1. Introduction to content management
In the context of orcharhino, content is defined as the software installed on systems. This includes, but is not limited to, the base operating system, middleware services, and end-user applications. With orcharhino, you can manage the various types of content at every stage of the software lifecycle.
orcharhino manages the following content:
- Red Hat Subscription management
-
This provides organizations with a method to store Red Hat content and organize it in various ways.
- SUSE Subscription management
-
This provides organizations with a method to store SUSE content and organize it in various ways. Note that this requires the Foreman SCC Manager plugin. For more information, see Managing SUSE content.
- Content management
-
This provides organizations with a method to store Deb and Yum content and organize it in various ways.
1.1. Content types in orcharhino
With orcharhino, you can import and manage many content types. You can use content from Red Hat as well as from Canonical, Oracle, SUSE, and other custom content.
For example, orcharhino supports the following content types:
- RPM packages
-
Import RPM packages from any repository, for example from Amazon, Oracle, Red Hat, SUSE, and custom repositories. orcharhino Server downloads the RPM packages and stores them locally. You can use these repositories and their RPM packages in content views.
- Deb packages
-
Import Deb packages from repositories, for example, for Debian or Ubuntu. You can also import single Deb packages or synchronize custom repositories. You can use these repositories and their Deb files in content views.
- Kickstart trees
-
Import the Kickstart trees to provision a host. New systems access these Kickstart trees over a network to use as base content for their installation. orcharhino contains predefined Kickstart templates. You can also create your own Kickstart templates.
- Provisioning templates
-
Templates to provision hosts running EL based on synchronized content and Debian, Ubuntu, or SUSE Linux Enterprise Server based on local installation media. orcharhino contains predefined AutoYaST, Kickstart, and Preseed templates as well as the ability to create your own, which are used to provision systems and customize the installation.
- ISO and KVM images
-
Download and manage media for installation and provisioning. For example, orcharhino downloads, stores, and manages ISO images and guest images for specific Enterprise Linux operating systems.
- Custom file type
-
Manage custom content for any type of file you require, such as SSL certificates, ISO images, and OVAL files.
2. Managing Red Hat subscriptions
orcharhino can import content from the Red Hat Content Delivery Network (CDN). orcharhino requires a Red Hat subscription manifest to find, access, and download content from the corresponding repositories. You must have a Red Hat subscription manifest containing a subscription allocation for each organization on orcharhino Server. All subscription information is available in your Red Hat Customer Portal account.
Use this chapter to import a Red Hat subscription manifest and manage the manifest within the orcharhino management UI.
You can manage more than one organization if you have more than one subscription allocation. orcharhino requires a single allocation for each organization configured in orcharhino Server. The advantage of this is that each organization maintains separate subscriptions so that you can support multiple organizations, each with their own Red Hat accounts.
You can use future-dated subscriptions in a subscription manifest. When you add future-dated subscriptions to your manifest before the expiry date of the existing subscriptions, you can have uninterrupted access to repositories.
-
Ensure you have a Red Hat subscription manifest.
-
If your orcharhino is connected, use the Red Hat Hybrid Cloud Console to create the manifest.
-
If your orcharhino is disconnected, use the Red Hat Customer Portal to create the manifest.
-
2.1. Importing a Red Hat subscription manifest into orcharhino Server
Use the following procedure to import a Red Hat subscription manifest into orcharhino Server.
Note
|
Simple Content Access (SCA) is set on the organization, not the manifest. Importing a manifest does not change your organization’s Simple Content Access status. |
Simple Content Access simplifies the subscription experience for administrators. For more information, see the Subscription Management Administration Guide for Red Hat Enterprise Linux on the Red Hat Customer Portal.
-
Ensure you have a Red Hat subscription manifest.
-
If your orcharhino is connected, use the Red Hat Hybrid Cloud Console to create and export the manifest.
-
If your orcharhino is disconnected, use the Red Hat Customer Portal to create and export the manifest.
-
-
In the orcharhino management UI, ensure the context is set to the organization you want to use.
-
In the orcharhino management UI, navigate to Content > Subscriptions and click Manage Manifest.
-
In the Manage Manifest window, click Choose File.
-
Navigate to the location that contains the Red Hat subscription manifest file, then click Open.
-
Copy the Red Hat subscription manifest file from your local machine to orcharhino Server:
$ scp ~/manifest_file.zip root@orcharhino.example.com:~/.
-
Log in to orcharhino Server as the
root
user and import the Red Hat subscription manifest file:$ hammer subscription upload \ --file ~/manifest_file.zip \ --organization "My_Organization"
You can now enable repositories and import Red Hat content. For more information, see Importing Content in Managing content.
2.2. Locating a Red Hat subscription
When you import a Red Hat subscription manifest into orcharhino Server, the subscriptions from your manifest are listed in the Subscriptions window. If you have a high volume of subscriptions, you can filter the results to find a specific subscription.
-
You must have a Red Hat subscription manifest file imported to orcharhino Server. For more information, see Importing a Red Hat subscription manifest into orcharhino Server.
-
In the orcharhino management UI, ensure the context is set to the organization you want to use.
-
In the orcharhino management UI, navigate to Content > Subscriptions.
-
In the Subscriptions window, click the Search field to view the list of search criteria for building your search query.
-
Select search criteria to display further options.
-
When you have built your search query, click the search icon.
For example, if you place your cursor in the Search field and select expires, then press the space bar, another list appears with the options of placing a >, <, or = character. If you select > and press the space bar, another list of automatic options appears. You can also enter your own criteria.
2.3. Adding Red Hat subscriptions to subscription manifests
Use the following procedure to add Red Hat subscriptions to a subscription manifest in the orcharhino management UI.
-
You must have a Red Hat subscription manifest file imported to orcharhino Server. For more information, see Importing a Red Hat subscription manifest into orcharhino Server.
-
In the orcharhino management UI, ensure the context is set to the organization you want to use.
-
In the orcharhino management UI, navigate to Content > Subscriptions.
-
In the Subscriptions window, click Add Subscriptions.
-
On the row of each subscription you want to add, enter the quantity in the Quantity to Allocate column.
-
Click Submit
2.4. Removing Red Hat subscriptions from subscription manifests
Use the following procedure to remove Red Hat subscriptions from a subscription manifest in the orcharhino management UI.
Note
|
Manifests must not be deleted. If you delete the manifest from the Red Hat Customer Portal or in the orcharhino management UI, all of the entitlements for all of your content hosts will be removed. |
-
You must have a Red Hat subscription manifest file imported to orcharhino Server. For more information, see Importing a Red Hat subscription manifest into orcharhino Server.
-
In the orcharhino management UI, ensure the context is set to the organization you want to use.
-
In the orcharhino management UI, navigate to Content > Subscriptions.
-
On the row of each subscription you want to remove, select the corresponding checkbox.
-
Click Delete, and then confirm deletion.
2.5. Updating and refreshing Red Hat subscription manifests
Every time that you change a subscription allocation, you must refresh the manifest to reflect these changes. For example, you must refresh the manifest if you take any of the following actions:
-
Renewing a subscription
-
Adjusting subscription quantities
-
Purchasing additional subscriptions
You can refresh the manifest directly in the orcharhino management UI. Alternatively, you can import an updated manifest that contains the changes.
-
In the orcharhino management UI, ensure the context is set to the organization you want to use.
-
In the orcharhino management UI, navigate to Content > Subscriptions.
-
In the Subscriptions window, click Manage Manifest.
-
In the Manage Manifest window, click Refresh.
2.6. Content Delivery Network structure
Note
|
Information in this section only applies if you consume Red Hat content by using a Red Hat manifest. |
Red Hat Content Delivery Network (CDN), located at cdn.redhat.com
, is a geographically distributed series of static webservers which include content and errata designed to be used by systems.
This content can be accessed directly through a system registered by using Subscription Manager or through the orcharhino management UI.
The accessible subset of the CDN is configured through content available to a system by using Red Hat Subscription Management or by using orcharhino Server.
Red Hat Content Delivery network is protected by X.509 certificate authentication to ensure that only valid users can access it.
$ tree -d -L 11 └── content // (1) ├── beta // (2) │ └── rhel // (3) │ └── server // (4) │ └── 7 // (5) │ └── x86_64 // (6) │ └── sat-tools // (7) └── dist └── rhel └── server └── 7 ├── 7.2 │ └── x86_64 │ └── kickstart └── 7Server └── x86_64 └── os
-
The
content
directory. -
Directory responsible for the lifecycle of the content. Common directories include
beta
(for Beta code),dist
(for Production) andeus
(For Extended Update Support) directories. -
Directory responsible for the product name. Usually
rhel
for Red Hat Enterprise Linux. -
Directory responsible for the type of the product. For Red Hat Enterprise Linux this might include
server
,workstation
, andcomputenode
directories. -
Directory responsible for the release version, such as
7
,7.2
or7Server
. -
Directory responsible for the base architecture, such as
i386
orx86_64
. -
Directory responsible for the repository name, such as
sat-tools
,kickstart
,rhscl
. Some components have additional subdirectories which might vary.
This directory structure is also used in the Red Hat Subscription Manifest.
3. Managing alternate content sources
Alternate content sources define alternate paths to download content during synchronization. The content itself is downloaded from the alternate content source, while the metadata is downloaded from the orcharhino Server or the upstream URL, depending on the configuration. You can use alternate content source to speed up synchronization if the content is located on the local filesystem or on a nearby network. You can set up alternate content sources for orcharhino Server and orcharhino Proxy. You must refresh the alternate content source after creation or after making any changes. A weekly cron job refreshes all alternate content sources. You can also refresh the alternate content sources manually by using the orcharhino management UI or the Hammer CLI. Alternate content sources associated with your orcharhino Server, or orcharhino Proxies attached to multiple organizations, affect all organizations.
There are three types of alternate content sources:
- Custom
-
Custom alternate content sources download the content from any upstream repository on the network or filesystem.
- Simplified
-
Simplified alternate content sources copy the upstream repository information from your orcharhino Server for the selected products. Simplified alternate content sources are ideal for situations where the connection from your orcharhino Proxy to the upstream repo is faster than from your orcharhino Server.
- RHUI
-
RHUI alternate content sources download content from a Red Hat Update Infrastructure server. orcharhino management UI provides examples to help you find the network paths and to import authentication credentials.
Non-administrator users must have the below permissions to manage alternate content sources:
-
view_smart_proxies
-
view_content_credentials
-
view_organizations
-
view_products
In addition to the above permissions, assign permissions specific to alternate content sources, depending on the actions the users can perform:
-
view_alternate_content_sources
-
create_alternate_content_sources
-
edit_alternate_content_sources
-
destroy_alternate_content_sources
3.1. Configuring custom alternate content sources
-
If the repository requires SSL authentication, import the SSL certificate and key to the orcharhino. For more information, see Importing Custom SSL Certificates in Managing content.
-
Note that the alternate content source paths consist of a base URL appended with the subpaths that you provide. For example, if your base URL is
https://server.example.com
and your subpaths arerhel7/
andrhel8/
, then bothhttps://server.example.com/rhel7/
andhttps://server.example.com/rhel8/
will be searched.
-
In the orcharhino management UI, navigate to Content > Alternate Content Sources.
-
Click Add Source and set the Source type as Custom.
-
Select the Content type.
-
In the Name field, enter a name for the alternate content source.
-
Optional: In the the Description field, provide a description for the ACS.
-
Select orcharhino Proxies to which the alternate content source is to be synced.
-
Enter the Base URL of the alternate content source.
-
Enter a comma-separated list of Subpaths.
-
Provide the Manual Authentication or Content Authentication credentials, if these are needed.
-
If SSL verification is required, enable Verify SSL and select the SSL CA certificate.
-
Review details and click Add.
-
Navigate to Content > Alternate Content Sources > click the vertical ellipsis next to the newly created alternate content source > Select Refresh.
-
On orcharhino Server, enter the following command:
$ hammer alternate-content-source create \ --alternate-content-source-type custom \ --base-url "https://local-repo.example.com:port" \ --name "My_ACS_Name" \ --smart-proxy-ids My_orcharhino_Proxy_ID
-
Check if the newly created alternate content source is listed:
$ hammer alternate-content-source list
-
Refresh the alternate content source:
$ hammer alternate-content-source refresh --id My_Alternate_Content_Source_ID
-
Add the orcharhino Proxies to which the alternate content source is to be synced:
$ hammer alternate-content-source update \ --id My_Alternate_Content_Source_ID \ --smart-proxy-ids My_orcharhino_Proxy_ID
-
Refresh the alternate content sources:
$ hammer alternate-content-source refresh --id My_Alternate_Content_Source_ID
3.2. Configuring simplified alternate content sources
-
In the orcharhino management UI, navigate to Content > Alternate Content Sources.
-
Click Add Source and set the Source type as Simplified.
-
Select the Content type.
-
In the Name field, enter a name for the alternate content source.
-
Optional: In the Description field, provide a description for the ACS.
-
Select orcharhino Proxies to which the alternate content source is to be synced.
-
Optional: Select Use HTTP proxies if you want the ACS to use the orcharhino Proxy’s HTTP proxy.
-
Select the products that should use the alternate content source.
-
Review details and click Add.
-
Navigate to Content > Alternate Content Sources, click the vertical ellipsis next to the newly created alternate content source, and select Refresh.
-
Create a simplified ACS:
$ hammer alternate-content-source create \ --alternate-content-source-type simplified \ --name My_ACS_Name \ --product-ids My_Product_ID \ --smart-proxy-ids My_orcharhino_Proxy_ID
-
Check if the newly created ACS is listed:
$ hammer alternate-content-source list
-
Refresh the ACS:
$ hammer alternate-content-source refresh --id My_ACS_ID
3.3. Configuring RHUI alternate content sources
-
Generate the client entitlement certificates for the required repos on the RHUA node as described in Creating a client entitlement certificate with the Red Hat Update Infrastructure Management Tool in Configuring and Managing Red Hat Update Infrastructure.
-
Import the client entitlement certificates into orcharhino. For more information, see Importing Custom SSL Certificates in Managing content.
-
Obtain a list of the subpaths for the required repositories. Execute the following command on your RHUA server:
# rhui-manager repo info --repo_id My_Repo_ID
-
Note that the alternate content source paths consist of a base URL appended with the subpaths that you provide. For example, if your base URL is
https://server.example.com
and your subpaths arerhel7/
andrhel8/
, then bothhttps://server.example.com/rhel7/
andhttps://server.example.com/rhel8/
will be searched.
-
In the orcharhino management UI, navigate to Content > Alternate Content Sources.
-
Click Add Source and set the Source type as RHUI.
-
Generate RHUI certificates using the command provided in the orcharhino management UI. Ensure that you pass the repo labels of the desired repositories.
-
In the Name field, enter a name for the alternate content source.
-
Optional: In the Description field, provide a description for the ACS.
-
Select orcharhino Proxies to which the alternate content source is to be synced.
-
Optional: Select Use HTTP proxies if you want the ACS to use the orcharhino Proxy’s HTTP proxy.
-
Enter the Base URL of the Red Hat Update Infrastructure CDS node.
-
Enter a comma-separated list of Subpaths.
-
Provide the Content Credentials, if these are needed.
-
If SSL verification is required, enable Verify SSL and select the SSL CA certificate.
-
Review details and click Add.
-
Navigate to Content > Alternate Content Sources, click the vertical ellipsis next to the newly created alternate content source, and select Refresh.
-
On orcharhino Server, enter the following command:
$ hammer alternate-content-source create \ --alternate-content-source-type rhui \ --base-url "https://rhui-cds-node/pulp/content" \ --name "My_ACS_Name" \ --smart-proxy-ids My_orcharhino_Proxy_ID \ --ssl-client-cert-id My_SSL_Client_Certificate_ID \ --ssl-client-key-id My_SSL_Client_Key_ID \ --subpaths path/to/repo/1/,path/to/repo/2/ \ --verify-ssl 1
-
Check if the newly created alternate content source is listed:
$ hammer alternate-content-source list
-
Refresh the alternate content source:
$ hammer alternate-content-source refresh --id My_Alternate_Content_Source_ID
-
Add the orcharhino Proxies to which the alternate content source is to be synced:
$ hammer alternate-content-source update \ --id My_Alternate_Content_Source_ID \ --smart-proxy-ids My_orcharhino_Proxy_ID
-
Refresh the alternate content sources:
$ hammer alternate-content-source refresh --id My_Alternate_Content_Source_ID
4. Importing content
This chapter outlines how you can import different types of custom content to orcharhino. For example, you can use the following chapters for information on specific types of custom content but the underlying procedures are the same:
4.1. Products and repositories in orcharhino
You can organize content in products. Products bundle an arbitrary number of repositories.
Custom products require a subscription for hosts to access. orcharhino creates a subscription for each custom product you create.
4.2. Best practices for products and repositories
-
Use one content type per product and content view, for example, yum content only.
-
Use file repositories for installation media. File repositories require a
PULP_MANIFEST
file that you can create usingpulp-manifest /path/to/files
. Use local repositories withfile:///path/to/files
as Upstream URL in orcharhino, for example, for installation media. Alternatively, place the installation media file repositories on a web server that is accessible to the hosts during provisioning.TipATIX AG provides file repositories for installation media to provision hosts in a disconnected environment using a local installation medium from orcharhino Server. For the upstream URLs, see ATIX Service Portal.
ATIX AG provides the following installation media as file repositories:
-
Debian 12
-
Debian 11
-
Debian 10
-
Ubuntu 24.04
-
Ubuntu 22.04
-
Ubuntu 20.04
-
Ubuntu 18.04
For more information, see Managing custom file type content.
-
-
Make file repositories available over HTTP. If you set Protected to true, you can only download content using a global debugging certificate.
-
Automate the creation of multiple products and repositories by using a Hammer script or an Ansible Playbook.
-
Avoid uploading content to repositories with an Upstream URL. Instead, create a repository to synchronize content and upload content to without setting an Upstream URL.
If you upload content to a repository that already synchronizes another repository, the content might be overwritten, depending on the mirroring policy and content type.
4.3. Importing custom SSL certificates
Before you synchronize custom content from an external source, you might need to import SSL certificates into your custom product. This might include client certs and keys or CA certificates for the upstream repositories you want to synchronize.
If you require SSL certificates and keys to download packages, you can add them to orcharhino.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Content Credentials. In the Content Credentials window, click Create Content Credential.
-
In the Name field, enter a name for your SSL certificate.
-
From the Type list, select SSL Certificate.
-
In the Content Credentials Content field, paste your SSL certificate, or click Browse to upload your SSL certificate.
-
Click Save.
-
Copy the SSL certificate to your orcharhino Server:
$ scp My_SSL_Certificate root@orcharhino.example.com:~/.
Or download the SSL certificate to your orcharhino Server from an online source:
$ wget -P ~ http://upstream-orcharhino.example.com/pub/katello-server-ca.crt
-
Upload the SSL Certificate to orcharhino:
$ hammer content-credential create \ --content-type cert \ --name "My_SSL_Certificate" \ --organization "My_Organization" \ --path ~/My_SSL_Certificate
4.4. Creating a custom product
Create a custom product so that you can add repositories to the custom product. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Products, click Create Product.
-
In the Name field, enter a name for the product. orcharhino automatically completes the Label field based on what you have entered for Name.
-
Optional: From the GPG Key list, select the GPG key for the product.
-
Optional: From the SSL CA Cert list, select the SSL CA certificate for the product.
-
Optional: From the SSL Client Cert list, select the SSL client certificate for the product.
-
Optional: From the SSL Client Key list, select the SSL client key for the product.
-
Optional: From the Sync Plan list, select an existing sync plan or click Create Sync Plan and create a sync plan for your product requirements.
-
In the Description field, enter a description of the product.
-
Click Save.
To create the product, enter the following command:
$ hammer product create \ --name "My_Product" \ --sync-plan "Example Plan" \ --description "Content from My Repositories" \ --organization "My_Organization"
4.5. Adding custom RPM repositories
Use this procedure to add custom RPM repositories in orcharhino. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
The Products window in the orcharhino management UI also provides a Repo Discovery function that finds all repositories from a URL and you can select which ones to add to your custom product.
For example, you can use the Repo Discovery to search https://download.postgresql.org/pub/repos/yum/16/redhat/
and list all repositories for different Enterprise Linux versions and architectures.
This helps users save time importing multiple repositories from a single source.
-
In the orcharhino management UI, navigate to Content > Products and select the product that you want to use, and then click New Repository.
-
In the Name field, enter a name for the repository. orcharhino automatically completes the Label field based on what you have entered for Name.
-
Optional: In the Description field, enter a description for the repository.
-
From the Type list, select
yum
as type of repository. -
Optional: From the Restrict to Architecture list, select an architecture. If you want to make the repository available to all hosts regardless of the architecture, ensure to select No restriction.
-
Optional: From the Restrict to OS Version list, select the operating system version. If you want to make the repository available to all hosts regardless of the operating system version, ensure to select No restriction.
-
Optional: In the Upstream URL field, enter the URL of the external repository to use as a source. orcharhino supports three protocols:
http://
,https://
, andfile://
. If you are using afile://
repository, you have to place it under/var/lib/pulp/sync_imports/
directory.If you do not enter an upstream URL, you can manually upload packages.
-
Optional: Check the Ignore SRPMs checkbox to exclude source RPM packages from being synchronized to orcharhino.
-
Optional: Check the Ignore treeinfo checkbox if you receive the error
Treeinfo file should have INI format
. All files related to Kickstart will be missing from the repository iftreeinfo
files are skipped. -
Select the Verify SSL checkbox if you want to verify that the upstream repository’s SSL certificates are signed by a trusted CA.
-
Optional: In the Upstream Username field, enter the user name for the upstream repository if required for authentication. Clear this field if the repository does not require authentication.
-
Optional: In the Upstream Password field, enter the corresponding password for the upstream repository. Clear this field if the repository does not require authentication.
-
Optional: In the Upstream Authentication Token field, provide the token of the upstream repository user for authentication. Leave this field empty if the repository does not require authentication.
-
From the Download Policy list, select the type of synchronization orcharhino Server performs. For more information, see Download policies overview.
-
From the Mirroring Policy list, select the type of content synchronization orcharhino Server performs. For more information, see Mirroring policies overview.
-
Optional: In the Retain package versions field, enter the number of versions you want to retain per package.
-
Optional: In the HTTP Proxy Policy field, select an HTTP proxy.
-
From the Checksum list, select the checksum type for the repository.
-
Optional: You can clear the Unprotected checkbox to require a subscription entitlement certificate for accessing this repository. By default, the repository is published through HTTP.
-
Optional: From the GPG Key list, select the GPG key for the product.
-
Optional: In the SSL CA Cert field, select the SSL CA Certificate for the repository.
-
Optional: In the SSL Client cert field, select the SSL Client Certificate for the repository.
-
Optional: In the SSL Client Key field, select the SSL Client Key for the repository.
-
Click Save to create the repository.
-
Enter the following command to create the repository:
$ hammer repository create \ --arch "My_Architecture" \ --content-type "yum" \ --gpg-key-id My_GPG_Key_ID \ --name "My_Repository" \ --organization "My_Organization" \ --os-version "My_Operating_System_Version" \ --product "My_Product" \ --publish-via-http true \ --url My_Upstream_URL
Continue to synchronize the repository.
4.6. Adding custom RPM repositories for AlmaLinux 9
This example creates a product and repositories for AlmaLinux 9.
-
Download and import the GPG public key for yum repositories for AlmaLinux 9 into orcharhino. For more information, see Importing a custom GPG key.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click Create Product to create a product named
AlmaLinux 9
. For more information, see Creating a custom product. -
On the Repositories tab, click New Repository to create three repositories of type
yum
as follows:-
AlmaLinux 9 BaseOS
-
Upstream URL:
https://repo.almalinux.org/almalinux/9/BaseOS/x86_64/os/
-
-
AlmaLinux 9 AppStream
-
AlmaLinux 9 extras
-
Upstream URL:
https://repo.almalinux.org/almalinux/9/extras/x86_64/os/
-
For more information, see Adding custom RPM repositories.
-
-
Click Create Product to create a product named
AlmaLinux 9 client
. -
On the Repositories tab, click New Repository to create a repository of type
yum
as follows:-
AlmaLinux 9 client
-
Upstream URL: see ATIX Service Portal
-
-
4.7. Adding custom RPM repositories for AlmaLinux 8
This example creates a product and repositories for AlmaLinux 8.
-
Download and import the GPG public key for yum repositories for AlmaLinux 8 into orcharhino. For more information, see Importing a custom GPG key.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click Create Product to create a product named
AlmaLinux 8
. For more information, see Creating a custom product. -
On the Repositories tab, click New Repository to create three repositories of type
yum
as follows:-
AlmaLinux 8 BaseOS
-
Upstream URL:
https://repo.almalinux.org/almalinux/8/BaseOS/x86_64/os/
-
-
AlmaLinux 8 AppStream
-
AlmaLinux 8 extras
-
Upstream URL:
https://repo.almalinux.org/almalinux/8/extras/x86_64/os/
-
For more information, see Adding custom RPM repositories.
-
-
Click Create Product to create a product named
AlmaLinux 8 client
. -
On the Repositories tab, click New Repository to create a repository of type
yum
as follows:-
AlmaLinux 8 client
-
Upstream URL: see ATIX Service Portal
-
-
4.8. Adding custom RPM repositories for CentOS Stream 9
This example creates a product and repositories for CentOS Stream 9.
-
Download and import the GPG public key for yum repositories for CentOS Stream 9 into orcharhino. For more information, see Importing a custom GPG key.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click Create Product to create a product named
CentOS Stream 9
. For more information, see Creating a custom product. -
On the Repositories tab, click New Repository to create three repositories of type
yum
as follows:-
CentOS Stream 9 BaseOS
-
CentOS Stream 9 AppStream
-
CentOS Stream 9 extras
For more information, see Adding custom RPM repositories.
-
-
Click Create Product to create a product named
CentOS Stream 9 client
. -
On the Repositories tab, click New Repository to create a repository of type
yum
as follows:-
CentOS Stream 9 client
-
Upstream URL: see ATIX Service Portal
-
-
4.9. Adding custom RPM repositories for Oracle Linux 9
This example creates a product and repositories for Oracle Linux 9.
-
Download and import the GPG public key for yum repositories for Oracle Linux 9 into orcharhino. For more information, see Importing a custom GPG key.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click Create Product to create a product named
Oracle Linux 9
. For more information, see Creating a custom product. -
On the Repositories tab, click New Repository to create three repositories of type
yum
as follows:-
Oracle Linux 9 BaseOS
-
Oracle Linux 9 AppStream
-
Oracle Linux 9 Addons
For more information, see Adding custom RPM repositories.
-
-
Click Create Product to create a product named
Oracle Linux 9 client
. -
On the Repositories tab, click New Repository to create a repository of type
yum
as follows:-
Oracle Linux 9 client
-
Upstream URL: see ATIX Service Portal
-
-
4.10. Adding custom RPM repositories for Oracle Linux 8
This example creates a product and repositories for Oracle Linux 8.
-
Download and import the GPG public key for yum repositories for Oracle Linux 8 into orcharhino. For more information, see Importing a custom GPG key.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click Create Product to create a product named
Oracle Linux 8
. For more information, see Creating a custom product. -
On the Repositories tab, click New Repository to create three repositories of type
yum
as follows:-
Oracle Linux 8 BaseOS
-
Oracle Linux 8 AppStream
-
Oracle Linux 8 Addons
For more information, see Adding custom RPM repositories.
-
-
Click Create Product to create a product named
Oracle Linux 8 client
. -
On the Repositories tab, click New Repository to create a repository of type
yum
as follows:-
Oracle Linux 8 client
-
Upstream URL: see ATIX Service Portal
-
-
4.11. Adding custom RPM repositories for Rocky Linux 9
This example creates a product and repositories for Rocky Linux 9.
-
Download and import the GPG public key for yum repositories for Rocky Linux 9 into orcharhino. For more information, see Importing a custom GPG key.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click Create Product to create a product named
Rocky Linux 9
. For more information, see Creating a custom product. -
On the Repositories tab, click New Repository to create three repositories of type
yum
as follows:-
Rocky Linux 9 BaseOS
-
Upstream URL:
https://dl.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/
-
-
Rocky Linux 9 AppStream
-
Rocky Linux 9 extras
-
Upstream URL:
https://dl.rockylinux.org/pub/rocky/9/extras/x86_64/os/
-
For more information, see Adding custom RPM repositories.
-
-
Click Create Product to create a product named
Rocky Linux 9 client
. -
On the Repositories tab, click New Repository to create a repository of type
yum
as follows:-
Rocky Linux 9 client
-
Upstream URL: see ATIX Service Portal
-
-
4.12. Adding custom RPM repositories for Rocky Linux 8
This example creates a product and repositories for Rocky Linux 8.
-
Download and import the GPG public key for yum repositories for Rocky Linux 8 into orcharhino. For more information, see Importing a custom GPG key.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click Create Product to create a product named
Rocky Linux 8
. For more information, see Creating a custom product. -
On the Repositories tab, click New Repository to create three repositories of type
yum
as follows:-
Rocky Linux 8 BaseOS
-
Upstream URL:
https://dl.rockylinux.org/pub/rocky/8/BaseOS/x86_64/os/
-
-
Rocky Linux 8 AppStream
-
Rocky Linux 8 extras
-
Upstream URL:
https://dl.rockylinux.org/pub/rocky/8/extras/x86_64/os/
-
For more information, see Adding custom RPM repositories.
