Chapter 17. System and Subscription Management

cockpit rebased to version 154

The cockpit packages, which provide the Cockpit browser-based administration console, have been upgraded to version 154. This version provides a number of bug fixes and enhancements. Notable changes include:
  • The Accounts page now enables the configuration of account locking and password expiry.
  • Load graphs consistently ignore loopback traffic on all networks.
  • Cockpit provides information about unmet conditions for systemd services.
  • Newly created timers on the Services page are now started and enabled automatically.
  • It is possible to dynamically resize the terminal window to use all available space.
  • Various navigation and JavaScript errors with Internet Explorer have been fixed.
  • Cockpit uses Self-Signed Certificate Generator (SSCG) to generate SSL certificates, if available.
  • Loading SSH keys from arbitrary paths is now supported.
  • Absent or invalid /etc/os-release files are now handled gracefully.
  • Unprivileged users now cannot use the shutdown/reboot button on the System page.
Note that certain cockpit packages are available in the Red Hat Enterprise Linux 7 Extras channel; see https://access.redhat.com/support/policy/updates/extras. (BZ#1470780, BZ#1425887, BZ#1493756)

Users of yum-utils now can perform actions prior to transactions

A new yum-plugin-pre-transaction-actions plug-in has been added to the yum-utils collection. It allows users to perform actions before a transaction starts. The usage and configuration of the plug-in are almost identical to the existing yum-plugin-post-transaction-actions plug-in. (BZ#1470647)

yum can disable creation of per-user cache as a non-root user

New usercache option has been added to the yum.conf(5) configuration file of the yum utility. It allows the users to disable the creation of per-user cache when yum runs as a non-root user. The reason for this change is that in some cases users do not want to create and populate per-user cache, for example in cases where the space in the $TMPDIR directory is consumed by the user cache data. (BZ#1432319)

yum-builddep now allows to define RPM macros

The yum-builddep utility has been enhanced to allow you to define RPM macros for a .spec file parsing. This change has been made because, in some cases, RPM macros need to be defined in order for yum-builddep to successfully parse a .spec file. Similarly to the rpm utility, the yum-builddep tool now allows you to specify RPM macros with the --define option. (BZ#1437636)

subscription-manager now displays the host name upon registration

Until now, the user needed to search for the effective host name for a given system, which is determined by different Satellite settings. With this update, the subscription-manager utility displays the host name upon the registration of the system. (BZ#1463325)

A subscription-manager plugin now runs with yum-config-manager

With this update, the subscription-manager plugin runs with the yum-config-manager utility. The yum-config-manager operations now trigger redhat.repo generation, allowing Red Hat Enterprise Linux containers to enable or disable repositories without first running yum commands. (BZ#1329349)

subscription-manager now protects all product certificates in /etc/pki/product-default/

Previously, the subscription-manager utility only protected those product certificates provided by the redhat-release package whose tag matched rhel-#. Consequently, product certificates such as RHEL-ALT or High Touch Beta were sometimes removed from the /etc/pki/product-default/ directory by the product-id yum plugin. With this update, subscription-manager has been modified to protect all certificates in /etc/pki/product-default/ against automatic removal. (BZ#1526622)

rhn-migrate-classic-to-rhsm now automatically enables the subscription-manager and product-id yum plugins

With this update, the rhn-migrate-classic-to-rhsm utility automatically enables the yum plugins: subscription-manager and product-id. With this update, the subscription-manager utility automatically enables the yum plugins: subscription-manager and product-id. This update benefits users of Red Hat Enterprise Linux who previously used the rhn-client-tools utility to register their systems to Red Hat Network Classic or who still use it with Satellite 5 entitlement servers, and who have temporarily disabled the yum plugins. As a result, rhn-migrate-classic-to-rhsm allows an easy transition to using the newer subscription-manager tools for entitlements. Note that running rhn-migrate-classic-to-rhsm displays a warning message indicating how to change this default behavior if it is not desirable. (BZ#1466453)

subscription-manager now automatically enables the subscription-manager and product-id yum plugins

With this update, the subscription-manager utility automatically enables the yum plugins: subscription-manager and product-id. This update benefits users of Red Hat Enterprise Linux who previously used the rhn-client-tools utility to register their systems to Red Hat Network Classic or who still use it with Satellite 5 entitlement servers, and who have temporarily disabled the yum plugins. As a result, it is easier for users to start using the newer subscription-manager tools for entitlements. Note that running subscription-manager displays a warning message indicating how to change this default behavior if it is not desirable. (BZ#1319927)

subscription-manager-cockpit replaces subscription functionality in cockpit-system

This update introduces a new subscription-manager-cockpit RPM. The new subscription-manager-cockpit RPM provides a new dbus-based implementation and a few fixes to the same subscriptions functionality provided by cockpit-system. If both RPMs are installed, the implementation from subscription-manager-cockpit is used. (BZ#1499977)

virt-who logs where the host-guest mapping is sent

The virt-who utility now uses the rhsm.log file to log the owner or account to which the host-guest mapping is sent. This helps proper configuration of virt-who. (BZ#1408556)

virt-who now provides configuration error information

The virt-who utility now checks for common virt-who configuration errors and outputs log messages that specify the configuration items that caused these errors. As a result, it is easier for a user to correct virt-who configuration errors. (BZ#1436617)

reposync now by default skips packages whose location falls outside the destination directory

Previously, the reposync command did not sanitize paths to packages specified in a remote repository, which was insecure. A security fix for CVE-2018-10897 has changed the default behavior of reposync to not store any packages outside the specified destination directory. To restore the original insecure behavior, use the new --allow-path-traversal option. (BZ#1609302)