Chapter 3. Updates

Note

Red Hat recommends that you back up your system before you perform any updates. Refer to the backup instructions in the Red Hat Update Infrastructure 3.0 System Administrator’s Guide for details on how to back up your system.

3.1. Update for Red Hat Update Infrastructure 3.0.1

With the release of Red Hat Update Infrastructure3.0.1, partners can install and update Red Hat Update Infrastructure by registering the nodes to the Red Hat Content Delivery Network (CDN) rather than leveraging the ISO for installation. See Chapter 4, Register Red Hat Update Infrastructure and Attach Subscriptions in the Red Hat Update Infrastructure System Administrator’s Guide for information regarding how to install and register the nodes to the CDN leveraging subscription-manager.

3.2. Updates for Red Hat Update Infrastructure 3.0.2

The release of Red Hat Update Infrastructure 3.0.2 resolves multiple bugs in the Red Hat Update Infrastructure Management Tool.

  • The message that prints when the RHUI administrator cannot log in to rhui-manager due to a certificate verification issue has been modified to include the case where the server certificate has expired. BZ 1415097
  • The rhui-manager client labels command now prints a sorted list of labels. BZ 1415198
  • Multiple programming bugs in the rhui-manager status command have been fixed. BZ 1507869
  • Previously, when new errata were released, Pulp failed to create a new version of the file holding errata metadata. Consequently, RHUI clients trying to use this metadata did not see any updates at all. This was especially problematic when a RHUI client used the --security option on the yum command line, in which case yum did not see security errata. With the 3.0.2 update, a backported patch has been added to Pulp to allow it to create new versions of the errata metadata file correctly. As a result, RHUI clients are now able to take advantage of this metadata. BZ 1534882

3.3. Updates for Red Hat Update Infrastructure 3.0.3

3.3.1. Bug fixes

The release of Red Hat Update Infrastructure 3.0.3 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.

  • Extraneous logging has been removed from the RHUA logs when adding repositories and syncing content.

  • The GPG key in the Yum repository file in client configuration packages is now configured correctly with the rhui-manager client rpm command.

  • The Apache configuration for package access has been hardened to require the use of the client certificates.

  • Previously, rhui-installer tried to change the owner of all files in the remote file system mount point to apache. Under certain circumstances, for example, when there was a huge number of files in the mount point or when the connection to the remote host was too slow, this action did not finish within the 5-minute limit imposed by Puppet. Consequently, rhui-installer failed. With this update, only the directory with the mount point itself is given to the apache user. As a result, this action completes quickly

    Note

    This change does not affect existing RHUI deployments. However, if you have files on the remote server that you want to attach to a new RHUI environment and their owner is not the apache user, manually change the owner to apache.

  • The --certs-update-all option was not handled correctly in rhui-installer and severely broke the RHUI environment. This option has been fixed.

  • Repositories containing neither RPMs nor OSTree content are no longer listed while adding new repositories in rhui-manager. These repositories (for example, ISO repositories) are not supported in RHUI. Attempts to synchronize them would fail.

3.3.2. Enhancement

The release of Red Hat Update Infrastructure 3.0.3 adds the following enhancement. Users of RHUI are advised to upgrade to these updated packages that add this enhancement.

  • The RHUA has introduced a new cron job that can detect when a new CDN certificate is generated. The renewed certificate is now copied to all relevant Pulp repositories, replacing the obsolete certificate. This ensures that the RHUA continues to receive content from the CDN.

3.3.3. Complete the update

Before applying this update, make sure all previously released errata relevant to your system have been applied.

The pulp-server package cannot be updated on CDS nodes where the remote share is mounted read-only. 

installing package pulp-server-2.8.3.3-4.el7ui.noarch needs 3MB on the /var/lib/rhui/remote_share filesystem

Temporarily remount the remote share read-write before applying this update to work around this issue.

You may see the following messages while applying this update: 

warning: file /etc/httpd/conf.d/pulp_content.conf: remove failed: No such file or directory

warning: file /etc/httpd/conf.d/pulp.conf: remove failed: No such file or directory

You can safely ignore these warnings as the missing files are no longer part of the pulp-server package.

See How do I apply package updates to my RHEL system? for details on how to apply this update.

Perform the following steps to complete the Red Hat Update Infrastructure 3.0.3 update.

  1. The following services on the RHUA must be restarted:

    • httpd
    • pulp_celerybeat
    • pulp_resource_manager
    • pulp_workers
  2. For the fix for BZ#1483311 to take effect, existing CDS nodes must be re-registered with rhui-manager.

