Administer > Best Practices for Importing RHEL 7 Content

Importing RHEL 7 content

This section outlines the changes that have been implemented in HP Server Automation (SA) RHN import tool to support content download from Red Hat Content Delivery Network (CDN) using Red Hat Subscription Management (RHSM). This allows you to download content for Red Hat Enterprise Linux 7 (RHEL).

Red Hat Subscription Management overview

RHSM is the primary subscription management service provided by Red Hat and is the replacement for Red Hat Network Classic (RHN). RHSM is an end-to-end solution with status, inventory, organization, and reporting for Red Hat subscriptions via a hosted web-interface accessed from the Red Hat Customer Portal.

Although subscription management was primarily established on Red Hat Enterprise Linux, all Red Hat products are expected to be integrated with Red Hat Subscription Management. Red Hat Subscription Services are available for systems running Red Hat Enterprise Linux 5 (5.7 or later), 6 (6.1 or later) and 7.

Systems running RHEL 5 (5.7+) and 6 (6.1+) can subscribe to both RHN and RHSM. However, RHEL 7 systems can only subscribe to RHSM, unless using Red Hat Satellite 5.6 or above. A direct consequence of this is that the RHEL 7 channels are not available in RHN which means that the old rhn_import cannot be used to import RHEL 7 content into the SA Library. The RHEL 7 channels are only available when using Satellite 5.6 or above. The old rhn_import tool can only be used to import RHEL 7 content when used behind a Satellite 5.6 or Satellite 5.7.

Note: More details about the specific supported versions can be found in the SA Support and Compatibility Matrix associated with your SA version.

This table provides a mapping between the subscription tools provided by Red Hat and the content they provide.

Subscription Type

Content Provided

HPSA Import Tool

Red Hat Network Classic (RHN)

Everything except channels for Red Hat Linux Enterprise 7

rhn_import

redhat_import

Red Hat Subscription Management (RHSM)

Everything including channels for Red Hat Linux Enterprise 7 and above

redhat_import

Red Hat Satellite 4.x and 5.x (up to and including version 5.5)

Everything except channels for Red Hat Linux Enterprise 7

rhn_import

redhat_import

Red Hat Satellite 5.6 and 5.7

Everything including channels for Red Hat Linux Enterprise 7

rhn_import

redhat_import

Red Hat Satellite 6.x

Everything including channels for Red Hat Linux Enterprise 7 and above

redhat_import

The new redhat_import tool is the preferred way to import Red Hat content and will be detailed in the sections that will follow.

RHN Classic, RHSM, and Satellite

There are some conceptual differences between Red Hat Subscription Management and RHN Classic, and this translates into differences in the way that subscriptions are defined. In older subscription models — the model used by RHN Classic and Satellite 5 — a system required channel entitlements which granted access to sets of content and software – well known as channels.

Red Hat Subscription Management and Satellite 6 uses public-key infrastructure (PKI) certificates to uniquely identify the system, the products on the system, and its attached subscriptions.

The old and new subscription models are fundamentally different. The old rhn_import tool is associated with the old subscription model and thus is only capable of importing content from RHN Classic, and Satellite 5. To support Red Hat Customer Portal and Satellite 6 with the new subscription model — that is RHSM — a new tool has been added.

Content import using Red Hat Subscription Management

The SA RHN import has been enhanced to support content import from both RHN and RHSM. This allows for content import for RHEL 7 and other Red Hat products using RHSM.

New redhat_import binary

To support content import from RHSM a new binary has been added: redhat_import. This binary is capable of importing from both RHN and RHSM and uses an updated configuration file format (see New Configuration File). The behavior of the old rhn_import binary has not been changed and it uses the old configuration file format. Users that do not need to import content from RHSM can still use the rhn_import binary without any changes to the configuration file. However users are encouraged to migrate to the new redhat_import binary.

New configuration file

The new redhat_import binary uses a new configuration file format. Users using the new binary file will have to migrate existing configuration files to the new format. The new redhat_import binary does not work with old configuration files.

The new configuration file adds two new sections [RHN] and [RHSM] controlling the import from RHN and RHSM respectively. For more details on the format of the new configuration file see the manual page of redhat_import:

/opt/opsware/rhn_import/bin/redhat_import --manual

A sample configuration file is available at:

/etc/opt/opsware/rhn_import/redhat_import.conf-sample

Entitlement certificates

Red Hat subscriptions provide software entitlements. The actual content is delivered through the Red Hat Content Delivery Network (CDN) or through Red Hat Satellite 6.

