Release notes for Uyuni Server

Version 2022.11
2022-11-23 16:55:19 +0100
Table of Contents

  * Version Revision History
  * Stay informed
  * Support
  * Release model
  * Major changes since Uyuni Server 4.0.0
      + Features and changes
          o Version 2022.11
              # System list refactor
              # Instructions to disable custom channel automatic syncronization
              # Allow more tools for network management for the Uyuni Server
              # Monitoring: Grafana update to 8.5.13
              # Monitoring: Fix TLS configuration and enable client certificate
                authentication for Blackbox exporter
              # Traditional stack being removed
          o Version 2022.10
              # Update notes
              # RHEL/Oracle Linux/AlmaLinux/Rocky Linux 9 as clients
              # Monitoring for Ubuntu 22.04
              # pip support for the Salt Bundle
              # Apache exporter updated to version 0.11.0 for SUSE Linux
                Enterprise and openSUSE
              # Cobbler updated to version 3.3.3
          o Version 2022.08
              # Ubuntu 22.04 as client
              # GPG key handling in Uyuni
              # Disabling locally defined repositories
              # Technology Preview: Helm chart to deploy containerized Uyuni
                Proxy and Retail Branch Server
          o Version 2022.06
              # Upgrade notes
              # Base system upgrade
              # PostgreSQL 14
              # Salt 3004
              # New products enabled
          o Version 2022.05
              # Reporting Database documentation
              # spacewalk-report now uses data from the reporting database
              # Adding systems with failed actions to System Set Manager
              # Technology Preview: JSON over HTTP API
          o Version 2022.04
              # Salt SSH now uses the Salt Bundle
              # Technology Preview: Containerized Uyuni Proxy and Retail Branch
                Server
              # Reporting Database improvements
              # Improved image management
              # HSTS available
          o Version 2022.03
              # Fixes for Salt security issues
              # Salt Upgrade
              # New XML-RPC API version 26
              # smdba: changed defaults for newer PostgreSQL versions
              # Monitoring: Grafana 8.3.5
              # Unsupported products
          o Version 2022.02
              # PostgreSQL default password encryption mechanism change
              # Reporting Database
              # Ubuntu errata installation
              # Monitoring
              # SLES PAYG client support on cloud
              # openscap for Debian 11 (Tech Preview)
          o Version 2022.01
              # Debian 11 as client
              # Link to vendor security advisory in Patch details page
              # Add support for custom SSH port for SSH minions
              # Change proxy used for clients from the WebUI
          o Version 2021.12
              # Salt as a Bundle
              # aarch64 support for openSUSE Leap 15.3, CentOS 7/8, clones and
                related systems
              # System reactivation
              # Low Diskspace notification
              # Package Locking for Salt Minions
              # Monitoring
              # Content Lifecycle Management improvement
              # New XMLRPC API methods for SaltKey
              # New product enabled
              # CVE-2021-40348 remediation
              # CentOS 8 End of Life
              # Future deprecation of the traditional stack
          o Version 2021.09
              # AppStreams WebUI improvements
              # Improve the date time handling on the UI
              # Support syncing patches with advisory status 'pending'
              # Virtualization
              # spacecmd: allow massive archive and delete actions
              # Recent cobbler CVEs remediation
          o Version 2021.08
              # Rocky Linux 8 as client
              # Ansible Playbooks test mode
              # Kiwi parameters for OS Image profiles
              # Fixes for AArch64 hosts, including virtualization
              # Virtual Machines and UEFI
              # Pacemaker support for KVM and Xen virtual machines
              # New CLM Filter Template
              # OpenSCAP Audit
              # Logs for Salt SSH clients
              # Tech-preview: Inter-Server Synchronization version 2
              # Monitoring
          o Version 2021.06
              # Upgrade notes
              # Salt 3002
              # Base System Upgrade
              # PostgreSQL 13
              # Missing openSUSE Leap 15.3 channels added to
                spacewalk-common-channels
              # Integration of Ansible into an Uyuni automation environment to
                protect customer investment and ease migration (Technology
                Preview)
          o Version 2021.05
              # New products enabled
              # SLE Micro 5.0 and openSUSE MicroOS as clients
              # Deprecated products
              # Prometheus TLS
              # Updated Prometheus
              # Migrate clients from openSUSE Leap to SUSE Linux Enterprise
                Server
              # Easier system group and configuration channel assignment
              # Enhanced CLM filter list
              # Notify beacon for DEB-based clients
              # Allow setting primary FQDN for the systems
              # Virtualization
              # Custom data as pillar
              # Retracted patches
              # Client systems forwarded to SUSE Customer Center
              # Configuration state summary
              # Live patching made easy with filter templates
              # HTML documentation for the API
              # New API calls
              # spacecmd improvements
              # Activation key dropped from system details
              # Software Crashes (ABRT) dropped
              # Warning about Ansible integration
          o Version 2021.04
              # Vendor change for some Java dependencies
              # Fix for potential security issue with Java RMI
              # New products enabled
              # Amazon Linux 2 and Alibaba Linux 2 clients
              # AlmaLinux 8
              # Maintenance Windows UI
              # Removal of deprecated XMLRPC API methods
              # Reactivation keys in bootstrap scripts
              # Enable SAN SSL certificates
              # Universe Security, Multiverse, Restricted, and Backport
                channels for Ubuntu.
              # Oracle Linux UEK channel
              # Performance improvements
              # Redfish power management
              # OpenSCAP from SSM
              # Virtual network creation UI
              # Logging
              # Monitoring
          o Version 2021.02
              # Recent Salt CVEs remediation
              # Prometheus exporters' reverse proxy formula Ubuntu support
          o Version 2021.01
              # Vendor change for some Java dependencies
              # Fix version comparison algorithm for deb packages (Ubuntu)
              # New products enabled
              # SAP content
              # CPU mitigations formula
              # Vendor change on SP migration
              # Autoinstallation of older operating systems
              # Oracle Linux ULN repositories
              # CentOS 6 repositories
              # New countries and timezones
              # Cluster management: upgrade plan
              # Yomi refresh
              # Uyuni Server connections are always and only secure
              # Monitoring updates
          o Version 2020.11
              # Recent Salt CVEs remediation
              # CentOS 7/8 ppc64le support
              # Prometheus Exporter Exporter for CentOS, Oracle and RHEL 7 and
                8
              # Node Exporter updated to version 1.0.1 for most operating
                systems
              # Web UI themes
              # Prometheus Exporter Exporter
              # XML-RPC power management API
              # Third-party errata information on vendor channels
              # Bootstrap repositories no longer flushed by default
              # DNSSEC enabled by default by bind update
              # Virtualization: Creation of virtual machines with Yomi,
                KickStart or AutoYaST profiles
              # Japanese translation
          o Version 2020.09
              # Uyuni Hub XML-RPC API is now supported
              # Formula for peripheral server management (Technology Preview)
              # Maintenance windows
              # Monitoring reverse proxies
              # Added new type of "Virtual Host Manager": Nutanix AHV
              # Grafana 7.1.5
              # New products enabled
          o Version 2020.07
              # Upgrade notes
              # Salt 3000.0
              # New "mgrcompat.module_run" custom compatibility state for Salt
                is available for registered systems.
              # PostgreSQL 12
              # Base System Upgrade
              # New products enabled
              # Ubuntu 20.04 LTS
              # hwdata vendor change for openSUSE Leap 15.1 clients
          o Version 2020.06
              # Oracle Linux
              # Third-party GPG keys now included
              # Cluster Management
              # Dropped feature: Unpublished patches
          o Version 2020.05
              # Repository syncing performance improvements
              # Image profiles key-value pairs supported as arguments for
                Docker build
              # Service pack migrations: run a real migration after a
                successful dry-run
          o Version 2020.04
              # Recurring actions
              # Bootstrapping Salt Clients with a Private SSH key (from API)
              # CentOS8 Content Lifecycle Management: Better Feedback with
                Appstreams
              # Automated Schema Database Upgrades and Failure Security
                Mechanism
              # Large Deployments Guide (draft)
              # Uyuni Hub documentation
              # Public Cloud QuickStart Guide (draft)
              # CaaSP Grafana Dashboads
              # Prometheus Federation Support in Formulas with Forms
              # Pre-configured default alerting rules
              # Prometheus Exporters for CentOS8 x86_64
              # Node Exporter Updated to 0.18.1
              # Virtualization: Management of storage pools
          o Version 2020.03
              # Debian client tools
              # SUSE Container as a Service Platform v4 nodes: action filtering
              # Subscription matching in public cloud: BYOS vs PAYG
              # Automatic generation of bootstrap repositories
              # Salt clients: provisioning API
              # Recurring highstate scheduling
              # Content Lifecycle Filters for AppStreams
              # New products enabled
              # Ubuntu enhancements
              # Yomi (Technology Preview)
              # Uyuni Hub XML-RPC API (Technology Preview)
              # spacewalk-utils
              # EFI HTTP booting
              # Subscription matching enhancements
              # Single Sign-On (SSO) is now stable
              # Single Page Application UI (SPA) is now stable
              # Red Hat Enterprise Linux 8 onboarding simplified
          o Version 2020.01
              # Version format change
              # Adjust your repository at the Server system
              # Remove current Uyuni Proxy 4.0 channel and repository from the
                Server and add the new ones
              # Remove current Uyuni Server 4.0 channel and repository from the
                Server and add the new ones
              # CentOS8, RHEL 8 and SLES ES 8 support
              # Monitoring
              # Package Hub
              # Formulas
              # New Content Lifecycle Management filters
              # Enhanced support for Debian and Ubuntu
              # New Prometheus exporters and formulas
              # Subscription matching in Public Cloud
              # Preventive shutdown of Server when running out of disk space
              # Single Page Application UI
              # Grafana
              # Prometheus service autodiscovery
              # CPU mitigation formula
              # Updated documentation
              # Enhanced support for Ubuntu and Debian clients
              # New products enabled (from SCC)
              # SUSE Container as a Service Platform v4 support
              # Other changes
          o Version 4.0.2
              # Migrating the Server from 4.0.1 to 4.0.2
              # Salt 2019.2.0
              # Base system upgrade
              # Prometheus Monitoring
              # Content lifecycle management
              # Virtualization management for Salt minions
              # Updated Documentation Structure
              # Improved logging for Salt Remote Command Page
              # Support for more Distributions as Clients
              # EoL for openSUSE Leap 42.3 clients
              # Salt Rate Limiting (Batching)
              # Product Information Loaded from SCC
              # Image build host with SLES 12 SP4
              # Updated backend for communicating with SCC
              # XMLRPC API changes
              # Support for Ubuntu Clients
              # Change behavior on token refresh
              # New option to force regeneration of channel metadata
              # New products supported
              # Package download endpoint override
              # Technical preview: Single Sign-On (SSO)
          o Version 4.0.1
              # Support for PostgreSQL 10
              # Migrating from PostgreSQL 9.6 to PostgreSQL 10
              # spacecmd: Support state channels
              # New API calls
              # spacewalk-common-channels: Support for Uyuni, Fedora 29 and
                cleanup
              # Support for more Distributions as Clients
              # New products added to SCC syncing
  * Known issues
      + Rocky Linux 9 onboarding fails to complete.
      + GPG keys acceptance issue
      + AlmaLinux
      + Bootstrap with web UI using non-root user
      + CLM and custom repositories
      + Container build host and Salt bundle
      + SLE Micro and openSUSE MicroOS
      + SLE Micro and openSUSE MicroOS: Server CA certificate
      + SLE Micro: Bootstapping
      + Single Sign On, API and CLI tools
      + EPEL and Salt packages
      + RHEL 6, CentOS 6 and Oracle Linux 6 minimal installations
      + RHEL native clients
      + Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to Uyuni as
        Salt minions
  * Client Tools Notes
      + Supported clients
      + Untested clients
      + Known limitations
          o "spacewalk/minion_script" Autoinstallation snippet does not work
            with Salt bundle
          o Uyuni Client Tools GPG not trusted by the clients
  * Documentation
  * Installation
      + Requirements
      + Installing the Server
      + Update from previous versions of Uyuni Server
      + Update from previous versions of Uyuni Proxy
  * Other information
      + Red Hat Channels
      + SUSE Channels
  * Providing feedback
  * Legal Notices

Version Revision History

  * 2022/11/21: 2022.11 release

  * 2022/10/14: 2022.10 release

  * 2022/08/10: 2022.08 release

  * 2022/06/26: 2022.06 release

  * 2022/05/10: 2022.05 release

  * 2022/04/29: 2022.04 release

  * 2022/03/31: 2022.03 release

  * 2022/02/28: 2022.02 release

  * 2022/01/28: 2022.01 release

  * 2021/12/09: 2021.12 release

  * 2021/09/23: 2021.09 release

  * 2021/08/16: 2021.08 release

  * 2021/06/24: 2021.06 release

  * 2021/05/18: 2021.05 release

  * 2021/04/21: 2021.04 release

  * 2021/03/01: 2021.02 release

  * 2021/02/05: 2021.01 release

  * 2020/11/26: 2020.11 release

  * 2020/09/22: 2020.09 release

  * 2020/07/24: 2020.07 release

  * 2020/06/15: 2020.06 release

  * 2020/05/21: 2020.05 release

  * 2020/04/16: 2020.04 release

  * 2020/03/19: 2020.03 release

  * 2020/01/31: 2020.01 release

  * 2019/08/02: 4.0.2 release

  * 2018/12/19: 4.0.1 release

  * 2018/10/26: 4.0.0 release

Stay informed

You can stay up-to-date regarding information about Uyuni:

Check the home site https://www.uyuni-project.org

Support

Uyuni is a community-supported project. The ways of contacting the community
are available at the home site.

Release model

Uyuni uses a rolling release model (meaning there will be no bugfixing for
given Uyuni version, but new frequent versions that will include bugfixes and
features)

Check the home site get in contact with the community.

Major changes since Uyuni Server 4.0.0

Features and changes

Version 2022.11

System list refactor

The System list page has been refactored to be more optimized and can handle
thousands of systems with a breeze.

For this we had to add a new database table to store the cached system data.

This table is updated every hour by the update-system-overview-default task and
within a minute after data for any of the systems is changed.

As a side effect, the System list will be empty after the server upgrade until
the refresh is triggered.

To force a refresh before the top of the hour, run the
update-system-overview-default task manually in Admin > Task Schedules page.
Keep in mind that processing this task can take some time depending on how many
systems are present in the database.

We intend to automate the initial refresh during during the Uyuni Server update
in a future release, for people that are still upgrading from versions older
than 2022.11

The new page has also introduced a more advanced filtering of the data. Though
quite powerful, the user interface for the value selection is still rough and
requires knowing what to query. While this has been temporarily been worked
around by keeping the old links in the Systems List menu, we expect
improvements for the interface in a future release.

Instructions to disable custom channel automatic syncronization

Since Uyuni 2022.10, the custom channels are now synced automatically.

By default, a synchronization will start automatically after adding a new
repository to a custom channel. Moreover, they will all update daily as a part
of the mgr-sync-refresh-default scheduled task.

To disable this new feature and revert back to the old behaviour, you can set
in /etc/rhn/rhn.conf:

java.unify_custom_channel_management = 0

Custom Channels section of the Administration guide for information about the
custom channel synchronization.

Allow more tools for network management for the Uyuni Server

Until now, the Uyuni Server only supported Wicked for network management,
because of a problem at the uyuni-check-database service.

With Uyuni 2022.11, this problem is fixed and now any other tool such as
NetworkManager can be used.

Monitoring: Grafana update to 8.5.13

Uyuni 2022.03 updates Grafana from version 8.3.5 to 8.5.13.

This update fixes several security vulnerabilities:

  * CVE-2022-36062

  * CVE-2022-35957

  * CVE-2022-31107

  * CVE-2022-31097

  * CVE-2022-29170

Check the upstream changelog for all the details on what has changed.

There is one breaking change: - For a data source query made via /api/ds/query,
if the DatasourceQueryMultiStatus feature is enabled and the data source
response has an error set as part of the DataResponse, the resulting HTTP
status code is now 207 Multi Status instead of 400 Bad gateway.

Updating Grafana is strongly recommended.

Monitoring: Fix TLS configuration and enable client certificate authentication
for Blackbox exporter

Uyuni 2022.10 and previous versions were using basic authentication for the
Blackbox exporter scrapping, even though using TLS client certificates was
enabled at the prometheus-formula

With Uyuni 2022.11, the Prometheus formula adds a section for the Blackbox
exporter with TLS certificate and key for client certificate authentication.

Traditional stack being removed

Uyuni 2022.06 was the last version where traditional client tools were tested
to work, and it was announced that with Uyuni 2022.08 the traditional client
tools will be deprecated and removed at some point after the summer.

Uyuni 2022.11 is already removing code for the traditional clients, so this
version will not support traditional clients in any way. New deployments will
not work and existing deployments will not work either. If you still have
traditional clients and they still work normally, you need to migrate them to
Salt before updating to Uyuni 2022.11.

Version 2022.10

Update notes

WARNING: This release requires vendor changes for some Uyuni dependencies at
the server, so pay attention to the following instructions!

Because of bug at zypper, it could be that --allow-vendor-change is broken on
your system. This can apply even if you are still on Uyuni 2022.05 or earlier
(based on openSUSE Leap 15.3)

Make sure you manually update zypper first at the Uyuni Server with zypper ref
&& zypper in zypper, and then verify that the installed zypper version is
1.14.57 or newer (use zypper info zypper).

Then:

  * If you are on Uyuni 2022.06 or newer, while doing the minor upgrade
    procedure for the Server, make sure you allow such vendor changes by
    calling zypper up --allow-vendor-change instead of zypper up.

  * If you are on Uyuni 2022.05 or older, follow the major upgrade procedure
    for the Server without any special steps.

