Red Hat Enterprise Linux の PAYGインスタンスから EUS リポジトリをサブスクライブしてみた

Red Hat Enterprise Linux の PAYGインスタンスから EUS リポジトリをサブスクライブしてみた

RHELのマイナーリリースをどうしても固定したい場合に使おう
Clock Icon2023.08.02

この記事は公開されてから1年以上経過しています。情報が古い可能性がありますので、ご注意ください。

EUSを使いたい

こんにちは、のんピ(@non____97)です。

皆さんはRed Hat Enterprise Linux (以降RHEL)の pay-as-you-go (以降PAYG)のEC2インスタンスでEUSを使いたいなと思ったことはありますか? 私はあります。

EUSとはExtended Update Supportのことで、事前に定義された特定のマイナーリリースに影響度が高いセキュリティ更新と優先度が緊急と判断されたバグフィックスのバックポートを提供するオプションです。

通常、各マイナーリリースのプログラム修正は次のマイナーリリースの提供開始までですが、EUSを使用することで最大2年間同じマイナーリリースで先述したパッケージを適用することが可能です。

Red Hat Enterprise Linux サブスクリプションでは、次のマイナーリリースが提供されるまで、現行のアクティブなマイナーリリースで利用可能なすべての RHSA と RHBA が提供されます。 一方、EUS (特定のマイナーリリースで利用可能) では、その特定のマイナーリリース後に利用可能な、Red Hat が定義する 影響度が「重大」および「重要」ix の RHSA と優先度が「緊急」の一部 (判断は Red Hat による) の RHBA が、後続のマイナーリリースと並行して、個別に提供されます。 RHEL 7 に含まれるパッケージのリストは こちら を参照してください。 下記の Red Hat Enterprise Linux 8 & 9 延長アップデートサポートメンテナンスポリシー を参照してください。

Red Hat Enterprise Linux EUS の各ストリームは、マイナーリリースの公開後 24 カ月間利用できます。

Red Hat Enterprise Linux のライフサイクル - Red Hat Customer Portal

そんなマイナーリリースをある程度固定化したい場合に役立つEUSですが、AWS上では従量課金であるPAYGインスタンスでは使えないと認識していました。

しかし、RHEL 8または RHEL 9ではrhui-eus-switchなるコマンドでEUSリポジトリをサブスクライブできると情報いただきました。

RHELのプレミアムサブスクリプションを持っているとEUSも付随します。そのためPAYG RHELでも追加料金なしで使えると認識しています。(実際以降の検証をした後の割増料金は請求されませんでした)

EUS は x86-64 Red Hat Enterprise Linux Server Premium サブスクリプションで提供され、Red Hat Enterprise Linux Server 標準サブスクリプション、Red Hat Enterprise Linux for IBM Power LE、および Red Hat Enterprise Linux for IBM z Systems サブスクリプションへのアドオンとして利用できます。 EUS は、バージョン 9 のみのアドオンとして、Red Hat Enterprise Linux Workstation の標準およびプレミアムサブスクリプションで利用できるようになりました。

Red Hat Enterprise Linux (RHEL) Extended Update Support (EUS) の概要 - Red Hat Customer Portal

実際に試してみたので紹介します。

いきなりまとめ

  • rhui-eus-switchを使用することでRHELのPAYGインスタンスから EUS リポジトリをサブスクライブ可能
  • rhui-eus-switchrh-amazon-rhui-client-4.0.8-1.el8以降のバージョンで使える
  • EUSにスイッチ中はAppStreamのモジュールを使用できない
  • デフォルトのリポジトリにリセットすることも可能

試してみた

デフォルトのRHEL 9.0の情報の確認

検証用のEC2インスタンスとしてRHEL 9.0のEC2インスタンスを用意しました。

RHEL 9.0はEUSの対象です。

AMIの名前とus-east-1上のIDは以下の通りです。

  • RHEL-9.0.0_HVM-20220513-x86_64-0-Hourly2-GP2
  • ami-0c41531b8d18cc72b

まず、適用可能なアップデートを確認します。

$ sudo dnf check-update
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:04:51 ago on Tue 01 Aug 2023 10:27:01 AM UTC.

NetworkManager.x86_64                            1:1.42.2-3.el9_2                  rhel-9-baseos-rhui-rpms
NetworkManager-cloud-setup.x86_64                1:1.42.2-3.el9_2                  rhel-9-appstream-rhui-rpms
NetworkManager-libnm.x86_64                      1:1.42.2-3.el9_2                  rhel-9-baseos-rhui-rpms
NetworkManager-team.x86_64                       1:1.42.2-3.el9_2                  rhel-9-baseos-rhui-rpms
NetworkManager-tui.x86_64                        1:1.42.2-3.el9_2                  rhel-9-baseos-rhui-rpms
audit.x86_64                                     3.0.7-103.el9                     rhel-9-baseos-rhui-rpms
audit-libs.x86_64                                3.0.7-103.el9                     rhel-9-baseos-rhui-rpms
authselect.x86_64                                1.2.6-1.el9                       rhel-9-baseos-rhui-rpms
authselect-compat.x86_64                         1.2.6-1.el9                       rhel-9-appstream-rhui-rpms
authselect-libs.x86_64                           1.2.6-1.el9                       rhel-9-baseos-rhui-rpms
bash.x86_64                                      5.1.8-6.el9_1                     rhel-9-baseos-rhui-rpms
.
.
(中略)
.
.
which.x86_64                                     2.21-28.el9                       rhel-9-baseos-rhui-rpms
xz.x86_64                                        5.2.5-8.el9_0                     rhel-9-baseos-rhui-rpms
xz-libs.x86_64                                   5.2.5-8.el9_0                     rhel-9-baseos-rhui-rpms
yum.noarch                                       4.14.0-5.el9_2                    rhel-9-baseos-rhui-rpms
yum-utils.noarch                                 4.3.0-5.el9_2                     rhel-9-baseos-rhui-rpms
zlib.x86_64                                      1.2.11-39.el9                     rhel-9-baseos-rhui-rpms
Obsoleting Packages
grub2-tools.x86_64                               1:2.06-27.el9_0.7                 rhel-9-baseos-rhui-rpms
    grub2-tools.x86_64                           1:2.06-27.el9_0                   @System
grub2-tools.x86_64                               1:2.06-46.el9                     rhel-9-baseos-rhui-rpms
    grub2-tools.x86_64                           1:2.06-27.el9_0                   @System
grub2-tools.x86_64                               1:2.06-46.el9_1.3                 rhel-9-baseos-rhui-rpms
    grub2-tools.x86_64                           1:2.06-27.el9_0                   @System
.
.
(中略)
.
.
grub2-tools-minimal.x86_64                       1:2.06-61.el9                     rhel-9-baseos-rhui-rpms
    grub2-tools.x86_64                           1:2.06-27.el9_0                   @System
systemd-udev.x86_64                              252-13.el9_2                      rhel-9-baseos-rhui-rpms
    systemd-udev.x86_64                          250-6.el9_0                       @System
systemd-udev.x86_64                              252-14.el9_2.1                    rhel-9-baseos-rhui-rpms
    systemd-udev.x86_64                          250-6.el9_0                       @System

リリースバージョンを指定していないので、RHEL 9.2のパッケージまでアップデートされそうですね。

--releasever=9.0を指定して、RHEL 9.0のパッケージのみに絞って再実行します。

$ sudo dnf check-update --releasever=9.0
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs)             35 MB/s |  11 MB     00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs)                30 MB/s | 5.3 MB     00:00
Last metadata expiration check: 0:00:01 ago on Tue 01 Aug 2023 11:16:24 AM UTC.

