Red Hat Satellite 5.7 released

This week Red Hat Satellite 5.7 was released. With the ninth update of the 5.x tree many improvements from the Spacewalk development were applied.

New web interface



The most eye-catching change is the web interface. While this hasn’t changed a lot in the last 10 years the most recents developments from Spacewalk 2.1 to 2.3 were applied. In March last year Spacewalk already included a first approach of a new web interface combining modern technologies like HTML5, Bootstrap and jQuery. The current interface from Spacewalk 2.3 nightly looks even tidier and intuitive – it is has been adapted for Red Hat Satellite 5.7.

The interface is “responsive” and can also be used comfortably on devices with lower display resolutions. Especially on smartphones and tablets this is quite nice. The contemporary design is really beautiful. I was really excited when I heard that also SUSE was working on implementing the new web interface in SUSE Manager.

Action chaining



Action chaining is used for grouping interdependent maintenance tasks logically. With this a feature from Spacewalk 2.2 is adopted. Let me explain the additional benefit with a practical example:

Let’s say you want to install updates on a system which mounted the /usr partition in read-only mode. Installing the patches fails while data cannot be written on the partition. Paranoid eh security-aware administrators are implementing this protection to complicate installing software once the system was collapsed by attackers.

Before installing packages a remote command can be scheduled by Spacewalk – for example to disable the write protection. But what happens after installing the packages? Nothing. Using the web interface the administrator can choose between two approaches:

  1. Executing a remote command to revoke the write protection, updating the packages and executing another remote command enabling the write protection again. But this are three particular steps that require much time.
  2. Executing a remote command including all three steps (mount -o remount,rw /usr ; yum update -y ; mount -o remount,rw /usr). Unfortunately the comfortable possibility to comfortable select packages using the web interface is doomed.

Action chaining fits well for use-cases like this – you can combine interdependent tasks and run them bundled. Once one of the subtasks fails the complete task is failed. The example mentioned above could be implemented like this:

  1. Execute a remote command: mount -o remount,rw /usr
  2. Install/update packages
  3. Execute a remote command: mount -o remount,ro /usr

All maintenance tasks that can be executed using the interface can be assigned to a action chain. In the menu “Schedule” you can arrange ths particular steps comfortably using Drap & Drop. I’m missing the possibility to save recurring tasks as a template. Using this it would be needless to create recurring tasks as an action chain during maintenance.

Read-only users and new API calls

With the Spacewalk-API there are many possibilities to automate processes. For communication with the Spacewalk server a user with adequate permissions is needed. A new possibility is to create users that cannot use the web interface and only execute read-only API calls. This is great for third-party scripts that don’t need write access on the Spacewalk server (e.g. for scripts generating statistics).

During the implementation of new features appropriate API calls were added. Some included classes and calls:

  • (immediate repostiroy synchronisation, previously additional manual tasks were required to do this)
  • actionchain.*
  • system.provisioning.snapshot.*
  • user.external.*
  • user.setReadOnly

The full API documentation can be found on the Red Hat portal: [click me!]


With Red Hat Satellite 5.7 the tool spacecmd is part of the software set for the first time. Previously this tool needed to be installed from the Spacewalk  or EPEL repository – using the utility was not covered by the Red Hat support. Using this program all maintenance tasks can be controlled and executed from the command line. Experienced administrators are able to save clicking and automate processes – some examples:

Installing an erratum on all affected systems:

$ spacecmd -y errata_apply CESA-2015:0016
Scheduled 5 system(s)

Listing all repositories:

$ spacecmd repo_list

Listing all systems with pending patches (interactive session):

$ spacecmd
Welcome to spacecmd, a command-line interface to Spacewalk.
INFO: Spacewalk Username: admin
Spacewalk Password:

spacecmd {SSM:0}> report_outofdatesystems
System                       Packages
---------------------------  --------
dc.localdomain.loc                  8
devel.localdomain.loc              12

All available functions can be listed using the integrated help:

$ spacecmd help

Additional improvements

Some of the further improvements:

  • Using IPMI physical hosts can be turned on or off. In combination with Cobbler Provisioning can be implemented more easy.
  • Red Hat Satellite Proxy is now able to pre-download content (Proxy Precaching)
  • Connecting to a identity systemy (e.g. FreeIPA) using spacewalk-setup-ipa-authentication
  • FIPS 140-2 certification – SHA-256 instead of MD5 hashses are now possible. Certificates and passwords need to be re-generated on pre-existing installation to follow the standard.
  • External databases can now be connected using SSL
  • Appropriate client applications are now available for IBM Power Little Endian
  • Numerous bugs like the faulty jabberd init-script are fixed

The full changelog is available on the Red Hat portal.


Some screenshots form the recent product version:


With the program version 5.7 Red Hat implemented a lot of features I already felt in love with on Spacewalk. Especially the new web interface and action chaining are two valuable features. I had not expected that Red Hat implements the interface that is currently developed in Spacewalk 2.3. In comparsion with the web interface in Spacewalk 2.1 the new implementation is more useful on smartphones and tablets.

Sharing is caring

Leave a Reply