-
-
Click Create Product to create a product named
Rocky Linux 8 client
. -
On the Repositories tab, click New Repository to create a repository of type
yum
as follows:-
Rocky Linux 8 client
-
Upstream URL: see ATIX Service Portal
-
-
4.13. Extracting GPG public key fingerprints from Release files
You can use GPG public keys to verify the authenticity of Deb repositories by verifying the signature of the Release
file.
This example verifies the signature for the Release
file from Debian 11.
-
Download the
Release
andRelease.gpg
files:$ wget https://deb.debian.org/debian/dists/bullseye/Release $ wget https://deb.debian.org/debian/dists/bullseye/Release.gpg
-
Verify the signature:
$ gpg --verify Release.gpg Release
Note the GPG key fingerprint for any missing public GPG keys above the
Can’t check signature: No public key
message. These fingerprints will be used in the next step. -
If you cannot verify the signature, import the missing GPG public keys based on their fingerprint:
$ gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys A7236886F3CCCAAD148A27F80E98404D386FA1D9 $ gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 4CB50190207B4758A3F73A796ED0E7B82643E131 $ gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys A4285295FC7B1A81600062A9605C66F00D6C9793
-
Optional: Verify the signature again:
$ gpg --verify Release.gpg Release
-
Export the ASCII-armored GPG public keys to a file:
$ gpg --armor --export A7236886F3CCCAAD148A27F80E98404D386FA1D9 4CB50190207B4758A3F73A796ED0E7B82643E131 A4285295FC7B1A81600062A9605C66F00D6C9793 > debian_11.txt
Ensure that
gpg
returns aGood signature
message for each signature.Upload the .txt file to orcharhino. For more information, see Importing a custom GPG key into orcharhino.
4.14. Structured APT content
With structured APT content, Deb repositories on orcharhino use the same structure as the upstream Deb repository. This allows features that attach to the repository structure to work the same way as they would with the upstream repository, for example:
-
apt list --upgradable
will no longer listunknown,unknown
as the release and distribution for packages. Instead,apt
will list the proper release and distribution from the upstream repository. -
You can use client-side APT pinning in the same way as when using the upstream repository directly.
With structured APT content, repositories in orcharhino use the same structure as the upstream repository.
They do not use the special default/all
publication concept which does not exist outside of orcharhino.
With structured APT content, publishing repository metadata will take roughly half the time, compared to publishing without structured APT content.
-
Once you have enabled structured APT on orcharhino, do not disable it. Using structured APT content will be mandatory with a future orcharhino version.
-
Any Deb packages that were uploaded to orcharhino 6.4 and older are not automatically migrated to structured APT content. You can work around this issue by deleting and re-uploading affected Deb packages.
-
The host is registered to orcharhino.
-
orcharhino Client repository for the operating system version of the host is synchronized on orcharhino Server, available in the content view and the lifecycle environment of the host, and enabled for the host. For more information, see Changing the repository sets status for a host in orcharhino in Managing content.
-
Your Debian/Ubuntu host uses the latest orcharhino Client. For more information, see Deb content: Using structured APT in ATIX Service Portal.
4.15. Enabling structured APT content
You can enable structured APT content on your orcharhino to use the same Deb repository structure as the remote repositories they are synchronized from.
-
Backup your orcharhino Server.
For more information, see Backing Up orcharhino Server and orcharhino Proxy in Administering orcharhino.
-
Ensure that there are no running tasks:
# foreman-maintain health check --label foreman-tasks-not-running
-
In the orcharhino management UI, navigate to Administer > Settings.
-
On the Content tab, set the Enable structured APT for deb content setting to
Yes
. -
On your orcharhino Server, start orcharhino maintenance mode:
# foreman-maintain maintenance-mode start
-
Migrate your Deb content:
# foreman-rake katello:migrate_structure_content_for_deb
On orcharhino with 40 Deb repositories published to many content view versions and promoted to multiple lifecycle environments each, this step took 15 minutes. The amount of time depends on the number of packages, repositories, content view versions, and other tasks running on your orcharhino Server.
-
Stop orcharhino maintenance mode:
# foreman-maintain maintenance-mode stop
-
Perform a complete sync of your orcharhino Proxies that provide Deb content to hosts.
For more information, see Synchronizing content from orcharhino Server to orcharhino Proxies in Administering orcharhino.
4.16. Adding Deb repositories
Use this procedure to add Deb repositories in orcharhino. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Products and select the product that you want to use, and then click New Repository.
-
In the Name field, enter a name for the repository. orcharhino automatically completes the Label field based on what you have entered for Name.
-
Optional: In the Description field, enter a description for the repository.
-
From the Type list, select
deb
as type of repository. -
Optional: In the Upstream URL field, enter the URL of the external repository to use as a source. You can find the upstream URLs on Debian-based systems in
/etc/apt/sources.list
.If you do not enter an upstream URL, you can manually upload packages.
-
In the Releases/Distributions field, set one or multiple releases separated by whitespace. The distributions specify the path from the repository root to the
Release
file. Repositories that omit thedists
directory are using the deprecated flat repository structure. To synchronize a flat repository, you must specify exactly one distribution that ends with a/
.For official Debian repositories, set a codename in the Releases/Distributions field, for example
bullseye
for Debian 11 orbookworm
for Debian 12. Avoid usingstable
ortesting
because the codename they reference changes over time. This helps to avoid drastic changes once a new Debian version is released and the reference is changed. To keep things easy to manage and to avoid potential performance and network issues during synchronization, create one repository per release in orcharhino. For official Ubuntu repositories, use the Ubuntu suite, for examplenoble
ornoble-updates
. -
Optional: In the Components field, enter a component. This indicates the licensing terms of the software packages.
In Debian, it is divided into
main
,contrib
, andnon-free
. For official Debian or Ubuntu repositories, ATIX AG recommends leaving this field empty to synchronize all available components. Note that some third party Debian repositories use the components in ways that may require setting an explicit selection.CautionEnsure that you enter both Releases and Components exactly as they are in an
/etc/apt/sources.list
file. -
Optional: In the Architectures field, enter one or multiple architectures. If you want to make the repository available to all hosts regardless of the architecture, ensure to select No restriction.
-
Optional: In the Errata URL field, enter the URL of an errata service.
TipThe ATIX AG Debian and Ubuntu Errata service provides errata for Debian and Ubuntu. When creating a repository of type
deb
, point the Errata URL to ATIX AG Debian and Ubuntu Errata service. Usehttps://dep.atix.de/dep/api/v1/debian
for Debian,https://dep.atix.de/dep/api/v1/ubuntu
for Ubuntu, andhttps://dep.atix.de/dep/api/v1/ubuntu-esm
for Ubuntu-ESM.An erratum contains the information which packages have to be updated to fix a security issue. Debian and Ubuntu errata are derived from the Debian security announcements (DSA) and the Ubuntu security notices (USN).
You must add Debian and Ubuntu errata to the security repository. For Debian, you need the
My_Debian_Release-security
repository, for example,bookworm-security
. For Ubuntu, you need theMy_Ubuntu_Release-security
repository, for example,noble-security
. -
Optional: Select the Verify SSL checkbox if you want to verify that the upstream repository’s SSL certificates are signed by a trusted CA.
-
Optional: In the Upstream Username field, enter the user name for the upstream repository if required for authentication. Clear this field if the repository does not require authentication.
-
Optional: In the Upstream Password field, enter the corresponding password for the upstream repository. Clear this field if the repository does not require authentication.
-
Optional: In the Upstream Authentication Token field, provide the token of the upstream repository user for authentication. Leave this field empty if the repository does not require authentication.
-
From the Download Policy list, select the type of synchronization orcharhino Server performs. For more information, see Download policies overview.
-
From the Mirroring Policy list, select the type of content synchronization orcharhino Server performs. For more information, see Mirroring policies overview.
-
Optional: In the HTTP Proxy Policy field, select an HTTP proxy.
-
Optional: You can clear the Unprotected checkbox to require a subscription entitlement certificate for accessing this repository. By default, the repository is published through HTTP.
-
Optional: From the GPG Key list, select the GPG key if you want to verify the signatures of the
Release
files associated with the Debian repository. -
Optional: In the SSL CA Cert field, select the SSL CA Certificate for the repository.
-
Optional: In the SSL Client cert field, select the SSL Client Certificate for the repository.
-
Optional: In the SSL Client Key field, select the SSL Client Key for the repository.
-
Click Save to create the repository.
-
Enter the following command to create the repository:
$ hammer repository create \ --content-type "deb" \ --deb-architectures "My_Deb_Architectures" \ --deb-components "_My_Deb_Components" \ --deb-releases "My_Deb_Releases" \ --gpg-key-id "My_GPG_Key_ID" \ --name "_My_Repository" \ --organization "My_Organization" \ --product "My_Product" \ --publish-via-http true \ --url My_Upstream_URL
Continue to synchronize the repository.
4.17. Adding upstream repositories for Debian 12
This example creates a product and repositories for Debian 12.
-
Extract the GPG public keys from the
Release
file. -
Import the content credentials into orcharhino.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click Create Product to create a product named
Debian 12
. -
On the Repositories tab, click New Repository to create three
deb
repositories with the following parameter values:-
Debian 12 main
-
Upstream URL:
https://deb.debian.org/debian/
-
Releases/Distributions:
bookworm
-
Component:
main
-
Architecture:
amd64
-
-
Debian 12 updates
-
Upstream URL:
https://deb.debian.org/debian/
-
Releases/Distributions:
bookworm-updates
-
Component:
main
-
Architecture:
amd64
-
-
Debian 12 security
-
Upstream URL:
https://deb.debian.org/debian-security/
-
Releases/Distributions:
bookworm-security
-
Component:
main
-
Architecture:
amd64
-
-
-
Click Create Product to create a product named
Debian 12 client
. -
On the Repositories tab, click New Repository to create a
deb
repository with the following parameter values:-
Debian 12 client
-
Upstream URL: see ATIX Service Portal
-
Releases/Distributions:
stable
-
Component:
main
-
Architecture:
amd64
-
-
-
To create a custom product, see Creating a custom product.
-
To create a custom repository, see Adding Deb repositories.
4.18. Adding upstream repositories for Debian 11
This example creates a product and repositories for Debian 11.
-
Extract the GPG public keys from the
Release
file. -
Import the content credentials into orcharhino.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click Create Product to create a product named
Debian 11
. -
On the Repositories tab, click New Repository to create three
deb
repositories with the following parameter values:-
Debian 11 main
-
Upstream URL:
https://deb.debian.org/debian/
-
Releases/Distributions:
bullseye
-
Component:
main
-
Architecture:
amd64
-
-
Debian 11 updates
-
Upstream URL:
https://deb.debian.org/debian/
-
Releases/Distributions:
bullseye-updates
-
Component:
main
-
Architecture:
amd64
-
-
Debian 11 security
-
Upstream URL:
https://deb.debian.org/debian-security/
-
Releases/Distributions:
bullseye-security
-
Component:
main
-
Architecture:
amd64
-
-
-
Click Create Product to create a product named
Debian 11 client
. -
On the Repositories tab, click New Repository to create a
deb
repository with the following parameter values:-
Debian 11 client
-
Upstream URL: see ATIX Service Portal
-
Releases/Distributions:
stable
-
Component:
main
-
Architecture:
amd64
-
-
-
To create a custom product, see Creating a custom product.
-
To create a custom repository, see Adding Deb repositories.
4.19. Adding upstream repositories for Ubuntu 24.04
This example creates a product and repositories for Ubuntu 24.04.
-
Extract the GPG public keys from the
Release
file. -
Import the content credentials into orcharhino.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click Create Product to create a product named
Ubuntu 24.04
. -
On the Repositories tab, click New Repository to create three
deb
repositories with the following parameter values:-
Ubuntu 24.04 main
-
Upstream URL:
https://archive.ubuntu.com/ubuntu/
-
Releases/Distributions:
noble
-
Component:
main
-
Architecture:
amd64
-
-
Ubuntu 24.04 updates
-
Upstream URL:
https://archive.ubuntu.com/ubuntu/
-
Releases/Distributions:
noble-updates
-
Component:
main
-
Architecture:
amd64
-
-
Ubuntu 24.04 security
-
Upstream URL:
https://security.ubuntu.com/ubuntu/
-
Releases/Distributions:
noble-security
-
Component:
main
-
Architecture:
amd64
-
-
-
Click Create Product to create a product named
Ubuntu 24.04 client
. -
On the Repositories tab, click New Repository to create a
deb
repository with the following parameter values:-
Ubuntu 24.04 client
-
Upstream URL: see ATIX Service Portal
-
Releases/Distributions:
stable
-
Component:
main
-
Architecture:
amd64
-
-
-
To create a custom product, see Creating a custom product.
-
To create a custom repository, see Adding Deb repositories.
4.20. Adding upstream repositories for Ubuntu 22.04
This example creates a product and repositories for Ubuntu 22.04.
-
Extract the GPG public keys from the
Release
file. -
Import the content credentials into orcharhino.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click Create Product to create a product named
Ubuntu 22.04
. -
On the Repositories tab, click New Repository to create three
deb
repositories with the following parameter values:-
Ubuntu 22.04 main
-
Upstream URL:
https://archive.ubuntu.com/ubuntu/
-
Releases/Distributions:
jammy
-
Component:
main
-
Architecture:
amd64
-
-
Ubuntu 22.04 updates
-
Upstream URL:
https://archive.ubuntu.com/ubuntu/
-
Releases/Distributions:
jammy-updates
-
Component:
main
-
Architecture:
amd64
-
-
Ubuntu 22.04 security
-
Upstream URL:
https://security.ubuntu.com/ubuntu/
-
Releases/Distributions:
jammy-security
-
Component:
main
-
Architecture:
amd64
-
-
-
Click Create Product to create a product named
Ubuntu 22.04 client
. -
On the Repositories tab, click New Repository to create a
deb
repository with the following parameter values:-
Ubuntu 22.04 client
-
Upstream URL: see ATIX Service Portal
-
Releases/Distributions:
stable
-
Component:
main
-
Architecture:
amd64
-
-
-
To create a custom product, see Creating a custom product.
-
To create a custom repository, see Adding Deb repositories.
4.21. Synchronizing Ubuntu Expanded Security Maintenance content
Canonical provides Ubuntu Expanded Security Maintenance (ESM) repositories to their paying customers. In orcharhino, synchronize ESM repositories from Canonical to distribute content to your hosts running Ubuntu 14.04 and Ubuntu 16.04.
Important
|
Providing Ubuntu ESM repositories to hosts running Ubuntu 14.04 or 16.04 requires a subscription from Canonical. Ensure to provide valid licenses for all used Canonical products. Using insufficient, invalid, or otherwise inadequate licenses might violate your terms with Canonical. |
-
On a host running Ubuntu 14.04 or 16.04, attach your subscription and extract repository information:
-
Install
ubuntu-advantage-tools
on a host running Ubuntu 14.04 or 16.04:# apt-get install ubuntu-advantage-tools
-
Register your host with Canonical:
# ua attach ABCDEF0123456789
Use your subscription token from canonical.com.
-
Extract the
Upstream URL
,Releases
,Components
, andArchitectures
from the ESM repository:# cat /etc/apt/sources.list.d/ubuntu-esm-infra.list
-
Extract user name and password:
# cat /etc/apt/auth.conf.d/90ubuntu-advantage
-
-
Add GPG public key to orcharhino:
-
In the orcharhino management UI, navigate to Content > Content Credentials.
-
Click Create Content Credential.
-
Enter a name and the GPG public key for Ubuntu.
Ensure to use ASCII-armored GPG keys. Convert the key if necessary:
# gpg --import ubuntu-advantage-esm-infra-trusty.gpg # gpg --export --armor 4067E40313CB4B13
-
Click Save to save your content credential to orcharhino.
-
-
Create a product and repository:
-
Navigate to Content > Products.
-
Click Create Product.
-
Enter a Name, select the previously imported GPG public key, and, optionally, add a sync plan and description.
-
Click Save to save the product to orcharhino.
-
-
Navigate to Content > Products.
-
Select the previously created product.
-
Click New Repository.
-
Enter a Name and select type
deb
. -
Enter the Upstream URL, Releases, Components, and Architectures as extracted from your host from
/etc/apt/sources.list.d/ubuntu-esm-infra.list
. -
Enter the Upstream Username and Upstream Password as extracted from your host from
/etc/apt/auth.conf.d/90ubuntu-advantage
. -
Enter Errata URL:
https://dep.atix.de/dep/api/v1/ubuntu-esm
. -
Click Save to save your repository to orcharhino.
-
-
-
Synchronize your product.
-
Navigate to Content > Products.
-
Select the previously created product.
-
In the Actions menu, select Sync Now.
-
-
Distribute and manage your content as you manage other Deb content.
4.22. Changing the repository sets status for a host in orcharhino
Repository sets show repositories available to each host. A host will be able to access content from a given repository if that repository is enabled.
-
In the orcharhino management UI, navigate to Hosts > All Hosts and select a host.
-
Select the Content tab, then select the Repository sets subtab. On the tab, there is a set of repositories available to each host with a status of Enabled or Disabled.
-
You can override the default status by using the action menus on each table row by changing the status to Override to disabled, Override to enabled, or Reset to default.
-
You can also bulk select the checkboxes on each table row, and use the vertical ellipsis icon at the top.
NoteFor hosts not in the default content view and lifecycle environment, the Repository sets tab shows a toggle group with two options, Limit to environment and Show all. The Limit to environment option shows only repositories that are relevant to the host. The Show all option shows all available repositories including those that may not be in the host’s content view and lifecycle environment. On the Overview tab, click Content view details to view the environment for the host.
4.23. Enabling Red Hat repositories
If outside network access requires usage of an HTTP proxy, configure a default HTTP proxy for your server. For more information, see Adding a default HTTP proxy to orcharhino.
To select the repositories to synchronize, you must first identify the product that contains the repository, and then enable that repository based on the relevant release version and base architecture.
To provision Red Hat Enterprise Linux 8 hosts, you require the Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) and Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) repositories.
To provision Red Hat Enterprise Linux 7 hosts, you require the Red Hat Enterprise Linux 7 Server (RPMs) repository.
The difference between associating Red Hat Enterprise Linux operating system release version with either 7Server repositories or 7.X repositories is that 7Server repositories contain all the latest updates while Red Hat Enterprise Linux 7.X repositories stop getting updates after the next minor version release. Note that Kickstart repositories only have minor versions.
-
In the orcharhino management UI, navigate to Content > Red Hat Repositories.
-
To find repositories, either enter the repository name, or toggle the Recommended Repositories button to the on position to view a list of repositories that you require.
-
In the Available Repositories pane, click a repository to expand the repository set.
-
Click the Enable icon next to the base architecture and release version that you want.
-
To search for your product, enter the following command:
$ hammer product list --organization "My_Organization"
-
List the repository set for the product:
$ hammer repository-set list \ --product "Red Hat Enterprise Linux Server" \ --organization "My_Organization"
-
Enable the repository using either the name or ID number. Include the release version, such as
7Server
, and base architecture, such asx86_64
.$ hammer repository-set enable \ --name "Red Hat Enterprise Linux 7 Server (RPMs)" \ --releasever "7Server" \ --basearch "x86_64" \ --product "Red Hat Enterprise Linux Server" \ --organization "My_Organization"
4.24. Synchronizing repositories
You must synchronize repositories to download content into orcharhino. You can use this procedure for an initial synchronization of repositories or to synchronize repositories manually as you need.
You can also sync all repositories in an organization. For more information, see Synchronizing all repositories in an organization.
Create a sync plan to ensure updates on a regular basis. For more information, see Creating a sync plan.
The synchronization duration depends on the size of each repository and the speed of your network connection. The following table provides estimates of how long it would take to synchronize content, depending on the available Internet bandwidth:
Single Package (10Mb) | Minor Release (750Mb) | Major Release (6Gb) | |
---|---|---|---|
256 Kbps |
5 Mins 27 Secs |
6 Hrs 49 Mins 36 Secs |
2 Days 7 Hrs 55 Mins |
512 Kbps |
2 Mins 43.84 Secs |
3 Hrs 24 Mins 48 Secs |
1 Day 3 Hrs 57 Mins |
T1 (1.5 Mbps) |
54.33 Secs |
1 Hr 7 Mins 54.78 Secs |
9 Hrs 16 Mins 20.57 Secs |
10 Mbps |
8.39 Secs |
10 Mins 29.15 Secs |
1 Hr 25 Mins 53.96 Secs |
100 Mbps |
0.84 Secs |
1 Min 2.91 Secs |
8 Mins 35.4 Secs |
1000 Mbps |
0.08 Secs |
6.29 Secs |
51.54 Secs |
-
In the orcharhino management UI, navigate to Content > Products and select the product that contains the repositories that you want to synchronize.
-
Select the repositories that you want to synchronize and click Sync Now.
-
Optional: To view the progress of the synchronization in the orcharhino management UI, navigate to Content > Sync Status and expand the corresponding product or repository tree.
-
Synchronize an entire product:
$ hammer product synchronize \ --name "My_Product" \ --organization "My_Organization"
-
Synchronize an individual repository:
$ hammer repository synchronize \ --name "My_Repository" \ --organization "My_Organization" \ --product "My_Product"
4.25. Synchronizing all repositories in an organization
Use this procedure to synchronize all repositories within an organization.
-
Log in to your orcharhino Server using SSH.
-
Run the following Bash script:
ORG="My_Organization" for i in $(hammer --no-headers --csv repository list --organization $ORG --fields Id) do hammer repository synchronize --id ${i} --organization $ORG --async done
4.26. Download policies overview
orcharhino provides multiple download policies for synchronizing Deb and Yum content and container images. For example, you might want to download only the content metadata while deferring the actual content download for later.
orcharhino Server has the following policies:
- Immediate
-
orcharhino Server downloads all metadata and packages during synchronization.
- On Demand
-
orcharhino Server downloads only the metadata during synchronization. orcharhino Server only fetches and stores packages on the file system when orcharhino Proxies or directly connected clients request them. This setting has no effect if you set a corresponding repository on a orcharhino Proxy to Immediate because orcharhino Server is forced to download all the packages.
The On Demand policy acts as a Lazy Synchronization feature because they save time synchronizing content. The lazy synchronization feature must be used only for Deb and Yum repositories. You can add the packages to content views and promote to lifecycle environments as normal.
orcharhino Proxy has the following policies:
- Immediate
-
orcharhino Proxy downloads all metadata and packages during synchronization. Do not use this setting if the corresponding repository on orcharhino Server is set to On Demand as orcharhino Server is forced to download all the packages.
- On Demand
-
orcharhino Proxy only downloads the metadata during synchronization. orcharhino Proxy fetches and stores packages only on the file system when directly connected clients request them. When you use an On Demand download policy, content is downloaded from orcharhino Server if it is not available on orcharhino Proxy.
- Inherit
-
orcharhino Proxy inherits the download policy for the repository from the corresponding repository on orcharhino Server.
- Streamed Download Policy
-
Streamed Download Policy for orcharhino Proxies permits orcharhino Proxies to avoid caching any content. When content is requested from the orcharhino Proxy, it functions as a proxy and requests the content directly from the orcharhino.
4.27. Changing the default download policy
You can set the default download policy that orcharhino applies to repositories that you create in all organizations.
Depending on whether it is a Red Hat, SUSE, or custom repository, orcharhino uses separate settings. Changing the default value does not change existing settings.
-
In the orcharhino management UI, navigate to Administer > Settings.
-
Click the Content tab.
-
Change the default download policy depending on your requirements:
-
To change the default download policy for a Red Hat repository, change the value of the Default Red Hat Repository download policy setting.
-
To change the default download policy for a non-Red Hat custom repository, change the value of the Default Custom Repository download policy setting.
-
-
To change the default download policy for Red Hat repositories to one of
immediate
oron_demand
, enter the following command:$ hammer settings set \ --name default_redhat_download_policy \ --value immediate
-
To change the default download policy for a custom repository to one of
immediate
oron_demand
, enter the following command:$ hammer settings set \ --name default_download_policy \ --value immediate
4.28. Changing the download policy for a repository
You can set the download policy for a repository.
-
In the orcharhino management UI, navigate to Content > Products.
-
Select the required product name.
-
On the Repositories tab, click the required repository name, locate the Download Policy field, and click the edit icon.
-
From the list, select the required download policy and then click Save.
-
List the repositories for an organization:
$ hammer repository list \ --organization-label My_Organization_Label
-
Change the download policy for a repository to
immediate
oron_demand
:$ hammer repository update \ --download-policy immediate \ --name "My_Repository" \ --organization-label My_Organization_Label \ --product "My_Product"
4.29. Mirroring policies overview
Mirroring keeps the local repository exactly in synchronization with the upstream repository. If any content is removed from the upstream repository since the last synchronization, with the next synchronization, it will be removed from the local repository as well.
You can use mirroring policies for finer control over mirroring of repodata and content when synchronizing a repository. For example, if it is not possible to mirror the repodata for a repository, you can set the mirroring policy to mirror only content for this repository.
orcharhino Server has the following mirroring policies:
- Additive
-
Neither the content nor the repodata is mirrored. Thus, only new content added since the last synchronization is added to the local repository and nothing is removed.
- Content Only
-
Mirrors only content and not the repodata. Some repositories do not support metadata mirroring, in such cases you can set the mirroring policy to content only to only mirror the content.
- Complete Mirroring
-
Mirrors content as well as repodata. This is the fastest method. This mirroring policy is only available for Yum content.
WarningAvoid republishing metadata for repositories with Complete Mirror mirroring policy. This also applies to content views containing repositories with the Complete Mirror mirroring policy.
4.30. Changing the mirroring policy for a repository
You can set the mirroring policy for a repository.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Products.
-
Select the product name.
-
On the Repositories tab, click the repository name, locate the Mirroring Policy field, and click the edit icon.
-
From the list, select a mirroring policy and click Save.
-
List the repositories for an organization:
$ hammer repository list \ --organization-label My_Organization_Label
-
Change the mirroring policy for a repository to
additive
,mirror_complete
, ormirror_content_only
:$ hammer repository update \ --id 1 \ --mirroring-policy mirror_complete
4.31. Uploading content to custom RPM repositories
You can upload individual RPMs and source RPMs to custom RPM repositories. You can upload RPMs using the orcharhino management UI or the Hammer CLI. You must use the Hammer CLI to upload source RPMs.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click the name of the custom product.
-
In the Repositories tab, click the name of the custom RPM repository.
-
Under Upload Package, click Browse… and select the RPM you want to upload.
-
Click Upload.
To view all RPMs in this repository, click the number next to Packages under Content Counts.
-
Enter the following command to upload an RPM:
$ hammer repository upload-content \ --id My_Repository_ID \ --path /path/to/example-package.rpm
-
Enter the following command to upload a source RPM:
$ hammer repository upload-content \ --content-type srpm \ --id My_Repository_ID \ --path /path/to/example-package.src.rpm
When the upload is complete, you can view information about a source RPM by using the commands
hammer srpm list
andhammer srpm info --id srpm_ID
.
4.32. Refreshing content counts on orcharhino Proxy
If your orcharhino Proxies have synchronized content enabled, you can refresh the number of content counts available to the environments associated with the orcharhino Proxy. This displays the content views inside those environments available to the orcharhino Proxy. You can then expand the content view to view the repositories associated with that content view version.
-
In the orcharhino management UI, navigate to Infrastructure > orcharhino Proxies, and select the orcharhino Proxy where you want to see the synchronized content.
-
Select the Overview tab.
-
Under Content Sync, toggle the Synchronize button to do an Optimized Sync or a Complete Sync to synchronize the orcharhino Proxy which refreshes the content counts.
-
Select the Content tab.
-
Choose an Environment to view content views available to those orcharhino Proxies by clicking >.
-
Expand the content view by clicking > to view repositories available to the content view and the specific version for the environment.
-
View the number of content counts under Packages specific to yum repositories.
-
View the number of errata, package groups, files, container tags, container manifests, and Ansible collections under Additional content.
-
Click the vertical ellipsis in the column to the right next to the environment and click Refresh counts to refresh the content counts synchronized on the orcharhino Proxy under Packages.
4.33. Configuring SELinux to permit content synchronization on custom ports
SELinux permits access of orcharhino for content synchronization only on specific ports. By default, connecting to web servers running on the following ports is permitted: 80, 81, 443, 488, 8008, 8009, 8443, and 9000.
-
On orcharhino, to verify the ports that are permitted by SELinux for content synchronization, enter a command as follows:
# semanage port -l | grep ^http_port_t http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
-
To configure SELinux to permit a port for content synchronization, for example 10011, enter a command as follows:
# semanage port -a -t http_port_t -p tcp 10011
4.34. Recovering a corrupted repository
In case of repository corruption, you can recover it by using an advanced synchronization, which has three options:
- Optimized Sync
-
Synchronizes the repository bypassing packages that have no detected differences from the upstream packages.
