EUSを使いたい
こんにちは、のんピ(@non____97)です。
皆さんはRed Hat Enterprise Linux (以降RHEL)の pay-as-you-go (以降PAYG)のEC2インスタンスでEUSを使いたいなと思ったことはありますか? 私はあります。
EUSとはExtended Update Supportのことで、事前に定義された特定のマイナーリリースに影響度が高いセキュリティ更新と優先度が緊急と判断されたバグフィックスのバックポートを提供するオプションです。
通常、各マイナーリリースのプログラム修正は次のマイナーリリースの提供開始までですが、EUSを使用することで最大2年間同じマイナーリリースで先述したパッケージを適用することが可能です。
Red Hat Enterprise Linux サブスクリプションでは、次のマイナーリリースが提供されるまで、現行のアクティブなマイナーリリースで利用可能なすべての RHSA と RHBA が提供されます。 一方、EUS (特定のマイナーリリースで利用可能) では、その特定のマイナーリリース後に利用可能な、Red Hat が定義する 影響度が「重大」および「重要」ix の RHSA と優先度が「緊急」の一部 (判断は Red Hat による) の RHBA が、後続のマイナーリリースと並行して、個別に提供されます。 RHEL 7 に含まれるパッケージのリストは こちら を参照してください。 下記の Red Hat Enterprise Linux 8 & 9 延長アップデートサポートメンテナンスポリシー を参照してください。
Red Hat Enterprise Linux EUS の各ストリームは、マイナーリリースの公開後 24 カ月間利用できます。
そんなマイナーリリースをある程度固定化したい場合に役立つEUSですが、AWS上では従量課金であるPAYGインスタンスでは使えないと認識していました。
しかし、RHEL 8または RHEL 9ではrhui-eus-switchなるコマンドでEUSリポジトリをサブスクライブできると情報いただきました。
RHELのプレミアムサブスクリプションを持っているとEUSも付随します。そのためPAYG RHELでも追加料金なしで使えると認識しています。(実際以降の検証をした後の割増料金は請求されませんでした)
EUS は x86-64 Red Hat Enterprise Linux Server Premium サブスクリプションで提供され、Red Hat Enterprise Linux Server 標準サブスクリプション、Red Hat Enterprise Linux for IBM Power LE、および Red Hat Enterprise Linux for IBM z Systems サブスクリプションへのアドオンとして利用できます。 EUS は、バージョン 9 のみのアドオンとして、Red Hat Enterprise Linux Workstation の標準およびプレミアムサブスクリプションで利用できるようになりました。
Red Hat Enterprise Linux (RHEL) Extended Update Support (EUS) の概要 - Red Hat Customer Portal
実際に試してみたので紹介します。
いきなりまとめ
rhui-eus-switchを使用することでRHELのPAYGインスタンスから EUS リポジトリをサブスクライブ可能rhui-eus-switchはrh-amazon-rhui-client-4.0.8-1.el8以降のバージョンで使える- EUSにスイッチ中はAppStreamのモジュールを使用できない
- デフォルトのリポジトリにリセットすることも可能
試してみた
デフォルトのRHEL 9.0の情報の確認
検証用のEC2インスタンスとしてRHEL 9.0のEC2インスタンスを用意しました。
RHEL 9.0はEUSの対象です。
AMIの名前とus-east-1上のIDは以下の通りです。
- RHEL-9.0.0_HVM-20220513-x86_64-0-Hourly2-GP2
- ami-0c41531b8d18cc72b
まず、適用可能なアップデートを確認します。
$ sudo dnf check-update
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:04:51 ago on Tue 01 Aug 2023 10:27:01 AM UTC.
NetworkManager.x86_64 1:1.42.2-3.el9_2 rhel-9-baseos-rhui-rpms
NetworkManager-cloud-setup.x86_64 1:1.42.2-3.el9_2 rhel-9-appstream-rhui-rpms
NetworkManager-libnm.x86_64 1:1.42.2-3.el9_2 rhel-9-baseos-rhui-rpms
NetworkManager-team.x86_64 1:1.42.2-3.el9_2 rhel-9-baseos-rhui-rpms
NetworkManager-tui.x86_64 1:1.42.2-3.el9_2 rhel-9-baseos-rhui-rpms
audit.x86_64 3.0.7-103.el9 rhel-9-baseos-rhui-rpms
audit-libs.x86_64 3.0.7-103.el9 rhel-9-baseos-rhui-rpms
authselect.x86_64 1.2.6-1.el9 rhel-9-baseos-rhui-rpms
authselect-compat.x86_64 1.2.6-1.el9 rhel-9-appstream-rhui-rpms
authselect-libs.x86_64 1.2.6-1.el9 rhel-9-baseos-rhui-rpms
bash.x86_64 5.1.8-6.el9_1 rhel-9-baseos-rhui-rpms
.
.
(中略)
.
.
which.x86_64 2.21-28.el9 rhel-9-baseos-rhui-rpms
xz.x86_64 5.2.5-8.el9_0 rhel-9-baseos-rhui-rpms
xz-libs.x86_64 5.2.5-8.el9_0 rhel-9-baseos-rhui-rpms
yum.noarch 4.14.0-5.el9_2 rhel-9-baseos-rhui-rpms
yum-utils.noarch 4.3.0-5.el9_2 rhel-9-baseos-rhui-rpms
zlib.x86_64 1.2.11-39.el9 rhel-9-baseos-rhui-rpms
Obsoleting Packages
grub2-tools.x86_64 1:2.06-27.el9_0.7 rhel-9-baseos-rhui-rpms
grub2-tools.x86_64 1:2.06-27.el9_0 @System
grub2-tools.x86_64 1:2.06-46.el9 rhel-9-baseos-rhui-rpms
grub2-tools.x86_64 1:2.06-27.el9_0 @System
grub2-tools.x86_64 1:2.06-46.el9_1.3 rhel-9-baseos-rhui-rpms
grub2-tools.x86_64 1:2.06-27.el9_0 @System
.
.
(中略)
.
.
grub2-tools-minimal.x86_64 1:2.06-61.el9 rhel-9-baseos-rhui-rpms
grub2-tools.x86_64 1:2.06-27.el9_0 @System
systemd-udev.x86_64 252-13.el9_2 rhel-9-baseos-rhui-rpms
systemd-udev.x86_64 250-6.el9_0 @System
systemd-udev.x86_64 252-14.el9_2.1 rhel-9-baseos-rhui-rpms
systemd-udev.x86_64 250-6.el9_0 @Systemリリースバージョンを指定していないので、RHEL 9.2のパッケージまでアップデートされそうですね。
--releasever=9.0を指定して、RHEL 9.0のパッケージのみに絞って再実行します。
$ sudo dnf check-update --releasever=9.0
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs) 35 MB/s | 11 MB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs) 30 MB/s | 5.3 MB 00:00
Last metadata expiration check: 0:00:01 ago on Tue 01 Aug 2023 11:16:24 AM UTC.
