Chapter 3. Updates

Note

Red Hat recommends that you back up your system before you perform any updates. Refer to the backup instructions in the Red Hat Update Infrastructure 3.0 System Administrator’s Guide for details on how to back up your system.

3.1. Update for Red Hat Update Infrastructure 3.0.1

With the release of Red Hat Update Infrastructure3.0.1, partners can install and update Red Hat Update Infrastructure by registering the nodes to the Red Hat Content Delivery Network (CDN) rather than leveraging the ISO for installation. See Chapter 4, Register Red Hat Update Infrastructure and Attach Subscriptions in the Red Hat Update Infrastructure System Administrator’s Guide for information regarding how to install and register the nodes to the CDN leveraging subscription-manager.

3.2. Updates for Red Hat Update Infrastructure 3.0.2

The release of Red Hat Update Infrastructure 3.0.2 resolves multiple bugs in the Red Hat Update Infrastructure Management Tool.

  • The message that prints when the RHUI administrator cannot log in to rhui-manager due to a certificate verification issue has been modified to include the case where the server certificate has expired. BZ 1415097
  • The rhui-manager client labels command now prints a sorted list of labels. BZ 1415198
  • Multiple programming bugs in the rhui-manager status command have been fixed. BZ 1507869
  • Previously, when new errata were released, Pulp failed to create a new version of the file holding errata metadata. Consequently, RHUI clients trying to use this metadata did not see any updates at all. This was especially problematic when a RHUI client used the --security option on the yum command line, in which case yum did not see security errata. With the 3.0.2 update, a backported patch has been added to Pulp to allow it to create new versions of the errata metadata file correctly. As a result, RHUI clients are now able to take advantage of this metadata. BZ 1534882

3.3. Updates for Red Hat Update Infrastructure 3.0.3

3.3.1. Bug fixes

The release of Red Hat Update Infrastructure 3.0.3 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.

  • Extraneous logging has been removed from the RHUA logs when adding repositories and syncing content.

  • The GPG key in the Yum repository file in client configuration packages is now configured correctly with the rhui-manager client rpm command.

  • The Apache configuration for package access has been hardened to require the use of the client certificates.

  • Previously, rhui-installer tried to change the owner of all files in the remote file system mount point to apache. Under certain circumstances, for example, when there was a huge number of files in the mount point or when the connection to the remote host was too slow, this action did not finish within the 5-minute limit imposed by Puppet. Consequently, rhui-installer failed. With this update, only the directory with the mount point itself is given to the apache user. As a result, this action completes quickly

    Note

    This change does not affect existing RHUI deployments. However, if you have files on the remote server that you want to attach to a new RHUI environment and their owner is not the apache user, manually change the owner to apache.

  • The --certs-update-all option was not handled correctly in rhui-installer and severely broke the RHUI environment. This option has been fixed.

  • Repositories containing neither RPMs nor OSTree content are no longer listed while adding new repositories in rhui-manager. These repositories (for example, ISO repositories) are not supported in RHUI. Attempts to synchronize them would fail.

3.3.2. Enhancement

The release of Red Hat Update Infrastructure 3.0.3 adds the following enhancement. Users of RHUI are advised to upgrade to these updated packages that add this enhancement.

  • The RHUA has introduced a new cron job that can detect when a new CDN certificate is generated. The renewed certificate is now copied to all relevant Pulp repositories, replacing the obsolete certificate. This ensures that the RHUA continues to receive content from the CDN.

3.3.3. Complete the update

Before applying this update, make sure all previously released errata relevant to your system have been applied.

The pulp-server package cannot be updated on CDS nodes where the remote share is mounted read-only. 

installing package pulp-server-2.8.3.3-4.el7ui.noarch needs 3MB on the /var/lib/rhui/remote_share filesystem

Temporarily remount the remote share read-write before applying this update to work around this issue.

You may see the following messages while applying this update: 

warning: file /etc/httpd/conf.d/pulp_content.conf: remove failed: No such file or directory

warning: file /etc/httpd/conf.d/pulp.conf: remove failed: No such file or directory

You can safely ignore these warnings as the missing files are no longer part of the pulp-server package.

See How do I apply package updates to my RHEL system? for details on how to apply this update.

Perform the following steps to complete the Red Hat Update Infrastructure 3.0.3 update.

  1. The following services on the RHUA must be restarted:

    • httpd
    • pulp_celerybeat
    • pulp_resource_manager
    • pulp_workers
  2. For the fix for BZ#1483311 to take effect, existing CDS nodes must be re-registered with rhui-manager.

  3. After running rhui-installer --certs-update-all, it is necessary to log out of rhui-manager and log in again. It is also necessary to re-register CDS nodes, regenerate entitlement certificates and client configuration packages, and update these packages on RHUI clients.

