Red Hat Update Infrastructure for on-demand Red Hat Enterprise Linux VMs in Azure
Applies to: ✔️ Linux VMs
Red Hat Update Infrastructure (RHUI) allows cloud providers, such as Azure, to:
- Mirror Red Hat-hosted repository content
- Create custom repositories with Azure-specific content
- Make the content available to end-user VMs
Red Hat Enterprise Linux (RHEL) Pay-As-You-Go (PAYG) images come preconfigured to access Azure RHUI. No other configuration is needed. To get the latest updates, run sudo yum update
after your RHEL instance is ready. This service is included as part of the RHEL PAYG software fees. For more information on RHEL images in Azure, including publishing and retention policies, see Overview of Red Hat Enterprise Linux images in Azure.
For more information on Red Hat support policies for all versions of RHEL, see Red Hat Enterprise Linux Life Cycle.
Important
RHUI is intended only for pay-as-you-go (PAYG) images. For golden images, also known as bring your own subscription (BYOS), the system needs to be attached to RHSM or Satellite in order to receive updates. For more information, see How to register and subscribe a RHEL system.
Important information about Azure RHUI
Azure RHUI is the update infrastructure that supports all RHEL PAYG VMs created in Azure. This infrastructure doesn't prevent you from registering your PAYG RHEL VMs with Subscription Manager, Satellite, or another source of updates. Registering with a different source with a PAYG VM results in indirect double-billing. See the following point for details.
Access to the Azure-hosted RHUI is included in the RHEL PAYG image price. Unregistering a PAYG RHEL VM from the Azure-hosted RHUI doesn't convert the virtual machine into a BYOL type of VM. If you register the same VM with another source of updates, you might incur indirect double charges. You're charged the first time for the Azure RHEL software fee. You're charged the second time for Red Hat subscriptions that were purchased previously. If you consistently need to use an update infrastructure other than Azure-hosted RHUI, consider registering to use RHEL BYOS images.
RHEL SAP PAYG images in Azure are connected to dedicated RHUI channels that remain on the specific RHEL minor version as required for SAP certification. RHEL SAP PAYG images in Azure include RHEL for SAP, RHEL for SAP HANA, and RHEL for SAP Business Applications.
Access to Azure-hosted RHUI is limited to the VMs within the Azure datacenter IP ranges. If you proxy all VM traffic by using an on-premises network infrastructure, you might need to set up user-defined routes for the RHEL PAYG VMs to access the Azure RHUI. If that is the case, user-defined routes need to be added for all RHUI IP addresses.
Image update behavior
The Red Hat images provided in Azure Marketplace are connected by default to one of two different types of life-cycle repositories:
- Non-EUS: Will have the latest available software published by Red Hat for their particular Red Hat Enterprise Linux (RHEL) repositories.
- Extended Update Support (EUS): Updates won't go beyond a specific RHEL minor release.
Note
For more information on RHEL EUS, see Red Hat Enterprise Linux Life Cycle and Red Hat Enterprise Linux Extended Update Support Overview.
The packages contained in the Red Hat Update Infrastructure repositories are published and maintained exclusively by Red Hat, extra packages to support custom Azure services, are published in independent repositories maintained by Microsoft.
For a full image list, run az vm image list --offer RHEL --all -p RedHat --output table
using the Azure CLI.
Images connected to non-EUS repositories
RHEL VM images connected to non-EUS repositories, it will upgrade to the latest RHEL minor version when you run sudo yum update
. For example, if you provision a VM from a RHEL 8.4 PAYG image and run sudo yum update
, you end up with a RHEL 8.9 VM, the latest minor version in the RHEL8 family.
Images that are connected to non-EUS repositories don't contain a minor version number in the SKU. The SKU is the third element in the image name. For example, all of the following images come attached to non-EUS repositories:
RedHat:RHEL:7-LVM:7.9.2023032012
RedHat:RHEL:8-LVM:8.7.2023022813
RedHat:RHEL:9-lvm:9.1.2022112101
RedHat:rhel-raw:7-raw:7.9.2022040605
RedHat:rhel-raw:8-raw:8.6.2022052413
RedHat:rhel-raw:9-raw:9.1.2022112101
The SKUs are either X-LVM or X-RAW. The minor version is indicated in the version of these images, which is the fourth element in the name.