NetworkManager.x86_64 1:1.36.0-5.el9_0 rhel-9-baseos-rhui-rpms
NetworkManager-cloud-setup.x86_64 1:1.36.0-5.el9_0 rhel-9-appstream-rhui-rpms
NetworkManager-libnm.x86_64 1:1.36.0-5.el9_0 rhel-9-baseos-rhui-rpms
NetworkManager-team.x86_64 1:1.36.0-5.el9_0 rhel-9-baseos-rhui-rpms
NetworkManager-tui.x86_64 1:1.36.0-5.el9_0 rhel-9-baseos-rhui-rpms
ca-certificates.noarch 2022.2.54-90.2.el9_0 rhel-9-baseos-rhui-rpms
cloud-init.noarch 21.1-19.el9_0.4 rhel-9-appstream-rhui-rpms
cryptsetup-libs.x86_64 2.4.3-4.el9_0.1 rhel-9-baseos-rhui-rpms
.
.
(中略)
.
.
tzdata.noarch 2022f-1.el9_0 rhel-9-baseos-rhui-rpms
vim-minimal.x86_64 2:8.2.2637-16.el9_0.3 rhel-9-baseos-rhui-rpms
xz.x86_64 5.2.5-8.el9_0 rhel-9-baseos-rhui-rpms
xz-libs.x86_64 5.2.5-8.el9_0 rhel-9-baseos-rhui-rpms
zlib.x86_64 1.2.11-32.el9_0 rhel-9-baseos-rhui-rpms
Obsoleting Packages
grub2-tools.x86_64 1:2.06-27.el9_0.7 rhel-9-baseos-rhui-rpms
grub2-tools.x86_64 1:2.06-27.el9_0 @System
grub2-tools-efi.x86_64 1:2.06-27.el9_0.7 rhel-9-baseos-rhui-rpms
grub2-tools.x86_64 1:2.06-27.el9_0 @System
grub2-tools-extra.x86_64 1:2.06-27.el9_0.7 rhel-9-baseos-rhui-rpms
grub2-tools.x86_64 1:2.06-27.el9_0 @System
grub2-tools-minimal.x86_64 1:2.06-27.el9_0.7 rhel-9-baseos-rhui-rpms
grub2-tools.x86_64 1:2.06-27.el9_0 @Systemパッケージのバージョンがel9_0とRHEL 9.0のものになりましたね。
dnf updateinfoで適用可能なErrataも比較してみます。
# リリースバージョンを指定しない場合
$ sudo dnf updateinfo
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs) 46 MB/s | 23 MB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs) 42 MB/s | 13 MB 00:00
Red Hat Enterprise Linux 9 Client Configuration 28 kB/s | 3.2 kB 00:00
Updates Information Summary: available
81 Security notice(s)
26 Important Security notice(s)
50 Moderate Security notice(s)
5 Low Security notice(s)
218 Bugfix notice(s)
10 Enhancement notice(s)
# リリースバージョンを指定する場合
$ sudo dnf updateinfo --releasever=9.0
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:00:35 ago on Tue 01 Aug 2023 11:16:24 AM UTC.
Updates Information Summary: available
29 Security notice(s)
12 Important Security notice(s)
17 Moderate Security notice(s)
26 Bugfix notice(s)
1 Enhancement notice(s)適用可能なErrataの数がかなり異なりますね。
リリースバージョンとしてRHEL 9.0を指定した場合のErrataのID(RHSAに絞って)を確認します。
$ sudo dnf updateinfo list --releasever=9.0 | grep RHSA | sort
RHSA-2022:4592 Important/Sec. rsync-3.2.3-9.el9_0.1.x86_64
RHSA-2022:4795 Important/Sec. rsyslog-8.2102.0-101.el9_0.1.x86_64
RHSA-2022:4795 Important/Sec. rsyslog-logrotate-8.2102.0-101.el9_0.1.x86_64
RHSA-2022:4940 Important/Sec. xz-5.2.5-8.el9_0.x86_64
RHSA-2022:4940 Important/Sec. xz-libs-5.2.5-8.el9_0.x86_64
.
.
(中略)
.
.
RHSA-2022:7318 Important/Sec. python3-perf-5.14.0-70.30.1.el9_0.x86_64
RHSA-2022:7323 Moderate/Sec. python3-3.9.10-3.el9_0.x86_64
RHSA-2022:7323 Moderate/Sec. python3-libs-3.9.10-3.el9_0.x86_64
RHSA-2022:7323 Moderate/Sec. python-unversioned-command-3.9.10-3.el9_0.noarch
RHSA-2022:7329 Moderate/Sec. lua-libs-5.4.2-4.el9_0.3.x86_64いずれも2022年のものであることが分かります。RHEL 9.1がリリースされたのが2022年の11月なので、2023年のErrataは表示されないということですね。
次にデフォルトのリポジトリを確認します。
# 有効なリポジトリ一覧
$ sudo dnf repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name
rhel-9-appstream-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs)
rhel-9-baseos-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs)
rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration
# 全てのリポジトリ一覧
$ sudo dnf repolist --all
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name status
codeready-builder-for-rhel-9-rhui-debug-rpms Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from disabled
codeready-builder-for-rhel-9-rhui-rpms Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from disabled
codeready-builder-for-rhel-9-rhui-source-rpms Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from disabled
rhel-9-appstream-rhui-debug-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from disabled
rhel-9-appstream-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from enabled
rhel-9-appstream-rhui-source-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from disabled
rhel-9-baseos-rhui-debug-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU disabled
rhel-9-baseos-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU enabled
rhel-9-baseos-rhui-source-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU disabled
rhel-9-supplementary-rhui-debug-rpms Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled
rhel-9-supplementary-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled
rhel-9-supplementary-rhui-source-rpms Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled
rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration enabledRHUIのリポジトリとクライアント設定用のリポジトリが有効化されていますね。
有効となっているRHUIのリポジトリ設定は以下のとおりです。
$ cat /etc/yum.repos.d/redhat-rhui.repo
.
.
(中略)
.
.
[rhel-9-appstream-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - AppStream from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/appstream/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
.
.
(中略)
.
.
[rhel-9-baseos-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - BaseOS from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/baseos/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
.
.
(以下略)
.
