Release Notes

Red Hat Update Infrastructure 3.1

Red Hat Customer Content Services

Abstract

The Release Notes provide high-level coverage of the features and functionality that comprise Red Hat Update Infrastructure 3.1.9.

Chapter 1. Features

The Red Hat Update Infrastructure 3.1.9 features include:

  • two installation sources (RHUI packages in ISOs as well as in Red Hat CDN repositories) so you can choose how to install Red Hat Update Infrastructure.
  • easy installation using Puppet.
  • code rebased to Pulp 2.18 and MongoDB 2.6 to be consistent with the code base in Red Hat Satellite 6.
  • faster access to content due to reworked architecture for automated installations.
  • default use of Red Hat Gluster Storage as shared storage to speed up content availability at the content delivery server (CDS) and eliminate the need for synchronization.
  • high-availability deployment to reduce the error of one CDS not being synchronized with another CDS.
  • a load balancer/HAProxy node that is client-facing. (This functionality was integrated previously into the CDS logic.)
  • certificates managed by the rhui-installer and rhui-manager commands.
  • updates to yum.repos.d/*, certificates, and keys to use the new unified URL.
  • removal of client-side load balancing functionality from rhui-lb.py.
  • support for Docker and OSTree (atomic) content.

See Chapter 16, Manage Certificates and Keys in the Red Hat Update Infrastructure System Administrator’s Guide for more details about Docker and OSTree content.

Chapter 2. Reworked architecture

2.1. Shared storage support

Red Hat Update Infrastructure 3.1.9 offers support for a shared storage volume for quicker availability of content to the clients. Red Hat Update Appliance and the CDSs are able to leverage the same storage location, which reduces synchronization times between the Red Hat Update Appliance and the CDSs.

2.2. NFS

With the option to use NFS, you can leverage your existing storage infrastructure to provide the storage for content.

2.3. Red Hat Gluster Storage

Red Hat Gluster Storage (formerly Red Hat Storage Server) provides redundant, scalable storage that can be installed on the same nodes (CDSs) running RHUI. This minimizes the number of nodes required for the deployment and ensures that there is no single point of failure in the deployment.

Red Hat Gluster Storage is an open, software-defined file storage that scales out as much as you need, and you can deploy the same storage on premises or in a public or hybrid cloud. Red Hat Gluster Storage provides new opportunities to unify data storage and infrastructure, increase performance, and improve availability and manageability to meet a broader set of an organization’s storage challenges and needs.

2.4. New installation process

Puppet drives the installation to configure all nodes in a single step. Certificates can be created by the installer. There is an HAProxy option to be able to load balance content requests for RPMs, OSTree content, and containers.

Report a bug

Chapter 3. Updates

Note

Red Hat recommends that you back up your system before you perform any updates. See the backup instructions in the Red Hat Update Infrastructure 3.1.9 System Administrator’s Guide for more details.

Note

As of version 3.1, RHUI will not be supported on RHEL 6. This and future updates will only be made available for RHEL 7. Users of RHUI on RHEL 6 are encouraged to migrate to RHEL 7.

3.1. Updates for Red Hat Update Infrastructure 3.1.0

This update includes the following enhancements, deletions, or revisions:

  • The MongoDB packages have been upgraded to upstream version 2.6, which provides a number of bug fixes and enhancements over the previous version. (BZ#1487523)
  • The Pulp packages have been upgraded to upstream version 2.18, which provides a number of bug fixes and enhancements over the previous version. The following list includes notable bug fixes:

    • When an updated version of updateinfo.xml.gz is found in the Red Hat CDN, the previously saved updateinfo.xml.gz file is no longer kept locally to save disk space. Note that updateinfo.xml.gz files saved prior to this update will not be deleted after the next synchronization by Pulp 2.18. Remove them by hand or using the script described in the solution article that is linked in the References section. (BZ#1593218)
    • If an erratum affects multiple repositories, the updateinfo.xml.gz files are correctly generated for all of them so that the yum updateinfo command can correctly display the relevant errata information. (BZ#1599116)
    • The Red Hat Enterprise Linux 7 Server from the RHUI repository has recently started to fail to synchronize, with an error message stating "DocumentTooLarge: BSON document too large." As a consequence, kernel-3.10.0-957.12.1.el7 was not available in RHUI. This problem has been fixed, and the repository can be synchronized correctly. (BZ#1707778)
  • As a Pulp-based solution, RHUI can serve as an alternate content source for another systems management product. A RHUI administrator can now create a configuration RPM containing files that allow the other product to download packages from RHUI. (BZ#1695464)
  • Legacy Certificate Authority (CA) certificates can be installed on CDS nodes to keep clients from losing access to entitled repositories after a new CA certificate is deployed in RHUI 3. (BZ#1698806)

Complete the update

Before applying this update, make sure all previously released errata relevant to your system have been applied.

