Automatic updates of RHUI client RPMs in cloud environments

Access to RHEL repositories on pay-as-you-go systems in cloud environments is possible thanks to Red Hat Update Infrastructure (RHUI). One or more client configuration RPMs is preinstalled on these systems, and these RPMs contain repository files and certificates allowing the systems to use RHUI. In addition to being preinstalled, these RPMs are also available in so-called client configuration repositories, which are enabled on cloud virtual machines in addition to RHEL repositories.

Cloud providers can create and publish a newer client configuration RPM version at any time to provide access to a new repository, renew the certificates, or to make any other packaging changes. To ensure that cloud users always have the most up-to-date client configuration RPM version, some cloud providers also include a cron job in the package that updates the RPM regularly. Cloud providers that are known to do this are:

• AWS, file /etc/cron.daily/update-client-config-packages
• Azure, file /etc/cron.daily/rhui-update-client

These cron job files are part of the client configuration RPM on RHEL 7, 8, and 9, and in images for both vanilla RHEL and any other products such as SAP or HA.

Therefore, please keep in mind that this package gets updated even if you did not intend to make any changes to your virtual machine.

Note that in AWS the RPM update is inhibited if the virtual machine is in a GovCloud region.

Warning: Although you can prevent the cron jobs from updating the client configuration RPMs, you may eventually lose access to RHUI if you keep an old version too long. The certificates will expire, or the cloud provider may make changes to RHUI that will be incompatible with the old configuration.