.次に、AppStreamのモジュール一覧を確認します。
$ sudo dnf module list
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:00:26 ago on Tue 01 Aug 2023 11:14:31 AM UTC.
Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs)
Name Stream Profiles Summary
maven 3.8 common [d] Java project management and project comprehension tool
nginx 1.22 common [d] nginx webserver
nodejs 18 common [d], development, minimal, s2i Javascript runtime
php 8.1 common [d], devel, minimal PHP scripting language
postgresql 15 client, server PostgreSQL server and client module
ruby 3.1 common [d] An interpreter of object-oriented scripting language
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled正しく表示されていますね。
EUSへのスイッチをする下準備
それではEUSへのスイッチを行いましょう。
まず、EUSへスイッチするコマンドrhui-eus-switchがあるかチェックします。
$ which rhui-eus-switch
/usr/bin/which: no rhui-eus-switch in (/home/ec2-user/.local/bin:/home/ec2-user/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin)どうやら初期インストールされていないようです。
調査してみると、rhui-eus-switchはrh-amazon-rhui-client-4.0.8-1.el8以降のバージョンで使えるようです。
デフォルトでインストールされているrh-amazon-rhui-clientは4.0.4-1でした。
$ rpm -qa | grep rh-amazon-rhui-client
rh-amazon-rhui-client-4.0.4-1.el9.noarchアップデートしましょう。
# 使用可能な rh-amazon-rhui-client の一覧
$ sudo dnf search rh-amazon-rhui-client --showduplicate
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:05:47 ago on Tue 01 Aug 2023 10:47:43 AM UTC.
================================ Name Exactly Matched: rh-amazon-rhui-client =================================
rh-amazon-rhui-client-4.0.4-1.el9.noarch : Yum repository and entitlement certificate configuration
rh-amazon-rhui-client-3.0.44-1.el9.noarch : Yum repository and entitlement certificate configuration
rh-amazon-rhui-client-3.0.45-1.el9.noarch : Yum repository and entitlement certificate configuration
rh-amazon-rhui-client-4.0.4-1.el9.noarch : Yum repository and entitlement certificate configuration
rh-amazon-rhui-client-4.0.5-1.el9.noarch : Yum repository and entitlement certificate configuration
rh-amazon-rhui-client-4.0.6-1.el9.noarch : Yum repository and entitlement certificate configuration
rh-amazon-rhui-client-4.0.8-1.el9.noarch : Yum repository and entitlement certificate configuration
rh-amazon-rhui-client-4.0.9-1.el9.noarch : Yum repository and entitlement certificate configuration
# rh-amazon-rhui-client-4.0.8-1.el9へのアップデート
$ sudo dnf upgrade rh-amazon-rhui-client-4.0.8-1.el9
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:20:36 ago on Tue 01 Aug 2023 10:39:11 AM UTC.
Dependencies resolved.
==============================================================================================================
Package Architecture Version Repository Size
==============================================================================================================
Upgrading:
rh-amazon-rhui-client noarch 4.0.8-1.el9 rhui-client-config-server-9 38 k
Installing dependencies:
amazon-libdnf-plugin x86_64 1.0.1-1.el9 rhui-client-config-server-9 15 k
Transaction Summary
==============================================================================================================
Install 1 Package
Upgrade 1 Package
Total download size: 53 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): amazon-libdnf-plugin-1.0.1-1.el9.x86_64.rpm 359 kB/s | 15 kB 00:00
(2/2): rh-amazon-rhui-client-4.0.8-1.el9.noarch.rpm 656 kB/s | 38 kB 00:00
--------------------------------------------------------------------------------------------------------------
Total 616 kB/s | 53 kB 00:00
Running transaction check
.
.
(中略)
.
.
Upgraded:
rh-amazon-rhui-client-4.0.8-1.el9.noarch
Installed:
amazon-libdnf-plugin-1.0.1-1.el9.x86_64
Complete!アップデート完了後、rhui-eus-switchが存在するかチェックします。
$ which rhui-eus-switch
/usr/bin/rhui-eus-switchインストールされていますね。
どんなコマンドかチェックしましょう。
/usr/bin/rhui-eus-switch
#!/usr/bin/python3
#
# Martin Minar <mminar@redhat.com>
#
# Copyright 2023 Red Hat, Inc.
#
# This software is licensed to you under the GNU General Public
# License as published by the Free Software Foundation; either version
# 2 of the License (GPLv2) or (at your option) any later version.
# There is NO WARRANTY for this software, express or implied,
# including the implied warranties of MERCHANTABILITY,
# NON-INFRINGEMENT, or FITNESS FOR A PARTICULAR PURPOSE. You should
# have received a copy of GPLv2 along with this software; if not, see
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
import sys
import json
import os
import sys
import subprocess
try:
import requests
except ImportError:
print("This script requires the requests module.")
print("Please install it with 'pip3 install requests' and try again.")
sys.exit(1)
METADATA_URL = 'http://169.254.169.254/latest/dynamic/instance-identity/document'
FLAG_FILE_PATH = "/var/run/rhui-eus-switch"
ALLOWED_BILLING_PRODUCTS = ['bp-6fa54006']
ALLOWED_RHEL8_EUS_VERSIONS = ['8.6', '8.8']
ALLOWED_RHEL9_EUS_VERSIONS = ['9.0', '9.2']
ALLOWED_ARCHITECTURES = ['x86_64','arm64']
def check_eus_eligibility():
try:
response = requests.get(METADATA_URL)
response.raise_for_status()
metadata = json.loads(response.text)
billing_products = metadata.get('billingProducts', [])
architecture = metadata.get('architecture', '')
if set(billing_products) & set(ALLOWED_BILLING_PRODUCTS) and architecture in ALLOWED_ARCHITECTURES:
print("You RHEL product version is eligible for switch to EUS.")
return True
else:
if not architecture in ALLOWED_ARCHITECTURES:
print("Your RHEL product architecture is not eligible for switch to EUS. Supported architectures: {}".format(', '.join(ALLOWED_ARCHITECTURES)))
else:
print("Your RHEL product is not eligible for switch to EUS.")
return False
except requests.exceptions.RequestException as e:
print(f"Error retrieving instance metadata: {e}")
return False
def check_version_eligibility():
try:
with open('/etc/os-release') as os_release:
for line in os_release:
if line.startswith('VERSION_ID='):
version_id = line.split('=')[1].strip('"\n')
if version_id in ALLOWED_EUS_VERSIONS:
print("Your current version is eligible for switch to EUS.")
return True
else:
print("Your current version is not eligible for switch to EUS.")