Note: In the following sections CDN is used to denote content imported from either Red Hat Content Delivery Network or Satellite 6. When there are specifics to the online portal, Red Hat CDN will be used to denote the difference.

RHSM uses the following X.509 certificates for managing subscriptions:

  • Identity certificate - is issued to a system when the system is registered with the subscription management service. This certificate is used to authenticate and identify the system to the subscription management service.
  • Product certificate - is generated and installed on a system once a product is installed. This certificate contains information about the specific system that the product is installed on (such as its hardware and architecture) and the product name, version, and namespace.
  • Entitlement certificate - contains a list of subscriptions for a system, including information about the products and quantities, content repositories, roles, and different namespaces.

In order to be able to connect to Red Hat CDN or Satellite 6 and download content, redhat_import requires an entitlement certificate from RHSM. This must be available on the SA core where redhat_import is run. redhat_import does not use the identity and product certificates.

The entitlement certificate must be generated on the Red Hat Customer Portal or on the Satellite 6 if you want to import content from the Satellite. The next step is to download the certificate and place it on the SA core.

To generate an entitlement certificate, perform the following steps:

  1. Register a system (unit) :
  • For Red Hat Customer Portal the easiest way to achieve this is to register an offline system by providing the system details on the Red Hat Customer Portal. However, if you already have a suitable system that is registered on the Red Hat Customer Portal you can reuse it.
  • For Red Hat Satellite 6, at the moment of writing this document there was no official way of registering offline systems. In order to proceed to the next step you need to have a suitable system that can be registered to the Satellite server using the subscription_management tool provided by Red Hat.
  1. Attach a subscription to the registered system.
  • The attached subscription is required to cover the Red Hat product(s) that you need to download using redhat_import. For example, if you need to download content for RHEL 7, x86_64, the subscription needs to cover Red Hat Enterprise Linux product.
  • For Red Hat Customer Portal the entitlement certificate is available on the portal.
  • For Satellite 6, the default path for entitlement certificate is /etc/pki/entitlement.  This is available on the system registered with the Satellite server. Usually you will find two .pem files (a public and a private key). You should concatenate this two files into a single .pem file. This will be the entitlement certificate that must be downloaded to the core.

Multiple entitlement certificates

redhat_import supports multiple entitlement certificates. If at some point you need to import content that is not covered by any of the existing entitlement certificates you can generate a new entitlement certificate, covering the required CDN content and add it to the redhat_import configuration file.

No entitlement certificate is required for rhn_import binary or when redhat_import binary is only used to download content from RHN.

Note: As best practice don’t mix entitlements for Red Hat Customer Portal with entitlements for Red Hat Satellite 6.

How to install Red Hat CA certificates

HPSA Red Hat importer validates the server certificates for Red Hat Network Classic (RHN), Red Hat Subscription Management (RHSM) and Red Hat Satellite. By default HPSA comes bundled with CA certificates only for RHN. Out of the three content providers only Red Hat Network Classic is signed by a certificate authority trusted by both HPSA and Red Hat.

RHSM and Red Hat Satellite servers have self signed certificates so by default there is no CA certificate bundled for these two content providers with HPSA OPSWrhn_import component. To enable access to Red Hat Subscription Management and/or Red Hat Satellite you need to install the self signed server certificate in the OSPWopenssl trust store.

Depending on your use cases you only need to install the RHSM server certificate if you are using the new Red Hat Subscription Management content provider, or the satellite server certificate in case you have a Red Hat Satellite and want to import from it. Otherwise, if you only use RHN as a provider you can safely skip this section.

The process of installing a certificate in the trust store is split in three steps:

  1. Download the self signed certificate from RHSM/Red Hat Satellite
  2. Install the self signed certificate in HPSA trust store
  3. Verify that OPSWopenssl is validating the server certificate

The first step is different on RHSM and Red Hat Satellite server while the last two steps are the same for both content providers.

Downloading the self signed certificate

Downloading RHSM self signed certificate

The RSHM server certificate is not signed by a public certificate authority. You have to use the openssl tool to download the certificate chain for cdn.redhat.com. After download, extract the last certificate issued by Entitlement Master CA and copy it into a .pem file:

A command example to download the certificate chain for RHSM:

openssl s_client –connect cdn.redhat.com:443 –prexit -showcerts

Note: At the time of this writing, the latest released version of openssl (i.e openssl-1.0.2d) does not work with HTTP proxies. The easiest option is to use a browser to download the certificate.

