Release Notes
Abstract
Chapter 1. Features
The Red Hat Update Infrastructure 3.0 features include:
- two installation sources (RHUI packages in ISOs as well as in Red Hat CDN repositories) so you can choose how to install Red Hat Update Infrastructure.
- easy installation using Puppet.
- code rebased to Pulp 2.8 to be consistent with the code base in Red Hat Satellite 6.
- faster access to content due to reworked architecture for automated installations.
- default use of Red Hat Gluster Storage as shared storage to speed up content availability at the content delivery server (CDS) and eliminate the need for synchronization.
- high-availability deployment to reduce the error of one CDS not being synchronized with another CDS.
- a load balancer/HAProxy node that is client-facing. (This functionality was integrated previously into the CDS logic.)
- certificates managed by the rhui-installer and rhui-manager commands.
-
updates to
yum.repos.d/*, certificates, and keys to use the new unified URL. - removal of client-side load balancing functionality from rhui-lb.py.
- support for Docker and OSTree (atomic) content.
See Chapter 16, Manage Certificates and Keys in the Red Hat Update Infrastructure System Administrator’s Guide for more details about Docker and OSTree content.
Chapter 2. Reworked architecture
2.2. NFS
With the option to use NFS, you can leverage your existing storage infrastructure to provide the storage for content.
2.3. Red Hat Gluster Storage
Red Hat Gluster Storage (formerly Red Hat Storage Server) provides redundant, scalable storage that can be installed on the same nodes (CDSs) running RHUI. This minimizes the number of nodes required for the deployment and ensures that there is no single point of failure in the deployment.
Red Hat Gluster Storage is an open, software-defined file storage that scales out as much as you need, and you can deploy the same storage on premises or in a public or hybrid cloud. Red Hat Gluster Storage provides new opportunities to unify data storage and infrastructure, increase performance, and improve availability and manageability to meet a broader set of an organization’s storage challenges and needs.
2.4. New installation process
Puppet drives the installation to configure all nodes in a single step. Certificates can be created by the installer. There is an HAProxy option to be able to load balance content requests for RPMs, OSTree content, and containers.
Chapter 3. Updates
Red Hat recommends that you back up your system before you perform any updates. Refer to the backup instructions in the Red Hat Update Infrastructure 3.0 System Administrator’s Guide for details on how to back up your system.
3.1. Update for Red Hat Update Infrastructure 3.0.1
With the release of Red Hat Update Infrastructure3.0.1, partners can install and update Red Hat Update Infrastructure by registering the nodes to the Red Hat Content Delivery Network (CDN) rather than leveraging the ISO for installation. See Chapter 4, Register Red Hat Update Infrastructure and Attach Subscriptions in the Red Hat Update Infrastructure System Administrator’s Guide for information regarding how to install and register the nodes to the CDN leveraging subscription-manager.
3.2. Updates for Red Hat Update Infrastructure 3.0.2
The release of Red Hat Update Infrastructure 3.0.2 resolves multiple bugs in the Red Hat Update Infrastructure Management Tool.
- The message that prints when the RHUI administrator cannot log in to rhui-manager due to a certificate verification issue has been modified to include the case where the server certificate has expired. BZ 1415097
-
The
rhui-manager client labelscommand now prints a sorted list of labels. BZ 1415198 -
Multiple programming bugs in the
rhui-manager statuscommand have been fixed. BZ 1507869 -
Previously, when new errata were released, Pulp failed to create a new version of the file holding errata metadata. Consequently, RHUI clients trying to use this metadata did not see any updates at all. This was especially problematic when a RHUI client used the
--securityoption on the yum command line, in which case yum did not see security errata. With the 3.0.2 update, a backported patch has been added to Pulp to allow it to create new versions of the errata metadata file correctly. As a result, RHUI clients are now able to take advantage of this metadata. BZ 1534882
3.3. Updates for Red Hat Update Infrastructure 3.0.3
3.3.1. Bug fixes
The release of Red Hat Update Infrastructure 3.0.3 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.
Extraneous logging has been removed from the RHUA logs when adding repositories and syncing content.
The GPG key in the Yum repository file in client configuration packages is now configured correctly with the
rhui-manager client rpmcommand.The Apache configuration for package access has been hardened to require the use of the client certificates.
Previously, rhui-installer tried to change the owner of all files in the remote file system mount point to apache. Under certain circumstances, for example, when there was a huge number of files in the mount point or when the connection to the remote host was too slow, this action did not finish within the 5-minute limit imposed by Puppet. Consequently, rhui-installer failed. With this update, only the directory with the mount point itself is given to the apache user. As a result, this action completes quickly
NoteThis change does not affect existing RHUI deployments. However, if you have files on the remote server that you want to attach to a new RHUI environment and their owner is not the apache user, manually change the owner to apache.
The
--certs-update-alloption was not handled correctly in rhui-installer and severely broke the RHUI environment. This option has been fixed.Repositories containing neither RPMs nor OSTree content are no longer listed while adding new repositories in rhui-manager. These repositories (for example, ISO repositories) are not supported in RHUI. Attempts to synchronize them would fail.
