Red Hat SummitChapter 19. System and Subscription Management
cockpit rebased to version 173
The cockpit packages, which provide the Cockpit browser-based administration console, have been upgraded to version 173. This version provides a number of bug fixes and enhancements. Notable changes include:
- The menu and navigation can now work with mobile browsers.
Cockpitnow supports alternate Kerberos keytabs for Cockpit's web server, which enables configuration of Single Sign-On (SSO).- Automatic setup of Kerberos keytab for Cockpit web server.
- Automatic configuration of SSO with FreeIPA for
Cockpitis possible. Cockpitrequests FreeIPA SSL certificate for Cockpit's web server.Cockpitshows available package updates and missing registrations on system front page.- A Firewall interface has been added.
- The flow control to avoid user interface hangs and unbounded memory usage for big file downloads has been added.
- Terminal issues in Chrome have been fixed.
Cockpitnow properly localizes numbers, times, and dates.- Subscriptions page hang when accessing as a non-administrator user has been fixed.
Log inis now localized properly.
reposync now by default skips packages whose location falls outside the destination directory
Previously, the
reposync command did not sanitize paths to packages specified in a remote repository, which was insecure. A security fix for CVE-2018-10897 has changed the default behavior of reposync to not store any packages outside the specified destination directory. To restore the original insecure behavior, use the new --allow-path-traversal option. (BZ#1609302, BZ#1600618)
The yum clean all command now prints a disk usage summary
When using the
yum clean all command, the following hint was always displayed:
Maybe you want: rm -rf /var/cache/yum
With this update, the hint has been removed, and
yum clean all now prints a disk usage summary for remaining repositories that were not affected by yum clean all (BZ#1481220)
The yum versionlock plug-in now displays which packages are blocked when running the yum update command
Previously, the
yum versionlock plug-in, which is used to lock RPM packages, did not display any information about packages excluded from the update. Consequently, users were not warned that such packages will not be updated when running the yum update command. With this update, yum versionlock has been changed. The plug-in now prints a message about how many package updates are being excluded. In addition, the new status subcommand has been added to the plug-in. The yum versionlock status command prints the list of available package updates blocked by the plug-in. (BZ#1497351)
The repotrack command now supports the --repofrompath option
The
--repofrompath option, which is already supported by the repoquery and repoclosure commands, has been added to the repotrack command. As a result, non-root users can now add custom repositories to track without escalating their privileges. (BZ#1506205)
Subscription manager now respects proxy_port settings from rhsm.conf
Previously, subscription manager did not respect changes to the default
proxy_port configuration from the /etc/rhsm/rhsm.conf file. Consequently, the default value of 3128 was used even after the user had changed the value of proxy_port.
With this update, the underlying source code has been fixed, and subscription manager now respects changes to the default
proxy_port configuration. However, making any change to the proxy_port value in /etc/rhsm/rhsm.conf requires an selinux policy change. To avoid selinux denials when changing the default proxy_port, run this command for the benefit of the rhsmcertd daemon process:
semanage port -a -t squid_port_t -p tcp <new_proxy_port>
(BZ#1576423)
New package: sos-collector
sos-collector is a utility that gathers sosreports from multi-node environments. sos-collector facilitates data collection for support cases and it can be run from either a node or from an administrator's local workstation that has network access to the environment. (BZ#1481861)