Downloading Red Hat Satellite self signed certificate

The self signed certificate is made public by Red Hat Satellite server at /pub/RHN-ORG-TRUSTED-SSL-CERT. Run the following command to download the certificate file:

wget -O /tmp/RHN-ORG-TRUSTED-SSL-CERT  http://redhat.satellite.hostname/pub/RHN-ORG-TRUSTED-SSL-CERT

If you need proxy access to Red Hat Satellite server you can export the http_proxy environment variable and wget will use the value exported.

Installing the self signed certificate in HPSA trust store

At the end of the downloaded certificate you should see a block that looks like:
-----BEGIN CERTIFICATE-----
MIIE4TCCA8mgAwIBAgIJANwa5OFPkBHHMA0GCSqGSIb3DQEBCwUAMIGGMQswCQYD
haXhmbq+5pEkpxGAactW+tORsJmpgTdAXeq2rreYtgZ2/vCwdM0iwSVakGNFAvni
T9lnSVrADcO/S8V/DzcH30RzSpIS44beE23zag82019fCrsZg9VkYJER4Fn0tRq4
6U9I4OgBSPSU34MXclGld0BAN+mANWHQYacZ7hHQJtMRP+mc8ZgHIvsKNnKRoHOd
Rhla7cP7GYrXn/piQAxRW66fOYJOeVIsAWJvgUb+A8ecwb+s6k56cQdLKkm0wKD0
2zUFMAg=
-----END CERTIFICATE-----
 

Append the block to the end of file /opt/opsware/openssl/cert.pem. At this point, the certificate is installed in the HPSA trust store. Ensure that openssl tool can verify the RHSM and/or Red Hat Satellite server certificate.

Verifying that OPSWopenssl is validating the server certificate

After the CA certificate is installed in HPSA trust store, you must verify if openssl validates the installed certificates before running the importer. To do so, please run the following command:

/opt/opsware/bin/openssl s_client -connect rhsm.or.satellite.hostname:443 -verify 3

If the verification succeeds at the end of the output you should see the following message:

Verify return code: 0 (ok)

Otherwise, if something went wrong you should see a return code different than 0, for example:

Verify return code: 21 (unable to verify the first certificate)

Note Since openssl can’t work behind a proxy, the above command might not work if there is an HTTP proxy in your local network.

Content labels

When importing from RHSM, redhat_import uses content labels to identify the CDN content to import. The format of the content label is the following:

<entitlement_content_label>{<releasever>-<basearch>}

where:

  • <entitlement_content_label> is the content label as specified in the entitlement certificate
  • <releasever> is the release version of Red Hat Enterprise Linux. This has the same value as the $releasever yum variable
  • <basearch> is the base architecture of the system. This has the same value as the $basearch yum variable

<releasever> is not required for all contents; when it is not used, the format of the content label becomes <entitlement_content_label>{<basearch>}

To determine the label of the CDN content to import, the following steps can be performed:

  • If the content to import belongs to one of the SA-supported platforms then the content label to use can be found by running:
./redhat_import --show_labels
  • If the content to import belongs to any other Red Hat product that is not listed by --show_labels, the content label to use can be determined as follows:

For example, to import content for RHEL Server 6.4 from Red Hat Extended Update Support, the content section in the example below, Content for RHEL Server 6.4 from Red Hat Extended Update Support, needs to be located in the entitlement certificate.

Content for RHEL Server 6.4 from Red Hat Extended Update Support

Content:

Type: yum

Name: Red Hat Enterprise Linux 6 Server - Extended Update Support (RPMs)

Label: rhel-6-server-eus-rpms

Vendor: Red Hat

URL: /content/eus/rhel/server/6/$releasever/$basearch/os

GPG: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

Enabled: True

Expires: 86400

Required Tags: rhel-6-server

Arches: x86_64, x86

The entitlement content label is “rhel-6-server-eus-rpms”. To import version 6.4 for x86_64 the content label needs to be specified as:

rhel-6-server-eus-rpms{6.4-x86_64}

As another example, to import content from RHEL 7 Server Extras repository, the content section in the example below, Content for RHEL 7 Server Extras Repository, needs to be located in the entitlement certificate.

