Release Notes
Product notes, new features, and known issues for Red Hat Update Infrastructure
Abstract
Preface
Red Hat Update Infrastructure 5 (RHUI) is a highly scalable, highly redundant framework that enables you to manage repositories and content. It also enables cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances. Based on the upstream Pulp project, RHUI allows cloud providers to locally mirror Red Hat-hosted repository content, create custom repositories with their own content, and make those repositories available to a large group of end users through a load-balanced content delivery system.
Red Hat recommends that you keep RHUI up to date. Only the latest released version is supported. See the list of released advisories on the This content is not included.Red Hat Update Infrastructure product page.
Chapter 1. What’s New
1.1. Red Hat Update Infrastructure 5.2 June 2026
The following enhancements are now available in RHUI 5:
- RHUI administrators can now build and deploy CDS nodes as containers on Kubernetes. This enables elastic scaling of content delivery infrastructure based on load. CDS nodes run as a StatefulSet with persistent storage, ensuring repository data is retained across restarts. Load-balanced routing and health probes (liveness/readiness) are configured for automatic failover and traffic management. For detailed setup and configuration instructions, refer to the Installation and Management Guide.
-
The
rhui-managerCLI now provides an option to exclude the RHUI SSL CA certificate when building client RPMs. When a globally trusted CA-signed certificate is in use thesslcacertentry in the repo file is unnecessary and can cause certificate verification mismatches. Users can now opt in to omit it, allowing clients to rely on the system CA bundle instead. -
Previously, Pulp installations sent anonymous analytics data to the Pulp Project every 24 hours by default. Starting with version 5.2, analytics collection is now disabled by default, ensuring no telemetry data is transmitted without explicit opt-in. The
ANALYTICSsetting is implicitly set toFalse, and analytics-related log entries (pulpcore.app.tasks.analytics:INFO) are no longer present in/var/log/pulp/worker.log. -
A new installer parameter,
resume_migration, has been added to support resuming RHUI migrations that were previously interrupted. When enabled via theanswers.yamlconfiguration file, this option preserves the compressed RHUI installation files in themigration/subdirectory, allowing a migration to be restarted from where it left off and reuse the files. The parameter defaults toFalse, so existing migration behavior is unchanged unless explicitly opted in. - The RHUA container now ships with the rpm-sign package, enabling cloud providers to sign client RPMs directly on the RHUA without additional build-time setup. Previously, although related RPM dependencies (rpm-sign-libs, rpm-libs, rpm-build-libs) were present in the container, the rpm-sign utility itself was not included, requiring users who sign client RPMs on the RHUA to install rpm-sign.
The following bug fixes are now available in RHUI 5:
-
Previously, systemd timers within the Red Hat Update Appliance (RHUA) container could silently fail to execute scheduled tasks—such as repository synchronizations and temporary file cleanups—if the host was shut down or restarted intermittently. Although the systemd timers were configured with persistent values, the timer timestamps were stored on ephemeral storage and lost upon container restart; furthermore, any missed timers that did attempt to trigger at startup often failed because the underlying Pulp stack was not yet fully responsive. This issue has been resolved by persisting timer timestamps across container lifecycles and updating the
pulpcore-apiandpulpcore-contentsystemd unit files with anExecStartPost=directive. This ensures that the Pulp services are only marked active once their bound ports are fully ready to accept connections, allowing missed scheduled tasks to reliably and safely execute immediately upon system startup. When updating RHUI — whether for CVE fixes or minor version upgrades — previously installed RHUA, CDS, and HAProxy container images were retained on disk. Over successive updates, these unused images accumulated and consumed significant storage, potentially exhausting disk space on nodes with smaller volumes. RHUI 5.2 addresses this by cleaning up old, unused container images so that disk space is reclaimed after updates. This applies to all RHUI node types (RHUA, CDS, and HAProxy). Unused images are removed when a new RHUA, CDS, and HAProxy image is installed, and also weekly.
NoteThis cleanup does not apply to older installer images previously pulled on the control node, because this node is independent from the RHUI environment.