RHEL/Oracle Linux/AlmaLinux/Rocky Linux 9 as clients

Uyuni is now able to manage RHEL/Oracle Linux/AlmaLinux/Rocky Linux 9 as Salt
or Salt SSH minions. All other features that worked for previous versions of
RHEL/Oracle Linux/AlmaLinux/Rocky will work now too, with the exception of the
Prometheus Exporters.

The following architectures can be managed:

  * x86_64

  * aarch64

  * s390x (RHEL/AlmaLinux/Rocky Linux only)

  * ppc64le (RHEL/AlmaLinux/Rocky Linux only)

Check the Client Configuration Guide for information about how to configure the
Uyuni Server to work with RHEL/Oracle Linux/AlmaLinux/Rocky Linux 8 clients.

Monitoring for Ubuntu 22.04

The Client Tools for Ubuntu 22.04 now contain four exporters:

  * prometheus-apache-exporter

  * prometheus-exporter-exporter

  * prometheus-node-exporter

  * prometheus-postgres-exporter

With these tools all of the features available for previous Ubuntu versions are
available at 22.04

pip support for the Salt Bundle

The Salt Bundle now includes support for pip, allowing users to extend the
functionality of the bundled Salt Minion with extra Python packages.

Check the official Saltstack documentation on how to do it as a module and a
state.

Keep in mind that not all of the functions are available with the state, but
the missing functionality can still be accessed with module.run.

Apache exporter updated to version 0.11.0 for SUSE Linux Enterprise and
openSUSE

Uyuni 2022.10 updates the Prometheus exporter for Apache from version 0.7 to
version 0.10.0 for SUSE Linux Enterprise and openSUSE, including the Uyuni
Server, the Uyuni Proxy and the Uyuni Retail Branch Server.

Check the upstream release notes for more details, including new metrics.

Cobbler updated to version 3.3.3

Cobbler was updated from version 3.1.2 to version 3.3.3.

  * "cobbler buildiso" now supports building ISOs with UEFI support

  * Cobbler has a new command "cobbler mkloaders" that can be called optionally
    after GRUB or Syslinux was updated on the Uyuni Server

For the complete list of changes, see the upstream release notes:

  * https://github.com/cobbler/cobbler/releases/tag/v3.3.3

  * https://github.com/cobbler/cobbler/releases/tag/v3.3.2

  * https://github.com/cobbler/cobbler/releases/tag/v3.3.1

  * https://github.com/cobbler/cobbler/releases/tag/v3.3.0

  * https://github.com/cobbler/cobbler/releases/tag/v3.2.2

  * https://github.com/cobbler/cobbler/releases/tag/v3.2.1

  * https://github.com/cobbler/cobbler/releases/tag/v3.2.0

 The migration of stored Cobbler collections and settings from previous Cobbler
 version to 3.3.3 will run automatically during this upgrade.

A backup of old Cobbler settings file will be created at /etc/cobbler/
settings.before-migration-backup and old collections backup under /var/lib/
cobbler/.

Version 2022.08

Ubuntu 22.04 as client

Uyuni is now able to manage Ubuntu 22.04 clients as Salt or Salt SSH minions.
All other features that worked for previous versions of Ubuntu will work now
too, with the exception of the Prometheus Exporters and package vendor
identification, which will be part of a future Uyuni release (for now,
Prometheus Exporters are available in the Universe repositories).

The following architectures can be managed:

  * x86_64

Check the Client Configuration Guide for information about how to configure
Uyuni Server to work with Ubuntu 22.04 clients.

GPG key handling in Uyuni

Uyuni is now taking care of trusting the required GPG keys on the clients, in
order to install packages from assigned channels

The GPG key URL can be defined for Software Channels which will be used to find
the key needed for that channel.

When the channel is assigned to the client the key will be trusted on
repository refresh or when installing a package out of the channels.

For more information, check the documentation.

Disabling locally defined repositories

To prevent problems with local defined repositories providing wrong or unwanted
packages, we disable now all these repositories as the first step in
bootstraping.

Additionlly we try to keep local repositories disabled and perform this in the
channel state which is also used during highstate.

For more information, check the documentation.

Technology Preview: Helm chart to deploy containerized Uyuni Proxy and Retail
Branch Server

Deploying Proxy and Retail Branch Servers as containers is now also possible
using a Helm chart.

For more information check this README file. The information will be part of
the Uyuni official documentation in a future release.

WARNING: The container images configuration has a new format and it is now
packaged as tar.gz file. All previously deployed container Proxies and Retail
Branch Servers will need to get their configuration regenerated and deployed
again before pulling these images.

Version 2022.06

Upgrade notes

WARNING: This release updates the base OS from openSUSE Leap 15.3 to openSUSE
Leap 15.4 and there are special steps required. You need at least Uyuni 2021.06
already installed to perform the upgrade, and you need to follow the major
upgrade procedure for the Server. More details are also available at the
"Update from previous versions of Uyuni Server" section below.

WARNING: This release updates the Salt version for master and minions to a next
major release. Make sure you update the Uyuni Server before updating the
clients, as backward compatiblity of minions agains an older master is not
guaranteed

WARNING: With Uyuni 2021.12, we announced the future deprecation of the
Traditional client tools. Uyuni 2022.06 is the last release that supports them.
Starting with Uyuni 2022.08, the traditional client tools will be deprecated as
we will start removing the code at some point after the summer. Do not use
traditional for any new deployments of clients or proxies, and start migrating
your traditional clients to Salt.

Base system upgrade

The base system has been upgraded to openSUSE Leap 15.4.

PostgreSQL 14

The database engine has been updated from PostgreSQL 13 to PostgreSQL 14, which
brings a number of performance and reliability improvements. A detailed
changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, Uyuni
2022.06 refuse to start until the database migration from PostgreSQL 13 to
PostgreSQL 14 has been completed successfully.

Salt 3004

Salt has been upgraded to upstream version 3004, plus a number of patches,
backports and enhancements by SUSE, for the Uyuni Manager Server, Proxy, and
Client Tools.

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the
Salt 3004 upstream release notes.

Salt Bundle 3004 will be available for all supported clients.

The non-bundle version of Salt requires Python3 installed by default, so it
will not be available for:

  * SUSE Linux Enteprise 12

  * CentOS 7

  * Oracle Linux 7

  * Red Hat Enteprise Linux 7

New products enabled

  * openSUSE Leap 15.4

  * SUSE Linux Enterprise 15 SP4 family

  * SLE Micro 5.2

Version 2022.05

Reporting Database documentation

The reporting database schema is now fully documented.

The documentation describes the schema in detail, showing all the tables and
the views available and highlighting the relationships among them.

You can access it from the Uyuni Server WebUI, at Help > Report Database
Schema, from the left navigation bar.

spacewalk-report now uses data from the reporting database

Starting with Uyuni 2022.05, spacewalk-report will use the data from the report
database by default. This change affects both new and updated setups.

This means that the new generated reports will differ in the structure and the
format of the data and might break existing integrations.

If this change causes trouble in your use case, the new option --legacy-report
can be used to fallback to the old report engine.

For a comprehensive list of what is changed and what reports are affected, see
the section "Generate Reports" at the Administration Guide.

Adding systems with failed actions to System Set Manager

It is now possible to select and add systems that failed or completed actions,
with a new button Add Selected to SSM that shows for the actions at "Completed
Systems" and "Failed Systems".

You can the find the actions at the Uyuni Server WebUI, at Schedule on the left
navigation bar.

This can be useful to fix issues with systems that failed to complete actions,
or to run more actions on those that completed them.

Technology Preview: JSON over HTTP API

With Uyuni 2022.05, in addition to the current XML-RPC API, a new JSON over
HTTPI API will also be provided to make Uyuni API even easier to consume.

Uyuni is seeing more and more use in automated scenarios, where it is a part of
a bigger system and driven via its APIs.

The XML-RPC protocol has served users well so far and will continue to do so,
but HTTP APIs are more in demand and have better tooling support.

The API documentation has been updated to reflect the changes to support the
HTTP API, and is available at the Uyuni Server WebUI under About > API, and at
the website

Usage examples can be found in the "Sample scripts" section of the
documentation.

With the addition of the JSON over HTTP API documentation:

  * Mandatory names to the input parameters for each method were added

  * Information about the HTTP request type (GET or POST) was added

  * Example scripts to consume the HTTP API via Curl were added

Version 2022.04

Salt SSH now uses the Salt Bundle

The Salt Bundle is now used to handle Salt SSH executions on the client side.
The bootstrap of new Salt clients using webUI or API is now also using the Salt
Bundle.

To ensure bootstrap works in the proper way, the bootstrap repositories for the
clients must be regenerated before bootstrapping new clients.

The bootstrap repository regeneration happens for any given product when a
resync for the product repositories happens:

  * For products provided by the SUSE Customer Center, added via de Setup
    Wizard or mgr-sync, this happens each night.

  * For products added via spacewalk-common-channels there is no automated
    resync by default, unless it was configured after adding the product. In
    this case, the regeneration needs to be trigger manually.

To manually trigger the regeneration, use the tool mgr-create-bootstrap-repo at
the Uyuni Server.

Technology Preview: Containerized Uyuni Proxy and Retail Branch Server

Starting with Uyuni 2022.04, it will be possible to run the Uyuni proxy and
Retail branch server also in containers. This could be very helpful in
scenarios where adding new virtual machines is not feasible for some reason.

Additionally, the ability to run Uyuni Proxy and Retail branch servers in
containers make it more flexible to run them anywhere without worrying about
the underlying OS, while also making it possible to get the advantage of
Kubernetes offerings like HA.

Reporting Database improvements

The following improvements have been made in the reporting database

  * Add UI for peripheral server with report database password regeneration

  * Added the server location information to the reporting database

  * detect MgrServer on bootstrap and store report database settings

  * Added Channel information

  * Added System packages information

  * Added OpenScap scans information

  * Added Groups information

  * Added System packages information

  * Added proxy information to the system table

  * Changed table SystemGroup to better reflect its content

  * Added location information to the system table

Improved image management

Uyuni 2022.04 comes with a lot of improvements for image management.

  * Kiwi images:

      + Uses name and version from Kiwi config file, revision is increased on
        each build

      + Built image files are referenced in the database and deleted with the
        image entry

      + Image pillars are stored in the database

      + The build log is visible in the User Interface

  * Docker images:

      + Use a new database entry for each revision

      + Old revision can be shown with the "Show obsolete" checkbox

  * Updated XML RPC API to manipulate with images, image files and pillars:

      + For more details about these end points, please refer to Uyuni API.

HSTS available

HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to
protect websites against man-in-the-middle attacks such as protocol downgrade
attacks and cookie hijacking.

Uyuni 2022.04 allows enabling HSTS. Which means each request will need to be
HTTPS while plain HTTP requests will be rejected.

To enable it for the Uyuni Server:

 1. Edit /etc/apache2/conf.d/zz-spacewalk-www.conf

 2. Uncomment the line # Header always set Strict-Transport-Security "max-age=
    63072000; includeSubDomains"

 3. Restart Apache with systemctl restart apache2

To enable it for the Uyuni Proxy

 1. Edit /etc/apache2/conf.d/spacewalk-proxy.conf

 2. Uncomment the line # Header always set Strict-Transport-Security "max-age=
    63072000; includeSubDomains"

 3. Restart Apache with systemctl restart apache2

IMPORTANT: If you enable HSTS while using the default SSL certificate generated
by Uyuni, or a self-signed certificate, some browsers will refuse to connect
using HTTPS unless the CA used to sign such certificates is trusted by the
browser. If you are using the SSL certificate generated by Uyuni, you can trust
it at the servers by using the file located at http://<UYUNI-SERVER-HOSTNAME>/
pub/RHN-ORG-TRUSTED-SSL-CERT

Version 2022.03

Fixes for Salt security issues

Fixes for the following security issues have been released: CVE-2022-22934,
CVE-2022-22935, CVE-2022-22936, CVE-2022-22941.

You should patch your Salt master at the Uyuni Server and minions as soon as
possible. Please take the next section into account when upgrading the Salt.

Salt Upgrade

To properly upgrade Salt with the fixes for the latest CVEs, and avoid breaking
the communication between for Salt master and minion, you need to upgrade your
"salt-master" first and then continue upgrading your Salt minions.

In case that a Salt minion is upgraded with the CVE fixes but your Salt master
is not, then the communication between the master and this minion will be
broken, and you would see errors like the following in your minion logs:

2022-03-28 13:19:41,880 [salt.crypt       :743 ][ERROR   ][15942] Sign-in attempt failed: {'publish_port': 4505, 'pub_key': '-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\n''enc': 'pub','sig': ".."}
2022-03-28 13:19:41,885 [salt.minion      :1056][ERROR   ][15942] Error while bringing up minion for multi-master. Is master at salt-master-server.tf.local responding?

As soon as your Salt master is upgraded and restarted then the communication
between master and minion will be restablished and the errors messages will not
longer happen.

New XML-RPC API version 26

Uyuni 2022.03 updates the XML-RPC API version from 25 to 26, in preparation for
SUSE Manager 4.3

There are no breaking changes to any methods.

If any of your scripts are checking for the version 25, you can change them to
use version 26 without any further changes.

smdba: changed defaults for newer PostgreSQL versions

Starting with PostgreSQL 13, some defaults have changed.

To improve performance, smdba autotuning was adapted to use the new values.

Additionally an extra paramater --ssd was added to autotuning to tell smdba
that the database is stored on ssd or fast network storage.

To change an existing configuration with the new defaults call

smdba system-check autotuning

Remember you can also adjust some other parameters, in case you need them:

smdba system-check autotuning [--max_connections=<number>] [--ssd]

Monitoring: Grafana 8.3.5

Uyuni 2022.03 updates Grafana from version 7.5.12 to 8.3.5.

This update fixes several security vulnerabilities:

  * XSS vulnerability in handling data sources (CVE-2022-21702)

  * Cross-origin request forgery vulnerability (CVE-2022-21703)

  * Insecure Direct Object Reference vulnerability in Teams API
    (CVE-2022-21713)

  * GetUserInfo: return an error if no user was found (CVE-2022-21673)

Updating Grafana is strongly recommended.

Relevant changes are:

  * New Alerting for Grafana 8

  * CloudWatch: Add support for AWS Metric Insights

  * CloudWatch: Add AWS RoboMaker metrics and dimension

  * CloudWatch: Add AWS Transfer metrics and dimension

  * CloudWatch: Add AWS LookoutMetrics

  * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics

  * CloudMonitoring: Add support for preprocessing

  * CloudWatch: Add AWS/EFS StorageBytes metric

  * CloudWatch: Add Amplify Console metrics and dimensions

  * CloudWatch: Add metrics for managed RabbitMQ service

  * Elasticsearch: Add support for Elasticsearch 8.0

  * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers

  * AzureMonitor: Add Azure Resource Graph

  * AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics

Check the upstream changelog for more details on what has changed.

There is one breaking change:

  * Grafana 8 Alerting enabled by default for installations that do not use
    legacy alerting.

Uyuni does not use Grafana alerting, so if you do not need it, you can disable
it at the Grafana WebUI.

If you use legacy Grafana alerting in your environment, consider migrating to
new Grafana 8 alerting.

Unsupported products

  * Red Hat Enterprise Linux 6

  * SUSE Linux Enterprise Server Expanded Support 6

  * Oracle Linux 6

  * CentOS 6

  * CentOS 8

  * Ubuntu 16.04

We highly encourage you to migrate your workload to a newer version of each
distribution, or to an alternative distribution that is still supported, so you
can continue managing your infrastructure with Uyuni.

Please note that we will not break things on purpose for these unsupported
products, and there is a possibility that they could still continue to work.
But if things break, there will not be any support provided, not even on a
best-effort basis, unless someone from the community can step in.

Version 2022.02

PostgreSQL default password encryption mechanism change

PostgresSQL is changing its default password encryption mechanism from md5 to
scram-sha-256.

With this update Uyuni will follow this change and will migrate the database
user to this new encryption mechanism.

This should happen fully automated for the existing database user.

The following changes will happen:

  * At the /var/lib/pgsql/data/postgresql.conf file, password_encryption =
    scram-sha-256 will be set.

  * The password for the user specified in the file /etc/rhn/rhn.conf will be
    reset.

  * At the /var/lib/pgsql/data/ph_hba.conf file, all mechanisms which are set
    to md5 will be changed to scram-sha-256.

In case additional users where created, the passwords must be reseted.

This can be done with the following command on the Uyuni Server executed as
"root" user, and exchanging`<DBUSER>` with the right username and <DBPASSWD>
with the new password:

runuser - postgres -c "echo \"ALTER USER <DBUSER> WITH PASSWORD '<DBPASSWD>';\" | psql"

Reporting Database

The reporting database provides Uyuni data used for reports in a simplified
schema, and is accessible by any reporting tool with support for SQL databases
as content sources.

This new database is isolated from the one used for the Uyuni Server, and
created automatically.

The tool uyuni-setup-reportdb-user can create new users which has read-only
access to the data.

For more information on this topic, see Hub reporting.

Ubuntu errata installation

Uyuni now comes with Ubuntu errata support. It does this by downloading errata
information from https://usn.ubuntu.com/usn-db/database.json and matching it
after the syncing of Ubuntu channels.

It also adds support for installing errata on Ubuntu systems by mapping them to
package installs.

For users, it will be a seamless experience and they will get exactly the same
UX as it was for errata management for other distros.

Monitoring

Prometheus 2.32.1

Uyuni 2022.02 updates Prometheus from version 2.27.1 to 2.32.1.

The new version contains some breaking changes that need to be addressed after
the Uyuni Server is updated.

Breaking changes:

  * Uyuni Service Discovery: The configuration and the returned set of meta
    labels have changed. Please check the upstream documentation for more
    details.

