that will be applied when you enter the upgrade command in the following step. If you choose not to do this test, skip to the next step now. Alternatively, proceed as follows:Add the following line to the
/etc/httpd/conf/httpd.conf
configuration file.Include /etc/httpd/conf.modules.d/*.conf
Restart the
httpd
service.On Red Hat Enterprise Linux 6, enter the following command:
# service httpd restart
On Red Hat Enterprise Linux 7, enter the following command:
# systemctl restart httpd
Start the
postgresql
andmongod
database services.On Red Hat Enterprise Linux 6, enter the following command:
# service postgresql start # service mongod start
On Red Hat Enterprise Linux 7, enter the following command:
# systemctl start postgresql # systemctl start mongod
Enter the command with the
--noop
option as follows.# satellite-installer --scenario satellite --upgrade --verbose --noop
Review the
/var/log/foreman-installer/satellite.log
to see what changes would be applied if the--noop
option was omitted. Look for the+++
and---
symbols indicating changes to configurations files. Because the above "no operation" command does not actually create the files, and some Puppet resources in the module expect them to be there, some failure messages are to be expected.Stop Katello services.
# katello-service stop
Perform the upgrade by running the installer script with the
--upgrade
option.# satellite-installer --scenario satellite --upgrade
WarningIf you run the command from a directory containing a config subdirectory, you will encounter the following error:
ERROR: Scenario (config/satellite.yaml) was not found, can not continue.
In such a case, change directory, for example to the root user’s home directory, and run the command again.
- Check and restore any changes required to the DNS and DHCP configuration files using the backups made earlier.
If you made changes in the previous step, restart Katello services.
# katello-service restart
Update the Discovery template in the Satellite web UI.
- Go to Hosts > Provisioning templates.
- Select PXELinux global default.
In the Template editor dialog box, edit the PXELinux global default template discovery menu entry, updating the stanza that begins with LABEL discovery to match the following text:
LABEL discovery MENU LABEL Satellite 6 Discovery MENU DEFAULT KERNEL boot/fdi-image-rhel_7-vmlinuz APPEND initrd=boot/fdi-image-rhel_7-img rootflags=loop root=live:/fdi.iso rootfstype=auto ro rd.live.image acpi=force rd.luks=0 rd.md=0 rd.dm=0 rd.lvm=0 rd.bootif=0 rd.neednet=0 nomodeset proxy.url=https://SATELLITE_CAPSULE_URL:9090 proxy.type=proxy IPAPPEND 2
-
The
proxy.type
option can be eitherproxy
orforeman
. Forproxy
, all communication goes through the Capsule. Forforeman
, the communication goes directly to Satellite Server. -
The
proxy.url
specifies the URL of the Satellite Capsule or Server. Both HTTP and HTTPS protocols are supported.
-
The
If you have the OpenSCAP plug-in installed, but do not have the default OpenSCAP content available, run the following command.
# foreman-rake foreman_openscap:bulk_upload:default
- In the Satellite web UI, go to Configure > Discovery Rules and associate selected organizations and locations with discovery rules.
Synchronize the Satellite Server with the Red Hat Customer Portal.
Go to Content > Sync Status.
A list of product repositories available for synchronization is displayed.
- Click the arrow next to the product content to view available content.
- Select the content you want to synchronize.
Click Synchronize Now.
Content synchronization can take a long time and it depends on the speed of disk drives, network connection speed, and the amount of content selected for synchronization.
(Optional) Publish the required Content Views.
You must publish the Content View so that it is visible and usable by hosts. Before publishing, you should ensure that the Content View definition has the necessary products, repositories, and filters.
- From the Main Menu, select Content > Content Views.
- From the Name column, select the Satellite Server Content View.
- Click Publish New Version.
- Enter a comment and click Save.
(Optional) Promote the Content View.
- From the Main Menu, select Content > Content Views.
- In the Name column, select the Satellite Server Content View.
- On the Versions tab, select the latest version and click Promote.
Identify the promotion path, select the appropriate life-cycle environment, and click Promote Version.
When the operation completes, you can see the updated Content View status on the Versions tab.