Images connected to EUS repositories
If you provision a VM from a RHEL image that is connected to EUS repositories, it isn't upgraded to the latest RHEL minor version when you run sudo yum update
. This situation happens because the images connected to EUS repositories are also version-locked to their specific minor version.
Images connected to EUS repositories contain a minor version number in the SKU. For example, all of the following images come attached to EUS repositories:
RedHat:RHEL:7.7:7.7.2022051301
RedHat:RHEL:8_4:latest
RedHat:RHEL:9_0:9.0.2023061412
Note
Not all minor versions are valid EUS stops, for example, for RHEL8 only 8.1, 8.2, 8.4, 8.6 and 8.8 are valid EUS releases, while 8.3, 8.5 and 8.7 are not.
RHEL EUS and version-locking RHEL VMs
Extended Update Support (EUS) repositories are available to customers who might want to lock their RHEL VMs to a certain RHEL minor release after provisioning the VM. You can version-lock your RHEL VM to a specific minor version by updating the repositories to point to the Extended Update Support repositories. You can also undo the EUS version-locking operation.
Note
EUS is not supported on RHEL Extras. This means that if you install a package that is usually available from the RHEL Extras channel, you can't install while on EUS. For more information, see Red Hat Enterprise Linux Extras Product Life Cycle.
Support for EUS RHEL7 ended in June 30, 2028. For more information, see Red Hat Enterprise Linux Extended Maintenance.
- RHEL 7.4 EUS support ended August 31, 2019
- RHEL 7.5 EUS support ended April 30, 2020
- RHEL 7.6 EUS support ended May 31, 2021
- RHEL 7.7 EUS support ended August 30, 2021
- RHEL 7.9 EUS support ended June 30, 2028
- RHEL 8.4 EUS support ended May 31, 2023
- RHEL 8.6 EUS support ends May 31, 2024
- RHEL 9.0 EUS support ends May 31, 2024
Switch a RHEL Server to EUS Repositories.
- Switching to EUS repositories on RHEL7
- Switching to EUS repositories on RHEL8
- Switching to EUS repositories on RHEL9
Note
Support for RHEL7 EUS ended in June 30, 2028. It is not recommended to switch to EUS repositories in RHEL7 anymore.
Switch a RHEL Server to non-EUS Repositories.
- Switching to non-EUS repositories on RHEL7
- Switching to non-EUS repositories on RHEL8
- Switching to non-EUS repositories on RHEL9
To remove the version lock, use the following commands. Run the commands as root
.
Remove the
releasever
file.sudo rm /etc/yum/vars/releasever
Disable EUS repositories.
sudo yum --disablerepo='*' remove 'rhui-azure-rhel7-eus'
Add non-EUS repository.
sudo yum --config=https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel7.config install rhui-azure-rhel7
Update your RHEL VM.
sudo yum update
The IPs for the RHUI content delivery servers
RHUI is available in all regions where RHEL on-demand images are available. Availability currently includes all public regions listed in the Azure status dashboard, Azure US Government, and Microsoft Azure Germany regions.
If you're using a network configuration (custom Firewall or UDR configurations) to further restrict https
access from RHEL PAYG VMs, make sure the following IPs are allowed for yum update
to work depending on your environment:
# Azure Global
RHUI 3
West US - 13.91.47.76
East Us - 40.85.190.91
South East Asia - 52.187.75.218
West Europe - 52.174.163.213
Austraila East - 52.237.203.198
RHUI 4
West Europe - 52.136.197.163
South Central US - 20.225.226.182
East US - 52.142.4.99
Australia East - 20.248.180.252
Southeast Asia - 20.24.186.80
# Azure US Government.
# To be deprecated after 10th April 2023.
# Newer RHEL images are already redirected to Public region for updates. If you have already added below IPs to your UDR/firewall, you are not required to remove these IPs until next update on this doc.
