Share This:

This question has come up a number of times and I decided to spend some time looking into it.  The goal is to be able to leverage a RedHat Satellite server as the source of a RedHat Patch Catalog in TrueSight Server Automation.  Standard disclaimers that this is not currently supported, may not work for you, may stop working in the future, etc, etc.

 

The below assumes some familiarity with Satellite and should work for Satellite version 6.x.  I did this with Satellite 6.5.

 

On the Satellite server, add or edit the file /etc/pulp/server/plugins.conf.d/yum_distributor.json, as noted in this Foreman bug, and add the following:

{                                                                                                                                                                                                                                            

  "generate_sqlite": true                                                                                                                                                                                                                    

}

This is needed because BSA requires the metadata in sqlite format and this is not the default for Satellite.  After making this change you must restart the Pulp worker services.  The next synchronization of your repositories should include the sqlite metadata.  If not, you can forcefully regenerate the metadata of a Content View.

 

To verify you have generated the sqlite metadata, run the below command on the Satellite server after the synchronization completes:

find /var/lib/pulp/published/yum/master/yum_distributor -iname "*sqlite.bz2" -exec ls -la {} \;

-rw-r--r--. 1 apache apache 13938 Jun 14 16:28 /var/lib/pulp/published/yum/master/yum_distributor/ee48df18-3be3-4254-b518-de42a1a37cb4/1560544102.06/repodata/7f8c6bce5464871dd00ed0e0ed25e55fd460abb255ab0aa093a79529bb86cbc2-primary.sqlite.bz2

-rw-r--r--. 1 apache apache 155449 Jun 14 16:28 /var/lib/pulp/published/yum/master/yum_distributor/ee48df18-3be3-4254-b518-de42a1a37cb4/1560544102.06/repodata/cff3aeccd7f3ff871f72c5829ed93720e0f273d1206ee56c66fa8f6ee1d2e486-filelists.sqlite.bz2

-rw-r--r--. 1 apache apache 40915 Jun 14 16:28 /var/lib/pulp/published/yum/master/yum_distributor/ee48df18-3be3-4254-b518-de42a1a37cb4/1560544102.06/repodata/eb5044ef0c9e47dab11b242522890cfe6fbb6cf1942f14757af440ec54c9027f-other.sqlite.bz2

[...]

 

Subscribe the system used to store the RedHat Catalog for TSSA to your Satellite server to obtain the certificates used by TSSA in the catalog synchronization process.

 

In the Patch Global Configuration, or your offline downloader configuration file you will reference these certificates:

SSL CA Cert: /etc/pki/ca-trust/source/anchors/katello-server-ca.pem

SSL Client Cert: /etc/pki/entitlement/<numbers>.pem

SSL Client Key: /etc/pki/entitlement/<numbers>-key.pem

Note that the SSL CA Cert is different than the one used when synchronizing directly with RedHat.

 

You will need to update the RedHat Channel Filters List File (online catalog) or the offline downloader configuration file (offline catalog) with the urls and other information for the Satellite -provided channels you will use in your catalog.  The URLs will look something like:

https://satellite.example.com/pulp/repos/Example/Library/View1/content/dist/rhel/server/7/7Server/x86_64/os

 

The format of the url is https://<satellite server>/pulp/repos/<organization>/<content library>/<view name>/<product>.  An easy way to determine the URLs is to use the rct cat-cert command on the SSL Client Cert:

 

rct cat-cert /etc/pki/entitlement/3591963669563311224.pem

[...]

Content:

Type: yum

Name: Red Hat Enterprise Linux 7 Server (RPMs)

Label: rhel-7-server-rpms

Vendor: Red Hat

URL: /Example/Library/View1/content/dist/rhel/server/7/$releasever/$basearch/os

GPG: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

Enabled: True

Expires: 1

Required Tags: rhel-7-server

Arches: x86_64

 

Another way is to inspect the output of the subscription-manager repos --list command output (which only shows the repos applicable to the OS of the catalog server):

# subscription-manager repos --list

+----------------------------------------------------------+

    Available Repositories in /etc/yum.repos.d/redhat.repo

+----------------------------------------------------------+

Repo ID:   rhel-7-server-rpms

Repo Name: Red Hat Enterprise Linux 7 Server (RPMs)

Repo URL:  https://satellite.example.com/pulp/repos/Example_Org/ExampleEnvironment/ExampleContentView/content/dist/rhel/server/7/$releasever/$basearch/os

Enabled:   1

Repo ID:   rhel-7-server-optional-rpms

Repo Name: Red Hat Enterprise Linux 7 Server - Optional (RPMs)

Repo URL:  https://satellite.example.com/pulp/repos/Example_Org/ExampleEnvironment/ExampleContentView/content/dist/rhel/server/7/$releasever/$basearch/optional/os

Enabled:   0

Repo ID:   rhel-7-server-satellite-tools-6.5-rpms

Repo Name: Red Hat Satellite Tools 6.5 (for RHEL 7 Server) (RPMs)

Repo URL:  https://satellite.example.com/pulp/repos/Example_Org/ExampleEnvironment/ExampleContentView/content/dist/rhel/server/7/7Server/$basearch/sat-tools/6.5/os

Enabled:   0

 

Once you have the urls and other information for the channels you want to build your catalog from you will update the RedHat Channel Filters List File in Patch Global Confgiuration or Offline Downloader configuration file with the urls and other information.

 

Example RedHat Filters file snippet for an online catalog:

[...]

