Version Revision History
-
2022/11/21: 2022.11 release
-
2022/10/14: 2022.10 release
-
2022/08/10: 2022.08 release
-
2022/06/26: 2022.06 release
-
2022/05/10: 2022.05 release
-
2022/04/29: 2022.04 release
-
2022/03/31: 2022.03 release
-
2022/02/28: 2022.02 release
-
2022/01/28: 2022.01 release
-
2021/12/09: 2021.12 release
-
2021/09/23: 2021.09 release
-
2021/08/16: 2021.08 release
-
2021/06/24: 2021.06 release
-
2021/05/18: 2021.05 release
-
2021/04/21: 2021.04 release
-
2021/03/01: 2021.02 release
-
2021/02/05: 2021.01 release
-
2020/11/26: 2020.11 release
-
2020/09/22: 2020.09 release
-
2020/07/24: 2020.07 release
-
2020/06/15: 2020.06 release
-
2020/05/21: 2020.05 release
-
2020/04/16: 2020.04 release
-
2020/03/19: 2020.03 release
-
2020/01/31: 2020.01 release
-
2019/08/02: 4.0.2 release
-
2018/12/19: 4.0.1 release
-
2018/10/26: 4.0.0 release
Stay informed
You can stay up-to-date regarding information about Uyuni:
Check the home site https://www.uyuni-project.org
Support
Uyuni is a community-supported project. The ways of contacting the community are available at the home site.
Release model
Uyuni uses a rolling release model (meaning there will be no bugfixing for given Uyuni version, but new frequent versions that will include bugfixes and features)
Check the home site get in contact with the community.
Major changes since Uyuni Server 4.0.0
Features and changes
Version 2022.11
System list refactor
The System list page has been refactored to be more optimized and can handle thousands of systems with a breeze.
For this we had to add a new database table to store the cached system data.
This table is updated every hour by the update-system-overview-default
task and within a minute after data for any of the systems is changed.
As a side effect, the System list will be empty after the server upgrade until the refresh is triggered.
To force a refresh before the top of the hour, run the update-system-overview-default
task manually in Admin > Task Schedules page. Keep in mind that processing this task can take some time depending on how many systems are present in the database.
We intend to automate the initial refresh during during the Uyuni Server update in a future release, for people that are still upgrading from versions older than 2022.11
The new page has also introduced a more advanced filtering of the data. Though quite powerful, the user interface for the value selection is still rough and requires knowing what to query. While this has been temporarily been worked around by keeping the old links in the Systems List menu, we expect improvements for the interface in a future release.
Instructions to disable custom channel automatic syncronization
Since Uyuni 2022.10, the custom channels are now synced automatically.
By default, a synchronization will start automatically after adding a new repository to a custom channel. Moreover, they will all update daily as a part of the mgr-sync-refresh-default
scheduled task.
To disable this new feature and revert back to the old behaviour, you can set in /etc/rhn/rhn.conf
:
java.unify_custom_channel_management = 0
Custom Channels section of the Administration guide for information about the custom channel synchronization.
Allow more tools for network management for the Uyuni Server
Until now, the Uyuni Server only supported Wicked for network management, because of a problem at the uyuni-check-database
service.
With Uyuni 2022.11, this problem is fixed and now any other tool such as NetworkManager can be used.
Monitoring: Grafana update to 8.5.13
Uyuni 2022.03 updates Grafana from version 8.3.5 to 8.5.13.
This update fixes several security vulnerabilities:
-
CVE-2022-36062
-
CVE-2022-35957
-
CVE-2022-31107
-
CVE-2022-31097
-
CVE-2022-29170
Check the upstream changelog for all the details on what has changed.
There is one breaking change:
- For a data source query made via /api/ds/query
, if the DatasourceQueryMultiStatus
feature is enabled and the data source response has an error set as part of the DataResponse
, the resulting HTTP status code is now 207 Multi Status
instead of 400 Bad gateway
.
Updating Grafana is strongly recommended.
Monitoring: Fix TLS configuration and enable client certificate authentication for Blackbox exporter
Uyuni 2022.10 and previous versions were using basic authentication for the Blackbox exporter scrapping, even though using TLS client certificates was enabled at the prometheus-formula
With Uyuni 2022.11, the Prometheus formula adds a section for the Blackbox exporter with TLS certificate and key for client certificate authentication.
Traditional stack being removed
Uyuni 2022.06 was the last version where traditional client tools were tested to work, and it was announced that with Uyuni 2022.08 the traditional client tools will be deprecated and removed at some point after the summer.
Uyuni 2022.11 is already removing code for the traditional clients, so this version will not support traditional clients in any way. New deployments will not work and existing deployments will not work either. If you still have traditional clients and they still work normally, you need to migrate them to Salt before updating to Uyuni 2022.11.
Version 2022.10
Update notes
WARNING: This release requires vendor changes for some Uyuni dependencies at the server, so pay attention to the following instructions!
Because of bug at zypper
, it could be that --allow-vendor-change
is broken on your system. This can apply even if you are still on Uyuni 2022.05 or earlier (based on openSUSE Leap 15.3)
Make sure you manually update zypper first at the Uyuni Server with zypper ref && zypper in zypper
, and then verify that the installed zypper version is 1.14.57
or newer (use zypper info zypper
).
Then:
-
If you are on Uyuni 2022.06 or newer, while doing the minor upgrade procedure for the Server, make sure you allow such vendor changes by calling
zypper up --allow-vendor-change
instead ofzypper up
. -
If you are on Uyuni 2022.05 or older, follow the major upgrade procedure for the Server without any special steps.
RHEL/Oracle Linux/AlmaLinux/Rocky Linux 9 as clients
Uyuni is now able to manage RHEL/Oracle Linux/AlmaLinux/Rocky Linux 9 as Salt or Salt SSH minions. All other features that worked for previous versions of RHEL/Oracle Linux/AlmaLinux/Rocky will work now too, with the exception of the Prometheus Exporters.
The following architectures can be managed:
-
x86_64
-
aarch64
-
s390x (RHEL/AlmaLinux/Rocky Linux only)
-
ppc64le (RHEL/AlmaLinux/Rocky Linux only)
Check the Client Configuration Guide for information about how to configure the Uyuni Server to work with RHEL/Oracle Linux/AlmaLinux/Rocky Linux 8 clients.
Monitoring for Ubuntu 22.04
The Client Tools for Ubuntu 22.04 now contain four exporters:
-
prometheus-apache-exporter
-
prometheus-exporter-exporter
-
prometheus-node-exporter
-
prometheus-postgres-exporter
With these tools all of the features available for previous Ubuntu versions are available at 22.04
pip support for the Salt Bundle
The Salt Bundle now includes support for pip
, allowing users to extend the functionality of the bundled Salt Minion with extra Python packages.
Keep in mind that not all of the functions are available with the state, but the missing functionality can still be accessed with module.run
.
Apache exporter updated to version 0.11.0 for SUSE Linux Enterprise and openSUSE
Uyuni 2022.10 updates the Prometheus exporter for Apache from version 0.7 to version 0.10.0 for SUSE Linux Enterprise and openSUSE, including the Uyuni Server, the Uyuni Proxy and the Uyuni Retail Branch Server.
Check the upstream release notes for more details, including new metrics.
Cobbler updated to version 3.3.3
Cobbler was updated from version 3.1.2 to version 3.3.3.
-
"cobbler buildiso" now supports building ISOs with UEFI support
-
Cobbler has a new command "cobbler mkloaders" that can be called optionally after GRUB or Syslinux was updated on the Uyuni Server
For the complete list of changes, see the upstream release notes:
The migration of stored Cobbler collections and settings from previous Cobbler version to 3.3.3 will run automatically during this upgrade. |
A backup of old Cobbler settings file will be created at /etc/cobbler/settings.before-migration-backup
and old collections backup under /var/lib/cobbler/
.
Version 2022.08
Ubuntu 22.04 as client
Uyuni is now able to manage Ubuntu 22.04 clients as Salt or Salt SSH minions. All other features that worked for previous versions of Ubuntu will work now too, with the exception of the Prometheus Exporters and package vendor identification, which will be part of a future Uyuni release (for now, Prometheus Exporters are available in the Universe repositories).
The following architectures can be managed:
-
x86_64
Check the Client Configuration Guide for information about how to configure Uyuni Server to work with Ubuntu 22.04 clients.
GPG key handling in Uyuni
Uyuni is now taking care of trusting the required GPG keys on the clients, in order to install packages from assigned channels
The GPG key URL can be defined for Software Channels which will be used to find the key needed for that channel.
When the channel is assigned to the client the key will be trusted on repository refresh or when installing a package out of the channels.
For more information, check the documentation.
Disabling locally defined repositories
To prevent problems with local defined repositories providing wrong or unwanted packages, we disable now all these repositories as the first step in bootstraping.
Additionlly we try to keep local repositories disabled and perform this in the channel state which is also used during highstate.
For more information, check the documentation.
Technology Preview: Helm chart to deploy containerized Uyuni Proxy and Retail Branch Server
Deploying Proxy and Retail Branch Servers as containers is now also possible using a Helm chart.
For more information check this README file. The information will be part of the Uyuni official documentation in a future release.
WARNING: The container images configuration has a new format and it is now packaged as tar.gz file. All previously deployed container Proxies and Retail Branch Servers will need to get their configuration regenerated and deployed again before pulling these images.
Version 2022.06
Upgrade notes
WARNING: This release updates the base OS from openSUSE Leap 15.3 to openSUSE Leap 15.4 and there are special steps required. You need at least Uyuni 2021.06 already installed to perform the upgrade, and you need to follow the major upgrade procedure for the Server. More details are also available at the "Update from previous versions of Uyuni Server" section below.
WARNING: This release updates the Salt version for master and minions to a next major release. Make sure you update the Uyuni Server before updating the clients, as backward compatiblity of minions agains an older master is not guaranteed
WARNING: With Uyuni 2021.12, we announced the future deprecation of the Traditional client tools. Uyuni 2022.06 is the last release that supports them. Starting with Uyuni 2022.08, the traditional client tools will be deprecated as we will start removing the code at some point after the summer. Do not use traditional for any new deployments of clients or proxies, and start migrating your traditional clients to Salt.
Base system upgrade
The base system has been upgraded to openSUSE Leap 15.4.
PostgreSQL 14
The database engine has been updated from PostgreSQL 13 to PostgreSQL 14, which brings a number of performance and reliability improvements. A detailed changelog is available upstream.
To prevent inconsistent configurations and data on upgrade or update, Uyuni 2022.06 refuse to start until the database migration from PostgreSQL 13 to PostgreSQL 14 has been completed successfully.
Salt 3004
Salt has been upgraded to upstream version 3004, plus a number of patches, backports and enhancements by SUSE, for the Uyuni Manager Server, Proxy, and Client Tools.
We intend to regularly upgrade Salt to more recent versions.
For more details about changes in your manually-created Salt states, see the Salt 3004 upstream release notes.
Salt Bundle 3004 will be available for all supported clients.
The non-bundle version of Salt requires Python3 installed by default, so it will not be available for:
-
SUSE Linux Enteprise 12
-
CentOS 7
-
Oracle Linux 7
-
Red Hat Enteprise Linux 7
New products enabled
-
openSUSE Leap 15.4
-
SUSE Linux Enterprise 15 SP4 family
-
SLE Micro 5.2
Version 2022.05
Reporting Database documentation
The reporting database schema is now fully documented.
The documentation describes the schema in detail, showing all the tables and the views available and highlighting the relationships among them.
You can access it from the Uyuni Server WebUI, at Help > Report Database Schema, from the left navigation bar.
spacewalk-report now uses data from the reporting database
Starting with Uyuni 2022.05, spacewalk-report
will use the data from the report database by default. This change affects both new and updated setups.
This means that the new generated reports will differ in the structure and the format of the data and might break existing integrations.
If this change causes trouble in your use case, the new option --legacy-report
can be used to fallback to the old report engine.
For a comprehensive list of what is changed and what reports are affected, see the section "Generate Reports" at the Administration Guide.
Adding systems with failed actions to System Set Manager
It is now possible to select and add systems that failed or completed actions, with a new button Add Selected to SSM
that shows for the actions at "Completed Systems" and "Failed Systems".
You can the find the actions at the Uyuni Server WebUI, at Schedule
on the left navigation bar.
This can be useful to fix issues with systems that failed to complete actions, or to run more actions on those that completed them.
Technology Preview: JSON over HTTP API
With Uyuni 2022.05, in addition to the current XML-RPC API, a new JSON over HTTPI API will also be provided to make Uyuni API even easier to consume.
Uyuni is seeing more and more use in automated scenarios, where it is a part of a bigger system and driven via its APIs.
The XML-RPC protocol has served users well so far and will continue to do so, but HTTP APIs are more in demand and have better tooling support.
The API documentation has been updated to reflect the changes to support the HTTP API, and is available at the Uyuni Server WebUI under About > API, and at the website
Usage examples can be found in the "Sample scripts" section of the documentation.
With the addition of the JSON over HTTP API documentation:
-
Mandatory names to the input parameters for each method were added
-
Information about the HTTP request type (GET or POST) was added
-
Example scripts to consume the HTTP API via Curl were added
Version 2022.04
Salt SSH now uses the Salt Bundle
The Salt Bundle is now used to handle Salt SSH executions on the client side. The bootstrap of new Salt clients using webUI or API is now also using the Salt Bundle.
To ensure bootstrap works in the proper way, the bootstrap repositories for the clients must be regenerated before bootstrapping new clients.
The bootstrap repository regeneration happens for any given product when a resync for the product repositories happens:
-
For products provided by the SUSE Customer Center, added via de Setup Wizard or
mgr-sync
, this happens each night. -
For products added via
spacewalk-common-channels
there is no automated resync by default, unless it was configured after adding the product. In this case, the regeneration needs to be trigger manually.
To manually trigger the regeneration, use the tool mgr-create-bootstrap-repo
at the Uyuni Server.
Technology Preview: Containerized Uyuni Proxy and Retail Branch Server
Starting with Uyuni 2022.04, it will be possible to run the Uyuni proxy and Retail branch server also in containers. This could be very helpful in scenarios where adding new virtual machines is not feasible for some reason.
Additionally, the ability to run Uyuni Proxy and Retail branch servers in containers make it more flexible to run them anywhere without worrying about the underlying OS, while also making it possible to get the advantage of Kubernetes offerings like HA.
Reporting Database improvements
The following improvements have been made in the reporting database
-
Add UI for peripheral server with report database password regeneration
-
Added the server location information to the reporting database
-
detect MgrServer on bootstrap and store report database settings
-
Added Channel information
-
Added System packages information
-
Added OpenScap scans information
-
Added Groups information
-
Added System packages information
-
Added proxy information to the system table
-
Changed table SystemGroup to better reflect its content
-
Added location information to the system table
Improved image management
Uyuni 2022.04 comes with a lot of improvements for image management.
-
Kiwi images:
-
Uses name and version from Kiwi config file, revision is increased on each build
-
Built image files are referenced in the database and deleted with the image entry
-
Image pillars are stored in the database
-
The build log is visible in the User Interface
-
-
Docker images:
-
Use a new database entry for each revision
-
Old revision can be shown with the "Show obsolete" checkbox
-
-
Updated XML RPC API to manipulate with images, image files and pillars:
-
For more details about these end points, please refer to Uyuni API.
-
HSTS available
HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.
Uyuni 2022.04 allows enabling HSTS. Which means each request will need to be HTTPS while plain HTTP requests will be rejected.
To enable it for the Uyuni Server:
-
Edit
/etc/apache2/conf.d/zz-spacewalk-www.conf
-
Uncomment the line
# Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
-
Restart Apache with
systemctl restart apache2
To enable it for the Uyuni Proxy
-
Edit
/etc/apache2/conf.d/spacewalk-proxy.conf
-
Uncomment the line
# Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
-
Restart Apache with
systemctl restart apache2
IMPORTANT: If you enable HSTS while using the default SSL certificate generated by Uyuni, or a self-signed certificate, some browsers will refuse to connect using HTTPS unless the CA used to sign such certificates is trusted by the browser. If you are using the SSL certificate generated by Uyuni, you can trust it at the servers by using the file located at http://<UYUNI-SERVER-HOSTNAME>/pub/RHN-ORG-TRUSTED-SSL-CERT
Version 2022.03
Fixes for Salt security issues
Fixes for the following security issues have been released: CVE-2022-22934, CVE-2022-22935, CVE-2022-22936, CVE-2022-22941.
You should patch your Salt master at the Uyuni Server and minions as soon as possible. Please take the next section into account when upgrading the Salt.
Salt Upgrade
To properly upgrade Salt with the fixes for the latest CVEs, and avoid breaking the communication between for Salt master and minion, you need to upgrade your "salt-master" first and then continue upgrading your Salt minions.