# For RHUI 4 connections, use public RHUI IPs as provided above.
13.72.186.193
13.72.14.155
52.244.249.194
Note
As of October 12, 2023, all pay-as-you-go (PAYG) clients will be directed to the Red Hat Update Infrastructure (RHUI) 4 IPs in phase over the next two months. During this time, the RHUI3 IPs will remain for continued updates but will be removed at a future time. Existing routes and rules allowing access to RHUI3 IPs must be updated to also include RHUI4 IP addresses for uninterrupted access to packages and updates. Do not remove RHUI3 IPs to continue receiving updates during the transition period.
Also, the new Azure US Government images, as of January 2020, uses Public IP mentioned previously under the Azure Global header.
Also, Azure Germany is deprecated in favor of public Germany regions. We recommend for Azure Germany customers to start pointing to public RHUI by using the steps in Manual update procedure to use the Azure RHUI servers.
Azure RHUI Infrastructure
Update expired RHUI client certificate on a VM
If you experience RHUI certificate issues from your Azure RHEL PAYG VM, see Troubleshoot RHUI certificate issues in Azure.
Troubleshoot connection problems to Azure RHUI
If you experience problems connecting to Azure RHUI from your Azure RHEL PAYG VM, follow these steps:
Inspect the VM configuration for the Azure RHUI endpoint:
Check whether the
/etc/yum.repos.d/rh-cloud.repo
file contains a reference torhui-[1-4].microsoft.com
in thebaseurl
of the[rhui-microsoft-azure-rhel*]
section of the file. If it does, you're using the new Azure RHUI.If the reference points to a location with the following pattern,
mirrorlist.*cds[1-4].cloudapp.net
, a configuration update is required. You're using the old VM snapshot, and you need to update it to point to the new Azure RHUI.
Verify that access to Azure-hosted RHUI is limited to VMs within the Azure datacenter IP ranges.
If you're using the new configuration and you've verified that the VM connects from the Azure IP range, and you still can't connect to Azure RHUI, file a support case with Microsoft or Red Hat.
Infrastructure update
In September 2016, Azure deployed an updated Azure RHUI. In April 2017, the old Azure RHUI was shut down. If you have been using the RHEL PAYG images or their snapshots from September 2016 or later, you're automatically connecting to the new Azure RHUI. If, however, you have older snapshots on your VMs, you need to manually update their configuration to access the Azure RHUI as described in a following section.
The new Azure RHUI servers are deployed with Azure Traffic Manager. In Traffic Manager, any VM can use a single endpoint, rhui-1.microsoft.com and rhui4-1.microsoft.com, regardless of region.
Manual update procedure to use the Azure RHUI servers
This procedure is provided for reference only. RHEL PAYG images already have the correct configuration to connect to Azure RHUI. To manually update the configuration to use the Azure RHUI servers, complete the following steps:
For RHEL 6:
sudo yum --config='https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel6.config' install 'rhui-azure-rhel6'
For RHEL 7:
sudo yum --config='https://rhelimage.blob.core.windows.net/repositories/rhui-microsoft-azure-rhel7.config' install 'rhui-azure-rhel7'
For RHEL 8:
Create a
config
file by using this command or a text editor:cat <<EOF > rhel8.config [rhui-microsoft-azure-rhel8] name=Microsoft Azure RPMs for Red Hat Enterprise Linux 8 baseurl=https://rhui-1.microsoft.com/pulp/repos/microsoft-azure-rhel8 https://rhui-2.microsoft.com/pulp/repos/microsoft-azure-rhel8 https://rhui-3.microsoft.com/pulp/repos/microsoft-azure-rhel8 enabled=1 gpgcheck=1 gpgkey=https://rhelimage.blob.core.windows.net/repositories/RPM-GPG-KEY-microsoft-azure-release sslverify=1 EOF
Run the following command.
sudo dnf --config rhel8.config install 'rhui-azure-rhel8'
Update your VM.
sudo dnf update
Next steps
- To create a Red Hat Enterprise Linux VM from an Azure Marketplace PAYG image and to use Azure-hosted RHUI, go to the Azure Marketplace.
- To learn more about the Red Hat images in Azure, see Overview of Red Hat Enterprise Linux images.
- Information on Red Hat support policies for all versions of RHEL can be found at Red Hat Enterprise Linux Life Cycle.