Chapter 9. Managing Errata


As a part of Red Hat’s quality control and release process, we provide customers with updates for each release of official Red Hat RPMs. Red Hat compiles groups of related package into an erratum along with an advisory that provides a description of the update. There are three types of advisories (in order of importance):

Security Advisory
Describes fixed security issues found in the package. The security impact of the issue can be Low, Moderate, Important, or Critical.
Bug Fix Advisory
Describes bug fixes for the package.
Product Enhancement Advisory
Describes enhancements and new features added to the package.

Red Hat Satellite 6 imports this errata information when synchronizing repositories with Red Hat’s Content Delivery Network (CDN). Red Hat Satellite 6 also provides tools to inspect and filter errata, allowing for precise update management. This way, you can select relevant updates and propagate them through Content Views to selected content hosts.

Note

Errata are labeled according to the most important advisory type they contain. Therefore, errata labeled as Product Enhancement Advisory can contain only enhancement updates, while Bug Fix Advisory errata can contain both bug fixes and enhancements, and Security Advisory can contain all three types.

In Red Hat Satellite, there are two keywords that describe an erratum’s relationship to the available content hosts:

Applicable
Erratum applies to one or more content hosts, which means it updates packages present on the content host. Applicable errata are not yet accessible by the content host.
Installable
Erratum applies to one or more content hosts and it has been made available to the content host. Installable errata are present in the content host’s life cycle environment and Content View, but are not yet installed. This way, errata can be installed by users who have permissions to manage content hosts, but are not entitled for errata management at higher levels.

This chapter shows how to manage errata and apply them to either a single system or multiple systems.

Important

Install the katello-agent package on hosts registered to Satellite Server. This package provides the necessary services for errata management.

9.1. Managing Errata with Content Views

Red Hat Satellite 6 provides various methods to manage and apply errata. As discussed in Section 7.4, “Content Filters”, we can use Content Views and content filters to limit errata. Such filters include:

  • ID - We can create a filter to select specific erratum to allow into our resulting repositories.
  • Date Range - We can define a date range and include a set of errata released during that date range.
  • Type - We can select the type of errata to include such as bug fixes, enhancements, and security updates.

As an example, we can create a content filter to exclude errata after a certain date. This ensures our production systems in the application life cycle are kept up to date to a certain point. Then we can modify the filter’s start date to introduce new errata into our testing environment. This is so we can test the compatibility of new packages into our application life cycle.

For instructions on creating a content filter, see Section 7.4.1, “Creating a Content Filter”.

When a Content View contains errata, we can apply it to our systems. Each system registered to your Red Hat Satellite 6 includes an errata management screen where you can apply multiple errata to the system. In addition, Red Hat Satellite 6 contains an errata management feature where you can search, review, and apply errata to multiple systems.

9.2. Inspecting Available Errata

The following procedure describes how to view and filter the available errata and how to display metadata of the selected advisory.

  1. Navigate to Content > Errata to view the list of available errata.
  2. Use the filtering tools at the top of the page to limit the number of displayed errata:

    • Select the repository to be inspected from the list. All Repositories is selected by default.
    • The Applicable check box is selected by default to view only errata applicable to the selected repository. Select the Installable check box to view only errata marked as installable.
    • To search the table of errata, type the query in the Search field in the form of:
    parameter operator value

    See Table 9.1, “Parameters Available for Errata Search” for the list of parameters available for search. Find the list of applicable operators in Supported Operators for Granular Search in Administering Red Hat Satellite. Automatic suggestion works as you type. You can also combine queries with the use of and and or operators. For example, to display only security advisories related to the kernel package, type:

    type = security and package_name = kernel

    Press Enter to start the search.

  3. Click the Errata ID of the erratum you want to inspect:

    • The Details tab contains the description of the updated package as well as documentation of important fixes and enhancements provided by the update.
    • On the Content Hosts tab, you can apply the erratum to selected content hosts as described in Section 9.4, “Applying Errata to Multiple Systems”.
    • The Repositories tab lists repositories that already contain the erratum. You can filter repositories by the environment and Content View, and search for them by the repository name.
Table 9.1. Parameters Available for Errata Search
ParameterDescriptionExample

bug

Search by the Bugzilla number.

bug = 1172165

cve

Search by the CVE number.

cve = CVE-2015-0235

id

Search by the errata ID. The auto-suggest system displays a list of available IDs as you type.

id = RHBA-2014:2004

issued

Search by the issue date. You can specify the exact date, like "Feb16,2015", or use keywords, for example "Yesterday", or "1 hour ago". The time range can be specified with the use of the "<" and ">" operators.

issued < "Jan 12,2015"

package

Search by the full package build name. The auto-suggest system displays a list of available packages as you type.

package = glib2-2.22.5-6.el6.i686

package_name

Search by the package name. The auto-suggest system displays a list of available packages as you type.

package_name = glib2

severity

Search by the severity of the issue fixed by the security update. Specify Critical, Important, or Moderate.

severity = Critical

title

Search by the advisory title.

title ~ openssl

type

Search by the advisory type. Specify security, bugfix, or enhancement.

type = bugfix

updated

Search by the date of the last update. You can use the same formats as with the issued parameter.

updated = "6 days ago"

9.3. Applying Errata to Individual Systems

For this procedure, we aim to apply some errata to a system. This procedure follows on from Section 8.2, “Using Activation Keys” and assumes you registered a test Red Hat Enterprise Linux 7 system to your Satellite Server. In this example, we aim to apply the following erratum:

Errata ID:   RHSA-2016:0008
Title:       Moderate: openssl security update
Type:        security
Severity:    Moderate
Issued:      2016-01-07
Updated:     2016-01-07
Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols, as well as a full-strength, general purpose cryptography library.

