<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"> <html><body style='font-family: Verdana,Geneva,sans-serif'> I retired a bit more than a year ago, so I don't have scripting details to share, but here's a conceptual outline of how we did it. Had the same situation when we first deployed spacewalk/Satellite. We (okay, I) created RHSA-test and RHSA-prod patch channels for each base OS. Scripted forced registration to one or the other based on group membership, defaulted to prod group if no existing membership. On monthly day 1 at 00:01am, cron script ran to clone RHSA updates into the patch panels. There were procedures for using set management functions to schedule test patching and production patching per overall security policy and scripts to report unpatched systems at appropriate intervals. If "real time" software (i.e. from latest) installation/update became necessary for a system or group of systems, they could be resubscribed to the "real" channel and the install done, with blacklisting of *release packages as necessary to maintain base OS point. Robots checked whether a system had been left in such a subscription state for more than 24 hours, and forced them back to their patch channels. This was all in a medium scale (<10000 clients) environment, and the policy stances were driven by service level agreement with the prime customer and by their security policy. <div> </div> On 2017-01-12 15:36, Shaw, Michael wrote: <blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px"> <div class="WordSection1"> Hello,  I walked into an environment that had no frozen channels and monthly patching happened by whatever was available in the channel at the time, i.e. if there was a kernel upgrade then the kernel upgraded. This has ended up causing issues.  I have since then locked all of the hosts and created base OS channels, i.e. RHEL5.11, RHEL6.8, RHEL7.1, RHEL7.2, etc. I have also started creating a monthly patch channels but how can I merge the channels?  I need to keep the hosts at certain release level, i.e. RHEL7.2, but still apply monthly patches. It doesn’t seem like there is a straight forward way to do this?   Regards,  Mike --- Mike Shaw – Linux Systems Administrator ITS - Production Operations – PaaS Phone-919.541.6003 Skype-live:mdshaw89 RTI International <a href="mailto:mshaw@rti.org">mshaw@rti.org</a>  </div>  <pre>_______________________________________________ Spacewalk-list mailing list <a href="mailto:Spacewalk-list@redhat.com">Spacewalk-list@redhat.com</a> <a href="https://www.redhat.com/mailman/listinfo/spacewalk-list">https://www.redhat.com/mailman/listinfo/spacewalk-list</a> </pre> </blockquote> </body></html>