Red Hat Enterprise Linux の PAYGインスタンスから EUS リポジトリをサブスクライブしてみた
EUSを使いたい
こんにちは、のんピ(@non____97)です。
皆さんはRed Hat Enterprise Linux (以降RHEL)の pay-as-you-go (以降PAYG)のEC2インスタンスでEUSを使いたいなと思ったことはありますか? 私はあります。
EUSとはExtended Update Supportのことで、事前に定義された特定のマイナーリリースに影響度が高いセキュリティ更新と優先度が緊急と判断されたバグフィックスのバックポートを提供するオプションです。
通常、各マイナーリリースのプログラム修正は次のマイナーリリースの提供開始までですが、EUSを使用することで最大2年間同じマイナーリリースで先述したパッケージを適用することが可能です。
Red Hat Enterprise Linux サブスクリプションでは、次のマイナーリリースが提供されるまで、現行のアクティブなマイナーリリースで利用可能なすべての RHSA と RHBA が提供されます。 一方、EUS (特定のマイナーリリースで利用可能) では、その特定のマイナーリリース後に利用可能な、Red Hat が定義する 影響度が「重大」および「重要」ix の RHSA と優先度が「緊急」の一部 (判断は Red Hat による) の RHBA が、後続のマイナーリリースと並行して、個別に提供されます。 RHEL 7 に含まれるパッケージのリストは こちら を参照してください。 下記の Red Hat Enterprise Linux 8 & 9 延長アップデートサポートメンテナンスポリシー を参照してください。
Red Hat Enterprise Linux EUS の各ストリームは、マイナーリリースの公開後 24 カ月間利用できます。
そんなマイナーリリースをある程度固定化したい場合に役立つEUSですが、AWS上では従量課金であるPAYGインスタンスでは使えないと認識していました。
しかし、RHEL 8または RHEL 9ではrhui-eus-switch
なるコマンドでEUSリポジトリをサブスクライブできると情報いただきました。
RHELのプレミアムサブスクリプションを持っているとEUSも付随します。そのためPAYG RHELでも追加料金なしで使えると認識しています。(実際以降の検証をした後の割増料金は請求されませんでした)
EUS は x86-64 Red Hat Enterprise Linux Server Premium サブスクリプションで提供され、Red Hat Enterprise Linux Server 標準サブスクリプション、Red Hat Enterprise Linux for IBM Power LE、および Red Hat Enterprise Linux for IBM z Systems サブスクリプションへのアドオンとして利用できます。 EUS は、バージョン 9 のみのアドオンとして、Red Hat Enterprise Linux Workstation の標準およびプレミアムサブスクリプションで利用できるようになりました。
Red Hat Enterprise Linux (RHEL) Extended Update Support (EUS) の概要 - Red Hat Customer Portal
実際に試してみたので紹介します。
いきなりまとめ
rhui-eus-switch
を使用することでRHELのPAYGインスタンスから EUS リポジトリをサブスクライブ可能rhui-eus-switch
はrh-amazon-rhui-client-4.0.8-1.el8
以降のバージョンで使える- EUSにスイッチ中はAppStreamのモジュールを使用できない
- デフォルトのリポジトリにリセットすることも可能
試してみた
デフォルトのRHEL 9.0の情報の確認
検証用のEC2インスタンスとしてRHEL 9.0のEC2インスタンスを用意しました。
RHEL 9.0はEUSの対象です。
AMIの名前とus-east-1上のIDは以下の通りです。
- RHEL-9.0.0_HVM-20220513-x86_64-0-Hourly2-GP2
- ami-0c41531b8d18cc72b
まず、適用可能なアップデートを確認します。
$ sudo dnf check-update Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:04:51 ago on Tue 01 Aug 2023 10:27:01 AM UTC. NetworkManager.x86_64 1:1.42.2-3.el9_2 rhel-9-baseos-rhui-rpms NetworkManager-cloud-setup.x86_64 1:1.42.2-3.el9_2 rhel-9-appstream-rhui-rpms NetworkManager-libnm.x86_64 1:1.42.2-3.el9_2 rhel-9-baseos-rhui-rpms NetworkManager-team.x86_64 1:1.42.2-3.el9_2 rhel-9-baseos-rhui-rpms NetworkManager-tui.x86_64 1:1.42.2-3.el9_2 rhel-9-baseos-rhui-rpms audit.x86_64 3.0.7-103.el9 rhel-9-baseos-rhui-rpms audit-libs.x86_64 3.0.7-103.el9 rhel-9-baseos-rhui-rpms authselect.x86_64 1.2.6-1.el9 rhel-9-baseos-rhui-rpms authselect-compat.x86_64 1.2.6-1.el9 rhel-9-appstream-rhui-rpms authselect-libs.x86_64 1.2.6-1.el9 rhel-9-baseos-rhui-rpms bash.x86_64 5.1.8-6.el9_1 rhel-9-baseos-rhui-rpms . . (中略) . . which.x86_64 2.21-28.el9 rhel-9-baseos-rhui-rpms xz.x86_64 5.2.5-8.el9_0 rhel-9-baseos-rhui-rpms xz-libs.x86_64 5.2.5-8.el9_0 rhel-9-baseos-rhui-rpms yum.noarch 4.14.0-5.el9_2 rhel-9-baseos-rhui-rpms yum-utils.noarch 4.3.0-5.el9_2 rhel-9-baseos-rhui-rpms zlib.x86_64 1.2.11-39.el9 rhel-9-baseos-rhui-rpms Obsoleting Packages grub2-tools.x86_64 1:2.06-27.el9_0.7 rhel-9-baseos-rhui-rpms grub2-tools.x86_64 1:2.06-27.el9_0 @System grub2-tools.x86_64 1:2.06-46.el9 rhel-9-baseos-rhui-rpms grub2-tools.x86_64 1:2.06-27.el9_0 @System grub2-tools.x86_64 1:2.06-46.el9_1.3 rhel-9-baseos-rhui-rpms grub2-tools.x86_64 1:2.06-27.el9_0 @System . . (中略) . . grub2-tools-minimal.x86_64 1:2.06-61.el9 rhel-9-baseos-rhui-rpms grub2-tools.x86_64 1:2.06-27.el9_0 @System systemd-udev.x86_64 252-13.el9_2 rhel-9-baseos-rhui-rpms systemd-udev.x86_64 250-6.el9_0 @System systemd-udev.x86_64 252-14.el9_2.1 rhel-9-baseos-rhui-rpms systemd-udev.x86_64 250-6.el9_0 @System
リリースバージョンを指定していないので、RHEL 9.2のパッケージまでアップデートされそうですね。
--releasever=9.0
を指定して、RHEL 9.0のパッケージのみに絞って再実行します。
$ sudo dnf check-update --releasever=9.0 Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs) 35 MB/s | 11 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs) 30 MB/s | 5.3 MB 00:00 Last metadata expiration check: 0:00:01 ago on Tue 01 Aug 2023 11:16:24 AM UTC. NetworkManager.x86_64 1:1.36.0-5.el9_0 rhel-9-baseos-rhui-rpms NetworkManager-cloud-setup.x86_64 1:1.36.0-5.el9_0 rhel-9-appstream-rhui-rpms NetworkManager-libnm.x86_64 1:1.36.0-5.el9_0 rhel-9-baseos-rhui-rpms NetworkManager-team.x86_64 1:1.36.0-5.el9_0 rhel-9-baseos-rhui-rpms NetworkManager-tui.x86_64 1:1.36.0-5.el9_0 rhel-9-baseos-rhui-rpms ca-certificates.noarch 2022.2.54-90.2.el9_0 rhel-9-baseos-rhui-rpms cloud-init.noarch 21.1-19.el9_0.4 rhel-9-appstream-rhui-rpms cryptsetup-libs.x86_64 2.4.3-4.el9_0.1 rhel-9-baseos-rhui-rpms . . (中略) . . tzdata.noarch 2022f-1.el9_0 rhel-9-baseos-rhui-rpms vim-minimal.x86_64 2:8.2.2637-16.el9_0.3 rhel-9-baseos-rhui-rpms xz.x86_64 5.2.5-8.el9_0 rhel-9-baseos-rhui-rpms xz-libs.x86_64 5.2.5-8.el9_0 rhel-9-baseos-rhui-rpms zlib.x86_64 1.2.11-32.el9_0 rhel-9-baseos-rhui-rpms Obsoleting Packages grub2-tools.x86_64 1:2.06-27.el9_0.7 rhel-9-baseos-rhui-rpms grub2-tools.x86_64 1:2.06-27.el9_0 @System grub2-tools-efi.x86_64 1:2.06-27.el9_0.7 rhel-9-baseos-rhui-rpms grub2-tools.x86_64 1:2.06-27.el9_0 @System grub2-tools-extra.x86_64 1:2.06-27.el9_0.7 rhel-9-baseos-rhui-rpms grub2-tools.x86_64 1:2.06-27.el9_0 @System grub2-tools-minimal.x86_64 1:2.06-27.el9_0.7 rhel-9-baseos-rhui-rpms grub2-tools.x86_64 1:2.06-27.el9_0 @System