Content for RHEL 7 Server Extras Repository

Content:

Type: yum

Name: Red Hat Enterprise Linux 7 Server - Extras (RPMs)

Label: rhel-7-server-extras-rpms

Vendor: Red Hat

URL: /content/dist/rhel/server/7/7Server/$basearch/extras/os

GPG: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

Enabled: False

Expires: 86400

Required Tags: rhel-7-server

Arches: x86_64

The entitlement content label is “rhel-7-server-extras-rpms”. In this case the content URL does not contain the <releasever> variable so this should not be included in the redhat_import content label. To import the packages for x86_64 architecture, the content label needs to be specified as:

rhel-7-server-extras-rpms{x86_64}
		 

Sample use cases

Import from RHN only

In order to import content only from RHN, the [RHSM] section should not be present in the configuration file.

Sample RHN configuration file

# main section

[main]

 

package_search_path=

    /Package Repository/OS Media/$opsware_platform

    /Package Repository/All Red Hat Linux/$opsware_platform

    /Migrated/Package Repository/Customer Independent/$opsware_platform

 

# RHN section. Contains options specific to import from RHN that apply to all channel labels

[RHN]

 

# Required options to login to Red Hat Network

rhn_user=USERNAME

rhn_pass=PASSWORD

 

channels: rhel-x86_64-server-5 rhel-x86_64-server-6

 

# HPSA recommendations:

package_path=/RHN/Packages/$channel_name

channel_path=/RHN/Channels/$parent_channel_name/$channel_name Policy

erratum_path=/RHN/Errata/$erratum_type Policies/$erratum_name

errata_path =/RHN/Errata/$parent_channel_name/$channel_name Advisory Roll-Up Policy

 

Provided that this configuration file is available at the default location (/etc/opt/opsware/rhn_import/redhat_import.conf), redhat_import can be run without any command line options to import content for the channels with the following labels as specified by the “channels” option in the above, Sample RHN configuration file.

    rhel-x86_64-server-5
    rhel-x86_64-server-6

Import from RHSM only

In order to import content only from RHSM, the [RHN] section should not be present in the configuration file.

Sample RHSM configuration file

# main section

[main]

 

package_search_path=

    /Package Repository/OS Media/$opsware_platform

    /Package Repository/All Red Hat Linux/$opsware_platform

    /Migrated/Package Repository/Customer Independent/$opsware_platform

 

# RHSM section. Contains options specific to import from CDN that apply to all content labels

[RHSM]

# To sync from Red Hat Network Satellite 6.1 or later:

; satellite_host=HOSTNAME

 

# Specify one or more paths to entitlement certificates. To specify multiple paths,

# place each path on its own line, indenting any additional lines.

certificate_paths=/etc/opt/opsware/rhn_import/8a85f981478d1fa601478e12507f36e8.pem

 

content_labels=rhel-7-server-rpms{7Server-x86_64} rhel-6-server-rpms{6Server-x86_64}

 

# HPSA recommendations:

package_path=/RHSM/Packages/$content_name

content_policy_path=/RHSM/Content/$content_name Policy

erratum_policy_path=/RHSM/Errata/$erratum_type Policies/$erratum_name

errata_policy_path =/RHSM/Errata/$content_name Advisory Roll-Up Policy

Provided that this configuration file is available at the default location, (/etc/opt/opsware/rhn_import/redhat_import.conf), redhat_import can be run without any command line options to import the CDN contents with the following labels:

    rhel-7-server-rpms{7Server-x86_64}
    rhel-6-server-rpms{6Server-x86_64}

RHSM options

This table describes the options presented in the Sample RHSM configuration file:

Option

Description

“satellite_host”

This option defines whether or not to import from Satellite 6. When this option is enabled and a valid hostname is provided, the importer will connect to the Satellite 6 and import from there. If this option is not enabled, then the importer will connect to Red Hat CDN and import content from there.

“certificate_paths”

 

This option defines the path to the entitlement certificate. The certificate must provide entitlement to content you wish to download.

You can download the certificate from the Red Hat Customer Portal after a subscription is attached to a system that is registered with Red Hat Customer Portal.

For more information about the subscription and entitlement certification process, see Entitlement Certificates.

“content_labels”

This option defines the labels of the CDN contents that need to be imported into the SA Library. See Content Labels for more details on the format of the content labels.

 

Import from both RHN and RHSM

In order to import content from both RHN and RHSM, both sections should be present in the configuration file.

