Red Hat Update Infrastructure for on-demand Red Hat Enterprise Linux VMs in Azure
Red Hat Update Infrastructure (RHUI) allows cloud providers, such as Azure, to mirror Red Hat-hosted repository content, create custom repositories with Azure-specific content, and make it available to end-user VMs.
Red Hat Enterprise Linux (RHEL) Pay-As-You-Go (PAYG) images come preconfigured to access Azure RHUI. No additional configuration is needed. To get the latest updates, run
sudo yum update after your RHEL instance is ready. This service is included as part of the RHEL PAYG software fees.
Additional information on RHEL images in Azure, including publishing and retention policies, is available here.
Information on Red Hat support policies for all versions of RHEL can be found on the Red Hat Enterprise Linux Life Cycle page.
Important information about Azure RHUI
Azure RHUI is the update infrastructure that supports all RHEL PAYG VMs created in Azure. This does not preclude you from registering your PAYG RHEL VMs with Subscription Manager or Satellite or other source of updates, but doing so with a PAYG VM will result in indirect double-billing. See the following point for details.
Access to the Azure-hosted RHUI is included in the RHEL PAYG image price. If you unregister a PAYG RHEL VM from the Azure-hosted RHUI that does not convert the virtual machine into a bring-your-own-license (BYOL) type of VM. If you register the same VM with another source of updates, you might incur indirect double charges. You're charged the first time for the Azure RHEL software fee. You're charged the second time for Red Hat subscriptions that were purchased previously. If you consistently need to use an update infrastructure other than Azure-hosted RHUI, consider registering to use the RHEL BYOS images.
RHEL SAP PAYG images in Azure (RHEL for SAP, RHEL for SAP HANA, and RHEL for SAP Business Applications) are connected to dedicated RHUI channels that remain on the specific RHEL minor version as required for SAP certification.
Access to Azure-hosted RHUI is limited to the VMs within the Azure datacenter IP ranges. If you're proxying all VM traffic via an on-premises network infrastructure, you might need to set up user-defined routes for the RHEL PAYG VMs to access the Azure RHUI. If that is the case, user-defined routes will need to be added for all RHUI IP addresses.
Image update behavior
As of April 2019, Azure offers RHEL images that are connected to Extended Update Support (EUS) repositories by default and RHEL images that come connected to the regular (non-EUS) repositories by default. More details on RHEL EUS are available in Red Hat's version lifecycle documentation and EUS documentation. The default behavior of
sudo yum update will vary depending which RHEL image you provisioned from, as different images are connected to different repositories.
For a full image list, run
az vm image list --publisher redhat --all using the Azure CLI.
Images connected to non-EUS repositories
If you provision a VM from a RHEL image that is connected to non-EUS repositories, you will be upgraded to the latest RHEL minor version when you run
sudo yum update. For example, if you provision a VM from an RHEL 7.4 PAYG image and run
sudo yum update, you end up with an RHEL 7.7 VM (the latest minor version in the RHEL7 family).
Images that are connected to non-EUS repositories will not contain a minor version number in the SKU. The SKU is the third element in the URN (full name of the image). For example, all of the following images come attached to non-EUS repositories:
RedHat:RHEL:7-LVM:7.4.2018010506 RedHat:RHEL:7-LVM:7.5.2018081518 RedHat:RHEL:7-LVM:7.6.2019062414 RedHat:RHEL:7-RAW:7.4.2018010506 RedHat:RHEL:7-RAW:7.5.2018081518 RedHat:RHEL:7-RAW:7.6.2019062120
Note that the SKUs are either 7-LVM or 7-RAW. The minor version is indicated in the version (fourth element in the URN) of these images.
Images connected to EUS repositories
If you provision a VM from a RHEL image that is connected to EUS repositories, you will not be upgraded to the latest RHEL minor version when you run
sudo yum update. This is because the images connected to EUS repositories are also version-locked to their specific minor version.
Images connected to EUS repositories will contain a minor version number in the SKU. For example, all of the following images come attached to EUS repositories:
RedHat:RHEL:7.4:7.4.2019062107 RedHat:RHEL:7.5:7.5.2019062018 RedHat:RHEL:7.6:7.6.2019062116
RHEL EUS and version-locking RHEL VMs
Some customers may want to lock their RHEL VMs to a certain RHEL minor release after provisioning the VM. You can version-lock your RHEL VM to a specific minor version by updating the repositories to point to the Extended Update Support repositories. You can also undo the EUS version-locking operation.
EUS is not supported on RHEL Extras. This means that if you are installing a package that is usually available from the RHEL Extras channel, you will not be able to do so while on EUS. The Red Hat Extras Product Life Cycle is detailed here.
At the time of this writing, EUS support has ended for RHEL <= 7.3. See the "Red Hat Enterprise Linux Longer Support Add-Ons" section in the Red Hat documentation for more details.
