8.5.01.05-Hotfix-2: Support for CDN channels for RHEL patching

Red Hat is transitioning from its Red Hat Network (RHN) hosted interface to a new Red Hat Subscription Management (RHSM) interface. With this transition, Red Hat begins with discontinuing the Red Hat Network Classic Hosted site from July 31, 2017.

For more information on the updates and deadlines about RHEL support, see the FAQs on the Red Hat customer portal .

To continue patching on RHEL versions 5 and 6 after July 31, 2017, BMC recommends customers to use Content Delivery Network (CDN) channels for downloading patches. BMC Server Automation 8.9 already supports CDN channels for patching. For performing patching on BMC Server Automation version 8.5, you must apply the BSA 8.5.01.05-Hotfix-2.

Before you begin

To install this hot fix, ensure that you are running BMC Server Automation version 8.5 SP1 Patch 5 (8.5.01.005). For more information, see Patch 5 for Service Pack 1: version 8.5.01.005.

Supported CDN features

The following table shows the features supported in the earlier XMLRPC environment and now in the CDN channels.

RHEL feature	XMLRPC	CDN (For offline patch catalogs only)
RPM support for RHEL versions 5 and 6	Yes	Yes
Child channels support for RHEL versions 5 and 6	Yes	Yes
zSeries support for RHEL 5 and 6	Yes	Yes
Update Level support for RHEL 5 and 6	Yes	Conditional (See workaround for Creating an update level catalog )
Errata support for RHEL 5 and 6	Yes	No

Important

For RHEL versions 5 and 6, this hotfix enables using CDN for Offline Patch Catalogs only.

For Online Patch Catalog support for RHEL 5 and 6 versions, upgrade to either of the latest versions of BMC Server Automation:

Patch 5 for version 8.7
Patch 2 for version 8.8
8.9

Downloading and installing the files

To install this hot fix, your BMC Server Automation version must be 8.5 SP1 Patch 5 (8.5.01.005).

The following table provides information about the FTP location to download the hotfix.

Note

You must be logged into the docs.bmc.com site to see the ftp location.

Download the hotfix and extract the following files included in the hotfix package to a temporary location on each application server and the system used to run the offline patch downloader:

File	MD5 Checksum
redhat-feed-1.0-SNAPSHOT.jar	077bb165778a20955326f55a75ab5d9b
redhat-feed-1.0.jar	077bb165778a20955326f55a75ab5d9b
All-OS-Patch-Downloaders-linux-build-8.5.01.tar.gz	817f8ef1948dc9511cb7f8468a4465d6
yum-channels.xml	f8d434af871c06ebb1d0f50a2f16f64e

Applying the hotfix

Perform the following steps to apply the hotfix:

Important

You must apply this hotfix on all BMC Server Automation Application Servers in your environment.

Stop all BladeLogic services such as appserver, PXE, Process Spawner, and other NSH processes on all BMC Server Automation Application Servers.
On the BMC Server Automation Application Server host, go to <Appserver install location>\NSH\br\stdlib and backup and then remove the following files:
1. redhat-feed-1.0.jar
2. redhat-feed-1.0-SNAPSHOT.jar
  
  Do not place your backup files in the <Appserver install location>\NSH\br\stdlib directory.
Place the files included in the hotfix (redhat-feed-1.0.jar and redhat-feed-1.0-SNAPSHOT.jar) in the <Appserver install location>\NSH\br\stdlib directory.
Start the BladeLogic services (such as appserver, PXE, Process Spawner, and other NSH processes).
Repeat step 1 to 4 on all the Application Servers in your environment.

Running the Patch Downloader utility

After applying the hotfix on the application server(s), perform the following steps to download RHEL packages and run the Patch Downloader Utility. The updated Patch Downloader utility is included in the All-OS-Patchloaders-linux-build-8.5.01.tar.gz.

Note

The steps mentioned here are a high-level summary of the actions that you need to perform after applying the hotfix. For a detailed procedure for each action, see the corresponding documentation provided in the Additional information column.

