8.5.01.05-Hotfix-2: Support for CDN channels for RHEL patching
Red Hat is transitioning from its Red Hat Network (RHN) hosted interface to a new Red Hat Subscription Management (RHSM) interface. With this transition, Red Hat begins with discontinuing the Red Hat Network Classic Hosted site from July 31, 2017.
For more information on the updates and deadlines about RHEL support, see the
FAQs on the Red Hat customer portal
.
To continue patching on RHEL versions 5 and 6 after July 31, 2017, BMC recommends customers to use Content Delivery Network (CDN) channels for downloading patches. BMC Server Automation 8.9 already supports CDN channels for patching. For performing patching on BMC Server Automation version 8.5, you must apply the BSA 8.5.01.05-Hotfix-2.
Before you begin
To install this hot fix, ensure that you are running BMC Server Automation version 8.5 SP1 Patch 5 (8.5.01.005). For more information, see Patch 5 for Service Pack 1: version 8.5.01.005.
Supported CDN features
The following table shows the features supported in the earlier XMLRPC environment and now in the CDN channels.
RHEL feature | XMLRPC | CDN (For offline patch catalogs only) |
---|---|---|
RPM support for RHEL versions 5 and 6 | Yes | Yes |
Child channels support for RHEL versions 5 and 6 | Yes | Yes |
zSeries support for RHEL 5 and 6 | Yes | Yes |
Update Level support for RHEL 5 and 6 | Yes | Conditional (See workaround for Creating an update level catalog ) |
Errata support for RHEL 5 and 6 | Yes | No |
Important
For RHEL versions 5 and 6, this hotfix enables using CDN for Offline Patch Catalogs only.
For Online Patch Catalog support for RHEL 5 and 6 versions, upgrade to either of the latest versions of BMC Server Automation:
- Patch 5 for version 8.7
- Patch 2 for version 8.8
- 8.9
Downloading and installing the files
To install this hot fix, your BMC Server Automation version must be 8.5 SP1 Patch 5 (8.5.01.005).
The following table provides information about the FTP location to download the hotfix.
Note
You must be logged into the docs.bmc.com site to see the ftp location.
Download the hotfix and extract the following files included in the hotfix package to a temporary location on each application server and the system used to run the offline patch downloader:
File | MD5 Checksum |
---|---|
redhat-feed-1.0-SNAPSHOT.jar | 077bb165778a20955326f55a75ab5d9b |
redhat-feed-1.0.jar | 077bb165778a20955326f55a75ab5d9b |
All-OS-Patch-Downloaders-linux-build-8.5.01.tar.gz | 817f8ef1948dc9511cb7f8468a4465d6 |
yum-channels.xml | f8d434af871c06ebb1d0f50a2f16f64e |
Applying the hotfix
Perform the following steps to apply the hotfix:
Important
You must apply this hotfix on all BMC Server Automation Application Servers in your environment.
- Stop all BladeLogic services such as appserver, PXE, Process Spawner, and other NSH processes on all BMC Server Automation Application Servers.
- On the BMC Server Automation Application Server host, go to <Appserver install location>\NSH\br\stdlib and backup and then remove the following files:
redhat-feed-1.0.jar
redhat-feed-1.0-SNAPSHOT.jar
Do not place your backup files in the <Appserver install location>\NSH\br\stdlib directory.
- Place the files included in the hotfix (redhat-feed-1.0.jar and redhat-feed-1.0-SNAPSHOT.jar) in the <Appserver install location>\NSH\br\stdlib directory.
- Start the BladeLogic services (such as appserver, PXE, Process Spawner, and other NSH processes).
- Repeat step 1 to 4 on all the Application Servers in your environment.
Running the Patch Downloader utility
After applying the hotfix on the application server(s), perform the following steps to download RHEL packages and run the Patch Downloader Utility. The updated Patch Downloader utility is included in the All-OS-Patchloaders-linux-build-8.5.01.tar.gz.
Note
The steps mentioned here are a high-level summary of the actions that you need to perform after applying the hotfix. For a detailed procedure for each action, see the corresponding documentation provided in the Additional information column.
Task | Additional information | |
---|---|---|
1. | Register with RedHatIt is recommended to use a RedHat server that is registered with RedHat via the subscription-manager utility as the repository server. To use the tool, you must run the tool as If the system is not already registered, the following procedure describes how to both register the system and attach subscriptions at the same time.
