Chapter 7. Patching Your Systems
To patch your systems through Satellite Server, you need to register your systems first, and then choose to install Katello agent or use remote execution. Remote execution is enabled by default. This chapter covers both methods. Choose the option that suits your environment
7.1. Registering Existing Hosts
This section explains how to register Red Hat Enterprise Linux Hosts and Atomic Hosts.
7.1.1. Registering an Existing Red Hat Enterprise Linux Host
On the host, clear any old data to ensure updated data is uploaded correctly.
# subscription-manager clean
Install the katello-ca-consumer-latest RPM.
# rpm -Uvh http://satellite.example.com/pub/katello-ca-consumer-latest.noarch.rpm
This installs the proper certificates which allow communication between the client and the Satellite Server.
Register the host.
# subscription-manager register --org $ORG \ --activationkey ak-Reg_To_Dev_EL7
7.1.2. Registering an Atomic Host
The following procedure explains how to register an Atomic Host with Subscription Manager.
Retrieve
katello-rhsm-consumer
from the Satellite Server:[root@atomic_client ~]# wget http://satellite.example.com/pub/katello-rhsm-consumer
Change the mode of
katello-rhsm-consumer
in order to make it executable:[root@atomic_client ~]# chmod +x katello-rhsm-consumer
Run
katello-rhsm-consumer
:[root@atomic_client ~]# ./katello-rhsm-consumer
Register with Red Hat Subscription Manager:
[root@atomic_client ~]# subscription-manager register
Because Atomic is functionally an appliance, we do not recommend that you try to install katello-agent
on it.
7.2. Patching Your System Using Katello Agent
7.2.1. Installing Katello Agent
On the content host, install the katello-agent
RPM package.
# yum install katello-agent
The goferd service must be running so that the Red Hat Satellite Server or Capsule Server can provide information about errata that are applicable for content hosts.
Ensure goferd is running:
On Red Hat Enterprise Linux 6, run the following command:
# service goferd start
On Red Hat Enterprise Linux 7, run the following command:
# systemctl start goferd
7.2.2. Applying Errata to Content Hosts
Applying Errata to Content Hosts Using the Web UI
-
Go to Hosts
Content Hosts and click on auth01.example.com
. - Select the Errata tab to view the list of errata applicable to the content host.
- From the list, select an errata.
- Click Apply Selected.
- A confirmation message appears. Click Apply.
Verify that the errata has been applied to the client.
[root@client ~]# yum list-sec
Applying Errata to Content Hosts Using Hammer CLI
List the errata that apply to the
auth01.example.com
host.# hammer content-host errata list --content-host auth01.example.com \ --organization "$ORG"
Apply the errata required by the host.
# hammer host errata apply --content-host auth01.example.com \ --organization "$ORG" \ --errata-ids errata_id.
Verify that the errata has been applied to the client.
[root@client ~]# yum list-sec
7.3. Patching Your System Using Remote Execution
7.3.1. Enabling Remote Execution on a Host
During Satellite Server installation, an internal Capsule Server is automatically installed along with a public SSH key. The internal Capsule Server loads the SSH key from /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy
. You can enable remote execution by distributing the public SSH key to a host.
On the Satellite Server, distribute the key to the host.
# ssh-copy-id -i ~foreman-proxy/.ssh/id_rsa_foreman_proxy.pub root@auth01.example.com
7.3.2. Installing Errata on Your Host
Satellite provides default job templates for executing remote jobs, one of which is for installing errata.
-
Go to Hosts
All hosts and click the check box next to the host’s name. - Click Select Action and select Schedule Remote Job from the drop-down menu.
- In the Job category drop-down menu, select Katello.
- In the Job template drop-down menu, select Install Errata-Katello SSH Default.
- In the errata field, enter the errata ID.
- Select Execute now and click Submit.