  * As a consequence all users with existing monitoring setup must reapply the
    highstate on the monitoring server(s).

Important changes:

  * Introduced generic HTTP-based service discovery.

  * New expression editor with advanced autocompletion, inline linting, and
    syntax highlighting.

  * Discovering Kubernetes API servers using a kubeconfig file.

  * Faster server restart times via snapshotting.

  * Controlling scrape intervals and timeouts via relabeling.

Check the upstream changelog for more details on what has changed.

Postgres exporter updated to version 0.10.0 for SUSE Linux Enterprise and
openSUSE

Uyuni 2022.02 updates the Postgres exporter from version 0.4.7 to the version
0.10.0 for SUSE Linux Enterprise and openSUSE.

This version brings the rename of the package from
golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter, as
this package is now part of the Prometheus Community Projects. After the
package is updated, you will need to reenable the prometheus-postgres_exporter
service:

  * For the Uyuni Server WebUI, proceed to Admin > Manager Configuration >
    Monitoring. You will see PostgreSQL database is stopped. Click Enable and
    the service will get started.

  * For the SUSE Linux Enterprise and openSUSE, apply the highstate to all the
    clients where the PostgreSQL needs to be exported.

The new version also contains a patch that allows connecting to PostgreSQL
servers using scram-sha-256, which is the new default for Uyuni installations
starting with 2022.02.

Check the upstream changelog for more details, including new metrics.

Other operating systems such as for example CentOS7 or AlmaLinux 8 will get
0.10.0 with future Uyuni releases.

SLES PAYG client support on cloud

It is now possible to sync content from SUSE-operated Cloud RMT Server from the
Uyuni. This makes it a lot easier for users with SLES PAYG instances because
now they don?t need to go through a cumbersome process of getting zero-cost
subscriptions.

It works in all three major public clouds AWS, GCP, and Azure.

For more information and instructions on this topic, see the Connect
Pay-as-you-go instance.

openscap for Debian 11 (Tech Preview)

Uyuni 2022.02 provides the openscap package binaries using the sources from
Debian Sid. Debian11 itself does not provide openscap, as it was removed from
Debian Testing during Debian 11 development.

This is a Tech Preview and therefore not supported, but we invite the community
to provide feedback and will provide updates from the Debian upstream package
if needed.

Version 2022.01

Debian 11 as client

Uyuni is now able to manage Debian 11 clients as salt or salt-ssh minions, as
well as all other features that work for previous versions of Debian, with the
exception of openscap as it is not available on Debian 11

The following architectures can be managed:

  * x86_64

  * aarch64

  * armv7l

  * i586

  * ppc64le

  * s390x

Check the Client Configuration Guide for information about how to configure
Uyuni Server to work with Debian 11 clients.

Link to vendor security advisory in Patch details page

The patch details page now contains a new section Vendor Advisory, which links
to the original advisory provided by the vendor of the patch.

This information is auto-generated from data already existing in the database
thus, when possible, it will be available for both new and existing patches.

With Uyuni 2022.01, the following providers are supported:

  * SUSE

  * Red Hat

  * Oracle

  * Amazon

  * AlmaLinux

  * RockyLinux

  * Alibaba

Add support for custom SSH port for SSH minions

Starting with Uyuni 2022.01, using TCP port 22 for SSH minions is not required
anymore, and any TCP port can be used.

Change proxy used for clients from the WebUI

It is now possible to change the proxy used by an Uyuni client using the WebUI.

This can be done from the Connection tab at the Details tab for any Salt
client, using the new link Change to change the connection type.

Using System Set Manager is supported as well, and can be done from the Misc
tab, and then Proxy tab.

NOTE: Changing the connection for a Proxy to move it, is not supported at this
moment. The Connectiontab will not show the Change link for proxies.

Version 2021.12

Salt as a Bundle

Salt Bundle is a single package called venv-salt-minion containing the Salt
Minion, Python and all Python modules. It is exactly the same version and
codebase for the current salt-minion RPM package.

The Salt Bundle can be used on systems that already run another Salt Minion,
that do not meet Salt?s requirements or already provide a newer salt version
that is used instead of the version provided by Uyuni.

Starting with Uyuni 2021.12, Uyuni is able to bootstrap systems with Salt
Bundle for all the supported operating systems.

On bootstrapping new clients the Salt Bundle package will be used instead of
salt-minion, if the package venv-salt-minion is present in the bootstrap repo.

Clients already registered will not be changed, but can be switched to Salt
Bundle with applying the state util.mgr_switch_to_venv_minion to them. For more
information see the Client Configuration Guide.

aarch64 support for openSUSE Leap 15.3, CentOS 7/8, clones and related systems

Uyuni 2021.12 adds support for the aarch64 (ARM64) architecture for the
following operating systems:

  * openSUSE Leap 15.3

  * CentOS 7/8

  * Oracle Linux 7/8

  * Rocky Linux 8

  * AlmaLinux 8

  * Amazon Linux 2

System reactivation

It is now possible to re-activate a system using the UI/XMLRPC-API of Uyuni
which was only possible using bootstrap script before. The bootstrapping page
UI has been extended and the user can now enter the reactivation key of the
system and the UI/XMLRPC-API of Uyuni will take care of the rest.

The same could be achieved from the XMLRPC API.

Low Diskspace notification

With Uyuni 2021.12, on the login page, a banner will be shown when available
disk space on the server will be running low. This will help users avoid
situations like the automatic shutdown of Uyuni when disk space is critically
low, without even noticing it.

Package Locking for Salt Minions

Package locks are used to prevent unauthorized installation or upgrades of
software packages. In the past the package lock feature was only available for
traditional clients. Now it is also available for Salt clients (SUSE, RHEL and
clones, and Debian/Ubuntu).

Check the Package Locking documentation for information about how to use this
feature.

Monitoring

Prometheus Blackbox exporter

Uyuni 2021.12 comes with the Blackbox exporter, which allows blackbox probing
of endpoints over HTTP, HTTPS, DNS, TCP, and ICMP. It needs to be installed
next to the Prometheus server and not on the clients. Prometheus formula has
been extended to configure the Blackbox exporter.

The package prometheus-blackbox_exporter has been added as recommended for the
Proxy.

Formulas

One of the limitations of the current formulas is that they are listed against
every client, even if the supported packages are not available for that OS
version or service pack.

While we are continuously focused on improving the formulas, for now, starting
with the monitoring formulas it will be mentioned in documentation if applying
those formulas would actually work in the case of a particular client.

In 2021.09, we made the Prometheus package available for Uyuni Proxy and Retail
Branch Server but that is not the case with Grafana.

  * Prometheus is available for the client tools for SLE 12, SLE 15, and
    openSUSE 15 Uyuni Proxies or Retail Branch Servers

  * Grafana is available for the client tools for SLE 12, SLE 15, openSUSE15

Content Lifecycle Management improvement

From the Content Lifecycle Management project view, the new column Last build
has been added. This information is useful when you need a general overview of
all latest build times rather than retrieving the information project by
project.

New XMLRPC API methods for SaltKey

Following new XMLRPC methods have been added in SaltKey namespace.

  * accept : API endpoint to accept minion keys

  * reject : API endpoint to reject minion keys

  * pendingList : API endpoint to list pending salt keys

  * acceptedList : API endpoint to list accepted salt keys

  * rejectedList : API endpoint to list rejected salt keys

These methods could further help in improving the automation workflows.

New product enabled

  * SUSE Linux Enterprise Server 15 SP2 LTSS

CVE-2021-40348 remediation

A security fix for CVE-2021-40348 is included as apart of Uyuni 2021.08, to fix
a potential injection arbitrary code to a root-owned file that eventually will
be executed by the system.

The fix for this problem was previously released on October 29th as a patch on
top of Uyuni 2021.09, but if you did not apply such patch yet, we recommend
appling the update to Uyuni 2021.12 as soon as possible.

CentOS 8 End of Life

CentOS 8 will be End of Life on December 31st, 2021. Uyuni support for this
product will end as well.

Please refer to support section for more information.

Future deprecation of the traditional stack

With Uyuni 2021.12, we announced the future deprecation of the Traditional
client tools.

Uyuni 2022.06 is the last release that supportes them.

Starting with Uyuni 2022.08, the traditional client tools will be deprecated as
we will start removing the code at some point after the summer.

Do not use traditional for any new deployments of clients or proxies, and start
migrating your traditional clients to Salt.

Version 2021.09

AppStreams WebUI improvements

The content lifecycle project page in the WebUI has been further improved. This
page now provides AppStreams with a default filter template. This template
creates a module filter for each module in the repository, and specifies the
default stream for each module.

Improve the date time handling on the UI

Uyuni 2021.09 fixes a number of inconsistencies in date time handling related
to time zones by always using the IANA standard format.

A few pages at the Admin menu still show the old format, and will be adapted
with the next Uyuni versions.

Support syncing patches with advisory status 'pending'

Uyuni 2021.09 now supports the new advisory status pending as used by the EPEL7
and 8 repositories.

Virtualization

Virtualization in Uyuni has received some enhancements:

  * UEFI support: UEFI support has been added for creating and editing VMs.
    Note that Auto discovery of the firmware binary and NVRAM depends on the
    version of libvirt installed on a minion.

  * virt-tuner templates: virt-tuner template has been added to create a VM.
    Now users can select a template from the those supported by the virt-tuner
    tool.

spacecmd: allow massive archive and delete actions

Added new commands to "spacecmd" to allow massive archive and delete actions:

  * schedule_archivecompleted: archive all completed actions older than a given
    date

  * schedule_deletearchived: delete all archived actions older than a given
    date

This allows bypassing the Web User Interface display limit.

Recent cobbler CVEs remediation

In addition to fixing Fixed Remote Code Execution in the XMLRPC API which
additionally allowed arbitrary file read and write as root, this release
includes the fixes for CVE-2021-40323, CVE-2021-40324, CVE-2021-40325.

Version 2021.08

Rocky Linux 8 as client

Uyuni is now able to manage Rocky Linux 8 clients as salt or salt-ssh minions,
as well as all other features that work for CentOS 8 or AlmaLinux 8.

Rocky Linux OS intends to fill the gap that will exist after CentOS 8 Stable is
End of Life by the end of 2021. According to the Rocky Enterprise Software
Foundation "Rocky Linux is a community enterprise operating system designed to
be 100% bug-for-bug compatible with America?s top enterprise Linux distribution
now that its downstream partner has shifted direction."

Check the Client Configuration Guide for information about how to configure
Uyuni Server to work with Rocky Linux clients.

For now the following architectures are supported: x86_64

Support for Rocky Linux 8 will continue to improve, including support for other
architectures.

Ansible Playbooks test mode

Ansible Playbooks can now run in test mode.

Known issue: When running a playbook in test mode using an Ansible control node
that is registered as SSH minion in Uyuni, then the action is always reported
as failed, even if it succeeds.

Kiwi parameters for OS Image profiles

It is now possible to pass custom kiwi parameters in an OS Image profile.

This can be particularly helpful for selecting a specific profile when passing
the option (--profile <profilename>) to Kiwi files containing multiple
profiles.

Fixes for AArch64 hosts, including virtualization

Uyuni 2021.08 now collects more information about CPU for AArch64 systems.
That, together with some more fixes, make virtualization features usable on
AArch64 systems.

Virtual Machines and UEFI

Virtual machines can now be created with UEFI support from the web interface.

Pacemaker support for KVM and Xen virtual machines

Starting with Uyuni 2021.08, creating a virtual machine on a Pacemaker cluster
node defines the resource on the cluster. The cluster-managed virtual machines
can also be live migrated using the Uyuni web interface.

New CLM Filter Template

Content Lifecycle Management got a new filter template to setup Live Patching
based on an existing system.

OpenSCAP Audit

The OpenSCAP XCCDF scan UI supports now more options and additional OVAL files
can be defined. Supported options are:

  * --profile <name>

  * --rule <id>

  * --tailoring-file <path>

  * --tailoring-id <id>

  * --fetch-remote-resources

  * --remediate

You can provide additional OVAL files paths to prevent using
--fetch-remote-resource when the file is locally available.

Logs for Salt SSH clients

Starting with Uyuni 2021.08, all Salt SSH clients will have a log at /var/log/
salt-ssh.log, as well as log rotation configured for it.

Tech-preview: Inter-Server Synchronization version 2

Uyuni 2021.08, includes Inter-Server Synchronization version 2. This new
version allows exporting software channels between servers without the previous
notions of master and slave. Unlike the previous Inter-Server Synchronization,
no mandatory direct connection between servers is needed since data are
exported and imported in a disconnected mode.

Check the (new Inter-Server Syncronization 2 documentation for more
information.

Monitoring

Grafana

Grafana was updated from version 7.4.2 to 7.5.7.

Check the upstream documentation for details on what has changed:

  * https://grafana.com/docs/grafana/latest/whatsnew/whats-new-in-v7-4/

  * https://grafana.com/docs/grafana/latest/whatsnew/whats-new-in-v7-5/

Prometheus

Prometheus was updated from version 2.26.0 to 2.27.1.

Important changes:

  * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622)

Check the upstream documentation for more details on what has changed:

  * https://github.com/prometheus/prometheus/releases/tag/v2.27.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.27.0

Version 2021.06

Upgrade notes

WARNING: This release updates the base OS from openSUSE Leap 15.2 to openSUSE
Leap 15.3 and there are special steps required. You need at least Uyuni 2020.07
already installed to perform the upgrade, and you need to follow the (major
upgrade procedure for the Server. More details are also available at the
"Update from previous versions of Uyuni Server" section below.

Salt 3002

Salt has been upgraded to upstream version 3002, plus a number of patches,
backports and enhancements by SUSE, for the Uyuni Server, Proxy and Client
Tools (where the client operating system supports Python 3.5+; otherwise Salt
3000 or 2016.11 are used).

Salt 3002 only works with Python 3.5+, therefore:

  * Salt 3002 is only available on SLE 15, RHEL 8 (and clones: CentOS, Oracle
    Linux, SLES Expanded Support and AlmaLinux), Ubuntu 18.04 and 20.04, and
    Debian 10. Only a Python 3 version is provided.

  * Salt 3000 is still the version of Salt for SLE 12, RHEL 7 (and clones:
    CenOS, Oracle Linux, SLES Expanded Support, Amazon Linux and Alibaba Cloud
    Linux) and Debian 9. Only a Python 2 version is provided. SLE 12
    additionally provides a Python 3 version.

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the
Salt 3002 upstream release notes and Salt 3001 upstream release notes.

Base System Upgrade

The base system was upgraded to openSUSE Leap 15.3.

The Uyuni Proxy and Retail Branch Server can now be installed on top of
openSUSE Leap 15.3 JeOS edition.

PostgreSQL 13

The database engine has been updated from PostgreSQL 12 to PostgreSQL 13, which
brings a number of performance and reliability improvements. A detailed
changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, Uyuni
 2021.06 will refuse to start until the database migration from PostgreSQL 12
to PostgreSQL 13 has completed successfully.

Please note the database migration from PostgreSQL 12 will rebuild the database
indices. This may take several hours if you have thousands of software
channels.

Missing openSUSE Leap 15.3 channels added to spacewalk-common-channels

After openSUSE Leap 15.3 GA, two new repositories we added as part of
Maintenance Updates, and are now part of spacewalk-common-channels as two new
channels:

  * opensuse_leap15_3-sle-updates

  * opensuse_leap15_3-backports-updates

Both channels are available for x86_64 and aarch64 architectures.

You can add them to your Uyuni Server with spacewalk-common-channels, and then
sync them.

After the sync is complete, consider adding them to all your openSUSE Leap 15.3
clients.

Integration of Ansible into an Uyuni automation environment to protect customer
investment and ease migration (Technology Preview)

Configuration and automation platforms have become increasingly important to
control an organization?s ever-growing IT landscape. There are a variety of
popular tools in the market and companies may have already made investments in
a particular tool, one of them being Ansible.

Adopting Uyuni, or migrating to it, does not mean that you should necessarily
renounce your previous configuration management systems investment. Uyuni
2021.06 provides support for Ansible packages on SLE and connects to the
Ansible control nodes on any supported client operating system to gather
inventory, playbooks and manage clients with Uyuni.

Uyuni 2021.06 allows you to simply re-use and run your Ansible playbooks,
saving time and resources by consolidating tools while keeping existing
automation investments. This means you do not have to re-implement your Ansible
automation solution, making migration to the SUSE and openSUSE landscape
easier.

Combined with its strong Salt capabilities, it enhances Uyuni?s configuration
and automation capabilities helping you to orchestrate even the largest
environments ? across cloud and on-premise.

Version 2021.05

New products enabled

  * SLE Micro 5.0

  * openSUSE MicroOS

SLE Micro 5.0 and openSUSE MicroOS as clients

Uyuni 2021.05 provides limited support for SLE Micro 5.0 and openSUSE MicroOS
clients. The following features work:

  * Client registration

  * Salt remote commands

  * Formulas and Formulas with Forms

  * Installed software packages, updates, patches, etc are listed

  * Refreshing installed package list

  * Package installation, update, patching, removal

  * Content Lifecycle Management

  * State and configuration channels

  * Autoinstallation with AutoYaST and Yomi

Known issues:

  * transactional-update versions 3.2.2-1.1 or older contain a bug and will not
    work properly with Salt. A fix will be shipped (in SLE Micro 5.0) soon,
    which will enable it with Salt and Uyuni.

  * Package and patch installation, removal and update work but after
    installation, the WebUI will not show the actual patch state of the system,
    and it will not notify a reboot is required for those changes to be
    enabled. As a workaround, you can manually schedule a reboot.

  * Action chains will fail

  * Container management. Uyuni cannot manage podman containers at the moment
    but you can use Salt remote commands for that.