See How do I apply package updates to my RHEL system? for more details.

Note

Before applying this update on CDS nodes, be sure to remount the shared file system, typically mounted at /var/lib/rhui/remote_share, read-write. This is necessary to allow the pulp-server package to update. Remount the files ystem read-only again after the update. Restart the httpd service in the end.

Important

There are several steps to take after applying this update on the RHUA node:

  • Perform database migrations by running sudo -u apache pulp-manage-db.
  • Restart RHUI services by running rhui-services-restart.
Note

Migrations may take several minutes to finish, depending on the number of repositories and packages you have in your RHUI. Be sure to pay attention to the output from the migrations. If you have RHEL 8 repositories in your RHUI, you may need to republish some of them. Follow the instructions in the output.

3.2. Updates for Red Hat Update Infrastructure 3.1.1

This update includes the following enhancements, deletions, or revisions:

  • Previously, when a CDS node was unregistered from RHUI, it was not removed from HAProxy configuration. It is now removed from the configuration so that HAProxy does not keep track of the unregistered node anymore. (BZ#1454542)
  • Prior to this update, when a CDS or a HAProxy node was unregistered from RHUI using the command line, the relevant RHUI services, httpd and haproxy, respectively, were not stopped on the nodes. In addition, the RHUI remote file system was left mounted on the unregistered CDS node. The command line interface was fixed to correctly clean up unregistered CDS or HAProxy nodes. (BZ#1640002)
  • Previously, only Red Hat repositories could be used when generating entitlement certificates on the command line. Any protected custom repositories also specified on the command line were ignored. With this update, protected custom repositories can be included when generating entitlement certificates on the command line. (BZ#1663422)
  • Client configuration RPMs can now be generated with custom proxy settings for Yum. The settings will be saved for each RHUI repository in the rh-cloud.repo file. Consult the RHUI 3.1 System Administrators Guide, linked to in the References section, for more information about this feature. (BZ#1658088)
  • When multiple repositories are scheduled to be synchronized, only a few of them can be actively synchronized at a time. The rest are waiting, but information about them is only kept in the system’s memory. If the system is rebooted or the Qpid service is restarted, the information about the repositories waiting for synchronization is lost. To allow the information to be saved on the disk, the Qpid persistence extension has been added. This feature is also described in the RHUI 3.1 System Administrators Guide. (BZ#1702254)
  • Client configuration RPMs used to be generated with a fixed release of "1". They can now be generated with any other release; the default release remains "1". This is useful if you have to generate a new configuration RPM containing updated certificates or repository data, and you do not want to use a higher version for any reason. (BZ#1715139)

Users of RHUI are advised to upgrade to these updated packages that fix these bugs and add these enhancements.

3.3. Updates for Red Hat Update Infrastructure 3.1.2

This update includes the following enhancements, deletions, or revisions:

  • The rhui-manager tool displays a numbered list of items to choose from when managing repositories or nodes. This list is numbered from 1 to the total number of items, and the RHUI administrator is expected to enter one or more numbers adjacent to the managed items. When the administrator entered 0 for some reason, the last item from the list got selected by mistake, or nothing got selected but rhui-manager subsequently crashed. This has been fixed so that entering 0 has no effect. (BZ#1305612)
  • The rhui command did not provide any error message and exited with a status of 0 when it was instructed to delete a CDS or an HAProxy node that was not registered in RHUI. With this update, an error message is printed and the exit code is not 0. (BZ#1409697)
  • An unnecessary error message was logged on CDS nodes when a legacy CA certificate was configured but a client machine used the primary CA certificate. This message is no longer logged. (BZ#1731856)
  • When the rhui-manager tool displays repositories to delete or show detailed information about, it newly categorizes them as follows: Custom Repositories, Red Hat Repositories: Docker, Red Hat Repositories: OSTree, and Red Hat Repositories: Yum. This way the RHUI administrator can better understand which of the managed repositories belong in which category. (BZ#1402361)

Users of RHUI are advised to upgrade to these updated packages that fix these bugs and add this enhancement.

Complete the update

Before applying this update, make sure all previously released errata relevant to your system have been applied.

See How do I apply package updates to my RHEL system? for more details.

Apache must be restarted on CDS nodes for the rhui-oid-validator update to take effect. After applying the update, run the systemctl restart httpd command on your CDS nodes.