For more information about using the Red Hat Subscription Management tool, see the Red Hat online technical documentation. You are now ready to add certificates (see Step 3: Obtain the required certificates). Use this procedure to register an account on the Red Hat Customer Portal, if you do not already have an account.
| - |
2. | Obtain the required certificatesUse this option if you have a server registered by running Red Hat Subscription Management tool (subscription-manager), and attached to a license. (For more information, see: Red Hat online technical documentation) The offline downloader requires three certificates to be specified in the redhat-cert section of the configuration file. These three certificates are available at the noted locations: caCert: /etc/rhsm/ca/redhat-uep.pem clientCert: /etc/pki/entitlement/<hash>.pem clientKey: /etc/pki/entitlement/<hash>-key.pem Note the location of these files and provide them when creating the offline downloader configuration file. Tip The client certificate and key file names are changed whenever they are re-issued. Before you run the offline downloader, verify that the certificate names are valid by checking the offline downloader configuration file and the /etc/pki/entitlements directory. If the names have changed, update the offline downloader configuration file. Use this procedure to obtain certificates using the Red Hat Customer Portal:
| |
3. | On the Red Hat repository server extract the All-OS-Patch-Downloaders-linux-build-8.5.01.tar.gz file provided with the hotfix. | - |
4. | Prepare a configuration XML file to be used by the Patch Downloader utility. You can refer to the sample (sample-redhat-downloader-config.xml) file included in the All-OS-Patch-Downloaders-linux-build-8.5.01.tar.gz file. Specify the certificates obtained earlier by using the There are two possible methods to identify what channel to download from RedHat.
Below is an example downloader configuration file using the channel-type-filter: | Preparing the configuration file for Red Hat Enterprise Linux |
5. | Run the Patch Downloader utility and specify the configuration file and RHEL username and password. For example, run the following command.
| Running the Patch Downloader utility for Red Hat Enterprise Linux |
6. | After the utility is run successfully, you can create and update the patch catalog in an offline mode. After the patch catalog run is successful, you can now use the catalog for RHEL patching. |
Creating an update level catalog
To create an update level catalog, perform the following steps:
- From the Red Hat website, download the ISO image files on the Red Hat server.
Enter the following command to extract packages from ISO.
redhat_downloader.sh -extractPackagesFromISO -repoLocation <repo-path> -isoLocation <ISO-dir-path> -osArch <osArch, Ex: RHAS4-x86, RHAS4-x86_64>
Enter the following command to create a repository from the extracted packages.
redhat_downloader.sh -createRepo -srcLocation "<location1,os-arch;location2,os-arch>" -repoLocation <repository path>
- Create an offline patch catalog on the application server by using the OS and architecture filters that match your environment.
Ensure that you do not select the Enable Update Level check box. - Update the catalog.
- After the catalog run is successful, you can now use the catalog for RHEL patching. For more information, see To extract packages from ISO.
Downloading child channels
The yum-channels.XML file provided with the hotfix includes base channels. This procedure describes how to create a URL to download child channels. For multiple subscriptions, you must perform this procedure for each certificate.
Important
Before downloading child channels, ensure that the RHSM Certificate Tool (RCT) is available on the Red Hat repository server.
Perform the following procedure to create a URL to download child channels.
- Obtain the client certificate.
Enter the following command.
rct cat-cert <Client certificate>
The following information is displayed in multiple content tabs.
Content: Type: yum Name: Red Hat Enterprise Linux Scalable File System (for RHEL 6 Server) - Extended Update Support (RPMs) Label: rhel-sfs-for-rhel-6-server-eus-rpms Vendor: Red Hat URL: /content/eus/rhel/server/6/$releasever/$basearch/scalablefilesystem/os GPG: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release Enabled: False Expires: 86400 Required Tags: rhel-6-server Arches: x86_64
- In the URL field, specify the values applicable to your environment:
$releasever: <OS Major Version>Server
$basearch: <One of the required architecture value>
/content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os - Use the channel URL as created in Step 3 to access the offline downloader.
For example, https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os In the offline downloader filter.xml file, specify the following filter.
<channel-type-filter> <os>RHES6</os> <arch>x86_64</arch> <channel-label>rhel-sfs-for-rhel-6-server-eus-rpms</channel-label> <channel-url>https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os</channel-url> </channel-type-filter>
Specify the following tags in the
<channel-type-filter>
tag:<channel-label>
: Specifies the label attribute as displayed in the Content tab.
For example,rhel-sfs-for-rhel-6-server-eus-rpms
<channel-url>
: Specifies the URL as created in Step 3.
For example, https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os<arch>
: Specifies the architecture as displayed in the Content tab.
For example, x86_64.
Related topics
Notification of end of XML-RPC protocol support for Red Hat patching
Comments