   <redhat-channel use-reposync="true">

        <channel-name>RHEL 7 Optional RPMs from Satellite</channel-name>

        <channel-label>rhel-7-server-optional-rpms-satellite</channel-label>

        <channel-os>RHES7</channel-os>

        <channel-arch>x86_64</channel-arch>

        <channel-url>https://satellite.example.com/pulp/repos/Example_Org/ExampleEnvironment/ExampleContentView/content/dist/rhel/server/7/7Server/x86_64/optional/os</channel-url>

    </redhat-channel>

    <redhat-channel use-reposync="true" is-parent="true">

        <channel-name>RHEL 6 RPMs from Satellite</channel-name>

        <channel-label>rhel-6-server-rpms-satellite</channel-label>

        <channel-os>RHES6</channel-os>

        <channel-arch>x86_64</channel-arch>

        <channel-url>https://satellite.example.com/pulp/repos/Example_Org/ExampleEnvironment/ExampleContentView/content/dist/rhel/server/6/6Server/x86_64/os</channel-url>

    </redhat-channel>

    <redhat-channel use-reposync="true">

        <channel-name>RHEL 6 Optional RPMs from Satellite</channel-name>

        <channel-label>rhel-6-server-optional-rpms-satellite</channel-label>

        <channel-os>RHES6</channel-os>

        <channel-arch>x86_64</channel-arch>

        <channel-url>https://satellite.example.com/pulp/repos/Example_Org/ExampleEnvironment/ExampleContentView/content/dist/rhel/server/6/6Server/x86_64/optional/os</channel-url>

    </redhat-channel>

[...]

This adds the rhel-7-server-rpms and rhel-6-server-rpms as parent channels and the others as child channels.

 

 

Example Offline Downloader configuration file snippet:

       <redhat-cert cert-arch="x86_64">

                <caCert>/etc/pki/ca-trust/source/anchors/katello-server-ca.pem</caCert>

                <clientCert>/etc/pki/entitlement/2717125327657143845.pem</clientCert>

                <clientKey>/etc/pki/entitlement/2717125327657143845-key.pem</clientKey>

        </redhat-cert>

       

        <errata-type-filter>

                        <os>RHES7</os>

                        <arch>x86_64</arch>

                        <channel-label>rhel-7-server-rpms</channel-label>

                        <channel-url>https://satellite.example.com/pulp/repos/Example_Org/ExampleEnvironment/ExampleContentView/content/dist/rhel/server/7/7Server/x86_64/os</channel-url>

                        <errata-severity>

                                <critical>true</critical>

                                <important>true</important>

                                <moderate>true</moderate>

                                <low>true</low>

                        </errata-severity>

                        <errata-type>

                                <security>true</security>

                                <bugfix>true</bugfix>

                                <enhancement>true</enhancement>

                        </errata-type>

        </errata-type-filter>

        <errata-type-filter>

                        <os>RHES7</os>

                        <arch>x86_64</arch>

                        <channel-label>rhel-7-server-optional-rpms</channel-label>

                        <channel-url>https://satellite.example.com/pulp/repos/Example_Org/ExampleEnvironment/ExampleContentView/content/dist/rhel/server/7/7Server/x86_64/optional/os</channel-url>

                        <errata-severity>

                               <critical>true</critical>

                               <important>true</important>

                               <moderate>true</moderate>

                               <low>true</low>

                        </errata-severity>

                        <errata-type>

                                <security>true</security>

                                <bugfix>true</bugfix>

                                <enhancement>true</enhancement>

                       </errata-type>

        </errata-type-filter>

        <errata-type-filter>

                        <os>RHES6</os>

                        <arch>x86_64</arch>

                        <channel-label>rhel-6-server-rpms</channel-label>

                        <channel-url>https://satellite.example.com/pulp/repos/Example_Org/ExampleEnvironment/ExampleContentView/content/dist/rhel/server/6/6Server/x86_64/os</channel-url>

                        <errata-severity>

                               <critical>true</critical>

                               <important>true</important>

                               <moderate>true</moderate>

                               <low>true</low>

                        </errata-severity>

                        <errata-type>

                                <security>true</security>

                                <bugfix>true</bugfix>

                                <enhancement>true</enhancement>

                        </errata-type>

        </errata-type-filter>

              <errata-type-filter>

                        <os>RHES6</os>

                        <arch>x86_64</arch>

                        <channel-label>rhel-6-server-optional-rpms</channel-label>

                        <channel-url>https://satellite.example.com/pulp/repos/Example_Org/ExampleEnvironment/ExampleContentView/content/dist/rhel/server/6/6Server/x86_64/optional/os</channel-url>

                        <errata-severity>

                               <critical>true</critical>

                               <important>true</important>

                               <moderate>true</moderate>

                               <low>true</low>

                        </errata-severity>

                        <errata-type>

                                <security>true</security>

                                <bugfix>true</bugfix>

                                <enhancement>true</enhancement>

                        </errata-type>

        </errata-type-filter>

 

 

At this point, using the online RedHat Patch Catalog or offline downloader is the same as synchronizing with RedHat directly.  Finish the catalog creation and run the Catalog Update Job.

 

 

 

A few references were helpful in setting all of this up (that may require a RedHat Support account to access):

Installing Satellite Server from a Connected Network

How to forcefully regenerate metadata of a content view or repository on Red Hat Satellite 6

How do I register a system to Red Hat Satellite 6 server

How to change download policy of repositories in Red Hat Satellite 6