- Complete Sync
-
Synchronizes all packages regardless of detected changes. Use this option if specific packages could not be downloaded to the local repository even though they exist in the upstream repository.
- Verify Content Checksum
-
Synchronizes all packages and then verifies the checksum of all packages locally. If the checksum of an RPM differs from the upstream, it re-downloads the RPM. This option is relevant only for Yum content. Use this option if you have one of the following errors:
-
Specific packages cause a
404
error while synchronizing withyum
. -
Package does not match intended download
error, which means that specific packages are corrupted.
-
-
In the orcharhino management UI, navigate to Content > Products.
-
Select the product containing the corrupted repository.
-
Select the name of a repository you want to synchronize.
-
To perform optimized sync or complete sync, select Advanced Sync from the Select Action menu.
-
Select the required option and click Sync.
-
Optional: To verify the checksum, click Verify Content Checksum from the Select Action menu.
-
Obtain a list of repository IDs:
$ hammer repository list \ --organization "My_Organization"
-
Synchronize a corrupted repository using the necessary option:
-
For the optimized synchronization:
$ hammer repository synchronize \ --id My_ID
-
For the complete synchronization:
$ hammer repository synchronize \ --id My_ID \ --skip-metadata-check true
-
For the validate content synchronization:
$ hammer repository synchronize \ --id My_ID \ --validate-contents true
-
4.35. Recovering corrupted content on orcharhino Proxy
If the client is unable to consume content from a published repository to which it has a subscription, the content has been corrupted and needs to be repaired.
In case of content corruption on a orcharhino Proxy, you can recover it by using the verify-checksum
command in Hammer CLI.
The verify-checksum
command can repair content in a content view, lifecycle environment, repository, or all content on orcharhino Proxy.
You can track the progress of a command by navigating to Monitor > orcharhino Tasks > Tasks and searching for the action Verify checksum for content on smart proxy.
-
To repair content in a content view, run Hammer on your orcharhino Proxy:
$ hammer proxy content verify-checksum \ --id My_orcharhino_Proxy_ID \ --organization-id 1 --content-view-id 3
-
To repair content in a lifecycle environment, run Hammer on your orcharhino Proxy:
$ hammer proxy content verify-checksum \ --id My_orcharhino_Proxy_ID \ --organization-id 1 --lifecycle-environment-id 1
-
To repair content in a repository, run Hammer on your orcharhino Proxy:
$ hammer proxy content verify-checksum \ --id My_orcharhino_Proxy_ID \ --organization-id 1 --repository-id 1
-
To repair all content on orcharhino Proxy, run the following command:
$ hammer proxy content verify-checksum \ --id My_orcharhino_Proxy_ID
4.36. Republishing repository metadata
You can republish repository metadata when a repository distribution does not have the content that should be distributed based on the contents of the repository.
Use this procedure with caution. ATIX AG recommends a complete repository sync or publishing a new content view version to repair broken metadata.
-
In the orcharhino management UI, navigate to Content > Products.
-
Select the product that includes the repository for which you want to republish metadata.
-
On the Repositories tab, select a repository.
-
To republish metadata for the repository, click Republish Repository Metadata from the Select Action menu.
NoteThis action is not available for repositories that use the Complete Mirroring policy because the metadata is copied verbatim from the upstream source of the repository.
4.37. Republishing content view metadata
Use this procedure to republish content view metadata.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.
-
Select a content view.
-
On the Versions tab, select a content view version.
-
To republish metadata for the content view version, click Republish repository metadata from the vertical ellipsis icon.
Republishing repository metadata will regenerate metadata for all repositories in the content view version that do not adhere to the Complete Mirroring policy.
4.38. Adding an HTTP proxy
Use this procedure to add HTTP proxies to orcharhino. You can then specify which HTTP proxy to use for products, repositories, and supported compute resources.
Your HTTP proxy must allow access to the following hosts:
Host name | Port | Protocol |
---|---|---|
subscription.rhsm.redhat.com |
443 |
HTTPS |
cdn.redhat.com |
443 |
HTTPS |
For more information, see Registering orcharhino Server to OCC in the ATIX Service Portal.
If orcharhino Server uses a proxy to communicate with subscription.rhsm.redhat.com and cdn.redhat.com then the proxy must not perform SSL inspection on these communications.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Infrastructure > HTTP Proxies.
-
Select New HTTP Proxy.
-
In the Name field, enter a name for the HTTP proxy.
-
In the URL field, enter the URL for the HTTP proxy, including the port number.
-
If your HTTP proxy requires authentication, enter a Username and Password.
-
Optional: In the Test URL field, enter the HTTP proxy URL, then click Test Connection to ensure that you can connect to the HTTP proxy from orcharhino.
-
Click the Locations tab and add a location.
-
Click the Organization tab and add an organization.
-
Click Submit.
-
On orcharhino Server, enter the following command to add an HTTP proxy:
$ hammer http-proxy create \ --name My_HTTP_Proxy \ --url http-proxy.example.com:8080
If your HTTP proxy requires authentication, add the
--username My_User_Name
and--password My_Password
options.
4.39. Changing the HTTP proxy policy for a product
For granular control over network traffic, you can set an HTTP proxy policy for each product. A product’s HTTP proxy policy applies to all repositories in the product, unless you set a different policy for individual repositories.
To set an HTTP proxy policy for individual repositories, see Changing the HTTP proxy policy for a repository.
-
In the orcharhino management UI, navigate to Content > Products and select the products that you want to change.
-
From the Select Action list, select Manage HTTP Proxy.
-
Select an HTTP Proxy Policy from the list:
-
Global Default: Use the global default proxy setting.
-
No HTTP Proxy: Do not use an HTTP proxy, even if a global default proxy is configured.
-
Use specific HTTP Proxy: Select an HTTP Proxy from the list. You must add HTTP proxies to orcharhino before you can select a proxy from this list. For more information, see Adding an HTTP proxy.
-
-
Click Update.
4.40. Changing the HTTP proxy policy for a repository
For granular control over network traffic, you can set an HTTP proxy policy for each repository. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
To set the same HTTP proxy policy for all repositories in a product, see Changing the HTTP proxy policy for a product.
-
In the orcharhino management UI, navigate to Content > Products and click the name of the product that contains the repository.
-
In the Repositories tab, click the name of the repository.
-
Locate the HTTP Proxy field and click the edit icon.
-
Select an HTTP Proxy Policy from the list:
-
Global Default: Use the global default proxy setting.
-
No HTTP Proxy: Do not use an HTTP proxy, even if a global default proxy is configured.
-
Use specific HTTP Proxy: Select an HTTP Proxy from the list. You must add HTTP proxies to orcharhino before you can select a proxy from this list. For more information, see Adding an HTTP proxy.
-
-
Click Save.
-
On orcharhino Server, enter the following command, specifying the HTTP proxy policy you want to use:
$ hammer repository update \ --http-proxy-policy HTTP_Proxy_Policy \ --id Repository_ID
Specify one of the following options for
--http-proxy-policy
:-
none
: Do not use an HTTP proxy, even if a global default proxy is configured. -
global_default_http_proxy
: Use the global default proxy setting. -
use_selected_http_proxy
: Specify an HTTP proxy using either--http-proxy My_HTTP_Proxy_Name
or--http-proxy-id My_HTTP_Proxy_ID
. To add a new HTTP proxy to orcharhino, see Adding an HTTP proxy.
-
4.41. Creating a sync plan
A sync plan checks and updates the content at a scheduled date and time. In orcharhino, you can create a sync plan and assign products to the plan.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Sync Plans and click New Sync Plan.
-
In the Name field, enter a name for the plan.
-
Optional: In the Description field, enter a description of the plan.
-
From the Interval list, select the interval at which you want the plan to run.
-
From the Start Date and Start Time lists, select when to start running the synchronization plan.
-
Click Save.
-
To create the synchronization plan, enter the following command:
$ hammer sync-plan create \ --description "My_Description" \ --enabled true \ --interval daily \ --name "My_Products" \ --organization "My_Organization" \ --sync-date "2023-01-01 01:00:00"
-
View the available sync plans for an organization to verify that the sync plan has been created:
$ hammer sync-plan list --organization "My_Organization"
4.42. Assigning a sync plan to a product
A sync plan checks and updates the content at a scheduled date and time. In orcharhino, you can assign a sync plan to products to update content regularly.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Products.
-
Select a product.
-
On the Details tab, select a Sync Plan from the drop down menu.
-
Assign a sync plan to a product:
$ hammer product set-sync-plan \ --name "My_Product_Name" \ --organization "My_Organization" \ --sync-plan "My_Sync_Plan_Name"
4.43. Assigning a sync plan to multiple products
Use this procedure to assign a sync plan to the products in an organization that have been synchronized at least once and contain at least one repository.
-
Run the following Bash script:
ORG="My_Organization" SYNC_PLAN="daily_sync_at_3_a.m" hammer sync-plan create --name $SYNC_PLAN --interval daily --sync-date "2023-04-5 03:00:00" --enabled true --organization $ORG for i in $(hammer --no-headers --csv --csv-separator="|" product list --organization $ORG --per-page 999 | grep -vi not_synced | awk -F'|' '$5 != "0" { print $1}') do hammer product set-sync-plan --sync-plan $SYNC_PLAN --organization $ORG --id $i done
-
After executing the script, view the products assigned to the sync plan:
$ hammer product list --organization $ORG --sync-plan $SYNC_PLAN
4.44. Best practices for sync plans
-
Add sync plans to products and regularly synchronize content to keep the load on orcharhino low during synchronization. Synchronize content rather more often than less often. For example, setup a sync plan to synchronize content every day rather than only once a month.
-
Automate the creation and update of sync plans by using a Hammer script or an Ansible Playbook.
-
Distribute synchronization tasks over several hours to reduce the task load by creating multiple sync plans with the Custom Cron tool.
Cron expression | Explanation |
---|---|
|
every day at 22:00 from Monday to Friday |
|
at 03:30 every Saturday and Sunday |
|
at 02:30 every day between the 8th and the 14th days of the month |
4.45. Limiting synchronization concurrency
By default, each Repository Synchronization job can fetch up to ten files at a time. This can be adjusted on a per repository basis.
Increasing the limit may improve performance, but can cause the upstream server to be overloaded or start rejecting requests. If you are seeing Repository syncs fail due to the upstream servers rejecting requests, you may want to try lowering the limit.
$ hammer repository update \ --download-concurrency 5 \ --id Repository_ID \ --organization "My_Organization"
4.46. Importing a custom GPG key
When clients are consuming signed custom content, ensure that the clients are configured to validate the installation of packages with the appropriate GPG Key. This helps to ensure that only packages from authorized sources can be installed.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
Ensure that you have a copy of the GPG key used to sign the RPM content that you want to use and manage in orcharhino. Most RPM distribution providers provide their GPG Key on their website. You can also extract this manually from an RPM:
-
Download a copy of the version specific repository package to your local machine:
$ wget http://www.example.com/9.5/example-9.5-2.noarch.rpm
-
Extract the RPM file without installing it:
$ rpm2cpio example-9.5-2.noarch.rpm | cpio -idmv
The GPG key is located relative to the extraction at etc/pki/rpm-gpg/RPM-GPG-KEY-EXAMPLE-95
.
-
In the orcharhino management UI, navigate to Content > Content Credentials and in the upper-right of the window, click Create Content Credential.
-
Enter the name of your repository and select GPG Key from the Type list.
-
Either paste the GPG key into the Content Credential Contents field, or click Browse and select the GPG key file that you want to import.
If your custom repository contains content signed by multiple GPG keys, you must enter all required GPG keys in the Content Credential Contents field with new lines between each key, for example:
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFy/HE4BEADttv2TCPzVrre+aJ9f5QsR6oWZMm7N5Lwxjm5x5zA9BLiPPGFN 4aTUR/g+K1S0aqCU+ZS3Rnxb+6fnBxD+COH9kMqXHi3M5UNzbp5WhCdUpISXjjpU XIFFWBPuBfyr/FKRknFH15P+9kLZLxCpVZZLsweLWCuw+JKCMmnA =F6VG -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFw467UBEACmREzDeK/kuScCmfJfHJa0Wgh/2fbJLLt3KSvsgDhORIptf+PP OTFDlKuLkJx99ZYG5xMnBG47C7ByoMec1j94YeXczuBbynOyyPlvduma/zf8oB9e Wl5GnzcLGAnUSRamfqGUWcyMMinHHIKIc1X1P4I= =WPpI -----END PGP PUBLIC KEY BLOCK-----
-
Click Save.
-
Copy the GPG key to your orcharhino Server:
$ scp ~/etc/pki/rpm-gpg/RPM-GPG-KEY-EXAMPLE-95 root@orcharhino.example.com:~/.
-
Upload the GPG key to orcharhino:
$ hammer content-credentials create \ --content-type gpg_key \ --name "My_GPG_Key" \ --organization "My_Organization" \ --path ~/RPM-GPG-KEY-EXAMPLE-95
4.47. Restricting a custom repository to a specific operating system or architecture in orcharhino
You can configure orcharhino to make a custom repository available only on hosts with a specific operating system version or architecture. For example, you can restrict a custom repository only to Red Hat Enterprise Linux 9 hosts.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click the product that contains the repository sets you want to restrict.
-
In the Repositories tab, click the repository you want to restrict.
-
In the Publishing Settings section, set the following options:
-
Set Restrict to OS version to restrict the operating system version.
-
Set Restrict to architecture to restrict the architecture.
-
5. Restricting hosts' access to content
orcharhino offers multiple options for restricting host access to content. To give hosts access to a specific subset of the content managed by orcharhino, you can use the following strategies. ATIX AG recommends to consider implementing the strategies in the order listed here:
- Content views and lifecycle environments
-
Use content views and lifecycle environments, incorporating content view filters as needed.
For more information about content views, see Managing content views.
For more information about lifecycle environments, see Managing application lifecycles.
- Content overrides
-
By default, content hosted by orcharhino can be either enabled or disabled. In custom products, repositories are always disabled by default. Enabling a repository gives the host access to the repository packages or other content, allowing hosts to download and install the available content.
If a repository is disabled, the host is not able to access the repository content. A content override provides you with the option to override the default enablement value of either Enabled or Disabled for any repository. You can add content overrides to hosts or activation keys.
For more information about adding content overrides to hosts, see Enabling and Disabling Repositories on Hosts in Managing hosts.
For more information about adding content overrides to activation keys, see Enabling and disabling repositories on activation key.
- Composite content views
-
You can use composite content views to combine and give hosts access to the content from multiple content views. For more information about composite content views, see Creating a composite content view.
- Architecture and operating system version restrictions
-
In custom products, you can set restrictions on the architecture and operating system versions for
yum
repositories on which the product will be available. For example, if you restrict a custom repository to Enterprise Linux 8, it is only available on hosts running Enterprise Linux 8. Architecture and operating system version restrictions hold the highest priority among all other strategies. They cannot be overridden or invalidated by content overrides, changes to content views, or changes to lifecycle environments. For this reason, ATIX AG recommends considering the other strategies mentioned before that use architecture or operating system version restrictions.
A particular package or repository is available to a host only if all of the following are true:
-
The repository is included in the host’s content view and lifecycle environment.
-
The host’s content view has been published after the repository was added to it.
-
The repository has not been filtered out by a content view filter.
-
The repository is enabled by default or overridden to Enabled by using a content override.
-
The repository has no architecture or operating system version restrictions or it has architecture or operating system version restrictions that match the host.
Using activation keys can simplify the workflow for some of these strategies. You can use activation keys to perform the following actions:
-
Assign hosts to content views and lifecycle environments.
-
Add content overrides to hosts.
-
Set system purpose attributes on hosts, including release version.
Activation keys only affect hosts during registration. If a host is already registered, the above attributes can be changed individually for each host or through content host bulk actions. For more information, see Managing Activation Keys in Managing content.
6. Managing application lifecycles
This chapter outlines the application lifecycle in orcharhino and how to create and remove application lifecycles for orcharhino and orcharhino Proxy.
6.1. Introduction to application lifecycle
The application lifecycle is a concept central to orcharhino’s content management functions. The application lifecycle defines how a particular system and its software look at a particular stage. For example, an application lifecycle might be simple; you might only have a development stage and production stage. In this case the application lifecycle might look like this:
-
Development
-
Production
However, a more complex application lifecycle might have further stages, such as a phase for testing or a beta release. This adds extra stages to the application lifecycle:
-
Development
-
Testing
-
Beta Release
-
Production
orcharhino provides methods to customize each application lifecycle stage so that it suits your specifications.
Each stage in the application lifecycle is called an environment in orcharhino. Each environment uses a specific collection of content. orcharhino defines these content collections as a content view. Each content view acts as a filter where you can define what repositories, and packages to include in a particular environment. This provides a method for you to define specific sets of content to designate to each environment.
For example, an email server might only require a simple application lifecycle where you have a production-level server for real-world use and a test server for trying out the latest mail server packages. When the test server passes the initial phase, you can set the production-level server to use the new packages.
Another example is a development lifecycle for a software product. To develop a new piece of software in a development environment, test it in a quality assurance environment, pre-release as a beta, then release the software as a production-level application.
6.2. Content promotion across the application lifecycle
In the application lifecycle chain, when content moves from one environment to the next, this is called promotion.
Each environment contains a set of systems registered to orcharhino. These systems only have access to repositories relevant to their environment. When you promote packages from one environment to the next, the target environment’s repositories receive new package versions. As a result, each system in the target environment can update to the new package versions.
This example uses a .rpm
package, but you can promote any type of content across the application lifecycle.
Development | Testing | Production |
---|---|---|
example_software-1.1-0.noarch.rpm |
example_software-1.0-0.noarch.rpm |
example_software-1.0-0.noarch.rpm |
After completing development on the patch, you promote the package to the Testing environment so the Quality Engineering team can review the patch. The application lifecycle then contains the following package versions in each environment:
Development | Testing | Production |
---|---|---|
example_software-1.1-0.noarch.rpm |
example_software-1.1-0.noarch.rpm |
example_software-1.0-0.noarch.rpm |
While the Quality Engineering team reviews the patch, the Development team starts work on example_software 2.0. This results in the following application lifecycle:
Development | Testing | Production |
---|---|---|
example_software-2.0-0.noarch.rpm |
example_software-1.1-0.noarch.rpm |
example_software-1.0-0.noarch.rpm |
The Quality Engineering team completes their review of the patch. Now example_software 1.1 is ready to release. You promote 1.1 to the Production environment:
Development | Testing | Production |
---|---|---|
example_software-2.0-0.noarch.rpm |
example_software-1.1-0.noarch.rpm |
example_software-1.1-0.noarch.rpm |
The Development team completes their work on example_software 2.0 and promotes it to the Testing environment:
Development | Testing | Production |
---|---|---|
example_software-2.0-0.noarch.rpm |
example_software-2.0-0.noarch.rpm |
example_software-1.1-0.noarch.rpm |
Finally, the Quality Engineering team reviews the package. After a successful review, promote the package to the Production environment:
Development | Testing | Production |
---|---|---|
example_software-2.0-0.noarch.rpm |
example_software-2.0-0.noarch.rpm |
example_software-2.0-0.noarch.rpm |
For more information, see Promoting a content view.
6.3. Best practices for lifecycle environments
-
Use multiple lifecycle environment paths to implement multiple sequential stages of content consumption. Each stage contains a defined set of content, for example in the Production lifecycle environment.
-
Automate the creation of lifecycle environments by using a Hammer script or an Ansible Playbook.
-
Default use case: Fixed stages in each lifecycle environment paths, for example Development, Test, and Production.
-
Promote content views to lifecycle environments, for example, from Test to Production. All content hosts consuming this content view or composite content view are able to install packages from the Production lifecycle environment. Note that these packages are not installed or updated automatically.
-
If you encounter errors during patching content hosts, attach the host to a previous version of the content view. This only affects the availability of packages but does not downgrade installed packages.
-
-
Alternative use case: Using stages in lifecycle environments for fixed content, for example, quarterly updates, and only publishing new minor versions with incremental updates from errata.
-
When patching content hosts, change the lifecycle environment from
2023-Q4
to2024-Q1
using the orcharhino management UI, orcharhino API, Hammer CLI, or an activation key. -
Advantage: You can directly see which software packages a hosts receives by looking at its lifecycle environment.
-
Disadvantage: Promoting content is less dynamic without clearly defined stages such as Development, Test, and Production.
-
-
Use multiple lifecycle environment paths to define multiple stages for different environments, for example to decouple web server and database hosts.
-
orcharhino Proxies use lifecycle environments to synchronize content. They synchronize content more efficiently if you split content into multiple lifecycle environment paths. If a specific orcharhino Proxy only serves content for one operating system in a single lifecycle environment path, it only synchronizes required content.
6.4. Creating a lifecycle environment path
To create an application lifecycle for developing and releasing software, use the Library environment as the initial environment to create environment paths. Then optionally add additional environments to the environment paths.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Lifecycle Environments.
-
Click New Environment Path to start a new application lifecycle.
-
In the Name field, enter a name for your environment.
-
In the Description field, enter a description for your environment.
-
Click Save.
-
Optional: To add an environment to the environment path, click Add New Environment, complete the Name and Description fields, and select the prior environment from the Prior Environment list.
-
To create an environment path, enter the
hammer lifecycle-environment create
command and specify the Library environment with the--prior
option:$ hammer lifecycle-environment create \ --name "Environment Path Name" \ --description "Environment Path Description" \ --prior "Library" \ --organization "My_Organization"
-
Optional: To add an environment to the environment path, enter the
hammer lifecycle-environment create
command and specify the parent environment with the--prior
option:$ hammer lifecycle-environment create \ --name "Environment Name" \ --description "Environment Description" \ --prior "Prior Environment Name" \ --organization "My_Organization"
-
To view the chain of the lifecycle environment, enter the following command:
$ hammer lifecycle-environment paths --organization "My_Organization"
6.5. Adding lifecycle environments to orcharhino Proxies
If your orcharhino Proxy has the content functionality enabled, you must add an environment so that orcharhino Proxy can synchronize content from orcharhino Server and provide content to host systems.
Do not assign the Library lifecycle environment to your orcharhino Proxy because it triggers an automated orcharhino Proxy sync every time the CDN updates a repository. This might consume multiple system resources on orcharhino Proxies, network bandwidth between orcharhino and orcharhino Proxies, and available disk space on orcharhino Proxies.
You can use Hammer CLI on orcharhino Server or the orcharhino management UI.
-
In the orcharhino management UI, navigate to Infrastructure > orcharhino Proxies, and select the orcharhino Proxy that you want to add a lifecycle to.
-
Click Edit and click the Lifecycle Environments tab.
-
From the left menu, select the lifecycle environments that you want to add to orcharhino Proxy and click Submit.
-
To synchronize the content on the orcharhino Proxy, click the Overview tab and click Synchronize.
-
Select either Optimized Sync or Complete Sync.
For definitions of each synchronization type, see Recovering a Repository.
-
To display a list of all orcharhino Proxies, on orcharhino Server, enter the following command:
# hammer proxy list
Note the orcharhino Proxy ID of the orcharhino Proxy to which you want to add a lifecycle.
-
Using the ID, verify the details of your orcharhino Proxy:
# hammer proxy info \ --id Myorcharhino-proxy_ID_
-
To view the lifecycle environments available for your orcharhino Proxy, enter the following command and note the ID and the organization name:
# hammer proxy content available-lifecycle-environments \ --id Myorcharhino-proxy_ID_
-
Add the lifecycle environment to your orcharhino Proxy:
# hammer proxy content add-lifecycle-environment \ --id Myorcharhino-proxy_ID_ \ --lifecycle-environment-id My_Lifecycle_Environment_ID --organization "My_Organization"
Repeat for each lifecycle environment you want to add to orcharhino Proxy.
-
Synchronize the content from orcharhino to orcharhino Proxy.
-
To synchronize all content from your orcharhino Server environment to orcharhino Proxy, enter the following command:
# hammer proxy content synchronize \ --id Myorcharhino-proxy_ID_
-
To synchronize a specific lifecycle environment from your orcharhino Server to orcharhino Proxy, enter the following command:
# hammer proxy content synchronize \ --id Myorcharhino-proxy_ID_ --lifecycle-environment-id My_Lifecycle_Environment_ID
-
To synchronize all content from your orcharhino Server to your orcharhino Proxy without checking metadata:
# hammer proxy content synchronize \ --id Myorcharhino-proxy_ID_ \ --skip-metadata-check true
This equals selecting Complete Sync in the orcharhino management UI.
-
6.6. Removing lifecycle environments from orcharhino Server
Use this procedure to remove a lifecycle environment.
-
In the orcharhino management UI, navigate to Content > Lifecycle Environments.
-
Click the name of the lifecycle environment that you want to remove, and then click Remove Environment.
-
Click Remove to remove the environment.
-
List the lifecycle environments for your organization and note the name of the lifecycle environment you want to remove:
$ hammer lifecycle-environment list \ --organization "My_Organization"
-
Use the
hammer lifecycle-environment delete
command to remove an environment:$ hammer lifecycle-environment delete \ --name "My_Environment" \ --organization "My_Organization"
6.7. Removing lifecycle environments from orcharhino Proxy
When lifecycle environments are no longer relevant to the host system or environments are added incorrectly to orcharhino Proxy, you can remove the lifecycle environments from orcharhino Proxy.
You can use both the orcharhino management UI and the Hammer CLI to remove lifecycle environments from orcharhino Proxy.
-
In the orcharhino management UI, navigate to Infrastructure > orcharhino Proxies, and select the orcharhino Proxy that you want to remove a lifecycle from.
-
Click Edit and click the Lifecycle Environments tab.
-
From the right menu, select the lifecycle environments that you want to remove from orcharhino Proxy, and then click Submit.
-
To synchronize orcharhino Proxy’s content, click the Overview tab, and then click Synchronize.
-
Select either Optimized Sync or Complete Sync.
-
Select orcharhino Proxy that you want from the list and take note of its id:
# hammer proxy list
-
To verify orcharhino Proxy’s details, enter the following command:
# hammer proxy info \ --id My_orcharhino_Proxy_ID
-
Verify the list of lifecycle environments currently attached to orcharhino Proxy and take note of the Environment ID:
# hammer proxy content lifecycle-environments \ --id My_orcharhino_Proxy_ID
-
Remove the lifecycle environment from orcharhino Proxy:
# hammer proxy content remove-lifecycle-environment \ --id My_orcharhino_Proxy_ID \ --lifecycle-environment-id My_Lifecycle_Environment_ID
Repeat this step for every lifecycle environment that you want to remove from orcharhino Proxy.
-
Synchronize the content from orcharhino Server’s environment to orcharhino Proxy:
# hammer proxy content synchronize \ --id My_orcharhino_Proxy_ID
7. Managing content views
orcharhino uses content views to allow your hosts access to a deliberately curated subset of content. To do this, you must define which repositories to use and then apply certain filters to the content.
The general workflow for creating content views for filtering and creating snapshots is as follows:
-
Create a content view.
-
Add one or more repositories that you want to the content view.
-
Optional: Create one or more filters to refine the content of the content view. For more information, see Content filter examples.
-
Optional: Resolve any package dependencies for a content view. For more information, see Resolving package dependencies.
-
Publish the content view.
-
Optional: Promote the content view to another environment. For more information, see Promoting a content view.
-
Attach the content host to the content view.
If a repository is not associated with the content view, the file /etc/yum.repos.d/redhat.repo
remains empty and systems registered to it cannot receive updates.
Hosts can only be associated with a single content view. To associate a host with multiple content views, create a composite content view. For more information, see Creating a composite content view.
7.1. Content views in orcharhino
A content view is a deliberately curated subset of content that your hosts can access. By creating a content view, you can define the software versions used by a particular environment or orcharhino Proxy.
Each content view creates a set of repositories across each environment. Your orcharhino Server stores and manages these repositories. For example, you can create content views in the following ways:
-
A content view with older package versions for a production environment and another content view with newer package versions for a Development environment.
-
A content view with a package repository required by an operating system and another content view with a package repository required by an application.
-
A composite content view for a modular approach to managing content views. For example, you can use one content view for content for managing an operating system and another content view for content for managing an application. By creating a composite content view that combines both content views, you create a new repository that merges the repositories from each of the content views. However, the repositories for the content views still exist and you can keep managing them separately as well.
A Default Organization View is an application-controlled content view for all content that is synchronized to orcharhino. You can register a host to the Library environment on orcharhino to consume the Default Organization View without configuring content views and lifecycle environments.
You can access unprotected repositories in the Default Organization View content view.
The URL consists of your orcharhino Proxy FQDN, /pulp/content/
, your organization label, /Library/custom/
, your product label, /
, your repository label, and a trailing /
, for example, https://orcharhino.example.com/pulp/content/Example/Library/custom/AlmaLinux_9/BaseOS/
.
For more information, see
When you promote a content view from one environment to the next environment in the application lifecycle, orcharhino updates the repository and publishes the packages.