NetworkManager.x86_64                            1:1.36.0-5.el9_0                  rhel-9-baseos-rhui-rpms
NetworkManager-cloud-setup.x86_64                1:1.36.0-5.el9_0                  rhel-9-appstream-rhui-rpms
NetworkManager-libnm.x86_64                      1:1.36.0-5.el9_0                  rhel-9-baseos-rhui-rpms
NetworkManager-team.x86_64                       1:1.36.0-5.el9_0                  rhel-9-baseos-rhui-rpms
NetworkManager-tui.x86_64                        1:1.36.0-5.el9_0                  rhel-9-baseos-rhui-rpms
ca-certificates.noarch                           2022.2.54-90.2.el9_0              rhel-9-baseos-rhui-rpms
cloud-init.noarch                                21.1-19.el9_0.4                   rhel-9-appstream-rhui-rpms
cryptsetup-libs.x86_64                           2.4.3-4.el9_0.1                   rhel-9-baseos-rhui-rpms
.
.
(中略)
.
.
tzdata.noarch                                    2022f-1.el9_0                     rhel-9-baseos-rhui-rpms
vim-minimal.x86_64                               2:8.2.2637-16.el9_0.3             rhel-9-baseos-rhui-rpms
xz.x86_64                                        5.2.5-8.el9_0                     rhel-9-baseos-rhui-rpms
xz-libs.x86_64                                   5.2.5-8.el9_0                     rhel-9-baseos-rhui-rpms
zlib.x86_64                                      1.2.11-32.el9_0                   rhel-9-baseos-rhui-rpms
Obsoleting Packages
grub2-tools.x86_64                               1:2.06-27.el9_0.7                 rhel-9-baseos-rhui-rpms
    grub2-tools.x86_64                           1:2.06-27.el9_0                   @System
grub2-tools-efi.x86_64                           1:2.06-27.el9_0.7                 rhel-9-baseos-rhui-rpms
    grub2-tools.x86_64                           1:2.06-27.el9_0                   @System
grub2-tools-extra.x86_64                         1:2.06-27.el9_0.7                 rhel-9-baseos-rhui-rpms
    grub2-tools.x86_64                           1:2.06-27.el9_0                   @System
grub2-tools-minimal.x86_64                       1:2.06-27.el9_0.7                 rhel-9-baseos-rhui-rpms
    grub2-tools.x86_64                           1:2.06-27.el9_0                   @System

パッケージのバージョンがel9_0とRHEL 9.0のものになりましたね。

dnf updateinfoで適用可能なErrataも比較してみます。

# リリースバージョンを指定しない場合
$ sudo dnf updateinfo
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs)             46 MB/s |  23 MB     00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs)                42 MB/s |  13 MB     00:00
Red Hat Enterprise Linux 9 Client Configuration                                28 kB/s | 3.2 kB     00:00
Updates Information Summary: available
     81 Security notice(s)
         26 Important Security notice(s)
         50 Moderate Security notice(s)
          5 Low Security notice(s)
    218 Bugfix notice(s)
     10 Enhancement notice(s)

# リリースバージョンを指定する場合
$ sudo dnf updateinfo --releasever=9.0
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:00:35 ago on Tue 01 Aug 2023 11:16:24 AM UTC.
Updates Information Summary: available
    29 Security notice(s)
        12 Important Security notice(s)
        17 Moderate Security notice(s)
    26 Bugfix notice(s)
     1 Enhancement notice(s)

適用可能なErrataの数がかなり異なりますね。

リリースバージョンとしてRHEL 9.0を指定した場合のErrataのID(RHSAに絞って)を確認します。

$ sudo dnf updateinfo list --releasever=9.0 | grep RHSA | sort
RHSA-2022:4592 Important/Sec. rsync-3.2.3-9.el9_0.1.x86_64
RHSA-2022:4795 Important/Sec. rsyslog-8.2102.0-101.el9_0.1.x86_64
RHSA-2022:4795 Important/Sec. rsyslog-logrotate-8.2102.0-101.el9_0.1.x86_64
RHSA-2022:4940 Important/Sec. xz-5.2.5-8.el9_0.x86_64
RHSA-2022:4940 Important/Sec. xz-libs-5.2.5-8.el9_0.x86_64
.
.
(中略)
.
.
RHSA-2022:7318 Important/Sec. python3-perf-5.14.0-70.30.1.el9_0.x86_64
RHSA-2022:7323 Moderate/Sec.  python3-3.9.10-3.el9_0.x86_64
RHSA-2022:7323 Moderate/Sec.  python3-libs-3.9.10-3.el9_0.x86_64
RHSA-2022:7323 Moderate/Sec.  python-unversioned-command-3.9.10-3.el9_0.noarch
RHSA-2022:7329 Moderate/Sec.  lua-libs-5.4.2-4.el9_0.3.x86_64

いずれも2022年のものであることが分かります。RHEL 9.1がリリースされたのが2022年の11月なので、2023年のErrataは表示されないということですね。

次にデフォルトのリポジトリを確認します。

# 有効なリポジトリ一覧
$ sudo dnf repolist
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

repo id                             repo name
rhel-9-appstream-rhui-rpms          Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs)
rhel-9-baseos-rhui-rpms             Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs)
rhui-client-config-server-9         Red Hat Enterprise Linux 9 Client Configuration

# 全てのリポジトリ一覧
$ sudo dnf repolist --all
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

repo id                                       repo name                                               status
codeready-builder-for-rhel-9-rhui-debug-rpms  Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from  disabled
codeready-builder-for-rhel-9-rhui-rpms        Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from  disabled
codeready-builder-for-rhel-9-rhui-source-rpms Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from  disabled
rhel-9-appstream-rhui-debug-rpms              Red Hat Enterprise Linux 9 for x86_64 - AppStream from  disabled
rhel-9-appstream-rhui-rpms                    Red Hat Enterprise Linux 9 for x86_64 - AppStream from  enabled
rhel-9-appstream-rhui-source-rpms             Red Hat Enterprise Linux 9 for x86_64 - AppStream from  disabled
rhel-9-baseos-rhui-debug-rpms                 Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU disabled
rhel-9-baseos-rhui-rpms                       Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU enabled
rhel-9-baseos-rhui-source-rpms                Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU disabled
rhel-9-supplementary-rhui-debug-rpms          Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled
rhel-9-supplementary-rhui-rpms                Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled
rhel-9-supplementary-rhui-source-rpms         Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled
rhui-client-config-server-9                   Red Hat Enterprise Linux 9 Client Configuration         enabled

RHUIのリポジトリとクライアント設定用のリポジトリが有効化されていますね。

有効となっているRHUIのリポジトリ設定は以下のとおりです。

$ cat /etc/yum.repos.d/redhat-rhui.repo
.
.
(中略)
.
.
[rhel-9-appstream-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - AppStream from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/appstream/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
.
.
(中略)
.
.
[rhel-9-baseos-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - BaseOS from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/baseos/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
.
.
(以下略)
.
.