Sample RHN and RHSM configuration file

# main section

[main]

 

package_search_path=

    /Package Repository/OS Media/$opsware_platform

    /Package Repository/All Red Hat Linux/$opsware_platform

    /Migrated/Package Repository/Customer Independent/$opsware_platform

 

# RHN section. Contains options specific to import from RHN that apply to all channel labels

[RHN]

rhn_user=USERNAME

rhn_pass=PASSWORD

 

channels: rhel-x86_64-server-6

 

# HPSA recommendations:

package_path=/RHN/Packages/$channel_name

channel_path=/RHN/Channels/$parent_channel_name/$channel_name Policy

erratum_path=/RHN/Errata/$erratum_type Policies/$erratum_name

errata_path =/RHN/Errata/$parent_channel_name/$channel_name Advisory Roll-Up Policy

 

[rhel-x86_64-server-extras-6]

enabled=1

; platform = Red Hat Enterprise Linux Server 6 X86_64

# RHSM section. Contains options specific to import from CDN that apply to all content labels

[RHSM]

# To sync from Red Hat Network Satellite 6.1 or later:

; satellite_host=HOSTNAME

 

# Specify one or more paths to entitlement certificates. To specify multiple paths,

# place each path on its own line, indenting any additional lines.

certificate_paths=/etc/opt/opsware/rhn_import/8a85f981478d1fa601478e12507f36e8.pem

 

content_labels=rhel-7-server-rpms{7Server-x86_64}

 

# HPSA recommendations:

package_path=/RHSM/Packages/$content_name

content_policy_path=/RHSM/Content/$content_name Policy

erratum_policy_path=/RHSM/Errata/$erratum_type Policies/$erratum_name

errata_policy_path =/RHSM/Errata/$content_name Advisory Roll-Up Policy

 

[rhel-7-server-extras-rpms{x86_64}]

enabled=1

platform=Red Hat Enterprise Linux Server 7 X86_64

Provided that this configuration file is available at the default location (/etc/opt/opsware/rhn_import/redhat_import.conf), redhat_import can be run without any command line options to import content for the following RHN channels and RHSM contents:

RHN:

    rhel-x86_64-server-6
    rhel-x86_64-server-extras-6

RHSM:

    rhel-7-server-rpms{7Server-x86_64}
    rhel-7-server-extras-rpms{x86_64}

Some things to note:

  • The RHN channels have a parent-child relationship. In this example “rhel-x86_64-server-extras-6” is a child of “rhel-x86_64-server-6”. By default, child channels are imported under the platform of the parent channel in the SA Library. This is why the “platform” option is commented out under “rhel-x86_64-server-extras-6” section and the import still works fine.
  • The CDN contents do not have any parent-child relationship. As a result of this any content that is not mapped by default to one of the SA-supported platforms needs to have its own content section and define the “platform” option. This is the case for “rhel-7-server-extras-rpms{x86_64}” above. Failure to define the “platform” option for such contents will result in the content label being ignored during import with a warning message being displayed, similar to the following:

Unable to process content label rhel-7-server-extras-rpms{x86_64}. No platform could be associated with this label. This content label will be dropped. If you need to import this content, add the 'platform' option to the configuration file.

Ignoring unknown content label rhel-7-server-extras-rpms{x86_64}

Performance

Users of redhat_import should notice improved performance when importing from RHSM compared to importing the same content from RHN.

Migration

Users of the old rhn_import binary are encouraged to migrate to the new redhat_import binary. Multiple migration paths are available as described in the following sections.

Continue usage of RHN

Users can migrate from rhn_import to redhat_import and continue to use RHN to import content. In this case the only requirement is to migrate the configuration file from the old format to the new format. For more details on the new configuration file format see New Configuration File.

Once the configuration is migrated to the new format, while preserving the existing SA Library paths, redhat_import will update the existing packages and software policies, making the migration transparent. Moreover, new products that have not been imported in the SA Library can be imported from RHSM while the old products continue to be imported from RHN. For example a user who is already importing RHEL 5 and 6 content from RHN can start importing RHEL 7 content from RHSM while still using RHN for the older RHEL 5 and 6. For a sample configuration that allows import from both RHN and RHSM see Import from both RHN and RHSM.