  3. After running rhui-installer --certs-update-all, it is necessary to log out of rhui-manager and log in again. It is also necessary to re-register CDS nodes, regenerate entitlement certificates and client configuration packages, and update these packages on RHUI clients.

    Note

    You should not normally have to use the --certs-update-all option. It is only needed when your RHUI certificates, which were created during the initial run of rhui-installer, expire, become revoked, and so on. These are not the certificates you get from the CDN.

  4. To allow RHUI to begin updating Red Hat certificates automatically in the future, run rhui-manager, enter sm to open the Subscription Management screen, and enter r to launch the dialog to register a new Red Hat subscription in RHUI. You must have subscribed your RHUA node with Red Hat CDN for this feature to work, as described in Chapter 4. Register Red Hat Update Infrastructure and Attach Subscriptions in the System Administrator’s Guide. Complete the process as instructed in the rhui-manager user interface.
  5. It is also necessary to provide the RHUI administration password to the script that checks Red Hat certificates. To do so, either edit the /etc/rhui/rhui-subscription-sync.conf file by hand, or run rhui-manager, enter u to open the User Management screen, and enter p to launch the dialog to set the password.Then enter your RHUI user name and password to complete the process.

3.4. Updates for Red Hat Update Infrastructure 3.0.4

3.4.1. Bug fixes

The release of Red Hat Update Infrastructure 3.0.4 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.

  • Disable subscription-manager after the client config rpm is installed: BZ#1415681
  • Remove extraneous output when rhui-manager subscriptions list --available --pool-only prints: BZ#1577052

3.4.2. Enhancements

The release of Red Hat Update Infrastructure 3.0.4 adds the following enhancements. RHUI users are advised to upgrade to these updated packages that add this enhancement.

  • Include /var/log/rhui-subscription-sync.log in sosreports: BZ#1578678
  • Provide easier debugging of invalid entitlement certificates: BZ#1584527
  • Update rhui-debug.py to collect information for RHUI 3+ : BZ#1591027
  • Simplify setting $releasever for clients: BZ#1504229
  • Improve how rhui-manager certification upload (CLI) handles an expired certificate: BZ#1519862

3.5. Updates for Red Hat Update Infrastructure 3.0.5

3.5.1. Bug fixes

The release of Red Hat Update Infrastructure 3.0.5 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.

  • The fabric package needs PyCrypto libraries but did not require python-crypto. It required python-paramiko, which used to require python-crypto, so the dependency was satisfied. A newer version of python-paramiko will be in RHEL 7.6, but it will not require python-crypto. The fabric package has been rebuilt to require python-crypto explicitly so it can continue to work on RHUI 3.x running on RHEL 7.6. BZ#1615907
  • Docker originally had registry settings in the /etc/sysconfig/docker file. The Docker configuration package created by rhui-manager modified this file to make Docker communicate with RHUI instead of the Red Hat registry. These settings have recently been moved to /etc/containers/registries.conf. This update allows rhui-manager to modify the new configuration file if it exists. If your clients use a configuration package created in an earlier RHUI version, you must recreate the package and update it on the clients. BZ#1599295
  • RHEL 7.6 will contain changes in SELinux that affect the ability of Pulp to synchronize content. New SELinux rules reflecting these changes have been added in advance to allow Pulp to work correctly after RHEL 7.6 is released. BZ#1608166

3.5.2. Enhancements

The release of Red Hat Update Infrastructure 3.0.5 adds the following enhancements. RHUI users are advised to upgrade to these updated packages that add these enhancements.

  • A new script, rhui-services-restart, is now available on RHUA and CDS nodes. Use this script to conveniently restart all the services that comprise RHUI. BZ#1539105
  • RHUI has switched from the insecure Secure Hash Algorithm 1 (SHA-1) to SHA-256 in its internal certificates. This change only affects new RHUI deployments. BZ#1411451
  • Pulp is now configured to remove copies of packages that get removed from the Red Hat CDN. This frees up disk space used by such unwanted packages. This change only affects new RHUI deployments. BZ#1489113
  • The rhui-manager repo list command now prints repository lists in alphabetical order. BZ#1601478
  • The RHUI debug script, used by the sosreport utility, has been enhanced to collect the output from the rhui-manager status command. BZ#1176477
  • The RHUI debug script has been made available on CDS nodes, which allows Red Hat Support to collect CDS-specific configuration and log files. However, it is necessary to have an updated version of the sos package for this enhancement to take effect. RHEL 6.10.z already contains an updated sos package, but RHEL 7 will not have this update until 7.6 is released. BZ#1596296
  • Previously, when rhui-manager created a client configuration package, it only printed the build root directory. A RHUI administrator who wanted to copy the package had to find it deep in the directory structure under the build root. With this update, rhui-manager prints the full path to the configuration package that it has built. BZ#1599635

3.6. Updates for Red Hat Update Infrastructure 3.0.6

3.6.1. Bug fixes

The release of Red Hat Update Infrastructure 3.0.6 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.