The repositories for Testing and Production contain the my-software-1.0-0.noarch.rpm
package:
Development | Testing | Production | |
---|---|---|---|
Version of the content view |
Version 2 |
Version 1 |
Version 1 |
Contents of the content view |
my-software-1.1-0.noarch.rpm |
my-software-1.0-0.noarch.rpm |
my-software-1.0-0.noarch.rpm |
If you promote Version 2 of the content view from Development to Testing, the repository for Testing updates to contain the my-software-1.1-0.noarch.rpm
package:
Development | Testing | Production | |
---|---|---|---|
Version of the content view |
Version 2 |
Version 2 |
Version 1 |
Contents of the content view |
my-software-1.1-0.noarch.rpm |
my-software-1.1-0.noarch.rpm |
my-software-1.0-0.noarch.rpm |
This ensures hosts are designated to a specific environment but receive updates when that environment uses a new version of the content view.
With Distribute archived content view versions
enabled, you can access unprotected repositories in published content view versions.
The URL consists of your orcharhino Proxy FQDN, /pulp/content/
, your organization label, /content_views/
, your content view, your content view version, /custom/
, your product label, /
, your repository label, and a trailing /
, for example, https://orcharhino.example.com/pulp/content/Example/content_views/AlmaLinux_9/2.1/custom/AlmaLinux_9/BaseOS/
.
If you want to access the latest published content view, the URL consists of your orcharhino Proxy FQDN, /pulp/content/
, your organization label, your lifecycle, your content view, /custom/
, your product label, /
, your repository label, and a trailing /
, for example, https://orcharhino.example.com/pulp/content/Example/Production/AlmaLinux_9/custom/AlmaLinux_9/AlmaLinux_9/
.
You can use these URLs to provide versioned orcharhino Clients during host registration.
7.2. Best practices for content views
-
Content views that bundle content, such as Enterprise Linux and additional software like
Apache-2.4
orPostgreSQL-16.2
, are easier to maintain. Content views that are too small require more maintenance. -
If you require daily updated content, use the content view
Default Organization View
, which contains the latest synchronized content from all repositories and is available in the Library lifecycle environment. -
Restrict composite content views to situations that require greater flexibility, for example, if you update one content view on a weekly basis and another content view on a monthly basis.
-
If you use composite content views, first publish the content views and then publish the composite content views. The more content views you bundle into composite content views, the more effort is needed to change or update content.
-
Setting a lifecycle environment for content views is unnecessary if they are solely bundled to a composite content view.
-
Automate creating and publishing composite content views and lifecycle environments by using a Hammer script or an Ansible Playbook. Use cron jobs, systemd timers, or recurring logics for more visibility.
-
Add the changes and date to the description of each published content view or composite content view version. The most recent activity, such as moving content to a new lifecycle environment, is displayed by date in the orcharhino management UI, regardless of the latest changes to the content itself.
-
Publishing a new content view or composite content view creates a new major version. Incremental errata updates increment the minor version. Note that you cannot change or reset this counter.
7.3. Best practices for patching content hosts
-
Registering hosts to orcharhino requires orcharhino Client, which contains the
katello-host-tools
package and its dependencies. For more information, see Registering hosts in Managing hosts. -
Use the orcharhino management UI to install, upgrade, and remove packages from hosts. You can update content hosts with job templates using SSH and Ansible.
-
Apply errata on content hosts using the orcharhino management UI. When patching packages on hosts using the default package manager, orcharhino receives a list of packages and repositories to recalculate applicable errata and available updates.
-
Modify or replace job templates to add custom steps. This allows you to run commands or execute scripts on hosts.
-
When running bulk actions on hosts, bundle them by major operating system version, especially when upgrading packages.
-
Select via remote execution – customize first to define the time when patches are applied to hosts when performing bulk actions.
-
You cannot apply errata to packages that are not part of the repositories on orcharhino and the attached content view.
-
Modifications to installed packages using
rpm
ordpkg
are sent to orcharhino with the next run ofapt
,yum
, orzypper
.
7.4. Creating a content view
Use this procedure to create a simple content view. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
While you can stipulate whether you want to resolve any package dependencies on a content view by content view basis, you might want to change the default orcharhino settings to enable or disable package resolution for all content views. For more information, see Resolving package dependencies.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.
-
Click Create content view.
-
In the Name field, enter a name for the view. orcharhino automatically completes the Label field from the name you enter.
-
In the Description field, enter a description of the view.
-
In the Type field, select a Content view or a Composite content view.
-
Optional: If you want to solve dependencies automatically every time you publish this content view, select the Solve dependencies checkbox. Dependency solving slows the publishing time and might ignore any content view filters you use. This can also cause errors when resolving dependencies for errata.
-
Click Create content view.
-
Click Create content view to create the content view.
-
In the Repositories tab, select the repository from the Type list that you want to add to your content view, select the checkbox next to the available repositories you want to add, then click Add repositories.
-
Click Publish new version and in the Description field, enter information about the version to log changes.
-
Optional: You can enable a promotion path by clicking Promote to Select a lifecycle environment from the available promotion paths to promote new version.
-
Click Next.
-
On the Review page, you can review the environments you are trying to publish.
-
Click Finish.
You can view the content view on the Content Views page. To view more information about the content view, click the content view name. To register a host to your content view, see Registering Hosts in Managing hosts.
-
Obtain a list of repository IDs:
$ hammer repository list --organization "My_Organization"
-
Create the content view and add repositories:
$ hammer content-view create \ --description "My_Content_View" \ --name "My_Content_View" \ --organization "My_Organization" \ --repository-ids 1,2
For the
--repository-ids
option, you can find the IDs in the output of thehammer repository list
command. -
Publish the view:
$ hammer content-view publish \ --description "My_Content_View" \ --name "My_Content_View" \ --organization "My_Organization"
-
Optional: To add a repository to an existing content view, enter the following command:
$ hammer content-view add-repository \ --name "My_Content_View" \ --organization "My_Organization" \ --repository-id repository_ID
orcharhino Server creates the new version of the view and publishes it to the Library environment.
7.5. Copying a content view
You can copy a content view in the orcharhino management UI or you can use the Hammer CLI to copy an existing content view into a new content view. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
Note
|
A copied content view does not have the same history as the original content view. Version 1 of the copied content view begins at the last version of the original content view. As a result, you cannot promote an older version of a content view from the copied content view. |
-
In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.
-
Select the content view you want to copy.
-
Click the vertical ellipsis icon and click Copy.
-
In the Name field, enter a name for the new content view and click Copy content view.
-
The copied content view appears on the Content views page.
-
Copy the content view by using Hammer:
$ hammer content-view copy --name My_original_CV_name \ --new-name My_new_CV_name
-
The Hammer command reports:
$ hammer content-view copy --id=5 --new-name="mixed_copy" Content view copied.
7.6. Synchronizing a content view to a orcharhino Proxy
In the orcharhino management UI, you can only synchronize all selected lifecycle environments simultaneously. If you need to synchronize smaller items, such as individual lifecycle environments, single content views, and single repositories, use the Hammer CLI.
-
Synchronize a content view to your orcharhino Proxy by using Hammer:
$ hammer proxy content synchronize --content-view "My_Content_View_Name"
-
For more information about the command, run
hammer proxy content synchronize --help
.
7.7. Viewing module streams
In orcharhino, you can view the module streams of the repositories in your content views.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to a published version of a Content View > Module Streams to view the module streams that are available for the Content Types.
-
Use the Search field to search for specific modules.
-
To view the information about the module, click the module and its corresponding tabs to include Details, Repositories, Profiles, and Artifacts.
-
List all organizations:
$ hammer organization list
-
View all module streams for your organization:
$ hammer module-stream list \ --organization-id My_Organization_ID
7.8. Promoting a content view
Use this procedure to promote content views across different lifecycle environments. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
Non-administrator users require two permissions to promote a content view to an environment:
-
promote_or_remove_content_views
-
promote_or_remove_content_views_to_environment
.
The promote_or_remove_content_views
permission restricts which content views a user can promote.
The promote_or_remove_content_views_to_environment
permission restricts the environments to which a user can promote content views.
With these permissions you can assign users permissions to promote certain content views to certain environments, but not to other environments. For example, you can limit a user so that they are permitted to promote to test environments, but not to production environments.
You must assign both permissions to a user to allow them to promote content views.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.
-
Select the content view that you want to promote.
-
Select the version that you want to promote, click the vertical ellipsis icon, and click Promote.
-
Select the environment where you want to promote the content view and click Promote.
Now the repository for the content view appears in all environments.
-
Promote the content view using Hammer for each lifecycle environment:
$ hammer content-view version promote \ --content-view "Database" \ --version 1 \ --to-lifecycle-environment "Development" \ --organization "My_Organization" $ hammer content-view version promote \ --content-view "Database" \ --version 1 \ --to-lifecycle-environment "Testing" \ --organization "My_Organization" $ hammer content-view version promote \ --content-view "Database" \ --version 1 \ --to-lifecycle-environment "Production" \ --organization "My_Organization"
Now the database content is available in all environments.
-
Alternatively, you can promote content views across all lifecycle environments within an organization using the following Bash script:
ORG="My_Organization" CVV_ID=My_Content_View_Version_ID for i in $(hammer --no-headers --csv lifecycle-environment list --organization $ORG | awk -F, {'print $1'} | sort -n) do hammer content-view version promote --organization $ORG --to-lifecycle-environment-id $i --id $CVV_ID done
-
Display information about your content view version to verify that it is promoted to the required lifecycle environments:
$ hammer content-view version info --id My_Content_View_Version_ID
-
To register a host to your content view, see Registering Hosts in Managing hosts.
7.9. Composite content views overview
A composite content view combines the content from several content views. For example, you might have separate content views to manage an operating system and an application individually. You can use a composite content view to merge the contents of both content views into a new repository. The repositories for the original content views still exist but a new repository also exists for the combined content.
If you want to develop an application that supports different database servers. The example_application appears as:
example_software |
---|
Application |
Database |
Operating System |
Example of four separate content views:
-
Red Hat Enterprise Linux (Operating System)
-
PostgreSQL (Database)
-
MariaDB (Database)
-
example_software (Application)
From the previous content views, you can create two composite content views.
Example composite content view for a PostgreSQL database:
Composite content view 1 – example_software on PostgreSQL |
---|
example_software (Application) |
PostgreSQL (Database) |
Red Hat Enterprise Linux (Operating System) |
Example composite content view for a MariaDB:
Composite content view 2 – example_software on MariaDB |
---|
example_software (Application) |
MariaDB (Database) |
Red Hat Enterprise Linux (Operating System) |
Each content view is then managed and published separately. When you create a version of the application, you publish a new version of the composite content views. You can also select the Auto Publish option when creating a composite content view, and then the composite content view is automatically republished when a content view it includes is republished.
Docker repositories cannot be included more than once in a composite content view. For example, if you attempt to include two content views that contain the same docker repository in a composite content view, orcharhino Server reports an error.
7.10. Creating a composite content view
Use this procedure to create a composite content view. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.
-
Click Create content view.
-
In the Create content view window, enter a name for the view in the Name field. orcharhino automatically completes the Label field from the name you enter.
-
Optional: In the Description field, enter a description of the view.
-
On the Type tab, select Composite content view.
-
Optional: If you want to automatically publish a new version of the composite content view when a content view is republished, select the Auto publish checkbox.
-
Click Create content view.
-
On the Content views tab, select the content views that you want to add to the composite content view, and then click Add content views.
-
In the Add content views window, select the version of each content view.
-
Optional: If you want to automatically update the content view to the latest version, select the Always update to latest version checkbox.
-
Click Add, then click Publish new version.
-
Optional: In the Description field, enter a description of the content view.
-
In the Publish window, set the Promote switch, then select the lifecycle environment.
-
Click Next, then click Finish.
-
Before you create the composite content views, list the version IDs for your existing content views:
$ hammer content-view version list \ --organization "My_Organization"
-
Create a new composite content view. When the
--auto-publish
option is set toyes
, the composite content view is automatically republished when a content view it includes is republished:$ hammer content-view create \ --composite \ --auto-publish yes \ --name "Example_Composite_Content_View" \ --description "Example composite content view" \ --organization "My_Organization"
-
Add a content view to the composite content view. You can identify content view, content view version, and Organization in the commands by either their ID or their name. To add multiple content views to the composite content view, repeat this step for every content view you want to include.
-
If you have the Always update to latest version option enabled for the content view:
$ hammer content-view component add \ --component-content-view-id Content_View_ID \ --composite-content-view "Example_Composite_Content_View" \ --latest \ --organization "My_Organization"
-
If you have the Always update to latest version option disabled for the content view:
$ hammer content-view component add \ --component-content-view-id Content_View_ID \ --composite-content-view "Example_Composite_Content_View" \ --component-content-view-version-id Content_View_Version_ID \ --organization "My_Organization"
-
-
Publish the composite content view:
$ hammer content-view publish \ --name "Example_Composite_Content_View" \ --description "Initial version of composite content view" \ --organization "My_Organization"
-
Promote the composite content view across all environments:
$ hammer content-view version promote \ --content-view "Example_Composite_Content_View" \ --version 1 \ --to-lifecycle-environment "Development" \ --organization "My_Organization" $ hammer content-view version promote \ --content-view "Example_Composite_Content_View" \ --version 1 \ --to-lifecycle-environment "Testing" \ --organization "My_Organization" $ hammer content-view version promote \ --content-view "Example_Composite_Content_View" \ --version 1 \ --to-lifecycle-environment "Production" \ --organization "My_Organization"
7.11. Content filter overview
Content views also use filters to include or restrict certain Deb and Yum content. Without these filters, a content view includes everything from the selected repositories.
There are two types of content filters:
Filter Type | Description |
---|---|
Include |
You start with no content, then select which content to add from the selected repositories. Use this filter to combine multiple content items. |
Exclude |
You start with all content from selected repositories, then select which content to remove. Use this filter when you want to use most of a particular content repository while excluding certain packages. The filter uses all content in the repository except for the content you select. |
If using a combination of Include and Exclude filters, publishing a content view triggers the include filters first, then the exclude filters. In this situation, select which content to include, then which content to exclude from the inclusive subset.
You can filter content based on the following content types:
Content Type | Description |
---|---|
RPM |
Filter packages based on their name and version number. The RPM option filters non-modular RPM packages and errata. Source RPMs are not affected by this filter and will still be available in the content view. |
Package Group |
Filter packages based on package groups. The list of package groups is based on the repositories added to the content view. |
Erratum (by ID) |
Select which specific errata to add to the filter. The list of Errata is based on the repositories added to the content view. |
Erratum (by Date and Type) |
Select a issued or updated date range and errata type (Bugfix, Enhancement, or Security) to add to the filter. |
Module Streams |
Select whether to include or exclude specific module streams. The Module Streams option filters modular RPMs and errata, but does not filter non-modular content that is associated with the selected module stream. |
Container Image Tag |
Select whether to include or exclude specific container image tags. |
7.12. Resolving package dependencies
orcharhino can add dependencies of packages in a content view to the dependent repository when publishing the content view. To configure this, you can enable dependency solving.
For example, dependency solving is useful when you incrementally add a single package to a content view version. You might need to enable dependency solving to install that package.
However, dependency solving is unnecessary in most situations. For example:
-
When incrementally adding a security errata to a content view, dependency solving can cause significant delays to content view publication without major benefits.
-
Packages from a newer erratum might have dependencies that are incompatible with packages from an older content view version. Incrementally adding the erratum by solving dependencies might result in the inclusion of unwanted packages. As an alternative, consider updating the content view.
Note
|
Dependency solving only considers packages within the repositories of the content view. It does not consider packages installed on clients. For example, if a content view includes only AppStream, dependency solving does not include dependent BaseOS content at publish time. For more information, see Limitations to Repository Dependency Resolution in Managing content. |
Dependency solving can lead to the following problems:
- Significant delay in content view publication
-
orcharhino examines every repository in a content view for dependencies. Therefore, publish time increases with more repositories.
To mitigate this problem, use multiple content views with fewer repositories and combine them into composite content views.
- Ignored content view filters on dependent packages
-
orcharhino prioritizes resolving package dependencies over the rules in your filter.
For example, if you create a filter for security purposes but enable dependency solving, orcharhino can add packages that you might consider insecure.
To mitigate this problem, carefully test filtering rules to determine the required dependencies. If dependency solving includes unwanted packages, manually identify the core basic dependencies that the extra packages and errata need.
For example, you can recreate Red Hat Enterprise Linux 8.3 by using content view filters and include selected errata from a later Red Hat Enterprise Linux 8 minor release. To achieve this, you create filters to exclude most of the errata after the Red Hat Enterprise Linux 8.3 release date, except a few that you need. Then, you enable dependency solving.
In this situation, dependency solving might include more packages than expected. As a result, the host diverges from being a Red Hat Enterprise Linux 8.3 machine.
If you do not need the extra errata and packages, do not configure content view filtering. Instead, enable and use the Red Hat Enterprise Linux 8.3 repository on the Content > Red Hat Repositories page in the orcharhino management UI.
If you make a Red Hat Enterprise Linux 8.3 repository with a few excluded packages, dnf upgrade
can sometimes fail.
Do not enable dependency solving to resolve the problem.
Instead, investigate the error from dnf
and adjust the filters to stop excluding the missing dependency.
Else, dependency solving might cause the repository to diverge from Red Hat Enterprise Linux 8.3.
7.13. Enabling dependency solving for a content view
Use this procedure to enable dependency solving for a content view.
-
Dependency solving is useful only in limited contexts. Before enabling it, ensure you read and understand Resolving package dependencies
-
In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.
-
From the list of content views, select the required content view.
-
On the Details tab, toggle Solve dependencies.
7.14. Content filter examples
Use any of the following examples with the procedure that follows to build custom content filters.
Note
|
Filters can significantly increase the time to publish a content view. For example, if a content view publish task completes in a few minutes without filters, it can take 30 minutes after adding an exclude or include errata filter. |
Create a repository with the base Red Hat Enterprise Linux packages. This filter requires a Red Hat Enterprise Linux repository added to the content view.
Filter:
-
Inclusion Type: Include
-
Content Type: Package Group
-
Filter: Select only the Base package group
Create a repository that excludes all errata, except for security updates, after a certain date. This is useful if you want to perform system updates on a regular basis with the exception of critical security updates, which must be applied immediately. This filter requires a Red Hat Enterprise Linux repository added to the content view.
Filter:
-
Inclusion Type: Exclude
-
Content Type: Erratum (by Date and Type)
-
Filter: Select only the Bugfix and Enhancement errata types, and clear the Security errata type. Set the Date Type to Updated On. Set the Start Date to the date you want to restrict errata. Leave the End Date blank to ensure any new non-security errata is filtered.
A combination of Example 1 and Example 2 where you only require the operating system packages and want to exclude recent bug fix and enhancement errata. This requires two filters attached to the same content view. The content view processes the Include filter first, then the Exclude filter.
Filter 1:
-
Inclusion Type: Include
-
Content Type: Package Group
-
Filter: Select only the Base package group
Filter 2:
-
Inclusion Type: Exclude
-
Content Type: Erratum (by Date and Type)
-
Filter: Select only the Bugfix and Enhancement errata types, and clear the Security errata type. Set the Date Type to Updated On. Set the Start Date to the date you want to restrict errata. Leave the End Date blank to ensure any new non-security errata is filtered.
Filter a specific module stream in a content view.
Filter 1:
-
Inclusion Type: Include
-
Content Type: Module Stream
-
Filter: Select only the specific module stream that you want for the content view, for example ant, and click Add Module Stream.
Filter 2:
-
Inclusion Type: Exclude
-
Content Type: Package
-
Filter: Add a rule to filter any non-modular packages that you want to exclude from the content view. If you do not filter the packages, the content view filter includes all non-modular packages associated with the module stream ant. Add a rule to exclude all
*
packages, or specify the package names that you want to exclude.
7.15. Creating a content filter for Yum content
You can filter content views containing Yum content to include or exclude specific packages, package groups, errata, or module streams. Filters are based on a combination of the name, version, and architecture.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
For examples of how to build a filter, see Content filter examples.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.
-
Select a content view.
-
On the Filters tab, click Create filter.
-
Enter a name.
-
From the Content type list, select a content type.
-
From the Inclusion Type list, select either Include filter or Exclude filter.
-
Optional: In the Description field, enter a description for the filter.
-
Click Create filter to create your content filter.
-
Depending on what you enter for Content Type, add rules to create the filter that you want.
-
Select if you want the filter to Apply to subset of repositories or Apply to all repositories.
-
Click Publish New Version to publish the filtered repository.
-
Optional: In the Description field, enter a description of the changes.
-
Click Create filter to publish a new version of the content view.
You can promote this content view across all environments.
-
Add a filter to the content view. Use the
--inclusion false
option to set the filter to an Exclude filter:$ hammer content-view filter create \ --name "Errata Filter" \ --type erratum --content-view "Example_Content_View" \ --description "My latest filter" \ --inclusion false \ --organization "My_Organization"
-
Add a rule to the filter:
$ hammer content-view filter rule create \ --content-view "Example_Content_View" \ --content-view-filter "Errata Filter" \ --start-date "YYYY-MM-DD" \ --types enhancement,bugfix \ --date-type updated \ --organization "My_Organization"
-
Publish the content view:
$ hammer content-view publish \ --name "Example_Content_View" \ --description "Adding errata filter" \ --organization "My_Organization"
-
Promote the view across all environments:
$ hammer content-view version promote \ --content-view "Example_Content_View" \ --version 1 \ --to-lifecycle-environment "Development" \ --organization "My_Organization" $ hammer content-view version promote \ --content-view "Example_Content_View" \ --version 1 \ --to-lifecycle-environment "Testing" \ --organization "My_Organization" $ hammer content-view version promote \ --content-view "Example_Content_View" \ --version 1 \ --to-lifecycle-environment "Production" \ --organization "My_Organization"
7.16. Creating a content filter for Deb content
You can filter content views containing Deb content to include or exclude specific packages or package groups. Filters are based on a combination of the name and the architecture.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
For examples of how to build a filter, see Content filter examples.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.
-
Select a content view.
-
On the Filters tab, click Create filter.
-
Enter a name.
-
From the Content type list, select a content type.
-
From the Inclusion Type list, select either Include filter or Exclude filter.
-
Optional: In the Description field, enter a description for the filter.
-
Click Create filter to create your content filter.
-
Depending on what you enter for Content Type, add rules to create the filter that you want.
-
Select if you want the filter to Apply to subset of repositories or Apply to all repositories.
-
Click Publish New Version to publish the filtered repository.
-
Optional: In the Description field, enter a description of the changes.
-
Click Save to publish a new version of the content view.
You can promote this content view across all environments.
-
Add a filter to the content view. Use the
--inclusion false
option to set the filter to an Exclude filter:$ hammer content-view filter create \ --content-view "Example_Content_View" \ --description "My_Content_View_Filter_Description" \ --inclusion false \ --name "Errata Filter" \ --organization "My_Organization" \ --type erratum
-
Add a rule to the filter:
$ hammer content-view filter rule create \ --content-view "My_Content_View" \ --content-view-filter "My_Errata_Filter" \ --date-type updated \ --organization "My_Organization" \ --start-date "YYYY-MM-DD" \ --types enhancement,bugfix
-
Publish the content view:
$ hammer content-view publish \ --description "Adding errata filter" \ --name "My_Content_View" \ --organization "My_Organization"
-
Promote the view across all environments:
$ hammer content-view version promote \ --content-view "Example_Content_View" \ --organization "My_Organization" \ --to-lifecycle-environment "Development" \ --version 1 $ hammer content-view version promote \ --content-view "Example_Content_View" \ --organization "My_Organization" \ --to-lifecycle-environment "Testing" \ --version 1 $ hammer content-view version promote \ --content-view "Example_Content_View" \ --organization "My_Organization" \ --to-lifecycle-environment "Production" \ --version 1
7.17. Deleting multiple content view versions
You can delete multiple content view versions simultaneously.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.
-
Select the content view you want to delete versions of.
-
On the Versions tab, select the checkbox of the version or versions you want to delete.
-
Click the vertical ellipsis icon at the top of the list of content views.
-
Click Delete to open the deletion wizard that shows any affected environments.
-
If there are no affected environments, review the details and click Delete.
-
If there are any affected environments, reassign any hosts or activation keys before deletion.
-
Review the details of the actions.
-
Click Delete.
7.18. Clearing the search filter
If you search for specific content types by using keywords in the Search text box and the search returns no results, click Clear search to clear all the search queries and reset the Search text box.
If you use a filter to search for specific repositories in the Type text box and the search returns no results, click Clear filters to clear all active filters and reset the Type text box.
7.19. Standardizing content view empty states
If there are no filters listed for a content view, click Create filter. A modal opens to show you the next steps to create a filter. Follow these steps to add a new filter to create new content types.
7.20. Comparing content view versions
Use this procedure to compare content view version functionality for orcharhino.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.
-
Select a content view whose versions you want to compare.
-
On the Versions tab, select the checkbox next to any two versions you want to compare.
-
Click Compare.
The Compare screen has the pre-selected versions in the version dropdown menus and tabs for all content types found in either version. You can filter the results to show only the same, different, or all content types. You can compare different content view versions by selecting them from the dropdown menus.
7.21. Distributing archived content view versions
The setting Distribute archived content view versions enables hosting of non-promoted content view version repositories in the orcharhino content web application along with other repositories. This is useful while debugging to see what content is present in your content view versions.
-
In the orcharhino management UI, navigate to Administer > Settings.
-
Click the Content tab.
-
Set the Distribute archived content view versions parameter to Yes.
-
Click Submit.
This enables the repositories of content view versions without lifecycle environments to be distributed at
orcharhino.example.com/pulp/content/My_Organization/content_views/My_Content_View/My_Content_View_Version/
.NoteOlder non-promoted content view versions are not distributed once the setting is enabled. Only new content view versions become distributed.
8. Synchronizing content between orcharhino Servers
In a orcharhino setup with multiple orcharhino Servers, you can use Inter-Server Synchronization (ISS) to synchronize content from one upstream server to one or more downstream servers.
There are two possible ISS configurations of orcharhino, depending on how you deployed your infrastructure:
- ISS Network Sync
-
If your upstream server can communicate with the downstream server over a network, you can synchronize content over HTTPS.
Configure your orcharhino to synchronize content over a network. For more information, see Configuring orcharhino Server to synchronize content over a network.
- ISS Export Sync
-
If your upstream and downstream servers are air gapped, you can synchronize content by using export and import.
Configure your orcharhino to synchronize content by using export and import. For more information, see Configuring orcharhino Server to synchronize content by using exports.
-
For more information on ISS use cases and scenarios, see Inter-Server Synchronization scenarios.
8.1. Content synchronization by using export and import
There are multiple approaches for synchronizing content by using the export and import workflow:
-
You employ the upstream orcharhino Server as a content store, which means that you sync the whole Library rather than content view versions. This approach offers the simplest export/import workflow. In such case, you can manage the content view versions downstream. For more information, see Using an upstream orcharhino Server as a content store.
-
You use the upstream orcharhino Server to sync content view versions. This approach offers more control over what content is synced between orcharhino Servers. For more information, see Using an upstream orcharhino Server to synchronize content view versions.
-
You sync a single repository. This can be useful if you use the content-view syncing approach, but you want to sync an additional repository without adding it to an existing content view. For more information, see Synchronizing a single repository.
Note
|
Synchronizing content by using export and import requires the same major, minor, and patch version of orcharhino on both the downstream and upstream orcharhino Servers. When you are unable to match upstream and downstream orcharhino versions, you can use:
|
8.1.1. Using an upstream orcharhino Server as a content store
In this scenario, you use the upstream orcharhino Server as a content store for updates rather than to manage content. You use the downstream orcharhino Server to manage content for all infrastructure behind the isolated network. You export the Library content from the upstream orcharhino Server and import it into the downstream orcharhino Server.
-
Ensure that repositories are using the Immediate download policy in one of the following ways:
-
For existing repositories using On Demand, change their download policy on the repository details page to Immediate.
-
For new repositories, ensure that the Default Red Hat Repository download policy setting is set to Immediate before enabling Red Hat repositories, and that the Default download policy is set to Immediate for custom repositories.
For more information, see Download policies overview.
-
-
Enable the content that you want to synchronize. For more information, see Enabling Red Hat repositories.
If you want to sync custom content, first create a custom product and then synchronize repositories.
-
Synchronize the enabled content:
-
On the first export, perform a
complete
Library export so that all the synchronized content is exported. This generates content archives that you can later import into one or more downstream orcharhino Servers. For more information on performing a complete Library export, see Exporting the Library environment. -
Export all future updates on the upstream orcharhino Server incrementally. This generates leaner content archives that contain only a recent set of updates. For example, if you enable and synchronize a new repository, the next exported content archive contains content only from the newly enabled repository. For more information on performing an incremental Library export, see Exporting the Library environment incrementally.
-
-
Bring the content exported from the upstream orcharhino Server over to the hard disk.
-
Place it inside a directory under
/var/lib/pulp/imports
. -
Import the content to an organization using the procedure outlined in Importing into the Library environment.
You can then manage content using content views or lifecycle environments as you require.
8.1.2. Using an upstream orcharhino Server to synchronize content view versions
In this scenario, you use the upstream orcharhino Server not only as a content store, but also to synchronize content for all infrastructure behind the isolated network. You curate updates coming from the CDN into content views and lifecycle environments. Once you promote content to a designated lifecycle environment, you can export the content from the upstream orcharhino Server and import it into the downstream orcharhino Server.