In case that a Salt minion is upgraded with the CVE fixes but your Salt master is not, then the communication between the master and this minion will be broken, and you would see errors like the following in your minion logs:
2022-03-28 13:19:41,880 [salt.crypt :743 ][ERROR ][15942] Sign-in attempt failed: {'publish_port': 4505, 'pub_key': '-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\n''enc': 'pub','sig': ".."}
2022-03-28 13:19:41,885 [salt.minion :1056][ERROR ][15942] Error while bringing up minion for multi-master. Is master at salt-master-server.tf.local responding?
As soon as your Salt master is upgraded and restarted then the communication between master and minion will be restablished and the errors messages will not longer happen.
New XML-RPC API version 26
Uyuni 2022.03 updates the XML-RPC API version from 25 to 26, in preparation for SUSE Manager 4.3
There are no breaking changes to any methods.
If any of your scripts are checking for the version 25, you can change them to use version 26 without any further changes.
smdba: changed defaults for newer PostgreSQL versions
Starting with PostgreSQL 13, some defaults have changed.
To improve performance, smdba autotuning was adapted to use the new values.
Additionally an extra paramater --ssd
was added to autotuning to tell smdba that the database is stored on ssd or fast network storage.
To change an existing configuration with the new defaults call
smdba system-check autotuning
Remember you can also adjust some other parameters, in case you need them:
smdba system-check autotuning [--max_connections=<number>] [--ssd]
Monitoring: Grafana 8.3.5
Uyuni 2022.03 updates Grafana from version 7.5.12 to 8.3.5.
This update fixes several security vulnerabilities:
-
XSS vulnerability in handling data sources (CVE-2022-21702)
-
Cross-origin request forgery vulnerability (CVE-2022-21703)
-
Insecure Direct Object Reference vulnerability in Teams API (CVE-2022-21713)
-
GetUserInfo: return an error if no user was found (CVE-2022-21673)
Updating Grafana is strongly recommended.
Relevant changes are:
-
New Alerting for Grafana 8
-
CloudWatch: Add support for AWS Metric Insights
-
CloudWatch: Add AWS RoboMaker metrics and dimension
-
CloudWatch: Add AWS Transfer metrics and dimension
-
CloudWatch: Add AWS LookoutMetrics
-
CloudWatch: Add Lambda@Edge Amazon CloudFront metrics
-
CloudMonitoring: Add support for preprocessing
-
CloudWatch: Add AWS/EFS StorageBytes metric
-
CloudWatch: Add Amplify Console metrics and dimensions
-
CloudWatch: Add metrics for managed RabbitMQ service
-
Elasticsearch: Add support for Elasticsearch 8.0
-
AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers
-
AzureMonitor: Add Azure Resource Graph
-
AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics
Check the upstream changelog for more details on what has changed.
There is one breaking change:
-
Grafana 8 Alerting enabled by default for installations that do not use legacy alerting.
Uyuni does not use Grafana alerting, so if you do not need it, you can disable it at the Grafana WebUI.
If you use legacy Grafana alerting in your environment, consider migrating to new Grafana 8 alerting.
Unsupported products
-
Red Hat Enterprise Linux 6
-
SUSE Linux Enterprise Server Expanded Support 6
-
Oracle Linux 6
-
CentOS 6
-
CentOS 8
-
Ubuntu 16.04
We highly encourage you to migrate your workload to a newer version of each distribution, or to an alternative distribution that is still supported, so you can continue managing your infrastructure with Uyuni.
Please note that we will not break things on purpose for these unsupported products, and there is a possibility that they could still continue to work. But if things break, there will not be any support provided, not even on a best-effort basis, unless someone from the community can step in.
Version 2022.02
PostgreSQL default password encryption mechanism change
PostgresSQL is changing its default password encryption mechanism from md5 to scram-sha-256.
With this update Uyuni will follow this change and will migrate the database user to this new encryption mechanism.
This should happen fully automated for the existing database user.
The following changes will happen:
-
At the
/var/lib/pgsql/data/postgresql.conf
file,password_encryption = scram-sha-256
will be set. -
The password for the user specified in the file
/etc/rhn/rhn.conf
will be reset. -
At the
/var/lib/pgsql/data/ph_hba.conf
file, all mechanisms which are set tomd5
will be changed toscram-sha-256
.
In case additional users where created, the passwords must be reseted.
This can be done with the following command on the Uyuni Server executed as "root" user, and exchanging`<DBUSER>` with the right username and <DBPASSWD>
with the new password:
runuser - postgres -c "echo \"ALTER USER <DBUSER> WITH PASSWORD '<DBPASSWD>';\" | psql"
Reporting Database
The reporting database provides Uyuni data used for reports in a simplified schema, and is accessible by any reporting tool with support for SQL databases as content sources.
This new database is isolated from the one used for the Uyuni Server, and created automatically.
The tool uyuni-setup-reportdb-user
can create new users which has read-only access to the data.
For more information on this topic, see Hub reporting.
Ubuntu errata installation
Uyuni now comes with Ubuntu errata support. It does this by downloading errata information from https://usn.ubuntu.com/usn-db/database.json and matching it after the syncing of Ubuntu channels.
It also adds support for installing errata on Ubuntu systems by mapping them to package installs.
For users, it will be a seamless experience and they will get exactly the same UX as it was for errata management for other distros.
Monitoring
Prometheus 2.32.1
Uyuni 2022.02 updates Prometheus from version 2.27.1 to 2.32.1.
The new version contains some breaking changes that need to be addressed after the Uyuni Server is updated.
Breaking changes:
-
Uyuni Service Discovery: The configuration and the returned set of meta labels have changed. Please check the upstream documentation for more details.
-
As a consequence all users with existing monitoring setup must reapply the highstate on the monitoring server(s).
Important changes:
-
Introduced generic HTTP-based service discovery.
-
New expression editor with advanced autocompletion, inline linting, and syntax highlighting.
-
Discovering Kubernetes API servers using a kubeconfig file.
-
Faster server restart times via snapshotting.
-
Controlling scrape intervals and timeouts via relabeling.
Check the upstream changelog for more details on what has changed.
Postgres exporter updated to version 0.10.0 for SUSE Linux Enterprise and openSUSE
Uyuni 2022.02 updates the Postgres exporter from version 0.4.7 to the version 0.10.0 for SUSE Linux Enterprise and openSUSE.
This version brings the rename of the package from golang-github-wrouesnel-postgres_exporter
to prometheus-postgres_exporter
, as this package is now part of the Prometheus Community Projects. After the package is updated, you will need to reenable the prometheus-postgres_exporter
service:
-
For the Uyuni Server WebUI, proceed to Admin > Manager Configuration > Monitoring. You will see
PostgreSQL database
is stopped. ClickEnable
and the service will get started. -
For the SUSE Linux Enterprise and openSUSE, apply the highstate to all the clients where the PostgreSQL needs to be exported.
The new version also contains a patch that allows connecting to PostgreSQL servers using scram-sha-256
, which is the new default for Uyuni installations starting with 2022.02.
Check the upstream changelog for more details, including new metrics.
Other operating systems such as for example CentOS7 or AlmaLinux 8 will get 0.10.0 with future Uyuni releases.
SLES PAYG client support on cloud
It is now possible to sync content from SUSE-operated Cloud RMT Server from the Uyuni. This makes it a lot easier for users with SLES PAYG instances because now they don’t need to go through a cumbersome process of getting zero-cost subscriptions.
It works in all three major public clouds AWS, GCP, and Azure.
For more information and instructions on this topic, see the Connect Pay-as-you-go instance.
openscap for Debian 11 (Tech Preview)
Uyuni 2022.02 provides the openscap package binaries using the sources from Debian Sid. Debian11 itself does not provide openscap, as it was removed from Debian Testing during Debian 11 development.
This is a Tech Preview and therefore not supported, but we invite the community to provide feedback and will provide updates from the Debian upstream package if needed.
Version 2022.01
Debian 11 as client
Uyuni is now able to manage Debian 11 clients as salt or salt-ssh minions, as well as all other features that work for previous versions of Debian, with the exception of openscap as it is not available on Debian 11
The following architectures can be managed:
-
x86_64
-
aarch64
-
armv7l
-
i586
-
ppc64le
-
s390x
Check the Client Configuration Guide
for information about how to configure Uyuni Server to work with Debian 11 clients.
Link to vendor security advisory in Patch details page
The patch details page now contains a new section Vendor Advisory
, which links to the original advisory provided by the vendor of the patch.
This information is auto-generated from data already existing in the database thus, when possible, it will be available for both new and existing patches.
With Uyuni 2022.01, the following providers are supported:
-
SUSE
-
Red Hat
-
Oracle
-
Amazon
-
AlmaLinux
-
RockyLinux
-
Alibaba
Add support for custom SSH port for SSH minions
Starting with Uyuni 2022.01, using TCP port 22 for SSH minions is not required anymore, and any TCP port can be used.
Change proxy used for clients from the WebUI
It is now possible to change the proxy used by an Uyuni client using the WebUI.
This can be done from the Connection
tab at the Details
tab for any Salt client, using the new link Change
to change the connection type.
Using System Set Manager is supported as well, and can be done from the Misc
tab, and then Proxy
tab.
NOTE: Changing the connection for a Proxy to move it, is not supported at this moment. The Connectiontab will not show the Change
link for proxies.
Version 2021.12
Salt as a Bundle
Salt Bundle is a single package called venv-salt-minion
containing the Salt Minion, Python and all Python modules. It is exactly the same version and codebase for the current salt-minion
RPM package.
The Salt Bundle can be used on systems that already run another Salt Minion, that do not meet Salt’s requirements or already provide a newer salt version that is used instead of the version provided by Uyuni.
Starting with Uyuni 2021.12, Uyuni is able to bootstrap systems with Salt Bundle for all the supported operating systems.
On bootstrapping new clients the Salt Bundle package will be used instead of salt-minion, if the package venv-salt-minion
is present in the bootstrap repo.
Clients already registered will not be changed, but can be switched to Salt Bundle with applying the state util.mgr_switch_to_venv_minion
to them. For more information see the Client Configuration Guide.
aarch64 support for openSUSE Leap 15.3, CentOS 7/8, clones and related systems
Uyuni 2021.12 adds support for the aarch64 (ARM64) architecture for the following operating systems:
-
openSUSE Leap 15.3
-
CentOS 7/8
-
Oracle Linux 7/8
-
Rocky Linux 8
-
AlmaLinux 8
-
Amazon Linux 2
System reactivation
It is now possible to re-activate a system using the UI/XMLRPC-API of Uyuni which was only possible using bootstrap script before. The bootstrapping page UI has been extended and the user can now enter the reactivation key of the system and the UI/XMLRPC-API of Uyuni will take care of the rest.
The same could be achieved from the XMLRPC API.
Low Diskspace notification
With Uyuni 2021.12, on the login page, a banner will be shown when available disk space on the server will be running low. This will help users avoid situations like the automatic shutdown of Uyuni when disk space is critically low, without even noticing it.
Package Locking for Salt Minions
Package locks are used to prevent unauthorized installation or upgrades of software packages. In the past the package lock feature was only available for traditional clients. Now it is also available for Salt clients (SUSE, RHEL and clones, and Debian/Ubuntu).
Check the Package Locking documentation for information about how to use this feature.
Monitoring
Prometheus Blackbox exporter
Uyuni 2021.12 comes with the Blackbox exporter, which allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP, and ICMP. It needs to be installed next to the Prometheus server and not on the clients. Prometheus formula has been extended to configure the Blackbox exporter.
The package prometheus-blackbox_exporter has been added as recommended for the Proxy.
Formulas
One of the limitations of the current formulas is that they are listed against every client, even if the supported packages are not available for that OS version or service pack.
While we are continuously focused on improving the formulas, for now, starting with the monitoring formulas it will be mentioned in documentation if applying those formulas would actually work in the case of a particular client.
In 2021.09, we made the Prometheus package available for Uyuni Proxy and Retail Branch Server but that is not the case with Grafana.
-
Prometheus is available for the client tools for SLE 12, SLE 15, and openSUSE 15 Uyuni Proxies or Retail Branch Servers
-
Grafana is available for the client tools for SLE 12, SLE 15, openSUSE15
Content Lifecycle Management improvement
From the Content Lifecycle Management project view, the new column Last build
has been added. This information is useful when you need a general overview of all latest build times rather than retrieving the information project by project.
New XMLRPC API methods for SaltKey
Following new XMLRPC methods have been added in SaltKey
namespace.
-
accept
: API endpoint to accept minion keys -
reject
: API endpoint to reject minion keys -
pendingList
: API endpoint to list pending salt keys -
acceptedList
: API endpoint to list accepted salt keys -
rejectedList
: API endpoint to list rejected salt keys
These methods could further help in improving the automation workflows.
New product enabled
-
SUSE Linux Enterprise Server 15 SP2 LTSS
CVE-2021-40348 remediation
A security fix for CVE-2021-40348 is included as apart of Uyuni 2021.08, to fix a potential injection arbitrary code to a root-owned file that eventually will be executed by the system.
The fix for this problem was previously released on October 29th as a patch on top of Uyuni 2021.09, but if you did not apply such patch yet, we recommend appling the update to Uyuni 2021.12 as soon as possible.
CentOS 8 End of Life
CentOS 8 will be End of Life on December 31st, 2021. Uyuni support for this product will end as well.
Please refer to support section for more information.
Future deprecation of the traditional stack
With Uyuni 2021.12, we announced the future deprecation of the Traditional client tools.
Uyuni 2022.06 is the last release that supportes them.
Starting with Uyuni 2022.08, the traditional client tools will be deprecated as we will start removing the code at some point after the summer.
Do not use traditional for any new deployments of clients or proxies, and start migrating your traditional clients to Salt.
Version 2021.09
AppStreams WebUI improvements
The content lifecycle project page in the WebUI has been further improved. This page now provides AppStreams with a default
filter template. This template creates a module filter for each module in the repository, and specifies the default stream for each module.
Improve the date time handling on the UI
Uyuni 2021.09 fixes a number of inconsistencies in date time handling related to time zones by always using the IANA standard format.
A few pages at the Admin
menu still show the old format, and will be adapted with the next Uyuni versions.
Support syncing patches with advisory status 'pending'
Uyuni 2021.09 now supports the new advisory status pending
as used by the EPEL7 and 8 repositories.
Virtualization
Virtualization in Uyuni has received some enhancements:
-
UEFI support: UEFI support has been added for creating and editing VMs. Note that Auto discovery of the firmware binary and NVRAM depends on the version of libvirt installed on a minion.
-
virt-tuner
templates:virt-tuner
template has been added to create a VM. Now users can select a template from the those supported by thevirt-tuner
tool.
spacecmd: allow massive archive and delete actions
Added new commands to "spacecmd" to allow massive archive and delete actions:
-
schedule_archivecompleted
: archive all completed actions older than a given date -
schedule_deletearchived
: delete all archived actions older than a given date
This allows bypassing the Web User Interface display limit.
Recent cobbler CVEs remediation
In addition to fixing Fixed Remote Code Execution in the XMLRPC API which additionally allowed arbitrary file read and write as root, this release includes the fixes for CVE-2021-40323, CVE-2021-40324, CVE-2021-40325.
Version 2021.08
Rocky Linux 8 as client
Uyuni is now able to manage Rocky Linux 8 clients as salt or salt-ssh minions, as well as all other features that work for CentOS 8 or AlmaLinux 8.
Rocky Linux OS intends to fill the gap that will exist after CentOS 8 Stable is End of Life by the end of 2021. According to the Rocky Enterprise Software Foundation "Rocky Linux is a community enterprise operating system designed to be 100% bug-for-bug compatible with America’s top enterprise Linux distribution now that its downstream partner has shifted direction."
Check the Client Configuration Guide
for information about how to configure Uyuni Server to work with Rocky Linux clients.
For now the following architectures are supported: x86_64
Support for Rocky Linux 8 will continue to improve, including support for other architectures.
Ansible Playbooks test mode
Ansible Playbooks can now run in test mode.
Known issue: When running a playbook in test mode using an Ansible control node that is registered as SSH minion in Uyuni, then the action is always reported as failed, even if it succeeds.
Kiwi parameters for OS Image profiles
It is now possible to pass custom kiwi parameters in an OS Image profile.
This can be particularly helpful for selecting a specific profile when passing the option (--profile <profilename>
) to Kiwi files containing multiple profiles.
Fixes for AArch64 hosts, including virtualization
Uyuni 2021.08 now collects more information about CPU for AArch64 systems. That, together with some more fixes, make virtualization features usable on AArch64 systems.
