Chapter 2. November 2024
2.1. Product-wide updates
2.1.1. Basic Authorization reaches End-Of-Life
Red Hat is implementing a crucial security enhancement on our cloud service APIs on console.redhat.com. Beginning December 31, 2024, we will discontinue support for basic authorization as a route of connecting to our services' APIs. This includes the Insights client basic authorization option, which is described as follows:
Insights client
Basic authentication is not the default authentication mechanism but has been an option for a select set of workflows. If your hosts are using Basic authentication, ensure you switch to certificate authentication instead. This is necessary for those hosts to continue to connect to Insights.
Hybrid Cloud Console APIs
The Red Hat Hybrid Cloud Console is integrating service accounts with User Access functionality, to support you in transitioning from Basic authentication to token-based authentication. This will provide you with granular control over access permissions and enhance security. See the following article for more details:
2.1.2. Published blogs and resources
- Video: OpenShift incident detection by John Spinks (November 5, 2024)
- Article: Ability to export a list of registered inventory systems (November 26, 2024)
- Blog: Red Hat OpenShift Incident Detection uses analytics to help you quickly detect issues by McKibbin Brady (November 12, 2024)
- Updated cheat sheet: Red Hat Insights API Cheat Sheet by Jerome Marc (November 26, 2024)
2.2. Red Hat Insights for Red Hat Enterprise Linux
2.3. General
We are proud to announce the Insights proxy service. Insights proxy is a lightweight intermediary solution, designed to simplify connectivity between your environment and Insights services. This solution offers you enhanced security, seamless integration, and improved performance. It accomplishes this by managing data traffic between your systems and Red Hat services. It is ideal in high-security environments because it eliminates the need for a direct Internet connection and exerts control over data transfers. See the following for more details:
2.4. Advisor
New recommendations
The Insights advisor service now detects and recommends solutions for the following issues:
- System reboot fails after the leapp upgrade due to a regression bug in leapp
- Filesystems cannot be auto mounted during booting when the mount point is a symbolic link in the /etc/fstab
- The PostgresSQL database performance is not optimal because the best practices are not applied
- The filesystem type that is not supported by SAP is being used for the running SAP HANA
- Kernel panic will occur on edge computing systems after reboot when closing a removed sg device due to a known bug in the default kernel
- PCP service fails to start on edge computing systems because the pcp package is corrupted
- Setting the LD_LIBRARY_PATH variable in the global environment files is not recommended
- LVM is malfunctioning on edge computing systems because the lvm2 package is corrupted
- The leapp upgrade fails when the /var/log/ directory is a symbolic link
2.5. Compliance
API version 2 is now live
A refresh of the compliance API version 2 is now available. The refresh includes the following enhancements:
- Adding one or more systems to an existing policy using the Insights client command line interface (CLI)
- Creating multiple policy types for the same major RHEL version
2.6. Image Builder
Support for RHEL 10 public beta
Image Builder can now build images of RHEL 10, public beta for testing and evaluation. This includes support for physical, all hybrid cloud image types, and Microsoft Windows Subsystem for Linux (WSL) images.
Support for generation 2 Azure images
Image Builder has added support for Azure’s generation 2 image types. A hybrid boot loader approach accommodates both generation 1 and 2. When importing the image into Azure, you are able to choose which version. This is an important decision since generation version is immutable.
Azure generation 2 images feature increased memory, OS disks > 2 tebibyte (TiB), and virtualized persistent memory (vPMEM). The images create a Unified Extensible Firmware Interface (UEFI) boot loader compatible with Azure’s Secure Boot and Trusted Platform Module (TPM) implementations. To learn more about Azure’s generation 2 images, see the following:
Incorporation of compliance’s tailored policies
Image Builder can now incorporate tailored security policies generated by the compliance service. This allows you to create your own custom security compliance requirements. The integration of Image Builder and compliance helps you to configure, deploy, and report on regulatory compliance requirements with minimal friction. You can use this feature by enabling preview mode.
2.7. Inventory
Service account authentication for Ansible inventory plugin
The latest Insights collection is now included in the execution environment container images, for Ansible Automation Platform (AAP) (e.g. the default ansible-automation-platform-25/ee-supported-rhel8 in AAP 2.5). This update enhances your service accounts with support for token-based authentication. Pull the latest image in your current AAP environment to start using this feature. See the following for more details:
Red Hat Hybrid Cloud Console APIs are transitioning from Basic authentication to token-based authentication using service accounts. See the following for more details:
2.8. Insights for OpenShift Container Platform
2.8.1. Advisor
Rapid recommendations
Rapid recommendations is an enhancement for the conditional gathering functionality. It enables the Insights operator to be dynamically updated with data collection specifications. This enables us to quickly deliver new recommendations without updating the operator or cluster version.
2.8.2. Cost Management
Cost analysis of OpenShift Virtualization
We are releasing this feature as a preview that includes the cost of CPU and memory. Cost Management now calculates the cost of your virtual machines running on OpenShift Virtualization. Cost data is displayed for the following:
- All virtual machines
- All operating systems (including third-party)
- All environments (OpenShift on-premise, ROSA, and so on).
Additionally, a new virtualization tab has been added to the OpenShift cluster, node and project views. Storage costs will be calculated in the near future.