  * Maintenance windows in SLE Micro are currently independent from Uyuni?s

  * First releases of SLE Micro 5.0 contained a broken salt-minion package.
    Please make sure you use the latest version available in the SLE Micro
    Update channel. This does not affect openSUSE MicroOS.

SLE Micro and openSUSE MicroOS are only supported as a Salt minion. The
traditional stack will not be supported.

The missing features will be added in upcoming releases of Uyuni.

Deprecated products

  * Red Hat Enterprise Linux 6

  * Oracle Linux 6

  * CentOS 6

  * Ubuntu 16.04 LTS

RHEL 6 (and clones: CentOS 6, Oracle Linux 6, SLES ES 6) ended upstream general
support on November 30th, 2020. After a grace period of 7 months, we are now
ending fixes for these operating systems.

Ubuntu 16.04 LTS ended upstream general support on April 30th, 2021. After a
grace period of 3 months, we are now ending fixes for these operating systems.

Please note "ending fixes" means their client tools remain available and can
still be added, mirrored and used. But in case they stop working at some point
in time, fixes will only be provided as on a best-effort basis (which in
general means if the issue can be reproduced with a supported operating system,
it will be fixed; but if the issue is specific to the unsupported operating
system, a fix should not be expected).

Prometheus TLS

Prometheus and the Prometheus formulas now support TLS and basic authentication
for HTTP endpoints. This provides a way to securely transfer metrics data.

Updated Prometheus

Prometheus has been updated from version 2.21.1 to version 2.26.0, which brings
a number of bugfixes and improvements (such as securing connections using TLS).

For details on what changed in each version between 2.21.1 and 2.26.0, see:

  * https://github.com/prometheus/prometheus/releases/tag/v2.22.2

  * https://github.com/prometheus/prometheus/releases/tag/v2.23.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.24.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.24.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.25.0

  * https://github.com/prometheus/prometheus/releases/tag/v2.25.1

  * https://github.com/prometheus/prometheus/releases/tag/v2.25.2

  * https://github.com/prometheus/prometheus/releases/tag/v2.26.0

Migrate clients from openSUSE Leap to SUSE Linux Enterprise Server

The "Service Pack Migration" feature has been renamed "Product Migration".

In Uyuni 2021.05, the Product Migration feature allows two different use cases:

  * Migration from one service pack to another within the same major version of
    SUSE Linux Enterprise (e. g. from SLE 15 SP2 to SLE 15 SP3)

  * Migration from openSUSE Leap to the equivalent version of SLES (e. g. from
    Leap 15.3 to SLES 15 SP3). A registration key for openSUSE Leap is
    required, which can be obtained from SCC for free.

Migration between different SUSE Linux Enterprise codestreams (e. g. SLE 12 to
SLE 15) is not possible using the Product Migration feature. Use
autoinstallation profiles for that.

Migration between non-SUSE products (e. g. from CentOS to AlmaLinux) is not
available at the moment.

Easier system group and configuration channel assignment

We have simplified the screens where system groups and configuration channels
were assigned by removing the tabs and subtabs. All the information and actions
are now in the same screen.

Enhanced CLM filter list

The Content Lifecycle Management filter list screen how allows filter
selection, deletion and sorting and search by project.

Notify beacon for DEB-based clients

While the recommended way to manage clients is to install, remove, patch, etc
from Uyuni, which triggers the correct actions, sometimes users run the package
managers directly. When doing this on Debian and Ubuntu clients, the WebUI
showed an outdated package list for some time.

Uyuni now hooks directly into the package manager database on the client to
identify local package management and trigger a package refresh from the Server
to make sure the list of packages is always up to date.

Allow setting primary FQDN for the systems

It is now possible possible to set/get the primary FQDN of a given system.

  * Via XMLRPC-API:

      + The existing system.getNetworkForSystems method will now return a new
        fqdn field with the primary FQDN

      + A new system.setPrimaryFqdn method has been added to set the primary
        FQDN of a given system

  * Via WebUI:

      + The primary FQDN of a given systems can ve visualized/set via System >
        Details > Hardware page.

      + This is specially useful because this data is used to configure target
        address for monitoring.

Virtualization

Virtualization in Uyuni has received a number of enhancements:

  * Fine-tuning: CPU pinning and special memory configurations, such as those
    required when running SAP under KVM, can now be configured with Uyuni.

  * Autostart: automatically start needed networks and storage pools when
    creating/starting a VM

  * Virtual console: the virtual console monitors virtual machine state changes
    and can be opened even when the virtual machine is powered off. This helps
    in debugging startup issues, and allows to manage the VM even when it is
    running on another virtualization host.

  * The virtpoller beacon is now removed a replaced by a refresh action.

Custom data as pillar

Traditional stack clients could receive some custom information via macros but
this feature was missing on Salt clients.

In Uyuni 2021.05, we have implemented passing any custom information to Salt
clients (both salt-minion and salt-ssh) via pillars:

salt \* pillar.get custom_info:key1
minion:
    val1

Retracted patches

When an operating system vendor releases a new patch, it might happen that the
patch has undesirable side effects (security, stability, boot no longer
working, etc) on some scenario that was not identified by testing. When that
happens (very rarely), vendors typically release a new patch, which may take
from hours to days, depending on the internal processes in place by that
vendor.

SUSE has introduced a new mechanism called "retracted patches" to take back
such patches in minutes by simply removing the bad patch from the repository
metadata and resorting to the previously working patch. These patches receive
the advisory status "retracted" (instead of the usual "final" or "stable").

Uyuni now supports retracted paches across all the lifecycle:

  * Retracted patches can be synchronized

  * When a patch is retracted, it will be noted as such with its own specific
    icon and status

  * Retracted patches can be cloned

Following the behavior defined in zypper:

  * Once a retracted patch is installed, it will not be uninstalled unless you
    uninstall it explicitly. Uyuni will never automatically uninstall anything
    from your systems on its own.

  * Once a patch has been retracted by the vendor, the retracted patch cannot
    be installed via normal patch, update and installations.

  * Retracted patches remain available in the software channels and can be
    forcefully-installed/updated-to by speficying the exact version you want to
    install (e. g. by using zypper directly or by using the exact version in a
    Salt state).

To protect our users, the behaviour when cloning retracted patches is slightly
different than usual:

  * When a Content Lifecycle Management project uses a source channel which
    contains a now-retracted patch, a warning is displayed so that you are
    aware you should build and propagate the patch as soon as possible.

  * When a retracted patch is synchronized, it will not be cloned to the cloned
    channels by default. You will need to propagate it explicitly, like any
    other patch.

  * In contrast, once a retracted patch has been added one Content Lifecycle
    Management project and the project software channels built, the retracted
    patch will be automaticaly propagated all the other projects where that
    (now retracted) patch is available.

Client systems forwarded to SUSE Customer Center

This feature is only available when you enter your SCC mirroring credentials in
Uyuni Server.

Until Uyuni 2021.05, the managed clients were not listed at SCC even if a SCC
account was present at the Uyuni Server. This surprised users, who did not
understand why clients connected via SUSEconnect, RMT or SMT would show in SCC,
but clients connected with Uyuni would not.

Responding to this often-asked question and feature request for both Uyuni and
SUSE Manager, we have now implemented client list forwarding to SCC in Uyuni
2021.05.

If you have a SCC account added at your Uyuni Servers, then the clients (even
non-SUSE operating systems) managed by Uyuni Server (connected directly or via
Proxy or Retail Branch Server) will be listed in SCC.

When a client is removed from Uyuni, it will also be removed from SCC.

The information transferred is limited to that which is already collected and
transferred by SUSEconnect, RMT and SMT:

  * Client OS name and version

  * Hostname

  * Number of CPU sockets

  * Architecture

  * UUID of the system

  * Hypervisor and cloud provider information

  * Login: Uyuni instance id + client system id

  * Password: random string generated by Uyuni. Not used.

This information is used for statistical and product research purposes only.

In case you want to add your SCC account to Uyuni but completely disable client
list submission to SCC, set this parameter in /etc/rhn/rhn.conf and restart
Uyuni (spacewalk-service restart):

server.susemanager.forward_registration = 0

Display of the client operating system name and version in SCC is pending an
upcoming update in SCC.

Configuration state summary

In Uyuni, configuration may come from many different places: Uyuni itself,
configuration channels assigned to your organization, configuration channels
assigned to the system groups your clients belong to, configuration channels
assigned directly to a client system or formulas with forms.

When managing a large number of clients distributed across several
organizations, with multiple system groups, channels, etc, knowing what is
exactly the configuration that will be applied may become a daunting task.

In Uyuni 2021.05, we have added the configuration state summary to the
Highstate page of the client. With this, you can see exactly where state is
coming from.

Live patching made easy with filter templates

SUSE Linux Enterprise Live Patching helps customers to bring down reboot cycles
to once a year which saves companies a time, resources and availability
compared to not using live patching at all.

Setting up Live Patching requires installing specific kernel versions which are
enabled for live patches, and installing the specific live patches.

Uyuni 2021.05 implements filter templates, which are a set of pre-defined
filters for a specific use case. The first filter template we are including in
Uyuni 2021.05 makes it easy to configure live patching for a specific SUSE
product (e. g. SLE 15 SP2). New filter templates and additional information
about the lifecycle of the live kernel will be added in upcoming versions of
Uyuni.

HTML documentation for the API

The API documentation is now available in HTML format, in addition to the
existing PDF document.

The new HTML API documentation includes a search engine too:
https://www.uyuni-project.org/uyuni-docs-api/uyuni/index.html

New API calls

New API calls have been added:

  * Enhanced config channel API with list assigned groups

  * Enhanced server group API with config channel and formula access methods

  * Added an API endpoint to allow/disallow scheduling irrelevant patches

  * Added APIs to manage retracted patches

  * Added APIs to set and get the primary FQDN of a given system
    (system.getNetworkForSystems/system.setPrimaryFqdn)

spacecmd improvements

The spacecmd commandset has been modified to match the current features of the
product:

  * Add group_addconfigchannel and group_removeconfigchannel

  * Add group_listconfigchannels and configchannel_listgroups

  * Deprecated "Software Crashes" commands

Activation key dropped from system details

Activation keys can be used when registering new clients, or re-registering
existing clients, to make sure the correct software entitlements, software
channels, system groups, etc are applied when they come under Uyuni management.

After a client is registered to Uyuni, activation keys serve no purpose.
Software channels, groups, etc can be changed independently from the activation
key.

The fact the activation key remained in the System Details led users to think
editing the activation key (e. g. changing the software channels assigned to
that activation key) would change what was assigned to that client system. This
is not true. To avoid that confusion, the Activation Key field has been removed
from the System Details of registered clients.

Activation keys can still be used during client registration.

Software Crashes (ABRT) dropped

The Software Crashes feature, based on the ABRT library, has been dropped in
Uyuni 2021.05. This was a very old feature which only worked on a limited set
of clients and required careful configuration to actually submit crash reports
to the Uyuni Server instead of upstream projects.

Warning about Ansible integration

Uyuni 2021.05 introduces some new changes related with the ongoing
implementation of Ansible control node management:

  * New "Ansible Control Node" system type in "System ? Properties".

  * New "Ansible" tab in the system page to operate your Ansible control node.

  * New XMLRPC endpoints for operating your Ansible control node.

 This technology preview feature is NOT yet ready to work correctly in Uyuni
 2021.05. You should not assign this new "system type" yet to your registered
 systems. The feature will be available with Uyuni 2021.06

Version 2021.04

Vendor change for some Java dependencies

We continue to increase the number of Java depencies we use directly from
openSUSE.

Before starting the services, make sure you run this command to change the
vendor of the xstream package:

zypper install --allow-downgrade --allow-vendor-change -f
xstream-1.4.15-lp152.2.3.1

This will also install the packages xpp3 and xpp3-minimal

Fix for potential security issue with Java RMI

Uyuni 2021.04 fixes a potential security issue that could allow remote code
execution via Java RMI.

This issue only existed on the Uyuni Server if the self-monitoring was enabled.

The access to Java RMI is now limited to localhost.

New products enabled

  * Amazon Linux 2

  * Alibaba Linux 2

  * AlmaLinux 8

  * MicroFocus Open Enterprise Server 2018 SP3

  * openSUSE Leap 15.3 (Beta)

Amazon Linux 2 and Alibaba Linux 2 clients

Uyuni is now able to manage Amazon Linux 2 and Alibaba Linux 2 clients as salt
or salt-ssh minions, as well as all other features that work for CentOS 7.

Check the Client Configuration Guide for information about how to configure
Uyuni Server to work with Debian clients.

For now the following architectures are supported: x86_64

Support for Amazon Linux2 and Alibaba Linux 2 will continue to improve,
including support for aarch64 clients.

AlmaLinux 8

Uyuni is now able to manage AlmaLinux 8 clients as salt or salt-ssh minions, as
well as all other features that work for CentOS 8.

AlmaLinux OS intends to fill the gap that will exist after CentOS 8 Stable is
End of Life by the end of 2021. According to the AlmaLinux OS Foundation
"AlmaLinux OS is a 1:1 binary compatible fork of RHEL? 8"

Check the Client Configuration Guide for information about how to configure
Uyuni Server to work with AlmaLinux clients.

For now the following architectures are supported: x86_64

Support for AlmaLinux 8 will continue to improve, including support for other
architectures as they are added to AlmaLinux.

Maintenance Windows UI

Scheduling Maintenance Windows is now easier:

  * An interactive calendar has replaced the display of the iCalendar file in
    the details view

  * An interactive web calendar replaces the listing of upcoming maintenance
    windows in the details of a maintenance schedule, and events associated
    with that schedule are displayed.

Removal of deprecated XMLRPC API methods

The following XMLRPC API methods have been deprecated for a long time and are
removed as part of Uyuni 2021.04:

  * ActivationKeyHandler addPackageNames(User loggedInUser, String key, List
    packageNames)

  * ActivationKeyHandler removePackageNames(User loggedInUser, String key, List
    packageNames)

  * ChannelHandler listRedHatChannels(User loggedInUser)

  * ChannelSoftwareHandler listAllPackages(User loggedInUser, String
    channelLabel, String startDate, String endDate)

  * ChannelSoftwareHandler listAllPackages(User loggedInUser, String
    channelLabel, String startDate)

  * ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String
    channelLabel, String startDate, String endDate)

  * ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String
    channelLabel, String startDate)

  * ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String
    channelLabel)

  * ChannelSoftwareHandler setSystemChannels(User loggedInUser, Integer sid,
    List channelLabels)

  * ChannelSoftwareHandler listErrata(User loggedInUser, String channelLabel,
    String startDate)

  * ChannelSoftwareHandler listErrata(User loggedInUser, String channelLabel,
    String startDate, String endDate)

  * ChannelSoftwareHandler subscribeSystem(User loggedInUser, Integer sid, List
    labels)

  * ChannelSoftwareHandler unsubscribeChannels(User user, List sids, String
    baseChannel, List childLabels)

  * ErrataHandler listByDate(User loggedInUser, String channelLabel)

  * KickstartHandler listKickstartableTrees(User loggedInUser, String
    channelLabel)

  * ContentSyncHandler synchronizeProductChannels(User loggedInUser)

  * SystemHandler listBaseChannels(User loggedInUser, Integer sid)

  * SystemHandler listChildChannels(User loggedInUser, Integer sid)

  * SystemHandler applyErrata(User loggedInUser, Integer sid, List errataIds)

  * UserHandler getLoggedInTime(User loggedInUser, String login)

  * SystemHandler setChildChannels(User loggedInUser, Integer sid, List
    channelIdsOrLabels)

  * SystemHandler setBaseChannel(User loggedInUser, Integer sid, Integer cid)

  * SystemHandler setBaseChannel(User loggedInUser, Integer sid, String
    channelLabel)

Reactivation keys in bootstrap scripts

Bootstrap scripts can include an activation key to directly assign software
channels, configuration channels, entitlements, etc to a system while
registering.

Reactivation keys can be used to re-register a previously registered client and
regain all Uyuni settings. For example, to move clients registered to the Uyuni
Server to being registered through an Uyuni Proxy (or Retail Branch Server),
when reinstalling, and in some other cases.

Uyuni now supports the combination of reactivation keys and bootstrap scripts.
Specify a reactivation key in the bootstrap script to re-register systems. For
example, if your Uyuni Server has too many clients directly attached and you
want to bulk move them to a Uyuni Proxy (or Retail Branch Server).

Enable SAN SSL certificates

Subject Alternative Name (SAN) is an extension to X.509 that allows various
values to be associated with a security certificate using a subjectAltName
field. This is commonly used to generate SSL certificates that protect multiple
domains with a single certificate.

These kinds of certificate are becoming popular amongst users with their own
Certificate Authority, so we have implemented support.

Universe Security, Multiverse, Restricted, and Backport channels for Ubuntu.

The Universe Security, Multiverse, Restricted, and Backport channels for Ubuntu
16.04, 18.04 and 20.04 are now part of spacewalk-common-channels. They can now
be added to Uyuni Server for synchronization, and can be added to Ubuntu
clients.

Oracle Linux UEK channel

The Oracle Unbreakable Enterprise Kernel channels are now available at
spacewalk-common-channels for Oracle Linux 6, 7, and 8.

Performance improvements

The add packages to channel feature has been optimized, resulting in a faster
experience in the WebUI when adding packages from another channel.

A number of database queries and error conditions have been optimized,
particularly in pages related to software installation and patching. This has
resulted in a faster experience in the WebUI.

Redfish power management

Redfish is a suite of specifications that deliver an industry standard protocol
for the management of servers, storage, networking, and converged
infrastructure.

Uyuni now supports power management using Redfish, in addition to the existing
IPMI power management.

OpenSCAP from SSM

Mass-auditing Salt clients with OpenSCAP is now possible from the System Set
Manager.

