Problem:
Hello I have a brand new foreman-katello server and started creating some content, adding repos, etc. For some reason after successful sync, I don’t see any errata listed? Is there something extra I have to do to pull in errata? See screen shot.
Last time I checked CentOS didn’t publish erratas in their repos, that’s why you don’t see them. There are ways[1] how to get them from other source and “sideload” them into katello. Quick search found some tools to do that[2,3].
Thanks. I’ve been in mainly Red Hat environments and some CentOS but was never responsible for patch management of them, did not know they did not publish errata.
While this looks nice it seems like it is limited to a 30 day free trial and I can not find much about the solution so why should I trust it? Not trying to be harsh, just want you to give us more details.
CentOS Errata is available using free license
There is 300 API calls included, so using basic cache (or config repo cache to update daily) at the client infrastructure is more than enough to get daily errata updates.
Vulners Errata itself updates every 2 hours.
hi !
So I tried it, It fails to mention that the repository only contains Errata and no packages (which is fine by me, but took me a few minutes to understand why I didn’t see any packages) but it looks neat
There is not a lot of mention of this feature on your website, is it free for commercial (as opposed to personnal ) use as well ?
Yep, we found that there is no need to hold packages repo at our side (lot of traffic + maintenance).
The solution was to generate only applicability criteria and links to the advisories/cve at errata.
So Vulners Errata user will install packages with the updates from the OS repos.
It’s kind a fresh release, mostly for sec2sec usage, not a commercial one.
Yep, it’s free for commercial and personal usage under “free” license (300 API calls limit per month).
I am waiting for a solution for Katello with pulp 3 since the beginning of our deployment. Many threads have been created, a lot of replies have been posted, but so far I cannot see any solution.
Just a few examples.
As of today Errata are an important (and apparently the only) element in Katello to tell us, if a content view needs to be republished. There is no package diff, no change log, no sync log which will tell you if new packages have arrived, other than Errata (please correct me if I am wrong, as this is one of the major showstoppers for Foreman/Katello for us).
Seeing that there is a new approach, how can this be integrated into Katello, so that the existing repositories are augmented with Errata?
I’ve been struggling with this as well. I have a feeling that I’m going to end up mirroring the CentOS repositories locally, and I’ve found a script that generates the updateinfo.xml file. Those locations will become the URL target for Katello repositories for my implementations.
From what I can see there is no progress with this in katello 4 either. To be fair part of the problem is Centos not publishing Errata in the firstplace thus requiring third party intervention. I can understand the Katello team don’t want to maintain the list of errata but there is a very cumbersome manual process which could be automated here.
@loitho Is it worth investing effort in CentOS 8 anymore? Someone correct me if I’m wrong but I believe Oracle are publishing errata for Oracle Linux 8 so that may be a better option.
CentOS project was not publishing errata info since version 6.0 if I am not mistaken. There is a reason for that - amount of repoclosure checks was too high and too time consuming and CentOS people decided not to publish it rather than providing incorrect (incomplete) data. Other projects might either solve the resource problems or ignore this completely.