-
The logrotate package is now included in the CDS and HAProxy container images. Previously, both containers shipped with logrotate configuration files (
/etc/logrotate.d/nginxand/etc/logrotate.d/haproxy) but did not have the logrotate package installed, meaning log rotation was not running. Over time this could lead to unbounded log growth in the log directories. -
Previously, if PostgreSQL was configured to use a non-default locale (e.g., ja_JP.UTF-8), the service would fail to start because the required locale data was missing from the container, resulting in errors such as
invalid value for parameter "lc_messages". This could affect environments migrated from RHUI 4 that had been using localized PostgreSQL configurations. The glibc-all-langpacks package is now included in the RHUA container image, which resolves this issue.
1.2. Red Hat Update Infrastructure 5.1 March 2026
The following enhancements are now available in RHUI 5:
RHUI has a new CLI capability that validates repository content is actually up to date with the Red Hat CDN, not only that sync has completed. This addresses cases where a RHUI instance reported successful sync but was still serving outdated content (such as missing critical updates). This enhancement includes:
- A CLI command to validate repo freshness against the Red Hat CDN and surface discrepancies when a repo appears synced but lacks the latest updates.
- Validation of kernel version freshness across five kernel versions to make it easier to spot outdated content.
- Detection and reporting of misconfiguration that can lead to outdated content, with a clearer “freshness” measure for diagnostics.
Logging is no longer hardcoded in the CLI. A new
[logging]section allows configuration of:-
max_bytesandbackupCountfor the rotating log file (defaults increased to 3 MB and 6 rotated log files). -
log_level(moved into the logging section). -
cleanup_typeas a strategy for the rotation, which can be based on either the number or the age of the logs max_ageto set how long the logs should be kept when using the age-based cleanup typeThe codebase was updated so log path and filename are read from configuration instead of being hardcoded where applicable (with consideration for tools like the sos rhui plugin that expect a known location). See
/etc/rhui-static/rhui-tools-static.confin the RHUA container for details and default values. To set custom values, edit the/etc/rhui/rhui-tools.conffile.
-
- RHUI now converts the original cron jobs to systemd timers and adds randomized delay so each RHUA does not run tasks at the same clock minute to address potential release spikes on the CDN.
The following bug fixes are now available in RHUI 5:
- Previously older RHUI installations were retaining significantly more on-disk data than newer ones because old repository metadata was not removed. This fix introduces cleanup of obsolete repo metadata so storage growth from unused metadata is reduced.
-
Previously under certain boot conditions, the RHUA or CDS container would fail to start because the NFS mount for
/var/lib/rhui/remote_sharewas not ready when the service started, leading to a dependency failure that generated such error messages as “Failed to mount/var/lib/rhui/remote_share”, or “Dependency failed for RHUI CDS”. The fix ensures the RHUA and CDS containers will start reliably even when the remote share becomes available slightly later after boot. -
Previously migration of a RHUA that had a CDS node and used
auth.jsonfor registry authentication could fail during the “Inject container registry info into instance data” Ansible step with an error about a missingrhua_container_registryattribute on the instance data. This issue has been fixed. - Previously when using the installer with a Podman or RHUI RHUI administrator password that contained characters reserved in YAML, the password was passed directly into the playbook. This led to YAML parsing errors such as “exception occurred during task execution” or “Convert install_params_str to a dictionary”. This release corrects password handling in the installer playbook so special characters no longer cause installer failures.
1.3. Red Hat Update Infrastructure 5.0 November 2025
- RHUI 5 has been completely redesigned to run as containers. This means each part of the system — from syncing content to delivering updates — is packaged into containers. All appliances and the installer are delivered as container images which means that RHUI 5 can be run on RHEL and later versions, Fedora, and other platforms that support podman and can be provisioned via Red Hat Ansible Automation Platform.
- RHUI 5 containers are rootless.
- Migrating to RHUI 5 can be performed in both in-place and hybrid mode. Hybrid mode means that the target RHUI 5 machine could have a different operating system or version.
- RHUI 5 installation can now be cloned
The following issues that were reported in RHUI 4 are resolved in Red Hat Update Infrastructure5:
- The rhui-installer can now manage max-requests values for Gunicorn.
-
Gunicorn logs are now located in
/var/log/pulp. - A cron job has been added to clean up Pulp’s temp files.
-
The rhui-manager now supports
repo stop_syncingandrepo resume_syncingfor pausing and resuming automatic repository synchronization. - RHSM Entitlement certification can now be verified by hash.
The following enhancements are now available in RHUI 5.
- When the content delivery system (CDS) is re-installed, RHUI will automatically check for refreshed certificates.
- RHUI 5 now supports passwordless local connections via Unix sockets.