	Task	Additional information
1.	Register with RedHat It is recommended to use a RedHat server that is registered with RedHat via the subscription-manager utility as the repository server. To use the tool, you must run the tool as `root`. The tool uses the same user name and password as the Red Hat Customer Portal to register the system. If the system is not already registered, the following procedure describes how to both register the system and attach subscriptions at the same time. Enter the following command to register your system: `subscription-manager register` When prompted, enter your Red Hat Customer Portal user name and password. From a shell prompt, enter the following to display a list of the available subscriptions: `subscription-manager list --available` From the resulting list, locate the pool ID for the subscription you need. Using the pool ID you located previously, enter the following to attach the appropriate subscription to your system: `subscription-manager attach --pool=pool_id` Enter the following to verify the list of subscriptions attached to your system: `subscription-manager list --consumed` For more information about using the Red Hat Subscription Management tool, see the Red Hat online technical documentation. You are now ready to add certificates (see Step 3: Obtain the required certificates). Use this procedure to register an account on the Red Hat Customer Portal, if you do not already have an account. Log on to the Red Hat Customer Portal and click Subscriptions at the top of the page. At the bottom of the page, under Subscriber Inventory, click Systems. Click Register a system, if you have not already registered your system. Enter the details of your system and click Register. Go to Step 2: Obtain the required certificates.	-
2.	Obtain the required certificates Use this option if you have a server registered by running Red Hat Subscription Management tool (subscription-manager), and attached to a license. (For more information, see: Red Hat online technical documentation) The offline downloader requires three certificates to be specified in the redhat-cert section of the configuration file. These three certificates are available at the noted locations: caCert: /etc/rhsm/ca/redhat-uep.pem clientCert: /etc/pki/entitlement/<hash>.pem clientKey: /etc/pki/entitlement/<hash>-key.pem Note the location of these files and provide them when creating the offline downloader configuration file. Tip The client certificate and key file names are changed whenever they are re-issued. Before you run the offline downloader, verify that the certificate names are valid by checking the offline downloader configuration file and the /etc/pki/entitlements directory. If the names have changed, update the offline downloader configuration file. Use this procedure to obtain certificates using the Red Hat Customer Portal: After your system is registered, click the Attached Subscriptions tab on the Red Hat Customer Portal. Attach a subscription to your system by clicking the Attach a subscription link. Select the type of subscription you are using and click Attach Selected. In the Entitlement certificate column of the attachment click Download, to download the entitlement certificate file. Rename the file to client-cert.pem and copy it to a location on the repository server. On the Identity Certificate tab click Download, to download the identity key certificate file. Rename the file to client-key.pem and copy it to a location on the repository server. When creating the offline downloader configuration file use these files (specifying the file path) in the redhat-cert section: caCert: /etc/rhsm/ca/redhat-uep.pem clientCert: /path/to/client-cert.pem clientKey: /path/to/client-key.pem
3.	On the Red Hat repository server extract the All-OS-Patch-Downloaders-linux-build-8.5.01.tar.gz file provided with the hotfix.	-
4.	Prepare a configuration XML file to be used by the Patch Downloader utility. You can refer to the sample (sample-redhat-downloader-config.xml) file included in the All-OS-Patch-Downloaders-linux-build-8.5.01.tar.gz file. Specify the certificates obtained earlier by using the `<redhat-cert>` XML tag. There are two possible methods to identify what channel to download from RedHat. Use the channel label listed in the yum-channels.xml. Click here to expand... The yum-channels.xml file included with the hotfix contains a list of common RedHat channels. Locate the name of the channel you want to use, for example Red Hat Enterprise Linux 7 Server (RPMs) in the yum-channels.xml. You can find other information about the channel that is useful for the downloader configuration `<yum-channel> <channel-name>Red Hat Enterprise Linux 7 Server (RPMs)</channel-name> <channel-os>RHES7</channel-os> <channel-arch>x86_64</channel-arch> <channel-label>rhel-7-server-rpms</channel-label> <channel-url>https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os</channel-url> </yum-channel>` Here we take note of the channel-label,channel-os and channel-arch. When constructing the downloader xml file we will use those values as seen below in the channel-type-filter section example below: `<channel-type-filter> <os>RHES7</os> <arch>x86_64</arch> <channel-label>rhel-7-server-rpms</channel-label> </channel-type-filter>` As noted above, the errata-type-filter is not supported for CDN downloads in the offline downloader. The channel-type-filter will retrieve only RPMs and not Erratas. Use the CDN Url if the yum-channels.xml file does not list the channel you want see the section below about adding child channels to the downloader configuration file. Below is an example downloader configuration file using the channel-type-filter: Click here to view the sample configuration XML file <!-- Sample File --> <redhat-downloader-config> <config> <temporary-location>/tmp</temporary-location> <payload-repository-location>/home/repo/</payload-repository-location> <download-request-retries>10</download-request-retries> <download-request-timeout>180000</download-request-timeout> <downloader-parallel-threads>10</downloader-parallel-threads> </config> <subscription> <redhat-cert cert-arch="x86_64"> <caCert>/etc/rhsm/ca/redhat-uep.pem</caCert> <clientCert>/etc/pki/entitlements/123456.pem</clientCert> <clientKey>/etc/pki/entitlements/123456-key.pem</clientKey> </redhat-cert> <channel-type-filter> <os>RHES7</os> <arch>x86_64</arch> <channel-label>rhel-7-server-rpms</channel-label> </channel-type-filter> </subscription> </redhat-downloader-config>	Preparing the configuration file for Red Hat Enterprise Linux
5.	Run the Patch Downloader utility and specify the configuration file and RHEL username and password. For example, run the following command. `sh redhat_downloader.sh -configFile "<downloaderConfigurationFilePath>" -rhnUser "<rhnUserName>" -rhnPass "<rhnPassword>"`	Running the Patch Downloader utility for Red Hat Enterprise Linux
6.	After the utility is run successfully, you can create and update the patch catalog in an offline mode. After the patch catalog run is successful, you can now use the catalog for RHEL patching.	Patch catalog - Red Hat Catalog

