RHBA-2019:2474 - Bug Fix Advisory

Topic

Update the Red Hat Insights client package with numerous bug fixes.

Description

In addition to resolving several bugs surrounding the installation of the insights-client package, such as file permissions and upgrade issues, this RPM updates the insights-client core version to restore a registered system's ability to check in without requiring the cgroup option to be manually set to ignore_cgroup=True in /etc/insights-client/insights-client.conf.

A core update was previously pushed that caused insights-client installed on many RHEL6 systems to stop checking in with Red Hat and fail with the following error:

ERROR insights.client.phase.v1 Memory cgroup is disabled; insights-client will not run. To run anyway, set ignore_cgroup=True in /etc/insights-client/insights-client.conf

You can use one of the following methods to determine if your system was affected:

• Scan /var/log/insights-client/insights-client.log for the error.
• Invoke the client to see if it returns the error.
• Use insights-client --version to check which core version you are running. if the core version is anything other than 110, you are not impacted:

# insights-client --version
Client: 3.0.3-9
Core: 3.0.110-1

This RPM restores an impacted system's ability to check in without having to manually set the configuration file option. If you have already set ignore_cgroup=True, a warning will be returned but the upload will continue and you can remove the option at your convenience.

If you are not planning to upgrade to this RPM immediately, you can take remedial action right away by just executing the following command:

INSIGHTS_IGNORE_CGROUP=True insights-client

This will download a fix immediately (make sure auto_update=True is set in /etc/insights-client/insights-client.conf). For additional options for immediate remediation see the knowledge base article linked under References below.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x

Fixes

• BZ - 1623166 - oscap scan failed under the profile C2S(RHLE6) for Verify Integrity with RPM for files under /etc/insights-clients
• BZ - 1730643 - REGRESSION: Egg 3.0.110 does not start on standard RHEL6/RHEL7 anymore due to cgroups check
• BZ - 1735371 - Need to change the default permissions for the /var/log/insights-client/ directory
• BZ - 1735838 - /var/lib/insights directory should be tracked by the rpm
• BZ - 1735882 - [RFE] Improve the rpm spec file of insights-client package.
• BZ - 1735925 - non-root user presented with cryptic error "No GPG-verified eggs can be found"
• BZ - 1735926 - insights-client.conf man page text has it in wrong section of manual

CVEs

(none)

References

• https://access.redhat.com/solutions/4289381