Release Notes
Abstract
Chapter 1. Features
The Red Hat Update Infrastructure 3.1.9 features include:
- two installation sources (RHUI packages in ISOs as well as in Red Hat CDN repositories) so you can choose how to install Red Hat Update Infrastructure.
- easy installation using Puppet.
- code rebased to Pulp 2.18 and MongoDB 2.6 to be consistent with the code base in Red Hat Satellite 6.
- faster access to content due to reworked architecture for automated installations.
- default use of Red Hat Gluster Storage as shared storage to speed up content availability at the content delivery server (CDS) and eliminate the need for synchronization.
- high-availability deployment to reduce the error of one CDS not being synchronized with another CDS.
- a load balancer/HAProxy node that is client-facing. (This functionality was integrated previously into the CDS logic.)
- certificates managed by the rhui-installer and rhui-manager commands.
-
updates to
yum.repos.d/*
, certificates, and keys to use the new unified URL. - removal of client-side load balancing functionality from rhui-lb.py.
- support for Docker and OSTree (atomic) content.
See Chapter 16, Manage Certificates and Keys in the Red Hat Update Infrastructure System Administrator’s Guide for more details about Docker and OSTree content.
Chapter 2. Reworked architecture
2.1. Shared storage support
Red Hat Update Infrastructure 3.1.9 offers support for a shared storage volume for quicker availability of content to the clients. Red Hat Update Appliance and the CDSs are able to leverage the same storage location, which reduces synchronization times between the Red Hat Update Appliance and the CDSs.
2.2. NFS
With the option to use NFS, you can leverage your existing storage infrastructure to provide the storage for content.
2.3. Red Hat Gluster Storage
Red Hat Gluster Storage (formerly Red Hat Storage Server) provides redundant, scalable storage that can be installed on the same nodes (CDSs) running RHUI. This minimizes the number of nodes required for the deployment and ensures that there is no single point of failure in the deployment.
Red Hat Gluster Storage is an open, software-defined file storage that scales out as much as you need, and you can deploy the same storage on premises or in a public or hybrid cloud. Red Hat Gluster Storage provides new opportunities to unify data storage and infrastructure, increase performance, and improve availability and manageability to meet a broader set of an organization’s storage challenges and needs.
2.4. New installation process
Puppet drives the installation to configure all nodes in a single step. Certificates can be created by the installer. There is an HAProxy option to be able to load balance content requests for RPMs, OSTree content, and containers.
Chapter 3. Updates
Red Hat recommends that you back up your system before you perform any updates. See the backup instructions in the Red Hat Update Infrastructure 3.1.9 System Administrator’s Guide for more details.
As of version 3.1, RHUI will not be supported on RHEL 6. This and future updates will only be made available for RHEL 7. Users of RHUI on RHEL 6 are encouraged to migrate to RHEL 7.
3.1. Updates for Red Hat Update Infrastructure 3.1.0
This update includes the following enhancements, deletions, or revisions:
-
The
MongoDB
packages have been upgraded to upstream version 2.6, which provides a number of bug fixes and enhancements over the previous version. (BZ#1487523) The
Pulp
packages have been upgraded to upstream version 2.18, which provides a number of bug fixes and enhancements over the previous version. The following list includes notable bug fixes:-
When an updated version of
updateinfo.xml.gz
is found in the Red Hat CDN, the previously savedupdateinfo.xml.gz
file is no longer kept locally to save disk space. Note thatupdateinfo.xml.gz
files saved prior to this update will not be deleted after the next synchronization by Pulp 2.18. Remove them by hand or using the script described in the solution article that is linked in the References section. (BZ#1593218) -
If an erratum affects multiple repositories, the
updateinfo.xml.gz
files are correctly generated for all of them so that theyum updateinfo
command can correctly display the relevant errata information. (BZ#1599116) - The Red Hat Enterprise Linux 7 Server from the RHUI repository has recently started to fail to synchronize, with an error message stating "DocumentTooLarge: BSON document too large." As a consequence, kernel-3.10.0-957.12.1.el7 was not available in RHUI. This problem has been fixed, and the repository can be synchronized correctly. (BZ#1707778)
-
When an updated version of
- As a Pulp-based solution, RHUI can serve as an alternate content source for another systems management product. A RHUI administrator can now create a configuration RPM containing files that allow the other product to download packages from RHUI. (BZ#1695464)
- Legacy Certificate Authority (CA) certificates can be installed on CDS nodes to keep clients from losing access to entitled repositories after a new CA certificate is deployed in RHUI 3. (BZ#1698806)
Complete the update
Before applying this update, make sure all previously released errata relevant to your system have been applied.
