Release Notes

Red Hat Update Infrastructure 3.0

Red Hat Customer Content Services

Abstract

The Release Notes provide high-level coverage of the features and functionality that comprise Red Hat Update Infrastructure 3.0.

Chapter 1. Features

The Red Hat Update Infrastructure 3.0 features include:

  • two installation sources (RHUI packages in ISOs as well as in Red Hat CDN repositories) so you can choose how to install Red Hat Update Infrastructure.
  • easy installation using Puppet.
  • code rebased to Pulp 2.8 to be consistent with the code base in Red Hat Satellite 6.
  • faster access to content due to reworked architecture for automated installations.
  • default use of Red Hat Gluster Storage as shared storage to speed up content availability at the content delivery server (CDS) and eliminate the need for synchronization.
  • high-availability deployment to reduce the error of one CDS not being synchronized with another CDS.
  • a load balancer/HAProxy node that is client-facing. (This functionality was integrated previously into the CDS logic.)
  • certificates managed by the rhui-installer and rhui-manager commands.
  • updates to yum.repos.d/*, certificates, and keys to use the new unified URL.
  • removal of client-side load balancing functionality from rhui-lb.py.
  • support for Docker and OSTree (atomic) content.

See Chapter 16, Manage Certificates and Keys in the Red Hat Update Infrastructure System Administrator’s Guide for more details about Docker and OSTree content.

Chapter 2. Reworked architecture

2.1. Shared storage support

Red Hat Update Infrastructure 3.0 offers support for a shared storage volume for quicker availability of content to the clients. Red Hat Update Appliance and the CDSs are able to leverage the same storage location, which reduces synchronization times between the Red Hat Update Appliance and the CDSs.

2.2. NFS

With the option to use NFS, you can leverage your existing storage infrastructure to provide the storage for content.

2.3. Red Hat Gluster Storage

Red Hat Gluster Storage (formerly Red Hat Storage Server) provides redundant, scalable storage that can be installed on the same nodes (CDSs) running RHUI. This minimizes the number of nodes required for the deployment and ensures that there is no single point of failure in the deployment.

Red Hat Gluster Storage is an open, software-defined file storage that scales out as much as you need, and you can deploy the same storage on premises or in a public or hybrid cloud. Red Hat Gluster Storage provides new opportunities to unify data storage and infrastructure, increase performance, and improve availability and manageability to meet a broader set of an organization’s storage challenges and needs.

2.4. New installation process

Puppet drives the installation to configure all nodes in a single step. Certificates can be created by the installer. There is an HAProxy option to be able to load balance content requests for RPMs, OSTree content, and containers.

Report a bug

Chapter 3. Updates

Note

Red Hat recommends that you back up your system before you perform any updates. Refer to the backup instructions in the Red Hat Update Infrastructure 3.0 System Administrator’s Guide for details on how to back up your system.

3.1. Update for Red Hat Update Infrastructure 3.0.1

With the release of Red Hat Update Infrastructure3.0.1, partners can install and update Red Hat Update Infrastructure by registering the nodes to the Red Hat Content Delivery Network (CDN) rather than leveraging the ISO for installation. See Chapter 4, Register Red Hat Update Infrastructure and Attach Subscriptions in the Red Hat Update Infrastructure System Administrator’s Guide for information regarding how to install and register the nodes to the CDN leveraging subscription-manager.

3.2. Updates for Red Hat Update Infrastructure 3.0.2

The release of Red Hat Update Infrastructure 3.0.2 resolves multiple bugs in the Red Hat Update Infrastructure Management Tool.

  • The message that prints when the RHUI administrator cannot log in to rhui-manager due to a certificate verification issue has been modified to include the case where the server certificate has expired. BZ 1415097
  • The rhui-manager client labels command now prints a sorted list of labels. BZ 1415198
  • Multiple programming bugs in the rhui-manager status command have been fixed. BZ 1507869
  • Previously, when new errata were released, Pulp failed to create a new version of the file holding errata metadata. Consequently, RHUI clients trying to use this metadata did not see any updates at all. This was especially problematic when a RHUI client used the --security option on the yum command line, in which case yum did not see security errata. With the 3.0.2 update, a backported patch has been added to Pulp to allow it to create new versions of the errata metadata file correctly. As a result, RHUI clients are now able to take advantage of this metadata. BZ 1534882

3.3. Updates for Red Hat Update Infrastructure 3.0.3

3.3.1. Bug fixes

The release of Red Hat Update Infrastructure 3.0.3 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.

