Red Hat Update Infrastructure for on-demand Red Hat Enterprise Linux VMs in Azure

Applies to: ✔️ Linux VMs

Red Hat Update Infrastructure (RHUI) allows cloud providers, such as Azure, to mirror Red Hat-hosted repository content, create custom repositories with Azure-specific content, and make it available to end-user VMs.

Red Hat Enterprise Linux (RHEL) Pay-As-You-Go (PAYG) images come preconfigured to access Azure RHUI. No additional configuration is needed. To get the latest updates, run sudo yum update after your RHEL instance is ready. This service is included as part of the RHEL PAYG software fees.

Additional information on RHEL images in Azure, including publishing and retention policies, is available Overview of Red Hat Enterprise Linux images in Azure.

Information on Red Hat support policies for all versions of RHEL can be found on the Red Hat Enterprise Linux Life Cycle page.

Important

RHUI is intended only for pay-as-you-go (PAYG) images. For custom and golden images, also known as bring-your-own-subscription (BYOS), the system needs to be attached to RHSM or Satellite in order to receive updates. See Red Hat article for more details.

Important information about Azure RHUI

  • Azure RHUI is the update infrastructure that supports all RHEL PAYG VMs created in Azure. This does not preclude you from registering your PAYG RHEL VMs with Subscription Manager or Satellite or other source of updates, but doing so with a PAYG VM will result in indirect double-billing. See the following point for details.

  • Access to the Azure-hosted RHUI is included in the RHEL PAYG image price. If you unregister a PAYG RHEL VM from the Azure-hosted RHUI that does not convert the virtual machine into a bring-your-own-license (BYOL) type of VM. If you register the same VM with another source of updates, you might incur indirect double charges. You're charged the first time for the Azure RHEL software fee. You're charged the second time for Red Hat subscriptions that were purchased previously. If you consistently need to use an update infrastructure other than Azure-hosted RHUI, consider registering to use the RHEL BYOS images.

  • RHEL SAP PAYG images in Azure (RHEL for SAP, RHEL for SAP HANA, and RHEL for SAP Business Applications) are connected to dedicated RHUI channels that remain on the specific RHEL minor version as required for SAP certification.

  • Access to Azure-hosted RHUI is limited to the VMs within the Azure datacenter IP ranges. If you're proxying all VM traffic via an on-premises network infrastructure, you might need to set up user-defined routes for the RHEL PAYG VMs to access the Azure RHUI. If that is the case, user-defined routes will need to be added for all RHUI IP addresses.

Image update behavior

As of April 2019, Azure offers RHEL images that are connected to Extended Update Support (EUS) repositories by default and RHEL images that come connected to the regular (non-EUS) repositories by default. More details on RHEL EUS are available in Red Hat's version lifecycle documentation and EUS documentation. The default behavior of sudo yum update will vary depending which RHEL image you provisioned from, as different images are connected to different repositories.

For a full image list, run az vm image list --offer RHEL --all -p RedHat --output table using the Azure CLI.

Images connected to non-EUS repositories

If you provision a VM from a RHEL image that is connected to non-EUS repositories, you will be upgraded to the latest RHEL minor version when you run sudo yum update. For example, if you provision a VM from an RHEL 7.4 PAYG image and run sudo yum update, you end up with an RHEL 7.8 VM (the latest minor version in the RHEL7 family).

Images that are connected to non-EUS repositories will not contain a minor version number in the SKU. The SKU is the third element in the URN (full name of the image). For example, all of the following images come attached to non-EUS repositories:

RedHat:RHEL:7-LVM:7.9.2023032012
RedHat:RHEL:8-LVM:8.7.2023022813
RedHat:RHEL:9-lvm:9.1.2022112101
RedHat:rhel-raw:7-raw:7.9.2022040605
RedHat:rhel-raw:8-raw:8.6.2022052413
RedHat:rhel-raw:9-raw:9.1.2022112101

Note that the SKUs are either X-LVM or X-RAW. The minor version is indicated in the version (fourth element in the URN) of these images.

Images connected to EUS repositories

If you provision a VM from a RHEL image that is connected to EUS repositories, you will not be upgraded to the latest RHEL minor version when you run sudo yum update. This is because the images connected to EUS repositories are also version-locked to their specific minor version.