-
Ensure that repositories are using the Immediate download policy in one of the following ways:
-
For existing repositories using On Demand, change their download policy on the repository details page to Immediate.
-
For new repositories, ensure that the Default Red Hat Repository download policy setting is set to Immediate before enabling Red Hat repositories, and that the Default download policy is set to Immediate for custom repositories.
For more information, see Download policies overview.
-
-
Enable the content that you want to synchronize. For more information, see Enabling Red Hat repositories.
If you want to sync custom content, first create a custom product and then synchronize repositories.
-
Synchronize the enabled content:
-
For the first export, perform a
complete
version export on the content view version that you want to export. For more information see, Exporting a content view version. This generates content archives that you can import into one or more downstream orcharhino Servers. -
Export all future updates in the connected orcharhino Servers incrementally. This generates leaner content archives that contain changes only from the recent set of updates. For example, if your content view has a new repository, this exported content archive contains only the latest changes. For more information, see Exporting a content view version incrementally.
-
When you have new content, republish the content views that include this content before exporting the increment. For more information, see Managing content views. This creates a new content view version with the appropriate content to export.
-
-
Bring the content exported from the upstream orcharhino Server over to the hard disk.
-
Place it inside a directory under
/var/lib/pulp/imports
. -
Import the content to the organization that you want. For more information, see Importing a content view version. This will create a content view version from the exported content archives and then import content appropriately.
8.1.3. Synchronizing a single repository
In this scenario, you export and import a single repository.
-
Ensure that the repository is using the Immediate download policy in one of the following ways:
-
For existing repositories using On Demand, change their download policy on the repository details page to Immediate.
-
For new repositories, ensure that the Default Red Hat Repository download policy setting is set to Immediate before enabling Red Hat repositories, and that the Default download policy is set to Immediate for custom repositories.
For more information, see Download policies overview.
-
-
Enable the content that you want to synchronize. For more information, see Enabling Red Hat repositories.
If you want to sync custom content, first create a custom product and then synchronize product repositories.
-
Synchronize the enabled content:
-
On the first export, perform a
complete
repository export so that all the synchronized content is exported. This generates content archives that you can later import into one or more downstream orcharhino Servers. For more information on performing a complete repository export, see Exporting a repository. -
Export all future updates on the upstream orcharhino Server incrementally. This generates leaner content archives that contain only a recent set of updates. For more information on performing an incremental repository export, see Exporting a repository incrementally.
-
-
Bring the content exported from the upstream orcharhino Server over to the hard disk.
-
Place it inside a directory under
/var/lib/pulp/imports
. -
Import the content to an organization. See Importing a repository.
You can then manage content using content views or lifecycle environments as you require.
8.2. Synchronizing a custom repository
When using Inter-Server Synchronization Network Sync, Red Hat repositories are configured automatically, but custom repositories are not. Use this procedure to synchronize content from a custom repository on a connected orcharhino Server to a disconnected orcharhino Server through Inter-Server Synchronization (ISS) Network Sync.
Follow the procedure for the connected orcharhino Server before completing the procedure for the disconnected orcharhino Server.
-
In the orcharhino management UI, navigate to Content > Products.
-
Click on the custom product.
-
Click on the custom repository.
-
Copy the Published At: URL.
-
Continue with the procedure on disconnected orcharhino Server.
-
Download the
katello-server-ca.crt
file from the connected orcharhino Server:# curl http://orcharhino.example.com/pub/katello-server-ca.crt
-
Create an SSL Content Credential with the contents of
katello-server-ca.crt
. For more information on creating an SSL Content Credential, see Importing custom SSL certificates. -
In the orcharhino management UI, navigate to Content > Products.
-
Create your custom product with the following:
-
Upstream URL: Paste the link that you copied earlier.
-
SSL CA Cert: Select the SSL certificate that was transferred from your connected orcharhino Server.
For more information on creating a custom product, see Creating a custom product.
-
After completing these steps, the custom repository is properly configured on the disconnected orcharhino Server.
8.3. Exporting the Library environment
You can export content in the Library environment of an organization to an archive file from orcharhino Server and use this archive file to create the same repositories in another orcharhino Server or in another orcharhino Server organization. The exported archive file contains the following data:
-
A JSON file containing content view version metadata.
-
An archive file containing all the repositories from the Library environment of the organization.
You can export the following content from orcharhino Server:
-
Ansible collections
-
Deb content
-
Docker content
-
Custom file type content
-
Kickstart repositories
-
Yum content
-
Ensure that the export directory has free storage space to accommodate the export.
-
Ensure that the
/var/lib/pulp/exports
directory has free storage space equivalent to the size of the repositories being exported for temporary files created during the export process. -
Ensure that you set download policy to Immediate for all repositories within the Library lifecycle environment you export. For more information, see Download policies overview.
-
Ensure that you synchronize products that you export to the required date.
-
Use the organization name or ID to export.
$ hammer content-export complete library --organization="My_Organization"
-
Verify that the archive containing the exported version of a content view is located in the export directory:
# ls -lh /var/lib/pulp/exports/My_Organization/Export-Library/1.0/2021-03-02T03-35-24-00-00 total 68M -rw-r--r--. 1 pulp pulp 68M Mar 2 03:35 export-1e25417c-6d09-49d4-b9a5-23df4db3d52a-20210302_0335.tar.gz -rw-r--r--. 1 pulp pulp 333 Mar 2 03:35 export-1e25417c-6d09-49d4-b9a5-23df4db3d52a-20210302_0335-toc.json -rw-r--r--. 1 pulp pulp 443 Mar 2 03:35 metadata.json
You need all three files, the
tar.gz
, thetoc.json
, and themetadata.json
file to be able to import. -
A new content view Export-Library is created in the organization. This content view contains all the repositories belonging to this organization. A new version of this content view is published and exported automatically.
In many cases the exported archive content may be several gigabytes in size.
If you want to split it into smaller sizes or chunks.
You can use the --chunk-size-gb
flag directly in the export command to handle this.
In the following example, you can see how to specify --chunk-size-gb=2
to split the archives in 2 GB
chunks.
$ hammer content-export complete library \ --chunk-size-gb=2 \ --organization="My_Organization" Generated /var/lib/pulp/exports/My_Organization/Export-Library/2.0/2021-03-02T04-01-25-00-00/metadata.json # ls -lh /var/lib/pulp/exports/My_Organization/Export-Library/2.0/2021-03-02T04-01-25-00-00/
8.4. Exporting the library environment in a syncable format
You can export content in the Library environment of an organization to a syncable format that you can use to create your custom CDN and synchronize the content from the custom CDN over HTTP/HTTPS.
You can use the generated content to create the same repository in another orcharhino Server or in another orcharhino Server organization by using content import. On import of the exported archive, a regular content view is created or updated on your importing orcharhino Server. For more information, see Importing a content view version.
You can export the following content types in the syncable format from orcharhino Server:
-
Custom file type content
-
Kickstart repositories
-
Yum content
You cannot export Ansible collections, Deb content, or Docker content in the syncable format.
The export contains directories with the packages, listing files, and metadata of the repository in Yum format that can be used to synchronize in the importing orcharhino Server.
-
Ensure that you set the download policy to Immediate for all repositories within the Library lifecycle environment you export. For more information, see Download policies overview.
-
Ensure that you synchronize products you export to the required date.
-
Ensure that the user exporting the content has the
Content Exporter
role.
-
Use the organization name or ID to export:
$ hammer content-export complete library \ --organization="My_Organization" \ --format=syncable
-
Optional: Verify that the exported content is located in the export directory:
# du -sh /var/lib/pulp/exports/My_Organization/Export-My_Repository/1.0/2021-03-02T03-35-24-00-00
8.5. Importing syncable exports
-
Use the organization name or ID to import syncable exports:
$ hammer content-import library --organization="My_Organization" --path="My_Path_To_Syncable_Export"
Note
|
Syncable exports must be located in one of your |
8.6. Exporting the Library environment incrementally
Exporting Library content can be a very expensive operation in terms of system resources. The size of the exported Library depends on the number of products. Organizations that have multiple Red Hat Enterprise Linux trees can occupy several gigabytes of space on orcharhino Server.
In such cases, you can create an incremental export which contains only pieces of content that have changed since the last export. Incremental exports typically result in smaller archive files than the full exports.
You can export the following content from orcharhino Server:
-
Ansible collections
-
Deb content
-
Docker content
-
Custom file type content
-
Kickstart repositories
-
Yum content
The example below shows incremental export of all repositories in the organization’s Library.
-
Create an incremental export:
$ hammer content-export incremental library \ --organization="My_Organization"
If you want to create a syncable export, add
--format=syncable
. By default, orcharhino creates an importable export.
-
Optional: View the exported data:
# find /var/lib/pulp/exports/My_Organization/Export-Library/
8.7. Exporting a content view version
You can export a version of a content view to an archive file from orcharhino Server and use this archive file to create the same content view version on another orcharhino Server or on another orcharhino Server organization. orcharhino exports composite content views as normal content views. The composite nature is not retained. On importing the exported archive, a regular content view is created or updated on your downstream orcharhino Server. The exported archive file contains the following data:
-
A JSON file containing content view version metadata
-
An archive file containing all the repositories included into the content view version
You can export the following content from orcharhino Server:
-
Ansible collections
-
Deb content
-
Docker content
-
Custom file type content
-
Kickstart repositories
-
Yum content
orcharhino does not export content view definitions and metadata such as package filters.
To export a content view, ensure that orcharhino Server where you want to export meets the following conditions:
-
Ensure that the export directory has free storage space to accommodate the export.
-
Ensure that the
/var/lib/pulp/exports
directory has free storage space equivalent to the size of the repositories being exported for temporary files created during the export process. -
Ensure that you set download policy to Immediate for all repositories within the content view you export. For more information, see Download policies overview.
-
Ensure that you synchronize products that you export to the required date.
-
Ensure that the user exporting the content has the
Content Exporter
role.
-
List versions of the content view that are available for export:
$ hammer content-view version list \ --content-view="My_Content_View" \ --organization="My_Organization" ---|----------|---------|-------------|----------------------- ID | NAME | VERSION | DESCRIPTION | LIFECYCLE ENVIRONMENTS ---|----------|---------|-------------|----------------------- 5 | view 3.0 | 3.0 | | Library 4 | view 2.0 | 2.0 | | 3 | view 1.0 | 1.0 | | ---|----------|---------|-------------|----------------------
-
Get the version number of desired version. The following example targets version
1.0
for export.$ hammer content-export complete version \ --content-view="Content_View_Name" \ --version=1.0 \ --organization="My_Organization"
-
Verify that the archive containing the exported version of a content view is located in the export directory:
# ls -lh /var/lib/pulp/exports/My_Organization/Content_View_Name/1.0/2021-02-25T18-59-26-00-00/
You require all three files, for example, the tar.gz
archive file, the toc.json
and metadata.json
to import the content successfully.
In many cases, the exported archive content can be several gigabytes in size.
You might want to split it smaller sizes or chunks.
You can use the --chunk-size-gb
option with in the hammer content-export
command to handle this.
The following example uses the --chunk-size-gb=2
to split the archives into 2 GB
chunks.
$ hammer content-export complete version \ --chunk-size-gb=2 \ --content-view="Content_View_Name" \ --organization="My_Organization" \ --version=1.0 # ls -lh /var/lib/pulp/exports/My_Organization/view/1.0/2021-02-25T21-15-22-00-00/
8.8. Exporting a content view version in a syncable format
You can export a version of a content view to a syncable format that you can use to create your custom CDN. After you have exported the content view, you can do either of the following:
-
Synchronize the content from your custom CDN over HTTP/HTTPS.
-
Import the content using
hammer content-import
. Note that this requires both the Export and Import servers to run orcharhino 7.0.
You can use the generated content to create the same repository in another orcharhino Server or in another orcharhino Server organization using content import. On importing the exported archive, a regular content view is created or updated on your downstream orcharhino Server.
The export contains directories with the packages, listing files, and metadata of the repository in Yum format that can be used to synchronize in the importing orcharhino Server.
You can export the following content types in the syncable format from orcharhino Server:
-
Custom file type content
-
Kickstart repositories
-
Yum content
You cannot export Ansible collections, Deb content, or Docker content in the syncable format.
-
Ensure that you set the download policy to Immediate for all repositories within the content view you export. For more information, see Download policies overview.
-
Ensure that you synchronize products you export to the required date.
-
Ensure that the user exporting the content has the
Content Exporter
role.
-
List versions of the content view that are available for export:
$ hammer content-view version list \ --content-view="My_Content_View" \ --organization="My_Organization"
-
Get the version number of desired version. The following example targets version
1.0
for export:$ hammer content-export complete version \ --content-view="Content_View_Name" \ --version=1.0 \ --organization="My_Organization" \ --format=syncable
-
Optional: Verify that the exported content is located in the export directory:
# ls -lh /var/lib/pulp/exports/My_Organization/My_Content_View_Name/1.0/2021-02-25T18-59-26-00-00/
8.9. Exporting a content view version incrementally
Exporting complete content view versions can be a very expensive operation in terms of system resources. The size of the exported content view versions depends on the number of products. Content view versions that have multiple Red Hat Enterprise Linux trees can occupy several gigabytes of space on orcharhino Server.
In such cases, you can create an incremental export which contains only pieces of content that have changed since the last export. Incremental exports typically result in smaller archive files than the full exports.
You can export the following content from orcharhino Server:
-
Ansible collections
-
Deb content
-
Docker content
-
Custom file type content
-
Kickstart repositories
-
Yum content
-
Create an incremental export:
$ hammer content-export incremental version \ --content-view="My_Content_View" \ --organization="My_Organization" \ --version="My_Content_View_Version"
If you want to create a syncable export, add
--format=syncable
. By default, orcharhino creates an importable export.
-
Optional: View the exported content view:
# find /var/lib/pulp/exports/My_Organization/My_Exported_Content_View/My_Content_View_Version/
-
You can import your exported content view version into orcharhino Server. For more information, see Importing a content view version.
8.10. Exporting a repository
You can export the content of a repository in the Library environment of an organization from orcharhino Server. You can use this archive file to create the same repository in another orcharhino Server or in another orcharhino Server organization.
You can export the following content from orcharhino Server:
-
Ansible collections
-
Deb content
-
Docker content
-
Custom file type content
-
Kickstart repositories
-
Yum content
The export contains the following data:
-
Two JSON files containing repository metadata.
-
One or more archive files containing the contents of the repository from the Library environment of the organization.
You need all the files, tar.gz
, toc.json
and metadata.json
, to be able to import.
-
Ensure that the export directory has enough free storage space to accommodate the export.
-
Ensure that the
/var/lib/pulp/exports
directory has enough free storage space equivalent to the size of all repositories that you want to export. -
Ensure that you set download policy to Immediate for the repository within the Library lifecycle environment you export. For more information, see Download policies overview.
-
Ensure that you synchronize products that you export to the required date.
-
Export a repository:
$ hammer content-export complete repository \ --name="My_Repository" \ --product="My_Product" \ --organization="My_Organization"
NoteThe size of the exported archive depends on the number and size of the packages within the repository. If you want to split the exported archive into chunks, export your repository using the
--chunk-size-gb
argument to limit the size by an integer value in gigabytes, for example---chunk-size-gb=2
. -
Optional: Verify that the exported archive is located in the export directory:
# ls -lh /var/lib/pulp/exports/My_Organization/Export-My_Repository/1.0/2022-09-02T03-35-24-00-00/
8.11. Exporting a repository in a syncable format
You can export the content of a repository in the Library environment of an organization to a syncable format that you can use to create your custom CDN and synchronize the content from the custom CDN over HTTP/HTTPS.
You can use the generated content to create the same repository in another orcharhino Server or in another orcharhino Server organization using content import. On importing the exported archive, a regular content view is created or updated on your downstream orcharhino Server.
The export contains directories with the packages, listing files, and metadata of the repository in Yum format that can be used to synchronize in the importing orcharhino Server.
You can export the following content types in the syncable format from orcharhino Server:
-
Custom file type content
-
Kickstart repositories
-
Yum content
You cannot export Ansible collections, Deb content, or Docker content in the syncable format.
-
Ensure that you set the download policy to Immediate for the repository within the Library lifecycle environment you export. For more information, see Download policies overview.
-
Export a repository using the repository name or ID:
$ hammer content-export complete repository \ --organization="My_Organization" \ --product="My_Product" \ --name="My_Repository" \ --format=syncable
-
Optional: Verify that the exported content is located in the export directory:
# du -sh /var/lib/pulp/exports/My_Organization/Export-My_Repository/1.0/2021-03-02T03-35-24-00-00
8.12. Exporting a repository incrementally
Exporting a repository can be a very expensive operation in terms of system resources. A typical Red Hat Enterprise Linux tree may occupy several gigabytes of space on orcharhino Server.
In such cases, you can use Incremental Export to export only pieces of content that changed since the previous export. Incremental exports typically result in smaller archive files than the full exports.
You can export the following content from orcharhino Server:
-
Ansible collections
-
Deb content
-
Docker content
-
Custom file type content
-
Kickstart repositories
-
Yum content
The example below shows incremental export of a repository in the Library lifecycle environment.
-
Create an incremental export:
$ hammer content-export incremental repository \ --name="My_Repository" \ --organization="My_Organization" \ --product="My_Product"
-
Optional: View the exported data:
# ls -lh /var/lib/pulp/exports/My_Organization/Export-My_Repository/3.0/2021-03-02T03-35-24-00-00/ total 172K -rw-r--r--. 1 pulp pulp 20M Mar 2 04:22 export-436882d8-de5a-48e9-a30a-17169318f908-20210302_0422.tar.gz -rw-r--r--. 1 pulp pulp 333 Mar 2 04:22 export-436882d8-de5a-48e9-a30a-17169318f908-20210302_0422-toc.json -rw-r--r--. 1 root root 492 Mar 2 04:22 metadata.json
8.13. Exporting a repository incrementally in a syncable format
Exporting a repository can be a very expensive operation in terms of system resources. A typical Red Hat Enterprise Linux tree may occupy several gigabytes of space on orcharhino Server.
In such cases, you can use Incremental Export to export only pieces of content that changed since the previous export. Incremental exports typically result in smaller archive files than full exports.
You can export the following content types in the syncable format from orcharhino Server:
-
Custom file type content
-
Kickstart repositories
-
Yum content
You cannot export Ansible collections, Deb content, or Docker content in the syncable format.
The procedure below shows an incremental export of a repository in the Library lifecycle environment.
-
Create an incremental export:
$ hammer content-export incremental repository \ --format=syncable \ --name="My_Repository" \ --organization="My_Organization" \ --product="My_Product"
-
Optional: View the exported data:
# find /var/lib/pulp/exports/Default_Organization/My_Product/2.0/2023-03-09T10-55-48-05-00/ -name "*.rpm"
8.14. Keeping track of your exports
orcharhino keeps records of all exports. Each time you export content on the upstream orcharhino Server, the export is recorded and maintained for future querying. You can use the records to organize and manage your exports, which is useful especially when exporting incrementally.
When exporting content from the upstream orcharhino Server for several downstream orcharhino Servers, you can also keep track of content exported for specific servers. This helps you track which content was exported and to where.
Use the --destination-server
argument during export to indicate the target server.
This option is available for all content-export
operations.
-
Specify the destination server when exporting the Library:
$ hammer content-export complete library \ --destination-server=My_Downstream_Server_1 \ --organization="My_Organization" \ --version=1.0
-
Specify the destination server when exporting a content view version:
$ hammer content-export complete version \ --content-view="Content_View_Name" \ --destination-server=My_Downstream_Server_1 \ --organization="My_Organization" \ --version=1.0
-
List content exports using the following command:
$ hammer content-export list --organization="My_Organization"
8.15. Importing into the Library environment
You can import exported Library content into the Library lifecycle environment of an organization on another orcharhino Server. For more information about exporting contents from the Library environment, see Exporting the Library environment.
-
The exported files must be in a directory under
/var/lib/pulp/imports
. -
If there are any Red Hat repositories in the exported content, the importing organization’s manifest must contain subscriptions for the products contained within the export.
-
The user importing the content must have the Content Importer Role.
-
Copy the exported files to a subdirectory of
/var/lib/pulp/imports
on orcharhino Server where you want to import. -
Set the ownership of the import directory and its contents to
pulp:pulp
.# chown -R pulp:pulp /var/lib/pulp/imports/2021-03-02T03-35-24-00-00
-
Verify that the ownership is set correctly:
# ls -lh /var/lib/pulp/imports/2021-03-02T03-35-24-00-00 total 68M -rw-r--r--. 1 pulp pulp 68M Mar 2 04:29 export-1e25417c-6d09-49d4-b9a5-23df4db3d52a-20210302_0335.tar.gz -rw-r--r--. 1 pulp pulp 333 Mar 2 04:29 export-1e25417c-6d09-49d4-b9a5-23df4db3d52a-20210302_0335-toc.json -rw-r--r--. 1 pulp pulp 443 Mar 2 04:29 metadata.json
-
Identify the Organization that you wish to import into.
-
To import the Library content to orcharhino Server, enter the following command:
$ hammer content-import library \ --organization="My_Organization" \ --path=/var/lib/pulp/imports/2021-03-02T03-35-24-00-00
Note you must enter the full path
/var/lib/pulp/imports/My_Exported_Library_Dir
. Relative paths do not work. -
To verify that you imported the Library content, check the contents of the product and repositories. A new content view called
Import-Library
is created in the target organization. This content view is used to facilitate the Library content import.By default, this content view is not shown in the orcharhino management UI.
Import-Library
is not meant to be assigned directly to hosts. Instead, assign your hosts toDefault Organization View
or another content view as you would normally. -
The importing orcharhino Server extracts the
/var/lib/pulp/imports
directory to/var/lib/pulp/
. You can empty the/var/lib/pulp/imports
directory after a successful import.
8.16. Importing into the Library environment from a web server
You can import exported Library content directly from a web server into the Library lifecycle environment of an organization on another orcharhino Server. For more information about exporting contents from the Library environment, see Exporting the Library environment.
-
The exported files must be in a syncable format.
-
The exported files must be accessible through HTTP/HTTPS.
-
If there are any Red Hat repositories in the exported content, the importing organization’s manifest must contain subscriptions for the products contained within the export.
-
The user importing the content view version must have the Content Importer role.
-
Identify the Organization that you wish to import into.
-
To import the Library content to orcharhino Server, enter the following command:
$ hammer content-import library \ --organization="My_Organization" \ --path=http://server.example.com/pub/exports/2021-02-25T21-15-22-00-00/
A new content view called
Import-Library
is created in the target organization. This content view is used to facilitate the Library content import.By default, this content view is not shown in the orcharhino management UI.
Import-Library
is not meant to be assigned directly to hosts. Instead, assign your hosts toDefault Organization View
or another content view.
8.17. Importing a content view version
You can import an exported content view version to create a version with the same content in an organization on another orcharhino Server. For more information about exporting a content view version, see Exporting a content view version.
When you import a content view version, it has the same major and minor version numbers and contains the same repositories with the same packages and errata. Custom repositories, products and content views are automatically created if they do not exist in the importing organization.
-
The exported files must be in a directory under
/var/lib/pulp/imports
. -
If there are any Red Hat repositories in the exported content, the importing organization’s manifest must contain subscriptions for the products contained within the export.
-
The user importing the content view version must have the Content Importer Role.
-
Copy the exported files to a subdirectory of
/var/lib/pulp/imports
on orcharhino Server where you want to import. -
Set the ownership of the import directory and its contents to
pulp:pulp
.# chown -R pulp:pulp /var/lib/pulp/imports/2021-02-25T21-15-22-00-00/
-
Verify that the ownership is set correctly:
# ls -lh /var/lib/pulp/imports/2021-02-25T21-15-22-00-00/
-
To import the content view version to orcharhino Server, enter the following command:
$ hammer content-import version \ --organization=My_Organization \ --path=/var/lib/pulp/imports/2021-02-25T21-15-22-00-00/
Note that you must enter the full path
/var/lib/pulp/imports/My_Exported_Version_Dir
. Relative paths do not work. -
To verify that you imported the content view version successfully, list content view versions for your organization:
$ hammer content-view version list \ --organization-id=My_Organization_ID
-
The importing orcharhino Server extracts the
/var/lib/pulp/imports
directory to/var/lib/pulp/
. You can empty the/var/lib/pulp/imports
directory after a successful import.
8.18. Importing a content view version from a web server
You can import an exported content view version directly from a web server to create a version with the same content in an organization on another orcharhino Server. For more information about exporting a content view version, see Exporting a content view version.
When you import a content view version, it has the same major and minor version numbers and contains the same repositories with the same packages and errata. Custom repositories, products, and content views are automatically created if they do not exist in the importing organization.
-
The exported files must be in a syncable format.
-
The exported files must be accessible through HTTP/HTTPS.
-
If there are any Red Hat repositories in the exported content, the importing organization’s manifest must contain subscriptions for the products contained within the export.
-
The user importing the content view version must have the Content Importer role.
-
Import the content view version into orcharhino Server:
$ hammer content-import version \ --organization=My_Organization \ --path=http://server.example.com/pub/exports/2021-02-25T21-15-22-00-00/
8.19. Importing a repository
You can import an exported repository into an organization on another orcharhino Server. For more information about exporting content of a repository, see Exporting a repository.
-
The export files must be in a directory under
/var/lib/pulp/imports
. -
If the export contains any Red Hat repositories, the manifest of the importing organization must contain subscriptions for the products contained within the export.
-
The user importing the content must have the Content Importer Role.
-
Copy the exported files to a subdirectory of
/var/lib/pulp/imports
on orcharhino Server where you want to import. -
Set the ownership of the import directory and its contents to
pulp:pulp
.# chown -R pulp:pulp /var/lib/pulp/imports/2021-03-02T03-35-24-00-00
-
Verify that the ownership is set correctly:
# ls -lh /var/lib/pulp/imports/2021-03-02T03-35-24-00-00 total 68M -rw-r--r--. 1 pulp pulp 68M Mar 2 04:29 export-1e25417c-6d09-49d4-b9a5-23df4db3d52a-20210302_0335.tar.gz -rw-r--r--. 1 pulp pulp 333 Mar 2 04:29 export-1e25417c-6d09-49d4-b9a5-23df4db3d52a-20210302_0335-toc.json -rw-r--r--. 1 pulp pulp 443 Mar 2 04:29 metadata.json
-
Identify the Organization that you wish to import into.
-
To import the repository content to orcharhino Server, enter the following command:
$ hammer content-import repository \ --organization="My_Organization" \ --path=/var/lib/pulp/imports/2021-03-02T03-35-24-00-00
Note that you must enter the full path
/var/lib/pulp/imports/My_Exported_Repo_Dir
. Relative paths do not work. -
To verify that you imported the repository, check the contents of the product and repository.
-
The importing orcharhino Server extracts the
/var/lib/pulp/imports
directory to/var/lib/pulp/
. You can empty the/var/lib/pulp/imports
directory after a successful import.
8.20. Importing a repository from a web server
You can import an exported repository directly from a web server into an organization on another orcharhino Server. For more information about exporting the content of a repository, see Exporting a repository.
-
The exported files must be in a syncable format.
-
The exported files must be accessible through HTTP/HTTPS.
-
If the export contains any Red Hat repositories, the manifest of the importing organization must contain subscriptions for the products contained within the export.
-
The user importing the content view version must have the Content Importer Role.
-
Select the organization into which you want to import.
-
To import the repository to orcharhino Server, enter the following command:
$ hammer content-import repository \ --organization="My_Organization" \ --path=http://server.example.com/pub/exports/2021-02-25T21-15-22-00-00/
8.21. Exporting and importing content using Hammer CLI cheat sheet
Intent | Command |
---|---|
Fully export an Organization’s Library |
|
Incrementally export an Organization’s Library (assuming you have exported something previously) |
|
Fully export a content view version |
|
Export a content view version promoted to the Dev Environment |
|
Export a content view in smaller chunks (2-GB slabs) |
|
Incrementally export a content view version (assuming you have exported something previously) |
|
Fully export a Repository |
|
Incrementally export a Repository (assuming you have exported something previously) |
|
List exports |
|
Intent | Command |
---|---|
Import into an Organization’s Library |
|
Import to a content view version |
|
Import a Repository |
|
9. Managing activation keys
Activation keys provide a method to automate system registration. You can create multiple keys and associate them with different environments and content views. For example, you might create a basic activation key that enables certain Red Hat repositories and associate it with the appropriate content view.
You can use activation keys during content host registration to improve the speed, simplicity and consistency of the process. Note that activation keys are used only when hosts are registered. If changes are made to an activation key, it is applicable only to hosts that are registered with the amended activation key in the future. The changes are not made to existing hosts.
Activation keys can define the following properties for content hosts:
-
Available products and repositories
-
A lifecycle environment and a content view
-
Host collection membership
-
System purpose
When you provision a host, orcharhino uses provisioning templates and other content from the content view that you set in the host group or host settings. When the host is registered, the content view from the activation key overwrites the original content view from the host group or host settings. Then orcharhino uses the content view from the activation key for every future task, for example, rebuilding a host.
