Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
Chapter 19. System and Subscription Management
cockpit rebased to version 173
The cockpit packages, which provide the Cockpit browser-based administration console, have been upgraded to version 173. This version provides a number of bug fixes and enhancements. Notable changes include:
- The menu and navigation can now work with mobile browsers.
Cockpitnow supports alternate Kerberos keytabs for Cockpit's web server, which enables configuration of Single Sign-On (SSO).
- Automatic setup of Kerberos keytab for Cockpit web server.
- Automatic configuration of SSO with FreeIPA for
Cockpitrequests FreeIPA SSL certificate for Cockpit's web server.
Cockpitshows available package updates and missing registrations on system front page.
- A Firewall interface has been added.
- The flow control to avoid user interface hangs and unbounded memory usage for big file downloads has been added.
- Terminal issues in Chrome have been fixed.
Cockpitnow properly localizes numbers, times, and dates.
- Subscriptions page hang when accessing as a non-administrator user has been fixed.
Log inis now localized properly.
reposync now by default skips packages whose location falls outside the destination directory
reposynccommand did not sanitize paths to packages specified in a remote repository, which was insecure. A security fix for CVE-2018-10897 has changed the default behavior of
reposyncto not store any packages outside the specified destination directory. To restore the original insecure behavior, use the new
--allow-path-traversaloption. (BZ#1609302, BZ#1600618)
yum clean all command now prints a disk usage summary
When using the
yum clean allcommand, the following hint was always displayed:
Maybe you want: rm -rf /var/cache/yum
With this update, the hint has been removed, and
yum clean allnow prints a disk usage summary for remaining repositories that were not affected by
yum clean all(BZ#1481220)
yum versionlock plug-in now displays which packages are blocked when running the
yum update command
yum versionlockplug-in, which is used to lock RPM packages, did not display any information about packages excluded from the update. Consequently, users were not warned that such packages will not be updated when running the
yum updatecommand. With this update,
yum versionlockhas been changed. The plug-in now prints a message about how many package updates are being excluded. In addition, the new
statussubcommand has been added to the plug-in. The
yum versionlock statuscommand prints the list of available package updates blocked by the plug-in. (BZ#1497351)
repotrack command now supports the
--repofrompath option, which is already supported by the
repoclosurecommands, has been added to the
repotrackcommand. As a result, non-root users can now add custom repositories to track without escalating their privileges. (BZ#1506205)
Subscription manager now respects
proxy_port settings from
Previously, subscription manager did not respect changes to the default
proxy_portconfiguration from the
/etc/rhsm/rhsm.conffile. Consequently, the default value of 3128 was used even after the user had changed the value of
With this update, the underlying source code has been fixed, and subscription manager now respects changes to the default
proxy_portconfiguration. However, making any change to the
/etc/rhsm/rhsm.confrequires an selinux policy change. To avoid selinux denials when changing the default
proxy_port, run this command for the benefit of the
semanage port -a -t squid_port_t -p tcp <new_proxy_port>
New package: sos-collector
sos-collectoris a utility that gathers
sosreportsfrom multi-node environments.
sos-collectorfacilitates data collection for support cases and it can be run from either a node or from an administrator's local workstation that has network access to the environment. (BZ#1481861)