Solved: What do you do to push an emergency update outside...

JohnAdams · ‎07-31-2020

Hi, folks,

I have a security thing I have to put onto a server on a test basis. I've been trying--and succeeding--to get everyone to submit third party rpms we'll be using to load into Satellite instead of just loading them. So it's with some embarassment that I'm thinking about putting an rpm in directly from the command line. Why? Because I have to promote the rpm through its content view.

What's the solution to this?

First, if I'm just being a prig about "always deploy through Satellite", tell me. It's possible I'm not being flexible enough.

Second, if you do have to deploy something in a hurry, and you've got your content views promoting automatically (test/dev gets the new one, prod gets last weeks) for you, how do you deploy it?

It's late on a Friday, so if any of this is unclear, just ask me again and I'll try my best.

Thanks,

John A

Travis · ‎08-01-2020

@JohnAdams -

Unfortunately, the is the proper way of using content views. The RPMs being loaded onto the system must exist on the Satellite, be present in a content view, be published to the correct CV/Lifecycle environment, and the server see them.

However, there are some cheats that you can do if you want to test it on a sever or servers. Assuming the packages are in a custom product and custom repositories, and assuming that you also have all other resposoitories kept relatively up-to-date, you can actually cheat with the servers.

Go into Satellite => Hosts => Content Hosts
Click on the host you want to install RPM packages
On the "Details" tab, under "Content Host Content" change the Content View to Default Organization View and the Lifecycle Environment to Library.
On the system, do a "subscription-manager refresh" and a "yum clean all"

You should now have access to the repositories and all packages contained within the repositories without being limited by a content view.

Important: It should be noted, you might need to subscribe to new repositories if the RPMs are contained in repositories that were created and the system has never used before. It is also important to note not to do a "yum update" as this will get all updates because there is no content view available and packages are unrestricted.

Hope this helps ...

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training

View solution in original post

Travis · ‎08-01-2020

@JohnAdams -

Unfortunately, the is the proper way of using content views. The RPMs being loaded onto the system must exist on the Satellite, be present in a content view, be published to the correct CV/Lifecycle environment, and the server see them.

However, there are some cheats that you can do if you want to test it on a sever or servers. Assuming the packages are in a custom product and custom repositories, and assuming that you also have all other resposoitories kept relatively up-to-date, you can actually cheat with the servers.

Go into Satellite => Hosts => Content Hosts
Click on the host you want to install RPM packages
On the "Details" tab, under "Content Host Content" change the Content View to Default Organization View and the Lifecycle Environment to Library.
On the system, do a "subscription-manager refresh" and a "yum clean all"

You should now have access to the repositories and all packages contained within the repositories without being limited by a content view.

Important: It should be noted, you might need to subscribe to new repositories if the RPMs are contained in repositories that were created and the system has never used before. It is also important to note not to do a "yum update" as this will get all updates because there is no content view available and packages are unrestricted.

Hope this helps ...

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training

Fran_Garcia · ‎08-03-2020

Stepping aside for a second... what problem are you trying to solve here? Are content view publications not fast enough for you? Or is it just that you need to be able to say "I can push a new security if in under X time to the whole infrastructure"?

Travis · ‎08-03-2020

@Fran_Garcia -

While you are correct in that a CV can be just as fast, depending on the environment and how things are setup, a CV may not always be the quickest and easiest option for deployment. I was basing my answer on experience and the assumption was it was an emergency to get RPM (x) out on the system as quickly as possible and also noting that the RPM might not work and need to be rolled back off. Content Views can often create additional levels of complications and people often filter content views making some packages that are required as dependencies unavailable.

My suggestion (based on information that was given) is to get the packages uploaded and available in Satellite (as it sounds like people aren't always putting them there) as well as to provide a method of easily installing a given package when content views don't easily work or when users can't find packages. This work-around and method will at least get people putting RPMs into custom products and channels and get them used to Satellite and then the next step would be focusing on a content view.

Travis

Travis Michette, RHCA XIII
https://rhtapps.redhat.com/verify?certId=111-134-086
SENIOR TECHNICAL INSTRUCTOR / CERTIFIED INSTRUCTOR AND EXAMINER
Red Hat Certification + Training

JohnAdams · ‎11-11-2020

What's been said is basically correct: I had an urgent need to install packages outside our schedule and a political/professional/personal need to do it the way I make other people do it.

What do you do to push an emergency update outside a Content View?

Platform

Satellite

Satellite 6 Administration