When you rebuild a host, ensure that you set the content view that you want to use in the activation key and not in the host group or host settings.
A host can be associated with multiple activation keys that are combined to define the host settings. In case of conflicting settings, the last specified activation key takes precedence. You can specify the order of precedence by setting a host group parameter as follows:
$ hammer hostgroup set-parameter \ --hostgroup "My_Host_Group" \ --name "My_Activation_Key" \ --value "name_of_first_key", "name_of_second_key", ...
9.1. Best practices for activation keys
-
Create an activation key for each use case. This structures, modularizes, and simplifies content management on hosts.
-
Use a naming convention for activation keys to indicate the content and lifecycle environment, for example,
enterprise-linux-webserver
. -
Automate activation key management by using a Hammer script or an Ansible Playbook.
9.2. Creating an activation key
Create an activation key to assign various attributes to hosts during registration.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Activation Keys and click Create Activation Key.
-
In the Name field, enter the name of the activation key.
-
If you want to set a limit, clear the Unlimited hosts checkbox, and in the Limit field, enter the maximum number of systems you can register with the activation key. If you want unlimited hosts to register with the activation key, ensure the Unlimited Hosts checkbox is selected.
-
Optional: In the Description field, enter a description for the activation key.
-
From the Environment list, select the environment to use.
-
From the Content View list, select a content view to use.
-
Click Save.
-
Optional: In the System Purpose section, you can configure the activation key to set system purpose attributes on hosts during registration. This helps determine which repositories are available on the host. It also helps with reporting in the Subscriptions service of the Red Hat Hybrid Cloud Console.
-
Create the activation key:
$ hammer activation-key create \ --name "My_Activation_Key" \ --unlimited-hosts \ --description "Example Stack in the Development Environment" \ --lifecycle-environment "Development" \ --content-view "Stack" \ --organization "My_Organization"
-
Optional: Enter the following command to configure the activation key with system purpose attributes to set on hosts during registration. This helps determine which repositories are available on the host. It also helps with reporting in the Subscriptions service of the Red Hat Hybrid Cloud Console.
$ hammer activation-key update \ --organization "My_Organization" \ --name "My_Activation_Key" \ --service-level "Standard" \ --purpose-usage "Development/Test" \ --purpose-role "Red Hat Enterprise Linux Server" \ --purpose-addons "addons"
-
List the product content associated with the activation key:
$ hammer activation-key product-content \ --content-access-mode-all true \ --name "My_Activation_Key" \ --organization "My_Organization"
-
Override the default auto-enable status for the orcharhino Client repository. The default status is set to disabled. To enable, enter the following command:
$ hammer activation-key content-override \ --name "My_Activation_Key" \ --content-label https://yum.theforeman.org/client/nightly/el7/x86_64/foreman-client-release.rpm \ --value 1 \ --organization "My_Organization"
9.3. Using activation keys for host registration
You can use activation keys to complete the following tasks:
-
Registering new hosts during provisioning through orcharhino. The Kickstart provisioning templates in orcharhino contain commands to register the host using an activation key that is defined when creating a host.
-
Registering existing Red Hat Enterprise Linux hosts.
You can register hosts with orcharhino using the host registration feature in the orcharhino management UI, Hammer CLI, or the orcharhino API. For more information, see Registering hosts and setting up host integration in Managing hosts.
-
In the orcharhino management UI, navigate to Hosts > Register Host.
-
From the Activation Keys list, select the activation keys to assign to your host.
-
Click Generate to create the registration command.
-
Click on the files icon to copy the command to your clipboard.
-
Connect to your host using SSH and run the registration command.
-
Ensure that the appropriate repositories have been enabled:
-
On Enterprise Linux: Check the
/etc/yum.repos.d/redhat.repo
file and ensure that the appropriate repositories have been enabled.
-
-
Generate the host registration command using the Hammer CLI:
$ hammer host-registration generate-command \ --activation-keys "My_Activation_Key"
If your hosts do not trust the SSL certificate of orcharhino Server, you can disable SSL validation by adding the
--insecure
flag to the registration command.$ hammer host-registration generate-command \ --activation-keys "My_Activation_Key" \ --insecure true
-
Connect to your host using SSH and run the registration command.
-
Ensure that the appropriate repositories have been enabled:
-
On Enterprise Linux: Check the
/etc/yum.repos.d/redhat.repo
file and ensure that the appropriate repositories have been enabled.
-
-
Generate the host registration command using the orcharhino API:
# curl -X POST https://orcharhino.example.com/api/registration_commands \ --user "My_User_Name" \ -H 'Content-Type: application/json' \ -d '{ "registration_command": { "activation_keys": ["My_Activation_Key_1, My_Activation_Key_2"] }}'
If your hosts do not trust the SSL certificate of orcharhino Server, you can disable SSL validation by adding the
--insecure
flag to the registration command.# curl -X POST https://orcharhino.example.com/api/registration_commands \ --user "My_User_Name" \ -H 'Content-Type: application/json' \ -d '{ "registration_command": { "activation_keys": ["My_Activation_Key_1, My_Activation_Key_2"], "insecure": true }}'
Use an activation key to simplify specifying the environments. For more information, see Managing Activation Keys in Managing content.
To enter a password as a command line argument, use
username:password
syntax. Keep in mind this can save the password in the shell history. Alternatively, you can use a temporary personal access token instead of a password. To generate a token in the orcharhino management UI, navigate to My Account > Personal Access Tokens. -
Connect to your host using SSH and run the registration command.
-
Ensure that the appropriate repositories have been enabled:
-
On Enterprise Linux: Check the
/etc/yum.repos.d/redhat.repo
file and ensure that the appropriate repositories have been enabled.
-
You can use multiple activation keys when registering a content host. For example, you can use one activation key to enable specific repositories and another to assign a content view and lifecycle environment.
If there are conflicting settings in activation keys, the rightmost key takes precedence.
-
Settings that conflict: Service Level, Release Version, Environment, Content View, and Product Content.
-
Settings that do not conflict and the host gets the union of them: Host Collections.
-
Settings that influence the behavior of the key itself and not the host configuration: Content Host Limit.
9.4. Setting the service level
You can configure an activation key to define a default service level for the new host created with the activation key.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Activation Keys.
-
Click the activation key name you want to edit.
-
Click the edit icon next to Service Level.
-
Select the required service level from the list. The list only contains service levels available to the activation key.
-
Click Save.
-
Set the service level to Premium on your activation key:
$ hammer activation-key update \ --name "My_Activation_Key" \ --organization "My_Organization" \ --service-level premium
9.5. Enabling and disabling repositories on activation key
You can enable or disable repositories on an activation key in the orcharhino management UI.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Activation Keys.
-
Select an activation key.
-
Select the Repository Sets tab.
-
Optional: Clear the Limit to Environment checkbox to view repositories that are available in the lifecycle environment of the activation key.
-
Optional: Use the Repository type dropdown menu to filter repositories by type.
-
Optional: Use the Status dropdown menu to filter repositories by status.
-
Select the desired repositories or click the Select All checkbox to select all repositories.
-
From the Select Action list, select Override to Enabled, Override to Disabled, or Reset to Default.
10. Managing SUSE content
You can use the SCC Manager plugin to manage content from SUSE on your orcharhino.
10.1. Preparing SUSE installation media
Use this procedure to extract the SUSE installation medium on your orcharhino Server to provision hosts in a disconnected environment. This example prepares the installation medium for SUSE Linux Enterprise Server 15 SP3.
-
Download the
SLES 15 SP3
installation medium from suse.com/download/sles. -
Download the signature and checksum from suse.com.
-
Transfer the
.iso
image, the signature, and the checksum from your local machine to orcharhino Server usingscp
:# scp SLE-15-SP3-Full-x86_64-GM-Media1.iso root@orcharhino.example.com:/tmp/ # scp SLE-15-SP3-Full-x86_64-GM-Media1.iso.sha256 root@orcharhino.example.com:/tmp/ # scp sles_15_sp3.signature root@orcharhino.example.com:/tmp/
-
On your orcharhino Server, verify the integrity and authenticity of the
.iso
image using GPG public keys:# cd /tmp # gpg --verify sles_15_sp3.signature SLE-15-SP3-Full-x86_64-GM-Media1.iso.sha256 # echo '2a6259fc849fef6ce6701b8505f64f89de0d2882857def1c9e4379d26e74fa56 SLE-15-SP3-Full-x86_64-GM-Media1.iso' | sha256sum --check
-
Mount the
.iso
image:# mount SLE-15-SP3-Full-x86_64-GM-Media1.iso /mnt
-
Copy the content of the mounted installation medium to the
pub
directory:# mkdir -p /var/www/html/pub/installation_media/sles/15sp3 # cp -a /mnt/* /var/www/html/pub/installation_media/sles/15sp3/
-
Unmount and delete the
.iso
image:# cd # umount /mnt # rm -f /tmp/SLE-15-SP3-Full-x86_64-GM-Media1.iso # rm -f /tmp/SLE-15-SP3-Full-x86_64-GM-Media1.iso.sha256 # rm -f /tmp/sles_15_sp3.signature
You can use the path to the local installation media files when creating an installation medium, for example http://orcharhino.example.com/pub/installation_media/sles/15sp3/
.
For more information, see Adding Installation Media to orcharhino in Provisioning hosts.
10.2. Creating a SUSE operating system
Use this procedure to create an installation medium and operating system entry for SLES 15 SP3. For more information, see:
-
Adding Installation Media to orcharhino in Provisioning hosts
-
Creating Operating Systems in Provisioning hosts
-
An extracted
.iso
image on orcharhino or an HTTP server that can be reached from hosts during their provisioning process. For more information, see Preparing SUSE installation media.
-
In the orcharhino management UI, navigate to Hosts > Provisioning Setup > Installation Media.
-
Click Create Medium.
-
Set a Name for the installation medium for SLES 15 SP3. Add
local
to the name because the path of the extracted.iso
image points to your orcharhino. -
Set the Path of the extracted
.iso
image. The content of/var/www/html/pub/
is publicly available onhttp://orcharhino.example.com/pub/
. If you extract the.iso
image to/var/www/html/pub/installation_media/sles/15sp3/
, the path ishttp://orcharhino.example.com/pub/installation_media/sles/15sp3/
. -
Set the Operating System Family to
SUSE
for all SLES systems. -
Set a location and organization context for the installation media.
-
On the Parameters tab, add the
sle-module-basesystem-url
parameter, select the string type, and enter the valuehttp://orcharhino.example.com/pub/installation_media/sles/15sp3/
. Note that the value depends on the path of the extracted.iso
image. -
On the Parameters tab, add the
or_client_repo_url
parameter, select the string type, and enter the valuehttp://_orcharhino.example.com_/pulp/content/_My_Organization_/Library/custom/Enterprise Linux_Client/Enterprise Linux_Client_8/
.If you want to provision hosts through orcharhino Proxies, you have to use the
or_client_repo_path
parameter containing the Published At path of your content on orcharhino Server. orcharhino Proxy will add the FQDN of your orcharhino Proxy to generate the URL based on the content source setting of your host.(SLES 12 only) Add the parameter
additional_media
, select the string type, and enter the value""
. -
Click Submit to save the installation media entry for SLES 15 SP3.
-
In the orcharhino management UI, navigate to Hosts > Provisioning Setup > Operating Systems.
-
Click Create Operating System.
-
Set the Name of the operating system. Choose a name as reported by Ansible, Puppet, or Salt as fact.
-
Set the Major Version of SLES, for example
15
. -
Set the Minor Version of SLES, for example
3
for SLES 15 SP3. -
Optional: Add an arbitrary Description.
-
Set the Family to
SUSE
for all SLES systems. -
Set the Root Password Hash to
SHA256
for SLES 15 SP3. -
Assign the Architectures to SLES 15 SP3.
-
Click Submit to save the operating system entry.
-
In the orcharhino management UI, navigate to Hosts > Templates > Partition Tables and click Create Partition Table. The partition tables are stored in the
/usr/share/foreman/app/views/unattended/partition_tables_templates/
directory on your orcharhino Server.For more information, see Partition Tables in Provisioning hosts.
-
In the orcharhino management UI, navigate to Hosts > Templates > Provisioning Templates and click Create Template. The provisioning templates are stored in the
/usr/share/foreman/app/views/unattended/provisioning_templates/
directory on your orcharhino Server.For more information, see Provisioning Templates in Provisioning hosts.
-
In the orcharhino management UI, navigate to Hosts > Provisioning Setup > Operating Systems.
-
Select the previously created operating system.
-
On the Partition Table tab, select the previously created partition table.
-
On the Templates tab, select the previously created provisioning template.
-
Click Submit to save the operating system entry.
10.3. Installing the SCC Manager plugin
Use this procedure to install the SCC Manager plugin on your orcharhino.
-
Install the SCC Manager plugin on your orcharhino Server:
# foreman-installer --enable-foreman-plugin-scc-manager
10.4. Adding an SCC account to orcharhino
Use the following procedure to add your SCC account to orcharhino. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
Warning
|
The SCC Manager plugin does not support multiple SCC accounts within one organization. Add an additional SCC account only if you want to switch to using another SCC account. If you need to use additional SCC accounts, add them to other organizations. |
-
You have installed the SCC Manager plugin on your orcharhino. For more information, see Installing the SCC Manager plugin.
-
Optional: In the orcharhino management UI, navigate to Content > Content Credentials and click Create Content Credential.
Add the GPG public key for SLES 15 SP3 from suse.com.
-
In the orcharhino management UI, navigate to Content > SUSE Subscriptions.
-
Click Add SCC Account.
-
In the Name field, enter a name for your SCC account in orcharhino.
-
In the Login and Password fields, enter your SUSE credentials.
-
In the Base URL field, you can enter the base URL for the Suse Customer Center. By default, it is set to
https://scc.suse.com
. -
Optional: Set a Sync interval to periodically update the SCC authentication tokens. Note that this does not refer to synchronizing content to orcharhino.
-
Optional: In the Use GPG key for SUSE products field, you can select the previously created content credential to automatically add a GPG public key to your SUSE products.
zypper
automatically verifies the signatures of each software package to ensure their authenticity.NoteYou can also set the GPG public key for repositories from SUSE at a later stage. However, changing it does not affect already synchronized products. If you already have synchronized products in orcharhino, navigate to Content > Products and replace the GPG key in each respective product.
-
Optional: From the Download Policy list, select a download policy for your SUSE products. For more information, see Download policies overview.
-
Optional: From the Mirroring Policy list, select a mirroring policy for your SUSE products. For more information, see Mirroring policies overview.
-
Click Test connection to verify your account information. Note that you have to re-enter your password if you have already saved your SCC account to orcharhino.
-
Click Submit to save your SCC account to orcharhino.
-
In the orcharhino management UI, navigate to Content > SUSE Subscriptions, select your SCC account, and click Sync to fetch a list of products associated to your SCC account.
-
Optional: Import the public GPG key from SUSE into orcharhino.
For more information, see Importing a GPG Key in Managing content.
-
Add your SCC account to orcharhino:
$ hammer scc_manager scc_accounts create \ --base-url "https://scc.suse.com/" \ --interval My_Interval \ --katello-gpg-key-id My_GPG_Key_ID \ --location-id My_Location_ID \ --login "My_SCC_Account_Name" \ --name "My_Account_Name" \ --organization-id My_Organization_ID \ --password "My_SCC_Account_Password" \ --sync-date _My_Sync_Date
-
Test your SCC account credentials:
$ hammer scc_manager scc_accounts test_connection \ --id My_SCC_Account_ID
Ensure the command returns
Testing connection for SCC account succeeded
. -
Synchronize the list of available SUSE products to orcharhino:
$ hammer scc_manager scc_accounts sync \ --id My_SCC_Account_ID
-
Check the status of the task:
$ hammer task info \ --id My_Task_ID
The synchronization is complete once the command returns
State: stopped
andResult: success
.
10.5. Switching SCC accounts
You can switch your SCC account by changing the SCC credentials saved on orcharhino.
Warning
|
The SCC Manager plugin does not support multiple SCC accounts within one organization, except for when switching SCC accounts. If you want to switch your SCC account and retain the synchronized content, do not immediately delete your old SCC account, even if it is expired. If you delete your old SCC account, you cannot reuse existing repositories, products, content views, and composite content views. |
-
You have added your SCC account to orcharhino. For more information, see Adding an SCC account to orcharhino.
-
In the orcharhino management UI, navigate to Content > SUSE Subscriptions.
-
Select your SCC account.
-
Enter a new Login and Password.
-
Click Submit to change your SCC account.
Your new SCC account reuses existing products and repositories from SUSE. Content that is no longer available for your new SCC account cannot be synchronized anymore.
10.6. Updating an SCC account
Use the following procedure to update your SCC account in orcharhino. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > SUSE Subscriptions.
-
Select your SCC account and update it as required.
For more information, see Adding an SCC account to orcharhino.
-
Click Submit to update your SCC account.
-
Update your SCC account in orcharhino:
$ hammer scc_manager scc_accounts update \ --id My_SCC_Account_ID \ --password "My_SCC_Account_Password" \ _My_Options
For a list of options, run
hammer scc_manager scc_accounts update --help
.
10.7. Importing SUSE products
Use this procedure to import products from SUSE into orcharhino. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
You have added your SCC account to orcharhino. For more information, see Adding an SCC account to orcharhino.
-
In the orcharhino management UI, navigate to Content > SUSE Subscriptions.
-
Click Select products on your previously synchronized SCC account.
-
Use the Select Product, Select Version, and Select Architecture lists to filter all available SUSE products.
Note that each filter depends on the previous selection.
-
Click Search to apply the filter.
-
Select all SUSE products you want to synchronize to orcharhino.
You can select individual repositories from the Filter repositories list. By default, debug and source repositories are excluded.
-
Click Add product(s) to create the selected SUSE products in orcharhino.
Note that the SCC Manager plugin can only add, but not remove products from orcharhino.
-
Optional: Click on the task ID to follow the creation of the selected products in orcharhino.
-
List all available SUSE products:
$ hammer scc_manager scc_accounts scc_products list \ --scc-account-id My_SCC_Account_ID
-
View information about a SUSE product:
$ hammer scc_manager scc_accounts scc_products info \ --id My_SUSE_Product_ID \ --scc-account-id My_SCC_Account_ID
-
Subscribe to a SUSE product:
$ hammer scc_manager scc_accounts scc_products subscribe \ --id My_SUSE_Product_ID \ --scc-account-id My_SCC_Account_ID
-
Optional: Subscribe to multiple SUSE products:
$ hammer scc_manager scc_accounts bulk_subscribe \ --id My_SUSE_Account_ID \ --scc-subscribe-product-ids My_SUSE_Product_ID_1,My_SUSE_Product_ID_2,My_SUSE_Product_ID_3
10.8. Synchronizing SUSE content
Use this procedure to synchronize SUSE content to your orcharhino to deploy, register, and serve content to hosts.
-
You have imported SUSE products into orcharhino. For more information, see Importing SUSE products.
-
In the orcharhino management UI, navigate to Content > Products.
-
Select the
SUSE Linux Enterprise Server 15 SP3 x86_64
product and click Sync Now to synchronize the SUSE repositories for SLES 15 SP3 to orcharhino. -
In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.
-
Create a content view called
SLES 15 SP3
comprising the SLES repositories created in theSLES 15 SP3
product and a content view calledSLES 15 SP3 orcharhino client
comprising the orcharhino client repository created in theSLES 15 SP3 orcharhino client
product.For more information, see Creating a content view.
-
Publish a new version of both content views.
For more information, see Promoting a content view.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.
-
Click Create Content View to create a composite content view called
Composite SLES 15 SP3
comprising the previously publishedSLES 15 SP3
content view, theSLES 15 SP3 orcharhino client
content view, and optionally further content views of your choice, for example a content view containing Puppet. For more information, see the ATIX Service Portal for the necessary upstream URL. For more information, see Creating a composite content view. -
Publish a new version and promote this version to the lifecycle environment of your choice.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Activation Keys.
-
Click Create Activation Key to create an Activation Key called
sles-15-sp3
.For more information, see Creating an activation key.
-
On the Details tab, select a lifecycle environment and composite content view.
-
On the Subscriptions tab, select the necessary subscriptions, for example
SLES 15 SP3
,SLES 15 SP3 orcharhino client
, andPuppet
.
10.9. Removing an SCC account from orcharhino
Use the following procedure to remove your SCC account from orcharhino. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
Warning
|
If you want to switch SCC accounts and retain your synchronized content, do not delete your old SCC account, even if it is expired. Instead, change the login and password of your SCC account. If you delete your old SCC account, you cannot reuse existing repositories, products, content views, and composite content views. For more information, see Switching SCC accounts. |
-
In the orcharhino management UI, navigate to Content > SUSE Subscriptions.
-
For your SCC account, click Delete in the Actions menu.
-
Click Confirm to remove your SCC account from orcharhino.
-
Remove your SCC account from orcharhino:
$ hammer scc_manager scc_accounts delete \ --id My_SCC_Account_ID
11. Managing errata
Red Hat Enterprise Linux users receive errata for each release of official Red Hat RPMs. SUSE Linux Enterprise Server users receive errata for each release of official SUSE RPMs. Additionally, ATIX provides errata for hosts running Debian, CentOS 7, or Ubuntu. There are three types of advisories (in order of importance):
- Security Advisory
-
Describes fixed security issues found in the package. The security impact of the issue can be Low, Moderate, Important, or Critical.
- Bug Fix Advisory
-
Describes bug fixes for the package.
- Product Enhancement Advisory
-
Describes enhancements and new features added to the package.
For Red Hat Enterprise Linux, orcharhino imports errata information when synchronizing repositories with Red Hat’s Content Delivery Network (CDN). For SUSE Linux Enterprise Server, orcharhino imports errata information when synchronizing repositories with SUSE Customer Center. For AlmaLinux and Rocky Linux, orcharhino imports errata information when synchronizing repositories with upstream repositories. orcharhino also provides tools to inspect and filter errata, allowing for precise update management. This way, you can select relevant updates and propagate them through content views to selected content hosts.
Errata are labeled according to the most important advisory type they contain. Therefore, errata labeled as Product Enhancement Advisory can contain only enhancement updates, while Bug Fix Advisory errata can contain both bug fixes and enhancements, and Security Advisory can contain all three types.
In orcharhino, there are two keywords that describe an erratum’s relationship to the available content hosts:
- Applicable
-
An erratum that applies to one or more content hosts, which means it updates packages present on the content host. Although these errata apply to content hosts, until their state changes to Installable, the errata are not ready to be installed. Installable errata are automatically applicable.
- Installable
-
An erratum that applies to one or more content hosts and is available to install on the content host. Installable errata are available to a content host from lifecycle environment and the associated content view, but are not yet installed.
This chapter shows how to manage errata and apply them to either a single host or multiple hosts.
Tip
|
The ATIX AG Debian and Ubuntu Errata service provides errata for Debian and Ubuntu.
When creating a repository of type An erratum contains the information which packages have to be updated to fix a security issue. Debian and Ubuntu errata are derived from the Debian security announcements (DSA) and the Ubuntu security notices (USN). You must add Debian and Ubuntu errata to the security repository.
For Debian, you need the |
Note
|
Email notifications can help you keeping track of available errata for specific hosts. You can enable email notifications on the Email Preferences tab when editing a user. For more information, see Managing Users in Administering orcharhino. |
11.1. Best practices for errata
-
Use errata to add patches for security issues to a frozen set of content without unnecessarily updating other unaffected packages.
-
Automate errata management by using a Hammer script or an Ansible Playbook.
-
View errata on the content hosts page and compare the errata of the current content view and lifecycle environment to the Library lifecycle environment, which contains the latest synchronized packages.
You can only apply errata included in the content view version of the lifecycle of your host. You can view applicable errata as a recommendation to create an incremental content view to provide errata to hosts. For more information, see Adding errata to an incremental content view.
11.2. Inspecting available errata
The following procedure describes how to view and filter the available errata and how to display metadata of the selected advisory. To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Content Types > Errata to view the list of available errata.
-
Use the filtering tools at the top of the page to limit the number of displayed errata:
-
Select the repository to be inspected from the list. All Repositories is selected by default.
-
The Applicable checkbox is selected by default to view only applicable errata in the selected repository. Select the Installable checkbox to view only errata marked as installable.
-
To search the table of errata, type the query in the Search field in the form of:
parameter operator value
See Parameters available for errata search for the list of parameters available for search. Find the list of applicable operators in Supported Operators for Granular Search in Administering orcharhino. Automatic suggestion works as you type. You can also combine queries with the use of and and or operators. For example, to display only security advisories related to the kernel package, type:
type = security and package_name = kernel
Press Enter to start the search.
-
-
Click the Errata ID of the erratum you want to inspect:
-
The Details tab contains the description of the updated package as well as documentation of important fixes and enhancements provided by the update.
-
On the Content Hosts tab, you can apply the erratum to selected content hosts as described in Applying errata to multiple hosts.
-
The Repositories tab lists repositories that already contain the erratum. You can filter repositories by the environment and content view, and search for them by the repository name.
-
You can also use the new Host page to view to inspect available errata and select errata to install.
-
In the orcharhino management UI, navigate to Hosts > All Hosts and select the host you require.
-
If there are errata associated with the host, an Installable Errata card on the new Host page displays an interactive pie chart showing a breakdown of the security advisories, bugfixes, and enhancements.
-
On the new Host page, select the Content tab.
-
On the Content page select the Errata tab.
-
The page displays installable errata for the chosen host.
-
Click the checkbox for any errata you wish to install.
-
Select Apply via Remote Execution to use Remote Execution, or Apply via customized remote execution if you want to customize the remote execution.
-
Click Submit.
-
To view errata that are available for all organizations, enter the following command:
$ hammer erratum list
-
To view details of a specific erratum, enter the following command:
$ hammer erratum info --id erratum_ID
-
You can search errata by entering the query with the
--search
option. For example, to view applicable errata for the selected product that contains the specified bugs ordered so that the security errata are displayed on top, enter the following command:$ hammer erratum list \ --product-id 7 \ --search "bug = 1213000 or bug = 1207972" \ --errata-restrict-applicable 1 \ --order "type desc"
11.3. Parameters available for errata search
Parameter | Description | Example |
---|---|---|
bug |
Search by the Bugzilla number. |
bug = 1172165 |
cve |
Search by the CVE number. |
cve = CVE-2015-0235 |
id |
Search by the errata ID. The auto-suggest system displays a list of available IDs as you type. |
id = RHBA-2014:2004 |
issued |
Search by the issue date. You can specify the exact date, like "Feb16,2015", or use keywords, for example "Yesterday", or "1 hour ago". The time range can be specified with the use of the "<" and ">" operators. |
issued < "Jan 12,2015" |
package |
Search by the full package build name. The auto-suggest system displays a list of available packages as you type. |
package = glib2-2.22.5-6.el6.i686 |
package_name |
Search by the package name. The auto-suggest system displays a list of available packages as you type. |
package_name = glib2 |
severity |
Search by the severity of the issue fixed by the security update. Specify Critical, Important, or Moderate. |
severity = Critical |
title |
Search by the advisory title. |
title ~ openssl |
type |
Search by the advisory type. Specify security, bugfix, or enhancement. |
type = bugfix |
updated |
Search by the date of the last update.
You can use the same formats as with the |
updated = "6 days ago" |
11.4. Applying installable errata
Use the following procedure to view a list of installable errata and select errata to install.
-
In the orcharhino management UI, navigate to Hosts > All Hosts and select the host you require.
-
If there are errata associated with the host, they are displayed in an Installable Errata card on the new Host page.
-
On the Content tab, Errata displays installable errata for the chosen host.
-
Click the checkbox for any errata you wish to install.
-
Using the vertical ellipsis icon next to the errata you want to add to the host, select Apply via Remote Execution to use Remote Execution. Select Apply via customized remote execution if you want to customize the remote execution.
-
Click Submit.
11.5. Running custom code while applying errata
You can use custom snippets to run code before and/or after applying errata on hosts.
-
Check your provisioning template to ensure that it supports the custom snippets you want to use.
You can view all job templates that are in use under Administer > Remote Execution Features.
-
In the orcharhino management UI, navigate to Hosts > Templates > Job Templates.
-
Click Create Template.
-
In the Name field, enter a name for your custom snippet. The name must start with the name of a template that supports custom snippets:
-
Append
custom pre
to the name of a template to run code before applying errata on hosts. -
Append
custom post
to the name of a template to run code after applying errata on hosts.
If your template is called
Install Errata - Katello Ansible Default
, name your templateInstall Errata - Katello Ansible Default custom pre
orInstall Errata - Katello Ansible Default custom post
. -
-
On the Type tab, select Snippet.
-
Click Submit to create your custom snippet.
-
Create a plain text file that contains your custom snippet.
-
Create the template using
hammer
:$ hammer template create \ --file "~/My_Snippet" \ --locations "My_Location" \ --name "My_Template_Name_custom_pre" \ --organizations "_My_Organization" \ --type snippet
11.6. Subscribing to errata notifications
You can configure email notifications for orcharhino users. Users receive a summary of applicable and installable errata, notifications on content view promotion or after synchronizing a repository. For more information, see Configuring Email Notification Preferences in Administering orcharhino.
