Chapter 3. Updates

Note

Red Hat recommends that you back up your system before you perform any updates. See the backup instructions in the Red Hat Update Infrastructure 3.1.9 System Administrator’s Guide for more details.

Note

As of version 3.1, RHUI will not be supported on RHEL 6. This and future updates will only be made available for RHEL 7. Users of RHUI on RHEL 6 are encouraged to migrate to RHEL 7.

3.1. Updates for Red Hat Update Infrastructure 3.1.0

This update includes the following enhancements, deletions, or revisions:

  • The MongoDB packages have been upgraded to upstream version 2.6, which provides a number of bug fixes and enhancements over the previous version. (BZ#1487523)

  • The Pulp packages have been upgraded to upstream version 2.18, which provides a number of bug fixes and enhancements over the previous version. The following list includes notable bug fixes:

    • When an updated version of updateinfo.xml.gz is found in the Red Hat CDN, the previously saved updateinfo.xml.gz file is no longer kept locally to save disk space. Note that updateinfo.xml.gz files saved prior to this update will not be deleted after the next synchronization by Pulp 2.18. Remove them by hand or using the script described in the solution article that is linked in the References section. (BZ#1593218)
    • If an erratum affects multiple repositories, the updateinfo.xml.gz files are correctly generated for all of them so that the yum updateinfo command can correctly display the relevant errata information. (BZ#1599116)
    • The Red Hat Enterprise Linux 7 Server from the RHUI repository has recently started to fail to synchronize, with an error message stating "DocumentTooLarge: BSON document too large." As a consequence, kernel-3.10.0-957.12.1.el7 was not available in RHUI. This problem has been fixed, and the repository can be synchronized correctly. (BZ#1707778)
  • As a Pulp-based solution, RHUI can serve as an alternate content source for another systems management product. A RHUI administrator can now create a configuration RPM containing files that allow the other product to download packages from RHUI. (BZ#1695464)
  • Legacy Certificate Authority (CA) certificates can be installed on CDS nodes to keep clients from losing access to entitled repositories after a new CA certificate is deployed in RHUI 3. (BZ#1698806)

Complete the update

Before applying this update, make sure all previously released errata relevant to your system have been applied.

See How do I apply package updates to my RHEL system? for more details.

Note

Before applying this update on CDS nodes, be sure to remount the shared file system, typically mounted at /var/lib/rhui/remote_share, read-write. This is necessary to allow the pulp-server package to update. Remount the files ystem read-only again after the update. Restart the httpd service in the end.

Important

There are several steps to take after applying this update on the RHUA node:

  • Perform database migrations by running sudo -u apache pulp-manage-db.
  • Restart RHUI services by running rhui-services-restart.
Note

Migrations may take several minutes to finish, depending on the number of repositories and packages you have in your RHUI. Be sure to pay attention to the output from the migrations. If you have RHEL 8 repositories in your RHUI, you may need to republish some of them. Follow the instructions in the output.

3.2. Updates for Red Hat Update Infrastructure 3.1.1

This update includes the following enhancements, deletions, or revisions:

  • Previously, when a CDS node was unregistered from RHUI, it was not removed from HAProxy configuration. It is now removed from the configuration so that HAProxy does not keep track of the unregistered node anymore. (BZ#1454542)
  • Prior to this update, when a CDS or a HAProxy node was unregistered from RHUI using the command line, the relevant RHUI services, httpd and haproxy, respectively, were not stopped on the nodes. In addition, the RHUI remote file system was left mounted on the unregistered CDS node. The command line interface was fixed to correctly clean up unregistered CDS or HAProxy nodes. (BZ#1640002)
  • Previously, only Red Hat repositories could be used when generating entitlement certificates on the command line. Any protected custom repositories also specified on the command line were ignored. With this update, protected custom repositories can be included when generating entitlement certificates on the command line. (BZ#1663422)
  • Client configuration RPMs can now be generated with custom proxy settings for Yum. The settings will be saved for each RHUI repository in the rh-cloud.repo file. Consult the RHUI 3.1 System Administrators Guide, linked to in the References section, for more information about this feature. (BZ#1658088)
  • When multiple repositories are scheduled to be synchronized, only a few of them can be actively synchronized at a time. The rest are waiting, but information about them is only kept in the system’s memory. If the system is rebooted or the Qpid service is restarted, the information about the repositories waiting for synchronization is lost. To allow the information to be saved on the disk, the Qpid persistence extension has been added. This feature is also described in the RHUI 3.1 System Administrators Guide. (BZ#1702254)
  • Client configuration RPMs used to be generated with a fixed release of "1". They can now be generated with any other release; the default release remains "1". This is useful if you have to generate a new configuration RPM containing updated certificates or repository data, and you do not want to use a higher version for any reason. (BZ#1715139)

Users of RHUI are advised to upgrade to these updated packages that fix these bugs and add these enhancements.