Partial migration to RHSM

This section only applies to users who are using the SA-recommended library paths. Users using custom SA Library paths should derive their own migration procedure based on the instructions in this section. The SA-recommended library paths are as follows:

RHN

  • package_path=/RHN/Packages/$channel_name
  • channel_path=/RHN/Channels/$parent_channel_name/$channel_name Policy
  • erratum_path=/RHN/Errata/$erratum_type Policies/$erratum_name
  • errata_path =/RHN/Errata/$parent_channel_name/$channel_name Advisory Roll-Up Policy

RHSM

  • package_path=/RHSM/Packages/$content_name
  • content_policy_path=/RHSM/Content/$content_name Policy
  • erratum_policy_path=/RHSM/Errata/$erratum_type Policies/$erratum_name
  • errata_policy_path =/RHSM/Errata/$content_name Advisory Roll-Up Policy

This section describes the scenario where a user is currently using RHN to import some channels and would like to start using RHSM to import a subset of these channels while still using RHN for the other channels.

To achieve partial migration to RHSM, perform the following steps:

  1. Migrate from rhn_import to redhat_import and convert the configuration file to the new format
  1. In the SA Library, move the channel policies of the channels that need to be migrated to the RHSM “content_policy_path” folder (/RHSM/Content). Rename these channel policies to content policies “$content_name Policy”. The value of the “$content_name” variable can be found in the entitlement certificate or by using --show_labels for CDN contents mapped to SA-supported platforms. This ensures that redhat_import will update these content policies instead of creating new ones.
  1. Move the errata policies of the channels that need to be migrated to the RHSM “errata_policy_path” folder (/RHSM/Errata). Rename these errata policies to be compliant with RHSM format “$content_name Advisory Roll-Up Policy.” The value of the “$content_name” variable can be found in the entitlement certificate or by using --show_labels for CDN contents mapped to SA-supported platforms. This ensures that redhat_import will update these errata policies instead of creating new ones.
  1. Move the package folders of the channels that need to be migrated to the RHSM “package_path” folder (/RHSM/Packages). Rename these package folders to be compliant with RHSM format “$content_name”. The value of the “$content_name” variable can be found in the entitlement certificate or by using --show_labels for CDN contents mapped to SA-supported platforms. This ensures that redhat_import will import packages into these folders instead of creating new folders.
  1. Ensure that redhat_import will use the same erratum library path for both RHN and RHSM. An erratum can be available in multiple RHN channels. When using the SA-recommended library paths a single erratum policy is created even for an erratum available in multiple channels and this policy is updated with content from all channels. As not all channels are migrated to RHSM the erratum policies cannot be moved to the RHSM folders. Instead, the RHSM “erratum_policy_path” is updated to point to the path used by RHN (/RHN/Errata/$erratum_type Policies/$erratum_name). The “erratum_policy_path” should be updated as described above only for the contents migrated from RHN, so for each such content a new content section needs to be defined in the configuration file and define the “erratum_policy_path” option as “/RHN/Errata/$erratum_type Policies/$erratum_name”.
  1. Finally, the configuration file should be updated to ensure that the migrated channels are no longer imported from RHN and that the new CDN contents are imported from RHSM (e.g. by updating the “content_labels” option).
Tip: Review your repo.restrict. custom attributes. If any of them refer to package folders that were moved and renamed, you need to edit the attributes to make them refer to the new package folder locations.

Sample scenario: partial migration to RHSM

As an example, consider the case where the following channels are imported from RHN:

    Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)
    Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64)

The SA Library structure concerning RHN and RHSM import would initially look as shown in Example: SA Library structure for RHN and RHSM import—before migration, below

Example: SA Library structure for RHN and RHSM import—before partial migration

- RHN

| - Channels

| |   Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Policy

| |   Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) Policy

| - Errata

| | + Bug Fix Advisory Policies

| | + Product Enhancement Advisory Policies

| | + Security Advisory Policies

| |   Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Advisory Roll-Up Policy

| |   Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) Advisory Roll-Up Policy

| - Packages

| | + Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)

| | + Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64)

- RHSM

| - Content

| - Errata

| - Packages

If “Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64)” needs to be migrated to RHSM while “Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)” continues to be imported from RHN, the partial migration steps would be as follows.