- RHEL 7.4 EUS support ends August 31, 2019
- RHEL 7.5 EUS support ends April 30, 2020
- RHEL 7.6 EUS support ends October 31, 2020
- RHEL 7.7 EUS support ends August 30, 2021
Switch a RHEL VM to EUS (version-lock to a specific minor version)
Use the following instructions to lock a RHEL VM to a particular minor release (run as root):
This only applies for RHEL versions for which EUS is available. At the time of this writing, this includes RHEL 7.2-7.7. More details are available at the Red Hat Enterprise Linux Life Cycle page.
Disable non-EUS repos:
yum --disablerepo='*' remove 'rhui-azure-rhel7'
Add EUS repos:
yum --config='https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel7-eus.config' install 'rhui-azure-rhel7-eus'
Lock the releasever variable (run as root):
echo $(. /etc/os-release && echo $VERSION_ID) > /etc/yum/vars/releasever
The above instruction will lock the RHEL minor release to the current minor release. Enter a specific minor release if you are looking to upgrade and lock to a later minor release that is not the latest. For example,
echo 7.5 > /etc/yum/vars/releaseverwill lock your RHEL version to RHEL 7.5
Update your RHEL VM
sudo yum update
Switch a RHEL VM back to non-EUS (remove a version lock)
Run the following as root:
Remove the releasever file:
Disable EUS repos:
yum --disablerepo='*' remove 'rhui-azure-rhel7-eus'
Configure RHEL VM
yum --config='https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel7.config' install 'rhui-azure-rhel7'
Update your RHEL VM
sudo yum update
The IPs for the RHUI content delivery servers
RHUI is available in all regions where RHEL on-demand images are available. It currently includes all public regions listed on the Azure status dashboard page, Azure US Government, and Microsoft Azure Germany regions.
If you're using a network configuration to further restrict access from RHEL PAYG VMs, make sure the following IPs are allowed for
yum update to work depending on the environment you're in:
# Azure Global 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 # Azure US Government 18.104.22.168 22.214.171.124 126.96.36.199 # Azure Germany 188.8.131.52 184.108.40.206
Azure RHUI Infrastructure
Update expired RHUI client certificate on a VM
If you are using an older RHEL VM image, for example, RHEL 7.4 (image URN:
RedHat:RHEL:7.4:7.4.2018010506), you will experience connectivity issues to RHUI due to a now-expired SSL client certificate. The error you see may look like "SSL peer rejected your certificate as expired" or "Error: Cannot retrieve repository metadata (repomd.xml) for repository: ... Please verify its path and try again". To overcome this problem, please update the RHUI client package on the VM using the following command:
sudo yum update -y --disablerepo='*' --enablerepo='*microsoft*'
sudo yum update may also update the client certificate package (depending on your RHEL version), despite "expired SSL certificate" errors you will see for other repositories. If this update is successful, normal connectivity to other RHUI repositories should be restored, so you will be able to run
sudo yum update successfully.
If you run into a 404 error while running a
yum update, try the following to refresh your yum cache:
sudo yum clean all; sudo yum makecache
Troubleshoot connection problems to Azure RHUI
If you experience problems connecting to Azure RHUI from your Azure RHEL PAYG VM, follow these steps:
Inspect the VM configuration for the Azure RHUI endpoint:
Check if the
/etc/yum.repos.d/rh-cloud.repofile contains a reference to
[rhui-microsoft-azure-rhel*]section of the file. If it does, you're using the new Azure RHUI.
If it points to a location with the following pattern,
mirrorlist.*cds[1-4].cloudapp.net, a configuration update is required. You're using the old VM snapshot, and you need to update it to point to the new Azure RHUI.
Access to Azure-hosted RHUI is limited to VMs within the Azure datacenter IP ranges.
If you're using the new configuration, have verified that the VM connects from the Azure IP range, and still can't connect to Azure RHUI, file a support case with Microsoft or Red Hat.
In September 2016, we deployed an updated Azure RHUI. In April 2017, we shut down the old Azure RHUI. If you have been using the RHEL PAYG images (or their snapshots) from September 2016 or later, you're automatically connecting to the new Azure RHUI. If, however, you have older snapshots on your VMs, you need to manually update their configuration to access the Azure RHUI as described in a following section.
The new Azure RHUI servers are deployed with Azure Traffic Manager. In Traffic Manager, a single endpoint (rhui-1.microsoft.com) can be used by any VM, regardless of region.
- To create a Red Hat Enterprise Linux VM from an Azure Marketplace PAYG image and to use Azure-hosted RHUI, go to the Azure Marketplace.
- To learn more about the Red Hat images in Azure, go to the documentation page.
- Information on Red Hat support policies for all versions of RHEL can be found on the Red Hat Enterprise Linux Life Cycle page.