  • Extraneous logging has been removed from the RHUA logs when adding repositories and syncing content.

  • The GPG key in the Yum repository file in client configuration packages is now configured correctly with the rhui-manager client rpm command.

  • The Apache configuration for package access has been hardened to require the use of the client certificates.

  • Previously, rhui-installer tried to change the owner of all files in the remote file system mount point to apache. Under certain circumstances, for example, when there was a huge number of files in the mount point or when the connection to the remote host was too slow, this action did not finish within the 5-minute limit imposed by Puppet. Consequently, rhui-installer failed. With this update, only the directory with the mount point itself is given to the apache user. As a result, this action completes quickly

    Note

    This change does not affect existing RHUI deployments. However, if you have files on the remote server that you want to attach to a new RHUI environment and their owner is not the apache user, manually change the owner to apache.

  • The --certs-update-all option was not handled correctly in rhui-installer and severely broke the RHUI environment. This option has been fixed.

  • Repositories containing neither RPMs nor OSTree content are no longer listed while adding new repositories in rhui-manager. These repositories (for example, ISO repositories) are not supported in RHUI. Attempts to synchronize them would fail.

3.3.2. Enhancement

The release of Red Hat Update Infrastructure 3.0.3 adds the following enhancement. Users of RHUI are advised to upgrade to these updated packages that add this enhancement.

  • The RHUA has introduced a new cron job that can detect when a new CDN certificate is generated. The renewed certificate is now copied to all relevant Pulp repositories, replacing the obsolete certificate. This ensures that the RHUA continues to receive content from the CDN.

3.3.3. Complete the update

Before applying this update, make sure all previously released errata relevant to your system have been applied.

The pulp-server package cannot be updated on CDS nodes where the remote share is mounted read-only.

installing package pulp-server-2.8.3.3-4.el7ui.noarch needs 3MB on the /var/lib/rhui/remote_share filesystem

Temporarily remount the remote share read-write before applying this update to work around this issue.

You may see the following messages while applying this update:

warning: file /etc/httpd/conf.d/pulp_content.conf: remove failed: No such file or directory

warning: file /etc/httpd/conf.d/pulp.conf: remove failed: No such file or directory

You can safely ignore these warnings as the missing files are no longer part of the pulp-server package.

See How do I apply package updates to my RHEL system? for details on how to apply this update.

Perform the following steps to complete the Red Hat Update Infrastructure 3.0.3 update.

  1. The following services on the RHUA must be restarted:

    • httpd
    • pulp_celerybeat
    • pulp_resource_manager
    • pulp_workers
  2. For the fix for BZ#1483311 to take effect, existing CDS nodes must be re-registered with rhui-manager.
  3. After running rhui-installer --certs-update-all, it is necessary to log out of rhui-manager and log in again. It is also necessary to re-register CDS nodes, regenerate entitlement certificates and client configuration packages, and update these packages on RHUI clients.

    Note

    You should not normally have to use the --certs-update-all option. It is only needed when your RHUI certificates, which were created during the initial run of rhui-installer, expire, become revoked, and so on. These are not the certificates you get from the CDN.

  4. To allow RHUI to begin updating Red Hat certificates automatically in the future, run rhui-manager, enter sm to open the Subscription Management screen, and enter r to launch the dialog to register a new Red Hat subscription in RHUI. You must have subscribed your RHUA node with Red Hat CDN for this feature to work, as described in Chapter 4. Register Red Hat Update Infrastructure and Attach Subscriptions in the System Administrator’s Guide. Complete the process as instructed in the rhui-manager user interface.
  5. It is also necessary to provide the RHUI administration password to the script that checks Red Hat certificates. To do so, either edit the /etc/rhui/rhui-subscription-sync.conf file by hand, or run rhui-manager, enter u to open the User Management screen, and enter p to launch the dialog to set the password.Then enter your RHUI user name and password to complete the process.

3.4. Updates for Red Hat Update Infrastructure 3.0.4

3.4.1. Bug fixes

The release of Red Hat Update Infrastructure 3.0.4 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.