After upgrading, add the
--assumeyes
parameter tokatello-backup
commands in your backup script.From Satellite 6.2.13, you must add the
--assumeyes
parameter because thekatello-backup
command prompts for confirmation that the backup is to proceed. For more information about backing up Satellite Server, see Backup and Disaster Recovery in the Server Administration Guide.
6.9. Post Upgrade Cleanup
All the procedures in this section are optional. You can choose to perform only those procedures that are relevant to your installation.
6.9.1. Removing Redundant Firewall Rules
Red Hat Satellite 6.2 does not use Elasticsearch and therefore firewall rules related to Elasticsearch can be removed. These are the lines with destination port 9200.
Removing Redundant Firewall Rules on Red Hat Enterprise Linux 6
List the firewall rules.
# iptables -nL --line-numbers
Identify the following lines and remove them. Note that the chain name is OUTPUT and the line numbers might differ.
Chain OUTPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9200 owner UID match 496 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9200 owner UID match 0 3 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9200
Remove the iptables rules.
iptables -D <chain-name> <line-number>
For example, to remove line 1 from the above output, enter a command as follows:
# iptables -D OUTPUT 1
After removing the lines, save the changes.
# service iptables save
Make sure the iptables service is started and enabled.
# service iptables start # chkconfig iptables on
Removing Redundant Firewall Rules on Red Hat Enterprise Linux 7
List the direct rules.
For IPv4:
# firewall-cmd --direct --get-rules ipv4 filter OUTPUT
For IPv6:
# firewall-cmd --direct --get-rules ipv6 filter OUTPUT
Remove the firewall direct rules.
For IPv4:
firewall-cmd --direct --remove-rule IPv4 filter <chain_name> rule
Example:
# firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o lo -p \ tcp -m tcp --dport 9200 -m owner --uid-owner foreman -j ACCEPT \ && firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o lo -p \ tcp -m tcp --dport 9200 -m owner --uid-owner root -j ACCEPT \ && firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 1 -o lo -p \ tcp -m tcp --dport 9200 -j DROP
For IPv6:
firewall-cmd --direct --remove-rule IPv6 filter <chain_name> rule
Example:
# firewall-cmd --direct --remove-rule ipv6 filter OUTPUT 0 -o lo -p \ tcp -m tcp --dport 9200 -m owner --uid-owner foreman -j ACCEPT \ && firewall-cmd --direct --remove-rule ipv6 filter OUTPUT 0 -o lo -p \ tcp -m tcp --dport 9200 -m owner --uid-owner root -j ACCEPT \ && firewall-cmd --direct --remove-rule ipv6 filter OUTPUT 1 -o lo -p \ tcp -m tcp --dport 9200 -j DROP
Ensure the firewall service is enabled and started.
# systemctl enable firewalld # systemctl start firewalld
6.9.2. Removing Elasticsearch
Red Hat Satellite 6.2 does not use Elasticsearch and therefore the packages and directory used by Elasticsearch can be removed.
Removing Elasticsearch and Related Packages
Remove the following packages as they are no longer needed.
# yum erase elasticsearch sigar-java sigar snappy-java \ lucene4-contrib lucene4
Removing Elasticsearch User
Remove the user created by Elasticsearch.
# userdel -r elasticsearch
Removing Elasticsearch Directory
Remove the database directory and its contents.
# rm -rf /var/lib/elasticsearch
6.9.3. Removing the Previous Version of the Satellite Tools Repository
After completing the upgrade to Satellite 6.2, the Red Hat Satellite Tools 6.1 repository can be removed from Content Views and then disabled.
Disable Version 6.1 of the Satellite Tools Repository
- In the Satellite web UI, go to Content > Red Hat Repositories and select the RPM tab.
- Find and expand the Red Hat Enterprise Linux Server Product.
- Find and expand the Repository Set Red Hat Satellite Tools 6.1 (for Red Hat Enterprise Linux X Server) (RPMs).
- Unselect Red Hat Satellite Tools 6.1 for Red Hat Enterprise Linux X Server RPMs x86_64.
If the check box is dimmed, then the repository is still contained in a Content View. The orphaned packages in the repository will be removed automatically by a scheduled task (cron job).