Virtual network creation UI

The virtual networks page allows creating libvirt virtual networks with most
supported configuration values.

Logging

mgr-create-bootstrap-repo will now log under /var/log/rhn/
mgr-create-bootstrap-repo and will rotate the log files daily, keeping an
history of 30 days. Clean up any leftover log file in /var/log/rhn/
mgr-create-bootstrap-repo.* by archiving or deleting them.

Monitoring

Prometheus Exporter Exporter for Debian

The reverse proxy for exporters, which simplifies setting up security and
networking policies, is now also available on Debian 9 and Debian 10.

With this addition, the Exporter Exporter is now available for almost all
operating systems Uyuni supports.

Node Exporter Updated to 1.1.2

All the changes can be found in the package changelog, or at https://github.com
/prometheus/node_exporter/releases

This update applies to SLE 12 and 15, openSUSE Leap 15, CentOS 7 and 8, RHEL 7
and 8, and Oracle 7 and 8.

Updates for Ubuntu and Debian will be part of future Uyuni versions.

Version 2021.02

Recent Salt CVEs remediation

This release includes the fixes for CVE-2020-28243, CVE-2020-28972,
CVE-2021-3148, CVE-2021-25281, CVE-2021-25282, CVE-2021-25283, CVE-2021-3144,
CVE-2021-25284, CVE-2021-3197 and CVE-2020-35662

The fixes affect your Uyuni Server, Proxy, Retail Branch Server and Salt
minions, so we recommend appling the fixes as soon as possible.

Prometheus exporters' reverse proxy formula Ubuntu support

The formula for Prometheus exporter?s formula can now be used with Ubuntu
clients.

Version 2021.01

Vendor change for some Java dependencies

Besides the regular update, you will need to execute the following command to
change the vendor for some Java dependencies:

zypper install --allow-downgrade --allow-vendor-change -f
apache-commons-cli-1.4-lp152.1.3.noarch
apache-commons-jexl-2.1.1-lp152.1.1.noarch
apache-commons-el-1.0-lp152.2.3.1.noarch

If you do not do this, the WebUI will not start and you will get an HTTP 404
error.

Fix version comparison algorithm for deb packages (Ubuntu)

In some rare cases, Uyuni suggested that users upgrade Ubuntu packages with an
older version than the one currently installed (for example, suggesting
installation of libtre5-0.8.0-3+deb7u1ubuntu1 instead of
libtre5-0.8.0-3ubuntu1).

Starting with Uyuni 2021.02, the algorithm used for comparing package versions
has been separated for RPM and deb packages. Having two algorithms for
comparing packages means that deb packages in Ubuntu are now correctly ordered,
and work as successfully as the RPM package algorithm. This means that the rare
case explained above no longer occurs, and any proposed update is correct and
should be performed.

This update also fixes problems syncing Ubuntu and Debian channels and
repositories.

IMPORTANT: You need to plan this update. The database changes require updating
the EVR information (epoch, version, release) for all packages. Depending on
the specifications of your Uyuni installation, the number of channels, and
onboarded instances, the services will take between 30 minutes and several
hours while the schema is migrated.

New products enabled

  * SUSE Linux Enterprise 15 SP3 family (beta)

  * SLE 15 SP1 LTSS

  * SUSE Linux Enterprise HPC 15 SP2 LTSS

  * SUSE Container as a Service Platform 4.5 (x86_64 and aarch64)

SAP content

SUSE Linux Enterprise Server for SAP applications is the best operating system
to run your SAP workloads.

Tthis release of Uyuni includes content which provides added value to SLES for
SAP users:

  * Documentation: New Quick Start: SAP

  * Formulas:

      + saphanabootstrap-formula: SAP HANA deployment Salt formula. This
        formula can install SAP HANA nodes, enable system replication and
        configure SLE-HA cluster with the SAPHanaSR resource agent, using
        standalone Salt or via Uyuni formulas with forms.

      + sapnwbootstrap-formula: SAP Netweaver deployment Salt formula. This
        formula can install SAP Netweaver instances (ASCS, ERS, PAS, AAS) and
        perform some basic actions to optimize their usage.

      + drbd-formula: DRBD deployment Salt formula (requires drbd-utils)

      + habootstrap-formula: HA cluster salt deployment formula. This formula
        can boostrap an HA cluster ((init, join, remove) using standalone Salt
        or via Uyuni formulas with forms.

  * Salt state modules:

      + salt-shaptools: Salt modules and states for SAP Applications and SLE-HA
        components management

  * Grafana dashboards:

      + grafana-sap-hana-dashboards: Grafana Dashboards displaying metrics
        about SAP HANA databases.

      + grafana-sap-netweaver-dashboards: Grafana Dashboards displaying metrics
        about a SAP NetWeaver landscape.

      + grafana-ha-cluster-dashboards: Grafana Dashboards displaying metrics
        about a Pacemaker/Corosync High Availability Cluster.

      + grafana-sap-providers: Automated configuration provisioners used by
        other packages to enable zero-config installation of Grafana
        dashboards.

The formulas and Salt state modules are included in the Uyuni Server channel.
The Grafana dashboards are included in the Uyuni Client Tools for SLE 12 and
SLE 15 channels.

CPU mitigations formula

Unsupported clients are now handled gracefully and mitigations have been added
for the Xen hypervisor.

Vendor change on SP migration

Vendor change (changing the repository where a package comes from) can now
optionally be enabled during service pack migration.

This feature is useful where the client system is using unofficial packages and
you want to move back to official packages, or to switch from an official
package to a third-party version of a package. Instead of performing the SP
migration within the same vendor and then manually installing the package from
the new vendor, you can now do everything in a single action.

This feature is available for SUSE Linux Enterprise 12 or newer, and can also
be used to migrate from openSUSE Leap 15 to SUSE Linux Enterprise 15.

Autoinstallation of older operating systems

Autoinstallation provisioning is now compatible with GRUB and ELILO in addition
to GRUB2 only, which is useful when provisioning SLES 11 SP4 and RHEL 6 (and
clones) systems.

Oracle Linux ULN repositories

Oracle Unbreakable Linux Network repositories are now supported in Software >
Manage > Repositories. Oracle Linux users with a subscription from Oracle can
use this to manually add the repositories for KSplice and others.

CentOS 6 repositories

CentOS 6 reached end-of-life on November 30th, 2020, and the CentOS Project
moved its repositories to the vault archive. URLs at spacewalk-common-channels
for new Uyuni Servers. For existing Uyuni servers the database migration will
take care of updating the URLs at the database.

Other operating systems in the same class also reached end-of-life but require
no change, since they will continue to work as-is: Oracle Linux 6 (URLs not
changed) and Red Hat Enterprise Linux 6 (URLs are provided by users).

New countries and timezones

The countries and timezones list have been refreshed, adapting to the latest
timezone and geopolitical changes.

Cluster management: upgrade plan

When upgrading a cluster, the upgrade plan is now shown in the WebUI. This
makes it easier to verify that an upgrade will be conducted as expected.

Yomi refresh

The formulas that make autoinstallation of SLES and openSUSE systems simpler
have been upgraded to the latest version provided by the Yomi project. The
updated formulas are more intuitive, harder to misuse, and allow you to specify
additional advanced options.

Uyuni Server connections are always and only secure

The WebUI and the CLI commands no longer provide an option to disable SSL. The
option was in fact already obsolete and not working.

Monitoring updates

Grafana 7.3.1

Grafana has been updated from version 7.1.5 to version 7.3.1 which brings a
number of bugfixes and improvements.

Notable improvements:

  * Add monitoring mixing for Grafana.

  * New Cloudwatch metrics

  * Elasticsearch: Support multiple pipeline aggregations for a query.

  * Support request cancellation properly for PostgreSQL, Loki and Prometheus

  * Postgres: Support Unix socket for host

  * Loki: Re-introduce running of instant queries

  * Prometheus: Support request cancellation properly. Add $__rate_interval
    variable

  * API improvements

  * Variables: enables cancel for slow query variables queries

  * Table: Adds column filtering

Breaking changes:

  * CloudWatch: The AWS CloudWatch data source?s authentication scheme has
    changed. See the upgrade notes for details and how this may affect you.

  * Units: The date time units YYYY-MM-DD HH:mm:ss and MM/DD/YYYY h:mm:ss a
    have been renamed to Datetime ISO and Datetime US respectively.

A detailed changelog is available at upstream.

Prometheus 2.22.1

The core of our monitoring solution, Prometheus, has been updated from version
2.18.0 to version 2.22.1, which brings a number of bugfixes and improvement.

Notable improvements:

  * Web: Remove APIv2.

  * React UI: Implement missing TSDB head stats section.

  * UI: Add Collapse all button to targets page.

  * UI: Clarify alert state toggle via checkbox icon.

  * Gracefully handle unknown WAL record types.

  * Issue a warning for 64-bit systems running 32-bit binaries.

  * TSDB: Memory-map full chunks of Head (in-memory) block from disk. This
    reduces memory footprint and makes restarts faster.

  * TSDB: Reduced contention in isolation for high load.

  * Discovery: Added discovery support for Triton global zones.

  * Remote Read: Added prometheus_remote_storage_remote_read_queries_total
    counter to count the total number of remote read queries.

  * Added time range parameters for label names and label values API.

Detail changelogs for each version between 2.18.0 and 2.22.1 can be found at: *
https://github.com/prometheus/prometheus/releases/tag/v2.22.1 * https://
github.com/prometheus/prometheus/releases/tag/v2.22.0 * https://github.com/
prometheus/prometheus/releases/tag/v2.19.3 * https://github.com/prometheus/
prometheus/releases/tag/v2.19.2 * https://github.com/prometheus/prometheus/
releases/tag/v2.19.1 * https://github.com/prometheus/prometheus/releases/tag/
v2.19.0 * https://github.com/prometheus/prometheus/releases/tag/v2.18.2 *
https://github.com/prometheus/prometheus/releases/tag/v2.18.1

Prometheus Exporter Exporter for Ubuntu 18.04/20.04 and Debian 9/10

The Reverse-proxy Exporter Exporter, which allows you to expose a single port
no matter how many exporters are running on the client, is now available for
18.04/20.04 and Debian 9/10.

Version 2020.11

Recent Salt CVEs remediation

This release includes the fixes for CVE-2020-16846, CVE-2020-17490 and
CVE-2020-25592 that we already released on November 16th for Uyuni 2020.09.

If you did not apply the patch already, update your Uyuni Server, Proxy, Retail
Branch Server and Salt minions as soon as possible.

CentOS 7/8 ppc64le support

Uyuni can now manage CentOS7 and CentOS8 ppc64le clients. Supported features
are the same available for x86_64 clients.

Prometheus Exporter Exporter for CentOS, Oracle and RHEL 7 and 8

The reverse-proxy Exporter Exporter, which allows you to expose a single port
no matter how many exporters are running on the client, is now available for
CentOS, Oracle and RHEL 7 and 8 for both x86_64 and ppc64le.

Node Exporter updated to version 1.0.1 for most operating systems

The following operating systems will receive version 1.0.1:

  * openSUSE Leap 15.1 and 15.2

  * SLE12 (all service packs)

  * SLE15 (all service packs)

  * Ubuntu 20.04

  * CentOS/Oracle/RHEL 8

  * CentOS/Oracle/RHEL 7

All the changes can be found at the changelog for the package, or at https://
github.com/prometheus/node_exporter/releases/tag/v1.0.0 and https://github.com/
prometheus/node_exporter/releases/tag/v1.0.1

Keep in mind this new version includes some breaking changes:

  * The netdev collector CLI argument --collector.netdev.ignored-devices was
    renamed to --collector.netdev.device-blacklist in order to conform with the
    systemd collector.

  * The label named state on node_systemd_service_restart_total metrics was
    changed to name to better describe the metric.

  * Refactoring of the mdadm collector changes several metrics:

  * node_md_disks_active is removed

  * node_md_disks now has a state label for "fail", "spare", "active" disks.

  * node_md_is_active is replaced by node_md_state with a state set of
    "active", "inactive", "recovering", "resync".

  * Additional label mountaddr added to NFS device metrics to distinguish
    mounts from the same URL, but different IP addresses.

  * Metrics node_cpu_scaling_frequency_min_hrts and
    node_cpu_scaling_frequency_max_hrts of the cpufreq collector were renamed
    to node_cpu_scaling_frequency_min_hertz and
    node_cpu_scaling_frequency_max_hertz.

  * Collectors that are enabled, but are unable to find data to collect, now
    return 0 for node_scrape_collector_success.

Web UI themes

Uyuni now supports themes. Users can select what theme they want to use in the
User Preferences page in the Web UI. Initially, we are providing three themes:

  * SUSE Manager light: default light, low-contrast theme

  * SUSE Manager dark: high-contrast theme based on the light theme

  * Uyuni: SUSE Manager 4.0 and Uyuni theme. Also high-contrast.

Administrators can globally disable themes in /etc/rhn/rhn.conf by listing
which themes they want to allow:

# susemanager-light,susemanager-dark,uyuni
web.themes = susemanager-light,susemanager-dark,uyuni
web.theme_default = susemanager-light

Prometheus Exporter Exporter

The reverse-proxy Exporter Exporter, which allows you to expose a single port
no matter how many exporters are running on the client, is now available for
Ubuntu 20.04 LTS.

XML-RPC power management API

New APIs have been added to do IPMI power management. Redfish power management
will be included in a future maintenance update.

Third-party errata information on vendor channels

It is now possible to add third-party errata information to CentOS and Ubuntu
20.04 LTS channels without cloning them, as described at the CentOS Clients
section of the Client Configuration Guide.

The known issue present in previous releases of Uyuni has been fixed.

Bootstrap repositories no longer flushed by default

In Uyuni 2020.03, we automated the generation of bootstrap repositories on
channel sync. Bootstrap repositories were not only autogenerated but also
autoflushed, which caused disappearing packages problems to some users (e. g.,
in the case of multi-architecture bootstrap repositories).

Starting with Uyuni 2020.11, bootstrap repositories are not flushed by default.
If you want to save some disk space, you can manually flush them using
mgr-create-bootstrap-repo --flush.

DNSSEC enabled by default by bind update

With the update of ISC bind to version 9.16.6 on openSUSE Leap 15.1 and
openSUSE Leap 15.2, DNSSEC is now enabled by default, which may cause DNS
resolution to fail unless there are fallback DNS servers.

The Retail Branch Server formula has been modified to disable DNSSEC, and will
be updated to support DNSSEC in a future release of Uyuni. For existing Retail
Branch Servers, you can disable DNSSEC to retain the same behaviour ISC bind
showed until version 9.11.2. To do that, edit /etc/bind and set:

dnssec-enable no; dnssec-validation no;

Virtualization: Creation of virtual machines with Yomi, KickStart or AutoYaST
profiles

Creating a virtual machine using the Web UI and the Salt virt states can now
use a defined Autoinstallation profile, any defined cobbler profile like the
Yomi one. The virtual machine can also be created using PXE or by adding a
CDROM device with an attached ISO image.

Japanese translation

The Uyuni Web UI and command-line tools are now available in Japanese thanks to
the upstream Uyuni Community.

Since this is a community translation, it is not enabled by default. In order
to allow users to select Japanese in their User Preferences in the Web UI, add
the following line to /etc/rhn/rhn.conf:

java.supported_locales=en_US,ja

A restart of Tomcat is required.

Version 2020.09

Uyuni Hub XML-RPC API is now supported

Starting with Uyuni 2020.09, the Uyuni Hub XML-RPC API is no longer considered
a tech preview, but a fully supported feature.

This means that multiple peripheral servers (other Uyuni Servers) can be
managed from a single Hub node, as a supported feature.

Formula for peripheral server management (Technology Preview)

This version of Uyuni includes formulas that can be installed on a Hub node to
manage the following on peripheral servers:

  * Organizations

  * System groups in organizations

  * Users in organizations

  * Access to system groups

  * Access to software channels

To use the formula, run zypper in uyuni-config-formula on the Hub node, and
then enable the formula for the peripheral servers, and use it to manage them.

This feature will be documented at the Large Deployments Guide in a future
Uyuni release.

Maintenance windows

The new maintenance windows feature allows you to schedule sensitive actions
(like package installation or upgrade) to occur during a scheduled one-time or
recurrent maintenance window period on selected systems. These actions are
forbidden to be executed outside of the specified period.

Maintenance windows are defined using iCalendar data, which can be exported
from your favorite calendaring tool (Microsoft Outlook, KDE Organizer, Google
Calendar??).

For more information about Maintenance windows check the Administration Guide

Monitoring reverse proxies

Prometheus fetches metrics using a pull mechanism, so the server must be able
to establish TCP connections to each exporter on the monitored clients.

The new monitoring reverse proxies feature allows you to simplify your firewall
configuration. By installing the reverse proxy on the clients you can get all
the metrics for all the exporters on a single TCP port.

Check the Monitoring section of the Administration Guide for information about
how to set up.

Monitoring reverse proxies are only available for SLE12, SLE15, and openSUSE
Leap 15 families of products, and not yet available for other operating system
platforms, including Red Hat Enterprise Linux and Ubuntu. Support for other
operating system platforms will come in future releases of Uyuni

Added new type of "Virtual Host Manager": Nutanix AHV

In Uyuni 2020.09, we have added a new type of Virtual Host Manager in order to
gather virtual machines from Nutanix AHV infrastructure.

Creating a VHM to gather virtual instances from the Nutanix AHV enables the
subscription matcher to match 1-2 virtual machines subscriptions for those
instances that are running on the same virtualization host.

For more information about how to setup this new type, see the Client
Configuration Guide

Note that this feature requires the virtual-host-gatherer-Nutanix package.

Grafana 7.1.5

Grafana has been updated from version 7.0.3 to 7.1.5 which brings a number of
bugfixes and improvements.