return False
except IOError as e:
print(f"Error reading /etc/os-release: {e}")
return False
def get_allowed_versions():
with open('/etc/os-release') as os_release:
for line in os_release:
if line.startswith('VERSION_ID='):
version_id = line.split('=')[1].strip('"\n')
major_version = version_id.split('.')[0] # Extract major version
if major_version == '8':
return ALLOWED_RHEL8_EUS_VERSIONS
elif major_version == '9':
return ALLOWED_RHEL9_EUS_VERSIONS
else:
return []
if __name__ == "__main__":
if os.geteuid() != 0:
print("This script must be run as root.")
sys.exit(1)
ALLOWED_EUS_VERSIONS = get_allowed_versions()
if len(sys.argv) > 1:
if sys.argv[1] == 'reset':
print("Resetting to main stream version.")
if os.path.exists(FLAG_FILE_PATH):
os.remove(FLAG_FILE_PATH)
subprocess.run(['/usr/sbin/choose_repo.py'], check=True)
subprocess.run(['rhui-set-release', '--unset'], check=True)
subprocess.run(['dnf', 'clean', 'all'], check=True)
elif sys.argv[1] in ALLOWED_EUS_VERSIONS and check_eus_eligibility():
print("Switching to EUS version " + sys.argv[1])
subprocess.run(['/usr/sbin/choose_repo.py', 'eus'], check=True)
subprocess.run(['rhui-set-release', '--set', sys.argv[1]], check=True)
subprocess.run(['dnf', 'clean', 'all'], check=True)
# Create a flag file to indicate that the switch to EUS was done
with open(FLAG_FILE_PATH, 'w') as flag_file:
flag_file.write("Switch to EUS done.\n")
else:
print("Version " + sys.argv[1] + " is not eligible for EUS switch.")
else:
print("Checking if current version is eligible for EUS switch.")
if check_eus_eligibility() and check_version_eligibility():
print("To switch to EUS, run this script with the version you want to switch to as a parameter.")
print("Currently supported versions are: " + ', '.join(ALLOWED_EUS_VERSIONS))
print("Examples:")
print("To switch to RHEL EUS 8.6, run: " + sys.argv[0] + " 8.6")
print("To reset back to main stream version, run: " + sys.argv[0] + " reset")中身はPythonのスクリプトのようです。
EUSが使用できるマイナーリリースを指定することで、参照するRHUIを切り替えるようですね。
内部で参照している/usr/sbin/choose_repo.pyとrhui-set-releaseが何者かも確認しましょう。
/usr/sbin/choose_repo.pyは実際にEUSのリポジトリの切り替えを行うPythonスクリプトのようです。
/usr/sbin/choose_repo.py
#!/usr/libexec/platform-python
#
# Copyright (c) 2021 Red Hat, Inc.
#
# Authors: Martin Minar
#
# This software is licensed to you under the GNU General Public License,
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
# along with this software; if not, see
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
#
# Red Hat trademarks are not licensed under GPLv2. No permission is
# granted to use or replicate Red Hat trademarks that are incorporated
# in this software or its documentation.
#
import logging
import os
import sys
import re
LOG = logging.getLogger('choose_repo')
FLAG_FILE_PATH = "/var/run/rhui-eus-switch"
def enable_repos(repo_suffix):
repo_file = 'redhat-rhui%s.repo' % repo_suffix
disable_list = ['source', 'debug', 'codeready', 'supplementary', 'rhscl', 'extra', 'optional', 'dotnet']
# Enable the binary repos
LOG.info('Enabling binary repos in %s' % repo_file)
try:
lines = open('/etc/yum.repos.d/%s' % repo_file).read().split('\n')
enable_repo = False
new_lines = []
for line in lines:
if line.startswith('[') and not any(s in line for s in disable_list):
enable_repo = True
if line.startswith('enabled') and enable_repo:
new_lines.append('enabled=1')
enable_repo = False
continue
new_lines.append(line)
with open('/etc/yum.repos.d/%s' % repo_file, 'w') as fd:
fd.write('\n'.join(new_lines))
except FileNotFoundError:
LOG.info('Content file %s not located.' % repo_file)
if repo_suffix == '-eus':
return
# Enable the client config repo
LOG.info('Enabling client config repo')
# SAP Bundle have two variants, but only one file, we need to catch that
if 'sap-bundle' in repo_suffix:
repo_suffix = '-sap-bundle'
if 'beta' in repo_suffix:
repo_suffix = ''
repo_file = 'redhat-rhui-client-config%s.repo' % repo_suffix
cmd = "sed -i 's/enabled=0/enabled=1/' /etc/yum.repos.d/%s" % repo_file
LOG.info('Executing [%s]' % cmd)
os.system(cmd)
def rename_repo(source, target):
try:
os.rename(source, target)
except:
pass
def main():
if len(sys.argv) > 1:
repo_suffix = sys.argv[1]
else:
with open('/etc/redhat-release') as redhat_release:
if re.search('beta', redhat_release.read(), re.IGNORECASE):
repo_suffix = 'beta'
# Rename non beta repo
rename_repo('/etc/yum.repos.d/redhat-rhui.repo', '/etc/yum.repos.d/redhat-rhui.repo.disabled')
rename_repo('/etc/yum.repos.d/redhat-rhui-beta.repo.disabled', '/etc/yum.repos.d/redhat-rhui-beta.repo')
else:
if not os.path.exists(FLAG_FILE_PATH):
repo_suffix = ''
rename_repo('/etc/yum.repos.d/redhat-rhui-beta.repo', '/etc/yum.repos.d/redhat-rhui-beta.repo.disabled')
rename_repo('/etc/yum.repos.d/redhat-rhui-eus.repo', '/etc/yum.repos.d/redhat-rhui-eus.repo.disabled')
rename_repo('/etc/yum.repos.d/redhat-rhui.repo.disabled', '/etc/yum.repos.d/redhat-rhui.repo')
else:
repo_suffix = 'eus'
if 'eus' in repo_suffix:
rename_repo('/etc/yum.repos.d/redhat-rhui.repo', '/etc/yum.repos.d/redhat-rhui.repo.disabled')
rename_repo('/etc/yum.repos.d/redhat-rhui-beta.repo', '/etc/yum.repos.d/redhat-rhui-beta.repo.disabled')
rename_repo('/etc/yum.repos.d/redhat-rhui-eus.repo.disabled', '/etc/yum.repos.d/redhat-rhui-eus.repo')
if repo_suffix:
repo_suffix = '-%s' % repo_suffix
enable_repos(repo_suffix)
if __name__ == '__main__':
formatter = logging.Formatter("[%(levelname)s:%(name)s] %(module)s:%(lineno)d %(asctime)s: %(message)s")
console_handler = logging.StreamHandler()
console_handler.setFormatter(formatter)
file_handler = logging.FileHandler('/var/log/choose_repo.log')
file_handler.setFormatter(formatter)
LOG.addHandler(console_handler)
LOG.addHandler(file_handler)
LOG.setLevel(logging.INFO)
main()フラグ管理で使用している/var/run/rhui-eus-switchはデフォルトでは存在しないようですね。
$ ls -l /var/run/rhui-eus-switch
ls: cannot access '/var/run/rhui-eus-switch': No such file or directoryrhui-set-releaseはリリースバージョンの設定したり、ヘルプを表示したりするBashのシェルスクリプトのようです。