See How do I apply package updates to my RHEL system? for more details.
Before applying this update on CDS nodes, be sure to remount the shared file system, typically mounted at /var/lib/rhui/remote_share
, read-write. This is necessary to allow the pulp-server
package to update. Remount the files ystem read-only again after the update. Restart the httpd
service in the end.
There are several steps to take after applying this update on the RHUA node:
-
Perform database migrations by running
sudo -u apache pulp-manage-db
. -
Restart RHUI services by running
rhui-services-restart
.
Migrations may take several minutes to finish, depending on the number of repositories and packages you have in your RHUI. Be sure to pay attention to the output from the migrations. If you have RHEL 8 repositories in your RHUI, you may need to republish some of them. Follow the instructions in the output.
3.2. Updates for Red Hat Update Infrastructure 3.1.1
This update includes the following enhancements, deletions, or revisions:
- Previously, when a CDS node was unregistered from RHUI, it was not removed from HAProxy configuration. It is now removed from the configuration so that HAProxy does not keep track of the unregistered node anymore. (BZ#1454542)
-
Prior to this update, when a CDS or a HAProxy node was unregistered from RHUI using the command line, the relevant RHUI services,
httpd
andhaproxy
, respectively, were not stopped on the nodes. In addition, the RHUI remote file system was left mounted on the unregistered CDS node. The command line interface was fixed to correctly clean up unregistered CDS or HAProxy nodes. (BZ#1640002) - Previously, only Red Hat repositories could be used when generating entitlement certificates on the command line. Any protected custom repositories also specified on the command line were ignored. With this update, protected custom repositories can be included when generating entitlement certificates on the command line. (BZ#1663422)
-
Client configuration RPMs can now be generated with custom proxy settings for Yum. The settings will be saved for each RHUI repository in the
rh-cloud.repo
file. Consult the RHUI 3.1 System Administrators Guide, linked to in the References section, for more information about this feature. (BZ#1658088) -
When multiple repositories are scheduled to be synchronized, only a few of them can be actively synchronized at a time. The rest are waiting, but information about them is only kept in the system’s memory. If the system is rebooted or the
Qpid
service is restarted, the information about the repositories waiting for synchronization is lost. To allow the information to be saved on the disk, theQpid persistence
extension has been added. This feature is also described in the RHUI 3.1 System Administrators Guide. (BZ#1702254) - Client configuration RPMs used to be generated with a fixed release of "1". They can now be generated with any other release; the default release remains "1". This is useful if you have to generate a new configuration RPM containing updated certificates or repository data, and you do not want to use a higher version for any reason. (BZ#1715139)
Users of RHUI are advised to upgrade to these updated packages that fix these bugs and add these enhancements.
3.3. Updates for Red Hat Update Infrastructure 3.1.2
This update includes the following enhancements, deletions, or revisions:
-
The
rhui-manager
tool displays a numbered list of items to choose from when managing repositories or nodes. This list is numbered from1
to the total number of items, and the RHUI administrator is expected to enter one or more numbers adjacent to the managed items. When the administrator entered0
for some reason, the last item from the list got selected by mistake, or nothing got selected butrhui-manager
subsequently crashed. This has been fixed so that entering0
has no effect. (BZ#1305612) -
The
rhui
command did not provide any error message and exited with a status of0
when it was instructed to delete a CDS or an HAProxy node that was not registered in RHUI. With this update, an error message is printed and the exit code is not0
. (BZ#1409697) - An unnecessary error message was logged on CDS nodes when a legacy CA certificate was configured but a client machine used the primary CA certificate. This message is no longer logged. (BZ#1731856)
-
When the
rhui-manager
tool displays repositories to delete or show detailed information about, it newly categorizes them as follows: Custom Repositories, Red Hat Repositories: Docker, Red Hat Repositories: OSTree, and Red Hat Repositories: Yum. This way the RHUI administrator can better understand which of the managed repositories belong in which category. (BZ#1402361)
Users of RHUI are advised to upgrade to these updated packages that fix these bugs and add this enhancement.
Complete the update
Before applying this update, make sure all previously released errata relevant to your system have been applied.
See How do I apply package updates to my RHEL system? for more details.
Apache
must be restarted on CDS nodes for the rhui-oid-validator
update to take effect. After applying the update, run the systemctl restart httpd
command on your CDS nodes.