3.3.2. Enhancement
The release of Red Hat Update Infrastructure 3.0.3 adds the following enhancement. Users of RHUI are advised to upgrade to these updated packages that add this enhancement.
The RHUA has introduced a new cron job that can detect when a new CDN certificate is generated. The renewed certificate is now copied to all relevant Pulp repositories, replacing the obsolete certificate. This ensures that the RHUA continues to receive content from the CDN.
3.3.3. Complete the update
Before applying this update, make sure all previously released errata relevant to your system have been applied.
The pulp-server package cannot be updated on CDS nodes where the remote share is mounted read-only.
installing package pulp-server-2.8.3.3-4.el7ui.noarch needs 3MB on the /var/lib/rhui/remote_share filesystem
Temporarily remount the remote share read-write before applying this update to work around this issue.
You may see the following messages while applying this update:
warning: file /etc/httpd/conf.d/pulp_content.conf: remove failed: No such file or directory warning: file /etc/httpd/conf.d/pulp.conf: remove failed: No such file or directory
You can safely ignore these warnings as the missing files are no longer part of the pulp-server package.
See How do I apply package updates to my RHEL system? for details on how to apply this update.
Perform the following steps to complete the Red Hat Update Infrastructure 3.0.3 update.
The following services on the RHUA must be restarted:
- httpd
- pulp_celerybeat
- pulp_resource_manager
- pulp_workers
- For the fix for BZ#1483311 to take effect, existing CDS nodes must be re-registered with rhui-manager.
After running
rhui-installer --certs-update-all, it is necessary to log out of rhui-manager and log in again. It is also necessary to re-register CDS nodes, regenerate entitlement certificates and client configuration packages, and update these packages on RHUI clients.NoteYou should not normally have to use the
--certs-update-alloption. It is only needed when your RHUI certificates, which were created during the initial run of rhui-installer, expire, become revoked, and so on. These are not the certificates you get from the CDN.-
To allow RHUI to begin updating Red Hat certificates automatically in the future, run
rhui-manager, entersmto open the Subscription Management screen, and enterrto launch the dialog to register a new Red Hat subscription in RHUI. You must have subscribed your RHUA node with Red Hat CDN for this feature to work, as described in Chapter 4. Register Red Hat Update Infrastructure and Attach Subscriptions in the System Administrator’s Guide. Complete the process as instructed in the rhui-manager user interface. -
It is also necessary to provide the RHUI administration password to the script that checks Red Hat certificates. To do so, either edit the
/etc/rhui/rhui-subscription-sync.conffile by hand, or runrhui-manager, enteruto open the User Management screen, and enterpto launch the dialog to set the password.Then enter your RHUI user name and password to complete the process.
3.4. Updates for Red Hat Update Infrastructure 3.0.4
3.4.1. Bug fixes
The release of Red Hat Update Infrastructure 3.0.4 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.
- Disable subscription-manager after the client config rpm is installed: BZ#1415681
-
Remove extraneous output when
rhui-manager subscriptions list --available --pool-onlyprints: BZ#1577052
3.4.2. Enhancements
The release of Red Hat Update Infrastructure 3.0.4 adds the following enhancements. RHUI users are advised to upgrade to these updated packages that add this enhancement.
-
Include
/var/log/rhui-subscription-sync.login sosreports: BZ#1578678 - Provide easier debugging of invalid entitlement certificates: BZ#1584527
-
Update
rhui-debug.pyto collect information for RHUI 3+ : BZ#1591027 -
Simplify setting
$releaseverfor clients: BZ#1504229 - Improve how rhui-manager certification upload (CLI) handles an expired certificate: BZ#1519862
3.5. Updates for Red Hat Update Infrastructure 3.0.5
3.5.1. Bug fixes
The release of Red Hat Update Infrastructure 3.0.5 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.
- The fabric package needs PyCrypto libraries but did not require python-crypto. It required python-paramiko, which used to require python-crypto, so the dependency was satisfied. A newer version of python-paramiko will be in RHEL 7.6, but it will not require python-crypto. The fabric package has been rebuilt to require python-crypto explicitly so it can continue to work on RHUI 3.x running on RHEL 7.6. BZ#1615907
-
Docker originally had registry settings in the
/etc/sysconfig/dockerfile. The Docker configuration package created by rhui-manager modified this file to make Docker communicate with RHUI instead of the Red Hat registry. These settings have recently been moved to/etc/containers/registries.conf. This update allows rhui-manager to modify the new configuration file if it exists. If your clients use a configuration package created in an earlier RHUI version, you must recreate the package and update it on the clients. BZ#1599295 - RHEL 7.6 will contain changes in SELinux that affect the ability of Pulp to synchronize content. New SELinux rules reflecting these changes have been added in advance to allow Pulp to work correctly after RHEL 7.6 is released. BZ#1608166
3.5.2. Enhancements
The release of Red Hat Update Infrastructure 3.0.5 adds the following enhancements. RHUI users are advised to upgrade to these updated packages that add this enhancement.
