LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Enterprise (https://www.linuxquestions.org/questions/linux-enterprise-47/)
-   -   RHEL 7 OS/Security Patching (https://www.linuxquestions.org/questions/linux-enterprise-47/rhel-7-os-security-patching-4175677619/)

shlammed 06-25-2020 12:56 PM
RHEL 7 OS/Security Patching
 
Hi folks,

Trying to wrap my head around patching in Red Hat. Can anyone validate that my understanding here is correct?

Let's take RHEL 7.5 as an example. My options are:

1) Stay at 7.5 and patching nothing as EUS expired in April 2020
2) Patch to the latest version (7.8)

Now, if for some reason I need to stay at 7.5 due to app stack certification, I believe I would be SOL at this point, correct?

In other words, I see this "Maintenance 2" phase on Red Hat's site which runs up until 2024, but am I correct to say that this maintenance phase ONLY applies to the last version of RHEL 7 (assuming 7.9)?

Thanks

shruggy 06-25-2020 01:07 PM
Quote:
Originally Posted by shlammed (Post 6137896)
am I correct to say that this maintenance phase ONLY applies to the last version of RHEL 7 (assuming 7.9)?
Seems so.
Quote:
EUS repository Deactivation
For a given RHEL minor release EUS repository (for example RHEL 8.1), like all EUS repositories, will be retired 24 months after it is created and becomes available via Red Hat Subscription Manager. When an EUS repository reaches retirement, no new errata are released to the repositories. However, all previously released errata remain available to customers with an active subscription. It is imperative to migrate to a later EUS release to continue receiving errata updates like security and bug-fix errata.
You should patch to the latest available minor release whenever possible.

shlammed 06-25-2020 02:53 PM
Quote:
Originally Posted by shruggy (Post 6137898)
Seems so.


You should patch to the latest available minor release whenever possible.
100%, just regarding those odd cases where an app may not be certified beyond a specific version.

I guess once EUS is expired, you don't have much of an option from the OS level.

pan64 06-25-2020 03:06 PM
Quote:
Originally Posted by shlammed (Post 6137926)
100%, just regarding those odd cases where an app may not be certified beyond a specific version.
That is an interesting question. Theoretical there should be no reason to avoid updating. The releases of RHEL 7.x series are strictly compatible with each other.

shruggy 06-25-2020 03:38 PM
Theoretically, yes. But practically... the link I provided above states this:
Quote:
What Customer Use Cases Benefit from Using EUS?
  • Customers who have a policy of re-certifying application stacks when they move to new minor releases of Red Hat Enterprise Linux
  • Customers who have sensitive workloads that require minimal change
  • Customers using third party applications from ISVs who certify on specific Red Hat Enterprise Linux minor releases
And the Wikipedia article on RHEL gives some examples:
Quote:
EUS allows the organization / company to stay on a minor version if required by a third party application which is only tested with a particular minor version of RHEL, such as Oracle Database, IBM DB2, IBM Cloud Orchestrator, hortonworks.

pan64 06-26-2020 02:04 AM
practically impossible to reach the 100 % [coompatibility]. Yes, I know. But again, if there was no real reason to keep you need to update. That was what you told in post #2.


All times are GMT -5. The time now is 09:38 AM.