  • Disable subscription-manager after the client config rpm is installed: BZ#1415681
  • Remove extraneous output when rhui-manager subscriptions list --available --pool-only prints: BZ#1577052

3.4.2. Enhancements

The release of Red Hat Update Infrastructure 3.0.4 adds the following enhancements. RHUI users are advised to upgrade to these updated packages that add this enhancement.

  • Include /var/log/rhui-subscription-sync.log in sosreports: BZ#1578678
  • Provide easier debugging of invalid entitlement certificates: BZ#1584527
  • Update rhui-debug.py to collect information for RHUI 3+ : BZ#1591027
  • Simplify setting $releasever for clients: BZ#1504229
  • Improve how rhui-manager certification upload (CLI) handles an expired certificate: BZ#1519862

3.5. Updates for Red Hat Update Infrastructure 3.0.5

3.5.1. Bug fixes

The release of Red Hat Update Infrastructure 3.0.5 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.

  • The fabric package needs PyCrypto libraries but did not require python-crypto. It required python-paramiko, which used to require python-crypto, so the dependency was satisfied. A newer version of python-paramiko will be in RHEL 7.6, but it will not require python-crypto. The fabric package has been rebuilt to require python-crypto explicitly so it can continue to work on RHUI 3.x running on RHEL 7.6. BZ#1615907
  • Docker originally had registry settings in the /etc/sysconfig/docker file. The Docker configuration package created by rhui-manager modified this file to make Docker communicate with RHUI instead of the Red Hat registry. These settings have recently been moved to /etc/containers/registries.conf. This update allows rhui-manager to modify the new configuration file if it exists. If your clients use a configuration package created in an earlier RHUI version, you must recreate the package and update it on the clients. BZ#1599295
  • RHEL 7.6 will contain changes in SELinux that affect the ability of Pulp to synchronize content. New SELinux rules reflecting these changes have been added in advance to allow Pulp to work correctly after RHEL 7.6 is released. BZ#1608166

3.5.2. Enhancements

The release of Red Hat Update Infrastructure 3.0.5 adds the following enhancements. RHUI users are advised to upgrade to these updated packages that add these enhancements.

  • A new script, rhui-services-restart, is now available on RHUA and CDS nodes. Use this script to conveniently restart all the services that comprise RHUI. BZ#1539105
  • RHUI has switched from the insecure Secure Hash Algorithm 1 (SHA-1) to SHA-256 in its internal certificates. This change only affects new RHUI deployments. BZ#1411451
  • Pulp is now configured to remove copies of packages that get removed from the Red Hat CDN. This frees up disk space used by such unwanted packages. This change only affects new RHUI deployments. BZ#1489113
  • The rhui-manager repo list command now prints repository lists in alphabetical order. BZ#1601478
  • The RHUI debug script, used by the sosreport utility, has been enhanced to collect the output from the rhui-manager status command. BZ#1176477
  • The RHUI debug script has been made available on CDS nodes, which allows Red Hat Support to collect CDS-specific configuration and log files. However, it is necessary to have an updated version of the sos package for this enhancement to take effect. RHEL 6.10.z already contains an updated sos package, but RHEL 7 will not have this update until 7.6 is released. BZ#1596296
  • Previously, when rhui-manager created a client configuration package, it only printed the build root directory. A RHUI administrator who wanted to copy the package had to find it deep in the directory structure under the build root. With this update, rhui-manager prints the full path to the configuration package that it has built. BZ#1599635

3.6. Updates for Red Hat Update Infrastructure 3.0.6

3.6.1. Bug fixes

The release of Red Hat Update Infrastructure 3.0.6 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.

  • If the Red Hat entitlement certificate was deleted while rhui-manager was running, rhui-manager did not handle this loss correctly and an unexpected error occurred when trying to add a new repository. This update adds proper checks to rhui-manager that prevent the error from occurring. BZ#1325390
  • Previously, rhui-manager did not load SSH keys from the ~/.ssh/known_hosts file while adding a CDS or HAProxy node. Consequently, it was not possible to add a CDS or HAProxy node unless the -u option was used, which skipped SSH host key verification. With this update, rhui-manager loads the ~/.ssh/known_hosts file. If the SSH host key for the CDS or HAProxy node is already known, it is used to verify that the remote host is the intended one; otherwise, a message is printed to encourage the RHUI administrator to add the SSH host key to the ~/.ssh/known_hosts file. BZ#1409460
  • Prior to this update, if the host name of a CDS or HAProxy node that is to be added contained capital letters while the actual host name contained all lowercase letters, the addition failed. All letters in host names being added are now converted to lowercase, which resolves this issue. BZ#1572623

3.6.2. Enhancements

The release of Red Hat Update Infrastructure 3.0.6 adds the following enhancements. RHUI users are advised to upgrade to these updated packages that add these enhancements.