3.4. Updates for Red Hat Update Infrastructure 3.1.3

This update includes the following enhancements, deletions, or revisions:

  • After a change to Atomic metadata, the Red Hat Enterprise Linux Atomic Host (Trees) repository could not be synchronized. The following error message was logged: OverflowError: MongoDB can only handle up to 8-byte ints. The pulp-ostree package has been upgraded to upstream version 1.3.1, which resolves this issue. (BZ#1757764)
  • With this update, RHUI leverages registry.redhat.io as the default container registry. Any previously added containers will still be synchronized from registry.access.redhat.com, but newly added containers will be synchronized from the new registry, unless a different registry is specified. Because the new registry requires authentication, a login and password must be supplied. See Add a Container to Red Hat Update Infrastructure for more information. (BZ#1692119)

Users of RHUI are advised to upgrade to these updated packages that fix these bugs and add these enhancements.

Complete the update

Before applying this update, make sure all previously released errata relevant to your system have been applied.

See How do I apply package updates to my RHEL system? for more details.

Note

Before applying this update on CDS nodes, be sure to remount the shared file system, typically mounted at /var/lib/rhui/remote_share, read-write. This is necessary to allow the pulp-ostree-plugins package to update. Remount the file system read-only again after the update.

Important

There are several steps to take after applying this update on the RHUA node:

  • Make sure Pulp services are stopped by running systemctl stop pulp\*.
  • Perform database migrations by running sudo -u apache pulp-manage-db.
  • Restart RHUI services by running rhui-services-restart.

In addition, for the fix for bug 1692119 to take effect, not only must the python2-crane package from this erratum be updated on CDS nodes, but the new configuration must be reapplied to them. To do so, on the RHUA node, use rhui-manager → c → r → select one hostname at a time, or use the command line: rhui cds reinstall HOSTNAME; repeat for all your CDS host names.

As described in the System Administrator’s Guide, you may also want to copy the new docker section from /etc/rhui/rhui-tools.conf.rpmnew to /etc/rhui/rhui-tools.conf and edit it according to your needs.

3.5. Updates for Red Hat Update Infrastructure 3.1.4

This update includes the following enhancements, deletions, or revisions:

  • A comps file, which is an XML file containing package groups, environments, categories, and language packs, can now be imported and become part of metadata for a custom repository. The RHUI 3.1 System Administrator’s Guide has been updated with information about how to use this feature in RHUI. See the "groups" section in the yum manpage for instructions on how RHUI clients can leverage the information in this metadata. Also, see the yum-langpacks manpage from the yum-langpacks package for detailed information about working with language packs. (BZ#1697491)
  • Verbose reporting is turned on by default when adding and reinstalling CDS and HAProxy nodes. This way RHUI administrators can get more information about the process, especially if something fails. (BZ#1751378)

Users of RHUI are advised to upgrade to these updated packages that add these enhancements.

3.6. Updates for Red Hat Update Infrastructure 3.1.5

This update includes the following enhancements, deletions, or revisions:

  • To tighten security, all SSL protocols as well as TLS protocols older than version 1.2 are now disabled. Clients running RHEL 6 and newer will use TLS 1.2 automatically. Note that for this change to take effect, you must reapply the configuration to existing CDS instances as described at https://access.redhat.com/solutions/4883961. (BZ#1637261)
Important

Because RHEL 5 does not support TLS 1.2, clients running RHEL 5 will not be able to use Yum repositories from RHUI 3.1.5 after this change. If you have RHEL 5 clients, do not reapply the configuration, or remove "-TLSv1 -TLSv1.1" from the /etc/httpd/conf.d/ssl.conf file and restart the httpd service on your CDS instances to revert this change. You will not be able to enforce TLS 1.2.

  • Previously, when RHUI administrators were asked to log in to rhui-manager, unnecessary and potentially confusing messages were displayed. Now, rhui-manager only informs the administrators about the fact that a login is required, and if the password has not been changed yet, a change is recommended. (BZ#1805385)

Red Hat advises users of RHUI to upgrade to the updated packages that add these enhancements.

3.7. Updates for Red Hat Update Infrastructure 3.1.6

This update includes the following enhancements, deletions, or revisions:

  • You can upload packages stored on remote servers to custom repositories without having to download them beforehand. You can also use the new ur option on the Repository Management screen or the new rhui-manager packages remote command to provide package URLs. (BZ#1204277)

Red Hat advises users of RHUI to upgrade to the updated packages that add this enhancement.