11.7. Limitations to repository dependency resolution
With orcharhino, using incremental updates to your content views solves some repository dependency problems. However, dependency resolution at a repository level still remains problematic on occasion.
When a repository update becomes available with a new dependency, orcharhino retrieves the newest version of the package to solve the dependency, even if there are older versions available in the existing repository package. This can create further dependency resolution problems when installing packages.
A repository on your client has the package example_repository-1.0
with the dependency example_repository-libs-1.0
.
The repository also has another package example_tools-1.0
.
A security erratum becomes available with the package example_tools-1.1
.
The example_tools-1.1
package requires the example_repository-libs-1.1
package as a dependency.
After an incremental content view update, the example_tools-1.1
, example_tools-1.0
, and example_repository-libs-1.1
are now in the repository.
The repository also has the packages example_repository-1.0
and example_repository-libs-1.0
.
Note that the incremental update to the content view did not add the package example_repository-1.1
.
Because you can install all these packages by using dnf
, no potential problem is detected.
However, when the client installs the example_tools-1.1
package, a dependency resolution problem occurs because both example_repository-libs-1.0
and example_repository-libs-1.1
cannot be installed.
There is currently no workaround for this problem. The larger the time frame, and minor Y releases between the base set of packages and the errata being applied, the higher the chance of a problem with dependency resolution.
11.8. Creating a content view filter for errata
You can use content filters to limit errata. Such filters include:
-
ID – Select specific erratum to allow into your resulting repositories.
-
Date Range – Define a date range and include a set of errata released during that date range.
-
Type – Select the type of errata to include such as bug fixes, enhancements, and security updates.
Create a content filter to exclude errata after a certain date. This ensures your production systems in the application lifecycle are kept up to date to a certain point. Then you can modify the filter’s start date to introduce new errata into your testing environment to test the compatibility of new packages into your application lifecycle.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
A content view with the repositories that contain required errata is created. For more information, see Creating a content view.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.
-
Select a content view that you want to use for applying errata.
-
Select Yum Content > Filters and click New Filter.
-
In the Name field, enter
Errata Filter
. -
From the Content Type list, select Erratum – Date and Type.
-
From the Inclusion Type list, select Exclude.
-
In the Description field, enter
Exclude errata items from YYYY-MM-DD
. -
Click Save.
-
For Errata Type, select the checkboxes of errata types you want to exclude. For example, select the Enhancement and Bugfix checkboxes and clear the Security checkbox to exclude enhancement and bugfix errata after certain date, but include all the security errata.
-
For Date Type, select one of two checkboxes:
-
Issued On for the issued date of the erratum.
-
Updated On for the date of the last update of the erratum.
-
-
Select the Start Date to exclude all errata on or after the selected date.
-
Leave the End Date field blank.
-
Click Save.
-
Click Publish New Version to publish the resulting repository.
-
Enter
Adding errata filter
in the Description field. -
Click Save.
When the content view completes publication, notice the Content column reports a reduced number of packages and errata from the initial repository. This means the filter successfully excluded the all non-security errata from the last year.
-
Click the Versions tab.
-
Click Promote to the right of the published version.
-
Select the environments you want to promote the content view version to.
-
In the Description field, enter the description for promoting.
-
Click Promote Version to promote this content view version across the required environments.
-
Create a filter for the errata:
$ hammer content-view filter create \ --content-view "My_Content_View" \ --description "Exclude errata items from the YYYY-MM-DD" \ --name "My_Filter_Name" \ --organization "My_Organization" \ --type "erratum"
-
Create a filter rule to exclude all errata on or after the Start Date that you want to set:
$ hammer content-view filter rule create \ --content-view "My_Content_View" \ --content-view-filter="My_Content_View_Filter" \ --organization "My_Organization" \ --start-date "YYYY-MM-DD" \ --types=security,enhancement,bugfix
-
Publish the content view:
$ hammer content-view publish \ --name "My_Content_View" \ --organization "My_Organization"
-
Promote the content view to the lifecycle environment so that the included errata are available to that lifecycle environment:
$ hammer content-view version promote \ --content-view "My_Content_View" \ --organization "My_Organization" \ --to-lifecycle-environment "My_Lifecycle_Environment"
11.9. Adding errata to an incremental content view
If errata are available but not installable, you can create an incremental content view version to add the errata to your content hosts. For example, if the content view is version 1.0, it becomes content view version 1.1, and when you publish, it becomes content view version 2.0.
Important
|
If your content view version is old, you might encounter incompatibilities when incrementally adding enhancement errata. This is because enhancements are typically designed for the most current software in a repository. |
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Content Types > Errata.
-
From the Errata list, click the name of the errata that you want to apply.
-
Select the content hosts that you want to apply the errata to, and click Apply to Hosts. This creates the incremental update to the content view.
-
If you want to apply the errata to the content host, select the Apply Errata to Content Hosts immediately after publishing checkbox.
-
Click Confirm to apply the errata.
-
List the errata and its corresponding IDs:
$ hammer erratum list
-
List the different content-view versions and the corresponding IDs:
$ hammer content-view version list
-
Apply a single erratum to content-view version. You can add more IDs in a comma-separated list.
$ hammer content-view version incremental-update \ --content-view-version-id 319 --errata-ids 34068b
11.10. Creating an incremental content view version by adding Deb packages
You can use Hammer CLI to add packages to a content view version. If you want to add errata to a content view version, see Adding errata to an incremental content view.
-
Search for your lifecycle environment IDs:
$ hammer lifecycle-environment list
-
Search for your Deb package IDs:
$ hammer deb-package list --search "My_Search_Pattern"
-
List all available content views:
$ hammer content-view list
-
View information of the content view that you want to add packages to:
$ hammer content-view info --id My_Content_View_ID
-
Create an incremental content view version by adding Deb packages:
$ hammer content-view version incremental-update \ --content-view-version-id My_Content_View_Version_ID \ --debs My_Deb_Package_Name \ --lifecycle-environment-ids My_Lifecycle_Environment_ID
You can add multiple Deb package names in a comma-separated list.
11.11. Applying errata to hosts
Use these procedures to review and apply errata to hosts.
-
Register the host to an environment and content view on orcharhino Server. For more information, see Registering Hosts in Managing hosts.
-
Configure the host for remote execution. For more information about running remote execution jobs, see Configuring and Setting Up Remote Jobs in Managing hosts.
The procedure to apply an erratum to a host depends on its operating system.
11.11.1. Applying errata to hosts running AlmaLinux 9
Use this procedure to review and apply errata to a host running AlmaLinux 9.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Find the module stream an erratum belongs to:
$ hammer erratum info --id ERRATUM_ID
-
On the host, update the module stream:
# dnf upgrade Module_Stream_Name
11.11.2. Applying errata to hosts running AlmaLinux 8
Use this procedure to review and apply errata to a host running AlmaLinux 8.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Find the module stream an erratum belongs to:
$ hammer erratum info --id ERRATUM_ID
-
On the host, update the module stream:
# dnf upgrade Module_Stream_Name
11.11.3. Applying errata to hosts running CentOS 7
Use this procedure to review and apply errata to a host running CentOS 7.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Apply the most recent erratum to the host. Identify the erratum to apply using the erratum ID:
$ hammer job-invocation create \ --feature katello_errata_install \ --inputs errata=ERRATUM_ID1,ERRATUM_ID2 \ --search-query "name = client.example.com"
11.11.4. Applying errata to hosts running Debian 11
Use this procedure to review and apply errata to a host running Debian 11.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Apply the most recent erratum to the host. Identify the erratum to apply using the erratum ID:
$ hammer job-invocation create \ --feature katello_errata_install \ --inputs errata=ERRATUM_ID1,ERRATUM_ID2 \ --search-query "name = client.example.com"
11.11.5. Applying errata to hosts running Debian 10
Use this procedure to review and apply errata to a host running Debian 10.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Apply the most recent erratum to the host. Identify the erratum to apply using the erratum ID:
$ hammer job-invocation create \ --feature katello_errata_install \ --inputs errata=ERRATUM_ID1,ERRATUM_ID2 \ --search-query "name = client.example.com"
11.11.6. Applying errata to hosts running Oracle Linux 9
Use this procedure to review and apply errata to a host running Oracle Linux 9.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Find the module stream an erratum belongs to:
$ hammer erratum info --id ERRATUM_ID
-
On the host, update the module stream:
# dnf upgrade Module_Stream_Name
11.11.7. Applying errata to hosts running Oracle Linux 8
Use this procedure to review and apply errata to a host running Oracle Linux 8.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Find the module stream an erratum belongs to:
$ hammer erratum info --id ERRATUM_ID
-
On the host, update the module stream:
# dnf upgrade Module_Stream_Name
11.11.8. Applying errata to hosts running Red Hat Enterprise Linux 9
Use this procedure to review and apply errata to a host running Red Hat Enterprise Linux 9.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Find the module stream an erratum belongs to:
$ hammer erratum info --id ERRATUM_ID
-
On the host, update the module stream:
# dnf upgrade Module_Stream_Name
11.11.9. Applying errata to hosts running Red Hat Enterprise Linux 8
Use this procedure to review and apply errata to a host running Red Hat Enterprise Linux 8.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Find the module stream an erratum belongs to:
$ hammer erratum info --id ERRATUM_ID
-
On the host, update the module stream:
# dnf upgrade Module_Stream_Name
11.11.10. Applying errata to hosts running Red Hat Enterprise Linux 7
Use this procedure to review and apply errata to a host running Red Hat Enterprise Linux 7.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Apply the most recent erratum to the host. Identify the erratum to apply using the erratum ID.
Using
Remote Execution
$ hammer job-invocation create \ --feature katello_errata_install \ --inputs errata=ERRATUM_ID1,ERRATUM_ID2 \ --search-query "name = client.example.com"
11.11.11. Applying errata to hosts running Rocky Linux 9
Use this procedure to review and apply errata to a host running Rocky Linux 9.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Find the module stream an erratum belongs to:
$ hammer erratum info --id ERRATUM_ID
-
On the host, update the module stream:
# dnf upgrade Module_Stream_Name
11.11.12. Applying errata to hosts running Rocky Linux 8
Use this procedure to review and apply errata to a host running Rocky Linux 8.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Find the module stream an erratum belongs to:
$ hammer erratum info --id ERRATUM_ID
-
On the host, update the module stream:
# dnf upgrade Module_Stream_Name
11.11.13. Applying errata to hosts running SUSE Linux Enterprise Server 15
Use this procedure to review and apply errata to a host running SUSE Linux Enterprise Server 15.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Apply the most recent erratum to the host. Identify the erratum to apply using the erratum ID:
$ hammer job-invocation create \ --feature katello_errata_install \ --inputs errata=ERRATUM_ID1,ERRATUM_ID2 \ --search-query "name = client.example.com"
11.11.14. Applying errata to hosts running Ubuntu 22.04
Use this procedure to review and apply errata to a host running Ubuntu 22.04.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Apply the most recent erratum to the host. Identify the erratum to apply using the erratum ID:
$ hammer job-invocation create \ --feature katello_errata_install \ --inputs errata=ERRATUM_ID1,ERRATUM_ID2 \ --search-query "name = client.example.com"
11.11.15. Applying errata to hosts running Ubuntu 20.04
Use this procedure to review and apply errata to a host running Ubuntu 20.04.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Hosts > Content Hosts and select the host you want to apply errata to.
-
Navigate to the Errata tab to see the list of errata.
-
Select the errata to apply and click Apply Selected. In the confirmation window, click Apply.
-
After the task to update all packages associated with the selected errata completes, click the Details tab to view the updated packages.
-
List all errata for the host:
$ hammer host errata list \ --host client.example.com
-
Apply the most recent erratum to the host. Identify the erratum to apply using the erratum ID:
$ hammer job-invocation create \ --feature katello_errata_install \ --inputs errata=ERRATUM_ID1,ERRATUM_ID2 \ --search-query "name = client.example.com"
11.12. Applying errata to multiple hosts
Use these procedures to review and apply errata to multiple RHEL hosts.
-
Synchronize orcharhino repositories with the latest errata available from Red Hat. For more information, see Synchronizing repositories.
-
Register the hosts to an environment and content view on orcharhino Server. For more information, see Registering Hosts in Managing hosts.
-
Configure the host for remote execution. For more information about running remote execution jobs, see Configuring and Setting Up Remote Jobs in Managing hosts.
-
In the orcharhino management UI, navigate to Content > Content Types > Errata.
-
Click the name of an erratum you want to apply.
-
Click to Content Hosts tab.
-
Select the hosts you want to apply errata to and click Apply to Hosts.
-
Click Confirm.
-
List all installable errata:
$ hammer erratum list \ --errata-restrict-installable true \ --organization "Default Organization"
-
Apply one of the errata to multiple hosts:
Using
Remote Execution
$ hammer job-invocation create \ --feature katello_errata_install \ --inputs errata=ERRATUM_ID \ --search-query "applicable_errata = ERRATUM_ID"
The following Bash script applies an erratum to each host for which this erratum is available:
for HOST in
hammer --csv --csv-separator "|" host list --search "applicable_errata = ERRATUM_ID" --organization "Default Organization" | tail -n+2 | awk -F "|" '{ print $2 }'
; do echo "== Applying to $HOST ==" ; hammer host errata apply --host $HOST --errata-ids ERRATUM_ID1,ERRATUM_ID2 ; doneThis command identifies all hosts with erratum_IDs as an applicable erratum and then applies the erratum to each host.
-
To see if an erratum is applied successfully, find the corresponding task in the output of the following command:
$ hammer task list
-
View the state of a selected task:
$ hammer task progress --id task_ID
11.13. Applying errata to a host collection
You can use orcharhino to apply errata to a host collection.
$ hammer job-invocation create \ --feature katello_errata_install \ --inputs errata=ERRATUM_ID1,ERRATUM_ID2,... \ --search-query "host_collection = HOST_COLLECTION_NAME"
$ curl \ --header "Accept:application/json" \ --header "Content-Type:application/json" \ --request PUT \ --user My_User_Name:My_Password \ --data "{\"organization_id\":1,\"included\":{\"search\":\"host_collection=\\\"my-collection\\\"\"},\"content_type\":\"errata\",\"content\":[\"RHBA-2016:1981\"]}" \ https://orcharhino.example.com/api/v2/hosts/bulk/install_content
12. Managing OSTree content
You can use OSTree to manage bootable, immutable, versioned file system trees.
OSTree makes it easy to install and update Linux-based operating systems on hosts and to switch between versions of operating systems on hosts. If a host update fails, you can easily revert the operating system on the host to the previous working version.
You can create an OSTree image by using an image builder and expose it in an OSTree repository on an HTTP server. Then you can use your orcharhino to synchronize and manage OSTree branches from the exposed OSTree repository.
-
OSTree content is supported only when running orcharhino on Enterprise Linux 8 or Enterprise Linux 9.
-
In orcharhino Server, OSTree management tools are not enabled by default. To enable OSTree, enter the following command:
# foreman-installer --foreman-proxy-content-enable-ostree=true
-
If you want to use Hammer CLI, you must enable the
hammer-cli-katello
plugin on orcharhino Server.
12.1. Importing OSTree content
You can import and synchronize OSTree content from custom online sources over HTTPS.
-
A published HTTP location, known as an upstream URL, for the OSTree to import.
-
In the orcharhino management UI, navigate to Content > Products and click Create Product.
-
In the Name field, enter a name for your OSTree content. This automatically populates the Label field.
-
Optional: From the GPG Key list, select the GPG key for the product.
-
Optional: From the SSL CA Cert list, select the SSL CA certificate for the product.
-
Optional: From the SSL Client Cert list, select the SSL client certificate for the product.
-
Optional: From the SSL Client Key list, select the SSL client key for the product.
-
Optional: From the Sync Plan list, select an existing sync plan or click Create Sync Plan and create a sync plan for your product requirements.
-
Optional: In the Description field, enter a description of the product.
-
Click Save.
-
When the product creation completes, click New Repository.
-
In the Name field, enter a name for the repository. This automatically populates the Label field.
-
From the Type list, select
ostree
. -
In the Upstream URL field, enter the URL of the external repository to use as a source. For example
http://www.example.com/rpm-ostree/
. -
Optional: Select the Verify SSL checkbox if you want to verify that the upstream repository’s SSL certificates are signed by a trusted CA.
-
In the Upstream Username field, enter the user name for the upstream repository if required for authentication. Clear this field if the repository does not require authentication.
-
In the Upstream Password field, enter the corresponding password for the upstream repository.
-
In the Upstream Authentication Token field, enter the corresponding token for the upstream repository.
-
Optional: In the Exclude Refs field, enter a list of OSTree head refs separated with commas to exclude from importing to orcharhino. The excludes are evaluated after the includes.
-
Optional: In the Include Refs field, enter a list of OSTree head refs separated with commas to include in importing to orcharhino. For example
fedora/x86_64/coreos/stable
. -
Optional: In the Depth field, enter the number of commits to traverse.
-
From the Mirroring Policy menu, select one of the following policies to mirror OSTree content for this repository:
-
Additive – new content available during sync will be added to the repository, and no content will be removed.
-
Mirror Content Only – any new content available during sync will be added to the repository and any content removed from the upstream repository will be removed from the local repository.
-
-
Optional: In the HTTP Proxy Policy field, select an HTTP proxy.
-
Optional: Disable the Unprotected checkbox to require a subscription entitlement certificate for accessing the published repository.
-
Optional: In the SSL CA Cert field, select the SSL CA Certificate for the repository.
-
Optional: In the SSL Client cert field, select the SSL Client Certificate for the repository.
-
Optional: In the SSL Client Key field, select the SSL Client Key for the repository.
-
Click Save.
-
When the repository creation completes, select the new repository and click Sync Now to start the synchronization process.
-
To view the synchronization status, navigate to Content > Sync Status and expand the entry that you want to view.
-
Create a product for your OSTree content:
$ hammer product create \ --name "OSTree" \ --sync-plan "Example_Plan" \ --description "OSTree Content" \ --organization "My_Organization"
-
Create the repository for the OSTree:
$ hammer repository create \ --name "OSTree" \ --content-type "ostree" \ --url "http://www.example.com/rpm-ostree/" \ --product "OSTree Content" \ --organization "My_Organization"
-
Synchronize the repository:
$ hammer repository synchronize \ --name "OSTree" \ --product "OSTree Content" \ --organization "My_Organization"
12.2. Uploading OSTree content with Hammer CLI
In deployments in which the orcharhino Server does not have internet access, you can upload OSTree image archives using Hammer CLI.
You can create images using the Image Builder or OSBuild tool.
You can also create an OSTree image archive by downloading a repository from an upstream URL, such as:
# wget --no-parent -r https://repos.example.com/ostree/repo_name/ # tar --exclude="index.html" -cvf "example_archive_repo.tar" -C repos.example.com/ostree "repo_name"
-
You have an OSTree image archive ready and present on your file system.
-
Connect to your orcharhino Server using SSH.
-
Upload your OSTree archive with the
hammer
command:$ hammer repository upload-content --id repository_id \ --content-type ostree_ref \ --path /path/to/image/file.tar \ --ostree-repository-name example_repo_name
The value of
--ostree-repository-name
must match the name of the OSTree repository in the archive.
12.3. Managing OSTree content with content views
Use content views to manage OSTree branches across the application lifecycle. This process uses the same publication and promotion method as RPMs or Puppet modules.
-
You have created a product and added an OSTree repository to it.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Content Views.
-
Click Create content view.
-
In the Name field, enter a plain text name for the view. This automatically populates the Label field.
-
In the Description field, enter a description of the OSTree content view.
-
If you want to use a composite content view, select the Composite View checkbox.
-
Optional: If you want to solve dependencies automatically every time you publish this content view, select the Solve Dependencies checkbox. Dependency solving slows the publishing time and might ignore any content view filters you use.
-
Click Save to complete.
-
Navigate to the Repositories tab.
-
Select the OSTree repository that you want to use. Click Add Repository to add the OSTree content from this repository to the content view.
-
Click Publish new version.
-
Optional: In the Description field, enter a description for the version.
-
Optional: Enable the Promote switch to promote this content view across environments in the application lifecycle.
-
Click Next.
-
Review details and click Finish.
-
Obtain a list of repository IDs:
$ hammer repository list --organization "My_Organization"
-
Create the content view and add the repository:
$ hammer content-view create \ --name "OSTree" \ --description "Example content view for the OSTree" \ --repository-ids My_Repository_IDs \ --organization "My_Organization"
-
Publish the content view:
$ hammer content-view publish \ --name "OSTree" \ --description "Example content view for the OSTree" \ --organization "My_Organization"
12.4. Installing OSTree content from orcharhino Server on hosts
OSTree content from orcharhino on hosts is managed by Subscription Manager and can be accessed by using rpm-ostree
.
-
You have synchronized or uploaded an OSTree head to orcharhino. For more information, see Importing OSTree content and Uploading OSTree content with Hammer CLI.
-
On your hosts, view the available heads:
$ rpm-ostree remote list
-
Rebase to a new remote from orcharhino:
$ rpm-ostree rebase --remote=My_Organization_OSTree_Content_OSTree
13. Managing container images
With orcharhino, you can import container images from various sources and distribute them to external containers by using content views.
13.1. Importing container images
You can import container image repositories from any container image registry.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Products and click Repo Discovery.
-
From the Repository Type list, select Container Images.
-
In the Registry to Discover field, enter the URL of the registry to import images from.
-
In the Registry Username field, enter the name that corresponds with your user name for the container image registry.
-
In the Registry Password field, enter the password that corresponds with the user name that you enter.
-
In the Registry Search Parameter field, enter any search criteria that you want to use to filter your search, and then click Discover.
-
Optional: To further refine the Discovered Repository list, in the Filter field, enter any additional search criteria that you want to use.
-
From the Discovered Repository list, select any repositories that you want to import, and then click Create Selected.
-
Optional: To change the download policy for this container repository to on demand, see Changing the download policy for a repository.
-
Optional: If you want to create a product, from the Product list, select New Product.
-
In the Name field, enter a product name.
-
Optional: In the Repository Name and Repository Label columns, you can edit the repository names and labels.
-
Click Run Repository Creation.
-
When repository creation is complete, you can click each new repository to view more information.
-
Optional: To filter the content you import to a repository, click a repository, and then navigate to Limit Sync Tags. Click to edit, and add any tags that you want to limit the content that synchronizes to orcharhino.
-
In the orcharhino management UI, navigate to Content > Products and select the name of your product.
-
Select the new repositories and then click Sync Now to start the synchronization process.
-
In the orcharhino management UI, navigate to Content > Products. Click the name of the required product.
-
Click New repository.
-
From the Type list, select docker. Enter the details for the repository, and click Save.
-
Select the new repository, and click Sync Now.
-
To view the progress of the synchronization, navigate to Content > Sync Status and expand the repository tree.
-
When the synchronization completes, you can click Container Image Manifests to list the available manifests. From the list, you can also remove any manifests that you do not require.
-
Create the custom
Red Hat Container Catalog
product:$ hammer product create \ --description "My_Description" \ --name "Red Hat Container Catalog" \ --organization "My_Organization" \ --sync-plan "My_Sync_Plan"
-
Create the repository for the container images:
$ hammer repository create \ --content-type "docker" \ --docker-upstream-name "rhel7" \ --name "RHEL7" \ --organization "My_Organization" \ --product "Red Hat Container Catalog" \ --url "http://registry.access.redhat.com/"
-
Synchronize the repository:
$ hammer repository synchronize \ --name "RHEL7" \ --organization "My_Organization" \ --product "Red Hat Container Catalog"
-
For more information about creating a product and repository manually, see Importing content.
13.2. Managing container name patterns
When you use orcharhino to create and manage your containers, as the container moves through content view versions and different stages of the orcharhino lifecycle environment, the container name changes at each stage.
For example, if you synchronize a container image with the name ssh
from an upstream repository, when you add it to a orcharhino product and organization and then publish as part of a content view, the container image can have the following name: my_organization_production-custom_spin-my_product-custom_ssh
.
This can create problems when you want to pull a container image because container registries can contain only one instance of a container name.
To avoid problems with orcharhino naming conventions, you can set a registry name pattern to override the default name to ensure that your container name is clear for future use.
If you use a registry name pattern to manage container naming conventions, because registry naming patterns must generate globally unique names, you might experience naming conflict problems. For example:
-
If you set the
repository.docker_upstream_name
registry name pattern, you cannot publish or promote content views with container content with identical repository names to theProduction
lifecycle. -
If you set the
lifecycle_environment.name
registry name pattern, this can prevent the creation of a second container repository with the identical name.
You must proceed with caution when defining registry naming patterns for your containers.
To manage container naming with a registry name pattern, complete the following steps:
-
In the orcharhino management UI, navigate to Content > Lifecycle > Lifecycle Environments.
-
Create a lifecycle environment or select an existing lifecycle environment to edit.
-
In the Container Image Registry area, click the edit icon to the right of Registry Name Pattern area.
-
Use the list of variables and examples to determine which registry name pattern you require.
-
In the Registry Name Pattern field, enter the registry name pattern that you want to use. For example, to use the
repository.docker_upstream_name
:<%= repository.docker_upstream_name %>
-
Click Save.
13.3. Managing container registry authentication
You can manage the authentication settings for accessing containers images from orcharhino. By default, users must authenticate to access containers images in orcharhino.
You can specify whether you want users to authenticate to access container images in orcharhino in a lifecycle environment.
For example, you might want to permit users to access container images from the Production
lifecycle without any authentication requirement and restrict access the Development
and QA
environments to authenticated users.
-
In the orcharhino management UI, navigate to Content > Lifecycle > Lifecycle Environments.
-
Select the lifecycle environment that you want to manage authentication for.
-
To permit unauthenticated access to the containers in this lifecycle environment, select the Unauthenticated Pull checkbox. To restrict unauthenticated access, clear the Unauthenticated Pull checkbox.
-
Click Save.
13.4. Configuring Podman and Docker to trust the certificate authority
Podman uses two paths to locate the CA file, namely, /etc/containers/certs.d/
and /etc/docker/certs.d/
.
Copy the root CA file to one of these locations, with the exact path determined by the server hostname, and naming the file ca.crt
In the following examples, replace hostname.example.com
with orcharhino.example.com
or orcharhino-proxy.example.com
, depending on your use case.
-
You might first need to create the relevant location using:
# mkdir -p /etc/containers/certs.d/hostname.example.com
or
# mkdir -p /etc/docker/certs.d/hostname.example.com
-
For podman, use:
# cp rootCA.pem /etc/containers/certs.d/hostname.example.com/ca.crt
-
Alternatively, if you are using Docker, copy the root CA file to the equivalent Docker directory:
# cp rootCA.pem /etc/docker/certs.d/hostname.example.com/ca.crt
You no longer need to use the --tls-verify=false
option when logging in to the registry:
$ podman login hostname.example.com Username: admin Password: Login Succeeded!
13.5. Using container registries
You can use Podman and Docker to fetch content from container registries and push the content to the orcharhino container registry. The orcharhino registry follows the Open Containers Initiative (OCI) specification, so you can push content to orcharhino by using the same methods that apply to other registries. For more information about OCI, see Open Container Initiative Distribution Specification.
-
To push content to orcharhino, ensure your orcharhino account has the
edit_products
permission. -
Ensure that a product exists before pushing a repository. For more information, see Creating a custom product.
-
To pull content from orcharhino, ensure that your orcharhino account has the
view_lifecycle_environments
,view_products
, andview_content_views
permissions, unless the lifecycle environment allows unauthenticated pull.
-
You can only push content to the orcharhino Server itself. If you need pushed content on orcharhino Proxies as well, use orcharhino Proxy syncing.
-
The pushed container registry name must contain only lowercase characters.
-
Unless pushed repositories are published in a content view version, they do not follow the registry name pattern. For more information, see Managing container name patterns. This is to ensure that users can push and pull from the same path.
-
Users are required to push and pull from the same path. If you use the label-based schema, pull using labels. If you use the ID-based schema, pull using IDs.
-
Logging in to the container registry:
# podman login orcharhino.example.com
-
Listing container images:
# podman search orcharhino.example.com/
-
Pulling container images:
# podman pull orcharhino.example.com/my-image:<optional_tag>
-
Pushing container images to the orcharhino container registry:
-
To indicate which organization, product, and repository the container image belongs to, include the organization and product in the container registry name.
-
You can address the container destination by using one of the following schemas:
$ podman push My_Container_Image_Hash orcharhino.example.com/My_Organization_Label/My_Product_Label/My_Repository_Name[:_My_Tag_] $ podman push My_Container_Image_Hash orcharhino.example.com/id/My_Organization_ID/My_Product_ID/My_Repository_Name[:_My_Tag_]
-
After the content push has completed, a repository is created in orcharhino.
-
14. Managing ISO images
You can use orcharhino to store ISO images, either from Red Hat’s Content Delivery Network or other sources. You can also upload other files, such as virtual machine images, and publish them in repositories.
14.1. Importing ISO images from Red Hat
The Red Hat Content Delivery Network provides ISO images for certain products. The procedure for importing this content is similar to the procedure for enabling repositories for RPM content.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Red Hat Repositories.