Steps for Sample Scenario—partial migration to RHSM:

  1. Migrate the existing configuration file to the new format required by redhat_import. For details on the new configuration file format see New Configuration File. The precise details on how to migrate the configuration file depend on the actual content of the existing configuration file. However the resulted migrated configuration is expected to allow redhat_import to import the same RHN channels into the SA Library. In other words, running redhat_import with the migrated configuration file should yield the same result as running rhn_import with the old configuration file.
  1. Move “Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) Policy” policy to “/RHSM/Content” folder. Rename the policy to “Red Hat Enterprise Linux 6 Server (RPMs) (6Server-x86_64) Policy”.
  1. Move “Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) Advisory Roll-Up Policy” policy to “/RHSM/Errata” folder. Rename the policy to “Red Hat Enterprise Linux 6 Server (RPMs) (6Server-x86_64) Advisory Roll-Up Policy”.
  1. Move the package folder “Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64)” to “/RHSM/Packages” folder. Rename the package folder to “Red Hat Enterprise Linux 6 Server (RPMs) (6Server-x86_64)”.
  1. Create a new content section in the configuration file: [rhel-6-server-rpms{6Server-x86_64}]. Define the “erratum_policy_path” as follows under the above section: erratum_policy_path=/RHN/Errata/$erratum_type Policies/$erratum_name
  1. Update the configuration file to ensure that RHN channel “rhel-x86_64-server-6” is no longer imported from RHN and the equivalent CDN content “rhel-6-server-rpms{6Server-x86_64}” is imported from RHSM.

After the above steps are completed, the SA Library folders concerning RHN and RHSM import should look as shown in Example: SA Library folders for RHN and RHSM import—after migration, below.

Example: SA Library folders for RHN and RHSM import—after partial migration

- RHN

| - Channels

| |   Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Policy

| - Errata

| | + Bug Fix Advisory Policies

| | + Product Enhancement Advisory Policies

| | + Security Advisory Policies

| |   Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Advisory Roll-Up Policy

| - Packages

| | + Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)

- RHSM

| - Content

| |   Red Hat Enterprise Linux 6 Server (RPMs) (6Server-x86_64) Policy

| - Errata

| |   Red Hat Enterprise Linux 6 Server (RPMs) (6Server-x86_64) Advisory Roll-Up Policy

| - Packages

| | + Red Hat Enterprise Linux 6 Server (RPMs) (6Server-x86_64)

Full migration to RHSM

This section only applies to users who are using the SA-recommended library paths. Users using custom SA Library paths should derive their own migration procedure based on the instructions in this section. Also this section only applies if there are no errata imported from RHSM for any CDN content. If errata are already imported from RHSM under the SA-recommended library path (/RHSM/Errata) and you would like to migrate some or all RHN channels to RHSM please use the instructions in Partial migration to RHSM. This is because moving erratum policies from RHN folder structure to RHSM might conflict with existing erratum policies under the RHSM folder structure.

For a list of SA-recommended library paths see Partial migration to RHSM.

This section describes the scenario where a user is currently using RHN to import some channels and would like to start using RHSM to import all of these channels. Basically, after migration, no channels will be imported from RHN. To migrate only some RHN channels to RHSM see Partial migration to RHSM.

To achieve full migration to RHSM, perform the following steps:

  1. In the SA Library, move the channel policies of the channels that need to be migrated to the RHSM “content_policy_path” folder (/RHSM/Content). Rename these channel policies to content policies “$content_name Policy”. The value of the “$content_name” variable can be found in the entitlement certificate or by using --show_labels for CDN contents mapped to SA-supported platforms. This ensures that redhat_import will update these content policies instead of creating new ones.
  1. Move the errata policies of the channels that need to be migrated to the RHSM “errata_policy_path” folder (/RHSM/Errata). Rename these errata policies to be compliant with RHSM format “$content_name Advisory Roll-Up Policy”. The value of the “$content_name” variable can be found in the entitlement certificate or by using --show_labels for CDN contents mapped to SA-supported platforms. This ensures that redhat_import will update these errata policies instead of creating new ones.
  1. Move the package folders of the channels that need to be migrated to the RHSM “package_path” folder (/RHSM/Packages). Rename these package folders to be compliant with RHSM format “$content_name”. The value of the “$content_name” variable can be found in the entitlement certificate or by using --show_labels for CDN contents mapped to SA-supported platforms. This ensures that redhat_import will import packages into these folders instead of creating new folders.
  1. Move the erratum policies folders (“Bug Fix Advisory Policies”, “Product Enhancement Advisory Policies”, “Security Advisory Policies”) to the RHSM “erratum_policy_path” (/RHSM/Errata).
  1. Migrate from rhn_import to redhat_import and convert the configuration file to the new format. During the migration process ensure that no channels are imported from RHN and that the new CDN contents are imported from RHSM (e.g. by updating the “content_labels” option). The [RHN] section should not be present in the new configuration file.
Tip:  Review your  repo.restrict. custom attributes. If any of them refer to package folders that were moved and renamed, you need to edit the attributes to make them refer to the new package folder locations.