次に、AppStreamのモジュール一覧を確認します。

$ sudo dnf module list
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:00:26 ago on Tue 01 Aug 2023 11:14:31 AM UTC.
Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs)
Name       Stream Profiles                              Summary
maven      3.8    common [d]                            Java project management and project comprehension tool
nginx      1.22   common [d]                            nginx webserver
nodejs     18     common [d], development, minimal, s2i Javascript runtime
php        8.1    common [d], devel, minimal            PHP scripting language
postgresql 15     client, server                        PostgreSQL server and client module
ruby       3.1    common [d]                            An interpreter of object-oriented scripting language

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

正しく表示されていますね。

EUSへのスイッチをする下準備

それではEUSへのスイッチを行いましょう。

まず、EUSへスイッチするコマンドrhui-eus-switchがあるかチェックします。

$ which rhui-eus-switch
/usr/bin/which: no rhui-eus-switch in (/home/ec2-user/.local/bin:/home/ec2-user/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin)

どうやら初期インストールされていないようです。

調査してみると、rhui-eus-switchrh-amazon-rhui-client-4.0.8-1.el8以降のバージョンで使えるようです。

デフォルトでインストールされているrh-amazon-rhui-client4.0.4-1でした。

$ rpm -qa | grep rh-amazon-rhui-client
rh-amazon-rhui-client-4.0.4-1.el9.noarch

アップデートしましょう。

# 使用可能な rh-amazon-rhui-client の一覧
$ sudo dnf search rh-amazon-rhui-client --showduplicate
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:05:47 ago on Tue 01 Aug 2023 10:47:43 AM UTC.
================================ Name Exactly Matched: rh-amazon-rhui-client =================================
rh-amazon-rhui-client-4.0.4-1.el9.noarch : Yum repository and entitlement certificate configuration
rh-amazon-rhui-client-3.0.44-1.el9.noarch : Yum repository and entitlement certificate configuration
rh-amazon-rhui-client-3.0.45-1.el9.noarch : Yum repository and entitlement certificate configuration
rh-amazon-rhui-client-4.0.4-1.el9.noarch : Yum repository and entitlement certificate configuration
rh-amazon-rhui-client-4.0.5-1.el9.noarch : Yum repository and entitlement certificate configuration
rh-amazon-rhui-client-4.0.6-1.el9.noarch : Yum repository and entitlement certificate configuration
rh-amazon-rhui-client-4.0.8-1.el9.noarch : Yum repository and entitlement certificate configuration
rh-amazon-rhui-client-4.0.9-1.el9.noarch : Yum repository and entitlement certificate configuration

# rh-amazon-rhui-client-4.0.8-1.el9へのアップデート
$ sudo dnf upgrade rh-amazon-rhui-client-4.0.8-1.el9
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:20:36 ago on Tue 01 Aug 2023 10:39:11 AM UTC.
Dependencies resolved.
==============================================================================================================
 Package                       Architecture   Version               Repository                           Size
==============================================================================================================
Upgrading:
 rh-amazon-rhui-client         noarch         4.0.8-1.el9           rhui-client-config-server-9          38 k
Installing dependencies:
 amazon-libdnf-plugin          x86_64         1.0.1-1.el9           rhui-client-config-server-9          15 k

Transaction Summary
==============================================================================================================
Install  1 Package
Upgrade  1 Package

Total download size: 53 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): amazon-libdnf-plugin-1.0.1-1.el9.x86_64.rpm                            359 kB/s |  15 kB     00:00
(2/2): rh-amazon-rhui-client-4.0.8-1.el9.noarch.rpm                           656 kB/s |  38 kB     00:00
--------------------------------------------------------------------------------------------------------------
Total                                                                         616 kB/s |  53 kB     00:00
Running transaction check
.
.
(中略)
.
.
Upgraded:
  rh-amazon-rhui-client-4.0.8-1.el9.noarch
Installed:
  amazon-libdnf-plugin-1.0.1-1.el9.x86_64

Complete!

アップデート完了後、rhui-eus-switchが存在するかチェックします。

$ which rhui-eus-switch
/usr/bin/rhui-eus-switch

インストールされていますね。

どんなコマンドかチェックしましょう。

#!/usr/bin/python3
#
# Martin Minar <[email protected]>
#
# Copyright 2023 Red Hat, Inc.
#
# This software is licensed to you under the GNU General Public
# License as published by the Free Software Foundation; either version
# 2 of the License (GPLv2) or (at your option) any later version.
# There is NO WARRANTY for this software, express or implied,
# including the implied warranties of MERCHANTABILITY,
# NON-INFRINGEMENT, or FITNESS FOR A PARTICULAR PURPOSE. You should
# have received a copy of GPLv2 along with this software; if not, see
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.

import sys
import json
import os
import sys
import subprocess
try:
    import requests
except ImportError:
    print("This script requires the requests module.")
    print("Please install it with 'pip3 install requests' and try again.")
    sys.exit(1)

METADATA_URL = 'http://169.254.169.254/latest/dynamic/instance-identity/document'
FLAG_FILE_PATH = "/var/run/rhui-eus-switch"
ALLOWED_BILLING_PRODUCTS = ['bp-6fa54006']
ALLOWED_RHEL8_EUS_VERSIONS = ['8.6', '8.8']
ALLOWED_RHEL9_EUS_VERSIONS = ['9.0', '9.2']
ALLOWED_ARCHITECTURES = ['x86_64','arm64']

def check_eus_eligibility():
    try:
        response = requests.get(METADATA_URL)
        response.raise_for_status()
        metadata = json.loads(response.text)

        billing_products = metadata.get('billingProducts', [])
        architecture = metadata.get('architecture', '')

        if set(billing_products) & set(ALLOWED_BILLING_PRODUCTS) and architecture in ALLOWED_ARCHITECTURES:
            print("You RHEL product version is eligible for switch to EUS.")
            return True
        else:
            if not architecture in ALLOWED_ARCHITECTURES:
                print("Your RHEL product architecture is not eligible for switch to EUS. Supported architectures: {}".format(', '.join(ALLOWED_ARCHITECTURES)))
            else:
                print("Your RHEL product is not eligible for switch to EUS.")
            return False
    except requests.exceptions.RequestException as e:
        print(f"Error retrieving instance metadata: {e}")
        return False


def check_version_eligibility():
    try:
        with open('/etc/os-release') as os_release:
            for line in os_release:
                if line.startswith('VERSION_ID='):
                    version_id = line.split('=')[1].strip('"\n')
                    if version_id in ALLOWED_EUS_VERSIONS:
                        print("Your current version is eligible for switch to EUS.")
                        return True
                    else:
                        print("Your current version is not eligible for switch to EUS.")
                        return False
    except IOError as e:
        print(f"Error reading /etc/os-release: {e}")
        return False


def get_allowed_versions():
    with open('/etc/os-release') as os_release:
        for line in os_release:
            if line.startswith('VERSION_ID='):
                version_id = line.split('=')[1].strip('"\n')
                major_version = version_id.split('.')[0]  # Extract major version
                if major_version == '8':
                    return ALLOWED_RHEL8_EUS_VERSIONS
                elif major_version == '9':
                    return ALLOWED_RHEL9_EUS_VERSIONS
                else:
                    return []


if __name__ == "__main__":
    if os.geteuid() != 0:
        print("This script must be run as root.")
        sys.exit(1)