  • With this update, custom repositories can be created using the command-line interface of rhui-manager. Also, any repositories can be deleted from the command-line interface. See Appendix B. Red Hat Update Infrastructure Command-Line Interface in the Red Hat Update Infrastructure System Administrator’s Guide for information about the command line parameters that add these features. BZ#1582087
  • This update ensures that content certificates for RHUI clients are signed using Secure Hash Algorithm (SHA) 256, which is considered more secure than SHA 1, previously used when generating the certificates on RHEL 6. BZ#1628957

3.7. Updates for Red Hat Update Infrastructure 3.0.7

3.7.1. Bug fixes

The release of Red Hat Update Infrastructure 3.0.7 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.

  • It was impossible to reinstall or delete an HAProxy node in the command line interface of RHUI. These issues have been resolved. BZ#1409693 BZ#1409695
  • A failure occurred if an uploaded entitlement certificate contained no entitlements. With this update, the contents of the certificate are properly checked so that the failure does not occur anymore and a proper error message is printed. BZ#1497028
  • The rhui-manager repo add --product_name command added only one repository from the specified product. With this update, all the repositories from the product are added. BZ#1622151
  • Previously, if rhui-manager could not connect to a CDS or HAProxy node, it failed to delete its information about the node. With this update, unreachable CDS or HAProxy nodes can be deleted from RHUI successfully. A message about this fact is printed. BZ#1639996
  • Several packages were included in the RHUI 3 ISOs but were not needed by RHUI, or have been replaced by newer versions in base RHEL. These packages are no longer part of the ISOs. BZ#1658541
  • The Docker client configuration RPM built in rhui-manager required the docker-common package, which is available only in RHEL 7. This update changes the requirement to /usr/bin/docker, which makes the configuration RPM installable on RHEL 8 Beta, where podman-docker is available instead of docker-common. BZ#1659385

3.7.2. Enhancements

The release of Red Hat Update Infrastructure 3.0.7 adds the following enhancements. RHUI users are advised to upgrade to these updated packages that add these enhancements.

  • Client configuration packages can now be built without having to create an entitlement certificate beforehand. To take advantage of this feature, use the --cert option on the rhui-manager client rpm command line, as well as the --repo_label option, followed by a comma-separated list of repository labels that you would normally use when creating the certificate separately. You can also use the --days option, followed by a natural number, to control how many days the certificate will be valid. BZ#1415661
  • You can import update information (an updateinfo.xml[.gz] file) to a custom repository. This data allows clients to view errata or selectively update packages; for example, only apply security fixes or a specific bug fix. BZ#1627815
  • New options have been added to the rhui-manager repo list command. The --ids_only option makes the command print repository IDs only. The --redhat_only option limits the output to Red Hat repositories, excluding custom repositories. Lastly, the --delimiter option, followed by a string, controls how the IDs are separated in the output. By default, the new line character is used so that an ID per line is printed. BZ#1651638

Users of RHUI are advised to upgrade to these updated packages that fix these bugs and add these enhancements.

Report a bug

Chapter 4. Known issues

The known issues for Red Hat Update Infrastructure 3.0 includes the following subjects.

  1. When a user tries to list packages in repositories with a large amount of packages, rhui-manager reports an error:

    An unexpected error has occurred during the last operation. More information can be found in /root/.rhui/rhui.log.

    An example of a repository with a large amount of packages is Red Hat Enterprise Linux 7 Server from RHUI (RPMs) (7Server-x86_64). See BZ 1399605 for more details.