For Web UI Users

Navigate to Hosts > Content Hosts and click on your test system. Navigate to the Errata tab. Due to the filter set up in Section 7.4.1, “Creating a Content Filter”, a list of security errata appears.

Let’s apply errata for OpenSSL. Navigate to the search bar and enter title ~ openssl. This searches for any errata with openssl in the title. Select the RHSA-2016:0008 errata and click Apply Selected. A confirmation message appears. Click Apply.

Satellite Server starts a task to update all packages associated with the selected errata. When the task completes, Satellite Server lists the packages updated and their new versions in the Details section. For example:

1:openssl-1.0.1e-51.el7_2.2.x86_64
1:openssl-libs-1.0.1e-51.el7_2.2.x86_64

Log in to the client system and confirm the errata updates:

[root@client ~]# yum list openssl openssl-libs

For CLI Users

List the OpenSSL errata for the client system:

# hammer host errata list \
--host client.example.com \
--search "title ~ openssl" \
--organization "ACME"

Apply the most recent erratum to the client system. Identify the erratum to apply using the Errata ID:

# hammer host errata apply \
--host client.danssat.net \
--errata-ids RHSA-2016:0008 \
--organization "ACME"

Log in to the client system and confirm the errata updates:

[root@client ~]# yum list openssl openssl-libs

9.4. Applying Errata to Multiple Systems

The Red Hat Satellite 6 Web UI provides an errata management tool to help review and apply errata to multiple systems. For this example, we use the same erratum (RHSA-2016:0008) from Section 9.3, “Applying Errata to Individual Systems”.

For Web UI Users

Navigate to Content > Errata. This displays all errata from synchronized repositories. In addition, the Content Host Counts shows the number of registered hosts that can apply and install each erratum.

Let’s apply a single OpenSSL errata to our systems through this tool. Navigate to the search field and enter title ~ openssl. This shows all errata relating to OpenSSL. Although this includes bug fixes and enhancements, note that Satellite Server cannot install these errata to our test system due to the filter we created in Section 7.4.1, “Creating a Content Filter”.

Click on the most recent OpenSSL errata. In our example, this is RHSA-2016:0008.

The Details screen for this erratum appears and provides a description of what the erratum resolves.

Navigate to the Content Hosts subtab. This displays a list of all applicable systems for this errata. We select Only show content hosts where the errata is currently installable in the host’s Lifecycle Environment to limit this list to systems that can actually install the errata.

Select our test system and click Apply to Hosts. A confirmation screen appears regarding the errata installation. Click Confirm.

Satellite Server starts a task to update the erratum’s packages for each selected system. When the task completes, log in to the client system and confirm the errata updates:

[root@client ~]# yum list openssl openssl-libs

For CLI Users

Although the CLI does not have the same tools as the Web UI, you can replicate a similar procedure with CLI commands.

List all OpenSSL errata:

# hammer erratum list --search "title ~ openssl" --organization "ACME"

Search again, restricting the list to installable errata:

# hammer erratum list \
--errata-restrict-installable true \
--search "title ~ openssl" --organization "ACME"

Find out details about this errata:

# hammer erratum info --id RHSA-2016:0008

List the systems that this erratum is applicable:

# hammer host list \
--search "applicable_errata = RHSA-2016:0008" \
--organization "ACME"

Apply the errata to a single system:

# hammer host errata apply \
--host client.example.com \
--errata-ids RHSA-2016:0008

Enter the following command for each client system and replace --host with the name of the system for each execution.

# for HOST in `hammer \
--csv --csv-separator "|" host list \
--search "applicable_errata = RHSA-2016:0008" \
--organization "ACME" | tail -n+2 | awk \
-F "|" '{ print $2 }'` ; do echo \
"== Applying to $HOST ==" ; hammer host errata apply \
--host $HOST --errata-ids RHSA-2016:0008 ; done

This command identifies all hosts with RHSA-2016:0008 as an applicable erratum and then applies the erratum to each host.

Log in to the client system and confirm the errata updates:

[root@client ~]# yum list openssl openssl-libs

9.5. Subscribing to Errata Notifications

You can configure email notifications for Satellite users as described in Configuring Email Notifications in Administering Red Hat Satellite. Users can receive a summary of applicable and installable errata, notifications on Content View promotion or after synchronizing a repository.

9.6. Chapter Summary

This chapter provided some guidelines on how Red Hat Satellite 6 manage errata and applies them to systems.

The next chapter explores container management in Red Hat Satellite 6.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.