Registering Ubuntu 20.04, 22.04 and 24.04 Clients
This section contains information about registering clients running Ubuntu 20.04 LTS, 22.04 LTS and 24.04 LTS operating systems.
Bootstrapping is supported for starting Ubuntu clients and performing initial state runs such as setting repositories and performing profile updates.
However, the root user on Ubuntu is disabled by default, so to use bootstrapping, you require an existing user with sudo privileges for Python.
|
Canonical does not endorse or support Uyuni. |
1. Add Software Channels
Before you register Ubuntu clients to your Uyuni Server, you need to add the required software channels, and synchronize them.
|
In the following section, descriptions often default to the |
The channels you need for this procedure are:
| OS Version | Base Channel | Main Channel | Updates Channel | Security Channel | Client Channel |
|---|---|---|---|---|---|
Ubuntu 24.04 |
ubuntu-2404-pool-amd64-uyuni |
ubuntu-2404-amd64-main-uyuni |
ubuntu-2404-amd64-main-updates-uyuni |
ubuntu-2404-amd64-main-security-uyuni |
ubuntu-2404-amd64-uyuni-client |
Ubuntu 22.04 |
ubuntu-2204-pool-amd64-uyuni |
ubuntu-2204-amd64-main-uyuni |
ubuntu-2204-amd64-main-updates-uyuni |
ubuntu-2204-amd64-main-security-uyuni |
ubuntu-2204-amd64-uyuni-client |
Ubuntu 20.04 |
ubuntu-2004-pool-amd64-uyuni |
ubuntu-2004-amd64-main-uyuni |
ubuntu-2004-amd64-main-updates-uyuni |
ubuntu-2004-amd64-main-security-uyuni |
ubuntu-2004-amd64-uyuni-client |
Version 20.04 also requires the Universe channels:
| Ubuntu 20.04 | |
|---|---|
Universe Channel |
ubuntu-2004-amd64-universe-uyuni |
Universe Updates Channel |
ubuntu-2004-amd64-universe-updates-uyuni |
Universe Security Updates Channel |
ubuntu-2004-amd64-universe-security-uyuni |
Universe Backports Channel |
ubuntu-2004-amd64-universe-backports-uyuni |
-
At the command prompt on the Uyuni Server, as root, use the
spacewalk-common-channelscommand to add the appropriate channels:spacewalk-common-channels \ <base_channel_label> \ <child_channel_label_1> \ <child_channel_label_2> \ ... <child_channel_label_n>
-
If automatic synchronization is turned off, synchronize the channels:
spacewalk-repo-sync -p <base_channel_label>
-
Ensure the synchronization is complete before continuing.
|
You need all the new channels fully synchronized before bootstrapping any Ubuntu client. |
2. Mirror Ubuntu ESM packages
Canonical provides Expanded Security Maintenance (ESM) packages for Ubuntu Pro users and customers. These packages offer longer maintenance (10 to 12 years) for several operating system components and selected applications.
These repositories can also be synchronized within Uyuni if you extract the required GPG keys and your personal Bearer Token from a system registered to Ubuntu Pro.
2.1. Extract GPG keys and Bearer Token
Register an Ubuntu host with Ubuntu Pro. You will find your personal registration token in the Ubuntu Pro Dashbaord. An Ubuntu One acconut is required for this.
sudo apt-get install ubuntu-advantage-tools sudo pro attach <perosnal_token>
After registration, you will find the Bearer Token in the file /etc/apt/auth.conf.d/90ubuntu-advantage:
machine esm.ubuntu.com/apps/ubuntu/ login bearer password <token> # ubuntu-pro-client machine esm.ubuntu.com/infra/ubuntu/ login bearer password <token> # ubuntu-pro-client
|
One dedicated bearer token is used per repository. |
Configure the following repositories within Uyuni:
2.2. Configure Ubuntu ESM repositories
Use the following URLs for creating the repositories:
| URL | Description |
|---|---|
https://bearer:<token>@esm.ubuntu.com/infra/ubuntu/dists/<release>-infra-updates/main/binary-<arch>/ |
Operating system functional updates |
Operating system security updates |
|
https://bearer:<token>@esm.ubuntu.com/apps/ubuntu/dists/<release>-apps-updates/main/binary-<arch>/ |
Application functional updates |
https://bearer:<token>@esm.ubuntu.com/apps/ubuntu/dists/<release>-apps-security/main/binary-<arch>/ |
Application security updates |
Replace <token> with your personal Bearer Token. Also, arch and release must be replaced with one of the following values:
| Architectures | Releases |
|---|---|
|
|
In order for Uyuni to synchronize the repositories, the corresponding GPG keys (ubuntu-advantage-esm-infra-trusty.gpg, ubuntu-advantage-esm-apps.gpg) must be imported. These are located on a system registered with Ubuntu Pro under /etc/apt/trusted.gpg.d. Copy these files to the Uyuni system and import them as follows:
mgradm gpg add /path/to/gpg.key
Create the appropriate child channels below already synchronized Ubuntu parent channels. After that, repositories can be synchronized.
|
The procedure shown here can be used to circumvent the subscription limitations - however, this constitutes a breach of the Terms of Service and may have legal consequences. There must always be sufficient subscriptions for the number of systems used. |
3. Check Synchronization Status
-
In the Uyuni Web UI, navigate to , then click the channel associated to the repository.
-
Navigate to the
Repositoriestab, then clickSyncand checkSync Status.
-
At the command prompt on the Uyuni Server, as root, use the
tailcommand to check the synchronization log file:tail -f /var/log/rhn/reposync/<channel-label>.log
-
Each child channel generates its own log during the synchronization progress. You need to check all the base and child channel log files to be sure that the synchronization is complete.
|
Ubuntu channels can be very large. Synchronization can sometimes take several hours. |
4. Manage GPG Keys
Clients use GPG keys to check the authenticity of software packages before they are installed. Only trusted software can be installed on clients.
|
Trusting a GPG key is important for security on clients. It is the task of the administrator to decide which keys are needed and can be trusted. Because a software channel cannot be used when the GPG key is not trusted, the decision of assigning a channel to a client depends on the decision of trusting the key. |
For more information about GPG keys, see GPG Keys.
5. Root Access
The root user on Ubuntu is disabled by default for SSH access.
To be able to onboard using a regular user, you need to edit the sudoers file.
|
This issue happens with self-installed versions of Ubuntu.
If the default user has been granted administrative privileges during installation time, a password is required to perform privilege escalation using |
-
On the client, edit the
sudoersfile:sudo visudo
Grant
sudoaccess to the user by adding this line at the end of thesudoersfile. Replace<user>with the name of the user that is bootstrapping the client in the Web UI:<user> ALL=NOPASSWD: /usr/bin/python, /usr/bin/python2, /usr/bin/python3, /var/tmp/venv-salt-minion/bin/python
|
This procedure grants root access without requiring a password, which is required for registering the client.
When the client is successfully installed it runs with root privileges, so the access is no longer required.
We recommend that you remove the line from the |
6. Register Clients
To register your clients, you need a bootstrap repository. By default, bootstrap repositories are automatically created, and regenerated daily for all synchronized products. You can manually create the bootstrap repository from the command prompt, using this command:
mgr-create-bootstrap-repo
For more information on registering your clients, see Client Registration.