3.3. Updates for Red Hat Update Infrastructure 3.1.2

This update includes the following enhancements, deletions, or revisions:

  • The rhui-manager tool displays a numbered list of items to choose from when managing repositories or nodes. This list is numbered from 1 to the total number of items, and the RHUI administrator is expected to enter one or more numbers adjacent to the managed items. When the administrator entered 0 for some reason, the last item from the list got selected by mistake, or nothing got selected but rhui-manager subsequently crashed. This has been fixed so that entering 0 has no effect. (BZ#1305612)
  • The rhui command did not provide any error message and exited with a status of 0 when it was instructed to delete a CDS or an HAProxy node that was not registered in RHUI. With this update, an error message is printed and the exit code is not 0. (BZ#1409697)
  • An unnecessary error message was logged on CDS nodes when a legacy CA certificate was configured but a client machine used the primary CA certificate. This message is no longer logged. (BZ#1731856)
  • When the rhui-manager tool displays repositories to delete or show detailed information about, it newly categorizes them as follows: Custom Repositories, Red Hat Repositories: Docker, Red Hat Repositories: OSTree, and Red Hat Repositories: Yum. This way the RHUI administrator can better understand which of the managed repositories belong in which category. (BZ#1402361)

Users of RHUI are advised to upgrade to these updated packages that fix these bugs and add this enhancement.

Complete the update

Before applying this update, make sure all previously released errata relevant to your system have been applied.

See How do I apply package updates to my RHEL system? for more details.

Apache must be restarted on CDS nodes for the rhui-oid-validator update to take effect. After applying the update, run the systemctl restart httpd command on your CDS nodes.

3.4. Updates for Red Hat Update Infrastructure 3.1.3

This update includes the following enhancements, deletions, or revisions:

  • After a change to Atomic metadata, the Red Hat Enterprise Linux Atomic Host (Trees) repository could not be synchronized. The following error message was logged: OverflowError: MongoDB can only handle up to 8-byte ints. The pulp-ostree package has been upgraded to upstream version 1.3.1, which resolves this issue. (BZ#1757764)
  • With this update, RHUI leverages registry.redhat.io as the default container registry. Any previously added containers will still be synchronized from registry.access.redhat.com, but newly added containers will be synchronized from the new registry, unless a different registry is specified. Because the new registry requires authentication, a login and password must be supplied. See Add a Container to Red Hat Update Infrastructure for more information. (BZ#1692119)

Users of RHUI are advised to upgrade to these updated packages that fix these bugs and add these enhancements.

Complete the update

Before applying this update, make sure all previously released errata relevant to your system have been applied.

See How do I apply package updates to my RHEL system? for more details.

Note

Before applying this update on CDS nodes, be sure to remount the shared file system, typically mounted at /var/lib/rhui/remote_share, read-write. This is necessary to allow the pulp-ostree-plugins package to update. Remount the file system read-only again after the update.

Important

There are several steps to take after applying this update on the RHUA node:

  • Make sure Pulp services are stopped by running systemctl stop pulp\*.
  • Perform database migrations by running sudo -u apache pulp-manage-db.
  • Restart RHUI services by running rhui-services-restart.

In addition, for the fix for bug 1692119 to take effect, not only must the python2-crane package from this erratum be updated on CDS nodes, but the new configuration must be reapplied to them. To do so, on the RHUA node, use rhui-manager → c → r → select one hostname at a time, or use the command line: rhui cds reinstall HOSTNAME; repeat for all your CDS host names.

As described in the System Administrator’s Guide, you may also want to copy the new docker section from /etc/rhui/rhui-tools.conf.rpmnew to /etc/rhui/rhui-tools.conf and edit it according to your needs.

3.5. Updates for Red Hat Update Infrastructure 3.1.4

This update includes the following enhancements, deletions, or revisions:

  • A comps file, which is an XML file containing package groups, environments, categories, and language packs, can now be imported and become part of metadata for a custom repository. The RHUI 3.1 System Administrator’s Guide has been updated with information about how to use this feature in RHUI. See the "groups" section in the yum manpage for instructions on how RHUI clients can leverage the information in this metadata. Also, see the yum-langpacks manpage from the yum-langpacks package for detailed information about working with language packs. (BZ#1697491)
  • Verbose reporting is turned on by default when adding and reinstalling CDS and HAProxy nodes. This way RHUI administrators can get more information about the process, especially if something fails. (BZ#1751378)

Users of RHUI are advised to upgrade to these updated packages that add these enhancements.