Virtual Machines and UEFI
Virtual machines can now be created with UEFI support from the web interface.
Pacemaker support for KVM and Xen virtual machines
Starting with Uyuni 2021.08, creating a virtual machine on a Pacemaker cluster node defines the resource on the cluster. The cluster-managed virtual machines can also be live migrated using the Uyuni web interface.
New CLM Filter Template
Content Lifecycle Management got a new filter template to setup Live Patching based on an existing system.
OpenSCAP Audit
The OpenSCAP XCCDF scan UI supports now more options and additional OVAL files can be defined. Supported options are:
-
--profile <name>
-
--rule <id>
-
--tailoring-file <path>
-
--tailoring-id <id>
-
--fetch-remote-resources
-
--remediate
You can provide additional OVAL files paths to prevent using --fetch-remote-resource
when the file is locally available.
Logs for Salt SSH clients
Starting with Uyuni 2021.08, all Salt SSH clients will have a log at /var/log/salt-ssh.log
, as well as log rotation configured for it.
Tech-preview: Inter-Server Synchronization version 2
Uyuni 2021.08, includes Inter-Server Synchronization version 2. This new version allows exporting software channels between servers without the previous notions of master and slave. Unlike the previous Inter-Server Synchronization, no mandatory direct connection between servers is needed since data are exported and imported in a disconnected mode.
Check the (new Inter-Server Syncronization 2 documentation for more information.
Monitoring
Grafana
Grafana was updated from version 7.4.2 to 7.5.7.
Check the upstream documentation for details on what has changed:
Prometheus
Prometheus was updated from version 2.26.0 to 2.27.1.
Important changes:
-
SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622)
Check the upstream documentation for more details on what has changed:
Version 2021.06
Upgrade notes
WARNING: This release updates the base OS from openSUSE Leap 15.2 to openSUSE Leap 15.3 and there are special steps required. You need at least Uyuni 2020.07 already installed to perform the upgrade, and you need to follow the (major upgrade procedure for the Server. More details are also available at the "Update from previous versions of Uyuni Server" section below.
Salt 3002
Salt has been upgraded to upstream version 3002, plus a number of patches, backports and enhancements by SUSE, for the Uyuni Server, Proxy and Client Tools (where the client operating system supports Python 3.5+; otherwise Salt 3000 or 2016.11 are used).
Salt 3002 only works with Python 3.5+, therefore:
-
Salt 3002 is only available on SLE 15, RHEL 8 (and clones: CentOS, Oracle Linux, SLES Expanded Support and AlmaLinux), Ubuntu 18.04 and 20.04, and Debian 10. Only a Python 3 version is provided.
-
Salt 3000 is still the version of Salt for SLE 12, RHEL 7 (and clones: CenOS, Oracle Linux, SLES Expanded Support, Amazon Linux and Alibaba Cloud Linux) and Debian 9. Only a Python 2 version is provided. SLE 12 additionally provides a Python 3 version.
We intend to regularly upgrade Salt to more recent versions.
For more details about changes in your manually-created Salt states, see the Salt 3002 upstream release notes and Salt 3001 upstream release notes.
Base System Upgrade
The base system was upgraded to openSUSE Leap 15.3.
The Uyuni Proxy and Retail Branch Server can now be installed on top of openSUSE Leap 15.3 JeOS edition.
PostgreSQL 13
The database engine has been updated from PostgreSQL 12 to PostgreSQL 13, which brings a number of performance and reliability improvements. A detailed changelog is available upstream.
To prevent inconsistent configurations and data on upgrade or update, Uyuni 2021.06 will refuse to start until the database migration from PostgreSQL 12 to PostgreSQL 13 has completed successfully.
Please note the database migration from PostgreSQL 12 will rebuild the database indices. This may take several hours if you have thousands of software channels.
Missing openSUSE Leap 15.3 channels added to spacewalk-common-channels
After openSUSE Leap 15.3 GA, two new repositories we added as part of Maintenance Updates, and are now part of spacewalk-common-channels
as two new channels:
-
opensuse_leap15_3-sle-updates
-
opensuse_leap15_3-backports-updates
Both channels are available for x86_64
and aarch64
architectures.
You can add them to your Uyuni Server with spacewalk-common-channels
, and then sync them.
After the sync is complete, consider adding them to all your openSUSE Leap 15.3 clients.
Integration of Ansible into an Uyuni automation environment to protect customer investment and ease migration (Technology Preview)
Configuration and automation platforms have become increasingly important to control an organization’s ever-growing IT landscape. There are a variety of popular tools in the market and companies may have already made investments in a particular tool, one of them being Ansible.
Adopting Uyuni, or migrating to it, does not mean that you should necessarily renounce your previous configuration management systems investment. Uyuni 2021.06 provides support for Ansible packages on SLE and connects to the Ansible control nodes on any supported client operating system to gather inventory, playbooks and manage clients with Uyuni.
Uyuni 2021.06 allows you to simply re-use and run your Ansible playbooks, saving time and resources by consolidating tools while keeping existing automation investments. This means you do not have to re-implement your Ansible automation solution, making migration to the SUSE and openSUSE landscape easier.
Combined with its strong Salt capabilities, it enhances Uyuni’s configuration and automation capabilities helping you to orchestrate even the largest environments – across cloud and on-premise.
Version 2021.05
New products enabled
-
SLE Micro 5.0
-
openSUSE MicroOS
SLE Micro 5.0 and openSUSE MicroOS as clients
Uyuni 2021.05 provides limited support for SLE Micro 5.0 and openSUSE MicroOS clients. The following features work:
-
Client registration
-
Salt remote commands
-
Formulas and Formulas with Forms
-
Installed software packages, updates, patches, etc are listed
-
Refreshing installed package list
-
Package installation, update, patching, removal
-
Content Lifecycle Management
-
State and configuration channels
-
Autoinstallation with AutoYaST and Yomi
Known issues:
-
transactional-update
versions 3.2.2-1.1 or older contain a bug and will not work properly with Salt. A fix will be shipped (in SLE Micro 5.0) soon, which will enable it with Salt and Uyuni. -
Package and patch installation, removal and update work but after installation, the WebUI will not show the actual patch state of the system, and it will not notify a reboot is required for those changes to be enabled. As a workaround, you can manually schedule a reboot.
-
Action chains will fail
-
Container management. Uyuni cannot manage podman containers at the moment but you can use Salt remote commands for that.
-
Maintenance windows in SLE Micro are currently independent from Uyuni’s
-
First releases of SLE Micro 5.0 contained a broken
salt-minion
package. Please make sure you use the latest version available in the SLE Micro Update channel. This does not affect openSUSE MicroOS.
SLE Micro and openSUSE MicroOS are only supported as a Salt minion. The traditional stack will not be supported.
The missing features will be added in upcoming releases of Uyuni.
Deprecated products
-
Red Hat Enterprise Linux 6
-
Oracle Linux 6
-
CentOS 6
-
Ubuntu 16.04 LTS
RHEL 6 (and clones: CentOS 6, Oracle Linux 6, SLES ES 6) ended upstream general support on November 30th, 2020. After a grace period of 7 months, we are now ending fixes for these operating systems.
Ubuntu 16.04 LTS ended upstream general support on April 30th, 2021. After a grace period of 3 months, we are now ending fixes for these operating systems.
Please note "ending fixes" means their client tools remain available and can still be added, mirrored and used. But in case they stop working at some point in time, fixes will only be provided as on a best-effort basis (which in general means if the issue can be reproduced with a supported operating system, it will be fixed; but if the issue is specific to the unsupported operating system, a fix should not be expected).
Prometheus TLS
Prometheus and the Prometheus formulas now support TLS and basic authentication for HTTP endpoints. This provides a way to securely transfer metrics data.
Updated Prometheus
Prometheus has been updated from version 2.21.1 to version 2.26.0, which brings a number of bugfixes and improvements (such as securing connections using TLS).
For details on what changed in each version between 2.21.1 and 2.26.0, see:
-
https://github.com/prometheus/prometheus/releases/tag/v2.22.2
-
https://github.com/prometheus/prometheus/releases/tag/v2.23.0
-
https://github.com/prometheus/prometheus/releases/tag/v2.24.0
-
https://github.com/prometheus/prometheus/releases/tag/v2.24.1
-
https://github.com/prometheus/prometheus/releases/tag/v2.25.0
-
https://github.com/prometheus/prometheus/releases/tag/v2.25.1
-
https://github.com/prometheus/prometheus/releases/tag/v2.25.2
-
https://github.com/prometheus/prometheus/releases/tag/v2.26.0
Migrate clients from openSUSE Leap to SUSE Linux Enterprise Server
The "Service Pack Migration" feature has been renamed "Product Migration".
In Uyuni 2021.05, the Product Migration feature allows two different use cases:
-
Migration from one service pack to another within the same major version of SUSE Linux Enterprise (e. g. from SLE 15 SP2 to SLE 15 SP3)
-
Migration from openSUSE Leap to the equivalent version of SLES (e. g. from Leap 15.3 to SLES 15 SP3). A registration key for openSUSE Leap is required, which can be obtained from SCC for free.
Migration between different SUSE Linux Enterprise codestreams (e. g. SLE 12 to SLE 15) is not possible using the Product Migration feature. Use autoinstallation profiles for that.
Migration between non-SUSE products (e. g. from CentOS to AlmaLinux) is not available at the moment.
Easier system group and configuration channel assignment
We have simplified the screens where system groups and configuration channels were assigned by removing the tabs and subtabs. All the information and actions are now in the same screen.
Enhanced CLM filter list
The Content Lifecycle Management filter list screen how allows filter selection, deletion and sorting and search by project.
Notify beacon for DEB-based clients
While the recommended way to manage clients is to install, remove, patch, etc from Uyuni, which triggers the correct actions, sometimes users run the package managers directly. When doing this on Debian and Ubuntu clients, the WebUI showed an outdated package list for some time.
Uyuni now hooks directly into the package manager database on the client to identify local package management and trigger a package refresh from the Server to make sure the list of packages is always up to date.
Allow setting primary FQDN for the systems
It is now possible possible to set/get the primary FQDN of a given system.
-
Via XMLRPC-API:
-
The existing system.getNetworkForSystems method will now return a new fqdn field with the primary FQDN
-
A new system.setPrimaryFqdn method has been added to set the primary FQDN of a given system
-
-
Via WebUI:
-
The primary FQDN of a given systems can ve visualized/set via System > Details > Hardware page.
-
This is specially useful because this data is used to configure target address for monitoring.
-
Virtualization
Virtualization in Uyuni has received a number of enhancements:
-
Fine-tuning: CPU pinning and special memory configurations, such as those required when running SAP under KVM, can now be configured with Uyuni.
-
Autostart: automatically start needed networks and storage pools when creating/starting a VM
-
Virtual console: the virtual console monitors virtual machine state changes and can be opened even when the virtual machine is powered off. This helps in debugging startup issues, and allows to manage the VM even when it is running on another virtualization host.
-
The virtpoller beacon is now removed a replaced by a refresh action.
Custom data as pillar
Traditional stack clients could receive some custom information via macros but this feature was missing on Salt clients.
In Uyuni 2021.05, we have implemented passing any custom information to Salt clients (both salt-minion and salt-ssh) via pillars:
salt \* pillar.get custom_info:key1
minion:
val1
Retracted patches
When an operating system vendor releases a new patch, it might happen that the patch has undesirable side effects (security, stability, boot no longer working, etc) on some scenario that was not identified by testing. When that happens (very rarely), vendors typically release a new patch, which may take from hours to days, depending on the internal processes in place by that vendor.
SUSE has introduced a new mechanism called "retracted patches" to take back such patches in minutes by simply removing the bad patch from the repository metadata and resorting to the previously working patch. These patches receive the advisory status "retracted" (instead of the usual "final" or "stable").
Uyuni now supports retracted paches across all the lifecycle:
-
Retracted patches can be synchronized
-
When a patch is retracted, it will be noted as such with its own specific icon and status
-
Retracted patches can be cloned
Following the behavior defined in zypper
:
-
Once a retracted patch is installed, it will not be uninstalled unless you uninstall it explicitly. Uyuni will never automatically uninstall anything from your systems on its own.
-
Once a patch has been retracted by the vendor, the retracted patch cannot be installed via normal patch, update and installations.
-
Retracted patches remain available in the software channels and can be forcefully-installed/updated-to by speficying the exact version you want to install (e. g. by using
zypper
directly or by using the exact version in a Salt state).
To protect our users, the behaviour when cloning retracted patches is slightly different than usual:
-
When a Content Lifecycle Management project uses a source channel which contains a now-retracted patch, a warning is displayed so that you are aware you should build and propagate the patch as soon as possible.
-
When a retracted patch is synchronized, it will not be cloned to the cloned channels by default. You will need to propagate it explicitly, like any other patch.
-
In contrast, once a retracted patch has been added one Content Lifecycle Management project and the project software channels built, the retracted patch will be automaticaly propagated all the other projects where that (now retracted) patch is available.
Client systems forwarded to SUSE Customer Center
This feature is only available when you enter your SCC mirroring credentials in Uyuni Server.
Until Uyuni 2021.05, the managed clients were not listed at SCC even if a SCC account was present at the Uyuni Server. This surprised users, who did not understand why clients connected via SUSEconnect, RMT or SMT would show in SCC, but clients connected with Uyuni would not.
Responding to this often-asked question and feature request for both Uyuni and SUSE Manager, we have now implemented client list forwarding to SCC in Uyuni 2021.05.
If you have a SCC account added at your Uyuni Servers, then the clients (even non-SUSE operating systems) managed by Uyuni Server (connected directly or via Proxy or Retail Branch Server) will be listed in SCC.
When a client is removed from Uyuni, it will also be removed from SCC.
The information transferred is limited to that which is already collected and transferred by SUSEconnect, RMT and SMT:
-
Client OS name and version
-
Hostname
-
Number of CPU sockets
-
Architecture
-
UUID of the system
-
Hypervisor and cloud provider information
-
Login: Uyuni instance id + client system id
-
Password: random string generated by Uyuni. Not used.
This information is used for statistical and product research purposes only.
In case you want to add your SCC account to Uyuni but completely disable client list submission to SCC, set this parameter in /etc/rhn/rhn.conf
and restart Uyuni (spacewalk-service restart
):
server.susemanager.forward_registration = 0
Display of the client operating system name and version in SCC is pending an upcoming update in SCC.
Configuration state summary
In Uyuni, configuration may come from many different places: Uyuni itself, configuration channels assigned to your organization, configuration channels assigned to the system groups your clients belong to, configuration channels assigned directly to a client system or formulas with forms.
When managing a large number of clients distributed across several organizations, with multiple system groups, channels, etc, knowing what is exactly the configuration that will be applied may become a daunting task.
In Uyuni 2021.05, we have added the configuration state summary to the Highstate page of the client. With this, you can see exactly where state is coming from.
Live patching made easy with filter templates
SUSE Linux Enterprise Live Patching helps customers to bring down reboot cycles to once a year which saves companies a time, resources and availability compared to not using live patching at all.
Setting up Live Patching requires installing specific kernel versions which are enabled for live patches, and installing the specific live patches.
Uyuni 2021.05 implements filter templates, which are a set of pre-defined filters for a specific use case. The first filter template we are including in Uyuni 2021.05 makes it easy to configure live patching for a specific SUSE product (e. g. SLE 15 SP2). New filter templates and additional information about the lifecycle of the live kernel will be added in upcoming versions of Uyuni.
HTML documentation for the API
The API documentation is now available in HTML format, in addition to the existing PDF document.
The new HTML API documentation includes a search engine too:
https://www.uyuni-project.org/uyuni-docs-api/uyuni/index.html
New API calls
New API calls have been added:
-
Enhanced config channel API with list assigned groups
-
Enhanced server group API with config channel and formula access methods
-
Added an API endpoint to allow/disallow scheduling irrelevant patches
-
Added APIs to manage retracted patches
-
Added APIs to set and get the primary FQDN of a given system (system.getNetworkForSystems/system.setPrimaryFqdn)
spacecmd improvements
The spacecmd commandset has been modified to match the current features of the product:
-
Add group_addconfigchannel and group_removeconfigchannel
-
Add group_listconfigchannels and configchannel_listgroups
-
Deprecated "Software Crashes" commands
Activation key dropped from system details
Activation keys can be used when registering new clients, or re-registering existing clients, to make sure the correct software entitlements, software channels, system groups, etc are applied when they come under Uyuni management.
After a client is registered to Uyuni, activation keys serve no purpose. Software channels, groups, etc can be changed independently from the activation key.
The fact the activation key remained in the System Details led users to think editing the activation key (e. g. changing the software channels assigned to that activation key) would change what was assigned to that client system. This is not true. To avoid that confusion, the Activation Key field has been removed from the System Details of registered clients.