Images connected to EUS repositories will contain a minor version number in the SKU. For example, all of the following images come attached to EUS repositories:

RedHat:RHEL:7_9:7.9.20230301107
RedHat:RHEL:8_7:8.7.2023022801
RedHat:RHEL:9_1:9.1.2022112113 

RHEL EUS and version-locking RHEL VMs

Extended Update Support (EUS) repositories are available to customers who may want to lock their RHEL VMs to a certain RHEL minor release after provisioning the VM. You can version-lock your RHEL VM to a specific minor version by updating the repositories to point to the Extended Update Support repositories. You can also undo the EUS version-locking operation.

Note

EUS is not supported on RHEL Extras. This means that if you are installing a package that is usually available from the RHEL Extras channel, you will not be able to do so while on EUS. The Red Hat Extras Product Life Cycle is detailed on the Red Hat Enterprise Linux Extras Product Life Cycle - Red Hat Customer Portal page.

At the time of this writing, EUS support has ended for RHEL <= 7.4. See the "Red Hat Enterprise Linux Extended Maintenance" section in the Red Hat documentation for more details.

  • RHEL 7.4 EUS support ends August 31, 2019
  • RHEL 7.5 EUS support ends April 30, 2020
  • RHEL 7.6 EUS support ends May 31, 2021
  • RHEL 7.7 EUS support ends August 30, 2021
  • RHEL 8.4 EUS support ends May 31, 2023
  • RHEL 8.6 EUS support ends May 31, 2024
  • RHEL 9.0 EUS support ends May 31, 2024

Switch a RHEL VM 7.x to EUS (version-lock to a specific minor version)

Use the following instructions to lock a RHEL 7.x VM to a particular minor release (run as root):

Note

This only applies for RHEL 7.x versions for which EUS is available. At the time of this writing, this includes RHEL 7.2-7.7. More details are available at the Red Hat Enterprise Linux Life Cycle page.

  1. Disable non-EUS repos:

    sudo yum --disablerepo='*' remove 'rhui-azure-rhel7'
    
  2. Add EUS repos:

    sudo yum --config='https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel7-eus.config' install 'rhui-azure-rhel7-eus'
    
  3. Lock the releasever variable (run as root):

    sudo echo $(. /etc/os-release && echo $VERSION_ID) > /etc/yum/vars/releasever
    

    Note

    The above instruction will lock the RHEL minor release to the current minor release. Enter a specific minor release if you are looking to upgrade and lock to a later minor release that is not the latest. For example, echo 7.5 > /etc/yum/vars/releasever will lock your RHEL version to RHEL 7.5.

  4. Update your RHEL VM

    sudo yum update
    

Switch a RHEL VM 8.x to EUS (version-lock to a specific minor version)

Use the following instructions to lock a RHEL 8.x VM to a particular minor release (run as root):

Note

This only applies for RHEL 8.x versions for which EUS is available. At the time of this writing, this includes RHEL 8.1-8.2. More details are available at the Red Hat Enterprise Linux Life Cycle page.

  1. Disable non-EUS repos:

    sudo yum --disablerepo='*' remove 'rhui-azure-rhel8'
    
  2. Get the EUS repos config file:

    sudo wget https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel8-eus.config
    
  3. Add EUS repos:

    sudo yum --config=rhui-microsoft-azure-rhel8-eus.config install rhui-azure-rhel8-eus
    
  4. Lock the releasever variable (run as root):

    sudo echo $(. /etc/os-release && echo $VERSION_ID) > /etc/yum/vars/releasever
    

    Note

    The above instruction will lock the RHEL minor release to the current minor release. Enter a specific minor release if you are looking to upgrade and lock to a later minor release that is not the latest. For example, echo 8.1 > /etc/yum/vars/releasever will lock your RHEL version to RHEL 8.1.

    Note

    If there are permission issues to access the releasever, you can edit the file using your favorite editor and add the image version details and save it.

  5. Update your RHEL VM

    sudo yum update
    

Switch a RHEL 7.x VM back to non-EUS (remove a version lock)

Run the following as root:

  1. Remove the releasever file:

    sudo rm /etc/yum/vars/releasever
    
  2. Disable EUS repos:

    sudo yum --disablerepo='*' remove 'rhui-azure-rhel7-eus'
    
  3. Configure RHEL VM

    sudo yum --config='https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel7.config' install 'rhui-azure-rhel7'
    
  4. Update your RHEL VM

    sudo yum update
    

Switch a RHEL 8.x VM back to non-EUS (remove a version lock)

Run the following as root:

  1. Remove the releasever file:

    sudo rm /etc/yum/vars/releasever
    
  2. Disable EUS repos:

    sudo yum --disablerepo='*' remove 'rhui-azure-rhel8-eus'
    
  3. Get the regular repos config file:

    sudo wget https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel8.config
    
  4. Add non-EUS repos:

    sudo yum --config=rhui-microsoft-azure-rhel8.config install rhui-azure-rhel8
    
  5. Update your RHEL VM

    sudo yum update
    

The IPs for the RHUI content delivery servers

RHUI is available in all regions where RHEL on-demand images are available. It currently includes all public regions listed on the Azure status dashboard page, Azure US Government, and Microsoft Azure Germany regions.