    ALLOWED_EUS_VERSIONS = get_allowed_versions()

    if len(sys.argv) > 1:
        if sys.argv[1] == 'reset':
            print("Resetting to main stream version.")
            if os.path.exists(FLAG_FILE_PATH):
                os.remove(FLAG_FILE_PATH)
            subprocess.run(['/usr/sbin/choose_repo.py'], check=True)
            subprocess.run(['rhui-set-release', '--unset'], check=True)
            subprocess.run(['dnf', 'clean', 'all'], check=True)

        elif sys.argv[1] in ALLOWED_EUS_VERSIONS and check_eus_eligibility():
            print("Switching to EUS version " + sys.argv[1])
            subprocess.run(['/usr/sbin/choose_repo.py', 'eus'], check=True)
            subprocess.run(['rhui-set-release', '--set', sys.argv[1]], check=True)
            subprocess.run(['dnf', 'clean', 'all'], check=True)
            # Create a flag file to indicate that the switch to EUS was done
            with open(FLAG_FILE_PATH, 'w') as flag_file:
                flag_file.write("Switch to EUS done.\n")
        else:
            print("Version " + sys.argv[1] + " is not eligible for EUS switch.")
    else:
        print("Checking if current version is eligible for EUS switch.")
        if check_eus_eligibility() and check_version_eligibility():
            print("To switch to EUS, run this script with the version you want to switch to as a parameter.")
            print("Currently supported versions are: " + ', '.join(ALLOWED_EUS_VERSIONS))
            print("Examples:")
            print("To switch to RHEL EUS 8.6, run: " + sys.argv[0] + " 8.6")
            print("To reset back to main stream version, run: " + sys.argv[0] + " reset")

中身はPythonのスクリプトのようです。

EUSが使用できるマイナーリリースを指定することで、参照するRHUIを切り替えるようですね。

内部で参照している/usr/sbin/choose_repo.pyrhui-set-releaseが何者かも確認しましょう。

/usr/sbin/choose_repo.pyは実際にEUSのリポジトリの切り替えを行うPythonスクリプトのようです。

#!/usr/libexec/platform-python
#
# Copyright (c) 2021 Red Hat, Inc.
#
# Authors: Martin Minar
#
# This software is licensed to you under the GNU General Public License,
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
# along with this software; if not, see
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
#
# Red Hat trademarks are not licensed under GPLv2. No permission is
# granted to use or replicate Red Hat trademarks that are incorporated
# in this software or its documentation.
#

import logging
import os
import sys
import re

LOG = logging.getLogger('choose_repo')
FLAG_FILE_PATH = "/var/run/rhui-eus-switch"


def enable_repos(repo_suffix):
    repo_file = 'redhat-rhui%s.repo' % repo_suffix
    disable_list = ['source', 'debug', 'codeready', 'supplementary', 'rhscl', 'extra', 'optional', 'dotnet']

    # Enable the binary repos
    LOG.info('Enabling binary repos in %s' % repo_file)
    try:
        lines = open('/etc/yum.repos.d/%s' % repo_file).read().split('\n')
        enable_repo = False
        new_lines = []
        for line in lines:
            if line.startswith('[') and not any(s in line for s in disable_list):
                enable_repo = True
            if line.startswith('enabled') and enable_repo:
                new_lines.append('enabled=1')
                enable_repo = False
                continue
            new_lines.append(line)

        with open('/etc/yum.repos.d/%s' % repo_file, 'w') as fd:
            fd.write('\n'.join(new_lines))
    except FileNotFoundError:
        LOG.info('Content file %s not located.' % repo_file)

    if repo_suffix == '-eus':
        return

    # Enable the client config repo
    LOG.info('Enabling client config repo')
    # SAP Bundle have two variants, but only one file, we need to catch that
    if 'sap-bundle' in repo_suffix:
        repo_suffix = '-sap-bundle'
    if 'beta' in repo_suffix:
        repo_suffix = ''
    repo_file = 'redhat-rhui-client-config%s.repo' % repo_suffix
    cmd = "sed -i 's/enabled=0/enabled=1/' /etc/yum.repos.d/%s" % repo_file
    LOG.info('Executing [%s]' % cmd)
    os.system(cmd)


def rename_repo(source, target):
    try:
        os.rename(source, target)
    except:
        pass


def main():
    if len(sys.argv) > 1:
        repo_suffix = sys.argv[1]
    else:
        with open('/etc/redhat-release') as redhat_release:
            if re.search('beta', redhat_release.read(), re.IGNORECASE):
                repo_suffix = 'beta'
                # Rename non beta repo
                rename_repo('/etc/yum.repos.d/redhat-rhui.repo', '/etc/yum.repos.d/redhat-rhui.repo.disabled')
                rename_repo('/etc/yum.repos.d/redhat-rhui-beta.repo.disabled', '/etc/yum.repos.d/redhat-rhui-beta.repo')
            else:
                if not os.path.exists(FLAG_FILE_PATH):
                    repo_suffix = ''
                    rename_repo('/etc/yum.repos.d/redhat-rhui-beta.repo', '/etc/yum.repos.d/redhat-rhui-beta.repo.disabled')
                    rename_repo('/etc/yum.repos.d/redhat-rhui-eus.repo', '/etc/yum.repos.d/redhat-rhui-eus.repo.disabled')
                    rename_repo('/etc/yum.repos.d/redhat-rhui.repo.disabled', '/etc/yum.repos.d/redhat-rhui.repo')
                else:
                    repo_suffix = 'eus'

    if 'eus' in repo_suffix:
        rename_repo('/etc/yum.repos.d/redhat-rhui.repo', '/etc/yum.repos.d/redhat-rhui.repo.disabled')
        rename_repo('/etc/yum.repos.d/redhat-rhui-beta.repo', '/etc/yum.repos.d/redhat-rhui-beta.repo.disabled')
        rename_repo('/etc/yum.repos.d/redhat-rhui-eus.repo.disabled', '/etc/yum.repos.d/redhat-rhui-eus.repo')

    if repo_suffix:
        repo_suffix = '-%s' % repo_suffix

    enable_repos(repo_suffix)

if __name__ == '__main__':
    formatter = logging.Formatter("[%(levelname)s:%(name)s] %(module)s:%(lineno)d %(asctime)s: %(message)s")

    console_handler = logging.StreamHandler()
    console_handler.setFormatter(formatter)

    file_handler = logging.FileHandler('/var/log/choose_repo.log')
    file_handler.setFormatter(formatter)

    LOG.addHandler(console_handler)
    LOG.addHandler(file_handler)
    LOG.setLevel(logging.INFO)

    main()