3.8. Updates for Red Hat Update Infrastructure 3.1.7

This update includes the following enhancements, deletions, or revisions:

  • The output from the rhui-manager cert info command is now part of sosreport archives created on RHUA nodes. This command provides information about entitled products based on entitlement certificates used in RHUI. (BZ#1845238)
  • Previously, when a RHUI administrator launched rhui-manager to add new repositories, information about available repositories had to be obtained from the Red Hat CDN, which could take several minutes because hundreds of HTTP requests had to be processed. With this update, available repositories are cached when their list is needed for the first time. As a result, further attempts to add repositories to RHUI do not involve communication with the Red Hat CDN, and a list of available repositories is provided to the RHUI administrator immediately. (BZ#1873956)

Red Hat advises users of RHUI to upgrade to the updated packages that add these enhancements.

3.9. Updates for Red Hat Update Infrastructure 3.1.8

This update includes the following enhancements, deletions, or revisions:

  • Previously, rhui-manager expected entitlements from Red Hat Subscription Manager certificates to be based on so called pool IDs. Simple content access (SCA) does not use any pool IDs; consequently, an error occurred in rhui-manager when users who had enabled SCA for their accounts wanted to register their subscription in rhui-manager. With this update, rhui-manager has been fixed to take SCA entitlements into account. As a result, the error no longer occurs and users can register their subscriptions. This change does not affect traditional entitlements with pool IDs, which can still be used as usual. (BZ#1940997)

Red Hat advises users of RHUI to upgrade to the updated packages that fix this issue.

3.10. Updates for Red Hat Update Infrastructure 3.1.9

This update includes the following enhancements, deletions, or revisions:

Entitlement certificates in the /etc/pki/rhui/redhat/ directory and in the importer directories for all active RHUI repositories are now correctly updated when the serial number of a certificate in the /etc/pki/entitlement/ directory changes. This allows RHUI to keep synchronizing repositories when a certificate from a registered subscription is updated or revoked for any reason. (BZ#1957870)

Note

The sm screen and the corresponding subscriptions subcommand have been removed from rhui-manager. The synchronize-rhui-subscriptions cron job, which runs hourly, now keeps entitlement certificates current with system subscriptions.

  • Section 6.8, Register a Red Hat Subscription in RHUI was removed in its entirety,
  • Section 6.9, Enable Automatic Entitlement Certificate Updates was renumbered to 6.8 and revised to remove the mention of registering a Red Hat subscription.
  • Section 15.4.3, Manage Certificate and Keys was revised to remove the mention of registering a Red Hat subscription. An admonition was added regarding the rhsmcertd service.
  • Section b.6, subscriptions of Appendix B, Red Hat Update Infrastructure Command Line Interface was removed in its entirety.
  • Section F.1.3.1. Entitlement Certificate Refresh of Appendix F, Red Hat Update Infrastructure was revised to remove mention of registering a Red Hat subscription.
  • Throughout the System Adminstrator’s Guide, all commands for sm manage Red Hat subscriptions were removed.

Chapter 4. Known issues

The known issues for Red Hat Update Infrastructure 3.1.9 includes the following subjects.

  1. When a user tries to list packages in repositories with a large amount of packages, rhui-manager reports an error:

    An unexpected error has occurred during the last operation. More information can be found in /root/.rhui/rhui.log.

    An example of a repository with a large amount of packages is Red Hat Enterprise Linux 7 Server from RHUI (RPMs) (7Server-x86_64). See BZ 1399605 for more details.

  2. A repository may not finish synchronizing if the Red Hat Update Appliance (RHUA) reboots while the task is running. If it becomes necessary to synchronize the repository manually, you should first check the task list in Pulp. Something internal in Pulp must have gone wrong, and you will need to cancel that task if it appears to be stuck in the Running state while nothing is actually being transferred. You can try synchronizing the affected repository in rhui-manager again. If the re-synchronization does not resolve the problem, you may have to cancel the new synchronization task, remove the broken repository, and add and synchronize the repository once more. See Check Repository Synchronization in the Red Hat Update Infrastructure System Administrator’s Guide for more details.
  3. When attempting to upload redhat-logos-4.9.16-1.noarch.rpm to a custom repository, the upload fails with the following error:

    An unexpected error has occurred during the last operation.
    More information can be found in /root/.rhui/rhui.log.

    See BZ#1198817 for more details.

  4. It is impossible to pull the OSTree repository on an Atomic Host immediately after it synchronizes for the first time. The synchronization must run at least twice; even then, the content is not available until Pulp publishes the files in the Apache directories, which takes several more minutes. Use the rhui-manager utility to forcibly run the synchronization for the second time or wait for the next synchronization, which occurs 4 hours after the first one. You can use the pulp-admin tasks list command on the RHUA node to check if a Pulp task is running and the pulp-admin tasks details --task-id ID command to check the progress of a running Pulp synchronization or publish task. See BZ#1427190 for more details.

Report a bug

Legal Notice

Copyright © 2021 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.