Sample scenario: Full migration to RHSM

As an example, consider the case where the following channels are imported from RHN:

    Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)
    Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64)

The SA Library structure concerning RHN and RHSM import would initially look as shown in Example: SA Library folders for RHN and RHSM import—before full migration, below.

Example: SA Library folders for RHN and RHSM import—before full migration

- RHN

| - Channels

| |   Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Policy

| |   Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) Policy

| - Errata

| | + Bug Fix Advisory Policies

| | + Product Enhancement Advisory Policies

| | + Security Advisory Policies

| |   Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Advisory Roll-Up Policy

| |   Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) Advisory Roll-Up Policy

| - Packages

| | + Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)

| | + Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64)

- RHSM

| - Content

| - Errata

| - Packages

If both  “Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64)” and  “Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)” channels need to be migrated to RHSM, the full migration steps would be as follows..

Steps for Sample Scenario—pull migration to RHSM:

  1. Move the following software policies to “/RHSM/Content” folder:
  • “Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Policy”
  • “Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) Policy”

Rename the policies to:

  • “Red Hat Enterprise Linux 5 Server (RPMs) (5Server-x86_64) Policy”
  • “Red Hat Enterprise Linux 6 Server (RPMs) (6Server-x86_64) Policy”
  1. Move the following software policies to “/RHSM/Errata” folder:
  • “Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Advisory Roll-Up Policy”
  • “Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64) Advisory Roll-Up Policy”

Rename the policies to:

  • “Red Hat Enterprise Linux 5 Server (RPMs) (5Server-x86_64) Advisory Roll-Up Policy”
  • “Red Hat Enterprise Linux 6 Server (RPMs) (6Server-x86_64) Advisory Roll-Up Policy”
  1. Move the following package folders to “/RHSM/Packages” folder:
  • “Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)”
  • “Red Hat Enterprise Linux Server (v. 6 for 64-bit x86_64)”

Rename the folders to:

  • “Red Hat Enterprise Linux 5 Server (RPMs) (5Server-x86_64)”
  • “Red Hat Enterprise Linux 6 Server (RPMs) (6Server-x86_64)”
  1. Move the erratum policies folders (“Bug Fix Advisory Policies”, “Product Enhancement Advisory Policies”, “Security Advisory Policies”) to “/RHSM/Errata”.
  1. Finally migrate the configuration file and ensure that the CDN contents “rhel-5-server-rpms{5Server-x86_64}” and “rhel-6-server-rpms{6Server-x86_64}” are imported from RHSM. There should be no [RHN] section in the new configuration file as no channels are imported from RHN.

After the above steps are completed, the SA Library folders concerning RHN and RHSM import should look as shown in Example: SA Library folders for RHN and RHSM import—after full migration, below.

Example: SA Library folders for RHN and RHSM import—after full migration

- RHN

| - Channels

| - Errata

| - Packages

- RHSM

| - Content

| |   Red Hat Enterprise Linux 5 Server (RPMs) (5Server-x86_64) Policy

| |   Red Hat Enterprise Linux 6 Server (RPMs) (6Server-x86_64) Policy

| - Errata

| | + Bug Fix Advisory Policies

| | + Product Enhancement Advisory Policies

| | + Security Advisory Policies

| |   Red Hat Enterprise Linux 5 Server (RPMs) (5Server-x86_64) Advisory Roll-Up Policy

| |   Red Hat Enterprise Linux 6 Server (RPMs) (6Server-x86_64) Advisory Roll-Up Policy

| - Packages

| | + Red Hat Enterprise Linux 5 Server (RPMs) (5Server-x86_64)

| | + Red Hat Enterprise Linux 6 Server (RPMs) (6Server-x86_64)

Supported RHEL versions

When importing from RHSM, redhat_import supports the RHEL versions that can be managed by Red Hat Subscription Management: 5.7+, 6.1+ and 7+.

When importing from RHN, redhat_import supports the same channels as the old rhn_import binary.

References

https://access.redhat.com/articles/433903

https://access.redhat.com/articles/63269

https://access.redhat.com/articles/790533