3.6. Updates for Red Hat Update Infrastructure 3.1.5

This update includes the following enhancements, deletions, or revisions:

  • To tighten security, all SSL protocols as well as TLS protocols older than version 1.2 are now disabled. Clients running RHEL 6 and newer will use TLS 1.2 automatically. Note that for this change to take effect, you must reapply the configuration to existing CDS instances as described at https://access.redhat.com/solutions/4883961. (BZ#1637261)
Important

Because RHEL 5 does not support TLS 1.2, clients running RHEL 5 will not be able to use Yum repositories from RHUI 3.1.5 after this change. If you have RHEL 5 clients, do not reapply the configuration, or remove "-TLSv1 -TLSv1.1" from the /etc/httpd/conf.d/ssl.conf file and restart the httpd service on your CDS instances to revert this change. You will not be able to enforce TLS 1.2.

  • Previously, when RHUI administrators were asked to log in to rhui-manager, unnecessary and potentially confusing messages were displayed. Now, rhui-manager only informs the administrators about the fact that a login is required, and if the password has not been changed yet, a change is recommended. (BZ#1805385)

Red Hat advises users of RHUI to upgrade to the updated packages that add these enhancements.

3.7. Updates for Red Hat Update Infrastructure 3.1.6

This update includes the following enhancements, deletions, or revisions:

  • You can upload packages stored on remote servers to custom repositories without having to download them beforehand. You can also use the new ur option on the Repository Management screen or the new rhui-manager packages remote command to provide package URLs. (BZ#1204277)

Red Hat advises users of RHUI to upgrade to the updated packages that add this enhancement.

3.8. Updates for Red Hat Update Infrastructure 3.1.7

This update includes the following enhancements, deletions, or revisions:

  • The output from the rhui-manager cert info command is now part of sosreport archives created on RHUA nodes. This command provides information about entitled products based on entitlement certificates used in RHUI. (BZ#1845238)
  • Previously, when a RHUI administrator launched rhui-manager to add new repositories, information about available repositories had to be obtained from the Red Hat CDN, which could take several minutes because hundreds of HTTP requests had to be processed. With this update, available repositories are cached when their list is needed for the first time. As a result, further attempts to add repositories to RHUI do not involve communication with the Red Hat CDN, and a list of available repositories is provided to the RHUI administrator immediately. (BZ#1873956)

Red Hat advises users of RHUI to upgrade to the updated packages that add these enhancements.

3.9. Updates for Red Hat Update Infrastructure 3.1.8

This update includes the following enhancements, deletions, or revisions:

  • Previously, rhui-manager expected entitlements from Red Hat Subscription Manager certificates to be based on so called pool IDs. Simple content access (SCA) does not use any pool IDs; consequently, an error occurred in rhui-manager when users who had enabled SCA for their accounts wanted to register their subscription in rhui-manager. With this update, rhui-manager has been fixed to take SCA entitlements into account. As a result, the error no longer occurs and users can register their subscriptions. This change does not affect traditional entitlements with pool IDs, which can still be used as usual. (BZ#1940997)

Red Hat advises users of RHUI to upgrade to the updated packages that fix this issue.

3.10. Updates for Red Hat Update Infrastructure 3.1.9

This update includes the following enhancements, deletions, or revisions:

Entitlement certificates in the /etc/pki/rhui/redhat/ directory and in the importer directories for all active RHUI repositories are now correctly updated when the serial number of a certificate in the /etc/pki/entitlement/ directory changes. This allows RHUI to keep synchronizing repositories when a certificate from a registered subscription is updated or revoked for any reason. (BZ#1957870)

Note

The sm screen and the corresponding subscriptions subcommand have been removed from rhui-manager. The synchronize-rhui-subscriptions cron job, which runs hourly, now keeps entitlement certificates current with system subscriptions.

  • Section 6.8, Register a Red Hat Subscription in RHUI was removed in its entirety,
  • Section 6.9, Enable Automatic Entitlement Certificate Updates was renumbered to 6.8 and revised to remove the mention of registering a Red Hat subscription.
  • Section 15.4.3, Manage Certificate and Keys was revised to remove the mention of registering a Red Hat subscription. An admonition was added regarding the rhsmcertd service.
  • Section b.6, subscriptions of Appendix B, Red Hat Update Infrastructure Command Line Interface was removed in its entirety.
  • Section F.1.3.1. Entitlement Certificate Refresh of Appendix F, Red Hat Update Infrastructure was revised to remove mention of registering a Red Hat subscription.
  • Throughout the System Adminstrator’s Guide, all commands for sm manage Red Hat subscriptions were removed.