3.4. Updates for Red Hat Update Infrastructure 3.1.3
This update includes the following enhancements, deletions, or revisions:
-
After a change to Atomic metadata, the Red Hat Enterprise Linux Atomic Host (Trees) repository could not be synchronized. The following error message was logged:
OverflowError: MongoDB can only handle up to 8-byte ints
. Thepulp-ostree
package has been upgraded to upstream version 1.3.1, which resolves this issue. (BZ#1757764) -
With this update, RHUI leverages
registry.redhat.io
as the default container registry. Any previously added containers will still be synchronized fromregistry.access.redhat.com
, but newly added containers will be synchronized from the new registry, unless a different registry is specified. Because the new registry requires authentication, a login and password must be supplied. See Add a Container to Red Hat Update Infrastructure for more information. (BZ#1692119)
Users of RHUI are advised to upgrade to these updated packages that fix these bugs and add these enhancements.
Complete the update
Before applying this update, make sure all previously released errata relevant to your system have been applied.
See How do I apply package updates to my RHEL system? for more details.
Before applying this update on CDS nodes, be sure to remount the shared file system, typically mounted at /var/lib/rhui/remote_share
, read-write. This is necessary to allow the pulp-ostree-plugins
package to update. Remount the file system read-only again after the update.
There are several steps to take after applying this update on the RHUA node:
-
Make sure
Pulp
services are stopped by runningsystemctl stop pulp\*
. -
Perform database migrations by running
sudo -u apache pulp-manage-db
. -
Restart RHUI services by running
rhui-services-restart
.
In addition, for the fix for bug 1692119 to take effect, not only must the python2-crane
package from this erratum be updated on CDS nodes, but the new configuration must be reapplied to them. To do so, on the RHUA node, use rhui-manager → c → r → select one hostname at a time
, or use the command line: rhui cds reinstall HOSTNAME
; repeat for all your CDS host names.
As described in the System Administrator’s Guide, you may also want to copy the new docker section from /etc/rhui/rhui-tools.conf.rpmnew
to /etc/rhui/rhui-tools.conf
and edit it according to your needs.
3.5. Updates for Red Hat Update Infrastructure 3.1.4
This update includes the following enhancements, deletions, or revisions:
-
A
comps
file, which is an XML file containing package groups, environments, categories, and language packs, can now be imported and become part of metadata for a custom repository. The RHUI 3.1 System Administrator’s Guide has been updated with information about how to use this feature in RHUI. See the "groups" section in theyum
manpage for instructions on how RHUI clients can leverage the information in this metadata. Also, see theyum-langpacks
manpage from theyum-langpacks
package for detailed information about working with language packs. (BZ#1697491) - Verbose reporting is turned on by default when adding and reinstalling CDS and HAProxy nodes. This way RHUI administrators can get more information about the process, especially if something fails. (BZ#1751378)
Users of RHUI are advised to upgrade to these updated packages that add these enhancements.
3.6. Updates for Red Hat Update Infrastructure 3.1.5
This update includes the following enhancements, deletions, or revisions:
- To tighten security, all SSL protocols as well as TLS protocols older than version 1.2 are now disabled. Clients running RHEL 6 and newer will use TLS 1.2 automatically. Note that for this change to take effect, you must reapply the configuration to existing CDS instances as described at https://access.redhat.com/solutions/4883961. (BZ#1637261)
Because RHEL 5 does not support TLS 1.2, clients running RHEL 5 will not be able to use Yum repositories from RHUI 3.1.5 after this change. If you have RHEL 5 clients, do not reapply the configuration, or remove "-TLSv1 -TLSv1.1" from the /etc/httpd/conf.d/ssl.conf
file and restart the httpd
service on your CDS instances to revert this change. You will not be able to enforce TLS 1.2.
-
Previously, when RHUI administrators were asked to log in to
rhui-manager
, unnecessary and potentially confusing messages were displayed. Now,rhui-manager
only informs the administrators about the fact that a login is required, and if the password has not been changed yet, a change is recommended. (BZ#1805385)
Red Hat advises users of RHUI to upgrade to the updated packages that add these enhancements.
3.7. Updates for Red Hat Update Infrastructure 3.1.6
This update includes the following enhancements, deletions, or revisions:
-
You can upload packages stored on remote servers to custom repositories without having to download them beforehand. You can also use the new
ur
option on the Repository Management screen or the newrhui-manager packages remote
command to provide package URLs. (BZ#1204277)
Red Hat advises users of RHUI to upgrade to the updated packages that add this enhancement.