Activation keys can still be used during client registration.
Software Crashes (ABRT) dropped
The Software Crashes feature, based on the ABRT library, has been dropped in Uyuni 2021.05. This was a very old feature which only worked on a limited set of clients and required careful configuration to actually submit crash reports to the Uyuni Server instead of upstream projects.
Warning about Ansible integration
Uyuni 2021.05 introduces some new changes related with the ongoing implementation of Ansible control node management:
-
New "Ansible Control Node" system type in "System → Properties".
-
New "Ansible" tab in the system page to operate your Ansible control node.
-
New XMLRPC endpoints for operating your Ansible control node.
This technology preview feature is NOT yet ready to work correctly in Uyuni 2021.05. You should not assign this new "system type" yet to your registered systems. The feature will be available with Uyuni 2021.06 |
Version 2021.04
Vendor change for some Java dependencies
We continue to increase the number of Java depencies we use directly from openSUSE.
Before starting the services, make sure you run this command to change the vendor of the xstream
package:
zypper install --allow-downgrade --allow-vendor-change -f xstream-1.4.15-lp152.2.3.1
This will also install the packages xpp3
and xpp3-minimal
Fix for potential security issue with Java RMI
Uyuni 2021.04 fixes a potential security issue that could allow remote code execution via Java RMI.
This issue only existed on the Uyuni Server if the self-monitoring was enabled.
The access to Java RMI is now limited to localhost.
New products enabled
-
Amazon Linux 2
-
Alibaba Linux 2
-
AlmaLinux 8
-
MicroFocus Open Enterprise Server 2018 SP3
-
openSUSE Leap 15.3 (Beta)
Amazon Linux 2 and Alibaba Linux 2 clients
Uyuni is now able to manage Amazon Linux 2 and Alibaba Linux 2 clients as salt or salt-ssh minions, as well as all other features that work for CentOS 7.
Check the Client Configuration Guide
for information about how to configure Uyuni Server to work with Debian clients.
For now the following architectures are supported: x86_64
Support for Amazon Linux2 and Alibaba Linux 2 will continue to improve, including support for aarch64 clients.
AlmaLinux 8
Uyuni is now able to manage AlmaLinux 8 clients as salt or salt-ssh minions, as well as all other features that work for CentOS 8.
AlmaLinux OS intends to fill the gap that will exist after CentOS 8 Stable is End of Life by the end of 2021. According to the AlmaLinux OS Foundation "AlmaLinux OS is a 1:1 binary compatible fork of RHEL® 8"
Check the Client Configuration Guide
for information about how to configure Uyuni Server to work with AlmaLinux clients.
For now the following architectures are supported: x86_64
Support for AlmaLinux 8 will continue to improve, including support for other architectures as they are added to AlmaLinux.
Maintenance Windows UI
Scheduling Maintenance Windows is now easier:
-
An interactive calendar has replaced the display of the iCalendar file in the details view
-
An interactive web calendar replaces the listing of upcoming maintenance windows in the details of a maintenance schedule, and events associated with that schedule are displayed.
Removal of deprecated XMLRPC API methods
The following XMLRPC API methods have been deprecated for a long time and are removed as part of Uyuni 2021.04:
-
ActivationKeyHandler
addPackageNames(User loggedInUser, String key, List packageNames)
-
ActivationKeyHandler
removePackageNames(User loggedInUser, String key, List packageNames)
-
ChannelHandler
listRedHatChannels(User loggedInUser)
-
ChannelSoftwareHandler
listAllPackages(User loggedInUser, String channelLabel, String startDate, String endDate)
-
ChannelSoftwareHandler
listAllPackages(User loggedInUser, String channelLabel, String startDate)
-
ChannelSoftwareHandler
listAllPackagesByDate(User loggedInUser, String channelLabel, String startDate, String endDate)
-
ChannelSoftwareHandler
listAllPackagesByDate(User loggedInUser, String channelLabel, String startDate)
-
ChannelSoftwareHandler
listAllPackagesByDate(User loggedInUser, String channelLabel)
-
ChannelSoftwareHandler
setSystemChannels(User loggedInUser, Integer sid, List channelLabels)
-
ChannelSoftwareHandler
listErrata(User loggedInUser, String channelLabel, String startDate)
-
ChannelSoftwareHandler
listErrata(User loggedInUser, String channelLabel, String startDate, String endDate)
-
ChannelSoftwareHandler
subscribeSystem(User loggedInUser, Integer sid, List labels)
-
ChannelSoftwareHandler
unsubscribeChannels(User user, List sids, String baseChannel, List childLabels)
-
ErrataHandler
listByDate(User loggedInUser, String channelLabel)
-
KickstartHandler
listKickstartableTrees(User loggedInUser, String channelLabel)
-
ContentSyncHandler
synchronizeProductChannels(User loggedInUser)
-
SystemHandler
listBaseChannels(User loggedInUser, Integer sid)
-
SystemHandler
listChildChannels(User loggedInUser, Integer sid)
-
SystemHandler
applyErrata(User loggedInUser, Integer sid, List errataIds)
-
UserHandler
getLoggedInTime(User loggedInUser, String login)
-
SystemHandler
setChildChannels(User loggedInUser, Integer sid, List channelIdsOrLabels)
-
SystemHandler
setBaseChannel(User loggedInUser, Integer sid, Integer cid)
-
SystemHandler
setBaseChannel(User loggedInUser, Integer sid, String channelLabel)
Reactivation keys in bootstrap scripts
Bootstrap scripts can include an activation key to directly assign software channels, configuration channels, entitlements, etc to a system while registering.
Reactivation keys can be used to re-register a previously registered client and regain all Uyuni settings. For example, to move clients registered to the Uyuni Server to being registered through an Uyuni Proxy (or Retail Branch Server), when reinstalling, and in some other cases.
Uyuni now supports the combination of reactivation keys and bootstrap scripts. Specify a reactivation key in the bootstrap script to re-register systems. For example, if your Uyuni Server has too many clients directly attached and you want to bulk move them to a Uyuni Proxy (or Retail Branch Server).
Enable SAN SSL certificates
Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. This is commonly used to generate SSL certificates that protect multiple domains with a single certificate.
These kinds of certificate are becoming popular amongst users with their own Certificate Authority, so we have implemented support.
Universe Security, Multiverse, Restricted, and Backport channels for Ubuntu.
The Universe Security, Multiverse, Restricted, and Backport channels for Ubuntu 16.04, 18.04 and 20.04 are now part of spacewalk-common-channels
. They can now be added to Uyuni Server for synchronization, and can be added to Ubuntu clients.
Oracle Linux UEK channel
The Oracle Unbreakable Enterprise Kernel channels are now available at spacewalk-common-channels
for Oracle Linux 6, 7, and 8.
Performance improvements
The add packages to channel feature has been optimized, resulting in a faster experience in the WebUI when adding packages from another channel.
A number of database queries and error conditions have been optimized, particularly in pages related to software installation and patching. This has resulted in a faster experience in the WebUI.
Redfish power management
Redfish is a suite of specifications that deliver an industry standard protocol for the management of servers, storage, networking, and converged infrastructure.
Uyuni now supports power management using Redfish, in addition to the existing IPMI power management.
OpenSCAP from SSM
Mass-auditing Salt clients with OpenSCAP is now possible from the System Set Manager.
Virtual network creation UI
The virtual networks page allows creating libvirt virtual networks with most supported configuration values.
Logging
mgr-create-bootstrap-repo
will now log under /var/log/rhn/mgr-create-bootstrap-repo and will rotate the log files daily, keeping an history of 30 days. Clean up any leftover log file in /var/log/rhn/mgr-create-bootstrap-repo.* by archiving or deleting them.
Monitoring
Prometheus Exporter Exporter for Debian
The reverse proxy for exporters, which simplifies setting up security and networking policies, is now also available on Debian 9 and Debian 10.
With this addition, the Exporter Exporter is now available for almost all operating systems Uyuni supports.
Node Exporter Updated to 1.1.2
All the changes can be found in the package changelog, or at https://github.com/prometheus/node_exporter/releases
This update applies to SLE 12 and 15, openSUSE Leap 15, CentOS 7 and 8, RHEL 7 and 8, and Oracle 7 and 8.
Updates for Ubuntu and Debian will be part of future Uyuni versions.
Version 2021.02
Recent Salt CVEs remediation
This release includes the fixes for CVE-2020-28243, CVE-2020-28972, CVE-2021-3148, CVE-2021-25281, CVE-2021-25282, CVE-2021-25283, CVE-2021-3144, CVE-2021-25284, CVE-2021-3197 and CVE-2020-35662
The fixes affect your Uyuni Server, Proxy, Retail Branch Server and Salt minions, so we recommend appling the fixes as soon as possible.
Prometheus exporters' reverse proxy formula Ubuntu support
The formula for Prometheus exporter’s formula can now be used with Ubuntu clients.
Version 2021.01
Vendor change for some Java dependencies
Besides the regular update, you will need to execute the following command to change the vendor for some Java dependencies:
zypper install --allow-downgrade --allow-vendor-change -f apache-commons-cli-1.4-lp152.1.3.noarch apache-commons-jexl-2.1.1-lp152.1.1.noarch apache-commons-el-1.0-lp152.2.3.1.noarch
If you do not do this, the WebUI will not start and you will get an HTTP 404 error.
Fix version comparison algorithm for deb packages (Ubuntu)
In some rare cases, Uyuni suggested that users upgrade Ubuntu packages with an older version than the one currently installed (for example, suggesting installation of libtre5-0.8.0-3+deb7u1ubuntu1 instead of libtre5-0.8.0-3ubuntu1).
Starting with Uyuni 2021.02, the algorithm used for comparing package versions has been separated for RPM and deb packages. Having two algorithms for comparing packages means that deb packages in Ubuntu are now correctly ordered, and work as successfully as the RPM package algorithm. This means that the rare case explained above no longer occurs, and any proposed update is correct and should be performed.
This update also fixes problems syncing Ubuntu and Debian channels and repositories.
IMPORTANT: You need to plan this update. The database changes require updating the EVR information (epoch, version, release) for all packages. Depending on the specifications of your Uyuni installation, the number of channels, and onboarded instances, the services will take between 30 minutes and several hours while the schema is migrated.
New products enabled
-
SUSE Linux Enterprise 15 SP3 family (beta)
-
SLE 15 SP1 LTSS
-
SUSE Linux Enterprise HPC 15 SP2 LTSS
-
SUSE Container as a Service Platform 4.5 (x86_64 and aarch64)
SAP content
SUSE Linux Enterprise Server for SAP applications is the best operating system to run your SAP workloads.
Tthis release of Uyuni includes content which provides added value to SLES for SAP users:
-
Documentation: New
Quick Start: SAP
-
Formulas:
-
saphanabootstrap-formula
: SAP HANA deployment Salt formula. This formula can install SAP HANA nodes, enable system replication and configure SLE-HA cluster with the SAPHanaSR resource agent, using standalone Salt or via Uyuni formulas with forms. -
sapnwbootstrap-formula
: SAP Netweaver deployment Salt formula. This formula can install SAP Netweaver instances (ASCS, ERS, PAS, AAS) and perform some basic actions to optimize their usage. -
drbd-formula
: DRBD deployment Salt formula (requiresdrbd-utils
) -
habootstrap-formula
: HA cluster salt deployment formula. This formula can boostrap an HA cluster ((init, join, remove) using standalone Salt or via Uyuni formulas with forms.
-
-
Salt state modules:
-
salt-shaptools
: Salt modules and states for SAP Applications and SLE-HA components management
-
-
Grafana dashboards:
-
grafana-sap-hana-dashboards
: Grafana Dashboards displaying metrics about SAP HANA databases. -
grafana-sap-netweaver-dashboards
: Grafana Dashboards displaying metrics about a SAP NetWeaver landscape. -
grafana-ha-cluster-dashboards
: Grafana Dashboards displaying metrics about a Pacemaker/Corosync High Availability Cluster. -
grafana-sap-providers
: Automated configuration provisioners used by other packages to enable zero-config installation of Grafana dashboards.
-
The formulas and Salt state modules are included in the Uyuni Server channel. The Grafana dashboards are included in the Uyuni Client Tools for SLE 12 and SLE 15 channels.
CPU mitigations formula
Unsupported clients are now handled gracefully and mitigations have been added for the Xen hypervisor.
Vendor change on SP migration
Vendor change (changing the repository where a package comes from) can now optionally be enabled during service pack migration.
This feature is useful where the client system is using unofficial packages and you want to move back to official packages, or to switch from an official package to a third-party version of a package. Instead of performing the SP migration within the same vendor and then manually installing the package from the new vendor, you can now do everything in a single action.
This feature is available for SUSE Linux Enterprise 12 or newer, and can also be used to migrate from openSUSE Leap 15 to SUSE Linux Enterprise 15.
Autoinstallation of older operating systems
Autoinstallation provisioning is now compatible with GRUB and ELILO in addition to GRUB2 only, which is useful when provisioning SLES 11 SP4 and RHEL 6 (and clones) systems.
Oracle Linux ULN repositories
Oracle Unbreakable Linux Network repositories are now supported in Software > Manage > Repositories. Oracle Linux users with a subscription from Oracle can use this to manually add the repositories for KSplice and others.
CentOS 6 repositories
CentOS 6 reached end-of-life on November 30th, 2020, and the CentOS Project moved its repositories to the vault archive. URLs at spacewalk-common-channels
for new Uyuni Servers. For existing Uyuni servers the database migration will take care of updating the URLs at the database.
Other operating systems in the same class also reached end-of-life but require no change, since they will continue to work as-is: Oracle Linux 6 (URLs not changed) and Red Hat Enterprise Linux 6 (URLs are provided by users).
New countries and timezones
The countries and timezones list have been refreshed, adapting to the latest timezone and geopolitical changes.
Cluster management: upgrade plan
When upgrading a cluster, the upgrade plan is now shown in the WebUI. This makes it easier to verify that an upgrade will be conducted as expected.
Yomi refresh
The formulas that make autoinstallation of SLES and openSUSE systems simpler have been upgraded to the latest version provided by the Yomi project. The updated formulas are more intuitive, harder to misuse, and allow you to specify additional advanced options.
Uyuni Server connections are always and only secure
The WebUI and the CLI commands no longer provide an option to disable SSL. The option was in fact already obsolete and not working.
Monitoring updates
Grafana 7.3.1
Grafana has been updated from version 7.1.5 to version 7.3.1 which brings a number of bugfixes and improvements.
Notable improvements:
-
Add monitoring mixing for Grafana.
-
New Cloudwatch metrics
-
Elasticsearch: Support multiple pipeline aggregations for a query.
-
Support request cancellation properly for PostgreSQL, Loki and Prometheus
-
Postgres: Support Unix socket for host
-
Loki: Re-introduce running of instant queries
-
Prometheus: Support request cancellation properly. Add $__rate_interval variable
-
API improvements
-
Variables: enables cancel for slow query variables queries
-
Table: Adds column filtering
Breaking changes:
-
CloudWatch: The AWS CloudWatch data source’s authentication scheme has changed. See the upgrade notes for details and how this may affect you.
-
Units: The date time units
YYYY-MM-DD HH:mm:ss
andMM/DD/YYYY h:mm:ss a
have been renamed toDatetime ISO
andDatetime US
respectively.
A detailed changelog is available at upstream.
Prometheus 2.22.1
The core of our monitoring solution, Prometheus, has been updated from version 2.18.0 to version 2.22.1, which brings a number of bugfixes and improvement.
Notable improvements:
-
Web: Remove APIv2.
-
React UI: Implement missing TSDB head stats section.
-
UI: Add Collapse all button to targets page.
-
UI: Clarify alert state toggle via checkbox icon.
-
Gracefully handle unknown WAL record types.
-
Issue a warning for 64-bit systems running 32-bit binaries.
-
TSDB: Memory-map full chunks of Head (in-memory) block from disk. This reduces memory footprint and makes restarts faster.
-
TSDB: Reduced contention in isolation for high load.
-
Discovery: Added discovery support for Triton global zones.
-
Remote Read: Added
prometheus_remote_storage_remote_read_queries_total
counter to count the total number of remote read queries. -
Added time range parameters for label names and label values API.
Detail changelogs for each version between 2.18.0 and 2.22.1 can be found at: * https://github.com/prometheus/prometheus/releases/tag/v2.22.1 * https://github.com/prometheus/prometheus/releases/tag/v2.22.0 * https://github.com/prometheus/prometheus/releases/tag/v2.19.3 * https://github.com/prometheus/prometheus/releases/tag/v2.19.2 * https://github.com/prometheus/prometheus/releases/tag/v2.19.1 * https://github.com/prometheus/prometheus/releases/tag/v2.19.0 * https://github.com/prometheus/prometheus/releases/tag/v2.18.2 * https://github.com/prometheus/prometheus/releases/tag/v2.18.1
Prometheus Exporter Exporter for Ubuntu 18.04/20.04 and Debian 9/10
The Reverse-proxy Exporter Exporter, which allows you to expose a single port no matter how many exporters are running on the client, is now available for 18.04/20.04 and Debian 9/10.