-
In the Search field, enter an image name, for example,
Red Hat Enterprise Linux 7 Server (ISOs)
. -
In the Available Repositories window, expand Red Hat Enterprise Linux 7 Server (ISOs).
-
For the x86_64 7.2 entry, click the Enable icon to enable the repositories for the image.
-
In the orcharhino management UI, navigate to Content > Products and click Red Hat Enterprise Linux Server.
-
Click the Repositories tab of the Red Hat Enterprise Linux Server window, and click Red Hat Enterprise Linux 7 Server ISOs x86_64 7.2.
-
In the upper right of the Red Hat Enterprise Linux 7 Server ISOs x86_64 7.2 window, click Select Action and select Sync Now.
-
In the orcharhino management UI, navigate to Content > Sync Status and expand Red Hat Enterprise Linux Server.
-
Locate the Red Hat Enterprise Linux Server product for
file
repositories:$ hammer repository-set list \ --product "Red Hat Enterprise Linux Server" \ --organization "My_Organization" | grep "file"
-
Enable the
file
repository for Red Hat Enterprise Linux 7.2 Server ISO:$ hammer repository-set enable \ --product "Red Hat Enterprise Linux Server" \ --name "Red Hat Enterprise Linux 7 Server (ISOs)" \ --releasever 7.2 \ --basearch x86_64 \ --organization "My_Organization"
-
Locate the repository in the product:
$ hammer repository list \ --product "Red Hat Enterprise Linux Server" \ --organization "My_Organization"
-
Synchronize the repository in the product:
$ hammer repository synchronize \ --name "Red Hat Enterprise Linux 7 Server ISOs x86_64 7.2" \ --product "Red Hat Enterprise Linux Server" \ --organization "My_Organization"
14.2. Importing individual ISO images and files
Use this procedure to manually import ISO content and other files to orcharhino Server. To import files, you can complete the following steps in the orcharhino management UI or using the Hammer CLI. However, if the size of the file that you want to upload is larger than 15 MB, you must use the Hammer CLI to upload it to a repository.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Products and click Create Product.
-
In the Name field, enter a name to identify the product. This name populates the Label field.
-
Optional: In the GPG Key field, enter a GPG Key for the product.
-
Optional: From the Sync Plan list, select a synchronization plan for the product.
-
Optional: In the Description field, enter a description of the product.
-
Click Save.
-
In the Products window, click the new product and then click Create Repository.
-
In the Name field, enter a name for the repository. This automatically populates the Label field.
-
From the Type list, select file.
-
In the Upstream URL field, enter the URL of the registry to use as a source. Add a corresponding user name and password in the Upstream Username and Upstream Password fields.
-
Click Save.
-
Select the new repository.
-
Navigate to Upload File and click Browse.
-
Select the
.iso
file and click Upload.
-
Create the custom product:
$ hammer product create \ --name "My_ISOs" \ --sync-plan "Example Plan" \ --description "My_Product" \ --organization "My_Organization"
-
Create the repository:
$ hammer repository create \ --name "My_ISOs" \ --content-type "file" \ --product "My_Product" \ --organization "My_Organization"
-
Upload the ISO file to the repository:
$ hammer repository upload-content \ --path ~/bootdisk.iso \ --id repo_ID \ --organization "My_Organization"
15. Managing Ansible content
You can import Ansible collections from several sources to orcharhino Server.
For more information about Ansible integration in orcharhino, see Configuring hosts by using Ansible.
15.1. Synchronizing Ansible Collections
On orcharhino, you can synchronize your Ansible Collections from any Ansible Galaxy and other orcharhino instances. Ansible Collections will appear on orcharhino as a new repository type in the orcharhino management UI menu under Content after the sync.
-
In the orcharhino management UI, navigate to Content > Products.
-
Select the required product name.
-
In the Products window, select the name of a product that you want to create a repository for.
-
Click the Repositories tab, and then click New Repository.
-
In the Name field, enter a name for the repository.
The Label field is populated automatically based on the name.
-
From the Type list, select ansible collection.
-
In the Upstream URL field, enter the URL for the upstream collections repository.
The URL can be any Ansible Galaxy endpoint. For example,
https://galaxy.ansible.com
. -
Optional: In the Requirements.yml field, you can specify the list of collections you want to sync from the endpoint, as well as their versions.
If you do not specify the list of collections, everything from the endpoint will be synced.
--- collections: - name: my_namespace.my_collection version: 1.2.3
For more information, see Installing roles and collections from the same requirements.yml file in the Galaxy User Guide.
-
Optional: Deselect Sync Dependencies if you do not want orcharhino to resolve and synchronize dependencies. By default, orcharhino synchronizes all required dependencies.
-
Authenticate.
-
To sync orcharhino from Private Automation Hub, enter your token in the Auth Token field.
-
To sync orcharhino from
console.redhat.com
, enter your token in the Auth Token field and enter your SSO URL in the the Auth URL field. -
To sync orcharhino from orcharhino, leave both authentication fields blank.
-
-
Click Save.
-
Navigate to the Ansible Collections repository.
-
From the Select Action menu, select Sync Now.
16. Managing custom file type content
In orcharhino, you might require methods of managing and distributing SSH keys and source code files or larger files such as virtual machine images and ISO files. To achieve this, custom products in orcharhino include repositories for custom file types. This provides a generic method to incorporate arbitrary files in a product.
You can upload files to the repository and synchronize files from an upstream orcharhino Server.
When you add files to a custom file type repository, you can use the normal orcharhino management functions such as adding a specific version to a content view to provide version control and making the repository of files available on various orcharhino Proxies.
You must download the files on clients over HTTP or HTTPS by using curl -O
.
You can create a file type repository in orcharhino Server only in a custom product, but there is flexibility in how you create the repository source. You can create an independent repository source in a directory on orcharhino Server, or on a remote HTTP server, and then synchronize the contents of that directory into orcharhino. This method is useful when you have multiple files to add to a orcharhino repository.
16.1. Creating a local source for a custom file type repository
You can create a custom file type repository source, from a directory of files, on the base system where orcharhino is installed using Pulp Manifest. You can then synchronize the files into a repository and manage the custom file type content like any other content type.
Use this procedure to configure a repository in a directory on the base system where orcharhino is installed. To create a file type repository in a directory on a remote server, see Creating a remote source for a custom file type repository.
-
Install the Pulp Manifest package:
# dnf install pulp-manifest
-
Create a directory that you want to use as the file type repository, such as:
# mkdir -p /var/lib/pulp/local_repos/my_file_repo
-
Add the parent folder into allowed import paths:
# foreman-installer --foreman-proxy-content-pulpcore-additional-import-paths /var/lib/pulp/local_repos
-
Add files to the directory or create a test file:
# touch /var/lib/pulp/local_repos/my_file_repo/test.txt
-
Run the Pulp Manifest command to create the manifest:
# pulp-manifest /var/lib/pulp/local_repos/my_file_repo
-
Verify the manifest was created:
# ls /var/lib/pulp/local_repos/my_file_repo PULP_MANIFEST test.txt
Now, you can import your local source as a custom file type repository.
Use the file://
URL scheme and the name of the directory to specify an Upstream URL, such as file:///var/lib/pulp/local_repos/my_file_repo
.
For more information, see Creating a custom file type repository.
If you update the contents of your directory, re-run Pulp Manifest and sync the repository in orcharhino. For more information, see Synchronizing repositories.
16.2. Creating a remote source for a custom file type repository
You can create a custom file type repository source from a directory of files that is external to orcharhino Server using Pulp Manifest. You can then synchronize the files into a repository on orcharhino Server over HTTP or HTTPS and manage the custom file type content like any other content type.
Use this procedure to configure a repository in a directory on a remote server. To create a file type repository in a directory on the base system where orcharhino Server is installed, see Creating a local source for a custom file type repository.
-
You have a server running Enterprise Linux 9 registered to your orcharhino.
-
You have installed an HTTP server.
-
Install the Pulp Manifest package:
# dnf install pulp-manifest
-
Create a directory that you want to use as the file type repository in the HTTP server’s public folder:
# mkdir /var/www/html/pub/my_file_repo
-
Add files to the directory or create a test file:
# touch /var/www/html/pub/my_file_repo/test.txt
-
Run the Pulp Manifest command to create the manifest:
# pulp-manifest /var/www/html/pub/my_file_repo
-
Verify the manifest was created:
# ls /var/www/html/pub/my_file_repo PULP_MANIFEST test.txt
Now, you can import your remote source as a custom file type repository.
Use the path to the directory to specify an Upstream URL, such as http://server.example.com/my_file_repo
.
For more information, see Creating a custom file type repository.
If you update the contents of your directory, re-run Pulp Manifest and sync the repository in orcharhino. For more information, see Synchronizing repositories.
16.3. Creating a custom file type repository
The procedure for creating a custom file type repository is the same as the procedure for creating any custom content, except that when you create the repository, you select the file type. You must create a product and then add a custom repository.
To use the CLI instead of the orcharhino management UI, see the CLI procedure.
-
In the orcharhino management UI, navigate to Content > Products.
-
Select a product that you want to create a repository for.
-
On the Repositories tab, click New Repository.
-
In the Name field, enter a name for the repository. orcharhino automatically completes the Label field based on the name.
-
Optional: In the Description field, enter a description for the repository.
-
From the Type list, select
file
as type of repository. -
Optional: In the Upstream URL field, enter the URL of the upstream repository to use as a source. If you do not enter an upstream URL, you can manually upload packages. For more information, see Uploading files to a custom file type repository.
-
Select Verify SSL to verify that the SSL certificates of the repository are signed by a trusted CA.
-
Optional: In the Upstream Username field, enter the user name for the upstream repository if required for authentication. Clear this field if the repository does not require authentication.
-
Optional: In the Upstream Password field, enter the corresponding password for the upstream repository. Clear this field if the repository does not require authentication.
-
Optional: In the Upstream Authentication Token field, provide the token of the upstream repository user for authentication. Leave this field empty if the repository does not require authentication.
-
From the Download Policy list, select the type of synchronization orcharhino Server performs. For more information, see Download policies overview.
-
From the Mirroring Policy list, select the type of content synchronization orcharhino Server performs. For more information, see Mirroring policies overview.
-
Optional: In the HTTP Proxy Policy field, select an HTTP proxy. By default, it uses the
Global Default
HTTP proxy. -
Optional: You can clear the Unprotected checkbox to require a subscription entitlement certificate for accessing this repository. By default, the repository is published through HTTP.
-
Optional: In the SSL CA Cert field, select the SSL CA Certificate for the repository.
-
Optional: In the SSL Client Cert field, select the SSL Client Certificate for the repository.
-
Optional: In the SSL Client Key field, select the SSL Client Key for the repository.
-
Click Save to create the repository.
-
Create a custom product:
$ hammer product create \ --description "My_Files" \ --name "My_File_Product" \ --organization "My_Organization" \ --sync-plan "My_Sync_Plan"
Table 6. Optional parameters for the hammer product create
commandOption Description --gpg-key-id
gpg_key_idGPG key numeric identifier
--sync-plan-id
sync_plan_idSync plan numeric identifier
--sync-plan
sync_plan_nameSync plan name to search by
-
Create a
file
type repository:$ hammer repository create \ --content-type "file" \ --name "My_Files" \ --organization "My_Organization" \ --product "My_File_Product"
Table 7. Optional parameters for the hammer repository create
commandOption Description --checksum-type
sha_versionRepository checksum (either
sha256
,sha384
, orsha512
)--download-policy
policy_nameDownload policy for repositories (either
immediate
oron_demand
)--gpg-key-id
gpg_key_idGPG key numeric identifier
--gpg-key
gpg_key_nameKey name to search by
--mirror-on-sync
booleanMust this repo be mirrored from the source, and stale packages removed, when synced? Set to
true
orfalse
,yes
orno
,1
or0
.--publish-via-http
booleanMust this also be published using HTTP? Set to
true
orfalse
,yes
orno
,1
or0
.--upstream-password
repository_passwordPassword for the upstream repository user
--upstream-username
repository_usernameUpstream repository user, if required for authentication
--url
My_Repository_URLURL of the remote repository
--verify-ssl-on-sync
booleanVerify that the upstream SSL certificates of the remote repository are signed by a trusted CA? Set to
true
orfalse
,yes
orno
,1
or0
.
16.4. Uploading files to a custom file type repository
Use this procedure to upload files to a custom file type repository.
-
In the orcharhino management UI, navigate to Content > Products.
-
Select a custom product by name.
-
Select a file type repository by name.
-
Click Browse to search and select the file you want to upload.
-
Click Upload to upload the selected file to orcharhino Server.
-
Visit the URL where the repository is published to see the file.
$ hammer repository upload-content \ --id repo_ID \ --organization "My_Organization" \ --path example_file
The --path
option can indicate a file, a directory of files, or a glob expression of files.
Globs must be escaped by single or double quotes.
16.5. Downloading files to a host from a custom file type repository
You can download files to a client over HTTPS using curl -O
, and optionally over HTTP if the Unprotected option for repositories is selected.
-
You have a custom file type repository. For more information, see Creating a custom file type repository.
-
You know the name of the file you want to download to clients from the file type repository.
-
To use HTTPS you require the following certificates on the client:
-
The
katello-server-ca.crt
. For more information, see Importing the Katello Root CA Certificate in Administering orcharhino. -
An Organization Debug Certificate. For more information, see Creating an Organization Debug Certificate in Managing organizations and locations in orcharhino.
-
-
In the orcharhino management UI, navigate to Content > Products.
-
Select a custom product by name.
-
Select a file type repository by name.
-
Ensure to select the Unprotected checkbox to access the repository published through HTTP.
-
Copy the Published At URL.
-
On your client, download the file from orcharhino Server:
-
For HTTPS:
# curl \ --cacert ./_katello-server-ca.crt \ --cert ./_My_Organization_key-cert.pem \ --remote-name \ https://orcharhino.example.com/pulp/content/My_Organization_Label/Library/custom/My_Product_Label/My_Repository_Label/My_File
-
For HTTP:
# curl \ --remote-name \ http://orcharhino.example.com/pulp/content/My_Organization_Label/Library/custom/My_Product_Label/My_Repository_Label/My_File
-
-
List the file type repositories.
$ hammer repository list --content-type file ---|------------|-------------------|--------------|---- ID | NAME | PRODUCT | CONTENT TYPE | URL ---|------------|-------------------|--------------|---- 7 | My_Files | My_File_Product | file | ---|------------|-------------------|--------------|----
-
Display the repository information.
$ hammer repository info \ --name "My_Files" \ --organization-id My_Organization_ID \ --product "My_File_Product"
If Unprotected is enabled, the output is similar to this:
Publish Via HTTP: yes Published At: https://orcharhino.example.com/pulp/content/My_Organization_Label/Library/custom/My_File_Product_Label/My_Files_Label/
If Unprotected is not enabled, the output is similar to this:
Publish Via HTTP: no Published At: https://orcharhino.example.com/pulp/content/My_Organization_Label/Library/custom/My_File_Product_Label/My_Files_Label/
-
On your client, download the file from orcharhino Server:
-
For HTTPS:
# curl \ --cacert ./_katello-server-ca.crt \ --cert ./_My_Organization_key-cert.pem \ --remote-name \ https://orcharhino.example.com/pulp/content/My_Organization_Label/Library/custom/My_Product_Label/My_Repository_Label/My_File
-
For HTTP:
# curl \ --remote-name \ http://orcharhino.example.com/pulp/content/My_Organization_Label/Library/custom/My_Product_Label/My_Repository_Label/My_File
-
17. Managing Python type content
You can use orcharhino to manage Python type repositories. To achieve this, custom products in orcharhino include repositories for Python type content. This provides a generic method to incorporate Python packages in a product.
You can upload Python packages to Python type repositories and synchronize files from an upstream orcharhino Server.
When you add Python packages to a Python type repository, you can use the normal orcharhino management functions such as adding a specific version to a content view to provide version control and making the repository available on various orcharhino Proxies.
You must download the files on clients over HTTP or HTTPS by using curl -O
.
You can create an independent repository source in a directory on orcharhino Server, or on a remote HTTP server, and then synchronize the contents of that directory into orcharhino. This method is useful when you have multiple Python packages to add to a custom repository.
17.1. Synchronizing Python repositories
On orcharhino, you can synchronize your Python repositories from any mirror and other orcharhino instances. You can view the Python packages in the orcharhino management UI at Content > Content Types > Other Content Types.
-
In the orcharhino management UI, navigate to Content > Products.
-
Select a custom product by name.
-
In the Products window, select the name of a product that you want to create a repository for.
-
Click the Repositories tab, and then click New Repository.
-
In the Name field, enter a name for the repository.
The Label field is populated automatically based on the name.
-
From the Type list, select python.
-
In the Upstream URL field, enter the URL for the upstream content source, for example,
https://pypi.org
. -
Optional: Clear Verify SSL if you do not want orcharhino Server to verify the SSL certificate of the upstream content source.
-
Optional: In the Upstream Username field, enter the user name for the upstream repository if required for authentication. Clear this field if the repository does not require authentication.
-
Optional: In the Upstream Password field, enter the corresponding password for the upstream repository. Clear this field if the repository does not require authentication.
-
Optional: In the Excludes field, enter a list of Python packages separated by newlines to exclude from synchronizing to orcharhino.
-
Optional: In the Includes field, enter a list of Python packages separated by newlines to limit the synchronization only to the included packages.
-
Optional: In the Keep latest packages field, enter a number to limit the amount of Python package versions kept after synchronization. By default, orcharhino keeps all package versions.
-
Optional: In the Package Types field, enter a list of package types separated by comma. You can enter
sdist
to synchronize the source distribution orbdist_wheel
to synchronize the built distribution. -
From the Mirroring Policy list, select the type of content synchronization orcharhino Server performs. For more information, see Mirroring policies overview.
-
Optional: In the HTTP Proxy Policy field, select an HTTP proxy.
-
Optional: You can clear the Unprotected checkbox to require a subscription entitlement certificate for accessing this repository. By default, the repository is published through HTTP.
-
Optional: In the SSL CA Cert field, select the SSL CA Certificate for the repository.
-
Optional: In the SSL Client cert field, select the SSL Client Certificate for the repository.
-
Optional: In the SSL Client Key field, select the SSL Client Key for the repository.
-
Click Save to create the repository.
-
Select your repository.
-
From the Select Action menu, select Sync Now.
17.2. Uploading files to a Python type repository
You can upload files from your local machine to a Python type repository.
-
In the orcharhino management UI, navigate to Content > Products.
-
Select a custom product by name.
-
Select a Python type repository by name.
-
Click Browse to search and select the file you want to upload.
You can upload
.whl
packages and.tar.gz
archives that contain Python packages. -
Click Upload to upload the selected file to orcharhino Server.
$ hammer repository upload-content \ --id My_Repository_ID \ --organization-id My_Organization_ID \ --path Path_To_My_File
The --path
option can indicate a file, a directory of files, or a glob expression of files.
Globs must be escaped by single or double quotes.
-
Visit the Published At URL to see the file.
17.3. Installing Python packages from orcharhino Server
You can install Python packages from orcharhino on hosts using pip
.
-
You have uploaded or synchronized a Python package to orcharhino.
-
On your hosts, set the URL to orcharhino Server to install a Python package:
$ pip install \ --index-url https://orcharhino.example.com/pulp/content/My_Organization_Label/Library/custom/My_Custom product/My_Python_Repository/simple/ \ My_Python_Package
If your host does not trust the certificate of your orcharhino Server, add the
--trusted-host orcharhino.example.com
option.
17.4. Downloading files to a host from a Python type repository
You can download files to a client over HTTPS using curl -O
, and optionally over HTTP if the Unprotected option for repositories is selected.
-
You have a Python type repository.
-
You know the name of the Python package you want to download to clients from the Python type repository.
-
To download the Python packages over HTTPS to your hosts, you require:
-
The
katello-server-ca.crt
. For more information, see Importing the Katello Root CA Certificate in Administering orcharhino. -
An Organization Debug Certificate. For more information, see Creating an Organization Debug Certificate in Managing organizations and locations in orcharhino.
-
-
In the orcharhino management UI, navigate to Content > Products.
-
Select a custom product by name.
-
Select a Python type repository by name.
-
Optional: Select the Unprotected checkbox to access the repository published through HTTP.
-
Copy the Published At URL.
-
On your client, download the file from orcharhino Server:
-
For HTTPS:
# curl \ --cacert ./_katello-server-ca.crt \ --cert ./_My_Organization_key-cert.pem \ --remote-name \ https://orcharhino.example.com/pulp/content/My_Organization_Label/Library/custom/My_Product_Label/My_Repository_Label/My_File
-
For HTTP:
# curl \ --remote-name \ http://orcharhino.example.com/pulp/content/My_Organization_Label/Library/custom/My_Product_Label/My_Repository_Label/My_File
-
-
List all
file
type repositories:$ hammer repository list --content-type python
-
View the repository information:
$ hammer repository info \ --name "My_Python_Repository" \ --organization-id My_Organization_ID \ --product "My_Custom product"
-
On your client, download the file from orcharhino Server:
-
For HTTPS:
# curl \ --cacert ./_katello-server-ca.crt \ --cert ./_My_Organization_key-cert.pem \ --remote-name \ https://orcharhino.example.com/pulp/content/My_Organization_Label/Library/custom/My_Product_Label/My_Repository_Label/My_File
-
For HTTP:
# curl \ --remote-name \ http://orcharhino.example.com/pulp/content/My_Organization_Label/Library/custom/My_Product_Label/My_Repository_Label/My_File
-
Appendix A: Using an NFS share for content storage
Your environment requires adequate hard disk space to fulfill content storage. In some situations, it is useful to use an NFS share to store this content. This appendix shows how to mount the NFS share on your orcharhino Server’s content management component.
Important
|
Use high-bandwidth, low-latency storage for the /var/lib/pulp file system.
orcharhino has many I/O-intensive operations; therefore, high-latency, low-bandwidth storage might have issues with performance degradation.
|
-
Create the NFS share. This example uses a share at
nfs.example.com:/orcharhino/pulp
. Ensure this share provides the appropriate permissions to orcharhino Server and itsapache
user. -
Stop orcharhino services on your orcharhino Server:
# foreman-maintain service stop
-
Ensure orcharhino Server has the
nfs-utils
package installed:# dnf install nfs-utils
-
You need to copy the existing contents of
/var/lib/pulp
to the NFS share. First, mount the NFS share to a temporary location:# mkdir /mnt/temp # mount -o rw nfs.example.com:/orcharhino/pulp /mnt/temp
Copy the existing contents of
/var/lib/pulp
to the temporary location:# cp -r /var/lib/pulp/* /mnt/temp/.
-
Set the permissions for all files on the share to use the
pulp
user. -
Unmount the temporary storage location:
# umount /mnt/temp
-
Remove the existing contents of
/var/lib/pulp
:# rm -rf /var/lib/pulp/*
-
Edit the
/etc/fstab
file and add the following line:nfs.example.com:/orcharhino/pulp /var/lib/pulp nfs rw,hard,intr,context="system_u:object_r:pulpcore_var_lib_t:s0"
This makes the mount persistent across system reboots. Ensure to include the SELinux context.
-
Enable the mount:
# mount -a
-
Confirm the NFS share mounts to
var/lib/pulp
:# df Filesystem 1K-blocks Used Available Use% Mounted on ... nfs.example.com:/orcharhino/pulp 309506048 58632800 235128224 20% /var/lib/pulp ...
Also confirm that the existing content exists at the mount on
var/lib/pulp
:# ls /var/lib/pulp
-
Start orcharhino services on your orcharhino Server:
# foreman-maintain service start
orcharhino Server now uses the NFS share to store content. Run a content synchronization to ensure the NFS share works as expected. For more information, see Synchronizing repositories.
Appendix B: Configuring Inter-Server Synchronization (ISS)
B.1. Inter-Server Synchronization scenarios
orcharhino uses Inter-Server Synchronization (ISS) to synchronize content between two orcharhino Servers including those that are air gapped.
You can use ISS in cases such as:
-
If you want to copy some but not all content from your orcharhino Server to other orcharhino Servers. For example, you have content views that your IT department consumes from orcharhino Server, and you want to copy content from those content views to other orcharhino Servers.
-
If you want to copy all Library content from your orcharhino Server to other orcharhino Servers. For example, you have products and repositories that your IT department consumes from orcharhino Server in the Library, and you want to copy all products and repositories in that organization to other orcharhino Servers.
Note
|
You cannot use ISS to synchronize content from orcharhino Server to orcharhino Proxy. orcharhino Proxy supports synchronization natively. |
There are different ways of using ISS. The way you can use depends on your multi-server setup that can fall to one of the following scenarios.
B.1.1. ISS network sync in a disconnected scenario
In a disconnected scenario, there is the following setup:
-
The upstream orcharhino Server is connected to the Internet. This server consumes content from the Red Hat Content Delivery Network (CDN) or custom sources.
-
The downstream orcharhino Server is completely isolated from all external networks.
-
The downstream orcharhino Server can communicate with a connected upstream orcharhino Server over an internal network.
You can configure your downstream orcharhino Server to synchronize content from the upstream orcharhino Server over the network.
B.1.2. ISS export sync in an air-gapped scenario
In an air-gapped scenario, there is the following setup:
-
The upstream orcharhino Server is connected to the Internet. This server consumes content from the Red Hat CDN or custom sources.
-
The downstream orcharhino Server is completely isolated from all external networks.
-
The downstream orcharhino Server does not have a network connection to a connected upstream orcharhino Server.
The only way for an air-gapped downstream orcharhino Server to receive content updates is by exporting payload from the upstream orcharhino Server, bringing it physically to the downstream orcharhino Server, and importing the payload. For more information, see Synchronizing Content Between orcharhino Servers in Managing content.
You can configure your downstream orcharhino Server to synchronize content by using exports.
B.2. Configuring orcharhino Server to synchronize content by using exports
If you deployed your downstream orcharhino Server as air gapped, configure your orcharhino Server as such to avoid attempts to consume content from a network.
-
In the orcharhino management UI, navigate to Content > Subscriptions.
-
Click Manage Manifest.
-
Switch to the CDN Configuration tab.
-
Select the Export Sync tab.
-
Click Update.
-
Log in to your orcharhino Server by using SSH.
-
Set CDN configuration to sync by using exports:
$ hammer organization configure-cdn --name="My_Organization" --type=export_sync
B.3. Configuring orcharhino Server to synchronize content over a network
Configure a downstream orcharhino Server to synchronize repositories from a connected upstream orcharhino Server over HTTPS.
-
A network connection exists between the upstream orcharhino Server and the downstream orcharhino Server.
-
You imported the subscription manifest on both the upstream and downstream orcharhino Server.
-
On the upstream orcharhino Server, you enabled the required repositories for the organization. For more information, see Enabling Red Hat Repositories in Managing content.
-
The upstream user is an admin or has the following permissions:
-
view_organizations
-
view_products
-
export_content
-
view_lifecycle_environments
-
view_content_views
-
-
On the downstream orcharhino Server, you have imported the SSL certificate of the upstream orcharhino Server using the contents of
http://upstream-orcharhino.example.com/pub/katello-server-ca.crt
. For more information, see Importing SSL Certificates in Managing content. -
The downstream user is an admin or has the permissions to create product repositories and organizations.
-
Navigate to Content > Subscriptions.
-
Click Manage Manifest.
-
Navigate to the CDN Configuration tab.
-
Select the Network Sync tab.
-
In the URL field, enter the address of the upstream orcharhino Server.
-
In the Username, enter your username for upstream login.
-
In the Password, enter your password or personal access token for upstream login.
-
In the Organization label field, enter the label of the upstream organization.
-
Optional: In the Lifecycle Environment Label field, enter the label of the upstream lifecycle environment. Default is
Library
. -
Optional: In the Content view label field, enter the label of the upstream content view. Default is
Default_Organization_View
. -
From the SSL CA Content Credential menu, select a CA certificate used by the upstream orcharhino Server.
-
Click Update.
-
In the orcharhino management UI, navigate to Content > Products.
-
Select the product that contains the repositories that you want to synchronize.
-
From the Select Action menu, select Sync Now to synchronize all repositories within the product.
You can also create a synchronization plan to ensure updates on a regular basis. For more information, see Creating a Synchronization Plan in Managing content.
-
Connect to your downstream orcharhino Server using SSH.
-
View information about the upstream CA certificate:
$ hammer content-credential show \ --name="My_Upstream_CA_Cert" \ --organization="My_Downstream_Organization"
Note the ID of the CA certificate for the next step.
-
Set CDN configuration to an upstream orcharhino Server:
$ hammer organization configure-cdn --name="My_Downstream_Organization" \ --type=network_sync \ --url https://upstream-orcharhino.example.com \ --username upstream_username --password upstream_password \ --ssl-ca-credential-id "My_Upstream_CA_Cert_ID" \ --upstream-organization-label="_My_Upstream_Organization" \ [--upstream-lifecycle-environment-label="My_Lifecycle_Environment"] \ [--upstream-content-view-label="My_Content_View"]
The default lifecycle environment label is
Library
. The default content view label isDefault_Organization_View
.