Applied Errata in Content Host

Hello all,

Working in a customer scenario, I got a situation where they were looking for a report of applied errata. As we know, Foreman/Satellite will be aware of the errata only if the same was pushed by them, via rex or katello agent. Also, when cleaning up all the tasks, this information will vanish.

That said, let me present one workaround that could bring back the complete list of already applied errata in a content host, independent if that was pushed via foreman/satellite or not.

In order to start, let’s cleanup all the tasks related to yum updateinfo list installed

# foreman-rake foreman_tasks:cleanup:run TASK_SEARCH='action ~ Remote action: Run yum updateinfo list installed and result = success' AFTER=0s --trace

In a sequence, you can create a new Job that will execute the command below in all of your Content Hosts. Basically, it will be:

  • Satellite webUI - Monitor - Jobs
  • Click on Run Job button, top right corner
  • Create the filter that you need in Search Query field, click on refresh icon to refresh the information
  • Add the text yum updateinfo list installed in the command text field
  • Click on Submit

After that, you can save the script with the command

# wget
# chmod +x

Once your job is finished, you can safely execute the script above, and the output will be saved in /var/log/erratum_report.csv in CSV format.

# ./ 
File /var/log/erratum_report.csv created!

# head -n5 /var/log/erratum_report.csv 

After that, you can import the CSV file in your spreadsheet and work with your data.


Here, we can see some additional information.

Let’s check this scenario

node02 with 1377 erratum

[root@waldirio-node02-sat612 ~]# yum updateinfo list installed | grep ^RH | wc -l

node03 with 2306 erratum

[root@waldirio-node03-sat612 ~]# yum updateinfo list installed | grep ^RH | wc -l

Now, summarizing both, we can see

# echo 1377+2308 | bc

After running the remote job and executing the script on Satellite server, we have the output below:

# ./ 
File /var/log/erratum_report.csv created!

# wc -l /var/log/erratum_report.csv 
3684 /var/log/erratum_report.csv

Note. There is a difference of 1, it’s because of the header.

Note2. To check all the content hosts were the job failed, you can proceed with the below command

# hammer --csv task list --search 'action ~ Remote action: Run yum updateinfo list installed and result != success'

The workaround above it’s super valid and very helpful, but what do you guys think of keeping this information in the DB, as we do with facts? Currently, once we install/remove a package, part of the plugin will push the updated information to foreman/satellite. The same could also push the errata information. In this way, foreman/satellite will be 100% aware of all the applied errata in that specific content host with no necessity for additional job and/or execution.

Keep in mind that we have already the applied errata report template which will benefit from this implementation and the report always will be accurate with no necessity for additional steps.

Please, feel free to share your feedback.

Thank you in advance.