  2. A repository may not finish synchronizing if the Red Hat Update Appliance (RHUA) reboots while the task is running. If it becomes necessary to synchronize the repository manually, you should first check the task list in Pulp. Something internal in Pulp must have gone wrong, and you will need to cancel that task if it appears to be stuck in the Running state while nothing is actually being transferred. You can try synchronizing the affected repository in rhui-manager again. If the re-synchronization does not resolve the problem, you may have to cancel the new synchronization task, remove the broken repository, and add and synchronize the repository once more. See Check Repository Synchronization in the Red Hat Update Infrastructure System Administrator’s Guide for more details.
  3. When attempting to upload redhat-logos-4.9.16-1.noarch.rpm to a custom repository, the upload fails with the following error:

    An unexpected error has occurred during the last operation.
    More information can be found in /root/.rhui/rhui.log.

    See BZ#1198817 for more details.

  4. The user will not see an error message when the command-line interface (CLI) is used with invalid host names. See BZ#1409697 for more details.
  5. It is impossible to pull the OSTree repository on an Atomic Host immediately after it synchronizes for the first time. The synchronization must run at least twice; even then, the content is not available until Pulp publishes the files in the Apache directories, which takes several more minutes. Use the rhui-manager utility to forcibly run the synchronization for the second time or wait for the next synchronization, which occurs 4 hours after the first one. You can use the pulp-admin tasks list command on the RHUA node to check if a Pulp task is running and the pulp-admin tasks details --task-id ID command to check the progress of a running Pulp synchronization or publish task. See BZ#1427190 for more details.
  6. After you unregister a CDS instance from the RHUI, it is still configured in the load balancing pool on your HAProxy node. HAProxy notices the unavailability of the CDS and stops forwarding requests to it, but the configuration file remains unchanged. You should not have to take any action in this case. If you want the HAProxy to forget completely about the CDS node, edit the /etc/haproxy/haproxy.cfg file on the HAProxy node accordingly. See BZ#1454542 for more details.

Report a bug

Appendix A. Red Hat Update Infrastructure Release Notes Document Revision History

VersionDateChangeAuthor

Beta

10/13/2016

First beta release

Les Williams

Beta

12/21/2016

Second beta release

Les Williams

3.0

03/02/2017

General Availability

Les Williams

3.0.1

12/08/2017

Added text that the packages that comprise RHUI are available in ISOs as well as in Red Hat CDN repositories

Les Williams

3.0.2

2/28/2018

Revised to address BZ 1415097, BZ 1415198, BZ 1507869, and BZ 1534882

Les Williams

3.0.3

05/16/2018

Revised to address the following bugs (BZ#1506872, BZ#1506875, BZ#1450430, BZ#1428756, BZ#1483311, BZ#1488613, BZ#1538430, BZ#1485725, and BZ#1199426) and enhancements (BZ#1510136, BZ#1563113, and BZ#1443286).

Les Williams

3.0.4

07/10/2018

Revised to address the following bugs (BZ#1415681 , BZ#1504229, BZ#1519862, BZ#1577052, BZ#1578678, BZ#1584527, and BZ#1591027

Les Williams

3.0.4

08/02/2018

Revised Known Issue #5 to provide more context about synchronizing ostree content

Les Williams

3.0.4

08/24/2018

Added a note about backing up the system before performing any updates

Les Williams

3.0.5

09/05/2018

Revised to address the following bugs (BZ#1615907, BZ#1599295, and BZ#1608166) and enhancements (BZ#1539105, BZ#1411451, BZ#1489113, BZ#1601478, BZ#1176477, BZ#1596296, and BZ#1599635)

Les Williams

3.0.6

11/07/2018

Revised to address the following bugs (BZ#1325390, BZ#1409460, and BZ#1572623) and enhancements (BZ#1582087 and BZ#1628957)

Les Williams

3.0.7

1/23/2019

Revised to address the following bugs (BZ#1409693, BZ#1409695, BZ#1497028, BZ#1622151, BZ#1639996, BZ#1658541, and BZ#1659385) and enhancements (BZ#1415661, BZ#1627815, and BZ#1651638)

Les Williams

3.0.7

1/28/2019

Revised Chapter 4 per BZ#1454542

Les Williams

3.0.7

1/31/2019

Revised incorrect HAProxy file name in Chapter 4 per BZ#1454542

Les Williams

Report a bug

Legal Notice

Copyright © 2019 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.