/usr/bin/rhui-set-release
#!/usr/bin/bash
# Copyright © 2018 Red Hat, Inc.
#
# This software is licensed to you under the GNU General Public
# License as published by the Free Software Foundation; either version
# 2 of the License (GPLv2) or (at your option) any later version.
# There is NO WARRANTY for this software, express or implied,
# including the implied warranties of MERCHANTABILITY,
# NON-INFRINGEMENT, or FITNESS FOR A PARTICULAR PURPOSE. You should
# have received a copy of GPLv2 along with this software; if not, see
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
set -e
VERSION="1.0.0"
YUM_RELVER_PATH="/etc/yum/vars/releasever"
SET_ERR_MSG="The set option takes only one value"
UNSET_ERR_MSG="The unset option does not take any value"
NO_ROOT_ERR_MSG="This script needs to run with root privileges"
function print_help {
echo -e "Usage: $(basename $0) [option] ... [--set RELEASE_VERSION | --unset ]\n"
echo -e "Set release version string for Yum in /etc/yum/vars\n"
echo -e "When no option is specified, print the currently set version.\n"
echo -e " -s, --set\t\tset the releasever for yum (the value is not validated)"
echo -e " -u, --unset\t\tremove any previously set value of releasever"
echo -e " -h, --help\t\tshow this help and exit"
echo -e " --version\t\tprint version string"
}
function print_version {
echo "$(basename $0) $VERSION"
}
function cat_version {
cat $YUM_RELVER_PATH 2>/dev/null || :
}
function set_release_version {
echo "$1" > $YUM_RELVER_PATH
}
function remove_release_version {
rm -f $YUM_RELVER_PATH
}
function check_for_help {
for OPTION in $@ ; do
[ "$OPTION" == "-h" ] && print_help && exit 0
[ "$OPTION" == "--help" ] && print_help && exit 0
done
return 0
}
function check_for_version {
for OPTION in $@ ; do
[ "$OPTION" == "--version" ] && print_version && exit 0
done
return 0
}
function check_for_root {
[ $EUID -ne 0 ] && echo $NO_ROOT_ERR_MSG && exit 1
return 0
}
function main {
# processing cli arguments
if [ $# -eq 0 ]; then
cat_version
else
check_for_help $@
check_for_version $@
check_for_root
if [ "$1" == "--set" -o "$1" == "-s" ] ; then
shift
[ $# -ne 1 ] && echo $SET_ERR_MSG && exit 1
set_release_version $@
elif [ "$1" == "--unset" -o "$1" == "-u" ] ; then
shift
[ $# -ne 0 ] && echo $UNSET_ERR_MSG && exit 1
remove_release_version
else
echo "Invalid options: $@"
exit 1
fi
fi
}
main $@EUSへのスイッチ
実際にEUSへのスイッチを行います。
まず、引数に何も指定せずにrhui-eus-switchを実行します。
$ sudo rhui-eus-switch
Checking if current version is eligible for EUS switch.
You RHEL product version is eligible for switch to EUS.
Your current version is eligible for switch to EUS.
To switch to EUS, run this script with the version you want to switch to as a parameter.
Currently supported versions are: 9.0, 9.2
Examples:
To switch to RHEL EUS 8.6, run: /bin/rhui-eus-switch 8.6
To reset back to main stream version, run: /bin/rhui-eus-switch resetEUSをサポートしているマイナーリリースと、このスクリプトの使い方を教えてくれました。
RHEL 9.0のEUSを使用するように指定します。
$ sudo rhui-eus-switch 9.0
You RHEL product version is eligible for switch to EUS.
Switching to EUS version 9.0
[INFO:choose_repo] choose_repo:33 2023-08-01 11:02:18,412: Enabling binary repos in redhat-rhui-eus.repo
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
39 files removed実行完了後、フラグ管理で使われているファイルを確認します。
$ ls -l /var/run/rhui-eus-switch
-rw-r--r--. 1 root root 20 Aug 1 11:02 /var/run/rhui-eus-switch
$ cat /var/run/rhui-eus-switch
Switch to EUS done.EUSにスイッチしたことが分かりますね。
リポジトリ一覧を確認します。
$ sudo dnf repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name
rhel-9-appstream-eus-rhui-rpms Red Hat Enterprise Linux 9 - AppStream - Extended Update Support from RHUI (RPMs)
rhel-9-baseos-eus-rhui-rpms Red Hat Enterprise Linux 9 - BaseOS - Extended Update Support from RHUI (RPMs)
rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration
$ sudo dnf repolist --all
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name status
codeready-builder-for-rhel-9-eus-rhui-debug-rpms Red Hat CodeReady Linux Builder for RHEL 9 - Extend disabled
codeready-builder-for-rhel-9-eus-rhui-rpms Red Hat CodeReady Linux Builder for RHEL 9 - Extend disabled
codeready-builder-for-rhel-9-eus-rhui-source-rpms Red Hat CodeReady Linux Builder for RHEL 9 - Extend disabled
rhel-9-appstream-eus-rhui-debug-rpms Red Hat Enterprise Linux 9 - AppStream - Extended U disabled
rhel-9-appstream-eus-rhui-rpms Red Hat Enterprise Linux 9 - AppStream - Extended U enabled
rhel-9-appstream-eus-rhui-source-rpms Red Hat Enterprise Linux 9 - AppStream - Extended U disabled
rhel-9-baseos-eus-rhui-debug-rpms Red Hat Enterprise Linux 9 - BaseOS - Extended Upda disabled
rhel-9-baseos-eus-rhui-rpms Red Hat Enterprise Linux 9 - BaseOS - Extended Upda enabled
rhel-9-baseos-eus-rhui-source-rpms Red Hat Enterprise Linux 9 - BaseOS - Extended Upda disabled
rhel-9-supplementary-eus-rhui-debug-rpms Red Hat Enterprise Linux 9 - Supplementary - Extend disabled
rhel-9-supplementary-eus-rhui-rpms Red Hat Enterprise Linux 9 - Supplementary - Extend disabled
rhel-9-supplementary-eus-rhui-source-rpms Red Hat Enterprise Linux 9 - Supplementary - Extend disabled
rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration enabledデフォルトのリポジトリはrhui-client-config-server-9を除いて全て削除され、全てEUSのリポジトリとなっていますね。
EUSのリポジトリの定義ファイルはredhat-rhui-eus.repoと別で作られています。また、デフォルトのRHUIのリポジトリ定義はredhat-rhui.repo.disabledとなっています。
$ ls -l /etc/yum.repos.d/
total 28
-rw-r--r--. 1 root root 4645 Jun 2 09:16 redhat-rhui-beta.repo.disabled
-rw-r--r--. 1 root root 467 Aug 1 10:59 redhat-rhui-client-config.repo
-rw-r--r--. 1 root root 5984 Aug 1 11:02 redhat-rhui-eus.repo
-rw-r--r--. 1 root root 5792 Aug 1 10:59 redhat-rhui.repo.disabledredhat-rhui.repo.disabledの内容は以下のとおりです。実際には無効化されていますが、定義としてはenabled=1のままですね。
$ cat /etc/yum.repos.d/redhat-rhui.repo.disabled
.
