8.6.01.02 Hotfix-1: Support for CDN channels for Red Hat Patching

Red Hat is transitioning from its Red Hat Network (RHN) hosted interface to a new Red Hat Subscription Management (RHSM) interface. With this transition, Red Hat begins with discontinuing the Red Hat Network Classic Hosted site by July 31, 2017. 

For more information on RHEL support, see the  FAQs on the Red Hat customer portal .

To continue patching on RHEL versions 5, 6, and 7 after July 31, 2017, BMC recommends customers to use Content Delivery Network (CDN) channels for downloading patches. BMC Server Automation 8.9 already supports CDN channels for patching. For BMC Server Automation version 8.6, you must apply the BSA 8.6.01.02 Hotfix-1. 

Before you begin

Ensure that you are running BMC Server Automation version 8.6 SP1 Patch 2 (8.6.01.002). This hotfix will not work with any other BMC Server Automation versions. For more information, see Version 8.6.01.002: Patch 2 for Service Pack 1.

Supported CDN features

The following table shows the features supported in the earlier XMLRPC environment and now in the CDN channels. 

RHEL feature
XMLRPC

CDN

(For offline patch catalogs only)

RPM support for RHEL versions 5, 6, and 7

Yes (Not available for RHEL 7)Yes
Child channels support for RHEL versions 5, and 6YesYes
zSeries support for RHEL 5, and 6YesYes
Update Level support for RHEL 5, 6, and 7Yes (Not available for RHEL 7)Conditional (See workaround Creating an update level catalog)
Errata support for RHEL 5, 6, and 7Yes (Not available for RHEL 7)No

Important

For RHEL versions 5 and 6, this hotfix enables using CDN for Offline Patch Catalogs only. For RHEL 7, you can use CDN for both Online and Offline Patch Catalogs.

For Online Patch Catalog support for RHEL 5, and 6 versions, upgrade to either of the latest versions of BMC Server Automation:

  • Patch 5 for version 8.7
  • Patch 2 for version 8.8
  • 8.9

Downloading and installing the files

To install this hot fix, your BMC Server Automation version must be 8.6 SP1 Patch 2 (8.6.01.002).

Note

You must log on to BMC documentation website to access the FTP location.

 The following table provides information about the FTP location to download the hotfix.
Download the hotfix and extract the following files included in the hotfix package:


FileMD5 Checksum
redhat-feed-1.0-SNAPSHOT.jar8a8f91e8bb7e651e3e1436dce2263930
redhat-feed-1.0.jar8a8f91e8bb7e651e3e1436dce2263930
All-OS-Patch-Downloaders-linux-build-8.6.01.tar.gzd642eb538a5c7a51b3f2f07da50c6ce1
yum-channels.xmle975dfb64292adebec0177b25baf559d

Applying the hotfix

Perform the following steps to apply the hotfix:

Important

You must apply this hotfix on all BMC Server Automation Application Servers in your environment. 

  1. Stop all BladeLogic services such as appserver, PXE, Process Spawner, and other NSH processes on all BMC Server Automation Application Servers.
  2. On the BMC Server Automation Application Server host, go to <Appserver install location>\NSH\br\stdlib and back up and remove the following files:
    1. redhat-feed-1.0.jar

    2. redhat-feed-1.0-SNAPSHOT.jar

      Note

      Do not place your backup files in the <Appserver install location>\NSH\br\stdlib directory.

  3. Place the files included in the hotfix (redhat-feed-1.0.jar and redhat-feed-1.0-SNAPSHOT.jar) in the <Appserver install location>\NSH\br\stdlib directory.
  4. Start the BladeLogic services (such as appserver, PXE, Process Spawner, and other NSH processes). 
  5. Repeat step 1 to 4 on all application servers in your environment.

Running the Patch Downloader utility

After applying the hotfix, perform the following steps to download RHEL packages and run the Patch Downloader Utility.

Note

The steps mentioned here are a high-level summary of the actions that you need to perform after applying the hotfix. For a detailed procedure for each action, see the corresponding documentation provided in the Additional information column.

 TaskAdditional information
1.

Register with RedHat

    It is recommended to use a RedHat server that is registered with RedHat via the subscription-manager utility as the repository server. 

    To use the tool, you must run the tool as root. The tool uses the same user name and password as the Red Hat Customer Portal to register the system.

    If the system is not already registered, the following procedure describes how to both register the system and attach subscriptions at the same time.

    1. Enter the following command to register your system:   
      subscription-manager register
       
    2. When prompted, enter your Red Hat Customer Portal user name and password.
    3. From a shell prompt, enter the following to display a list of the available subscriptions: 
      subscription-manager list --available
        
    4. From the resulting list, locate the pool ID for the subscription you need.
    5. Using the pool ID you located previously, enter the following to attach the appropriate subscription to your system: 
      subscription-manager attach --pool=pool_id
       
    6. Enter the following to verify the list of subscriptions attached to your system:
       subscription-manager list --consumed   

    For more information about using the Red Hat Subscription Management tool, see the Red Hat online technical documentation.

    You are now ready to add certificates (see Step 3: Obtain the required certificates).

    Use this procedure to register an account on the Red Hat Customer Portal, if you do not already have an account.

    1. Log on to the Red Hat Customer Portal and click Subscriptions at the top of the page.
    2. At the bottom of the page, under Subscriber Inventory, click Systems.
    3. Click Register a system, if you have not already registered your system.
    4. Enter the details of your system and click Register.
    5. Go to Step 2: Obtain the required certificates.
    Creating a patch catalog for RHEL
    2.

    Obtain the required certificates

      Use this option if you have a server registered by running Red Hat Subscription Management tool (subscription-manager), and attached to a license.  (For more information, see: Red Hat online technical documentation)

      The offline downloader requires three certificates to be specified in the redhat-cert section of the configuration file.  These three certificates are available at the noted locations:

      caCert: /etc/rhsm/ca/redhat-uep.pem

      clientCert: /etc/pki/entitlement/<hash>.pem

      clientKey: /etc/pki/entitlement/<hash>-key.pem

      Note the location of these files and provide them when creating the offline downloader configuration file.

      Tip

      The client certificate and key file names are changed whenever they are re-issued. Before you run the offline downloader, verify that the certificate names are valid by checking the offline downloader configuration file and the /etc/pki/entitlements directory.  If the names have changed, update the offline downloader configuration file.

      Use this procedure to obtain certificates using the Red Hat Customer Portal:

      1. After your system is registered, click the Attached Subscriptions tab on the Red Hat Customer Portal.
      2. Attach a subscription to your system by clicking the Attach a subscription link.
      3. Select the type of subscription you are using and click Attach Selected.
      4. In the Entitlement certificate column of the attachment click Download, to download the entitlement certificate file.
      5. Rename the file to client-cert.pem and copy it to a location on the repository server.
      6. On the Identity Certificate tab click Download, to download the identity key certificate file.
      7. Rename the file to client-key.pem and copy it to a location on the repository server.
      8. When creating the offline downloader configuration file use these files (specifying the file path) in the redhat-cert section:

        caCert: /etc/rhsm/ca/redhat-uep.pem

        clientCert: /path/to/client-cert.pem

        clientKey: /path/to/client-key.pem



       
      3.

      On the Red Hat repository server extract the All-OS-Patch-Downloaders-linux-build-8.6.01.tar.gz file provided with the hotfix.

       -
      4.

      Prepare a configuration XML file to be used by the Patch Downloader utility.

      You can refer to the sample (sample-redhat-downloader-config.xml) file included in the All-OS-Patch-Downloaders-linux-build-8.5.01.tar.gz file.

      Specify the certificates obtained earlier by using the <redhat-cert> XML tag.

      There are two possible methods to identify what channel to download from RedHat.

      1. Use the channel label listed in the yum-channels.xml

         Click here to expand...

        The yum-channels.xml file included with the hotfix contains a list of common RedHat channels.  Locate the name of the channel you want to use, for example Red Hat Enterprise Linux 7 Server (RPMs) in the yum-channels.xml. You can find other information about the channel that is useful for the downloader configuration

        <yum-channel>
            <channel-name>Red Hat Enterprise Linux 7 Server (RPMs)</channel-name>
            <channel-os>RHES7</channel-os>
            <channel-arch>x86_64</channel-arch>
            <channel-label>rhel-7-server-rpms</channel-label>
            <channel-url>https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os</channel-url>
        </yum-channel>

        Here we take note of the channel-label,channel-os and channel-arch.  When constructing the downloader xml file we will use those values as seen below in the channel-type-filter section example below:

        <channel-type-filter>
            <os>RHES7</os>
            <arch>x86_64</arch>
            <channel-label>rhel-7-server-rpms</channel-label>
        </channel-type-filter>

        The offline downloader does not support the errata-type-filter at this time. The channel-type-filter will download only RPMs and not Erratas.

      2. Use the CDN Url if the yum-channels.xml file does not list the channel you want see the section below about adding child channels to the downloader configuration file.

      Below is an example downloader configuration file using the channel-type-filter:

       Click here to view the sample configuration XML file
      <!-- Sample File -->
      <redhat-downloader-config>
          <config>
              <temporary-location>/tmp</temporary-location>
              <payload-repository-location>/home/repo/</payload-repository-location>
              <download-request-retries>10</download-request-retries>
              <download-request-timeout>180000</download-request-timeout>
              <downloader-parallel-threads>10</downloader-parallel-threads>
          </config>
          <subscription>
              <redhat-cert cert-arch="x86_64">
                  <caCert>/etc/rhsm/ca/redhat-uep.pem</caCert>
                  <clientCert>/etc/pki/entitlements/123456.pem</clientCert>
                  <clientKey>/etc/pki/entitlements/123456-key.pem</clientKey>
              </redhat-cert>
              <channel-type-filter>
                  <os>RHES7</os>
                  <arch>x86_64</arch>
                  <channel-label>rhel-7-server-rpms</channel-label>
               </channel-type-filter> 
          </subscription>
      </redhat-downloader-config>
      Preparing the configuration file for Red Hat Enterprise Linux
      5.

      Run the Patch Downloader utility and specify the configuration file and RHEL username and password.

      For example, run the following command.

      sh redhat_downloader.sh -configFile "<downloaderConfigurationFilePath>" -rhnUser "<rhnUserName>" -rhnPass "<rhnPassword>"
      Running the Patch Downloader utility for Red Hat Enterprise Linux
      6.

      After the utility is run successfully, you can create and update the patch catalog in an offline mode on the application servers by using the OS-arch filters.

      After the patch catalog run is successful, you can now use the catalog for RHEL patching.

      Creating a patch catalog for RHEL

      Creating an update level catalog

      To create an update level catalog, perform the following steps:

      1. From the Red Hat website, download the ISO image files on the Red Hat server. 
      2. Enter the following command to extract packages from ISO.

        redhat_downloader.sh -extractPackagesFromISO -repoLocation <repo-path> -isoLocation <ISO-dir-path> -osArch <osArch, Ex: RHAS4-x86, RHAS4-x86_64>
      3. Enter the following command to create a repository from the extracted packages.

        redhat_downloader.sh -createRepo -srcLocation "<location1,os-arch;location2,os-arch>" -repoLocation <repository path>
      4. Create an offline patch catalog on the application server by using the OS and architecture filters that match your environment. 
        Ensure that you do not select the Enable Update Level check box. 
      5. Update the catalog.
        After the patch catalog run is successful, you can now use the catalog for RHEL patching. For more information, see To extract packages from ISO.

      Downloading child channels

      The yum-channels.XML file provided with the hotfix includes base channels. For multiple subscriptions, you must perform this procedure for each certificate. 

      Important

      Before downloading the child channels, ensure that the RHSM Certificate Tool (RCT) is available on the Red Hat repository server. 

      Perform the following procedure to create a URL to download child channels.

      1. Obtain the client certificate.
      2. Enter the following command.

        rct cat-cert <Client certificate>

        The following information is displayed in multiple content tabs.

        Content:
        		Type: yum
        		Name: Red Hat Enterprise Linux Scalable File System (for RHEL 6 Server) - Extended Update Support (RPMs)
        		Label: rhel-sfs-for-rhel-6-server-eus-rpms
        		Vendor: Red Hat
        		URL: /content/eus/rhel/server/6/$releasever/$basearch/scalablefilesystem/os
        		GPG: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
        		Enabled: False
        		Expires: 86400
        		Required Tags: rhel-6-server
        		Arches: x86_64
      3. In the URL field, specify the values applicable to your environment:
        1. $releasever: <OS Major Version>Server

        2. $basearch: <One of the required architecture value>

        For example, if your OS version is 6 and the architecture is x86_64, then the content URL is: 
        /content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os
      4. Use the channel URL as created in Step 3 to access the offline downloader.
        For example, https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os
      5. In the offline downloader filter.xml file, specify the following filter.

        <channel-type-filter>
           <os>RHES6</os>
           <arch>x86_64</arch>
           <channel-label>rhel-sfs-for-rhel-6-server-eus-rpms</channel-label>
           <channel-url>https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os</channel-url>
        </channel-type-filter>

        Specify the following tags in the <channel-type-filter> tag:

        1. <channel-label>: Specifies the label attribute as displayed in the Content tab. 
          For example, rhel-sfs-for-rhel-6-server-eus-rpms

        2. <channel-url>: Specifies the URL as created in Step 3.
          For example, https://cdn.redhat.com/content/dist/rhel/server/6/6Server/x86_64/resilientstorage/os

        3. <arch>: Specifies the architecture as displayed in the Content tab.
          For example, x86_64. 

      Related topics

      Notification of end of XML-RPC protocol support for Red Hat patching

      Creating a patch catalog

      Was this page helpful? Yes No Submitting... Thank you

      Comments