OS Patching with Satellite

With RedHat Satellite and spacecmd, it’s very easy to see a list of which patches have *not* been applied to all RHEL system’s within your business.

I am going to assume that you have satellite-sync configured to download regular updates into your respective channels. Also that you have integrated your systems into Satellite and that they are subscribed to some of those channels.

I wrote a quick script using spacecmd which retrieves the entire list of integrated Satellite clients and then sends these back to spacecmd to query each server, in order to display which OS patches which have *not* yet been installed.

The script is available here on GitHub.

$ ./show_systems_requiring_patches.sh
INFO: Spacewalk Username: myfirmadmin
INFO: Connected to https://localhost/rpc/api as myfirmadmin

Security Errata
RHSA-2014:0626  Important: openssl097a and openssl098e security       6/5/14
RHSA-2014:0625  Important: openssl security update                    6/5/14
RHSA-2014:0596  Moderate: libtasn1 security update                    6/3/14
RHSA-2014:0595  Important: gnutls security update                     6/3/14
RHSA-2014:0560  Moderate: libvirt security and bug fix update        5/27/14
RHSA-2014:0561  Moderate: curl security and bug fix update           5/27/14
RHSA-2014:0513  Moderate: libxml2 security update                    5/19/14

Bug Fix Errata
RHBA-2014:0636  autofs bug fix update                                 6/9/14
RHBA-2014:0623  ksh bug fix update                                    6/4/14
RHBA-2014:0584  gvfs bug fix update                                   6/2/14
RHBA-2014:0570  iproute bug fix update                               5/29/14
RHBA-2014:0568  audit bug fix update                                 5/28/14
RHBA-2014:0567  389-ds-base bug fix update                           5/28/14
RHBA-2014:0566  openmotif bug fix update                             5/28/14
RHBA-2014:0542  python-rhsm bug fix update                           5/26/14
RHBA-2014:0543  glibc bug fix update                                 5/26/14
RHBA-2014:0519  openswan bug fix update                              5/20/14
RHBA-2014:0521  ksh bug fix update                                   5/20/14
RHBA-2014:0490  selinux-policy bug fix update                        5/14/14
RHBA-2014:0488  scsi-target-utils bug fix update                     5/14/14
RHBA-2014:0493  pm-utils bug fix update                              5/14/14
RHBA-2014:0489  irqbalance bug fix update                            5/14/14

Enhancement Errata
RHEA-2014:0592  tzdata enhancement update                             6/2/14
RHEA-2014:0499  tzdata enhancement update                            5/14/14

To save time, you can apply a RHSA, RHBA or RHEA type of patch across a group of systems defined within Satellite, if it is safe to do so.

$ spacecmd -y system_applyerrata group:web_servers RHSA-2010:0040

Or run a “yum update”, when convenient.

This entry was posted in linux, satellite. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s