Notable improvements:

  * Stats: Stop counting the same user multiple times.

  * Field overrides: Filter by field name using regex.

  * AzureMonitor: map more units.

  * Explore: Don?t run queries on datasource change.

  * Graph: Support setting field unit & override data source (automatic) unit.

  * Explore: Unification of logs/metrics/traces user interface

  * Table: JSON Cell should try to convert strings to JSON

  * Variables: enables cancel for slow query variables queries.

  * TimeZone: unify the time zone pickers to one that can rule them all.

  * Search: support URL query params.

  * Grafana-UI: Add FileUpload.

  * TablePanel: Sort numbers correctly.

A detailed changelog is available upstream.

New products enabled

  * SUSE Linux Enterprise Real Time 15 SP2

Version 2020.07

Upgrade notes

WARNING: Check "Update from previous versions of Uyuni Server" section below
for details, as this release updates the base OS from openSUSE Leap 15.1 to
openSUSE Leap 15.2, and there are special steps required.

The migration will be performed allowing vendor changes, so this upgrade will
fix the issues with python3-psycopg2 mentioned at Uyuni Server 2020.05 release
notes. Therefore you will not need to perform the manual steps mentioned there.

Salt 3000.0

Salt has been upgraded to upstream version 3000, plus a number of patches,
backports and enhancements by SUSE, for the Uyuni Server, Proxy and Client
Tools. In particular, CVE-2020-11651 and CVE-2020-11652 fixes are included in
our release.

As part of this upgrade, cryptography is now managed by the Python-M2Crypto
library (which is itself based on the well-known OpenSSL library).

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the
Salt 3000 upstream release notes.

Please note Salt 3000 is the last version of Salt which will support the old
syntax of the module.run module.

New "mgrcompat.module_run" custom compatibility state for Salt is available for
registered systems.

WARNING - POSSIBLE ACTION REQUIRED: The syntax for Salt module.run state has
changed starting in next Salt 3001 (Sodium) release. This means, any custom SLS
file or "Configuration State Channel" that is using module.run state needs to
be adapted to fit into the new syntax. This turns even more problematic when
you have minions with different Salt versions, because some minions would
accept the new syntax but others would fail with it, so the SLS files would
require extra logic to handle the different Salt versions & configurations.

To make this process much easier, we have introduced this new
mgrcompat.module_run compatibility state, which is essentially a wrapper of
module.run which accept the deprecated syntax and takes care of tailoring the
parameters for the actual module.run if necesasary according to the particular
minion version and configuration. The only thing to do would be to change
module.run to `mgrcompat.module_run in your SLS files and "Configuration State
Channels".

As an example of this, a non-migrated state like this:

my_module_run_state:
  module.run:
    - name: mymodule.func
    - m_name: foobar
    - other: 1234

would be adapted to:

my_module_run_state:
  mgrcompat.module_run:
    - name: mymodule.func
    - m_name: foobar
    - other: 1234

We really encourage users and customer to start migrating their Salt States to
use mgrcompat.module_run now before Salt 3001 (Sodium) release. Once Salt 3001
comes, those states will simply fail.

PostgreSQL 12

The database engine has been updated from PostgreSQL 10 to PostgreSQL 12, which
brings a number of performance and reliability improvements. A detailed
changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, Uyuni
2020.06 will refuse to start until the database migration from PostgreSQL 10 to
PostgreSQL 12 has completed successfully.

Base System Upgrade

The base system was upgraded to openSUSE Leap 15.2.

New products enabled

  * Ubuntu 20.04 LTS

Ubuntu 20.04 LTS

Starting with Uyuni  2020.07, Ubuntu 2020.04 LTS is supported as a client.

hwdata vendor change for openSUSE Leap 15.1 clients

package hwdata now comes from from openSUSE Leap 15.1 and not from the client
tools.

In oder to get updated versions, the following command must be executed on the
clients:

zypper in --allow-vendor-change hwdata

It is recommended to execute this as a remote command.

This change is mandatory if you intend to use the openSUSE Leap 15.1 as a KVM
virtualization host.

This does not affect openSUSE Leap 15.2 as it will always have hwdata from the
distribution.

Version 2020.06

Oracle Linux

Oracle Linux 6, 7 and 8 can now be managed with salt and it will support the
same features CentOS 6, 7 and 8 support.

The channels can be managed using spacewalk-common-channels.

Third-party GPG keys now included

Enabling verification of non-SUSE product metadata used to require manual
acceptance, and sometimes even manual installation, of the third-party keys for
products available from the product tree. Alternatively, an option to not
verify the GPG key signature was there.

Uyuni 2020.06 now includes the GPG keys used to sign packages and/or metadata
by other the following vendors:

  * CentOS

  * Oracle Linux

  * Ubuntu

  * MicroFocus Open Enterprise Server

Manual acceptance of those keys is no longer required for GPG signature
verification for those products to work.

Manual acceptance of GPG keys for any other product or repository is still
required for security reasons.

Cluster Management

As you modernize your IT landscape and make use of Software Defined
Infrastructure stacks based on technologies like Kubernetes and Ceph, your
focus of managing the IT infrastructure has to move from managing individual
Linux servers and VMs to managing infrastructure clusters. Multiple cluster
types will be supported in coming releases, with Uyuni 2020.06 initially
providing support for SUSE CaaSP.

Computing is increasingly being a more complex architecure: redundant servers,
scale out, high-availability, etc where you deploy different kinds of clusters,
such as SUSE CaaS Platform, SUSE Enterprise Storage or SAP. Managing those as a
whole piece of infrastructure instead of as discrete nodes puts you in charge.

Uyuni 2020.06 implements cluster management of SUSE CaaS Platform clusters.
Uyuni works hand-in-hand with CaaS Platform to make sure that all cluster
operations are issued properly.

The following actions are currently supported:

  * Register an existing cluster to Uyuni

  * Add or remove nodes to the cluster

  * Promote SLES system to managing node

  * Upgrade the cluster

Deployment of CaaS Platform clusters from scratch will be supported in an
upcoming version of Uyuni.

Dropped feature: Unpublished patches

The Unpublished Patches feature has been dropped in Uyuni 2020.05.

This was a very old feature which originated more than 15 years ago when
Spacewalk was used internally by vendors to manage patches before making them
available to their customers. This functionality has been superseded a long
(more than 10 years) time ago by other features in Uyuni for sysadmins, and by
tools such as the Open Build Service for operating system vendors.

After a consultation period with users both in the upstream Uyuni community and
the SUSE Manager community, we received no feedback against the removal and
executed on it.

This will help us realize even further performance improvements in several
areas, including the commonly-used Content Lifecycle Management build and
promotion operations.

If you still have any unpublished patches, make sure you publish them with
Uyuni 2020.05 before migrating to Uyuni 2020.06.

API breakage

With the removal of the unpublished patches feature, the API specification
changed as follows:

  * Method errata.listUnpublishedErrata was removed

  * Method errata.create has one less parameter (the publish boolean, now
    always true) and it is now mandatory to specify at least one channel label
    in the last parameter (channelLabels). Previously specifying at least one
    channel label was mandatory only if publish was set to true.

Therefore some API calls that worked in Uyuni 2020.05 and earlier may need
changes for Uyuni 2020.06 and later.

Version 2020.05

Repository syncing performance improvements

Repository synchronization has been optimized to perform faster than in
previous versions. This applies to if the synchronization is triggered in the
WebUI, or from the command prompt using the spacewalk-repo-sync command. It
also applies whether the synchronization is invoked manually, or automatically
as part of product or custom channel synchronizations. The performance
improvement is up six times faster than previous versions, but the improvement
depends mostly on your hardware setup, especially the number of CPUs, and how
many packages are being synchronized.

IMPORTANT: This requires a vendor change for the package
python3-psycopg2-2.8.4-2.1.uyuni.x86_64.

After running zypper update you will need force the vendor change with

zypper in python3-psycopg2-2.8.4-2.1.uyuni.x86_64

Then update again again, so the spacewalk-backend subpackages are updated:

zypper update

As soon as python3-psycopg2-2.8.4 is part of openSUSE Leap 15.1 we will provide
instructions use the openSUSE version again.

Image profiles key-value pairs supported as arguments for Docker build

Custom info key-value pairs defined in image profiles are now passed to the
Docker build command as build arguments. They can be accessed in Dockerfiles
using the ARG command.

Service pack migrations: run a real migration after a successful dry-run

After a Service Pack migration dry-run, if the result is a success you will get
a "Run migration" button in the event history to retrieve the "dry-run"
settings and confirm the migration with these settings.

Version 2020.04

Recurring actions

Scheduling recurring actions allows you to manage schedules for automated
recurring highstate execution on client, group, and organization level
depending on the frequency you choose.

This is useful, for example, to apply highstates on a regular schedule and
ensure configurations are enforced.

For more information, see the Administration Guide.

Bootstrapping Salt Clients with a Private SSH key (from API)

Before this release, only password authentication was available for
bootstrapping Salt clients from the Server.

Now SSH private key authentication is available, including use of a passphrase
on the private key. For Uyuni 2020.04 this is only available from the API. It
will be made available from the WebUI in a future release.

For security reasons, the private key is stored at the Uyuni Server only for
the bootstrap procedure, and removed after bootstrapping is complete. The
private key must be provided for each bootstrap.

The new method bootstrapWithPrivateSshKey in the namespace system is documented
in the API Documentation.

You can use this example by adjusting the client, keyfile, passphrase,
MANAGER_URL, MANAGER_LOGIN and MANAGER_PASSWORD according to your environment:

#!/usr/bin/python
import xmlrpclib

client = '192.168.1.2'
keyfile = '/path/to/priv/key'
passphrase = '' # empty string = no passphrase

conn = xmlrpclib.Server(MANAGER_URL, verbose=0)
key = conn.auth.login(MANAGER_LOGIN, MANAGER_PASSWORD)

with open(keyfile, 'r') as file:
  data = file.read()
  conn.system.bootstrapWithPrivateSshKey(key, server, 22, 'root', data, passphrase, '', False);
conn.auth.logout(key)

CentOS8 Content Lifecycle Management: Better Feedback with Appstreams

The content lifecycle project page in the WebUI now has improved feedback
messages about module filters, including missing or conflicting modules, and
dependency resolution problems. The messages are in the form of errors that
require the user to fix configurations, or warnings about potential problems.

Automated Schema Database Upgrades and Failure Security Mechanism

Database schema upgrades are now applied automatically during services startup,
so there is no need to call spacewalk-schema-upgrade manually. A security
mechanism has been implemented that prevents Uyuni Services from starting if
the schema upgrade has failed.

When this occurs:

 1. When you run spacewalk-service start, it will fail and show an output with
    information about the error.

 2. All services, including the Apache service, will not start. This will also
    cause the WebUI to be unavailable.

Large Deployments Guide (draft)

Uyuni is designed by default to work on small and medium scale installations.

For installations with more than 1000 clients per Uyuni Server, adequate
hardware sizing and parameter tuning must be performed, and the new guide
provides information about how to do it.

Keep in mind there is no hard maximum number of supported systems. Many factors
can affect how many clients can reliably be used in a particular installation.
Factors can include which features are used, and how the hardware and systems
are configured.

Uyuni Hub documentation

The Uyuni Hub announced for 2020.03 has now documentation available as part of
the Large Deployments Guide (section Multiple Servers with Hub).

This is a draft release, so please provide feedback using the Resources menu in
the online documentation

Public Cloud QuickStart Guide (draft)

This new draft guide shows you the fastest way to get Uyuni up and running in a
public cloud. It includes instructions for Amazon Web Services, Microsoft
Azure, and Google Cloud Engine.

This is a draft release, so please provide feedback using the Resources menu in
the online documentation

CaaSP Grafana Dashboads

CaaSP specific Grafana dashboards have been integrated and can be deployed via
the UI.

Prometheus Federation Support in Formulas with Forms

The new version of the Prometheus formula allows configuring federation and
pulling relevant metrics from Prometheus instances to provide a global
monitoring view.

Note that suitable recording rules have to be configured on the Prometheus
instances (for example at CaaSP Prometheus instances).

For more information about Prometheus federation, check the official
documentation.

Pre-configured default alerting rules

A default set of alerting rules have been added to monitor the Prometheus
instances themselves (meta-monitoring) and the availability of configured
targets. The rules can be disabled in the WebUI.

Prometheus Exporters for CentOS8 x86_64

We now provide these Prometheus exporters as packages for CentOS8 x86_64
(compatible also with similar systems such as RHEL8):

  * Node exporter - Hardware and operating system metrics

  * PostgreSQL exporter - PostgreSQL database metrics

  * Apache exporter - Apache HTTP server metrics

Node Exporter Updated to 0.18.1

All the changes can be found at the changelog for the package, or at https://
github.com/prometheus/node_exporter/releases/tag/v0.18.0 and https://github.com
/prometheus/node_exporter/releases/tag/v0.18.1

Keep in mind this new version includes some breaking changes:

  * Renamed interface label to device in netclass collector for consistency
    with other network metrics

  * The cpufreq metrics now separate the cpufreq and scaling data based on what
    the driver provides

  * The labels for the network_up metric have changed

  * Bonding collector now uses mii_status instead of operstatus

  * Several systemd metrics have been turned off by default to improve
    performance. These include unit_tasks_current, unit_tasks_max,
    service_restart_total, and unit_start_time_seconds

  * The systemd collector blacklist now includes automount, device, mount, and
    slice units by default

Virtualization: Management of storage pools

Until now users could list the storage pools, which is where the virtual
machines disks are stored. Storage pools are where virtual machine disks are
stored. In previous versions, you could only list the pools. With this update,
you can create, edit, start, stop, refresh, and delete storage pools. This is
available from the WebUI, or through Salt states.

Version 2020.03

Debian client tools

We now offer Debian client tools that allow for easy onboarding of Debian as
salt minions, as well as running spacecmd from them.

Check the Client Configuration Guide for information about how to configure
Uyuni Server to work with Debian clients.

For now the following architectures are supported: x86_64, aarch64, armv7l,
i586

We plan to continue improving Debian support in the future, including support
for ppc64le and s390x Debian 10 clients.

SUSE Container as a Service Platform v4 nodes: action filtering

Nodes in a SUSE Container as a Service Platforms should be patched, rebooted,
etc following CaaSP recommendations to avoid breaking cluster availability and
software compability.

In Uyuni 2020.03, we have introduced node locking and action filtering to
prevent uninteded operations.

  * When CaaSP nodes are added to Uyuni, the registered systems will be locked
    automatically:

  * When a system is locked, the web UI shows a warning and you can schedule
    actions using the web UI or the API, but the action will fail.

You can enable or disable the system lock using the System Lock formula. When
the system lock is disabled, all operations are permitted.

Subscription matching in public cloud: BYOS vs PAYG

In Uyuni 4.0.1, we introduced virtual host gatherers for Amazon Web Services,
Microsoft Azure and Google Cloud Engine. With these gatherers, our subscription
matcher gained the ability to also include virtual machines running on the
cloud in its calculations.

We have now enhanced the subscription matcher to exclude pay-as-you-go (PAYG)
instances. Those do not require a subscription, as the agreement between the
Cloud Service Provider and the Customer covers them.

Automatic generation of bootstrap repositories

A bootstrap repository contains packages for installing Salt on clients, as
well as the required packages for registering Salt or traditional clients
during bootstrapping.

In Uyuni 2020.01 and earlier, bootstrap repository creation was a manual step,
by using the mgr-create-bootstrap-repo tool.

In Uyuni 2020.03, bootstrap repositories are automatically created and
regenerated on the Uyuni Server after a product is synchronized (i. e. all
mandatory channels are fully mirrored).

More details, including how to revert to manual invokation, are available from
the Client Configuration Guide.

Salt clients: provisioning API

Enable provisioning API with Salt and bootstrap entitled systems. Previously,
this only worked for traditional clients.

Recurring highstate scheduling

You can schedule automated recurring highstate actions for Salt clients.

Recurring highstate actions apply the highstate to clients on a specified
schedule. You can apply recurring action to individual clients, to all clients
in a system group, or to an entire organization. The Recurring Actions section
in the Administration Guide contains all the details for this feature.

More improvements in regards to automation will be coming in subsequent
releases of Uyuni: maintenance windows and patch automation.

Content Lifecycle Filters for AppStreams

RHEL, SLES ES, CentOS and Oracle Linux 8 appstreams can now be mixed and
converted to flat repositories using a new type of CLM filter.

New products enabled

  * SUSE Linux Enterprise Real Time 12 SP5

  * SUSE Linux Enterprise 15 SP2 family

  * MicroFocus Open Enterprise Server 2018 SP2 (product GA in Q2 2020)

  * Oracle Linux 8 (using spacewalk-common-channels)

Ubuntu enhancements

Each Uyuni release and maintenance update brings better Ubuntu support. In
Uyuni 2020.03, we have include two small but valuable improvements:

  * Support package pre-downloading, to ensure all content (.deb packages) is
    downloaded before patching. This should be very useful for large Ubuntu
    deployments managed by Uyuni.

  * Display additional information in the UI for .deb packages (dependencies
    and more headers)

Yomi (Technology Preview)

Yomi (yet one more installer) is a Salt-based installer for SUSE and openSUSE
operating systems.

In Uyuni, Yomi can be used as part of provisioning new clients, as an
alternative to AutoYaST. Yomi consists of two components:

  * The Yomi formula, which contains the Salt states and modules required to
    perform the installation.

  * The operating system image, which includes the pre-configured salt-minion
    service.

Detailed information on how to use Yomi is available from the Salt Guide.

Yomi is work in progress and more operating systems and features will be added
in coming releases.

Uyuni Hub XML-RPC API (Technology Preview)

The Uyuni Hub is a new multi-server architecture we are introducing as a
technology preview in Uyuni 2020.03.

Multiple Uyuni Servers can be managed from a single Hub node. The Hub is a Salt
master itself and the managed Uyuni Server servers are both a minion (to the
hub) and a master (to their own minions).

Uyuni Hub Architecture

The Hub covers a number of use cases, such as:

  * Scalability: when a single Uyuni Server will no longer be enough

  * Intermittently connected and bandwidth-limited sites, which can now be
    managed with their own schedule thanks to the Hub

  * Multi-tenancy with individual Uyuni Servers. While Uyuni is
    multi-organization itself, in some scenarios, an even stronger separation
    is required. The Hub provides a way to manage and aggregate back
    information for all those Uyuni Server servers.

The Hub comprises a number of components that we will be releasing and
enhancing in the future. The first component of the Hub we are now introducing
as a Technology Preview is the Hub XML-RPC API, which provides an extended
version of the Uyuni Server XML-RPC API, targeted for the multi-server case.

Installation and usage

Install Uyuni Server and then install the hub-xmlrpc-api package. That Uyuni
Server is now the Hub Server.

Configuration of hub-xmlrpc-api is specified in a JSON file like the following:

{
   "type": "json",
    "hub": {
       "manager_api_url": "http://localhost/rpc/api"
   },
    "connect_timeout": 10,
    "read_write_timeout": 10,
   }

Set the HUB_CONFIG_FILE environment variable to point to the configuration
file. hub-xmlrpc-api is a daemon, currently to be launched from the command
line.

Once running, you can connect to the hub-xmlrpc-api at port 8888 via any XMLRPC
compliant client libraries (see examples below).

API endpoints, namespaces and examples

Details about usage with Python script examples are available at the Uyuni
project site: https://github.com/uyuni-project/hub-xmlrpc-api

spacewalk-utils

In Uyuni 2020.01 and earlier, the spacewalk-utils package contained a mix
tested and untested tools.

In Uyuni 2020.03, we have split spacewalk-utils in two packages:

  * spacewalk-utils contains only fully-tested tools:

      + spacewalk-common-channels

      + spacewalk-hostname-rename

      + spacewalk-clone-by-date

      + spacewalk-sync-setup

      + spacewalk-manage-channel-lifecycle

  * spacewalk-utils-extras contains the tools that untested or not completely
    tested:

      + apply_errata

      + delete-old-systems-interactive

      + migrate-system-profile

      + spacewalk-api

      + spacewalk-export

      + spacewalk-export-channels

      + spacewalk-final-archive

      + spacewalk-manage-snapshots

      + sw-ldap-user-sync

      + sw-system-snapshot

      + taskotop

      + spacewalk-manage-channel-lifecycle

Tools in spacewalk-utils-extras are valuable but they are so specific, or
require additional customization for each user, that it is not possible for us
to test for every use case. If you were using these scripts in spacewalk-utils
in Uyuni 2020.01 or earlier, you will need to install spacewalk-utils-extras in
Uyuni 2020.03.

EFI HTTP booting

The dhcp formula, branch network formula and pxe formula have been updated to
support booting EFI terminals (systems) via HTTP in addition to TFTP.

Subscription matching enhancements

On public cloud providers, the subscription matcher will identify pay-as-you-go
instances, whose subscription is provided by the Cloud Service Provider, and
will not ask for additional subscriptions.

Also, stackable subscriptions with the same parameters will be aggregated.

Single Sign-On (SSO) is now stable

Uyuni supports Single Sign-On authentication by implementing the Security
Assertion Markup Language (SAML) 2 protocol. This feature, introduced in 4.0.2
as a Technology Preview, is now declared stable

Uyuni must be reconfigured to use the IdP as the source of authentication and
post-login mapped users must be already created before enabling SSO.

For more on configuring SSO, see the Authentication Methods chapter in the
Administration guide.

Single Page Application UI (SPA) is now stable

In an effort to provide our web UI users with a smoother navigation, we have
implemented large parts of the user interface as a single page application.

This enhancement was started in Uyuni 2020.01 as an opt-in feature and now
becomes the default in Uyuni 2020.03

Red Hat Enterprise Linux 8 onboarding simplified

It is no longer necessary to have Python 3 on RHEL8 systems for the onboarding
to work. With this enhancement, even plain-text RHEL machines can be onboarded
directly.

Version 2020.01

Version format change

Uyuni is now changing from X.Y version format to YYYY.MM format, and the URLs
for the repositories remove the X.Y part.

This will allow easier releases, no need to change URLs at all in the future,
and less confussion regarding the relationship between Uyuni and SUSE Manager
(Uyuni is always ahead).

Adjust your repository at the Server system

Because of the version format change, you need to adapt your zypper repository
at the server before updating.

If you followed the instructions for installation, this command will do it for
you:

sed -i -e 's/Uyuni-Server-4.0-POOL-x86_64-Media1/
Uyuni-Server-POOL-x86_64-Media1/' /etc/zypp/repos.d/uyuni-server-stable.repo

Otherwise, find the Uyuni Server Stable repository and replace:

baseurl=https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/
Stable/images/repo/Uyuni-Server-4.0-POOL-x86_64-Media1/

with:

baseurl=https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/
Stable/images/repo/Uyuni-Server-POOL-x86_64-Media1/

Remove current Uyuni Proxy 4.0 channel and repository from the Server and add
the new ones

If you are currently syncing Uyuni Proxy 4.0 (usually because you have
proxies), you need to:

 1. Add the new channel with spacewalk-common-channel
    uyuni-proxy-stable-leap-151

 2. Sync the new channel (and configure autosync if required)

 3. See what instances are using the channel Uyuni Proxy 4.0 for openSUSE Leap
    15.1

 4. Adjust the channels assigned instances from previous step (tip: You can use
    "System Set Manager") to remove the old one and add the new one.

 5. See what activations key are using the channel Uyuni Proxy 4.0 for openSUSE
    Leap 15.1

 6. Adjust the activation keys from previous set to remove the old channel and
    add the new one.

 7. Remove the channel Uyuni Proxy 4.0 for openSUSE Leap 15.1

 8. Remove the repository External - Uyuni Proxy 4.0 for openSUSE Leap 15.1
    (x86_64)

Remove current Uyuni Server 4.0 channel and repository from the Server and add
the new ones

Most users will not require this unless, but if you have the Uyuni Server 4.0
channel at your server:

 1. Add the new channel with spacewalk-common-channel
    uyuni-server-stable-leap-151

 2. Sync the new channel (and configure autosync if required)

 3. See what instances are using the channel Uyuni Server 4.0 for openSUSE Leap
    15.1

 4. Adjust the channels assigned instances from previous step (tip: You can use
    "System Set Manager" at the WebUI) to remove the old one and add the new
    one.

 5. See what activations key are using the channel Uyuni Server 4.0 for
    openSUSE Leap 15.1

 6. Adjust the activation keys from previous set to remove the old channel and
    add the new one.

 7. Remove the channel Uyuni Server 4.0 for openSUSE Leap 15.1

 8. Remove the repository External - Uyuni Server 4.0 for openSUSE Leap 15.1
    (x86_64)

CentOS8, RHEL 8 and SLES ES 8 support

CentOS 8, Red Hat Enterprise Linux 8 and SUSE Linux Enterprise Server Expanded
Support 8 are now supported clients as Salt minions. The traditional stack will
not be supported on these operating systems.

With the new application streams concept introduced in these operating systems,
you will need to import both the BaseOS and the AppStream directories from the
ISO image for the bootstrap repository to be created correctly. If the
AppStream directory is not imported, you will receive an error about missing
Python 3 packages.

AppStream awareness in the UI and Content Lifecycle Management will be
available in an upcoming version of Uyuni.

Monitoring

This version of Uyuni includes formulas to install Prometheus and Grafana, and
makes the Apache exporter available for Ubuntu 18.04, CentOS6, CentOS7 and
Proxy.

Additionally, self-monitoring capabilities have been implemented in the Admin
Monitoring UI.

Package Hub

SUSE Package Hub is now supported on the Server, since the problems with the
search that were caused by PackageHub-provided packages have been solved.

If you were using Package Hub as a source of packages for you clients, it is
recommended that you re-generate all package metadata. The reason for this is
in the Package Hub repositories there may exist multiple packages with the same
NEVRA but different checksums. This might result in checksum errors when
repositories are used on the clients as Uyuni randomly selected any of those
packages. After this update, Uyuni will generate the checksum into the package
path to ensure the right package is used. If you use also Uyuni Proxy please
update all of them before you re-generate the metadata.

Formulas

The Formulas with Forms screen has an enhanced layout that folds vertically
instead of nesting deep inside, making if cleaner. Besides this, validators are
now possible in formulas using the JEXL expression language.

The cpu-mitigations-formula is now installed by default.

The Retail branch network formula now works all SUSE and openSUSE based
distros, using SuSEfirewall or firewalld as appropriate.

New Content Lifecycle Management filters

In Uyuni 4.0.2 we introduced Content Lifecycle Management with a filter to
exclude packages and patches based on their name. Feedback for this feature was
very positive and many proposals for enhancement were received.

In this release, we are introducing a lot of new possibilities for Content
Lifecycle Management:

  * New filters: by date, by keyword (e. g. "reboot needed" or "package manager
    restart required"), by type (security, recommended or optional), by
    synopsis and "patch contains package".

  * New ALLOW mode, which in addition to the existing DENY mode, makes possible
    to filter out packages, and then include them again into the resulting set.

  * New matchers: in addition to the existing greater than, lesser than,
    equals, etc, we have now added a regular expression matcher for package
    names, patch names, patch synopsis and package names in patches.

  * Better visualization of the filters attached to a CLM project, with ALLOW
    and DENY now shown on each side of the screen.

We have documented two typical use cases: a monthly patch cycle and live
patching.

More enhancements to Content Lifecycle Management will come in future releases
of Uyuni.

Enhanced support for Debian and Ubuntu

With each release of Uyuni, we continue to enhance our Debian and Ubuntu
support.

Uyuni 2020.01 greatly improves our compatibility thanks to:

  * Support for all of the headers in .deb packages, including custom ones,
    when syncing Debian/Ubuntu repositories. You can use the new script
    mgr-update-pkg-extra-tags to update extra fields in DB without recreating
    all Debian/Ubuntu channels.

  * Support for .deb packages with hyphens in the package name or version.
    There remain a very small percentage (<0.1%) of packages for which our
    version comparison algorithm fails; we will fix this known issue in a
    coming release.

New Prometheus exporters and formulas

A new set of client tool packages now includes Prometheus exporters for more
clients: CentOS 6, CentOS 7, RHEL 6, RHEL 7, SLES ES 6, SLES ES 7 and Ubuntu
18.04. Both the Prometheus node exporter and the PostgreSQL exporter are
provided for those operating systems. The prometheus-exporters-formula formula
makes easy to deploy them.

Subscription matching in Public Cloud

We?ve added new types of Virtual Host Managers in order to gather virtual
instances from Public Cloud providers. Azure, AWS and Google Cloud are now
supported, in addition to the existing VMware and generic (file-based,
manually-maintained, useful for any cloud provider) gatherer modules.

Creating VHM to gather virtual instances from the Public Cloud will enable the
subscription matcher to match "1-2 virtual machines" subscriptions for those
instances that are running on the same Public Cloud zone.

Please take into account the following considerations in this version. They
will be addressed in upcoming versions of Uyuni:

  * This functionality will only work with Salt clients.

  * Manual installation of the virtual-host-gatherer-libcloud package is
    required.

  * The public cloud gatherers will report and try to match all instances, no
    matter if they are BYOS or PAYG, leading to an incorrect calculation of the
    required subscriptions if you combine BYOS and PAYG.

Preventive shutdown of Server when running out of disk space

Some users have hit in the past a database corruption problem when PostgreSQL
ran out of space.

In order to prevent that from happening in the future, we have added a
diskchecker to Uyuni Server. This feature will send a warning mail when the
most common and important Uyuni directories are below 10% of free disk space,
and will shut down the Uyuni Server when those directories are below 5% of free
disk space.

This new feature is only enabled by defult in new installations. For existing
installations, the administrator can enable the tool manually after updating to
the latest maintenance update by running:

systemctl --quiet enable spacewalk-diskcheck.timer

systemctl start spacewalk-diskcheck.timer

Full details on the parameterization of this new feature are available in the
Managing disk space documentation page.

Single Page Application UI

In an effort to provide our web UI users with a smoother navigation, we have
implemented large parts of the user interface as a single page application.

This feature is optional for this release and is disabled by default. To enable
it, users can now add web.spa.enable = true to /etc/rhn/rhn.conf, and then
restart Tomcat.

Grafana

Grafana is a tool for data visualization, monitoring, and analysis. It is used
to create dashboards with panels representing specific metrics over a set
period of time. Grafana is commonly used together with Prometheus, but also
supports other data sources such as ElasticSearch, MySQL, PostgreSQL, and
Influx DB.

This version of Uyuni includes Grafana in the client tools repositories. An
Uyuni Grafana dashboard is provided as an example.

Monitoring section of the Administration Guide contains full detail on how to
configure Grafana together with Uyuni.

Prometheus service autodiscovery

Prometheus is a monitoring tool used to record real-time metrics in a
time-series database. Metrics are collected using HTTP pulls, allowing for
higher performance and scalability.

We have updated the Prometheus package with a new version that include a
built-in service discovery mechanism that will allow users to more easily
configure monitoring on their Uyuni systems.

Previously, after configuring the exporters on managed clients, users had to
manually configure their Prometheus servers to start scrapping metrics from
those systems. With this update, it will be possible to use a "service
discovery" mechanism that will automate this part of the configuration. The
configuration options are simple: it is only required to provide a Uyuni Server
URL and valid API credentials.

Under the hood, what this mechanism does is letting Prometheus poll the Uyuni
API, asking for a list of systems that have monitoring enabled, and
automatically configuring Prometheus to collect metrics from those systems.

In this version, the autodiscovery functionality is provided as a Technology
Preview.

More information about configuring Prometheus can be found in the Monitoring
section of the Administration Guide.

CPU mitigation formula

CPU mitigations have been introduced to improve security on CPUs affected by
vulnerabilities such as Meltdown and Spectre. The mitigations are available in
SUSE Linux Enterprise 12 SP3 and later in the cpu-mitigations-formula package,
which is not installed by default.

The new CPU Mitigation formula allows you to control which mitigations are
enabled.

Updated documentation

The Uyuni documentation has received improvements in all of the books, with
small clarifications and enhancements all around: content lifecycle management
filters, public cloud, JeOS, formulas, etc

Of particular interest for users with large installations will be the new Large
Scale Deployment and Salt Tuning sections in the Salt Guide. Given that
modifying advanced parameters can cause catastrophic failure, we recommend
making a backup and being conservative doing changes.

Additionally, the search functionality in the documentation now works offline.

Enhanced support for Ubuntu and Debian clients

The Multi-Arch and Pre-depends headers are now supported for .deb repositories,
hence avoiding installation problems that could arise in some cases when
deploying packages from the UI.

Also, Ubuntu and Debian channels now come preconfigured in
spacewalk-common-channels. The Debian CDN is used to provide the best mirror at
each moment. For Ubuntu, you may want to replace the default mirror with a
closer geo-mirror.

Keep in mind SUSE does not provide support for the spacewalk-common-channels
tool form the spacewalk-utils package.

New products enabled (from SCC)

  * SLES12 SP3 LTSS

  * SUSE Linux Enterprise Real Time 12 SP4

  * SLES12 SP5

  * RHEL 8 and SLES ES 8

  * CaaSP 4

  * openSUSE Leap 15.1

SUSE Container as a Service Platform v4 support

The Virtual Host Manager functionality has been extended to support SUSE
Container as a Service Platform v4.

You can register each CaaSP node to Uyuni using the same method as you would a
Salt client. After doing this, you will be able to see the patch level status
of each node, perform configuration management on the nodes and assign channels
o clusters.

We strongly recommend to check the documentation on the scope and extent of the
CaaSPv4 integration in Uyuni: https://www.uyuni-project.org/uyuni-docs/en/uyuni
/client-configuration/vhm-caasp.html

Upcoming versions of Uyuni will enhance CaaSP integration.

Other changes

  * Since this version, as part of a bugfix, it is no longer allowed to delete
    a channel when there are cloned channels based on it.

  * Taskomatic now takes a maximum of 4 GB of RAM (it used to be 2 GB), which
    better matches the current average use case.

  * Salt clients can now be re-provisioned from Uyuni. This allows major
    version OS updates for SLES and Uyuni Proxy.

  * Normalize date formats for actions, notifications and CLM

Version 4.0.2

Migrating the Server from 4.0.1 to 4.0.2

 If you are using DHCP addresses and you do not use DHCP reservations,
 migrating from openSUSE Leap 42.3 to Leap 15.0 can change the IP address of
 your NICs. If using DHCP, make sure your instances have reserved IP addresses.

 Before starting, make sure you have a backup of your server, as it will be
 hard to recover from failures during the migration.

4.0.2 is now based on openSUSE Leap 15.1, so a base OS system is required.

To help administrators with the migration, a new script is provided by the
susemanager package at /usr/lib/susemanager/bin/server-migrator.sh

Then, update susemanager package only:

zypper ref
zypper in susemanager

And finally run the script:

/usr/lib/susemanager/bin/server-migrator.sh

After the migration is complete, you will be requested to reboot your server

Uyuni Server 4.0.2 works with SUSE Uyuni Proxy 4.0.1.

When upgrading, upgrade the Server first, followed by the Proxies.

Salt 2019.2.0

Salt has been upgraded to the 2019.2.0 release.

We intend to regularly upgrade Salt to more recent versions.

For more detail about changes in your manually-created Salt states, see the
Salt upstream release notes 2019.2.0.

Base system upgrade

The base system was upgraded to openSUSE 15.1.

