Unbreakable Linux Network - FAQ

The Latest channel for each Oracle Linux release contains only the set of packages from the most recent release as distributed on the installation media for that release (available on Oracle Software Delivery Cloud) together with all updated packages (errata) following that release. All packages that do not match these criteria are moved to the Archive channel. As such, when a new minor release of Oracle Linux becomes available, the Latest channel is brought up to date with the set of packages that ship on its installation media.

To install a version of a package no longer available in the Latest channel, enable the Archive channel corresponding to your Oracle Linux release and use yum to install the package. For example, for Oracle Linux 7:

• Log in to https://linux.oracle.com with your ULN user name and password.
• On the Systems tab, click the link named for the system in the list of registered machines
• On the System Details page, click Manage Subscriptions
• On the System Summary page, select channels from the list of available or subscribed channels and click the arrows to move the Oracle Linux 7 Archive (x86_64) to the Subscribed Channels list
• Click Save Subscriptions

Oracle is replacing Symantec-branded certificates with Digicert-branded certificates across all of its infrastructure to prevent trust warnings from Chrome and Firefox.

Due to the nature of how Oracle Linux systems connect to Unbreakable Linux Network (ULN), this change requires that client certificates on all Oracle Linux systems receiving updates from ULN be updated. The change in server certificates on ULN will occur on October 9, 2018. After that time, Oracle Linux systems will only be able to connect to ULN with an updated client certificate.

Please make sure to have following or later version of the packages installed on all the systems that are registered directly to ULN before October 9, 2018:

Note: newer Oracle Linux 8, 9 and 10 are not affected by this issue.

Oracle Linux 7

                            rhn-client-tools-2.0.2-21.0.9.el7.noarch.rpm
                            rhn-setup-2.0.2-21.0.9.el7.noarch.rpm
                            rhn-check-2.0.2-21.0.9.el7.noarch.rpm
                            rhn-setup-gnome-2.0.2-21.0.9.el7.noarch.rpm (if the older version of this package is installed)
                        

Oracle Linux 6

                            rhn-setup-1.0.0.1-45.0.3.el6.noarch.rpm
                            rhn-client-tools-1.0.0.1-45.0.3.el6.noarch.rpm
                            rhn-check-1.0.0.1-45.0.3.el6.noarch.rpm
                            rhn-setup-gnome-1.0.0.1-45.0.3.el6.noarch.rpm (if the older version of this package is installed)
                        

Oracle Linux 5

                            x86_64:
                            up2date-5.10.1-41.30.el5.x86_64.rpm
                            up2date-gnome-5.10.1-41.30.el5.x86_64.rpm (if the older version of this package is installed)
                            

                            i386:
                            up2date-5.10.1-41.30.el5.i386.rpm
                            up2date-gnome-5.10.1-41.30.el5.i386.rpm (if the older version of this package is installed)
                            

                            ia64:
                            up2date-5.10.1-41.30.el5.ia64.rpm
                            up2date-gnome-5.10.1-41.30.el5.ia64.rpm (if the older version of this package is installed)
                        

If the above packages are not installed on your registered system before October 9, 2018, you will be unable to connect to ULN and will receive one of the following errors:

                            The certificate /usr/share/rhn/ULN-CA-CERT is expired. Please ensure you 
                            have the correct certificate and your system time is correct.
                        

OR

                            There was an SSL error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]
                            A common cause of this error is the system time being incorrect. Verify that the time on this system is correct.
                        

After October 9, 2018 client SSL certificate need to be replaced manually. To manually replace the client SSL certificate on an Oracle Linux machine, run the following steps as root on each server:

                            # cp /usr/share/rhn/ULN-CA-CERT /usr/share/rhn/ULN-CA-CERT.old
                            # wget https://linux-update.oracle.com/rpms/ULN-CA-CERT.sha2
                            # cp ULN-CA-CERT.sha2 /usr/share/rhn/ULN-CA-CERT
                        

After this file has been updated you can continue using ULN as normal. After making this manual replacement, connectivity to ULN should be restored. The packages above should then be updated as part of your standard patching cycle. If you have any questions about this update please see the "How can I get help?" section of this document.

You may register for a ULN account via linux.oracle.com/register You will need the following:

1. An Oracle.com Single Sign on account. If you don't have one already, the link above will guide you through the steps to create one
2. A valid Oracle Linux support or Oracle VM support CSI (customer support identifier). You may purchase Oracle Linux or Oracle VM support online via the Oracle Linux Store or via your sales representative.

If you are currently running Red Hat Enterprise Linux Server, follow these steps. If you are running Oracle Linux, use the following steps:

1. Ensure you have a valid CSI by purchasing Oracle Linux support online via the Oracle Linux Store.
2. Ensure you have an account on ULN. You may register for a new account via linux.oracle.com/register
3. Execute the command uln_register as the root user and follow the directions on the screen.

See this section of the ULN documenation:Becoming a CSI Administrator.

See this section of the ULN documentation:Listing Active CSIs and Transferring Their Registered Servers.

See this section of the ULN documentation:Listing Expired CSIs and Transferring Their Registered Servers.

For help with your SSO account, please see:

1. Help with your Oracle Account
2. Log in to ULN using a web browser

To confirm whether your machine is registered, you can use the following command:

On Oracle Linux 7 systems:

# yum repolist

You should see output similar to the following:

repo id	repo name	status
ol7_x86_64_latest	Oracle Linux 7 Latest (x86_64)	8,029

On Oracle Linux 8, Oracle Linux 9 and Oracle Linux 10 systems:

# dnf repolist

You should see output similar to the following:

repo id	repo name	status
ol8_x86_64_latest	Oracle Linux 8 Latest (x86_64)	12,041

When you register a server, it will be subscribed to a channel that has the latest Oracle Linux packages for the appropriate architecture. To subscribe to additional channels, log in to linux.oracle.com after you register your system. Click on the Systems tab to manage subscriptions for each subscribed server.