Version 2020.11
Recent Salt CVEs remediation
This release includes the fixes for CVE-2020-16846, CVE-2020-17490 and CVE-2020-25592 that we already released on November 16th for Uyuni 2020.09.
If you did not apply the patch already, update your Uyuni Server, Proxy, Retail Branch Server and Salt minions as soon as possible.
CentOS 7/8 ppc64le support
Uyuni can now manage CentOS7 and CentOS8 ppc64le clients. Supported features are the same available for x86_64 clients.
Prometheus Exporter Exporter for CentOS, Oracle and RHEL 7 and 8
The reverse-proxy Exporter Exporter, which allows you to expose a single port no matter how many exporters are running on the client, is now available for CentOS, Oracle and RHEL 7 and 8 for both x86_64 and ppc64le.
Node Exporter updated to version 1.0.1 for most operating systems
The following operating systems will receive version 1.0.1:
-
openSUSE Leap 15.1 and 15.2
-
SLE12 (all service packs)
-
SLE15 (all service packs)
-
Ubuntu 20.04
-
CentOS/Oracle/RHEL 8
-
CentOS/Oracle/RHEL 7
All the changes can be found at the changelog for the package, or at https://github.com/prometheus/node_exporter/releases/tag/v1.0.0 and https://github.com/prometheus/node_exporter/releases/tag/v1.0.1
Keep in mind this new version includes some breaking changes:
-
The netdev collector CLI argument
--collector.netdev.ignored-devices
was renamed to--collector.netdev.device-blacklist
in order to conform with the systemd collector. -
The label named state on
node_systemd_service_restart_total
metrics was changed to name to better describe the metric. -
Refactoring of the mdadm collector changes several metrics:
-
node_md_disks_active
is removed -
node_md_disks
now has a state label for "fail", "spare", "active" disks. -
node_md_is_active
is replaced by node_md_state with a state set of "active", "inactive", "recovering", "resync". -
Additional label mountaddr added to NFS device metrics to distinguish mounts from the same URL, but different IP addresses.
-
Metrics
node_cpu_scaling_frequency_min_hrts
andnode_cpu_scaling_frequency_max_hrts
of the cpufreq collector were renamed tonode_cpu_scaling_frequency_min_hertz
andnode_cpu_scaling_frequency_max_hertz
. -
Collectors that are enabled, but are unable to find data to collect, now return
0
fornode_scrape_collector_success
.
Web UI themes
Uyuni now supports themes. Users can select what theme they want to use in the User Preferences page in the Web UI. Initially, we are providing three themes:
-
SUSE Manager light: default light, low-contrast theme
-
SUSE Manager dark: high-contrast theme based on the light theme
-
Uyuni: SUSE Manager 4.0 and Uyuni theme. Also high-contrast.
Administrators can globally disable themes in /etc/rhn/rhn.conf
by listing which themes they want to allow:
# susemanager-light,susemanager-dark,uyuni
web.themes = susemanager-light,susemanager-dark,uyuni
web.theme_default = susemanager-light
Prometheus Exporter Exporter
The reverse-proxy Exporter Exporter, which allows you to expose a single port no matter how many exporters are running on the client, is now available for Ubuntu 20.04 LTS.
XML-RPC power management API
New APIs have been added to do IPMI power management. Redfish power management will be included in a future maintenance update.
Third-party errata information on vendor channels
It is now possible to add third-party errata information to CentOS and Ubuntu 20.04 LTS channels without cloning them, as described at the CentOS Clients
section of the Client Configuration Guide
.
The known issue present in previous releases of Uyuni has been fixed.
Bootstrap repositories no longer flushed by default
In Uyuni 2020.03, we automated the generation of bootstrap repositories on channel sync. Bootstrap repositories were not only autogenerated but also autoflushed, which caused disappearing packages problems to some users (e. g., in the case of multi-architecture bootstrap repositories).
Starting with Uyuni 2020.11, bootstrap repositories are not flushed by default. If you want to save some disk space, you can manually flush them using mgr-create-bootstrap-repo --flush
.
DNSSEC enabled by default by bind update
With the update of ISC bind to version 9.16.6 on openSUSE Leap 15.1 and openSUSE Leap 15.2, DNSSEC is now enabled by default, which may cause DNS resolution to fail unless there are fallback DNS servers.
The Retail Branch Server formula has been modified to disable DNSSEC, and will be updated to support DNSSEC in a future release of Uyuni. For existing Retail Branch Servers, you can disable DNSSEC to retain the same behaviour ISC bind showed until version 9.11.2. To do that, edit /etc/bind
and set:
dnssec-enable no; dnssec-validation no;
Virtualization: Creation of virtual machines with Yomi, KickStart or AutoYaST profiles
Creating a virtual machine using the Web UI and the Salt virt states can now use a defined Autoinstallation profile, any defined cobbler profile like the Yomi one. The virtual machine can also be created using PXE or by adding a CDROM device with an attached ISO image.
Japanese translation
The Uyuni Web UI and command-line tools are now available in Japanese thanks to the upstream Uyuni Community.
Since this is a community translation, it is not enabled by default. In order to allow users to select Japanese in their User Preferences in the Web UI, add the following line to /etc/rhn/rhn.conf
:
java.supported_locales=en_US,ja
A restart of Tomcat is required.
Version 2020.09
Uyuni Hub XML-RPC API is now supported
Starting with Uyuni 2020.09, the Uyuni Hub XML-RPC API is no longer considered a tech preview, but a fully supported feature.
This means that multiple peripheral servers (other Uyuni Servers) can be managed from a single Hub node, as a supported feature.
Formula for peripheral server management (Technology Preview)
This version of Uyuni includes formulas that can be installed on a Hub node to manage the following on peripheral servers:
-
Organizations
-
System groups in organizations
-
Users in organizations
-
Access to system groups
-
Access to software channels
To use the formula, run zypper in uyuni-config-formula
on the Hub node, and then enable the formula for the peripheral servers, and use it to manage them.
This feature will be documented at the Large Deployments Guide
in a future Uyuni release.
Maintenance windows
The new maintenance windows feature allows you to schedule sensitive actions (like package installation or upgrade) to occur during a scheduled one-time or recurrent maintenance window period on selected systems. These actions are forbidden to be executed outside of the specified period.
Maintenance windows are defined using iCalendar data, which can be exported from your favorite calendaring tool (Microsoft Outlook, KDE Organizer, Google Calendar…).
For more information about Maintenance windows check the Administration Guide
Monitoring reverse proxies
Prometheus fetches metrics using a pull mechanism, so the server must be able to establish TCP connections to each exporter on the monitored clients.
The new monitoring reverse proxies feature allows you to simplify your firewall configuration. By installing the reverse proxy on the clients you can get all the metrics for all the exporters on a single TCP port.
Check the Monitoring
section of the Administration Guide
for information about how to set up.
Monitoring reverse proxies are only available for SLE12, SLE15, and openSUSE Leap 15 families of products, and not yet available for other operating system platforms, including Red Hat Enterprise Linux and Ubuntu. Support for other operating system platforms will come in future releases of Uyuni
Added new type of "Virtual Host Manager": Nutanix AHV
In Uyuni 2020.09, we have added a new type of Virtual Host Manager in order to gather virtual machines from Nutanix AHV infrastructure.
Creating a VHM to gather virtual instances from the Nutanix AHV enables the subscription matcher to match 1-2 virtual machines
subscriptions for those instances that are running on the same virtualization host.
For more information about how to setup this new type, see the Client Configuration Guide
Note that this feature requires the virtual-host-gatherer-Nutanix
package.
Grafana 7.1.5
Grafana has been updated from version 7.0.3 to 7.1.5 which brings a number of bugfixes and improvements.
Notable improvements:
-
Stats: Stop counting the same user multiple times.
-
Field overrides: Filter by field name using regex.
-
AzureMonitor: map more units.
-
Explore: Don’t run queries on datasource change.
-
Graph: Support setting field unit & override data source (automatic) unit.
-
Explore: Unification of logs/metrics/traces user interface
-
Table: JSON Cell should try to convert strings to JSON
-
Variables: enables cancel for slow query variables queries.
-
TimeZone: unify the time zone pickers to one that can rule them all.
-
Search: support URL query params.
-
Grafana-UI: Add FileUpload.
-
TablePanel: Sort numbers correctly.
A detailed changelog is available upstream.
New products enabled
-
SUSE Linux Enterprise Real Time 15 SP2
Version 2020.07
Upgrade notes
WARNING: Check "Update from previous versions of Uyuni Server" section below for details, as this release updates the base OS from openSUSE Leap 15.1 to openSUSE Leap 15.2, and there are special steps required.
The migration will be performed allowing vendor changes, so this upgrade will fix the issues with python3-psycopg2 mentioned at Uyuni Server 2020.05 release notes. Therefore you will not need to perform the manual steps mentioned there.
Salt 3000.0
Salt has been upgraded to upstream version 3000, plus a number of patches, backports and enhancements by SUSE, for the Uyuni Server, Proxy and Client Tools. In particular, CVE-2020-11651 and CVE-2020-11652 fixes are included in our release.
As part of this upgrade, cryptography is now managed by the Python-M2Crypto library (which is itself based on the well-known OpenSSL library).
We intend to regularly upgrade Salt to more recent versions.
For more details about changes in your manually-created Salt states, see the Salt 3000 upstream release notes.
Please note Salt 3000 is the last version of Salt which will support the old syntax of the module.run
module.
New "mgrcompat.module_run" custom compatibility state for Salt is available for registered systems.
WARNING - POSSIBLE ACTION REQUIRED: The syntax for Salt module.run
state has changed starting in next Salt 3001 (Sodium) release. This means, any custom SLS file or "Configuration State Channel" that is using module.run
state needs to be adapted to fit into the new syntax. This turns even more problematic when you have minions with different Salt versions, because some minions would accept the new syntax but others would fail with it, so the SLS files would require extra logic to handle the different Salt versions & configurations.
To make this process much easier, we have introduced this new mgrcompat.module_run
compatibility state, which is essentially a wrapper of module.run
which accept the deprecated syntax and takes care of tailoring the parameters for the actual module.run
if necesasary according to the particular minion version and configuration. The only thing to do would be to change module.run to `mgrcompat.module_run
in your SLS files and "Configuration State Channels".
As an example of this, a non-migrated state like this:
my_module_run_state:
module.run:
- name: mymodule.func
- m_name: foobar
- other: 1234
would be adapted to:
my_module_run_state:
mgrcompat.module_run:
- name: mymodule.func
- m_name: foobar
- other: 1234
We really encourage users and customer to start migrating their Salt States to use mgrcompat.module_run
now before Salt 3001 (Sodium) release. Once Salt 3001 comes, those states will simply fail.
PostgreSQL 12
The database engine has been updated from PostgreSQL 10 to PostgreSQL 12, which brings a number of performance and reliability improvements. A detailed changelog is available upstream.
To prevent inconsistent configurations and data on upgrade or update, Uyuni 2020.06 will refuse to start until the database migration from PostgreSQL 10 to PostgreSQL 12 has completed successfully.
Base System Upgrade
The base system was upgraded to openSUSE Leap 15.2.
New products enabled
-
Ubuntu 20.04 LTS
Ubuntu 20.04 LTS
Starting with Uyuni 2020.07, Ubuntu 2020.04 LTS is supported as a client.
hwdata vendor change for openSUSE Leap 15.1 clients
package hwdata
now comes from from openSUSE Leap 15.1 and not from the client tools.
In oder to get updated versions, the following command must be executed on the clients:
zypper in --allow-vendor-change hwdata
It is recommended to execute this as a remote command.
This change is mandatory if you intend to use the openSUSE Leap 15.1 as a KVM virtualization host.
This does not affect openSUSE Leap 15.2 as it will always have hwdata
from the distribution.
Version 2020.06
Oracle Linux
Oracle Linux 6, 7 and 8 can now be managed with salt and it will support the same features CentOS 6, 7 and 8 support.
The channels can be managed using spacewalk-common-channels
.
Third-party GPG keys now included
Enabling verification of non-SUSE product metadata used to require manual acceptance, and sometimes even manual installation, of the third-party keys for products available from the product tree. Alternatively, an option to not verify the GPG key signature was there.
Uyuni 2020.06 now includes the GPG keys used to sign packages and/or metadata by other the following vendors:
-
CentOS
-
Oracle Linux
-
Ubuntu
-
MicroFocus Open Enterprise Server
Manual acceptance of those keys is no longer required for GPG signature verification for those products to work.
Manual acceptance of GPG keys for any other product or repository is still required for security reasons.
Cluster Management
As you modernize your IT landscape and make use of Software Defined Infrastructure stacks based on technologies like Kubernetes and Ceph, your focus of managing the IT infrastructure has to move from managing individual Linux servers and VMs to managing infrastructure clusters. Multiple cluster types will be supported in coming releases, with Uyuni 2020.06 initially providing support for SUSE CaaSP.
Computing is increasingly being a more complex architecure: redundant servers, scale out, high-availability, etc where you deploy different kinds of clusters, such as SUSE CaaS Platform, SUSE Enterprise Storage or SAP. Managing those as a whole piece of infrastructure instead of as discrete nodes puts you in charge.
Uyuni 2020.06 implements cluster management of SUSE CaaS Platform clusters. Uyuni works hand-in-hand with CaaS Platform to make sure that all cluster operations are issued properly.
The following actions are currently supported:
-
Register an existing cluster to Uyuni
-
Add or remove nodes to the cluster
-
Promote SLES system to managing node
-
Upgrade the cluster
Deployment of CaaS Platform clusters from scratch will be supported in an upcoming version of Uyuni.
Dropped feature: Unpublished patches
The Unpublished Patches feature has been dropped in Uyuni 2020.05.
This was a very old feature which originated more than 15 years ago when Spacewalk was used internally by vendors to manage patches before making them available to their customers. This functionality has been superseded a long (more than 10 years) time ago by other features in Uyuni for sysadmins, and by tools such as the Open Build Service for operating system vendors.
After a consultation period with users both in the upstream Uyuni community and the SUSE Manager community, we received no feedback against the removal and executed on it.
This will help us realize even further performance improvements in several areas, including the commonly-used Content Lifecycle Management build and promotion operations.
If you still have any unpublished patches, make sure you publish them with Uyuni 2020.05 before migrating to Uyuni 2020.06.
API breakage
With the removal of the unpublished patches feature, the API specification changed as follows:
-
Method
errata.listUnpublishedErrata
was removed -
Method
errata.create
has one less parameter (thepublish
boolean, now alwaystrue
) and it is now mandatory to specify at least one channel label in the last parameter (channelLabels
). Previously specifying at least one channel label was mandatory only ifpublish
was set to true.
Therefore some API calls that worked in Uyuni 2020.05 and earlier may need changes for Uyuni 2020.06 and later.
Version 2020.05
Repository syncing performance improvements
Repository synchronization has been optimized to perform faster than in previous versions. This applies to if the synchronization is triggered in the WebUI, or from the command prompt using the spacewalk-repo-sync command
.
It also applies whether the synchronization is invoked manually, or automatically as part of product or custom channel synchronizations. The performance improvement is up six times faster than previous versions, but the improvement depends mostly on your hardware setup, especially the number of CPUs, and how many packages are being synchronized.
IMPORTANT: This requires a vendor change for the package python3-psycopg2-2.8.4-2.1.uyuni.x86_64
.
After running zypper update
you will need force the vendor change with
zypper in python3-psycopg2-2.8.4-2.1.uyuni.x86_64
Then update again again, so the spacewalk-backend
subpackages are updated:
zypper update
As soon as python3-psycopg2-2.8.4
is part of openSUSE Leap 15.1 we will provide instructions use the openSUSE version again.
Image profiles key-value pairs supported as arguments for Docker build
Custom info key-value pairs defined in image profiles are now passed to the Docker build command as build arguments. They can be accessed in Dockerfiles using the ARG command.
Service pack migrations: run a real migration after a successful dry-run
After a Service Pack migration dry-run, if the result is a success you will get a "Run migration" button in the event history to retrieve the "dry-run" settings and confirm the migration with these settings.
Version 2020.04
Recurring actions
Scheduling recurring actions allows you to manage schedules for automated recurring highstate execution on client, group, and organization level depending on the frequency you choose.
This is useful, for example, to apply highstates on a regular schedule and ensure configurations are enforced.