パッケージのバージョンがel9_0
とRHEL 9.0のものになりましたね。
dnf updateinfo
で適用可能なErrataも比較してみます。
# リリースバージョンを指定しない場合 $ sudo dnf updateinfo Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs) 46 MB/s | 23 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs) 42 MB/s | 13 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 28 kB/s | 3.2 kB 00:00 Updates Information Summary: available 81 Security notice(s) 26 Important Security notice(s) 50 Moderate Security notice(s) 5 Low Security notice(s) 218 Bugfix notice(s) 10 Enhancement notice(s) # リリースバージョンを指定する場合 $ sudo dnf updateinfo --releasever=9.0 Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:00:35 ago on Tue 01 Aug 2023 11:16:24 AM UTC. Updates Information Summary: available 29 Security notice(s) 12 Important Security notice(s) 17 Moderate Security notice(s) 26 Bugfix notice(s) 1 Enhancement notice(s)
適用可能なErrataの数がかなり異なりますね。
リリースバージョンとしてRHEL 9.0を指定した場合のErrataのID(RHSAに絞って)を確認します。
$ sudo dnf updateinfo list --releasever=9.0 | grep RHSA | sort RHSA-2022:4592 Important/Sec. rsync-3.2.3-9.el9_0.1.x86_64 RHSA-2022:4795 Important/Sec. rsyslog-8.2102.0-101.el9_0.1.x86_64 RHSA-2022:4795 Important/Sec. rsyslog-logrotate-8.2102.0-101.el9_0.1.x86_64 RHSA-2022:4940 Important/Sec. xz-5.2.5-8.el9_0.x86_64 RHSA-2022:4940 Important/Sec. xz-libs-5.2.5-8.el9_0.x86_64 . . (中略) . . RHSA-2022:7318 Important/Sec. python3-perf-5.14.0-70.30.1.el9_0.x86_64 RHSA-2022:7323 Moderate/Sec. python3-3.9.10-3.el9_0.x86_64 RHSA-2022:7323 Moderate/Sec. python3-libs-3.9.10-3.el9_0.x86_64 RHSA-2022:7323 Moderate/Sec. python-unversioned-command-3.9.10-3.el9_0.noarch RHSA-2022:7329 Moderate/Sec. lua-libs-5.4.2-4.el9_0.3.x86_64
いずれも2022年のものであることが分かります。RHEL 9.1がリリースされたのが2022年の11月なので、2023年のErrataは表示されないということですね。
次にデフォルトのリポジトリを確認します。
# 有効なリポジトリ一覧 $ sudo dnf repolist Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. repo id repo name rhel-9-appstream-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs) rhel-9-baseos-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs) rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration # 全てのリポジトリ一覧 $ sudo dnf repolist --all Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. repo id repo name status codeready-builder-for-rhel-9-rhui-debug-rpms Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from disabled codeready-builder-for-rhel-9-rhui-rpms Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from disabled codeready-builder-for-rhel-9-rhui-source-rpms Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from disabled rhel-9-appstream-rhui-debug-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from disabled rhel-9-appstream-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from enabled rhel-9-appstream-rhui-source-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from disabled rhel-9-baseos-rhui-debug-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU disabled rhel-9-baseos-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU enabled rhel-9-baseos-rhui-source-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU disabled rhel-9-supplementary-rhui-debug-rpms Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled rhel-9-supplementary-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled rhel-9-supplementary-rhui-source-rpms Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration enabled
RHUIのリポジトリとクライアント設定用のリポジトリが有効化されていますね。
有効となっているRHUIのリポジトリ設定は以下のとおりです。
$ cat /etc/yum.repos.d/redhat-rhui.repo . . (中略) . . [rhel-9-appstream-rhui-rpms] name=Red Hat Enterprise Linux 9 for $basearch - AppStream from RHUI (RPMs) mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/appstream/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify=1 sslclientkey=/etc/pki/rhui/content-rhel9.key sslclientcert=/etc/pki/rhui/product/content-rhel9.crt sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt . . (中略) . . [rhel-9-baseos-rhui-rpms] name=Red Hat Enterprise Linux 9 for $basearch - BaseOS from RHUI (RPMs) mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/baseos/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify=1 sslclientkey=/etc/pki/rhui/content-rhel9.key sslclientcert=/etc/pki/rhui/product/content-rhel9.crt sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt . . (以下略) . .
次に、AppStreamのモジュール一覧を確認します。
$ sudo dnf module list Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:00:26 ago on Tue 01 Aug 2023 11:14:31 AM UTC. Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs) Name Stream Profiles Summary maven 3.8 common [d] Java project management and project comprehension tool nginx 1.22 common [d] nginx webserver nodejs 18 common [d], development, minimal, s2i Javascript runtime php 8.1 common [d], devel, minimal PHP scripting language postgresql 15 client, server PostgreSQL server and client module ruby 3.1 common [d] An interpreter of object-oriented scripting language Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
正しく表示されていますね。
EUSへのスイッチをする下準備
それではEUSへのスイッチを行いましょう。
まず、EUSへスイッチするコマンドrhui-eus-switch
があるかチェックします。
$ which rhui-eus-switch /usr/bin/which: no rhui-eus-switch in (/home/ec2-user/.local/bin:/home/ec2-user/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin)
どうやら初期インストールされていないようです。
調査してみると、rhui-eus-switch
はrh-amazon-rhui-client-4.0.8-1.el8
以降のバージョンで使えるようです。
デフォルトでインストールされているrh-amazon-rhui-client
は4.0.4-1
でした。
$ rpm -qa | grep rh-amazon-rhui-client rh-amazon-rhui-client-4.0.4-1.el9.noarch
アップデートしましょう。
# 使用可能な rh-amazon-rhui-client の一覧 $ sudo dnf search rh-amazon-rhui-client --showduplicate Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:05:47 ago on Tue 01 Aug 2023 10:47:43 AM UTC. ================================ Name Exactly Matched: rh-amazon-rhui-client ================================= rh-amazon-rhui-client-4.0.4-1.el9.noarch : Yum repository and entitlement certificate configuration rh-amazon-rhui-client-3.0.44-1.el9.noarch : Yum repository and entitlement certificate configuration rh-amazon-rhui-client-3.0.45-1.el9.noarch : Yum repository and entitlement certificate configuration rh-amazon-rhui-client-4.0.4-1.el9.noarch : Yum repository and entitlement certificate configuration rh-amazon-rhui-client-4.0.5-1.el9.noarch : Yum repository and entitlement certificate configuration rh-amazon-rhui-client-4.0.6-1.el9.noarch : Yum repository and entitlement certificate configuration rh-amazon-rhui-client-4.0.8-1.el9.noarch : Yum repository and entitlement certificate configuration rh-amazon-rhui-client-4.0.9-1.el9.noarch : Yum repository and entitlement certificate configuration # rh-amazon-rhui-client-4.0.8-1.el9へのアップデート $ sudo dnf upgrade rh-amazon-rhui-client-4.0.8-1.el9 Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:20:36 ago on Tue 01 Aug 2023 10:39:11 AM UTC. Dependencies resolved. ============================================================================================================== Package Architecture Version Repository Size ============================================================================================================== Upgrading: rh-amazon-rhui-client noarch 4.0.8-1.el9 rhui-client-config-server-9 38 k Installing dependencies: amazon-libdnf-plugin x86_64 1.0.1-1.el9 rhui-client-config-server-9 15 k Transaction Summary ============================================================================================================== Install 1 Package Upgrade 1 Package Total download size: 53 k Is this ok [y/N]: y Downloading Packages: (1/2): amazon-libdnf-plugin-1.0.1-1.el9.x86_64.rpm 359 kB/s | 15 kB 00:00 (2/2): rh-amazon-rhui-client-4.0.8-1.el9.noarch.rpm 656 kB/s | 38 kB 00:00 -------------------------------------------------------------------------------------------------------------- Total 616 kB/s | 53 kB 00:00 Running transaction check . . (中略) . . Upgraded: rh-amazon-rhui-client-4.0.8-1.el9.noarch Installed: amazon-libdnf-plugin-1.0.1-1.el9.x86_64 Complete!
アップデート完了後、rhui-eus-switch
が存在するかチェックします。
$ which rhui-eus-switch /usr/bin/rhui-eus-switch
インストールされていますね。
どんなコマンドかチェックしましょう。
#!/usr/bin/python3 # # Martin Minar <[email protected]> # # Copyright 2023 Red Hat, Inc. # # This software is licensed to you under the GNU General Public # License as published by the Free Software Foundation; either version # 2 of the License (GPLv2) or (at your option) any later version. # There is NO WARRANTY for this software, express or implied, # including the implied warranties of MERCHANTABILITY, # NON-INFRINGEMENT, or FITNESS FOR A PARTICULAR PURPOSE. You should # have received a copy of GPLv2 along with this software; if not, see # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. import sys import json import os import sys import subprocess try: import requests except ImportError: print("This script requires the requests module.") print("Please install it with 'pip3 install requests' and try again.") sys.exit(1) METADATA_URL = 'http://169.254.169.254/latest/dynamic/instance-identity/document' FLAG_FILE_PATH = "/var/run/rhui-eus-switch" ALLOWED_BILLING_PRODUCTS = ['bp-6fa54006'] ALLOWED_RHEL8_EUS_VERSIONS = ['8.6', '8.8'] ALLOWED_RHEL9_EUS_VERSIONS = ['9.0', '9.2'] ALLOWED_ARCHITECTURES = ['x86_64','arm64'] def check_eus_eligibility(): try: response = requests.get(METADATA_URL) response.raise_for_status() metadata = json.loads(response.text) billing_products = metadata.get('billingProducts', []) architecture = metadata.get('architecture', '') if set(billing_products) & set(ALLOWED_BILLING_PRODUCTS) and architecture in ALLOWED_ARCHITECTURES: print("You RHEL product version is eligible for switch to EUS.") return True else: if not architecture in ALLOWED_ARCHITECTURES: print("Your RHEL product architecture is not eligible for switch to EUS. Supported architectures: {}".format(', '.join(ALLOWED_ARCHITECTURES))) else: print("Your RHEL product is not eligible for switch to EUS.") return False except requests.exceptions.RequestException as e: print(f"Error retrieving instance metadata: {e}") return False def check_version_eligibility(): try: with open('/etc/os-release') as os_release: for line in os_release: if line.startswith('VERSION_ID='): version_id = line.split('=')[1].strip('"\n') if version_id in ALLOWED_EUS_VERSIONS: print("Your current version is eligible for switch to EUS.") return True else: print("Your current version is not eligible for switch to EUS.") return False except IOError as e: print(f"Error reading /etc/os-release: {e}") return False def get_allowed_versions(): with open('/etc/os-release') as os_release: for line in os_release: if line.startswith('VERSION_ID='): version_id = line.split('=')[1].strip('"\n') major_version = version_id.split('.')[0] # Extract major version if major_version == '8': return ALLOWED_RHEL8_EUS_VERSIONS elif major_version == '9': return ALLOWED_RHEL9_EUS_VERSIONS else: return [] if __name__ == "__main__": if os.geteuid() != 0: print("This script must be run as root.") sys.exit(1) ALLOWED_EUS_VERSIONS = get_allowed_versions() if len(sys.argv) > 1: if sys.argv[1] == 'reset': print("Resetting to main stream version.") if os.path.exists(FLAG_FILE_PATH): os.remove(FLAG_FILE_PATH) subprocess.run(['/usr/sbin/choose_repo.py'], check=True) subprocess.run(['rhui-set-release', '--unset'], check=True) subprocess.run(['dnf', 'clean', 'all'], check=True) elif sys.argv[1] in ALLOWED_EUS_VERSIONS and check_eus_eligibility(): print("Switching to EUS version " + sys.argv[1]) subprocess.run(['/usr/sbin/choose_repo.py', 'eus'], check=True) subprocess.run(['rhui-set-release', '--set', sys.argv[1]], check=True) subprocess.run(['dnf', 'clean', 'all'], check=True) # Create a flag file to indicate that the switch to EUS was done with open(FLAG_FILE_PATH, 'w') as flag_file: flag_file.write("Switch to EUS done.\n") else: print("Version " + sys.argv[1] + " is not eligible for EUS switch.") else: print("Checking if current version is eligible for EUS switch.") if check_eus_eligibility() and check_version_eligibility(): print("To switch to EUS, run this script with the version you want to switch to as a parameter.") print("Currently supported versions are: " + ', '.join(ALLOWED_EUS_VERSIONS)) print("Examples:") print("To switch to RHEL EUS 8.6, run: " + sys.argv[0] + " 8.6") print("To reset back to main stream version, run: " + sys.argv[0] + " reset")
中身はPythonのスクリプトのようです。
EUSが使用できるマイナーリリースを指定することで、参照するRHUIを切り替えるようですね。
内部で参照している/usr/sbin/choose_repo.py
とrhui-set-release
が何者かも確認しましょう。
/usr/sbin/choose_repo.py
は実際にEUSのリポジトリの切り替えを行うPythonスクリプトのようです。
#!/usr/libexec/platform-python # # Copyright (c) 2021 Red Hat, Inc. # # Authors: Martin Minar # # This software is licensed to you under the GNU General Public License, # version 2 (GPLv2). There is NO WARRANTY for this software, express or # implied, including the implied warranties of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 # along with this software; if not, see # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. # # Red Hat trademarks are not licensed under GPLv2. No permission is # granted to use or replicate Red Hat trademarks that are incorporated # in this software or its documentation. # import logging import os import sys import re LOG = logging.getLogger('choose_repo') FLAG_FILE_PATH = "/var/run/rhui-eus-switch" def enable_repos(repo_suffix): repo_file = 'redhat-rhui%s.repo' % repo_suffix disable_list = ['source', 'debug', 'codeready', 'supplementary', 'rhscl', 'extra', 'optional', 'dotnet'] # Enable the binary repos LOG.info('Enabling binary repos in %s' % repo_file) try: lines = open('/etc/yum.repos.d/%s' % repo_file).read().split('\n') enable_repo = False new_lines = [] for line in lines: if line.startswith('[') and not any(s in line for s in disable_list): enable_repo = True if line.startswith('enabled') and enable_repo: new_lines.append('enabled=1') enable_repo = False continue new_lines.append(line) with open('/etc/yum.repos.d/%s' % repo_file, 'w') as fd: fd.write('\n'.join(new_lines)) except FileNotFoundError: LOG.info('Content file %s not located.' % repo_file) if repo_suffix == '-eus': return # Enable the client config repo LOG.info('Enabling client config repo') # SAP Bundle have two variants, but only one file, we need to catch that if 'sap-bundle' in repo_suffix: repo_suffix = '-sap-bundle' if 'beta' in repo_suffix: repo_suffix = '' repo_file = 'redhat-rhui-client-config%s.repo' % repo_suffix cmd = "sed -i 's/enabled=0/enabled=1/' /etc/yum.repos.d/%s" % repo_file LOG.info('Executing [%s]' % cmd) os.system(cmd) def rename_repo(source, target): try: os.rename(source, target) except: pass def main(): if len(sys.argv) > 1: repo_suffix = sys.argv[1] else: with open('/etc/redhat-release') as redhat_release: if re.search('beta', redhat_release.read(), re.IGNORECASE): repo_suffix = 'beta' # Rename non beta repo rename_repo('/etc/yum.repos.d/redhat-rhui.repo', '/etc/yum.repos.d/redhat-rhui.repo.disabled') rename_repo('/etc/yum.repos.d/redhat-rhui-beta.repo.disabled', '/etc/yum.repos.d/redhat-rhui-beta.repo') else: if not os.path.exists(FLAG_FILE_PATH): repo_suffix = '' rename_repo('/etc/yum.repos.d/redhat-rhui-beta.repo', '/etc/yum.repos.d/redhat-rhui-beta.repo.disabled') rename_repo('/etc/yum.repos.d/redhat-rhui-eus.repo', '/etc/yum.repos.d/redhat-rhui-eus.repo.disabled') rename_repo('/etc/yum.repos.d/redhat-rhui.repo.disabled', '/etc/yum.repos.d/redhat-rhui.repo') else: repo_suffix = 'eus' if 'eus' in repo_suffix: rename_repo('/etc/yum.repos.d/redhat-rhui.repo', '/etc/yum.repos.d/redhat-rhui.repo.disabled') rename_repo('/etc/yum.repos.d/redhat-rhui-beta.repo', '/etc/yum.repos.d/redhat-rhui-beta.repo.disabled') rename_repo('/etc/yum.repos.d/redhat-rhui-eus.repo.disabled', '/etc/yum.repos.d/redhat-rhui-eus.repo') if repo_suffix: repo_suffix = '-%s' % repo_suffix enable_repos(repo_suffix) if __name__ == '__main__': formatter = logging.Formatter("[%(levelname)s:%(name)s] %(module)s:%(lineno)d %(asctime)s: %(message)s") console_handler = logging.StreamHandler() console_handler.setFormatter(formatter) file_handler = logging.FileHandler('/var/log/choose_repo.log') file_handler.setFormatter(formatter) LOG.addHandler(console_handler) LOG.addHandler(file_handler) LOG.setLevel(logging.INFO) main()
フラグ管理で使用している/var/run/rhui-eus-switch
はデフォルトでは存在しないようですね。
$ ls -l /var/run/rhui-eus-switch ls: cannot access '/var/run/rhui-eus-switch': No such file or directory
rhui-set-release
はリリースバージョンの設定したり、ヘルプを表示したりするBashのシェルスクリプトのようです。
#!/usr/bin/bash # Copyright © 2018 Red Hat, Inc. # # This software is licensed to you under the GNU General Public # License as published by the Free Software Foundation; either version # 2 of the License (GPLv2) or (at your option) any later version. # There is NO WARRANTY for this software, express or implied, # including the implied warranties of MERCHANTABILITY, # NON-INFRINGEMENT, or FITNESS FOR A PARTICULAR PURPOSE. You should # have received a copy of GPLv2 along with this software; if not, see # http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. set -e VERSION="1.0.0" YUM_RELVER_PATH="/etc/yum/vars/releasever" SET_ERR_MSG="The set option takes only one value" UNSET_ERR_MSG="The unset option does not take any value" NO_ROOT_ERR_MSG="This script needs to run with root privileges" function print_help { echo -e "Usage: $(basename $0) [option] ... [--set RELEASE_VERSION | --unset ]\n" echo -e "Set release version string for Yum in /etc/yum/vars\n" echo -e "When no option is specified, print the currently set version.\n" echo -e " -s, --set\t\tset the releasever for yum (the value is not validated)" echo -e " -u, --unset\t\tremove any previously set value of releasever" echo -e " -h, --help\t\tshow this help and exit" echo -e " --version\t\tprint version string" } function print_version { echo "$(basename $0) $VERSION" } function cat_version { cat $YUM_RELVER_PATH 2>/dev/null || : } function set_release_version { echo "$1" > $YUM_RELVER_PATH } function remove_release_version { rm -f $YUM_RELVER_PATH } function check_for_help { for OPTION in $@ ; do [ "$OPTION" == "-h" ] && print_help && exit 0 [ "$OPTION" == "--help" ] && print_help && exit 0 done return 0 } function check_for_version { for OPTION in $@ ; do [ "$OPTION" == "--version" ] && print_version && exit 0 done return 0 } function check_for_root { [ $EUID -ne 0 ] && echo $NO_ROOT_ERR_MSG && exit 1 return 0 } function main { # processing cli arguments if [ $# -eq 0 ]; then cat_version else check_for_help $@ check_for_version $@ check_for_root if [ "$1" == "--set" -o "$1" == "-s" ] ; then shift [ $# -ne 1 ] && echo $SET_ERR_MSG && exit 1 set_release_version $@ elif [ "$1" == "--unset" -o "$1" == "-u" ] ; then shift [ $# -ne 0 ] && echo $UNSET_ERR_MSG && exit 1 remove_release_version else echo "Invalid options: $@" exit 1 fi fi } main $@
EUSへのスイッチ
実際にEUSへのスイッチを行います。
まず、引数に何も指定せずにrhui-eus-switch
を実行します。
$ sudo rhui-eus-switch Checking if current version is eligible for EUS switch. You RHEL product version is eligible for switch to EUS. Your current version is eligible for switch to EUS. To switch to EUS, run this script with the version you want to switch to as a parameter. Currently supported versions are: 9.0, 9.2 Examples: To switch to RHEL EUS 8.6, run: /bin/rhui-eus-switch 8.6 To reset back to main stream version, run: /bin/rhui-eus-switch reset
EUSをサポートしているマイナーリリースと、このスクリプトの使い方を教えてくれました。
RHEL 9.0のEUSを使用するように指定します。
$ sudo rhui-eus-switch 9.0 You RHEL product version is eligible for switch to EUS. Switching to EUS version 9.0 [INFO:choose_repo] choose_repo:33 2023-08-01 11:02:18,412: Enabling binary repos in redhat-rhui-eus.repo Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. 39 files removed
実行完了後、フラグ管理で使われているファイルを確認します。
$ ls -l /var/run/rhui-eus-switch -rw-r--r--. 1 root root 20 Aug 1 11:02 /var/run/rhui-eus-switch $ cat /var/run/rhui-eus-switch Switch to EUS done.
EUSにスイッチしたことが分かりますね。
リポジトリ一覧を確認します。
$ sudo dnf repolist Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. repo id repo name rhel-9-appstream-eus-rhui-rpms Red Hat Enterprise Linux 9 - AppStream - Extended Update Support from RHUI (RPMs) rhel-9-baseos-eus-rhui-rpms Red Hat Enterprise Linux 9 - BaseOS - Extended Update Support from RHUI (RPMs) rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration $ sudo dnf repolist --all Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. repo id repo name status codeready-builder-for-rhel-9-eus-rhui-debug-rpms Red Hat CodeReady Linux Builder for RHEL 9 - Extend disabled codeready-builder-for-rhel-9-eus-rhui-rpms Red Hat CodeReady Linux Builder for RHEL 9 - Extend disabled codeready-builder-for-rhel-9-eus-rhui-source-rpms Red Hat CodeReady Linux Builder for RHEL 9 - Extend disabled rhel-9-appstream-eus-rhui-debug-rpms Red Hat Enterprise Linux 9 - AppStream - Extended U disabled rhel-9-appstream-eus-rhui-rpms Red Hat Enterprise Linux 9 - AppStream - Extended U enabled rhel-9-appstream-eus-rhui-source-rpms Red Hat Enterprise Linux 9 - AppStream - Extended U disabled rhel-9-baseos-eus-rhui-debug-rpms Red Hat Enterprise Linux 9 - BaseOS - Extended Upda disabled rhel-9-baseos-eus-rhui-rpms Red Hat Enterprise Linux 9 - BaseOS - Extended Upda enabled rhel-9-baseos-eus-rhui-source-rpms Red Hat Enterprise Linux 9 - BaseOS - Extended Upda disabled rhel-9-supplementary-eus-rhui-debug-rpms Red Hat Enterprise Linux 9 - Supplementary - Extend disabled rhel-9-supplementary-eus-rhui-rpms Red Hat Enterprise Linux 9 - Supplementary - Extend disabled rhel-9-supplementary-eus-rhui-source-rpms Red Hat Enterprise Linux 9 - Supplementary - Extend disabled rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration enabled
デフォルトのリポジトリはrhui-client-config-server-9
を除いて全て削除され、全てEUSのリポジトリとなっていますね。
EUSのリポジトリの定義ファイルはredhat-rhui-eus.repo
と別で作られています。また、デフォルトのRHUIのリポジトリ定義はredhat-rhui.repo.disabled
となっています。
$ ls -l /etc/yum.repos.d/ total 28 -rw-r--r--. 1 root root 4645 Jun 2 09:16 redhat-rhui-beta.repo.disabled -rw-r--r--. 1 root root 467 Aug 1 10:59 redhat-rhui-client-config.repo -rw-r--r--. 1 root root 5984 Aug 1 11:02 redhat-rhui-eus.repo -rw-r--r--. 1 root root 5792 Aug 1 10:59 redhat-rhui.repo.disabled
redhat-rhui.repo.disabled
の内容は以下のとおりです。実際には無効化されていますが、定義としてはenabled=1
のままですね。
$ cat /etc/yum.repos.d/redhat-rhui.repo.disabled . . (中略) . . [rhel-9-appstream-rhui-rpms] name=Red Hat Enterprise Linux 9 for $basearch - AppStream from RHUI (RPMs) mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/appstream/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify=1 sslclientkey=/etc/pki/rhui/content-rhel9.key sslclientcert=/etc/pki/rhui/product/content-rhel9.crt sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt . . (中略) . . [rhel-9-baseos-rhui-rpms] name=Red Hat Enterprise Linux 9 for $basearch - BaseOS from RHUI (RPMs) mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/baseos/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify=1 sslclientkey=/etc/pki/rhui/content-rhel9.key sslclientcert=/etc/pki/rhui/product/content-rhel9.crt sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt . . (以下略) . .
redhat-rhui-eus.repo
の内容は以下のとおりです。変更点はmirrorlistのパスがdist
からeus
に変わったぐらいです。
$ cat /etc/yum.repos.d/redhat-rhui-eus.repo . . (中略) . . [rhel-9-appstream-eus-rhui-rpms] name=Red Hat Enterprise Linux 9 - AppStream - Extended Update Support from RHUI (RPMs) mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/eus/rhel9/rhui/$releasever/$basearch/appstream/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify=1 sslclientkey=/etc/pki/rhui/content-rhel9.key sslclientcert=/etc/pki/rhui/product/content-rhel9.crt sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt . . (中略) . . [rhel-9-baseos-eus-rhui-rpms] name=Red Hat Enterprise Linux 9 - BaseOS - Extended Update Support from RHUI (RPMs) mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/eus/rhel9/rhui/$releasever/$basearch/baseos/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release sslverify=1 sslclientkey=/etc/pki/rhui/content-rhel9.key sslclientcert=/etc/pki/rhui/product/content-rhel9.crt sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt . . (以下略) . .
EUSスイッチ後、リリースバージョンの設定ファイルを確認すると以下のように固定化されていました。
$ cat /etc/yum/vars/releasever 9.0
EUSスイッチ後のアップデート及びインストール可能なパッケージ一覧の確認
EUSスイッチ後のアップデート及びインストール可能なパッケージ一覧を確認してみましょう。
$ sudo dnf check-update Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 Client Configuration 26 kB/s | 3.2 kB 00:00 Red Hat Enterprise Linux 9 - AppStream - Extended Update Support from RHUI (R 22 MB/s | 15 MB 00:00 Red Hat Enterprise Linux 9 - BaseOS - Extended Update Support from RHUI (RPMs 18 MB/s | 11 MB 00:00 NetworkManager.x86_64 1:1.36.0-7.el9_0 rhel-9-baseos-eus-rhui-rpms NetworkManager-cloud-setup.x86_64 1:1.36.0-7.el9_0 rhel-9-appstream-eus-rhui-rpms NetworkManager-libnm.x86_64 1:1.36.0-7.el9_0 rhel-9-baseos-eus-rhui-rpms NetworkManager-team.x86_64 1:1.36.0-7.el9_0 rhel-9-baseos-eus-rhui-rpms NetworkManager-tui.x86_64 1:1.36.0-7.el9_0 rhel-9-baseos-eus-rhui-rpms c-ares.x86_64 1.17.1-5.el9_0.1 rhel-9-baseos-eus-rhui-rpms ca-certificates.noarch 2022.2.54-90.2.el9_0 rhel-9-baseos-eus-rhui-rpms . . (中略) . . tzdata.noarch 2023c-1.el9 rhel-9-baseos-eus-rhui-rpms vim-minimal.x86_64 2:8.2.2637-16.el9_0.3 rhel-9-baseos-eus-rhui-rpms xz.x86_64 5.2.5-8.el9_0 rhel-9-baseos-eus-rhui-rpms xz-libs.x86_64 5.2.5-8.el9_0 rhel-9-baseos-eus-rhui-rpms zlib.x86_64 1.2.11-34.el9_0 rhel-9-baseos-eus-rhui-rpms Obsoleting Packages grub2-tools.x86_64 1:2.06-27.el9_0.7 rhel-9-baseos-eus-rhui-rpms grub2-tools.x86_64 1:2.06-27.el9_0 @System grub2-tools.x86_64 1:2.06-27.el9_0.12 rhel-9-baseos-eus-rhui-rpms grub2-tools.x86_64 1:2.06-27.el9_0 @System grub2-tools.x86_64 1:2.06-27.el9_0.14 rhel-9-baseos-eus-rhui-rpms grub2-tools.x86_64 1:2.06-27.el9_0 @System . . (中略) . . grub2-tools-minimal.x86_64 1:2.06-27.el9_0.14 rhel-9-baseos-eus-rhui-rpms grub2-tools.x86_64 1:2.06-27.el9_0 @System grub2-tools-minimal.x86_64 1:2.06-27.el9_0.15 rhel-9-baseos-eus-rhui-rpms grub2-tools.x86_64 1:2.06-27.el9_0 @System
rhel-9-baseos-eus-rhui-rpms
やrhel-9-appstream-eus-rhui-rpms
とEUSのリポジトリを参照していることが分かります。
また、el9_0.1
やel9_0.14
などマイナーバージョンの後に数字が付与されていますね。
適用可能なErrataの数も確認しましょう。
$ sudo dnf updateinfo Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:02:55 ago on Tue 01 Aug 2023 11:05:49 AM UTC. Updates Information Summary: available 49 Security notice(s) 27 Important Security notice(s) 22 Moderate Security notice(s) 49 Bugfix notice(s) 2 Enhancement notice(s)
デフォルトのリポジトリでは29 Security notice(s)
でしたが、49 Security notice(s)
とErrataの数が増えていますね。
一覧も確認してみます。
$ sudo dnf updateinfo list | grep RHSA | sort RHSA-2022:4592 Important/Sec. rsync-3.2.3-9.el9_0.1.x86_64 RHSA-2022:4795 Important/Sec. rsyslog-8.2102.0-101.el9_0.1.x86_64 RHSA-2022:4795 Important/Sec. rsyslog-logrotate-8.2102.0-101.el9_0.1.x86_64 RHSA-2022:4940 Important/Sec. xz-5.2.5-8.el9_0.x86_64 . . (中略) . . RHSA-2023:4203 Important/Sec. python3-3.9.10-4.el9_0.1.x86_64 RHSA-2023:4203 Important/Sec. python3-libs-3.9.10-4.el9_0.1.x86_64 RHSA-2023:4329 Important/Sec. openssh-8.7p1-11.el9_0.x86_64 RHSA-2023:4329 Important/Sec. openssh-clients-8.7p1-11.el9_0.x86_64 RHSA-2023:4329 Important/Sec. openssh-server-8.7p1-11.el9_0.x86_64
2023年のErrataが含まれていることが分かります。ちなみにRHSA-2023:4329
は2023/7/31に公開されたもののようで、出来立てほやほやです。
実際にインストール可能なパッケージ一覧を確認してみましょう。
カーネルは以下のとおりです。
$ sudo dnf search kernel --showduplicate | grep ": The Linux kernel" Last metadata expiration check: 0:05:53 ago on Tue 01 Aug 2023 11:05:49 AM UTC. kernel-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.17.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.26.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.22.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.30.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.36.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.43.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.49.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.50.2.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.53.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.58.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.64.1.el9_0.x86_64 : The Linux kernel kernel-core-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel . . (中略) . . kernel-debug-core-5.14.0-70.50.2.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled kernel-debug-core-5.14.0-70.53.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled kernel-debug-core-5.14.0-70.58.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled kernel-debug-core-5.14.0-70.64.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