This could be caused by any number of issues in the communication between your machine and the ULN servers. One of the main causes could be some stale headers in your machine's up2date cache. This can be accomplished with the following command:

On Oracle Linux 6 and Oracle Linux 7 systems:

# yum clean all

On Oracle Linux 8, Oracle Linux 9 and Oracle Linux 10 systems:

# dnf clean all

If you're using a graphical desktop environment:

At the time of registering the system to ULN using uln_register, press the Advanced Network Configuration button after prviding the account information on Account Information screen. In the next window, use the appropriate fields for your HTTP proxy; if your proxy requires authentication, enter the username and password here. When finished, press the Close button to continue the registration process.

If you're in text mode:

At the time of registering the system to ULN using uln_register, use --proxy option specify http proxy to use

                             # uln_register --proxy=proxy_hostname:port_number
                        

if your proxy requires authentication use additional options --proxyUser and --proxyPassword to specify username and password

                            # uln_register --proxy=proxy_hostname:port_number --proxyUser=username --proxyPassword=password
                        

You can get help in the following ways:

• If you have purchased Basic or Premier support, you may use My Oracle Support for technical assistance
• If you have purchased Network support, you may discuss technical issues on the Oracle Infrastructure Forum or file bug reports using Oracle Linux GitHub's repository

After registering and subscribing to required channels, run the following command:

On Oracle Linux 6 and Oracle Linux 7 systems:

# yum update

On Oracle Linux 8 and Oracle Linux 9 systems:

# dnf update

Below are the steps to enable system-wide cryptographic policies (like FUTURE) to work with ULN on Oracle Linux 8 or Oracle Linux 9 or Oracle Linux 10.

• Please make sure to have following or later version of the packages installed on the system

Oracle Linux 8

                            rhn-check-2.8.16-13.0.6.module+el8.7.0+21032+057d0dfe.x86_64.rpm
                            rhn-setup-2.8.16-13.0.6.module+el8.7.0+21032+057d0dfe.x86_64.rpm
                            rhn-client-tools-2.8.16-13.0.6.module+el8.7.0+21032+057d0dfe.x86_64.rpm
                            python3-rhn-setup-gnome-2.8.16-13.0.6.module+el8.7.0+21032+057d0dfe.x86_64.rpm
                            rhnlib-2.8.6-8.0.2.module+el8.7.0+21027+f0093b7a.noarch.rpm
                            python3-rhn-client-tools-2.8.16-13.0.6.module+el8.7.0+21032+057d0dfe.x86_64.rpm
                            rhn-setup-gnome-2.8.16-13.0.6.module+el8.7.0+21032+057d0dfe.x86_64.rpm
                            python3-rhnlib-2.8.6-8.0.2.module+el8.7.0+21027+f0093b7a.noarch.rpm
                            python3-rhn-setup-2.8.16-13.0.6.module+el8.7.0+21032+057d0dfe.x86_64.rpm
                            python3-rhn-check-2.8.16-13.0.6.module+el8.7.0+21032+057d0dfe.x86_64.rpm
                        

Oracle Linux 9

                            rhn-check-2.8.16-13.0.8.el9_0.x86_64.rpm
                            rhn-setup-2.8.16-13.0.8.el9_0.x86_64.rpm
                            rhn-client-tools-2.8.16-13.0.8.el9_0.x86_64.rpm
                            python3-rhn-setup-gnome-2.8.16-13.0.8.el9_0.x86_64.rpm
                            rhnlib-2.8.6-8.0.2.el9.noarch.rpm
                            python3-rhn-client-tools-2.8.16-13.0.8.el9_0.x86_64.rpm
                            rhn-setup-gnome-2.8.16-13.0.8.el9_0.x86_64.rpm
                            python3-rhnlib-2.8.6-8.0.2.el9.noarch.rpm
                            python3-rhn-setup-2.8.16-13.0.8.el9_0.x86_64.rpm
                            python3-rhn-check-2.8.16-13.0.8.el9_0.x86_64.rpm
                        

Oracle Linux 10

                             python3-rhn-check-2.8.16-13.0.14.el10.x86_64.rpm
                             python3-rhn-client-tools-2.8.16-13.0.14.el10.x86_64.rpm
                             python3-rhnlib-2.8.6-8.0.4.el10.noarch.rpm
                             python3-rhn-setup-2.8.16-13.0.14.el10.x86_64.rpm
                             python3-rhn-setup-gnome-2.8.16-13.0.14.el10.x86_64.rpm
                             rhn-check-2.8.16-13.0.14.el10.x86_64.rpm
                             rhn-client-tools-2.8.16-13.0.14.el10.src.rpm
                             rhn-client-tools-2.8.16-13.0.14.el10.x86_64.rpm
                             rhnlib-2.8.6-8.0.4.el10.noarch.rpm
                             rhnlib-2.8.6-8.0.4.el10.src.rpm
                             rhn-setup-2.8.16-13.0.14.el10.x86_64.rpm
                             rhn-setup-gnome-2.8.16-13.0.14.el10.x86_64.rpm
                        

• Replace “linux-update.oracle.com” with “linux-update-4k.oracle.com” in /etc/sysconfig/rhn/up2date file
• You may want to enable “update-crypto-policies --set FUTURE” and then register to ULN