For more information, see the Administration Guide
.
Bootstrapping Salt Clients with a Private SSH key (from API)
Before this release, only password authentication was available for bootstrapping Salt clients from the Server.
Now SSH private key authentication is available, including use of a passphrase on the private key. For Uyuni 2020.04 this is only available from the API. It will be made available from the WebUI in a future release.
For security reasons, the private key is stored at the Uyuni Server only for the bootstrap procedure, and removed after bootstrapping is complete. The private key must be provided for each bootstrap.
The new method bootstrapWithPrivateSshKey
in the namespace system
is documented in the API Documentation
.
You can use this example by adjusting the client
, keyfile
, passphrase
, MANAGER_URL
, MANAGER_LOGIN
and MANAGER_PASSWORD
according to your environment:
#!/usr/bin/python
import xmlrpclib
client = '192.168.1.2'
keyfile = '/path/to/priv/key'
passphrase = '' # empty string = no passphrase
conn = xmlrpclib.Server(MANAGER_URL, verbose=0)
key = conn.auth.login(MANAGER_LOGIN, MANAGER_PASSWORD)
with open(keyfile, 'r') as file:
data = file.read()
conn.system.bootstrapWithPrivateSshKey(key, server, 22, 'root', data, passphrase, '', False);
conn.auth.logout(key)
CentOS8 Content Lifecycle Management: Better Feedback with Appstreams
The content lifecycle project page in the WebUI now has improved feedback messages about module filters, including missing or conflicting modules, and dependency resolution problems. The messages are in the form of errors that require the user to fix configurations, or warnings about potential problems.
Automated Schema Database Upgrades and Failure Security Mechanism
Database schema upgrades are now applied automatically during services startup, so there is no need to call spacewalk-schema-upgrade
manually. A security mechanism has been implemented that prevents Uyuni Services from starting if the schema upgrade has failed.
When this occurs:
-
When you run
spacewalk-service start
, it will fail and show an output with information about the error. -
All services, including the Apache service, will not start. This will also cause the WebUI to be unavailable.
Large Deployments Guide (draft)
Uyuni is designed by default to work on small and medium scale installations.
For installations with more than 1000 clients per Uyuni Server, adequate hardware sizing and parameter tuning must be performed, and the new guide provides information about how to do it.
Keep in mind there is no hard maximum number of supported systems. Many factors can affect how many clients can reliably be used in a particular installation. Factors can include which features are used, and how the hardware and systems are configured.
Uyuni Hub documentation
The Uyuni Hub announced for 2020.03 has now documentation available as part of the Large Deployments Guide
(section Multiple Servers with Hub
).
This is a draft release, so please provide feedback using the Resources menu in the online documentation
Public Cloud QuickStart Guide (draft)
This new draft guide shows you the fastest way to get Uyuni up and running in a public cloud. It includes instructions for Amazon Web Services, Microsoft Azure, and Google Cloud Engine.
This is a draft release, so please provide feedback using the Resources
menu in the online documentation
CaaSP Grafana Dashboads
CaaSP specific Grafana dashboards have been integrated and can be deployed via the UI.
Prometheus Federation Support in Formulas with Forms
The new version of the Prometheus formula allows configuring federation and pulling relevant metrics from Prometheus instances to provide a global monitoring view.
Note that suitable recording rules have to be configured on the Prometheus instances (for example at CaaSP Prometheus instances).
For more information about Prometheus federation, check the official documentation.
Pre-configured default alerting rules
A default set of alerting rules have been added to monitor the Prometheus instances themselves (meta-monitoring) and the availability of configured targets. The rules can be disabled in the WebUI.
Prometheus Exporters for CentOS8 x86_64
We now provide these Prometheus exporters as packages for CentOS8 x86_64 (compatible also with similar systems such as RHEL8):
-
Node exporter - Hardware and operating system metrics
-
PostgreSQL exporter - PostgreSQL database metrics
-
Apache exporter - Apache HTTP server metrics
Node Exporter Updated to 0.18.1
All the changes can be found at the changelog for the package, or at https://github.com/prometheus/node_exporter/releases/tag/v0.18.0 and https://github.com/prometheus/node_exporter/releases/tag/v0.18.1
Keep in mind this new version includes some breaking changes:
-
Renamed interface label to device in netclass collector for consistency with other network metrics
-
The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides
-
The labels for the
network_up
metric have changed -
Bonding collector now uses
mii_status
instead ofoperstatus
-
Several systemd metrics have been turned off by default to improve performance. These include
unit_tasks_current
,unit_tasks_max
,service_restart_total
, andunit_start_time_seconds
-
The systemd collector blacklist now includes automount, device, mount, and slice units by default
Virtualization: Management of storage pools
Until now users could list the storage pools, which is where the virtual machines disks are stored. Storage pools are where virtual machine disks are stored. In previous versions, you could only list the pools. With this update, you can create, edit, start, stop, refresh, and delete storage pools. This is available from the WebUI, or through Salt states.
Version 2020.03
Debian client tools
We now offer Debian client tools that allow for easy onboarding of Debian as salt minions, as well as running spacecmd from them.
Check the Client Configuration Guide
for information about how to configure Uyuni Server to work with Debian clients.
For now the following architectures are supported: x86_64, aarch64, armv7l, i586
We plan to continue improving Debian support in the future, including support for ppc64le and s390x Debian 10 clients.
SUSE Container as a Service Platform v4 nodes: action filtering
Nodes in a SUSE Container as a Service Platforms should be patched, rebooted, etc following CaaSP recommendations to avoid breaking cluster availability and software compability.
In Uyuni 2020.03, we have introduced node locking and action filtering to prevent uninteded operations.
-
When CaaSP nodes are added to Uyuni, the registered systems will be locked automatically:
-
When a system is locked, the web UI shows a warning and you can schedule actions using the web UI or the API, but the action will fail.
You can enable or disable the system lock using the System Lock formula. When the system lock is disabled, all operations are permitted.
Subscription matching in public cloud: BYOS vs PAYG
In Uyuni 4.0.1, we introduced virtual host gatherers for Amazon Web Services, Microsoft Azure and Google Cloud Engine. With these gatherers, our subscription matcher gained the ability to also include virtual machines running on the cloud in its calculations.
We have now enhanced the subscription matcher to exclude pay-as-you-go (PAYG) instances. Those do not require a subscription, as the agreement between the Cloud Service Provider and the Customer covers them.
Automatic generation of bootstrap repositories
A bootstrap repository contains packages for installing Salt on clients, as well as the required packages for registering Salt or traditional clients during bootstrapping.
In Uyuni 2020.01 and earlier, bootstrap repository creation was a manual step, by using the mgr-create-bootstrap-repo tool
.
In Uyuni 2020.03, bootstrap repositories are automatically created and regenerated on the Uyuni Server after a product is synchronized (i. e. all mandatory channels are fully mirrored).
More details, including how to revert to manual invokation, are available from the Client Configuration Guide
.
Salt clients: provisioning API
Enable provisioning API with Salt and bootstrap entitled systems. Previously, this only worked for traditional clients.
Recurring highstate scheduling
You can schedule automated recurring highstate actions for Salt clients.
Recurring highstate actions apply the highstate to clients on a specified schedule. You can apply recurring action to individual clients, to all clients in a system group, or to an entire organization. The Recurring Actions section in the Administration Guide contains all the details for this feature.
More improvements in regards to automation will be coming in subsequent releases of Uyuni: maintenance windows and patch automation.
Content Lifecycle Filters for AppStreams
RHEL, SLES ES, CentOS and Oracle Linux 8 appstreams can now be mixed and converted to flat repositories using a new type of CLM filter.
New products enabled
-
SUSE Linux Enterprise Real Time 12 SP5
-
SUSE Linux Enterprise 15 SP2 family
-
MicroFocus Open Enterprise Server 2018 SP2 (product GA in Q2 2020)
-
Oracle Linux 8 (using
spacewalk-common-channels
)
Ubuntu enhancements
Each Uyuni release and maintenance update brings better Ubuntu support. In Uyuni 2020.03, we have include two small but valuable improvements:
-
Support package pre-downloading, to ensure all content (.deb packages) is downloaded before patching. This should be very useful for large Ubuntu deployments managed by Uyuni.
-
Display additional information in the UI for .deb packages (dependencies and more headers)
Yomi (Technology Preview)
Yomi (yet one more installer) is a Salt-based installer for SUSE and openSUSE operating systems.
In Uyuni, Yomi can be used as part of provisioning new clients, as an alternative to AutoYaST. Yomi consists of two components:
-
The Yomi formula, which contains the Salt states and modules required to perform the installation.
-
The operating system image, which includes the pre-configured salt-minion service.
Detailed information on how to use Yomi is available from the Salt Guide.
Yomi is work in progress and more operating systems and features will be added in coming releases.
Uyuni Hub XML-RPC API (Technology Preview)
The Uyuni Hub is a new multi-server architecture we are introducing as a technology preview in Uyuni 2020.03.
Multiple Uyuni Servers can be managed from a single Hub node. The Hub is a Salt master itself and the managed Uyuni Server servers are both a minion (to the hub) and a master (to their own minions).
The Hub covers a number of use cases, such as:
-
Scalability: when a single Uyuni Server will no longer be enough
-
Intermittently connected and bandwidth-limited sites, which can now be managed with their own schedule thanks to the Hub
-
Multi-tenancy with individual Uyuni Servers. While Uyuni is multi-organization itself, in some scenarios, an even stronger separation is required. The Hub provides a way to manage and aggregate back information for all those Uyuni Server servers.
The Hub comprises a number of components that we will be releasing and enhancing in the future. The first component of the Hub we are now introducing as a Technology Preview is the Hub XML-RPC API, which provides an extended version of the Uyuni Server XML-RPC API, targeted for the multi-server case.
Installation and usage
Install Uyuni Server and then install the hub-xmlrpc-api
package. That Uyuni Server is now the Hub Server.
Configuration of hub-xmlrpc-api
is specified in a JSON file like the following:
{
"type": "json",
"hub": {
"manager_api_url": "http://localhost/rpc/api"
},
"connect_timeout": 10,
"read_write_timeout": 10,
}
Set the HUB_CONFIG_FILE
environment variable to point to the configuration file. hub-xmlrpc-api
is a daemon, currently to be launched from the command line.
Once running, you can connect to the hub-xmlrpc-api
at port 8888 via any XMLRPC compliant client libraries (see examples below).
API endpoints, namespaces and examples
Details about usage with Python script examples are available at the Uyuni project site: https://github.com/uyuni-project/hub-xmlrpc-api
spacewalk-utils
In Uyuni 2020.01 and earlier, the spacewalk-utils
package contained a mix tested and untested tools.
In Uyuni 2020.03, we have split spacewalk-utils
in two packages:
-
spacewalk-utils
contains only fully-tested tools:-
spacewalk-common-channels
-
spacewalk-hostname-rename
-
spacewalk-clone-by-date
-
spacewalk-sync-setup
-
spacewalk-manage-channel-lifecycle
-
-
spacewalk-utils-extras
contains the tools that untested or not completely tested:-
apply_errata
-
delete-old-systems-interactive
-
migrate-system-profile
-
spacewalk-api
-
spacewalk-export
-
spacewalk-export-channels
-
spacewalk-final-archive
-
spacewalk-manage-snapshots
-
sw-ldap-user-sync
-
sw-system-snapshot
-
taskotop
-
spacewalk-manage-channel-lifecycle
-
Tools in spacewalk-utils-extras
are valuable but they are so specific, or require additional customization for each user, that it is not possible for us to test for every use case. If you were using these scripts in spacewalk-utils
in Uyuni 2020.01 or earlier, you will need to install spacewalk-utils-extras
in Uyuni 2020.03.
EFI HTTP booting
The dhcp formula, branch network formula and pxe formula have been updated to support booting EFI terminals (systems) via HTTP in addition to TFTP.
Subscription matching enhancements
On public cloud providers, the subscription matcher will identify pay-as-you-go instances, whose subscription is provided by the Cloud Service Provider, and will not ask for additional subscriptions.
Also, stackable subscriptions with the same parameters will be aggregated.
Single Sign-On (SSO) is now stable
Uyuni supports Single Sign-On authentication by implementing the Security Assertion Markup Language (SAML) 2 protocol. This feature, introduced in 4.0.2 as a Technology Preview, is now declared stable
Uyuni must be reconfigured to use the IdP as the source of authentication and post-login mapped users must be already created before enabling SSO.
For more on configuring SSO, see the Authentication Methods chapter in the Administration guide
.
Single Page Application UI (SPA) is now stable
In an effort to provide our web UI users with a smoother navigation, we have implemented large parts of the user interface as a single page application.
This enhancement was started in Uyuni 2020.01 as an opt-in feature and now becomes the default in Uyuni 2020.03
Red Hat Enterprise Linux 8 onboarding simplified
It is no longer necessary to have Python 3 on RHEL8 systems for the onboarding to work. With this enhancement, even plain-text RHEL machines can be onboarded directly.
Version 2020.01
Version format change
Uyuni is now changing from X.Y version format to YYYY.MM format, and the URLs for the repositories remove the X.Y part.
This will allow easier releases, no need to change URLs at all in the future, and less confussion regarding the relationship between Uyuni and SUSE Manager (Uyuni is always ahead).
Adjust your repository at the Server system
Because of the version format change, you need to adapt your zypper repository at the server before updating.
If you followed the instructions for installation, this command will do it for you:
sed -i -e 's/Uyuni-Server-4.0-POOL-x86_64-Media1/Uyuni-Server-POOL-x86_64-Media1/' /etc/zypp/repos.d/uyuni-server-stable.repo
Otherwise, find the Uyuni Server Stable repository and replace:
baseurl=https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/images/repo/Uyuni-Server-4.0-POOL-x86_64-Media1/
with:
baseurl=https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/images/repo/Uyuni-Server-POOL-x86_64-Media1/
Remove current Uyuni Proxy 4.0 channel and repository from the Server and add the new ones
If you are currently syncing Uyuni Proxy 4.0 (usually because you have proxies), you need to:
-
Add the new channel with
spacewalk-common-channel uyuni-proxy-stable-leap-151
-
Sync the new channel (and configure autosync if required)
-
See what instances are using the channel
Uyuni Proxy 4.0 for openSUSE Leap 15.1
-
Adjust the channels assigned instances from previous step (tip: You can use "System Set Manager") to remove the old one and add the new one.
-
See what activations key are using the channel
Uyuni Proxy 4.0 for openSUSE Leap 15.1
-
Adjust the activation keys from previous set to remove the old channel and add the new one.
-
Remove the channel
Uyuni Proxy 4.0 for openSUSE Leap 15.1
-
Remove the repository
External - Uyuni Proxy 4.0 for openSUSE Leap 15.1 (x86_64)
Remove current Uyuni Server 4.0 channel and repository from the Server and add the new ones
Most users will not require this unless, but if you have the Uyuni Server 4.0 channel at your server:
-
Add the new channel with
spacewalk-common-channel uyuni-server-stable-leap-151
-
Sync the new channel (and configure autosync if required)
-
See what instances are using the channel
Uyuni Server 4.0 for openSUSE Leap 15.1
-
Adjust the channels assigned instances from previous step (tip: You can use "System Set Manager" at the WebUI) to remove the old one and add the new one.
-
See what activations key are using the channel
Uyuni Server 4.0 for openSUSE Leap 15.1
-
Adjust the activation keys from previous set to remove the old channel and add the new one.
-
Remove the channel
Uyuni Server 4.0 for openSUSE Leap 15.1
-
Remove the repository
External - Uyuni Server 4.0 for openSUSE Leap 15.1 (x86_64)
CentOS8, RHEL 8 and SLES ES 8 support
CentOS 8, Red Hat Enterprise Linux 8 and SUSE Linux Enterprise Server Expanded Support 8 are now supported clients as Salt minions. The traditional stack will not be supported on these operating systems.
With the new application streams concept introduced in these operating systems, you will need to import both the BaseOS and the AppStream directories from the ISO image for the bootstrap repository to be created correctly. If the AppStream directory is not imported, you will receive an error about missing Python 3 packages.
AppStream awareness in the UI and Content Lifecycle Management will be available in an upcoming version of Uyuni.
Monitoring
This version of Uyuni includes formulas to install Prometheus and Grafana, and makes the Apache exporter available for Ubuntu 18.04, CentOS6, CentOS7 and Proxy.
Additionally, self-monitoring capabilities have been implemented in the Admin Monitoring UI.
Package Hub
SUSE Package Hub is now supported on the Server, since the problems with the search that were caused by PackageHub-provided packages have been solved.