  • If the Red Hat entitlement certificate was deleted while rhui-manager was running, rhui-manager did not handle this loss correctly and an unexpected error occurred when trying to add a new repository. This update adds proper checks to rhui-manager that prevent the error from occurring. BZ#1325390
  • Previously, rhui-manager did not load SSH keys from the ~/.ssh/known_hosts file while adding a CDS or HAProxy node. Consequently, it was not possible to add a CDS or HAProxy node unless the -u option was used, which skipped SSH host key verification. With this update, rhui-manager loads the ~/.ssh/known_hosts file. If the SSH host key for the CDS or HAProxy node is already known, it is used to verify that the remote host is the intended one; otherwise, a message is printed to encourage the RHUI administrator to add the SSH host key to the ~/.ssh/known_hosts file. BZ#1409460
  • Prior to this update, if the host name of a CDS or HAProxy node that is to be added contained capital letters while the actual host name contained all lowercase letters, the addition failed. All letters in host names being added are now converted to lowercase, which resolves this issue. BZ#1572623

3.6.2. Enhancements

The release of Red Hat Update Infrastructure 3.0.6 adds the following enhancements. RHUI users are advised to upgrade to these updated packages that add these enhancements.

  • With this update, custom repositories can be created using the command-line interface of rhui-manager. Also, any repositories can be deleted from the command-line interface. See Appendix B. Red Hat Update Infrastructure Command-Line Interface in the Red Hat Update Infrastructure System Administrator’s Guide for information about the command line parameters that add these features. BZ#1582087
  • This update ensures that content certificates for RHUI clients are signed using Secure Hash Algorithm (SHA) 256, which is considered more secure than SHA 1, previously used when generating the certificates on RHEL 6. BZ#1628957

3.7. Updates for Red Hat Update Infrastructure 3.0.7

3.7.1. Bug fixes

The release of Red Hat Update Infrastructure 3.0.7 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.

  • It was impossible to reinstall or delete an HAProxy node in the command line interface of RHUI. These issues have been resolved. BZ#1409693 BZ#1409695
  • A failure occurred if an uploaded entitlement certificate contained no entitlements. With this update, the contents of the certificate are properly checked so that the failure does not occur anymore and a proper error message is printed. BZ#1497028
  • The rhui-manager repo add --product_name command added only one repository from the specified product. With this update, all the repositories from the product are added. BZ#1622151
  • Previously, if rhui-manager could not connect to a CDS or HAProxy node, it failed to delete its information about the node. With this update, unreachable CDS or HAProxy nodes can be deleted from RHUI successfully. A message about this fact is printed. BZ#1639996
  • Several packages were included in the RHUI 3 ISOs but were not needed by RHUI, or have been replaced by newer versions in base RHEL. These packages are no longer part of the ISOs. BZ#1658541
  • The Docker client configuration RPM built in rhui-manager required the docker-common package, which is available only in RHEL 7. This update changes the requirement to /usr/bin/docker, which makes the configuration RPM installable on RHEL 8 Beta, where podman-docker is available instead of docker-common. BZ#1659385

3.7.2. Enhancements

The release of Red Hat Update Infrastructure 3.0.7 adds the following enhancements. RHUI users are advised to upgrade to these updated packages that add these enhancements.

  • Client configuration packages can now be built without having to create an entitlement certificate beforehand. To take advantage of this feature, use the --cert option on the rhui-manager client rpm command line, as well as the --repo_label option, followed by a comma-separated list of repository labels that you would normally use when creating the certificate separately. You can also use the --days option, followed by a natural number, to control how many days the certificate will be valid. BZ#1415661
  • You can import update information (an updateinfo.xml[.gz] file) to a custom repository. This data allows clients to view errata or selectively update packages; for example, only apply security fixes or a specific bug fix. BZ#1627815
  • New options have been added to the rhui-manager repo list command. The --ids_only option makes the command print repository IDs only. The --redhat_only option limits the output to Red Hat repositories, excluding custom repositories. Lastly, the --delimiter option, followed by a string, controls how the IDs are separated in the output. By default, the new line character is used so that an ID per line is printed. BZ#1651638

Users of RHUI are advised to upgrade to these updated packages that fix these bugs and add these enhancements.

Report a bug