Creating an update level catalog

To create an update level catalog, perform the following steps:

From the Red Hat website, download the ISO image files on the Red Hat server.

Enter the following command to extract packages from ISO.

redhat_downloader.sh -extractPackagesFromISO -repoLocation <repo-path> -isoLocation <ISO-dir-path> -osArch <osArch, Ex: RHAS4-x86, RHAS4-x86_64>

Enter the following command to create a repository from the extracted packages.

redhat_downloader.sh -createRepo -srcLocation "<location1,os-arch;location2,os-arch>" -repoLocation <repository path>

Create an offline patch catalog on the application server by using the OS and architecture filters that match your environment.
Ensure that you do not select the Enable Update Level check box.
Update the catalog.
After the catalog run is successful, you can now use the catalog for RHEL patching. For more information, see To extract packages from ISO.

Downloading child channels

The yum-channels.XML file provided with the hotfix includes base channels. This procedure describes how to create a URL to download child channels. For multiple subscriptions, you must perform this procedure for each certificate.

Important

Before downloading child channels, ensure that the RHSM Certificate Tool (RCT) is available on the Red Hat repository server.

Perform the following procedure to create a URL to download child channels.

Obtain the client certificate.

Enter the following command.

rct cat-cert <Client certificate>

The following information is displayed in multiple content tabs.

Content:
					Type: yum
					Name: Red Hat Enterprise Linux Scalable File System (for RHEL 6 Server) - Extended Update Support (RPMs)
					Label: rhel-sfs-for-rhel-6-server-eus-rpms
					Vendor: Red Hat
					URL: /content/eus/rhel/server/6/$releasever/$basearch/scalablefilesystem/os
					GPG: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
					Enabled: False
					Expires: 86400
					Required Tags: rhel-6-server
					Arches: x86_64

In the URL field, specify the values applicable to your environment:
1. $releasever: <OS Major Version>Server
2. $basearch: <One of the required architecture value>
For example, if your OS version is 6 and the architecture is x86_64, then the content URL is:
/content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os
Use the channel URL as created in Step 3 to access the offline downloader.
For example, https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os
In the offline downloader filter.xml file, specify the following filter.
```
<channel-type-filter>
   <os>RHES6</os>
   <arch>x86_64</arch>
   <channel-label>rhel-sfs-for-rhel-6-server-eus-rpms</channel-label>
   <channel-url>https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os</channel-url>
</channel-type-filter>
```
Specify the following tags in the <channel-type-filter> tag:
1. <channel-label>: Specifies the label attribute as displayed in the Content tab.
  For example, rhel-sfs-for-rhel-6-server-eus-rpms
2. <channel-url>: Specifies the URL as created in Step 3.
  For example, https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os
3. <arch>: Specifies the architecture as displayed in the Content tab.
  For example, x86_64.

8.5.01.05-Hotfix-2: Support for CDN channels for RHEL patching

Before you begin

Supported CDN features

Downloading and installing the files

Running the Patch Downloader utility

Register with RedHat

Obtain the required certificates

Creating an update level catalog

Downloading child channels

Related topics

Comments