フラグ管理で使用している/var/run/rhui-eus-switchはデフォルトでは存在しないようですね。

$ ls -l /var/run/rhui-eus-switch
ls: cannot access '/var/run/rhui-eus-switch': No such file or directory

rhui-set-releaseはリリースバージョンの設定したり、ヘルプを表示したりするBashのシェルスクリプトのようです。

#!/usr/bin/bash
# Copyright © 2018 Red Hat, Inc.
#
# This software is licensed to you under the GNU General Public
# License as published by the Free Software Foundation; either version
# 2 of the License (GPLv2) or (at your option) any later version.
# There is NO WARRANTY for this software, express or implied,
# including the implied warranties of MERCHANTABILITY,
# NON-INFRINGEMENT, or FITNESS FOR A PARTICULAR PURPOSE. You should
# have received a copy of GPLv2 along with this software; if not, see
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.

set -e

VERSION="1.0.0"

YUM_RELVER_PATH="/etc/yum/vars/releasever"

SET_ERR_MSG="The set option takes only one value"
UNSET_ERR_MSG="The unset option does not take any value"
NO_ROOT_ERR_MSG="This script needs to run with root privileges"


function print_help {
    echo -e "Usage: $(basename $0) [option] ... [--set RELEASE_VERSION | --unset ]\n"
    echo -e "Set release version string for Yum in /etc/yum/vars\n"
    echo -e "When no option is specified, print the currently set version.\n"
    echo -e "  -s, --set\t\tset the releasever for yum (the value is not validated)"
    echo -e "  -u, --unset\t\tremove any previously set value of releasever"
    echo -e "  -h, --help\t\tshow this help and exit"
    echo -e "      --version\t\tprint version string"
}

function print_version {
    echo "$(basename $0) $VERSION"
}

function cat_version {
    cat $YUM_RELVER_PATH 2>/dev/null || :
}

function set_release_version {
    echo "$1" > $YUM_RELVER_PATH
}

function remove_release_version {
    rm -f $YUM_RELVER_PATH
}

function check_for_help {
    for OPTION in $@ ; do
        [ "$OPTION" == "-h" ] && print_help && exit 0
        [ "$OPTION" == "--help" ] && print_help && exit 0
    done

    return 0
}

function check_for_version {
    for OPTION in $@ ; do
        [ "$OPTION" == "--version" ] && print_version && exit 0
    done

    return 0
}

function check_for_root {
    [ $EUID -ne 0 ] && echo $NO_ROOT_ERR_MSG && exit 1

    return 0
}

function main {
    # processing cli arguments
    if [ $# -eq 0 ]; then
        cat_version
    else
        check_for_help $@
        check_for_version $@
        check_for_root

        if [ "$1" == "--set" -o "$1" == "-s" ] ; then
            shift
            [ $# -ne 1 ] && echo $SET_ERR_MSG && exit 1
            set_release_version $@
        elif [ "$1" == "--unset" -o "$1" == "-u" ] ; then
            shift
            [ $# -ne 0 ] && echo $UNSET_ERR_MSG && exit 1
            remove_release_version
        else
            echo "Invalid options: $@"
            exit 1
        fi
    fi
}


main $@

EUSへのスイッチ

実際にEUSへのスイッチを行います。

まず、引数に何も指定せずにrhui-eus-switchを実行します。

$ sudo rhui-eus-switch
Checking if current version is eligible for EUS switch.
You RHEL product version is eligible for switch to EUS.
Your current version is eligible for switch to EUS.
To switch to EUS, run this script with the version you want to switch to as a parameter.
Currently supported versions are: 9.0, 9.2
Examples:
To switch to RHEL EUS 8.6, run: /bin/rhui-eus-switch 8.6
To reset back to main stream version, run: /bin/rhui-eus-switch reset

EUSをサポートしているマイナーリリースと、このスクリプトの使い方を教えてくれました。

RHEL 9.0のEUSを使用するように指定します。

$ sudo rhui-eus-switch 9.0
You RHEL product version is eligible for switch to EUS.
Switching to EUS version 9.0
[INFO:choose_repo] choose_repo:33 2023-08-01 11:02:18,412: Enabling binary repos in redhat-rhui-eus.repo
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

39 files removed

実行完了後、フラグ管理で使われているファイルを確認します。

$ ls -l /var/run/rhui-eus-switch
-rw-r--r--. 1 root root 20 Aug  1 11:02 /var/run/rhui-eus-switch

$ cat /var/run/rhui-eus-switch
Switch to EUS done.

EUSにスイッチしたことが分かりますね。

リポジトリ一覧を確認します。

$ sudo dnf repolist
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

repo id                        repo name
rhel-9-appstream-eus-rhui-rpms Red Hat Enterprise Linux 9 - AppStream - Extended Update Support from RHUI (RPMs)
rhel-9-baseos-eus-rhui-rpms    Red Hat Enterprise Linux 9 - BaseOS - Extended Update Support from RHUI (RPMs)
rhui-client-config-server-9    Red Hat Enterprise Linux 9 Client Configuration

$ sudo dnf repolist --all
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

repo id                                           repo name                                           status
codeready-builder-for-rhel-9-eus-rhui-debug-rpms  Red Hat CodeReady Linux Builder for RHEL 9 - Extend disabled
codeready-builder-for-rhel-9-eus-rhui-rpms        Red Hat CodeReady Linux Builder for RHEL 9 - Extend disabled
codeready-builder-for-rhel-9-eus-rhui-source-rpms Red Hat CodeReady Linux Builder for RHEL 9 - Extend disabled
rhel-9-appstream-eus-rhui-debug-rpms              Red Hat Enterprise Linux 9 - AppStream - Extended U disabled
rhel-9-appstream-eus-rhui-rpms                    Red Hat Enterprise Linux 9 - AppStream - Extended U enabled
rhel-9-appstream-eus-rhui-source-rpms             Red Hat Enterprise Linux 9 - AppStream - Extended U disabled
rhel-9-baseos-eus-rhui-debug-rpms                 Red Hat Enterprise Linux 9 - BaseOS - Extended Upda disabled
rhel-9-baseos-eus-rhui-rpms                       Red Hat Enterprise Linux 9 - BaseOS - Extended Upda enabled
rhel-9-baseos-eus-rhui-source-rpms                Red Hat Enterprise Linux 9 - BaseOS - Extended Upda disabled
rhel-9-supplementary-eus-rhui-debug-rpms          Red Hat Enterprise Linux 9 - Supplementary - Extend disabled
rhel-9-supplementary-eus-rhui-rpms                Red Hat Enterprise Linux 9 - Supplementary - Extend disabled
rhel-9-supplementary-eus-rhui-source-rpms         Red Hat Enterprise Linux 9 - Supplementary - Extend disabled
rhui-client-config-server-9                       Red Hat Enterprise Linux 9 Client Configuration     enabled

デフォルトのリポジトリはrhui-client-config-server-9を除いて全て削除され、全てEUSのリポジトリとなっていますね。

EUSのリポジトリの定義ファイルはredhat-rhui-eus.repoと別で作られています。また、デフォルトのRHUIのリポジトリ定義はredhat-rhui.repo.disabledとなっています。