If you're using a network configuration to further restrict access from RHEL PAYG VMs, make sure the following IPs are allowed for yum update to work depending on the environment you're in:

# Azure Global
RHUI 3 
13.91.47.76
40.85.190.91
52.187.75.218
52.174.163.213
52.237.203.198

RHUI 4
westeurope - 52.136.197.163
southcentralus - 20.225.226.182
eastus - 52.142.4.99
australiaeast - 20.248.180.252
southeastasia - 20.24.186.80

# Azure US Government (To be deprecated after 10th April 2023. For RHUI 4 connections, use public RHUI IPs as provided above) 
13.72.186.193
13.72.14.155
52.244.249.194

Note

The new Azure US Government images,as of January 2020, will be using Public IP mentioned under Azure Global header above.

Note

Also, note that Azure Germany is deprecated in favor of public Germany regions. Recommendation for Azure Germany customers is to start pointing to public RHUI using the steps on the Red Hat Update Infrastructure page.

Azure RHUI Infrastructure

Update expired RHUI client certificate on a VM

If you experience RHUI certificate issues from your Azure RHEL PAYG VM, reference the Troubleshooting guidance for RHUI certificate issues in Azure.

Troubleshoot connection problems to Azure RHUI

If you experience problems connecting to Azure RHUI from your Azure RHEL PAYG VM, follow these steps:

  1. Inspect the VM configuration for the Azure RHUI endpoint:

    1. Check if the /etc/yum.repos.d/rh-cloud.repo file contains a reference to rhui-[1-3].microsoft.com in the baseurl of the [rhui-microsoft-azure-rhel*] section of the file. If it does, you're using the new Azure RHUI.

    2. If it points to a location with the following pattern, mirrorlist.*cds[1-4].cloudapp.net, a configuration update is required. You're using the old VM snapshot, and you need to update it to point to the new Azure RHUI.

  2. Access to Azure-hosted RHUI is limited to VMs within the Azure datacenter IP ranges.

  3. If you're using the new configuration, have verified that the VM connects from the Azure IP range, and still can't connect to Azure RHUI, file a support case with Microsoft or Red Hat.

Infrastructure update

In September 2016, we deployed an updated Azure RHUI. In April 2017, we shut down the old Azure RHUI. If you have been using the RHEL PAYG images (or their snapshots) from September 2016 or later, you're automatically connecting to the new Azure RHUI. If, however, you have older snapshots on your VMs, you need to manually update their configuration to access the Azure RHUI as described in a following section.

The new Azure RHUI servers are deployed with Azure Traffic Manager. In Traffic Manager, a single endpoint (rhui-1.microsoft.com) can be used by any VM, regardless of region.

Manual update procedure to use the Azure RHUI servers

This procedure is provided for reference only. RHEL PAYG images already have the correct configuration to connect to Azure RHUI. To manually update the configuration to use the Azure RHUI servers, complete the following steps:

  • For RHEL 6:

    sudo yum --config='https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel6.config' install 'rhui-azure-rhel6'
    
  • For RHEL 7:

    sudo yum --config='https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel7.config' install 'rhui-azure-rhel7'
    
  • For RHEL 8:

    1. Create a config file:
      cat <<EOF > rhel8.config
      [rhui-microsoft-azure-rhel8]
      name=Microsoft Azure RPMs for Red Hat Enterprise Linux 8
      baseurl=https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel8 https://rhui-2.microsoft.com/pulp/repos/microsoft-azure-rhel8 https://rhui-3.microsoft.com/pulp/repos/microsoft-azure-rhel8
      enabled=1
      gpgcheck=1
      gpgkey=https://rhelimage.blob.core.windows.net/repositories/RPM-GPG-KEY-microsoft-azure-release sslverify=1
      EOF
      
    2. Save the file and run the following command:
      sudo dnf --config rhel8.config install 'rhui-azure-rhel8'
      
    3. Update your VM
      sudo dnf update
      

Next steps