If you were using Package Hub as a source of packages for you clients, it is recommended that you re-generate all package metadata. The reason for this is in the Package Hub repositories there may exist multiple packages with the same NEVRA but different checksums. This might result in checksum errors when repositories are used on the clients as Uyuni randomly selected any of those packages. After this update, Uyuni will generate the checksum into the package path to ensure the right package is used. If you use also Uyuni Proxy please update all of them before you re-generate the metadata.
Formulas
The Formulas with Forms screen has an enhanced layout that folds vertically instead of nesting deep inside, making if cleaner. Besides this, validators are now possible in formulas using the JEXL expression language.
The cpu-mitigations-formula is now installed by default.
The Retail branch network formula now works all SUSE and openSUSE based distros, using SuSEfirewall or firewalld as appropriate.
New Content Lifecycle Management filters
In Uyuni 4.0.2 we introduced Content Lifecycle Management with a filter to exclude packages and patches based on their name. Feedback for this feature was very positive and many proposals for enhancement were received.
In this release, we are introducing a lot of new possibilities for Content Lifecycle Management:
-
New filters: by date, by keyword (e. g. "reboot needed" or "package manager restart required"), by type (security, recommended or optional), by synopsis and "patch contains package".
-
New ALLOW mode, which in addition to the existing DENY mode, makes possible to filter out packages, and then include them again into the resulting set.
-
New matchers: in addition to the existing greater than, lesser than, equals, etc, we have now added a regular expression matcher for package names, patch names, patch synopsis and package names in patches.
-
Better visualization of the filters attached to a CLM project, with ALLOW and DENY now shown on each side of the screen.
We have documented two typical use cases: a monthly patch cycle and live patching.
More enhancements to Content Lifecycle Management will come in future releases of Uyuni.
Enhanced support for Debian and Ubuntu
With each release of Uyuni, we continue to enhance our Debian and Ubuntu support.
Uyuni 2020.01 greatly improves our compatibility thanks to:
-
Support for all of the headers in .deb packages, including custom ones, when syncing Debian/Ubuntu repositories. You can use the new script
mgr-update-pkg-extra-tags
to update extra fields in DB without recreating all Debian/Ubuntu channels. -
Support for .deb packages with hyphens in the package name or version. There remain a very small percentage (<0.1%) of packages for which our version comparison algorithm fails; we will fix this known issue in a coming release.
New Prometheus exporters and formulas
A new set of client tool packages now includes Prometheus exporters for more clients: CentOS 6, CentOS 7, RHEL 6, RHEL 7, SLES ES 6, SLES ES 7 and Ubuntu 18.04. Both the Prometheus node exporter and the PostgreSQL exporter are provided for those operating systems. The prometheus-exporters-formula formula makes easy to deploy them.
Subscription matching in Public Cloud
We’ve added new types of Virtual Host Managers in order to gather virtual instances from Public Cloud providers. Azure, AWS and Google Cloud are now supported, in addition to the existing VMware and generic (file-based, manually-maintained, useful for any cloud provider) gatherer modules.
Creating VHM to gather virtual instances from the Public Cloud will enable the subscription matcher to match "1-2 virtual machines" subscriptions for those instances that are running on the same Public Cloud zone.
Please take into account the following considerations in this version. They will be addressed in upcoming versions of Uyuni:
-
This functionality will only work with Salt clients.
-
Manual installation of the
virtual-host-gatherer-libcloud
package is required. -
The public cloud gatherers will report and try to match all instances, no matter if they are BYOS or PAYG, leading to an incorrect calculation of the required subscriptions if you combine BYOS and PAYG.
Preventive shutdown of Server when running out of disk space
Some users have hit in the past a database corruption problem when PostgreSQL ran out of space.
In order to prevent that from happening in the future, we have added a diskchecker to Uyuni Server. This feature will send a warning mail when the most common and important Uyuni directories are below 10% of free disk space, and will shut down the Uyuni Server when those directories are below 5% of free disk space.
This new feature is only enabled by defult in new installations. For existing installations, the administrator can enable the tool manually after updating to the latest maintenance update by running:
systemctl --quiet enable spacewalk-diskcheck.timer
systemctl start spacewalk-diskcheck.timer
Full details on the parameterization of this new feature are available in the Managing disk space documentation page.
Single Page Application UI
In an effort to provide our web UI users with a smoother navigation, we have implemented large parts of the user interface as a single page application.
This feature is optional for this release and is disabled by default. To enable it, users can now add web.spa.enable = true
to /etc/rhn/rhn.conf
, and then restart Tomcat.
Grafana
Grafana is a tool for data visualization, monitoring, and analysis. It is used to create dashboards with panels representing specific metrics over a set period of time. Grafana is commonly used together with Prometheus, but also supports other data sources such as ElasticSearch, MySQL, PostgreSQL, and Influx DB.
This version of Uyuni includes Grafana in the client tools repositories. An Uyuni Grafana dashboard is provided as an example.
Monitoring section of the Administration Guide contains full detail on how to configure Grafana together with Uyuni.
Prometheus service autodiscovery
Prometheus is a monitoring tool used to record real-time metrics in a time-series database. Metrics are collected using HTTP pulls, allowing for higher performance and scalability.
We have updated the Prometheus package with a new version that include a built-in service discovery mechanism that will allow users to more easily configure monitoring on their Uyuni systems.
Previously, after configuring the exporters on managed clients, users had to manually configure their Prometheus servers to start scrapping metrics from those systems. With this update, it will be possible to use a "service discovery" mechanism that will automate this part of the configuration. The configuration options are simple: it is only required to provide a Uyuni Server URL and valid API credentials.
Under the hood, what this mechanism does is letting Prometheus poll the Uyuni API, asking for a list of systems that have monitoring enabled, and automatically configuring Prometheus to collect metrics from those systems.
In this version, the autodiscovery functionality is provided as a Technology Preview.
More information about configuring Prometheus can be found in the Monitoring section of the Administration Guide.
CPU mitigation formula
CPU mitigations have been introduced to improve security on CPUs affected by vulnerabilities such as Meltdown and Spectre. The mitigations are available in SUSE Linux Enterprise 12 SP3 and later in the cpu-mitigations-formula package, which is not installed by default.
The new CPU Mitigation formula allows you to control which mitigations are enabled.
Updated documentation
The Uyuni documentation has received improvements in all of the books, with small clarifications and enhancements all around: content lifecycle management filters, public cloud, JeOS, formulas, etc
Of particular interest for users with large installations will be the new Large Scale Deployment and Salt Tuning sections in the Salt Guide. Given that modifying advanced parameters can cause catastrophic failure, we recommend making a backup and being conservative doing changes.
Additionally, the search functionality in the documentation now works offline.
Enhanced support for Ubuntu and Debian clients
The Multi-Arch and Pre-depends headers are now supported for .deb repositories, hence avoiding installation problems that could arise in some cases when deploying packages from the UI.
Also, Ubuntu and Debian channels now come preconfigured in spacewalk-common-channels. The Debian CDN is used to provide the best mirror at each moment. For Ubuntu, you may want to replace the default mirror with a closer geo-mirror.
Keep in mind SUSE does not provide support for the spacewalk-common-channels tool form the spacewalk-utils package.
New products enabled (from SCC)
-
SLES12 SP3 LTSS
-
SUSE Linux Enterprise Real Time 12 SP4
-
SLES12 SP5
-
RHEL 8 and SLES ES 8
-
CaaSP 4
-
openSUSE Leap 15.1
SUSE Container as a Service Platform v4 support
The Virtual Host Manager functionality has been extended to support SUSE Container as a Service Platform v4.
You can register each CaaSP node to Uyuni using the same method as you would a Salt client. After doing this, you will be able to see the patch level status of each node, perform configuration management on the nodes and assign channels o clusters.
We strongly recommend to check the documentation on the scope and extent of the CaaSPv4 integration in Uyuni: https://www.uyuni-project.org/uyuni-docs/en/uyuni/client-configuration/vhm-caasp.html
Upcoming versions of Uyuni will enhance CaaSP integration.
Other changes
-
Since this version, as part of a bugfix, it is no longer allowed to delete a channel when there are cloned channels based on it.
-
Taskomatic now takes a maximum of 4 GB of RAM (it used to be 2 GB), which better matches the current average use case.
-
Salt clients can now be re-provisioned from Uyuni. This allows major version OS updates for SLES and Uyuni Proxy.
-
Normalize date formats for actions, notifications and CLM
Version 4.0.2
Migrating the Server from 4.0.1 to 4.0.2
If you are using DHCP addresses and you do not use DHCP reservations, migrating from openSUSE Leap 42.3 to Leap 15.0 can change the IP address of your NICs. If using DHCP, make sure your instances have reserved IP addresses. |
Before starting, make sure you have a backup of your server, as it will be hard to recover from failures during the migration. |
4.0.2 is now based on openSUSE Leap 15.1, so a base OS system is required.
To help administrators with the migration, a new script is provided by the susemanager
package at /usr/lib/susemanager/bin/server-migrator.sh
Then, update susemanager package only:
zypper ref zypper in susemanager
And finally run the script:
/usr/lib/susemanager/bin/server-migrator.sh
After the migration is complete, you will be requested to reboot your server
Uyuni Server 4.0.2 works with SUSE Uyuni Proxy 4.0.1.
When upgrading, upgrade the Server first, followed by the Proxies.
Salt 2019.2.0
Salt has been upgraded to the 2019.2.0 release.
We intend to regularly upgrade Salt to more recent versions.
For more detail about changes in your manually-created Salt states, see the Salt upstream release notes 2019.2.0.
Base system upgrade
The base system was upgraded to openSUSE 15.1.
As a result, all code was ported to run with Python 3 and OpenJDK 11.
Prometheus Monitoring
We now include packages for the latest version of Prometheus, as well as self-monitoring capabilities for Uyuni.
Prometheus is a monitoring tool that is used to record real-time metrics in a time-series database.
For more information about Prometheus, see the Administration Guide
Exporters
Exporters convert existing metrics into the format Prometheus requires. We are now providing the following Prometheus Exporters as packages, for SLE12 and SLE15 as well as openSUSE Leap 15.1:
-
Node exporter - Hardware and operating system metrics
-
PostgreSQL exporter - PostgreSQL database metrics
-
Squid exporter - Squid Proxy metrics
-
Apache exporter - Apache HTTP server metrics
In addition we provide JMX exporter on Uyuni Server.
Monitoring is not yet available for other operating system platforms like Red Hat Enterprise Linux or Ubuntu.
Self-monitoring features in Uyuni
Uyuni provides metrics about its health to Prometheus. Both Server and Proxy can expose metrics. Self-monitoring can be enabled via the Web UI. For that purpose, some Prometheus exporters are pre-installed on Uyuni Server and Proxy.
A new formula is also included, to install and manage Node and PostgreSQL exporters on clients managed by Salt. This formula can be configured in the Uyuni Web UI.
Content lifecycle management
The content lifecycle management feature allows you to clone software channels through a lifecycle of several environments. You are able to create content projects, select a custom set of software channels as sources, and promote software channels through a pre-defined lifecycle of environments.
You can define filters to exclude specific packages and patches. More filters will be added in a later release.
Once you have selected your sources you can build the selected set which will populate the first environment. After the first environment is built, you can promote it through the environment lifecycle to the next environment in the loop. You can see the status of the build at any time throughout the process.
The result of the build, and the content of every environment, is a channel tree made of cloned software channels of the selected sources, to which systems can be assigned.
Virtualization management for Salt minions
The existing virtualization features have been enhanced for Salt-based systems. This is a technology preview and will require an additional Virtualization Management entitlement. Pricing will be announced soon.
Salt-based virtualization host systems can also create virtual machines using a pre-built disk image.
These features have been added:
-
Deleting virtual machines.
-
Editing virtual machines to add or remove network interfaces or disk, change CPU and memory allocation or the display type.
-
Quick update of the list and state of virtual machines.
-
Displaying virtual machines graphical display in a new tab.
Updated Documentation Structure
In this release, we have reorganized our documentation and updated our tooling to make it clearer where information is, and make it easier for you to find the content you need, when you need it.
Old Naming Format
-
Getting Started
-
Best Practices
-
Reference
-
Advanced Topics
New Naming Format
-
Installation Guide (Requirements, supported platforms, installation methods, etc)
-
Client Configuration Guide (Configuring and connecting clients to Uyuni)
-
Upgrade Guide (Migrate and update clients and Uyuni)
-
Reference Guide (Comprehensive guide to the Web UI)
-
Administration Guide (Maintenance and administration tasks in Uyuni)
-
Salt Guide (A comprehensive guide to Salt for system administrators)
-
Retail Guide (A guide to using Uyuni for Retail)
Improved logging for Salt Remote Command Page
The Salt Remote Command Page log now every command executed in a separate logfile
(/var/log/rhn/rhn_salt_remote_commands.log
).
In addition to this, an entry in the System History is generated for every minion
where the command was executed.
Support for more Distributions as Clients
openSUSE Leap 15.1 and SLE15 SP1 can now be managed.
EoL for openSUSE Leap 42.3 clients
openSUSE Leap 42.3 is now End of Life since July 1st, as announced at the openSUSE Mailing lists
While the repositories for Leap 42.3 are still available, no support is provided aymore.
Salt Rate Limiting (Batching)
Any action scheduled on multiple Salt minions has now an upper limit on the number of systems that will process it simultaneously. This is referred to as batch size in Salt jargon, and defaults to 100 minions.
Please check the documentation for performance considerations in large installations (more than 1000 minions).
Product Information Loaded from SCC
In the past information about product channels were shipped via maintenance updates. Now these information will be downloaded from SUSE Customer Center (SCC) like the other product and repository information.
In case of using the fromdir
configuration with SMT or RMT, please check if they
support already downloading this file. You can get the file with the following command:
curl -O https://scc.suse.com/suma/product_tree.json
Image build host with SLES 12 SP4
Using SLES 12 SP4 as the base OS for an image build host is now supported.
Also building SLES 12 SP4 OS Images is supported.
Updated backend for communicating with SCC
This update contains a new backend to communicate with the SUSE Customer Center (SCC).
This requires to run a mgr-sync refresh
at the end of the update procedure.
The whole update procedure:
$> spacewalk-service stop $> zypper patch $> spacewalk-schema-upgrade $> spacewalk-service start $> mgr-sync refresh
In case of Inter Server Sync (ISS) the master
needs to be updated first,
then the slave
.
This change show products like they are setup in the SUSE Customer Center. As a consequence of this some older products show no architecture anymore and mirror all available architectures when such a product is selected for mirroring.
With this change also some invalid product combinations were removed.
Please check /var/log/rhn/rhn_web_ui.log
for error messages. Invalid
channels can be removed using spacewalk-remove-channel
command.
XMLRPC API changes
Due to the changes in the backend for communicating with SCC corresponding XMLRPC API has changed:
Deprecated calls:
synchronizeChannels() synchronizeProductChannels()
New call:
synchronizeRepositories()
For a refresh the XMLRPC API should be called in the following order:
synchronizeChannelFamilies synchronizeProducts synchronizeRepositories synchronizeSubscriptions
Support for Ubuntu Clients
Management of Ubuntu clients is now supported. We provide a repository with
salt packages that can easily be added with spacewalk-common-channels
or manually.
The following new features were added:
-
Bootstrapping and performing initial state runs such as setting repositories and performing profile updates
-
Assigning
.deb
channels to minions -
Information displayed in System details pages
-
Package install, update, and remove
-
Package install using
Package States
-
Configuration and state channels
-
Support Ubuntu products and Debian architectures in mgr-sync
-
Support creating bootstrap repositories for Ubuntu 18.04 and 16.04
-
Add support for Ubuntu in the bootstrap script
-
Generate InRelease file for Debian/Ubuntu repos when metadata signing is enabled
-
Trust SUSE GPG key for client tools channels on Ubuntu systems
However, the root user on Ubuntu is disabled by default, so in order to use bootstrapping, you will require an existing user with sudo privileges for Python.
Change behavior on token refresh
Channel authentication tokens are valid by default for about 1 year. The renew of tokens happens automatically some time before they expire but they are not deployed automatically to the clients.
As the renew happens mostly without noticing by the administrator that behavior has changed to autodeploy renewed tokens to the clients automatically.
This old behavior can be preserved by setting
token_refresh_auto_deploy = false
in /etc/rhn/rhn.conf
and restarting the services.
In case of a token renew without autodeployment enabled a log message will inform the administrator about it.
New option to force regeneration of channel metadata
A new option --force
was added to spacecmd softwarechannel_regenerateyumcache
to force
a regeneration of the metadata files.
New products supported
-
openSUSE Leap 15.1
-
SLES11 SP4 LTSS
-
SLES12 SP3 LTSS
-
SLES 15 SP1 product family
-
CaaSP 4 Toolchain
Package download endpoint override
It is now possible to set a custom protocol, host and path for minions to download packages at installation time. This will override the default setting of the Uyuni Server or Uyuni Proxy used at registration time.