$ ls -l /etc/yum.repos.d/
total 28
-rw-r--r--. 1 root root 4645 Jun  2 09:16 redhat-rhui-beta.repo.disabled
-rw-r--r--. 1 root root  467 Aug  1 10:59 redhat-rhui-client-config.repo
-rw-r--r--. 1 root root 5984 Aug  1 11:02 redhat-rhui-eus.repo
-rw-r--r--. 1 root root 5792 Aug  1 10:59 redhat-rhui.repo.disabled

redhat-rhui.repo.disabledの内容は以下のとおりです。実際には無効化されていますが、定義としてはenabled=1のままですね。

$ cat /etc/yum.repos.d/redhat-rhui.repo.disabled
.
.
(中略)
.
.
[rhel-9-appstream-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - AppStream from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/appstream/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
.
.
(中略)
.
.
[rhel-9-baseos-rhui-rpms]
name=Red Hat Enterprise Linux 9 for $basearch - BaseOS from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/dist/rhel9/rhui/$releasever/$basearch/baseos/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
.
.
(以下略)
.
.

redhat-rhui-eus.repoの内容は以下のとおりです。変更点はmirrorlistのパスがdistからeusに変わったぐらいです。

$ cat /etc/yum.repos.d/redhat-rhui-eus.repo
.
.
(中略)
.
.
[rhel-9-appstream-eus-rhui-rpms]
name=Red Hat Enterprise Linux 9 - AppStream - Extended Update Support from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/eus/rhel9/rhui/$releasever/$basearch/appstream/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
.
.
(中略)
.
.
[rhel-9-baseos-eus-rhui-rpms]
name=Red Hat Enterprise Linux 9 - BaseOS - Extended Update Support from RHUI (RPMs)
mirrorlist=https://rhui.REGION.aws.ce.redhat.com/pulp/mirror/content/eus/rhel9/rhui/$releasever/$basearch/baseos/os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sslverify=1
sslclientkey=/etc/pki/rhui/content-rhel9.key
sslclientcert=/etc/pki/rhui/product/content-rhel9.crt
sslcacert=/etc/pki/rhui/cdn.redhat.com-chain.crt
.
.
(以下略)
.
.

EUSスイッチ後、リリースバージョンの設定ファイルを確認すると以下のように固定化されていました。

$ cat /etc/yum/vars/releasever
9.0

EUSスイッチ後のアップデート及びインストール可能なパッケージ一覧の確認

EUSスイッチ後のアップデート及びインストール可能なパッケージ一覧を確認してみましょう。

$ sudo dnf check-update
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Red Hat Enterprise Linux 9 Client Configuration                                26 kB/s | 3.2 kB     00:00
Red Hat Enterprise Linux 9 - AppStream - Extended Update Support from RHUI (R  22 MB/s |  15 MB     00:00
Red Hat Enterprise Linux 9 - BaseOS - Extended Update Support from RHUI (RPMs  18 MB/s |  11 MB     00:00

NetworkManager.x86_64                           1:1.36.0-7.el9_0                rhel-9-baseos-eus-rhui-rpms
NetworkManager-cloud-setup.x86_64               1:1.36.0-7.el9_0                rhel-9-appstream-eus-rhui-rpms
NetworkManager-libnm.x86_64                     1:1.36.0-7.el9_0                rhel-9-baseos-eus-rhui-rpms
NetworkManager-team.x86_64                      1:1.36.0-7.el9_0                rhel-9-baseos-eus-rhui-rpms
NetworkManager-tui.x86_64                       1:1.36.0-7.el9_0                rhel-9-baseos-eus-rhui-rpms
c-ares.x86_64                                   1.17.1-5.el9_0.1                rhel-9-baseos-eus-rhui-rpms
ca-certificates.noarch                          2022.2.54-90.2.el9_0            rhel-9-baseos-eus-rhui-rpms
.
.
(中略)
.
.
tzdata.noarch                                   2023c-1.el9                     rhel-9-baseos-eus-rhui-rpms
vim-minimal.x86_64                              2:8.2.2637-16.el9_0.3           rhel-9-baseos-eus-rhui-rpms
xz.x86_64                                       5.2.5-8.el9_0                   rhel-9-baseos-eus-rhui-rpms
xz-libs.x86_64                                  5.2.5-8.el9_0                   rhel-9-baseos-eus-rhui-rpms
zlib.x86_64                                     1.2.11-34.el9_0                 rhel-9-baseos-eus-rhui-rpms
Obsoleting Packages
grub2-tools.x86_64                              1:2.06-27.el9_0.7               rhel-9-baseos-eus-rhui-rpms
    grub2-tools.x86_64                          1:2.06-27.el9_0                 @System
grub2-tools.x86_64                              1:2.06-27.el9_0.12              rhel-9-baseos-eus-rhui-rpms
    grub2-tools.x86_64                          1:2.06-27.el9_0                 @System
grub2-tools.x86_64                              1:2.06-27.el9_0.14              rhel-9-baseos-eus-rhui-rpms
    grub2-tools.x86_64                          1:2.06-27.el9_0                 @System
.
.
(中略)
.
.
grub2-tools-minimal.x86_64                      1:2.06-27.el9_0.14              rhel-9-baseos-eus-rhui-rpms
    grub2-tools.x86_64                          1:2.06-27.el9_0                 @System
grub2-tools-minimal.x86_64                      1:2.06-27.el9_0.15              rhel-9-baseos-eus-rhui-rpms
    grub2-tools.x86_64                          1:2.06-27.el9_0                 @System

rhel-9-baseos-eus-rhui-rpmsrhel-9-appstream-eus-rhui-rpmsとEUSのリポジトリを参照していることが分かります。

また、el9_0.1el9_0.14などマイナーバージョンの後に数字が付与されていますね。

適用可能なErrataの数も確認しましょう。

$ sudo dnf updateinfo
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:02:55 ago on Tue 01 Aug 2023 11:05:49 AM UTC.
Updates Information Summary: available
    49 Security notice(s)
        27 Important Security notice(s)
        22 Moderate Security notice(s)
    49 Bugfix notice(s)
     2 Enhancement notice(s)

デフォルトのリポジトリでは29 Security notice(s)でしたが、49 Security notice(s)とErrataの数が増えていますね。

一覧も確認してみます。

$ sudo dnf updateinfo list | grep RHSA | sort
RHSA-2022:4592 Important/Sec. rsync-3.2.3-9.el9_0.1.x86_64
RHSA-2022:4795 Important/Sec. rsyslog-8.2102.0-101.el9_0.1.x86_64
RHSA-2022:4795 Important/Sec. rsyslog-logrotate-8.2102.0-101.el9_0.1.x86_64
RHSA-2022:4940 Important/Sec. xz-5.2.5-8.el9_0.x86_64
.
.
(中略)
.
.
RHSA-2023:4203 Important/Sec. python3-3.9.10-4.el9_0.1.x86_64
RHSA-2023:4203 Important/Sec. python3-libs-3.9.10-4.el9_0.1.x86_64
RHSA-2023:4329 Important/Sec. openssh-8.7p1-11.el9_0.x86_64
RHSA-2023:4329 Important/Sec. openssh-clients-8.7p1-11.el9_0.x86_64
RHSA-2023:4329 Important/Sec. openssh-server-8.7p1-11.el9_0.x86_64

2023年のErrataが含まれていることが分かります。ちなみにRHSA-2023:4329は2023/7/31に公開されたもののようで、出来立てほやほやです。

実際にインストール可能なパッケージ一覧を確認してみましょう。

カーネルは以下のとおりです。

$ sudo dnf search kernel --showduplicate | grep ": The Linux kernel"
Last metadata expiration check: 0:05:53 ago on Tue 01 Aug 2023 11:05:49 AM UTC.
kernel-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.17.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.26.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.22.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.30.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.36.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.43.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.49.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.50.2.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.53.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.58.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.64.1.el9_0.x86_64 : The Linux kernel
kernel-core-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel
.
.
(中略)
.
.
kernel-debug-core-5.14.0-70.50.2.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
kernel-debug-core-5.14.0-70.53.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
kernel-debug-core-5.14.0-70.58.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
kernel-debug-core-5.14.0-70.64.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled

デフォルトのリポジトリだとRHEL 9.0のカーネルは以下のとおり5.14.0-70.30ですが、EUSの場合は5.14.0-70.64まで適用できることが分かります。

$ sudo dnf search kernel --showduplicate --releasever=9.0 | grep ": The Linux kernel"
Red Hat Enterprise Linux 9 for x86_64 - AppStre  44 MB/s |  11 MB     00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS   29 MB/s | 5.3 MB     00:00
Red Hat Enterprise Linux 9 Client Configuration  30 kB/s | 3.2 kB     00:00
kernel-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.17.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.26.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.22.1.el9_0.x86_64 : The Linux kernel
kernel-5.14.0-70.30.1.el9_0.x86_64 : The Linux kernel
kernel-core-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel
kernel-core-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel
kernel-core-5.14.0-70.22.1.el9_0.x86_64 : The Linux kernel
kernel-core-5.14.0-70.26.1.el9_0.x86_64 : The Linux kernel
kernel-core-5.14.0-70.17.1.el9_0.x86_64 : The Linux kernel
kernel-core-5.14.0-70.30.1.el9_0.x86_64 : The Linux kernel
kernel-debug-core-5.14.0-70.13.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
kernel-debug-core-5.14.0-70.17.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
kernel-debug-core-5.14.0-70.26.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
kernel-debug-core-5.14.0-70.22.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled
kernel-debug-core-5.14.0-70.30.1.el9_0.x86_64 : The Linux kernel compiled with extra debugging enabled

インストール可能なhttpdのバージョンも確認しましょう。

$ sudo dnf info httpd --showduplicate
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:00:57 ago on Tue 01 Aug 2023 11:22:41 AM UTC.
Available Packages
Name         : httpd
Version      : 2.4.51
Release      : 7.el9_0
Architecture : x86_64
Size         : 1.5 M
Source       : httpd-2.4.51-7.el9_0.src.rpm
Repository   : rhel-9-appstream-eus-rhui-rpms
Summary      : Apache HTTP Server
URL          : https://httpd.apache.org/
License      : ASL 2.0
Description  : The Apache HTTP Server is a powerful, efficient, and extensible
             : web server.

Name         : httpd
Version      : 2.4.51
Release      : 7.el9_0.4
Architecture : x86_64
Size         : 1.5 M
Source       : httpd-2.4.51-7.el9_0.4.src.rpm
Repository   : rhel-9-appstream-eus-rhui-rpms
Summary      : Apache HTTP Server
URL          : https://httpd.apache.org/
License      : ASL 2.0
Description  : The Apache HTTP Server is a powerful, efficient, and extensible
             : web server.

Name         : httpd
Version      : 2.4.51
Release      : 7.el9_0.5
Architecture : x86_64
Size         : 1.5 M
Source       : httpd-2.4.51-7.el9_0.5.src.rpm
Repository   : rhel-9-appstream-eus-rhui-rpms
Summary      : Apache HTTP Server
URL          : https://httpd.apache.org/
License      : ASL 2.0
Description  : The Apache HTTP Server is a powerful, efficient, and extensible
             : web server.

el9_0.4el9_0.5とバックポートにより修正されたパッケージがありますね。

モジュール一覧も確認してみましょう。

$ sudo dnf module list
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:01:14 ago on Tue 01 Aug 2023 11:05:49 AM UTC.

何も表示されませんでした。モジュールストリームを選択している場合は注意が必要そうです。

EUSリポジトリからパッケージのインストール

EUSリポジトリからパッケージのインストールします。

試しにhttpdをインストールします。

$ sudo dnf install httpd
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:02:50 ago on Tue 01 Aug 2023 11:22:41 AM UTC.
Dependencies resolved.
==============================================================================================================
 Package                   Architecture  Version                  Repository                             Size
==============================================================================================================
Installing:
 httpd                     x86_64        2.4.51-7.el9_0.5         rhel-9-appstream-eus-rhui-rpms        1.5 M
Installing dependencies:
 apr                       x86_64        1.7.0-11.el9             rhel-9-appstream-eus-rhui-rpms        127 k
 apr-util                  x86_64        1.6.1-20.el9_0.1         rhel-9-appstream-eus-rhui-rpms         97 k
 apr-util-bdb              x86_64        1.6.1-20.el9_0.1         rhel-9-appstream-eus-rhui-rpms         14 k
 httpd-filesystem          noarch        2.4.51-7.el9_0.5         rhel-9-appstream-eus-rhui-rpms         15 k
 httpd-tools               x86_64        2.4.51-7.el9_0.5         rhel-9-appstream-eus-rhui-rpms         86 k
 mailcap                   noarch        2.1.49-5.el9             rhel-9-baseos-eus-rhui-rpms            35 k
 redhat-logos-httpd        noarch        90.4-1.el9               rhel-9-appstream-eus-rhui-rpms         18 k
Installing weak dependencies:
 apr-util-openssl          x86_64        1.6.1-20.el9_0.1         rhel-9-appstream-eus-rhui-rpms         17 k
 mod_http2                 x86_64        1.15.19-3.el9_0.5        rhel-9-appstream-eus-rhui-rpms        153 k
 mod_lua                   x86_64        2.4.51-7.el9_0.5         rhel-9-appstream-eus-rhui-rpms         61 k

Transaction Summary
==============================================================================================================
Install  11 Packages

Total download size: 2.1 M
Installed size: 6.0 M
Is this ok [y/N]: y
Downloading Packages:
(1/11): redhat-logos-httpd-90.4-1.el9.noarch.rpm                              211 kB/s |  18 kB     00:00
(2/11): apr-1.7.0-11.el9.x86_64.rpm                                           1.1 MB/s | 127 kB     00:00
.
.
(中略)
.
.
Installed:
  apr-1.7.0-11.el9.x86_64                             apr-util-1.6.1-20.el9_0.1.x86_64
  apr-util-bdb-1.6.1-20.el9_0.1.x86_64                apr-util-openssl-1.6.1-20.el9_0.1.x86_64
  httpd-2.4.51-7.el9_0.5.x86_64                       httpd-filesystem-2.4.51-7.el9_0.5.noarch
  httpd-tools-2.4.51-7.el9_0.5.x86_64                 mailcap-2.1.49-5.el9.noarch
  mod_http2-1.15.19-3.el9_0.5.x86_64                  mod_lua-2.4.51-7.el9_0.5.x86_64
  redhat-logos-httpd-90.4-1.el9.noarch

Complete!

