Chapter 16. System and Subscription Management
New search-disabled-repos
plug-in for yum
The
search-disabled-repos
plug-in for yum
has been added to the subscription-manager packages. This plug-in allows users to successfully complete yum
operations that fail due to the source repository being dependent on a disabled repository. When search-disabled-repos
is installed in the described scenario, yum
displays instructions to temporarily enable repositories that are currently disabled and to search for missing dependencies.
If you choose to follow the instructions and turn off the default
notify_only
behavior in the /etc/yum/pluginconf.d/search-disabled-repos.conf
file, future yum
operations will prompt you to temporarily or permanently enable all the disabled repositories needed to fulfill the yum
transaction. (BZ#1268376)
Easier troubleshooting with yum
The
yum
utility is now able to identify certain frequently occurring errors and provides a link to a relevant Red Hat Knowledgebase article. This helps users identify typical problems and address their cause. (BZ#1248686)
New package: rear
Relax-and-Recover
(rear) is a recovery and system migration utility. Written in bash
, it allows you to use tools already present on your system to continuously create recovery images which can be saved locally or on a remote server, and to use these images to easily restore the system in case of software or hardware failure. The tool also supports integration with various external tools such as backup solutions ( Symantec NetBackup
, duplicity
, IBM TSM
, etc.) and monitoring systems ( Nagios
, Opsview
).
The rear utility is available in base channels for all variants of Red Hat Enterprise Linux 6.8 on all architectures.
The utility produces a bootable image and restores from backup using this image. It also allows to restore to different hardware and can therefore be used as a migration utility as well. (BZ#981637)
iostat
now supports separate statistics for r_await
and w_await
The
iostat
tool now supports separate statistics for r_await
(average time for read requests issued to the device to be served) and w_await
(average time for write requests issued to the device to be served) in the Device Utilization Report. Use the -x
option to obtain a report which includes this information. (BZ#1185057)
TLS 1.1 and 1.2 are now enabled by default in libcurl
Previously, versions 1.1 and 1.2 of the TLS protocol were disabled by default in
libcurl
. Users were required to explicitly enable these TLS versions in utilities based on libcurl
in order to allow these utilities to securely communicate with servers that do not accept SSL 3.0 and TLS 1.0 connections. With this update, TLS 1.1 and TLS 1.2 are no longer disabled by default in libcurl
. You can, however, explicitly disable them using the libcurl API. (BZ#1289205)
libcurl
can now connect to SCP and SFTP servers through a HTTP proxy
Implementations of the
SCP
and SFTP
protocols in libcurl
have been enhanced and now support tunneling through HTTP proxies. (BZ#1258566)
abrt
can now exclude specific programs from being dumped
Previously, ignoring crashes of blacklisted programs in
abrt
did not prevent it from creating their core dumps - the dumps were still written to disk and then deleted. This approach allowed abrt
to notify system administrators of a crash while not using disk space to store unneeded crash dumps. However, creating these dumps only to delete them later was unnecessarily wasting system resources. This update introduces a new configuration option IgnoredPaths
in the /etc/abrt/plugins/CCpp.conf
configuration file, which allows you to specify a comma-separated list of file system path globs which will not be dumped at all. (BZ#1208713)
User and group whitelisting added to abrt
Previously,
abrt
allowed all users to generate and collect core dumps, which could potentially enable any user to maliciously generate a large number of core dumps and waste system resources. This update adds a whitelisting functionality to abrt
, and you can now only allow specific users or groups to generate core dumps. Use the new AllowedUsers = user1, user2, ...
and AllowedGroups = group1, group2, ...
options in the /etc/abrt/plugins/CCpp.conf
configuration file to restrict core dump generation and collection to these users or groups, or leave these options empty to configure abrt
to process core dumps for all users and groups. (BZ#1256705)
libvpd rebased to version 2.2.5
The libvpd packages have been upgraded to upstream version 2.2.5, which provides a number of bug fixes and enhancements over the previous version. Notably, this version includes:
- Improved error handling
- Security improvements such as fixing a potential buffer overflow and memory allocation validation (BZ#1148140)
libservicelog rebased to version 1.1.15
The libservicelog packages have been upgraded to upstream version 1.1.15, which provides a number of bug fixes and enhancements over the previous version. (BZ#1148141)
sysctl
configuration files can now contain longer lines
Previously,
sysctl
configuration files could only contain lines up to 255 characters long. With this update, the maximum acceptable line length has been increased to 4095 characters. (BZ#1201024)
ps
can now display thread cgroups
This update introduces a new format specifier
thcgr
, which can be used to display the cgroup of each listed thread. (BZ#1284076)
reporter-upload
now allows configuring optional SSH keys
The
reporter-upload
tool, which is used by abrt
to submit collected problem data, now allows you to use optional SSH key files. You can specify a key file using one of the following ways:
- The
SSHPublicKey
andSSHPrivateKey
options in the/etc/libreport/plugins/upload.conf
configuration file. - Using
-b
and-r
command line options for the public and private key, respectively. - Setting the
Upload_SSHPublicKey
andUpload_SSHPrivateKey
environment variables, respectively.
If none of these options or variables are used,
reporter-upload
will attempt to use the default SSH key from the user's ~/.ssh/
directory. (BZ#1261120)