    Note

    You should not normally have to use the --certs-update-all option. It is only needed when your RHUI certificates, which were created during the initial run of rhui-installer, expire, become revoked, and so on. These are not the certificates you get from the CDN.

  4. To allow RHUI to begin updating Red Hat certificates automatically in the future, run rhui-manager, enter sm to open the Subscription Management screen, and enter r to launch the dialog to register a new Red Hat subscription in RHUI. You must have subscribed your RHUA node with Red Hat CDN for this feature to work, as described in Chapter 4. Register Red Hat Update Infrastructure and Attach Subscriptions in the System Administrator’s Guide. Complete the process as instructed in the rhui-manager user interface.
  5. It is also necessary to provide the RHUI administration password to the script that checks Red Hat certificates. To do so, either edit the /etc/rhui/rhui-subscription-sync.conf file by hand, or run rhui-manager, enter u to open the User Management screen, and enter p to launch the dialog to set the password.Then enter your RHUI user name and password to complete the process.

3.4. Updates for Red Hat Update Infrastructure 3.0.4

3.4.1. Bug fixes

The release of Red Hat Update Infrastructure 3.0.4 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.

  • Disable subscription-manager after the client config rpm is installed: BZ#1415681
  • Remove extraneous output when rhui-manager subscriptions list --available --pool-only prints: BZ#1577052

3.4.2. Enhancements

The release of Red Hat Update Infrastructure 3.0.4 adds the following enhancements. RHUI users are advised to upgrade to these updated packages that add this enhancement.

  • Include /var/log/rhui-subscription-sync.log in sosreports: BZ#1578678
  • Provide easier debugging of invalid entitlement certificates: BZ#1584527
  • Update rhui-debug.py to collect information for RHUI 3+ : BZ#1591027
  • Simplify setting $releasever for clients: BZ#1504229
  • Improve how rhui-manager certification upload (CLI) handles an expired certificate: BZ#1519862

3.5. Updates for Red Hat Update Infrastructure 3.0.5

3.5.1. Bug fixes

The release of Red Hat Update Infrastructure 3.0.5 resolves the following bugs. RHUI users are advised to upgrade to these updated packages that fix these bugs.

  • The fabric package needs PyCrypto libraries but did not require python-crypto. It required python-paramiko, which used to require python-crypto, so the dependency was satisfied. A newer version of python-paramiko will be in RHEL 7.6, but it will not require python-crypto. The fabric package has been rebuilt to require python-crypto explicitly so it can continue to work on RHUI 3.x running on RHEL 7.6. BZ#1615907
  • Docker originally had registry settings in the /etc/sysconfig/docker file. The Docker configuration package created by rhui-manager modified this file to make Docker communicate with RHUI instead of the Red Hat registry. These settings have recently been moved to /etc/containers/registries.conf. This update allows rhui-manager to modify the new configuration file if it exists. If your clients use a configuration package created in an earlier RHUI version, you must recreate the package and update it on the clients. BZ#1599295
  • RHEL 7.6 will contain changes in SELinux that affect the ability of Pulp to synchronize content. New SELinux rules reflecting these changes have been added in advance to allow Pulp to work correctly after RHEL 7.6 is released. BZ#1608166

3.5.2. Enhancements

The release of Red Hat Update Infrastructure 3.0.5 adds the following enhancements. RHUI users are advised to upgrade to these updated packages that add this enhancement.

  • A new script, rhui-services-restart, is now available on RHUA and CDS nodes. Use this script to conveniently restart all the services that comprise RHUI. BZ#1539105
  • RHUI has switched from the insecure Secure Hash Algorithm 1 (SHA-1) to SHA-256 in its internal certificates. This change only affects new RHUI deployments. BZ#1411451
  • Pulp is now configured to remove copies of packages that get removed from the Red Hat CDN. This frees up disk space used by such unwanted packages. This change only affects new RHUI deployments. BZ#1489113
  • The rhui-manager repo list command now prints repository lists in alphabetical order. BZ#1601478
  • The RHUI debug script, used by the sosreport utility, has been enhanced to collect the output from the rhui-manager status command. BZ#1176477
  • The RHUI debug script has been made available on CDS nodes, which allows Red Hat Support to collect CDS-specific configuration and log files. However, it is necessary to have an updated version of the sos package for this enhancement to take effect. RHEL 6.10.z already contains an updated sos package, but RHEL 7 will not have this update until 7.6 is released. BZ#1596296
  • Previously, when rhui-manager created a client configuration package, it only printed the build root directory. A RHUI administrator who wanted to copy the package had to find it deep in the directory structure under the build root. With this update, rhui-manager prints the full path to the configuration package that it has built. BZ#1599635

Report a bug