.
(中略)
.
.
[rhel-9-appstream-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - AppStream from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/appstream/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
.
.
(中略)
.
.
[rhel-9-baseos-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - BaseOS from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/baseos/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
.
.
(以下略)
.
.redhat-rhui-eus.repoの内容は以下のとおりです。変更点はmirrorlistのパスがdistからeusに変わったぐらいです。
$ cat /etc/yum.repos.d/redhat-rhui-eus.repo
.
.
(中略)
.
.
[rhel-9-appstream-eus-rhui-rpms]
name=Red Hat Enterprise Linux 9 - AppStream - Extended Update Support from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/eus/rhel9/rhui/$releasever/$basearch/appstream/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
.
.
(中略)
.
.
[rhel-9-baseos-eus-rhui-rpms]
name=Red Hat Enterprise Linux 9 - BaseOS - Extended Update Support from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/eus/rhel9/rhui/$releasever/$basearch/baseos/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
.
.
(以下略)
.
.EUSスイッチ後、リリースバージョンの設定ファイルを確認すると以下のように固定化されていました。
$ cat /etc/yum/vars/releasever
9.0EUSスイッチ後のアップデート及びインストール可能なパッケージ一覧の確認
EUSスイッチ後のアップデート及びインストール可能なパッケージ一覧を確認してみましょう。
$ sudo dnf check-update
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 9 Client Configuration 26 kB/s | 3.2 kB 00:00
Red Hat Enterprise Linux 9 - AppStream - Extended Update Support from RHUI (R 22 MB/s | 15 MB 00:00
Red Hat Enterprise Linux 9 - BaseOS - Extended Update Support from RHUI (RPMs 18 MB/s | 11 MB 00:00
NetworkManager.x86_64 1:1.36.0-7.el9_0 rhel-9-baseos-eus-rhui-rpms
NetworkManager-cloud-setup.x86_64 1:1.36.0-7.el9_0 rhel-9-appstream-eus-rhui-rpms
NetworkManager-libnm.x86_64 1:1.36.0-7.el9_0 rhel-9-baseos-eus-rhui-rpms
NetworkManager-team.x86_64 1:1.36.0-7.el9_0 rhel-9-baseos-eus-rhui-rpms
NetworkManager-tui.x86_64 1:1.36.0-7.el9_0 rhel-9-baseos-eus-rhui-rpms
c-ares.x86_64 1.17.1-5.el9_0.1 rhel-9-baseos-eus-rhui-rpms
ca-certificates.noarch 2022.2.54-90.2.el9_0 rhel-9-baseos-eus-rhui-rpms
.
.
(中略)
.
.
tzdata.noarch 2023c-1.el9 rhel-9-baseos-eus-rhui-rpms
vim-minimal.x86_64 2:8.2.2637-16.el9_0.3 rhel-9-baseos-eus-rhui-rpms
xz.x86_64 5.2.5-8.el9_0 rhel-9-baseos-eus-rhui-rpms
xz-libs.x86_64 5.2.5-8.el9_0 rhel-9-baseos-eus-rhui-rpms
zlib.x86_64 1.2.11-34.el9_0 rhel-9-baseos-eus-rhui-rpms
Obsoleting Packages
grub2-tools.x86_64 1:2.06-27.el9_0.7 rhel-9-baseos-eus-rhui-rpms
grub2-tools.x86_64 1:2.06-27.el9_0 @System
grub2-tools.x86_64 1:2.06-27.el9_0.12 rhel-9-baseos-eus-rhui-rpms
grub2-tools.x86_64 1:2.06-27.el9_0 @System
grub2-tools.x86_64 1:2.06-27.el9_0.14 rhel-9-baseos-eus-rhui-rpms
grub2-tools.x86_64 1:2.06-27.el9_0 @System
.
.
(中略)
.
.
grub2-tools-minimal.x86_64 1:2.06-27.el9_0.14 rhel-9-baseos-eus-rhui-rpms
grub2-tools.x86_64 1:2.06-27.el9_0 @System
grub2-tools-minimal.x86_64 1:2.06-27.el9_0.15 rhel-9-baseos-eus-rhui-rpms
grub2-tools.x86_64 1:2.06-27.el9_0 @Systemrhel-9-baseos-eus-rhui-rpmsやrhel-9-appstream-eus-rhui-rpmsとEUSのリポジトリを参照していることが分かります。
また、el9_0.1やel9_0.14などマイナーバージョンの後に数字が付与されていますね。
適用可能なErrataの数も確認しましょう。
$ sudo dnf updateinfo
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:02:55 ago on Tue 01 Aug 2023 11:05:49 AM UTC.
Updates Information Summary: available
49 Security notice(s)
27 Important Security notice(s)
22 Moderate Security notice(s)
49 Bugfix notice(s)
2 Enhancement notice(s)デフォルトのリポジトリでは29 Security notice(s)でしたが、49 Security notice(s)とErrataの数が増えていますね。
一覧も確認してみます。
$ sudo dnf updateinfo list | grep RHSA | sort
RHSA-2022:4592 Important/Sec. rsync-3.2.3-9.el9_0.1.x86_64
RHSA-2022:4795 Important/Sec. rsyslog-8.2102.0-101.el9_0.1.x86_64
RHSA-2022:4795 Important/Sec. rsyslog-logrotate-8.2102.0-101.el9_0.1.x86_64
RHSA-2022:4940 Important/Sec. xz-5.2.5-8.el9_0.x86_64
.