-
A new script,
rhui-services-restart, is now available on RHUA and CDS nodes. Use this script to conveniently restart all the services that comprise RHUI. BZ#1539105 - RHUI has switched from the insecure Secure Hash Algorithm 1 (SHA-1) to SHA-256 in its internal certificates. This change only affects new RHUI deployments. BZ#1411451
- Pulp is now configured to remove copies of packages that get removed from the Red Hat CDN. This frees up disk space used by such unwanted packages. This change only affects new RHUI deployments. BZ#1489113
-
The
rhui-manager repo listcommand now prints repository lists in alphabetical order. BZ#1601478 -
The RHUI debug script, used by the sosreport utility, has been enhanced to collect the output from the
rhui-manager statuscommand. BZ#1176477 - The RHUI debug script has been made available on CDS nodes, which allows Red Hat Support to collect CDS-specific configuration and log files. However, it is necessary to have an updated version of the sos package for this enhancement to take effect. RHEL 6.10.z already contains an updated sos package, but RHEL 7 will not have this update until 7.6 is released. BZ#1596296
- Previously, when rhui-manager created a client configuration package, it only printed the build root directory. A RHUI administrator who wanted to copy the package had to find it deep in the directory structure under the build root. With this update, rhui-manager prints the full path to the configuration package that it has built. BZ#1599635
Chapter 4. Known issues
The known issues for Red Hat Update Infrastructure 3.0 includes the following subjects.
When a user tries to list packages in repositories with a large amount of packages, rhui-manager reports an error:
An unexpected error has occurred during the last operation. More information can be found in /root/.rhui/rhui.log.
An example of a repository with a large amount of packages is
Red Hat Enterprise Linux 7 Server from RHUI (RPMs) (7Server-x86_64). See BZ 1399605 for more details.- A repository may not finish synchronizing if the Red Hat Update Appliance (RHUA) reboots while the task is running. If it becomes necessary to synchronize the repository manually, you should first check the task list in Pulp. Something internal in Pulp must have gone wrong, and you will need to cancel that task if it appears to be stuck in the Running state while nothing is actually being transferred. You can try synchronizing the affected repository in rhui-manager again. If the re-synchronization does not resolve the problem, you may have to cancel the new synchronization task, remove the broken repository, and add and synchronize the repository once more. See Check Repository Synchronization in the Red Hat Update Infrastructure System Administrator’s Guide for more details.
When attempting to upload
redhat-logos-4.9.16-1.noarch.rpmto a custom repository, the upload fails with the following error:An unexpected error has occurred during the last operation. More information can be found in /root/.rhui/rhui.log.
See BZ 1198817 for more details.
- The user will not see an error message when the command-line interface (CLI) is used with invalid host names. See BZ 1409697 for more details.
-
It is impossible to pull the OSTree repository on an Atomic Host immediately after it synchronizes for the first time. The synchronization must run at least twice; even then, the content is not available until Pulp publishes the files in the Apache directories, which takes several more minutes. Use the rhui-manager utility to forcibly run the synchronization for the second time or wait for the next synchronization, which occurs 4 hours after the first one. You can use the
pulp-admin tasks listcommand on the RHUA node to check if a Pulp task is running and thepulp-admin tasks details --task-id IDcommand to check the progress of a running Pulp synchronization or publish task. See BZ 1427190 for more details.
Appendix A. Red Hat Update Infrastructure Release Notes Document Revision History
| Version | Date | Change | Author |
|---|---|---|---|
| Beta | 10/13/2016 | First beta release | Les Williams |
| Beta | 12/21/2016 | Second beta release | Les Williams |
| 3.0 | 03/02/2017 | General Availability | Les Williams |
| 3.0.1 | 12/08/2017 | Added text that the packages that comprise RHUI are available in ISOs as well as in Red Hat CDN repositories | Les Williams |
| 3.0.2 | 2/28/2018 | Revised to address BZ 1415097, BZ 1415198, BZ 1507869, and BZ 1534882 | Les Williams |
| 3.0.3 | 05/16/2018 | Revised to address the following bugs (BZ#1506872, BZ#1506875, BZ#1450430, BZ#1428756, BZ#1483311, BZ#1488613, BZ#1538430, BZ#1485725, and BZ#1199426) and enhancements (BZ#1510136, BZ#1563113, and BZ#1443286). | Les Williams |
| 3.0.4 | 07/10/2018 | Revised to address the following bugs (BZ#1415681 , BZ#1504229, BZ#1519862, BZ#1577052, BZ#1578678, BZ#1584527, and BZ#1591027 | Les Williams |
| 3.0.4 | 08/02/2018 | Revised Known Issue #5 to provide more context about synchronizing ostree content | Les Williams |
| 3.0.4 | 08/24/2018 | Added a note about backing up the system before performing any updates | Les Williams |
| 3.0.5 | 09/05/2018 | Revised to address the following bugs (BZ#1615907, BZ#1599295, and BZ#1608166) and enhancements (BZ#1539105, BZ#1411451, BZ#1489113, BZ#1601478, BZ#1176477, BZ#1596296, and BZ#1599635) | Les Williams |