How to Use RedHat Satellite Server Web Portal for patching

byLiveStream -
0

 

1.View outstanding patches

  1. Log into the Redhat Satellite web portal, https://rhn/Login.do

clip_image002

  1. find the servers you want to verify by using filter
    1. Click on Systems tab
    2. Enter the server name or first few letters of the server name in the “Filter by System Name” box and click go to filter.
    3. You will have an overview summary of the available patches, in the Filtered result window. This is useful if you want to see a group of servers.

clip_image004

  1. Or, find the servers you want by using “Search” function, then click the hostnames to see the available patches. No overview summaries will be provided vs. the method above.

clip_image006

2.Install selected patches

  1. Click the “software” tab to get the “Errata (Security Advisory - Bulletin)” and “Packages” option.

clip_image008

  1. Search for your Errata or package that you would like to have installed on the server, heck mark all the packages you would like to install.

clip_image010

  1. After selecting, click on the “Apply Errata” button at the bottom of the page. (Please make sure you have a CR associated with any PROD changes)
  2. To patch immiediately, Click the “Schedule action as soon as possible” option and click confirm to apply in real time

clip_image012

clip_image014

  1. To Schedule a patch - Click the “Schedule action for no sooner than” option, select the date and time and click confirm to update the system at desired time. – This will create a scheduled or pending job

clip_image016

  1. Verification - You can now click on the main “schedule” to see you jobs
    1. You can click on pending actions to see the jobs that you’ve scheduled

clip_image018

    1. You can also click on “completed actions” to see the jobs that were run successfully.

clip_image020

  1. Real-time verfication – – if your host has the osad package installed, you can verify the package status in real time from web portal. Otherwise the client systems will check in to Satellite Server every 4 hours to provide status. Or you can force a check-in by running - rhn_check command from client hosts.

For PROD CR, it is recommended to double check the results from client hosts.

You can check the osad status by using:

service osad status

If the osad service does not exist then it probably is not installed. To install osad and start it run this command:

yum install osad;

chkconfig osad on;

service osad start

3.Install a selected patch to multiple servers

This is useful for projects who want to close certain vulnerabilities according to the monthly IVA/EVA report or CMRP.

  1. Click Errata in the home page to view all available patches, click the patch you want to install clip_image022
  1. Click Affected Systems, use the filter to locate your hosts, you can select more than one servers to apply in the same time. Click Apply. clip_image024
  1. In the confirmation page, you can schedule it or patch right away, then verify. Same as the section#4.4 to #4.6 clip_image026

4.Create a server snapshot & rollback

This is useful if you want to have a rollback plan in OS level.

  1. From homepage, click System àlocate your server (refer section#3) àclick your server name à Click Provisioning à Click Snapshot Tags in the sub menu. clip_image028
  2. Clcik Create a new system tag at right hand. clip_image030
  3. Enter a tag name (preferred to use Date+CR) please make sure you have a CR for PROD changes. Then click Tag Current Snapshot clip_image032
  4. Verify the snapshot is ready clip_image034
  5. Now you can go ahead for your patch
  6. To rollback, click the snapshot avalaible from step#4, review the changes then click rollback sanpshot clip_image036

5.Compare server packages

This is very useful if you want to compare the difference of DEV vs. QA, or QA vs. PROD* or between cluster members.

  1. From homepage, click System àlocate your server using filter (refer section#3). In this case, we want to compare APP01 vs. APP02 to see the difference. Click the APP01 clip_image038
  2. In the server tab, click Softwareà Packages à Compare Packages Profiles/ Manage Package Profiles clip_image040
  3. Select the 2nd server you want to compare with from dropdown list, click compare clip_image042
  4. In the result page you can see the difference and fill the gap if needed. clip_image044

*Due to the segregation of PROD and non-PROD, currently there is no direct method to compare PROD vs. non-PROD. Please follow up with  if you have the requirement.

6.Some considerations

  1. If the patch involved Kernel update, you will still need arrange a OS reboot, this may also involve application /DB shutdown in your CR#.
  2. You can schedule a server reboot if needed from System à locate your server à Schedule a reboot. clip_image046
  3. Currently we can’t compare non-PROD vs. PROD directly
Tags:

Post a Comment

Previous Post Next Post