デフォルトのリポジトリだとRHEL 9.0のカーネルは以下のとおり5.14.0-70.30
ですが、EUSの場合は5.14.0-70.64
まで適用できることが分かります。
$ sudo dnf search kernel --showduplicate --releasever=9.0 | grep ": The Linux kernel" Red Hat Enterprise Linux 9 for x86_64 - AppStre 44 MB/s | 11 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS 29 MB/s | 5.3 MB 00:00 Red Hat Enterprise Linux 9 Client Configuration 30 kB/s | 3.2 kB 00:00 kernel-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.17.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.26.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.22.1.el9_0.x86_64 : The Linux kernel kernel-5.14.0-70.30.1.el9_0.x86_64 : The Linux kernel kernel-core-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel kernel-core-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel kernel-core-5.14.0-70.22.1.el9_0.x86_64 : The Linux kernel kernel-core-5.14.0-70.26.1.el9_0.x86_64 : The Linux kernel kernel-core-5.14.0-70.17.1.el9_0.x86_64 : The Linux kernel kernel-core-5.14.0-70.30.1.el9_0.x86_64 : The Linux kernel kernel-debug-core-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled kernel-debug-core-5.14.0-70.17.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled kernel-debug-core-5.14.0-70.26.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled kernel-debug-core-5.14.0-70.22.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled kernel-debug-core-5.14.0-70.30.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
インストール可能なhttpdのバージョンも確認しましょう。
$ sudo dnf info httpd --showduplicate Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:00:57 ago on Tue 01 Aug 2023 11:22:41 AM UTC. Available Packages Name : httpd Version : 2.4.51 Release : 7.el9_0 Architecture : x86_64 Size : 1.5 M Source : httpd-2.4.51-7.el9_0.src.rpm Repository : rhel-9-appstream-eus-rhui-rpms Summary : Apache HTTP Server URL : https://httpd.apache.org/ License : ASL 2.0 Description : The Apache HTTP Server is a powerful, efficient, and extensible : web server. Name : httpd Version : 2.4.51 Release : 7.el9_0.4 Architecture : x86_64 Size : 1.5 M Source : httpd-2.4.51-7.el9_0.4.src.rpm Repository : rhel-9-appstream-eus-rhui-rpms Summary : Apache HTTP Server URL : https://httpd.apache.org/ License : ASL 2.0 Description : The Apache HTTP Server is a powerful, efficient, and extensible : web server. Name : httpd Version : 2.4.51 Release : 7.el9_0.5 Architecture : x86_64 Size : 1.5 M Source : httpd-2.4.51-7.el9_0.5.src.rpm Repository : rhel-9-appstream-eus-rhui-rpms Summary : Apache HTTP Server URL : https://httpd.apache.org/ License : ASL 2.0 Description : The Apache HTTP Server is a powerful, efficient, and extensible : web server.
el9_0.4
やel9_0.5
とバックポートにより修正されたパッケージがありますね。
モジュール一覧も確認してみましょう。
$ sudo dnf module list Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:01:14 ago on Tue 01 Aug 2023 11:05:49 AM UTC.
何も表示されませんでした。モジュールストリームを選択している場合は注意が必要そうです。
EUSリポジトリからパッケージのインストール
EUSリポジトリからパッケージのインストールします。
試しにhttpdをインストールします。
$ sudo dnf install httpd Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:02:50 ago on Tue 01 Aug 2023 11:22:41 AM UTC. Dependencies resolved. ============================================================================================================== Package Architecture Version Repository Size ============================================================================================================== Installing: httpd x86_64 2.4.51-7.el9_0.5 rhel-9-appstream-eus-rhui-rpms 1.5 M Installing dependencies: apr x86_64 1.7.0-11.el9 rhel-9-appstream-eus-rhui-rpms 127 k apr-util x86_64 1.6.1-20.el9_0.1 rhel-9-appstream-eus-rhui-rpms 97 k apr-util-bdb x86_64 1.6.1-20.el9_0.1 rhel-9-appstream-eus-rhui-rpms 14 k httpd-filesystem noarch 2.4.51-7.el9_0.5 rhel-9-appstream-eus-rhui-rpms 15 k httpd-tools x86_64 2.4.51-7.el9_0.5 rhel-9-appstream-eus-rhui-rpms 86 k mailcap noarch 2.1.49-5.el9 rhel-9-baseos-eus-rhui-rpms 35 k redhat-logos-httpd noarch 90.4-1.el9 rhel-9-appstream-eus-rhui-rpms 18 k Installing weak dependencies: apr-util-openssl x86_64 1.6.1-20.el9_0.1 rhel-9-appstream-eus-rhui-rpms 17 k mod_http2 x86_64 1.15.19-3.el9_0.5 rhel-9-appstream-eus-rhui-rpms 153 k mod_lua x86_64 2.4.51-7.el9_0.5 rhel-9-appstream-eus-rhui-rpms 61 k Transaction Summary ============================================================================================================== Install 11 Packages Total download size: 2.1 M Installed size: 6.0 M Is this ok [y/N]: y Downloading Packages: (1/11): redhat-logos-httpd-90.4-1.el9.noarch.rpm 211 kB/s | 18 kB 00:00 (2/11): apr-1.7.0-11.el9.x86_64.rpm 1.1 MB/s | 127 kB 00:00 . . (中略) . . Installed: apr-1.7.0-11.el9.x86_64 apr-util-1.6.1-20.el9_0.1.x86_64 apr-util-bdb-1.6.1-20.el9_0.1.x86_64 apr-util-openssl-1.6.1-20.el9_0.1.x86_64 httpd-2.4.51-7.el9_0.5.x86_64 httpd-filesystem-2.4.51-7.el9_0.5.noarch httpd-tools-2.4.51-7.el9_0.5.x86_64 mailcap-2.1.49-5.el9.noarch mod_http2-1.15.19-3.el9_0.5.x86_64 mod_lua-2.4.51-7.el9_0.5.x86_64 redhat-logos-httpd-90.4-1.el9.noarch Complete!