特に何事もなくインストールが完了しました。

デフォルトのリポジトリにリセット

デフォルトのリポジトリにリセットします。

リセットはrhui-eus-switch resetです。

$ sudo rhui-eus-switch reset
Resetting to main stream version.
[INFO:choose_repo] choose_repo:33 2023-08-01 11:26:03,705: Enabling binary repos in redhat-rhui.repo
[INFO:choose_repo] choose_repo:56 2023-08-01 11:26:03,705: Enabling client config repo
[INFO:choose_repo] choose_repo:64 2023-08-01 11:26:03,706: Executing [sed -i 's/enabled=0/enabled=1/' /etc/yum.repos.d/redhat-rhui-client-config.repo]
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

26 files removed

リセット完了後フラグ管理用のファイルを確認すると削除されていました。

$ ls -l /var/run/rhui-eus-switch
ls: cannot access '/var/run/rhui-eus-switch': No such file or directory

リポジトリ一覧を確認します。

$ sudo dnf repolist
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

repo id                             repo name
rhel-9-appstream-rhui-rpms          Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs)
rhel-9-baseos-rhui-rpms             Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs)
rhui-client-config-server-9         Red Hat Enterprise Linux 9 Client Configuration

$ sudo dnf repolist --all
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

repo id                                       repo name                                               status
codeready-builder-for-rhel-9-rhui-debug-rpms  Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from  disabled
codeready-builder-for-rhel-9-rhui-rpms        Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from  disabled
codeready-builder-for-rhel-9-rhui-source-rpms Red Hat CodeReady Linux Builder for RHEL 9 x86_64 from  disabled
rhel-9-appstream-rhui-debug-rpms              Red Hat Enterprise Linux 9 for x86_64 - AppStream from  disabled
rhel-9-appstream-rhui-rpms                    Red Hat Enterprise Linux 9 for x86_64 - AppStream from  enabled
rhel-9-appstream-rhui-source-rpms             Red Hat Enterprise Linux 9 for x86_64 - AppStream from  disabled
rhel-9-baseos-rhui-debug-rpms                 Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU disabled
rhel-9-baseos-rhui-rpms                       Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU enabled
rhel-9-baseos-rhui-source-rpms                Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHU disabled
rhel-9-supplementary-rhui-debug-rpms          Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled
rhel-9-supplementary-rhui-rpms                Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled
rhel-9-supplementary-rhui-source-rpms         Red Hat Enterprise Linux 9 for x86_64 - Supplementary f disabled
rhui-client-config-server-9                   Red Hat Enterprise Linux 9 Client Configuration         enabled

EUSのリポジトリは綺麗さっぱり消えていますね。

ただ、定義ファイルはredhat-rhui-eus.repo.disabledとして残っていました。

$ ls -l /etc/yum.repos.d/
total 28
-rw-r--r--. 1 root root 4645 Jun  2 09:16 redhat-rhui-beta.repo.disabled
-rw-r--r--. 1 root root  467 Aug  1 11:13 redhat-rhui-client-config.repo
-rw-r--r--. 1 root root 5984 Aug  1 11:13 redhat-rhui-eus.repo.disabled
-rw-r--r--. 1 root root 5792 Aug  1 11:13 redhat-rhui.repo

EUSリポジトリでインストールしたパッケージをデフォルトのAppStreamリポジトリを使ってアップデート

EUSリポジトリでインストールしたパッケージをデフォルトのAppStreamリポジトリを使ってアップデートした時の挙動を確認します。

まず、アップデート可能なバージョンを確認します。

$ sudo dnf check-upgrade httpd
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:00:35 ago on Tue 01 Aug 2023 11:27:04 AM UTC.

httpd.x86_64                           2.4.53-11.el9_2.5                            rhel-9-appstream-rhui-rpms

問題なくRHEL 9.2のhttpdにアップデートできそうですね。

次にリリースバージョンとしてRHEL 9.0を指定した場合です。

$ sudo dnf check-upgrade httpd --releasever=9.0
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Red Hat Enterprise Linux 9 for x86_64 - AppStream from RHUI (RPMs)             44 MB/s |  11 MB     00:00
Red Hat Enterprise Linux 9 for x86_64 - BaseOS from RHUI (RPMs)                28 MB/s | 5.3 MB     00:00
Last metadata expiration check: 0:00:01 ago on Tue 01 Aug 2023 11:27:55 AM UTC.

RHEL 9.0のデフォルトのAppStreamでインストールできるhttpdのバージョンは2.4.51-7.el9_0と現在インストールされている2.4.51-7.el9_0.5よりも古いため表示されませんでした。

リリースバージョンを指定せずにアップデートします。

$ sudo dnf upgrade httpd
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:01:33 ago on Tue 01 Aug 2023 11:27:04 AM UTC.
Dependencies resolved.
==============================================================================================================
 Package                  Architecture   Version                     Repository                          Size
==============================================================================================================
Upgrading:
 httpd                    x86_64         2.4.53-11.el9_2.5           rhel-9-appstream-rhui-rpms          53 k
 httpd-filesystem         noarch         2.4.53-11.el9_2.5           rhel-9-appstream-rhui-rpms          17 k
 httpd-tools              x86_64         2.4.53-11.el9_2.5           rhel-9-appstream-rhui-rpms          87 k
 mod_http2                x86_64         1.15.19-4.el9_2.4           rhel-9-appstream-rhui-rpms         153 k
 mod_lua                  x86_64         2.4.53-11.el9_2.5           rhel-9-appstream-rhui-rpms          63 k
Installing dependencies:
 httpd-core               x86_64         2.4.53-11.el9_2.5           rhel-9-appstream-rhui-rpms         1.5 M

Transaction Summary
==============================================================================================================
Install  1 Package
Upgrade  5 Packages

Total download size: 1.9 M
Is this ok [y/N]: y
Downloading Packages:
(1/6): mod_lua-2.4.53-11.el9_2.5.x86_64.rpm                                   1.0 MB/s |  63 kB     00:00
(2/6): mod_http2-1.15.19-4.el9_2.4.x86_64.rpm                                 2.0 MB/s | 153 kB     00:00
.
.
(中略)
.
.
Upgraded:
  httpd-2.4.53-11.el9_2.5.x86_64                      httpd-filesystem-2.4.53-11.el9_2.5.noarch
  httpd-tools-2.4.53-11.el9_2.5.x86_64                mod_http2-1.15.19-4.el9_2.4.x86_64
  mod_lua-2.4.53-11.el9_2.5.x86_64
Installed:
  httpd-core-2.4.53-11.el9_2.5.x86_64

Complete!

こちらも特に何事もなくアップデート完了しました。

RHELのマイナーリリースをどうしても固定したい場合に使おう

Red Hat Enterprise Linux の PAYGインスタンスから EUS リポジトリをサブスクライブしてみました。

「AWSではEUS使えないのか...」と絶望していた方には朗報ですね。

ただし、EUSのバックポート対象は重要度が高いセキュリティ修正やバグフィックスに限られるので、できるだけ定期的にマイナーリリースをアップデートしていくのが望ましいと考えます。

Red Hatナレッジベース上の情報を閲覧したい場合は、以下記事に従いSSMエージェントをインストールしたRHELのEC2インスタンスを起動させましょう。

この記事が誰かの助けになれば幸いです。

以上、AWS事業本部 コンサルティング部の のんピ(@non____97)でした!

Share this article

facebook logohatena logotwitter logo

© Classmethod, Inc. All rights reserved.