.
(中略)
.
.
RHSA-2023:4203 Important/Sec. python3-3.9.10-4.el9_0.1.x86_64
RHSA-2023:4203 Important/Sec. python3-libs-3.9.10-4.el9_0.1.x86_64
RHSA-2023:4329 Important/Sec. openssh-8.7p1-11.el9_0.x86_64
RHSA-2023:4329 Important/Sec. openssh-clients-8.7p1-11.el9_0.x86_64
RHSA-2023:4329 Important/Sec. openssh-server-8.7p1-11.el9_0.x86_642023年のErrataが含まれていることが分かります。ちなみにRHSA-2023:4329は2023/7/31に公開されたもののようで、出来立てほやほやです。
実際にインストール可能なパッケージ一覧を確認してみましょう。
カーネルは以下のとおりです。
$ sudo dnf search kernel --showduplicate | grep ": The Linux kernel"
Last metadata expiration check: 0:05:53 ago on Tue 01 Aug 2023 11:05:49 AM UTC.
kernel-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.17.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.26.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.22.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.30.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.36.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.43.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.49.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.50.2.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.53.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.58.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.64.1.el9_0.x86_64 : The Linux kernel
kernel-core-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel
.
.
(中略)
.
.
kernel-debug-core-5.14.0-70.50.2.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
kernel-debug-core-5.14.0-70.53.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
kernel-debug-core-5.14.0-70.58.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
kernel-debug-core-5.14.0-70.64.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabledデフォルトのリポジトリだとRHEL 9.0のカーネルは以下のとおり5.14.0-70.30ですが、EUSの場合は5.14.0-70.64まで適用できることが分かります。
$ sudo dnf search kernel --showduplicate --releasever=9.0 | grep ": The Linux kernel"
Red Hat Enterprise Linux 9 for x86_64 - AppStre 44 MB/s | 11 MB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS 29 MB/s | 5.3 MB 00:00
Red Hat Enterprise Linux 9 Client Configuration 30 kB/s | 3.2 kB 00:00
kernel-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.17.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.26.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.22.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.30.1.el9_0.x86_64 : The Linux kernel
kernel-core-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel
kernel-core-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel
kernel-core-5.14.0-70.22.1.el9_0.x86_64 : The Linux kernel
kernel-core-5.14.0-70.26.1.el9_0.x86_64 : The Linux kernel
kernel-core-5.14.0-70.17.1.el9_0.x86_64 : The Linux kernel
kernel-core-5.14.0-70.30.1.el9_0.x86_64 : The Linux kernel
kernel-debug-core-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
kernel-debug-core-5.14.0-70.17.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
kernel-debug-core-5.14.0-70.26.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
kernel-debug-core-5.14.0-70.22.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
kernel-debug-core-5.14.0-70.30.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabledインストール可能なhttpdのバージョンも確認しましょう。
$ sudo dnf info httpd --showduplicate
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:00:57 ago on Tue 01 Aug 2023 11:22:41 AM UTC.
Available Packages
Name : httpd
Version : 2.4.51
Release : 7.el9_0
Architecture : x86_64
Size : 1.5 M
Source : httpd-2.4.51-7.el9_0.src.rpm
Repository : rhel-9-appstream-eus-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.51
Release : 7.el9_0.4
Architecture : x86_64
Size : 1.5 M
Source : httpd-2.4.51-7.el9_0.4.src.rpm
Repository : rhel-9-appstream-eus-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.
Name : httpd
Version : 2.4.51
Release : 7.el9_0.5
Architecture : x86_64
Size : 1.5 M
Source : httpd-2.4.51-7.el9_0.5.src.rpm
Repository : rhel-9-appstream-eus-rhui-rpms
Summary : Apache HTTP Server
URL : https://httpd.apache.org/
License : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
: web server.el9_0.4やel9_0.5とバックポートにより修正されたパッケージがありますね。
モジュール一覧も確認してみましょう。
$ sudo dnf module list
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:01:14 ago on Tue 01 Aug 2023 11:05:49 AM UTC.何も表示されませんでした。モジュールストリームを選択している場合は注意が必要そうです。
EUSリポジトリからパッケージのインストール
EUSリポジトリからパッケージのインストールします。
試しにhttpdをインストールします。
$ sudo dnf install httpd
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:02:50 ago on Tue 01 Aug 2023 11:22:41 AM UTC.
Dependencies resolved.
==============================================================================================================
Package Architecture Version Repository Size
==============================================================================================================
Installing:
httpd x86_64 2.4.51-7.el9_0.5 rhel-9-appstream-eus-rhui-rpms 1.5 M
Installing dependencies:
apr x86_64 1.7.0-11.el9 rhel-9-appstream-eus-rhui-rpms 127 k
apr-util x86_64 1.6.1-20.el9_0.1 rhel-9-appstream-eus-rhui-rpms 97 k
apr-util-bdb x86_64 1.6.1-20.el9_0.1 rhel-9-appstream-eus-rhui-rpms 14 k
httpd-filesystem noarch 2.4.51-7.el9_0.5 rhel-9-appstream-eus-rhui-rpms 15 k
httpd-tools x86_64 2.4.51-7.el9_0.5 rhel-9-appstream-eus-rhui-rpms 86 k
mailcap noarch 2.1.49-5.el9 rhel-9-baseos-eus-rhui-rpms 35 k
redhat-logos-httpd noarch 90.4-1.el9 rhel-9-appstream-eus-rhui-rpms 18 k
Installing weak dependencies:
apr-util-openssl x86_64 1.6.1-20.el9_0.1 rhel-9-appstream-eus-rhui-rpms 17 k
mod_http2 x86_64 1.15.19-3.el9_0.5 rhel-9-appstream-eus-rhui-rpms 153 k
mod_lua x86_64 2.4.51-7.el9_0.5 rhel-9-appstream-eus-rhui-rpms 61 k
Transaction Summary
==============================================================================================================
Install 11 Packages
Total download size: 2.1 M
Installed size: 6.0 M
Is this ok [y/N]: y
Downloading Packages:
(1/11): redhat-logos-httpd-90.4-1.el9.noarch.rpm 211 kB/s | 18 kB 00:00
(2/11): apr-1.7.0-11.el9.x86_64.rpm 1.1 MB/s | 127 kB 00:00
.
.
(中略)
.
.
Installed:
apr-1.7.0-11.el9.x86_64 apr-util-1.6.1-20.el9_0.1.x86_64
apr-util-bdb-1.6.1-20.el9_0.1.x86_64 apr-util-openssl-1.6.1-20.el9_0.1.x86_64
httpd-2.4.51-7.el9_0.5.x86_64 httpd-filesystem-2.4.51-7.el9_0.5.noarch
httpd-tools-2.4.51-7.el9_0.5.x86_64 mailcap-2.1.49-5.el9.noarch
mod_http2-1.15.19-3.el9_0.5.x86_64 mod_lua-2.4.51-7.el9_0.5.x86_64
redhat-logos-httpd-90.4-1.el9.noarch
Complete!特に何事もなくインストールが完了しました。
デフォルトのリポジトリにリセット
デフォルトのリポジトリにリセットします。
リセットはrhui-eus-switch resetです。
$ sudo rhui-eus-switch reset
Resetting to main stream version.
[INFO:choose_repo] choose_repo:33 2023-08-01 11:26:03,705: Enabling binary repos in redhat-rhui.repo
[INFO:choose_repo] choose_repo:56 2023-08-01 11:26:03,705: Enabling client config repo
[INFO:choose_repo] choose_repo:64 2023-08-01 11:26:03,706: Executing [sed -i 's/enabled=0/enabled=1/' /etc/yum.repos.d/redhat-rhui-client-config.repo]
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
26 files removedリセット完了後フラグ管理用のファイルを確認すると削除されていました。
$ ls -l /var/run/rhui-eus-switch
ls: cannot access '/var/run/rhui-eus-switch': No such file or directoryリポジトリ一覧を確認します。
$ sudo dnf repolist
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name
rhel-9-appstream-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs)
rhel-9-baseos-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs)
rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration
$ sudo dnf repolist --all
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name status
codeready-builder-for-rhel-9-rhui-debug-rpms Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from disabled
codeready-builder-for-rhel-9-rhui-rpms Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from disabled
codeready-builder-for-rhel-9-rhui-source-rpms Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from disabled
rhel-9-appstream-rhui-debug-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from disabled
rhel-9-appstream-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from enabled
rhel-9-appstream-rhui-source-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from disabled
rhel-9-baseos-rhui-debug-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU disabled
rhel-9-baseos-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU enabled
rhel-9-baseos-rhui-source-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU disabled
rhel-9-supplementary-rhui-debug-rpms Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled
rhel-9-supplementary-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled
rhel-9-supplementary-rhui-source-rpms Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled
rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration enabledEUSのリポジトリは綺麗さっぱり消えていますね。
ただ、定義ファイルはredhat-rhui-eus.repo.disabledとして残っていました。
$ ls -l /etc/yum.repos.d/
total 28
-rw-r--r--. 1 root root 4645 Jun 2 09:16 redhat-rhui-beta.repo.disabled
-rw-r--r--. 1 root root 467 Aug 1 11:13 redhat-rhui-client-config.repo
-rw-r--r--. 1 root root 5984 Aug 1 11:13 redhat-rhui-eus.repo.disabled
-rw-r--r--. 1 root root 5792 Aug 1 11:13 redhat-rhui.repoEUSリポジトリでインストールしたパッケージをデフォルトのAppStreamリポジトリを使ってアップデート
EUSリポジトリでインストールしたパッケージをデフォルトのAppStreamリポジトリを使ってアップデートした時の挙動を確認します。
まず、アップデート可能なバージョンを確認します。
$ sudo dnf check-upgrade httpd
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:00:35 ago on Tue 01 Aug 2023 11:27:04 AM UTC.
httpd.x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-rhui-rpms問題なくRHEL 9.2のhttpdにアップデートできそうですね。
次にリリースバージョンとしてRHEL 9.0を指定した場合です。
$ sudo dnf check-upgrade httpd --releasever=9.0
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs) 44 MB/s | 11 MB 00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs) 28 MB/s | 5.3 MB 00:00
Last metadata expiration check: 0:00:01 ago on Tue 01 Aug 2023 11:27:55 AM UTC.RHEL 9.0のデフォルトのAppStreamでインストールできるhttpdのバージョンは2.4.51-7.el9_0と現在インストールされている2.4.51-7.el9_0.5よりも古いため表示されませんでした。
リリースバージョンを指定せずにアップデートします。
$ sudo dnf upgrade httpd
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered with an entitlement server. You can use subscription-manager to register.
Last metadata expiration check: 0:01:33 ago on Tue 01 Aug 2023 11:27:04 AM UTC.
Dependencies resolved.
==============================================================================================================
Package Architecture Version Repository Size
==============================================================================================================
Upgrading:
httpd x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-rhui-rpms 53 k
httpd-filesystem noarch 2.4.53-11.el9_2.5 rhel-9-appstream-rhui-rpms 17 k
httpd-tools x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-rhui-rpms 87 k
mod_http2 x86_64 1.15.19-4.el9_2.4 rhel-9-appstream-rhui-rpms 153 k
mod_lua x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-rhui-rpms 63 k
Installing dependencies:
httpd-core x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-rhui-rpms 1.5 M
Transaction Summary
==============================================================================================================
Install 1 Package
Upgrade 5 Packages
Total download size: 1.9 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): mod_lua-2.4.53-11.el9_2.5.x86_64.rpm 1.0 MB/s | 63 kB 00:00
(2/6): mod_http2-1.15.19-4.el9_2.4.x86_64.rpm 2.0 MB/s | 153 kB 00:00
.
.
(中略)
.
.
Upgraded:
httpd-2.4.53-11.el9_2.5.x86_64 httpd-filesystem-2.4.53-11.el9_2.5.noarch
httpd-tools-2.4.53-11.el9_2.5.x86_64 mod_http2-1.15.19-4.el9_2.4.x86_64
mod_lua-2.4.53-11.el9_2.5.x86_64
Installed:
httpd-core-2.4.53-11.el9_2.5.x86_64
Complete!こちらも特に何事もなくアップデート完了しました。
RHELのマイナーリリースをどうしても固定したい場合に使おう
Red Hat Enterprise Linux の PAYGインスタンスから EUS リポジトリをサブスクライブしてみました。
「AWSではEUS使えないのか...」と絶望していた方には朗報ですね。
ただし、EUSのバックポート対象は重要度が高いセキュリティ修正やバグフィックスに限られるので、できるだけ定期的にマイナーリリースをアップデートしていくのが望ましいと考えます。
Red Hatナレッジベース上の情報を閲覧したい場合は、以下記事に従いSSMエージェントをインストールしたRHELのEC2インスタンスを起動させましょう。
この記事が誰かの助けになれば幸いです。
以上、AWS事業本部 コンサルティング部の のんピ(@non____97)でした!
3