特に何事もなくインストールが完了しました。
デフォルトのリポジトリにリセット
デフォルトのリポジトリにリセットします。
リセットはrhui-eus-switch reset
です。
$ sudo rhui-eus-switch reset Resetting to main stream version. [INFO:choose_repo] choose_repo:33 2023-08-01 11:26:03,705: Enabling binary repos in redhat-rhui.repo [INFO:choose_repo] choose_repo:56 2023-08-01 11:26:03,705: Enabling client config repo [INFO:choose_repo] choose_repo:64 2023-08-01 11:26:03,706: Executing [sed -i 's/enabled=0/enabled=1/' /etc/yum.repos.d/redhat-rhui-client-config.repo] Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. 26 files removed
リセット完了後フラグ管理用のファイルを確認すると削除されていました。
$ ls -l /var/run/rhui-eus-switch ls: cannot access '/var/run/rhui-eus-switch': No such file or directory
リポジトリ一覧を確認します。
$ sudo dnf repolist Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. repo id repo name rhel-9-appstream-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs) rhel-9-baseos-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs) rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration $ sudo dnf repolist --all Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. repo id repo name status codeready-builder-for-rhel-9-rhui-debug-rpms Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from disabled codeready-builder-for-rhel-9-rhui-rpms Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from disabled codeready-builder-for-rhel-9-rhui-source-rpms Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from disabled rhel-9-appstream-rhui-debug-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from disabled rhel-9-appstream-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from enabled rhel-9-appstream-rhui-source-rpms Red Hat Enterprise Linux 9 for x86_64 - AppStream from disabled rhel-9-baseos-rhui-debug-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU disabled rhel-9-baseos-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU enabled rhel-9-baseos-rhui-source-rpms Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU disabled rhel-9-supplementary-rhui-debug-rpms Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled rhel-9-supplementary-rhui-rpms Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled rhel-9-supplementary-rhui-source-rpms Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled rhui-client-config-server-9 Red Hat Enterprise Linux 9 Client Configuration enabled
EUSのリポジトリは綺麗さっぱり消えていますね。
ただ、定義ファイルはredhat-rhui-eus.repo.disabled
として残っていました。
$ ls -l /etc/yum.repos.d/ total 28 -rw-r--r--. 1 root root 4645 Jun 2 09:16 redhat-rhui-beta.repo.disabled -rw-r--r--. 1 root root 467 Aug 1 11:13 redhat-rhui-client-config.repo -rw-r--r--. 1 root root 5984 Aug 1 11:13 redhat-rhui-eus.repo.disabled -rw-r--r--. 1 root root 5792 Aug 1 11:13 redhat-rhui.repo
EUSリポジトリでインストールしたパッケージをデフォルトのAppStreamリポジトリを使ってアップデート
EUSリポジトリでインストールしたパッケージをデフォルトのAppStreamリポジトリを使ってアップデートした時の挙動を確認します。
まず、アップデート可能なバージョンを確認します。
$ sudo dnf check-upgrade httpd Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:00:35 ago on Tue 01 Aug 2023 11:27:04 AM UTC. httpd.x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-rhui-rpms
問題なくRHEL 9.2のhttpdにアップデートできそうですね。
次にリリースバージョンとしてRHEL 9.0を指定した場合です。
$ sudo dnf check-upgrade httpd --releasever=9.0 Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs) 44 MB/s | 11 MB 00:00 Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs) 28 MB/s | 5.3 MB 00:00 Last metadata expiration check: 0:00:01 ago on Tue 01 Aug 2023 11:27:55 AM UTC.
RHEL 9.0のデフォルトのAppStreamでインストールできるhttpdのバージョンは2.4.51-7.el9_0
と現在インストールされている2.4.51-7.el9_0.5
よりも古いため表示されませんでした。
リリースバージョンを指定せずにアップデートします。
$ sudo dnf upgrade httpd Updating Subscription Management repositories. Unable to read consumer identity This system is not registered with an entitlement server. You can use subscription-manager to register. Last metadata expiration check: 0:01:33 ago on Tue 01 Aug 2023 11:27:04 AM UTC. Dependencies resolved. ============================================================================================================== Package Architecture Version Repository Size ============================================================================================================== Upgrading: httpd x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-rhui-rpms 53 k httpd-filesystem noarch 2.4.53-11.el9_2.5 rhel-9-appstream-rhui-rpms 17 k httpd-tools x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-rhui-rpms 87 k mod_http2 x86_64 1.15.19-4.el9_2.4 rhel-9-appstream-rhui-rpms 153 k mod_lua x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-rhui-rpms 63 k Installing dependencies: httpd-core x86_64 2.4.53-11.el9_2.5 rhel-9-appstream-rhui-rpms 1.5 M Transaction Summary ============================================================================================================== Install 1 Package Upgrade 5 Packages Total download size: 1.9 M Is this ok [y/N]: y Downloading Packages: (1/6): mod_lua-2.4.53-11.el9_2.5.x86_64.rpm 1.0 MB/s | 63 kB 00:00 (2/6): mod_http2-1.15.19-4.el9_2.4.x86_64.rpm 2.0 MB/s | 153 kB 00:00 . . (中略) . . Upgraded: httpd-2.4.53-11.el9_2.5.x86_64 httpd-filesystem-2.4.53-11.el9_2.5.noarch httpd-tools-2.4.53-11.el9_2.5.x86_64 mod_http2-1.15.19-4.el9_2.4.x86_64 mod_lua-2.4.53-11.el9_2.5.x86_64 Installed: httpd-core-2.4.53-11.el9_2.5.x86_64 Complete!
こちらも特に何事もなくアップデート完了しました。
RHELのマイナーリリースをどうしても固定したい場合に使おう
Red Hat Enterprise Linux の PAYGインスタンスから EUS リポジトリをサブスクライブしてみました。
「AWSではEUS使えないのか...」と絶望していた方には朗報ですね。
ただし、EUSのバックポート対象は重要度が高いセキュリティ修正やバグフィックスに限られるので、できるだけ定期的にマイナーリリースをアップデートしていくのが望ましいと考えます。
Red Hatナレッジベース上の情報を閲覧したい場合は、以下記事に従いSSMエージェントをインストールしたRHELのEC2インスタンスを起動させましょう。
この記事が誰かの助けになれば幸いです。
以上、AWS事業本部 コンサルティング部の のんピ(@non____97)でした!