Technical preview: Single Sign-On (SSO)
Uyuni supports Single Sign-On authentication by implementing the Security Assertion Markup Language (SAML) 2 protocol. Mandatory requirement: an already existing and configured SAML Identity Service Provider (IdP). Uyuni must be reconfigured to use the IdP as the source of authentication and post-login mapped users must be already created before enabling SSO.
For more on configuring SSO, see the Administration Guide
Version 4.0.1
Support for PostgreSQL 10
A new version of the PostgreSQL database is available in openSUSE Leap 42.3 and can be used for Uyuni Server.
New installations of Uyuni Server based on openSUSE Leap 42.3 will automatically pick up this version.
PostgreSQL 10 needs a new version of smdba to initiate backups. This version is part of Uyuni Server 4.0.1.
Migrating from PostgreSQL 9.6 to PostgreSQL 10
You should have an up-to-date database backup before attempting the migration.
Existing installations of Uyuni Server will need to run
/usr/lib/susemanager/bin/pg-migrate-96-to-10.sh
to migrate from PostgreSQL 9.6 to PostgreSQL 10
Your Uyuni Server installation will not be accessible during the migration.
Note The migration will create a copy of the database under
/var/lib/pgsql
and thus needs sufficient disk space to hold two copies
(9.6 and 10) of the database.
Since it does a full copy of the database, it also needs considerable time depending on the size of the database and the IO speed of the storage.
If your system is scarce on disk space you can do an fast, in-place migration by running
/usr/lib/susemanager/bin/pg-migrate-96-to-10.sh fast
The fast migration usually only takes minutes and no additional disk space. However, in case of failure you need to restore the database from a backup.
This wiki page contains additional information about the database migration.
spacecmd: Support state channels
spacecmd
, the command line access to the Uyuni API, has been adapted
to support state channels (aka Salt Minion config channels) with the
following changes:
-
system_scheduleapplyconfigchannels
-
new call to schedule application of the assigned config channels to the system (minion only)
-
-
configchannel_updateinitsls
-
new call to update the
init.sls
file
-
-
configchannel_create
-
adapted call, now has a
-t
option to specify the channel type (normal
orstate
)
-
-
configchannel_import
-
adapted call, honors channel type
-
Please use the help functionality of spacecmd for detailed option descriptions for each mentioned call.
New API calls
Functions softwarechannel_mergepackages
and softwarechannel_errata_merge
to merge packages and errata through spacecmd were added.
spacewalk-common-channels: Support for Uyuni, Fedora 29 and cleanup
Added:
-
Uyuni Server, Uyuni Proxy, Uyuni Client Tools, both stable and development version.
-
Fedora 29
Removed:
-
Fedora 26
-
Spacewalk 2.6 Server and Client Tools
-
Spacewalk 2.7 Server and Client Tools
-
Spacewalk 2.8 Server
-
Spacewalk nightly
-
OpenSUSE 13.2 and openSUSE 13.2 Client Tools
Support for more Distributions as Clients
openSUSE Leap 15.0, openSUSE Leap 42.3, SLE12, SLE15, CentOS6 and CentOS7 are now verified to bootstrap as both salt minions and traditional clients.
New products added to SCC syncing
-
SUSE OpenStack Cloud 9
Known issues
Rocky Linux 9 onboarding fails to complete.
Rocky Linux 9 is distributed with SELinux configured to enforced
by default, and that is causing connection issues between the Salt minion and the Salt master.
In all cases there will be no failures during the bootstrap, but the minion will never show up at the System List page (as it will not complete the onboarding)
At /var/log/venv-salt-minion.log
at the minion, a message like the following one will be present:
[ERROR ][1649] Error while bringing up minion for multi-master. Is master at uyuni-server.mydomain.int responding?
Workaround: Before onboarding the Rocky Linux 9 client, issue the following command as the root user:
setenforce 0
This command can also be useful if you have already onboarded the Rocky Linux 9 client but it did not appear in the Systems list.
We are working on a solution to have the Salt Bundle working with SELinux for Rocky Linux 9.
GPG keys acceptance issue
Some Enterprise Linux distributions do not trust their own GPG key for package installation. In case of GPG key errors, try to import the GPG key manually.
The key files are installed but the name depends on the OS.
CentOS 7: '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7'
CentOS 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial'
Rocky Linux 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial'
Red Hat Enterprise Linux Server 7: '/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release'
Red Hat Enterprise Linux 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release'
Workaround: Import the keys using the following command:
$> rpm --import /path/to/key/file
We are working on a final solution to automate this.
AlmaLinux
Because of an upstream bug, the original package shipped with AlmaLinux 8.5 is providing a broken repository file (containing duplicated identificators). We have already reported this issue to AlmaLinux.
Workaround: Update the package almalinux-release
before registering the instance to Uyuni so at least the version 8.5-3
is installed.
Bootstrap with web UI using non-root user
Onboarding of clients with the non-root
user from the Uyuni UI fails the following error:
ERROR com.suse.manager.webui.controllers.utils.AbstractMinionBootstrapper - Error during bootstrap: SaltSSHError(13, stderr: "", stdout: "ERROR: Failure deploying ext_mods:"
The root cause of this problem is a wrong ownership of the Salt thin directory when using the Salt bundle.
Workaround: Once bootstrap fails, the user can run chown -R $USER:$GROUP /var/tmp/.*_salt
once and try onboarding again, it shouldn’t fail this time.
CLM and custom repositories
When building a CLM project that includes custom channels with custom repositories, the custom repositories might not be selected in the new cloned custom channels. As a workaround, one can go to the new cloned custom channels, select the custom repositories and synchronize them.
Container build host and Salt bundle
The container build host will not work with the Salt bundle. We are working on a fix. Meanwhile, don’t use the Salt bundle on the Container build host but rather a normal Salt.
SLE Micro and openSUSE MicroOS
SLE Micro and openSUSE MicroOS is only partially supported. Some Web UI features, such as showing the patch status of the system, or action chains might not work properly.
SLE Micro and openSUSE MicroOS: Server CA certificate
Because of some recent change, the SSL CA certificate from the server never gets deployed into the registered SLE Micro or openSUSE MicroOS instances during registration.
Server SSL CA certificate doesn’t get deployed during the registration in case of SLE Micro and openSUSE MicroOS. Therefore this instance will have SSL issues when trying to read the channels assigned by Uyuni.
Workaround: The user need to manually run update-ca-certificate
in the SLE Micro or openSUSE MicroOS instance to get this issue fixed.
SLE Micro: Bootstapping
Bootstrapping of SLE Micro from the Web UI/API fails with error the following error:
SaltSSHError(3, Error: Unable to download https://uyuni.fqdn:443/pub/repositories/sle/5/2/bootstrap/venv-enabled-x86_64.txt file!
Workaround: The user needs to manually configure the Salt minion and restart the service manually.
Single Sign On, API and CLI tools
Single Sign On can be used to authenticate in the Web UI but not with the API or CLI tools. This will be fixed in a future release of Uyuni.
EPEL and Salt packages
Using the Extra Packages for Enterprise Linux directly on RHEL clients (or compatible: SLES ES, CentOS, Oracle Linux, etc) will install the Salt packages from EPEL, which miss some features in the Uyuni-provided Salt packages. This is an unsupported scenario.
If you need to enable the EPEL repository, make sure you are using the Salt Bundle (it is used by default with new clients but not for clients onboarded before Uyuni 2022.04)
RHEL 6, CentOS 6 and Oracle Linux 6 minimal installations
In the case of RHEL 6, CentOS 6 and Oracle Linux 6, the "Minimal" installation set is missing some packages required for the onboarding to work. It is recommented to install at least a "Basic Server".
Alternatively, if using a minimal installation, you must install the perl
and openssh-clients
packages before onboarding.
RHEL native clients
When autogenerating bootstrap repositories for native RHEL clients, some errors may be logged from the moment the official Red Hat channels are added until the moment those channels are fully synchronized for the first time.
This does not affect SLES Expanded Support, CentOS, Rocky Linux, AlmaLinux or Oracle Linux.
Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to Uyuni as Salt minions
If a client machine is running the Red Hat Satellite 5.x agent, registering it to Uyuni as a Salt minion will fail due to package conflicts.
Registering a RH Satellite 5.x client as a Uyuni traditional client works fine.
Registering a Uyuni traditional client as a Uyuni Salt minion will also work.
Works | Fails |
---|---|
RH Satellite 5.x ⇒ Uyuni traditional |
RH Satellite 5.x ⇒ Uyuni Salt minion |
Uyuni traditional ⇒ Uyuni Salt minion |
In order to register Red Hat Satellite 5.x clients to Uyuni as Salt minions, you will need to modify the bootstrap script to remove the Satellite agent packages first.
Spacewalk 2.x and Oracle Spacewalk 2.x clients will show the same behavior as Red Hat Satellite 5.x clients
Client Tools Notes
URLs of the Client Tools are:
-
openSUSE Leap 15.* (x86_64, aarch64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/openSUSE_Leap_15-Uyuni-Client-Tools/openSUSE_Leap_15.0/
-
SLE12 (x86_64, pcc64le, s390x, aarch64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/SLE12-Uyuni-Client-Tools/SLE_12/
-
SLE15 (x86_64, pcc64le, s390x, aarch64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/SLE15-Uyuni-Client-Tools/SLE_15/
-
CentOS7 (x86_64, aarch64, ppc64le): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/CentOS7-Uyuni-Client-Tools/CentOS_7/
-
Oracle Linux 7 (x86_64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/CentOS7-Uyuni-Client-Tools/CentOS_7/
-
Oracle Linux 8 (x86_64, aarch64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/EL8-Uyuni-Client-Tools/EL_8/
-
Oracle Linux 9 (x86_64, aarch64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/EL9-Uyuni-Client-Tools/EL_9/
-
AlmaLinux 8 (x86_64, aarch64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/EL8-Uyuni-Client-Tools/EL_8/
-
AlmaLinux 8 (x86_64, aarch64, ppc64le, s390x): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/EL9-Uyuni-Client-Tools/EL_9/
-
Rocky Linux 8 (x86_64, aarch64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/ELS8-Uyuni-Client-Tools/EL_8/
-
Rocky Linux 9 (x86_64, aarch64, ppc64le, s390x): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/EL9-Uyuni-Client-Tools/EL_9/
-
Amazon Linux 2 (x86_64, aarch64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/CentOS7-Uyuni-Client-Tools/CentOS_7/
-
Alibaba Linux 2 (x86_64, aarch64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/CentOS7-Uyuni-Client-Tools/CentOS_7/
-
AlmaLinux 8 (x86_64, aarch64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/EL8-Uyuni-Client-Tools/EL_8/
-
Rocky Linux 8 (x86_64, aarch64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/EL8-Uyuni-Client-Tools/EL_8/
-
Ubuntu 18.04 (x86_64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/Ubuntu1804-Uyuni-Client-Tools/xUbuntu_18.04/
-
Ubuntu 20.04 (x86_64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/Ubuntu2004-Uyuni-Client-Tools/xUbuntu_20.04/
-
Ubuntu 22.04 (x86_64): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/Ubuntu2204-Uyuni-Client-Tools/xUbuntu_22.04/
-
Debian 9 (x86_64, aarch64, armv7l, i586): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/Debian9-Uyuni-Client-Tools/Debian_9/
-
Debian 10 (x86_64, aarch64, armv7l, i586): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/Debian10-Uyuni-Client-Tools/Debian_10/
-
Debian 11 (x86_64, aarch64, armv7l, i586, ppc64le, s390x): https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/Debian11-Uyuni-Client-Tools/Debian_11/
Keep in mind you should manage the client tools using the command spacewalk-common-channels
on the server, that will also allow you to add the required channels for all those operating systems that are freely available.
Supported clients
At the moment the status is the following:
Distribution |
Salt bootstrap from server |
Salt SSH bootstrap from server |
Salt bootstrap from client |
Traditional |
openSUSE Leap 15 |
||||
SLE12 |
||||
SLE15 |
||||
CentOS7 |
||||
Oracle Linux 7 |
||||
Oracle Linux 8 |
||||
Oracle Linux 9 |
||||
Amazon Linux 2 |
||||
Alibaba Linux 2 |
||||
AlmaLinux 8 |
||||
AlmaLinux 9 |
||||
Rocky Linux 8 |
||||
Rocky Linux 9 |
||||
Ubuntu18.04 |
||||
Ubuntu20.04 |
||||
Ubuntu22.04 |
||||
Debian9 |
||||
Debian10 |
||||
Debian11 |
= Working, = Not working, = Untested
With the exception of RHEL/CentOS and Oracle Linux, all maintained SPs and subversions are supported.
Untested clients
Distribution |
Salt bootstrap from server |
Salt SSH bootstrap from server |
Salt bootstrap from client |
Traditional |
RHEL7 |
||||
RHEL8 |
||||
RHEL9 |
RHEL7 is expected to work in the same way as CentOS7, using the CentOS7 client tools. RHEL8 and 9 are expected to work in the same way as Rocky Linux or AlmaLinux 8 or 9, using the AlmaLinux/Rocky Linux/Oracle 8 or 9 client tools
CentOS8 (and therefore RHEL8) does not have support for the traditional client tools, only salt.
Known limitations
"spacewalk/minion_script" Autoinstallation snippet does not work with Salt bundle
The Autoinstallation snippet named spacewalk/minion_script
does not support the Salt Bundle (venv-salt-minion
) at this moment. Using this snippet is not mandatory.
If the snippet is used, the autoinstallation will not fail, but the package salt-minion
will get installed and during the registration the Salt Bundle will not get installed.
As temporary workaround, you can either:
-
Create your own custom snippet based on
spacewalk/minion_script
but adjusting the paths and name to usevenv-salt-minion
instead. -
Use the original snippet, register the client, and then perform the migration to the Python Bundle, as described at the documentation
Uyuni Client Tools GPG not trusted by the clients
The GPG key for Uyuni Client Tools is not trusted by default by the respective package management tools for each OS.
The systems will bootstrap without the GPG key being trusted, but will not be able to install new client tool packages or updated them.
This can be fixed by adding the key uyuni-gpg-pubkey-0d20833e.key
to all the bootscrap scripts at
variable ORG_GPG_KEY=
. If you already have other keys there, you can keep them.
For systems bootstrapped from WebUI, a salt state should be created to trust the key, then the state can be assigned to the organization, and finally it can be used using an Activation Key and the Configuration Channels to deploy the change to the clients.
Documentation
It is usable but you can still find some issues, such references to SUSE Manager that are scheduled to be fixed on subsequent versions.
Installation
Requirements
-
OS: openSUSE Leap 15.4 x86_64, fully updated
-
Main memory: Minimum 16 GB for base installation
-
Disk space: Minimum 100 GB for root partition, Minimum 50 GB for /var/lib/pgsql, Minimum 50 GB per SUSE product + 100 GB per RHEL product (/var/spacewalk)
See the documentation for more details on the system requirements.
Installing the Server
Add the Stable repository:
Install the pattern:
zypper in patterns-uyuni_server
Run Yast2 and go to Network Services > Uyuni Setup
Follow the setup assistant.
See the Installation/Upgrade guide for detailed instructions on how to install.
Update from previous versions of Uyuni Server
See the Installation/Upgrade guide for detailed instructions on how to upgrade.
-
If you are upgrading from 2022.05 or earlier (at least 2021.06): You will need to follow the "Installation/Upgrade Guide > Upgrade > Upgrade the Server" > "Server - Major Upgrade" section.
-
If you are updating from 2022.06 or newer: You will need to follow the "Installation/Upgrade Guide > Upgrade > Upgrade the Server" > "Server - Minor Upgrade" section.
-
Migrating from versions older than 2021.06 is not possible
All connected clients will continue to run and are manageable unchanged.
Update from previous versions of Uyuni Proxy
When updating, always start with the server first and then continue with the proxies.
See the release notes for the proxy and the Installation/Upgrade guide for detailed upgrade instructions.
Other information
Red Hat Channels
Managing RHEL clients requires availability of appropriate Red Hat packages.
SUSE Channels
Managing SUSE Linux clients requires availability of appropriate SUSE channels.
Your licensed SUSE products can be used with Uyuni by following the setup Wizard.
Check the manuals for more information.
Providing feedback
In case of encountering a bug please report it at https://github.com/uyuni-project/uyuni/issues
Legal Notices
Copyright © 2018 – 2022 The Uyuni Project
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/es/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.
For SUSE trademarks, see http://www.suse.com/company/legal/. All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its affiliates. Asterisks (*) denote third-party trademarks.
All information found in this document has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its affiliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof.