Preparing the configuration file for Red Hat Enterprise Linux

In the configuration file, you provide information that is used by the Patch Downloader utility. This information includes definition of a proxy server (if one is used), identification of a local, temporary directory on the server that is used by the Patch Downloader utility during download, and download of filter definitions.

This topic contains the following sections:

Important

The transition from Red Hat Network (RHN) hosted interface to Red Hat Subscription Management (RHSM) interface will not allow TrueSight Server Automationcustomers to download patches using the RHN download option anymore.

To enable customers to seamlessly continue patching on Red Hat Enterprise Linux, TrueSight Server Automation has deprecated the RHN download option from the product. All patching on Red Hat Enterprise Linux (RHEL) targets must be performed using the CDN filters in the configuration XML file.

Before you begin

Use the following command to encrypt the password supplied to the proxy server by the Patch Downloader utility. You must specify the resulting encrypted password in the <password></password> tag in the configuration XML file.

sh redhat_downloader.sh -encode <passwordToEncrypt>

To prepare the configuration file on Red Hat Enterprise Linux

  1. Edit the sample XML configuration file (sample-redhat-downloader-config.xml) for use as the configuration file.

  2. (Optional) Add proxy information by using the following XML tags:

  3. Add download information by using the following XML tags:

  4. Add whether to use certificates from the location specified in the current configuration file (<redhat-cert> tag) or from the repository server.
     

  5. Modify filters in the <subscription> tag. Filters define patches that are included for download.

    • (Required only if <use-repo-server-cert> is set to 0) If you are downloading rpms from CDN (reposync), add the following tags to specify the location of Red Hat certificates required for downloading the rpms. 

      <redhat-cert cert-arch="<arch>">
         <caCert></caCert>
         <clientCert></clientCert>
         <clientKey></clientKey>
      </redhat-cert>


       Tag

      Description

      <redhat-cert cert-arch="<arch>">

      </redhat-cert>

      The variable <arch> can be x86, x86_64, s390x, ppc64, or ppc64le.

      Click here to expand a table that lists the OS version-Architecture combination of patches that are supported by the CDN (reposync) Red Hat network.

      RHEL version

      Supported processor architectures

      Support for child channels

      RHEL 7

      • x86_64
      • s390x zSeries
      • ppc64 pSeries
      • ppc64le 

      Yes

      RHEL 6

      • x86_64
      • x86
      • s390x zSeries
      • ppc64 pSeries

      Yes

      RHEL 5

      • x86_64
      • x86
      • s390x zSeries

      Yes

      RHEL 4

      • x86_64
      • x86

      No

      <caCert> </caCert>

      Holds the location of the CA certificate file (redhat-uep.pem) that is copied from the subscribed server, see Step 3: Obtain the required certificates.

      <clientCert> </clientCert>

      Holds the location of the subscription certificate file (.pem) in the directory that is downloaded from the Red Hat subscription management service, see Step 3: Obtain the required certificates.

      <clientKey> </clientKey>

      Holds the location of the system ID file that is downloaded from the Red Hat subscription management service, see Step 3: Obtain the required certificates. An example of a system ID file is xxxxxxxxxxxxx-key.pem where xxxxxxxxxxxxx represents a string of numbers.

      Example of tags in the XML configuration file
      <redhat-cert cert-arch="x86_64">              
        <caCert>/home/certs/rh-sslcacert.pem</caCert>
        <clientCert>/home/certs/rh-sslclientcert.pem</clientCert>
        <clientKey>/home/certs/rh-sslclientkey.pem</clientKey>
      </redhat-cert>
      Examples of certificate properties in the patch-psu.properties file
      redhat.reposync.ssl.certificate.dir = /etc/certificates/pki/entitlement/
      redhat.reposync.ssl.ca.certificate.dir = /etc/certfictates/ca/

    • To create a filter that downloads the latest RPMs by errata type, use the following tags:

      Example of tags for Errata Type
      <errata-type-filter repo-type="CDN">
      <os>RHES7</os> 
        <arch>x86_64</arch> 
      <channel-label>rhel-7-server-rpms</channel-label>
         <channel-url>https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os</channel-url> 
      <errata-severity>
         <critical>true</critical> 
      <important>true</important> 
        <moderate>true</moderate> 
      <low>true</low> 
        </errata-severity> 
      <errata-type> 
        <security>true</security> 
      <bugfix>true</bugfix> 
        <enhancement>true</enhancement> 
      </errata-type> 
      </errata-type-filter>

    • To create a filter that downloads a specific errata by errata id, use the following syntax:

      Tag

      Description

      <errata-ids-filter></errata-ids-filter>


      Tag used to enclose an errata type of filter.

      <os> </os>

      OS for the channel label

      <arch> </arch>

      Architecture for the channel label

      <channel-label>
      </channel-label>

      Channel label that you want to download


      <channel-url>
      </channel-url> 


      URLs used in the CDN download option to download the rpms.

      CDN is supported for all the filters of Red Hat. This is mandatory for <errata-ids-filter> and <errata-type-filter>.

      You can get the command URL by using the following command:

      [root@clm-pun-srtffq All-OS-Patch-Downloaders-linux-build-8.9.02]# ./redhat_downloader.sh -listChannels

      <errata-id>
      </errata-id>

      A valid Errata ID for the channel label specified in the filter

      Example of tags for errata ID
      <errata-ids-filter>
               <os>RHAS4</os>
               <arch>x86</arch>
               <channel-label>rhel-i386-as-4</channel-label>
               <channel-url>https://cdn.redhat.com/content/dist/rhel/as/4/4AS/i386/os</channel-url>
               <errata-ids>
                   <errata-id>RHSA-2009:0429</errata-id>
                   <errata-id>RHSA-2009:0430</errata-id>
                   <errata-id>RHEA-2009:0422</errata-id>
                   <errata-id>RHBA-2009:0407</errata-id>
                   <errata-id>RHSA-2009:0397</errata-id>
                   <errata-id>RHBA-2009:0388</errata-id>
               </errata-ids>
           </errata-ids-filter>

    • To create a filter that downloads a specific update level, use the following tags:

      Tag

      Description


      <update-level-filter> </update-level-filter>

      Tag used to enclose a update level filter.

      <os></os>

      OS for the channel label

      <arch></arch>

      Architecture for the channel label

      <channel-label>
      </channel-label>

      Channel label you want to download


      <iso-url> </iso-url>


      (Optional) URLs to download the rpms with the CDN download option.

      <update-level>
      </update-level>

      A valid update level for the channel label specified in the filter Note: The update-level filter works only on Linux computers. It does not work on windows computers.

      Example of tags for Update Level
      <update-level-filter>        
      <os>RHES7</os>          
      <arch>x86_64</arch>          
      <channel-label>rhel-7-server-rpms</channel-label>
      <iso-url>https://cdn.redhat.com/content/dist/rhel/server/7/7.1/x86_64/iso/rhel-server-7.1-x86_64-dvd.iso</iso-url>
      <update-level>1</update-level>
      </update-level-filter>
  6. Save the file. 

The sample-redhat-downloader-config.xml file is shown below, including sample data and parameter descriptions:

<!-- Categorize the erratype/errata ID/update level filter as per one of the valid OS, Architecture values.
Valid values for OS are RHES4, RHES5, RHES6, RHAS4, RHES7(x86_64)
Valid values for Architecture are s390x, x86 and x86_64
For OS RHEL7 with Architecture x86_64 : Please use errata type/errata ID filter. The downloader should be executed on a Linux machine.
Please use downloader command with -listChannel option to know applicable OS and Architecture.
Expect Redhat Analysis to fail if OS Arch values are not from the above valid set of values.
User is responsible for selecting correct combination of OS Arch, downloader will
not validate it. -->
<redhat-downloader-config>
<config>
<temporary-location>/var/tmp</temporary-location>
<payload-repository-location>/repos/rhel/7/packages</payload-repository-location>
<!-- The default value for download-request-retries will be 10 if no value is specified -->
<download-request-retries>10</download-request-retries>
<download-request-timeout>180000</download-request-timeout>
<downloader-parallel-threads>10</downloader-parallel-threads>
<!-- Set use-repo-server-cert to 0 to use certificates given in this configuration file.
Set it to 1 to use certificates from the repository server -->
<use-repo-server-cert>0</use-repo-server-cert>
</config>
<subscription>
<redhat-cert cert-arch="x86_64">
<caCert>/etc/rhsm/ca/redhat-uep.pem</caCert>
<clientCert>/etc/pki/entitlement/3475730102215765451.pem</clientCert>
<clientKey>/etc/pki/entitlement/3475730102215765451-key.pem</clientKey>
</redhat-cert>
<errata-type-filter repo-type="CDN">
<os>RHES7</os>
<arch>x86_64</arch>
<channel-label>rhel-7-server-rpms</channel-label>
<channel-url>https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/os </channel-url>
<errata-severity>
<critical>true</critical>
<important>true</important>
<moderate>true</moderate>
<low>true</low>
</errata-severity>
<errata-type>
<security>true</security>
<bugfix>true</bugfix>
<enhancement>true</enhancement>
</errata-type>
</errata-type-filter>
<errata-type-filter repo-type="CDN">
<os>RHES7</os>
<arch>x86_64</arch>
<channel-label>rhel-server-rhscl-7-rpms</channel-label>
<channel-url>https://cdn.redhat.com/content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os</channel-url>
<errata-severity>
<critical>true</critical>
<important>true</important>
<moderate>true</moderate>
<low>true</low>
</errata-severity>
<errata-type>
<security>true</security>
<bugfix>true</bugfix>
<enhancement>true</enhancement>
</errata-type>
</errata-type-filter>

</subscription>
</redhat-downloader-config>

Where to go from here

Use the command in Running-the-Patch-Downloader-utility-for-Red-Hat-Enterprise-Linux and pass the configuration file as a parameter to download the patches.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*