3.8. Updates for Red Hat Update Infrastructure 3.1.7
This update includes the following enhancements, deletions, or revisions:
-
The output from the
rhui-manager cert info
command is now part of sosreport archives created on RHUA nodes. This command provides information about entitled products based on entitlement certificates used in RHUI. (BZ#1845238) -
Previously, when a RHUI administrator launched
rhui-manager
to add new repositories, information about available repositories had to be obtained from the Red Hat CDN, which could take several minutes because hundreds of HTTP requests had to be processed. With this update, available repositories are cached when their list is needed for the first time. As a result, further attempts to add repositories to RHUI do not involve communication with the Red Hat CDN, and a list of available repositories is provided to the RHUI administrator immediately. (BZ#1873956)
Red Hat advises users of RHUI to upgrade to the updated packages that add these enhancements.
3.9. Updates for Red Hat Update Infrastructure 3.1.8
This update includes the following enhancements, deletions, or revisions:
-
Previously,
rhui-manager
expected entitlements from Red Hat Subscription Manager certificates to be based on so called pool IDs. Simple content access (SCA) does not use any pool IDs; consequently, an error occurred inrhui-manager
when users who had enabled SCA for their accounts wanted to register their subscription inrhui-manager
. With this update,rhui-manager
has been fixed to take SCA entitlements into account. As a result, the error no longer occurs and users can register their subscriptions. This change does not affect traditional entitlements with pool IDs, which can still be used as usual. (BZ#1940997)
Red Hat advises users of RHUI to upgrade to the updated packages that fix this issue.
3.10. Updates for Red Hat Update Infrastructure 3.1.9
This update includes the following enhancements, deletions, or revisions:
Entitlement certificates in the /etc/pki/rhui/redhat/
directory and in the importer
directories for all active RHUI repositories are now correctly updated when the serial number of a certificate in the /etc/pki/entitlement/
directory changes. This allows RHUI to keep synchronizing repositories when a certificate from a registered subscription is updated or revoked for any reason. (BZ#1957870)
The sm screen and the corresponding subscriptions
subcommand have been removed from rhui-manager
. The synchronize-rhui-subscriptions
cron job, which runs hourly, now keeps entitlement certificates current with system subscriptions.
- Section 6.8, Register a Red Hat Subscription in RHUI was removed in its entirety,
- Section 6.9, Enable Automatic Entitlement Certificate Updates was renumbered to 6.8 and revised to remove the mention of registering a Red Hat subscription.
-
Section 15.4.3, Manage Certificate and Keys was revised to remove the mention of registering a Red Hat subscription. An admonition was added regarding the
rhsmcertd
service. - Section b.6, subscriptions of Appendix B, Red Hat Update Infrastructure Command Line Interface was removed in its entirety.
- Section F.1.3.1. Entitlement Certificate Refresh of Appendix F, Red Hat Update Infrastructure was revised to remove mention of registering a Red Hat subscription.
-
Throughout the System Adminstrator’s Guide, all commands for
sm manage Red Hat subscriptions
were removed.
Chapter 4. Known issues
The known issues for Red Hat Update Infrastructure 3.1.9 includes the following subjects.
When a user tries to list packages in repositories with a large amount of packages, rhui-manager reports an error:
An unexpected error has occurred during the last operation. More information can be found in /root/.rhui/rhui.log.
An example of a repository with a large amount of packages is
Red Hat Enterprise Linux 7 Server from RHUI (RPMs) (7Server-x86_64)
. See BZ 1399605 for more details.- A repository may not finish synchronizing if the Red Hat Update Appliance (RHUA) reboots while the task is running. If it becomes necessary to synchronize the repository manually, you should first check the task list in Pulp. Something internal in Pulp must have gone wrong, and you will need to cancel that task if it appears to be stuck in the Running state while nothing is actually being transferred. You can try synchronizing the affected repository in rhui-manager again. If the re-synchronization does not resolve the problem, you may have to cancel the new synchronization task, remove the broken repository, and add and synchronize the repository once more. See Check Repository Synchronization in the Red Hat Update Infrastructure System Administrator’s Guide for more details.
When attempting to upload
redhat-logos-4.9.16-1.noarch.rpm
to a custom repository, the upload fails with the following error:An unexpected error has occurred during the last operation. More information can be found in /root/.rhui/rhui.log.
See BZ#1198817 for more details.
-
It is impossible to pull the OSTree repository on an Atomic Host immediately after it synchronizes for the first time. The synchronization must run at least twice; even then, the content is not available until Pulp publishes the files in the Apache directories, which takes several more minutes. Use the rhui-manager utility to forcibly run the synchronization for the second time or wait for the next synchronization, which occurs 4 hours after the first one. You can use the
pulp-admin tasks list
command on the RHUA node to check if a Pulp task is running and thepulp-admin tasks details --task-id ID
command to check the progress of a running Pulp synchronization or publish task. See BZ#1427190 for more details.