As a result, all code was ported to run with Python 3 and OpenJDK 11.

Prometheus Monitoring

We now include packages for the latest version of Prometheus, as well as
self-monitoring capabilities for Uyuni.

Prometheus is a monitoring tool that is used to record real-time metrics in a
time-series database.

For more information about Prometheus, see the Administration Guide

Exporters

Exporters convert existing metrics into the format Prometheus requires. We are
now providing the following Prometheus Exporters as packages, for SLE12 and
SLE15 as well as openSUSE Leap 15.1:

  * Node exporter - Hardware and operating system metrics

  * PostgreSQL exporter - PostgreSQL database metrics

  * Squid exporter - Squid Proxy metrics

  * Apache exporter - Apache HTTP server metrics

In addition we provide JMX exporter on Uyuni Server.

Monitoring is not yet available for other operating system platforms like Red
Hat Enterprise Linux or Ubuntu.

Self-monitoring features in Uyuni

Uyuni provides metrics about its health to Prometheus. Both Server and Proxy
can expose metrics. Self-monitoring can be enabled via the Web UI. For that
purpose, some Prometheus exporters are pre-installed on Uyuni Server and Proxy.

A new formula is also included, to install and manage Node and PostgreSQL
exporters on clients managed by Salt. This formula can be configured in the
Uyuni Web UI.

Content lifecycle management

The content lifecycle management feature allows you to clone software channels
through a lifecycle of several environments. You are able to create content
projects, select a custom set of software channels as sources, and promote
software channels through a pre-defined lifecycle of environments.

You can define filters to exclude specific packages and patches. More filters
will be added in a later release.

Once you have selected your sources you can build the selected set which will
populate the first environment. After the first environment is built, you can
promote it through the environment lifecycle to the next environment in the
loop. You can see the status of the build at any time throughout the process.

The result of the build, and the content of every environment, is a channel
tree made of cloned software channels of the selected sources, to which systems
can be assigned.

Virtualization management for Salt minions

The existing virtualization features have been enhanced for Salt-based systems.
This is a technology preview and will require an additional Virtualization
Management entitlement. Pricing will be announced soon.

Salt-based virtualization host systems can also create virtual machines using a
pre-built disk image.

These features have been added:

  * Deleting virtual machines.

  * Editing virtual machines to add or remove network interfaces or disk,
    change CPU and memory allocation or the display type.

  * Quick update of the list and state of virtual machines.

  * Displaying virtual machines graphical display in a new tab.

Updated Documentation Structure

In this release, we have reorganized our documentation and updated our tooling
to make it clearer where information is, and make it easier for you to find the
content you need, when you need it.

Old Naming Format

  * Getting Started

  * Best Practices

  * Reference

  * Advanced Topics

New Naming Format

  * Installation Guide (Requirements, supported platforms, installation
    methods, etc)

  * Client Configuration Guide (Configuring and connecting clients to Uyuni)

  * Upgrade Guide (Migrate and update clients and Uyuni)

  * Reference Guide (Comprehensive guide to the Web UI)

  * Administration Guide (Maintenance and administration tasks in Uyuni)

  * Salt Guide (A comprehensive guide to Salt for system administrators)

  * Retail Guide (A guide to using Uyuni for Retail)

Improved logging for Salt Remote Command Page

The Salt Remote Command Page log now every command executed in a separate
logfile (/var/log/rhn/rhn_salt_remote_commands.log). In addition to this, an
entry in the System History is generated for every minion where the command was
executed.

Support for more Distributions as Clients

openSUSE Leap 15.1 and SLE15 SP1 can now be managed.

EoL for openSUSE Leap 42.3 clients

openSUSE Leap 42.3 is now End of Life since July 1st, as announced at the
openSUSE Mailing lists

While the repositories for Leap 42.3 are still available, no support is
provided aymore.

Salt Rate Limiting (Batching)

Any action scheduled on multiple Salt minions has now an upper limit on the
number of systems that will process it simultaneously. This is referred to as
batch size in Salt jargon, and defaults to 100 minions.

Please check the documentation for performance considerations in large
installations (more than 1000 minions).

Product Information Loaded from SCC

In the past information about product channels were shipped via maintenance
updates. Now these information will be downloaded from SUSE Customer Center
(SCC) like the other product and repository information.

In case of using the fromdir configuration with SMT or RMT, please check if
they support already downloading this file. You can get the file with the
following command:

curl -O https://scc.suse.com/suma/product_tree.json

Image build host with SLES 12 SP4

Using SLES 12 SP4 as the base OS for an image build host is now supported.

Also building SLES 12 SP4 OS Images is supported.

Updated backend for communicating with SCC

This update contains a new backend to communicate with the SUSE Customer Center
(SCC). This requires to run a mgr-sync refresh at the end of the update
procedure.

The whole update procedure:

$> spacewalk-service stop
$> zypper patch
$> spacewalk-schema-upgrade
$> spacewalk-service start
$> mgr-sync refresh

In case of Inter Server Sync (ISS) the master needs to be updated first, then
the slave.

This change show products like they are setup in the SUSE Customer Center. As a
consequence of this some older products show no architecture anymore and mirror
all available architectures when such a product is selected for mirroring.

With this change also some invalid product combinations were removed. Please
check /var/log/rhn/rhn_web_ui.log for error messages. Invalid channels can be
removed using spacewalk-remove-channel command.

XMLRPC API changes

Due to the changes in the backend for communicating with SCC corresponding
XMLRPC API has changed:

Deprecated calls:

synchronizeChannels()
synchronizeProductChannels()

New call:

synchronizeRepositories()

For a refresh the XMLRPC API should be called in the following order:

synchronizeChannelFamilies
synchronizeProducts
synchronizeRepositories
synchronizeSubscriptions

Support for Ubuntu Clients

Management of Ubuntu clients is now supported. We provide a repository with
salt packages that can easily be added with spacewalk-common-channels or
manually.

The following new features were added:

  * Bootstrapping and performing initial state runs such as setting
    repositories and performing profile updates

  * Assigning .deb channels to minions

  * Information displayed in System details pages

  * Package install, update, and remove

  * Package install using Package States

  * Configuration and state channels

  * Support Ubuntu products and Debian architectures in mgr-sync

  * Support creating bootstrap repositories for Ubuntu 18.04 and 16.04

  * Add support for Ubuntu in the bootstrap script

  * Generate InRelease file for Debian/Ubuntu repos when metadata signing is
    enabled

  * Trust SUSE GPG key for client tools channels on Ubuntu systems

However, the root user on Ubuntu is disabled by default, so in order to use
bootstrapping, you will require an existing user with sudo privileges for
Python.

Change behavior on token refresh

Channel authentication tokens are valid by default for about 1 year. The renew
of tokens happens automatically some time before they expire but they are not
deployed automatically to the clients.

As the renew happens mostly without noticing by the administrator that behavior
has changed to autodeploy renewed tokens to the clients automatically.

This old behavior can be preserved by setting

token_refresh_auto_deploy = false

in /etc/rhn/rhn.conf and restarting the services.

In case of a token renew without autodeployment enabled a log message will
inform the administrator about it.

New option to force regeneration of channel metadata

A new option --force was added to spacecmd softwarechannel_regenerateyumcache
to force a regeneration of the metadata files.

New products supported

  * openSUSE Leap 15.1

  * SLES11 SP4 LTSS

  * SLES12 SP3 LTSS

  * SLES 15 SP1 product family

  * CaaSP 4 Toolchain

Package download endpoint override

It is now possible to set a custom protocol, host and path for minions to
download packages at installation time. This will override the default setting
of the Uyuni Server or Uyuni Proxy used at registration time.

Technical preview: Single Sign-On (SSO)

Uyuni supports Single Sign-On authentication by implementing the Security
Assertion Markup Language (SAML) 2 protocol. Mandatory requirement: an already
existing and configured SAML Identity Service Provider (IdP). Uyuni must be
reconfigured to use the IdP as the source of authentication and post-login
mapped users must be already created before enabling SSO.

For more on configuring SSO, see the Administration Guide

Version 4.0.1

Support for PostgreSQL 10

A new version of the PostgreSQL database is available in openSUSE Leap 42.3 and
can be used for Uyuni Server.

New installations of Uyuni Server based on openSUSE Leap 42.3 will
automatically pick up this version.

PostgreSQL 10 needs a new version of smdba to initiate backups. This version is
part of Uyuni Server 4.0.1.

Migrating from PostgreSQL 9.6 to PostgreSQL 10

You should have an up-to-date database backup before attempting the migration.

Existing installations of Uyuni Server will need to run

/usr/lib/susemanager/bin/pg-migrate-96-to-10.sh

to migrate from PostgreSQL 9.6 to PostgreSQL 10

Your Uyuni Server installation will not be accessible during the migration.

Note The migration will create a copy of the database under /var/lib/pgsql and
thus needs sufficient disk space to hold two copies (9.6 and 10) of the
database.

Since it does a full copy of the database, it also needs considerable time
depending on the size of the database and the IO speed of the storage.

If your system is scarce on disk space you can do an fast, in-place migration
by running

/usr/lib/susemanager/bin/pg-migrate-96-to-10.sh fast

The fast migration usually only takes minutes and no additional disk space.
However, in case of failure you need to restore the database from a backup.

This wiki page contains additional information about the database migration.

spacecmd: Support state channels

spacecmd, the command line access to the Uyuni API, has been adapted to support
state channels (aka Salt Minion config channels) with the following changes:

  * system_scheduleapplyconfigchannels

      + new call to schedule application of the assigned config channels to the
        system (minion only)

  * configchannel_updateinitsls

      + new call to update the init.sls file

  * configchannel_create

      + adapted call, now has a -t option to specify the channel type (normal
        or state)

  * configchannel_import

      + adapted call, honors channel type

Please use the help functionality of spacecmd for detailed option descriptions
for each mentioned call.

New API calls

Functions softwarechannel_mergepackages and softwarechannel_errata_merge to
merge packages and errata through spacecmd were added.

spacewalk-common-channels: Support for Uyuni, Fedora 29 and cleanup

Added:

  * Uyuni Server, Uyuni Proxy, Uyuni Client Tools, both stable and development
    version.

  * Fedora 29

Removed:

  * Fedora 26

  * Spacewalk 2.6 Server and Client Tools

  * Spacewalk 2.7 Server and Client Tools

  * Spacewalk 2.8 Server

  * Spacewalk nightly

  * OpenSUSE 13.2 and openSUSE 13.2 Client Tools

Support for more Distributions as Clients

openSUSE Leap 15.0, openSUSE Leap 42.3, SLE12, SLE15, CentOS6 and CentOS7 are
now verified to bootstrap as both salt minions and traditional clients.

New products added to SCC syncing

  * SUSE OpenStack Cloud 9

Known issues

Rocky Linux 9 onboarding fails to complete.

Rocky Linux 9 is distributed with SELinux configured to enforced by default,
and that is causing connection issues between the Salt minion and the Salt
master.

In all cases there will be no failures during the bootstrap, but the minion
will never show up at the System List page (as it will not complete the
onboarding)

At /var/log/venv-salt-minion.log at the minion, a message like the following
one will be present:

[ERROR   ][1649] Error while bringing up minion for multi-master. Is master at uyuni-server.mydomain.int responding?

Workaround: Before onboarding the Rocky Linux 9 client, issue the following
command as the root user:

setenforce 0

This command can also be useful if you have already onboarded the Rocky Linux 9
client but it did not appear in the Systems list.

We are working on a solution to have the Salt Bundle working with SELinux for
Rocky Linux 9.

GPG keys acceptance issue

Some Enterprise Linux distributions do not trust their own GPG key for package
installation. In case of GPG key errors, try to import the GPG key manually.

The key files are installed but the name depends on the OS.

CentOS 7: '/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7'
CentOS 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial'
Rocky Linux 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial'
Red Hat Enterprise Linux Server 7: '/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release'
Red Hat Enterprise Linux 8: '/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release'

Workaround: Import the keys using the following command:

$> rpm --import /path/to/key/file

We are working on a final solution to automate this.

AlmaLinux

Because of an upstream bug, the original package shipped with AlmaLinux 8.5 is
providing a broken repository file (containing duplicated identificators). We
have already reported this issue to AlmaLinux.

Workaround: Update the package almalinux-release before registering the
instance to Uyuni so at least the version 8.5-3 is installed.

Bootstrap with web UI using non-root user

Onboarding of clients with the non-root user from the Uyuni UI fails the
following error:

ERROR com.suse.manager.webui.controllers.utils.AbstractMinionBootstrapper - Error during bootstrap: SaltSSHError(13, stderr: "", stdout: "ERROR: Failure deploying ext_mods:"

The root cause of this problem is a wrong ownership of the Salt thin directory
when using the Salt bundle.

Workaround: Once bootstrap fails, the user can run chown -R $USER:$GROUP /var/
tmp/.*_salt once and try onboarding again, it shouldn?t fail this time.

CLM and custom repositories

When building a CLM project that includes custom channels with custom
repositories, the custom repositories might not be selected in the new cloned
custom channels. As a workaround, one can go to the new cloned custom channels,
select the custom repositories and synchronize them.

Container build host and Salt bundle

The container build host will not work with the Salt bundle. We are working on
a fix. Meanwhile, don?t use the Salt bundle on the Container build host but
rather a normal Salt.

SLE Micro and openSUSE MicroOS

SLE Micro and openSUSE MicroOS is only partially supported. Some Web UI
features, such as showing the patch status of the system, or action chains
might not work properly.

SLE Micro and openSUSE MicroOS: Server CA certificate

Because of some recent change, the SSL CA certificate from the server never
gets deployed into the registered SLE Micro or openSUSE MicroOS instances
during registration.

Server SSL CA certificate doesn?t get deployed during the registration in case
of SLE Micro and openSUSE MicroOS. Therefore this instance will have SSL issues
when trying to read the channels assigned by Uyuni.

Workaround: The user need to manually run update-ca-certificate in the SLE
Micro or openSUSE MicroOS instance to get this issue fixed.

SLE Micro: Bootstapping

Bootstrapping of SLE Micro from the Web UI/API fails with error the following
error:

SaltSSHError(3, Error: Unable to download https://uyuni.fqdn:443/pub/repositories/sle/5/2/bootstrap/venv-enabled-x86_64.txt file!

Workaround: The user needs to manually configure the Salt minion and restart
the service manually.

Single Sign On, API and CLI tools

Single Sign On can be used to authenticate in the Web UI but not with the API
or CLI tools. This will be fixed in a future release of Uyuni.

EPEL and Salt packages

Using the Extra Packages for Enterprise Linux directly on RHEL clients (or
compatible: SLES ES, CentOS, Oracle Linux, etc) will install the Salt packages
from EPEL, which miss some features in the Uyuni-provided Salt packages. This
is an unsupported scenario.

If you need to enable the EPEL repository, make sure you are using the Salt
Bundle (it is used by default with new clients but not for clients onboarded
before Uyuni 2022.04)

RHEL 6, CentOS 6 and Oracle Linux 6 minimal installations

In the case of RHEL 6, CentOS 6 and Oracle Linux 6, the "Minimal" installation
set is missing some packages required for the onboarding to work. It is
recommented to install at least a "Basic Server".

Alternatively, if using a minimal installation, you must install the perl and
openssh-clients packages before onboarding.

RHEL native clients

When autogenerating bootstrap repositories for native RHEL clients, some errors
may be logged from the moment the official Red Hat channels are added until the
moment those channels are fully synchronized for the first time.

This does not affect SLES Expanded Support, CentOS, Rocky Linux, AlmaLinux or
Oracle Linux.

Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to Uyuni as Salt
minions

If a client machine is running the Red Hat Satellite 5.x agent, registering it
to Uyuni as a Salt minion will fail due to package conflicts.

Registering a RH Satellite 5.x client as a Uyuni traditional client works fine.

Registering a Uyuni traditional client as a Uyuni Salt minion will also work.

                Works                                Fails
RH Satellite 5.x ? Uyuni traditional  RH Satellite 5.x ? Uyuni Salt minion

Uyuni traditional ? Uyuni Salt minion

In order to register Red Hat Satellite 5.x clients to Uyuni as Salt minions,
you will need to modify the bootstrap script to remove the Satellite agent
packages first.

Spacewalk 2.x and Oracle Spacewalk 2.x clients will show the same behavior as
Red Hat Satellite 5.x clients

Client Tools Notes

URLs of the Client Tools are:

  * openSUSE Leap 15.* (x86_64, aarch64): https://download.opensuse.org/
    repositories/systemsmanagement:/Uyuni:/Stable:/
    openSUSE_Leap_15-Uyuni-Client-Tools/openSUSE_Leap_15.0/

  * SLE12 (x86_64, pcc64le, s390x, aarch64): https://download.opensuse.org/
    repositories/systemsmanagement:/Uyuni:/Stable:/SLE12-Uyuni-Client-Tools/
    SLE_12/

  * SLE15 (x86_64, pcc64le, s390x, aarch64): https://download.opensuse.org/
    repositories/systemsmanagement:/Uyuni:/Stable:/SLE15-Uyuni-Client-Tools/
    SLE_15/

  * CentOS7 (x86_64, aarch64, ppc64le): https://download.opensuse.org/
    repositories/systemsmanagement:/Uyuni:/Stable:/CentOS7-Uyuni-Client-Tools/
    CentOS_7/

  * Oracle Linux 7 (x86_64): https://download.opensuse.org/repositories/
    systemsmanagement:/Uyuni:/Stable:/CentOS7-Uyuni-Client-Tools/CentOS_7/

  * Oracle Linux 8 (x86_64, aarch64): https://download.opensuse.org/
    repositories/systemsmanagement:/Uyuni:/Stable:/EL8-Uyuni-Client-Tools/EL_8/

  * Oracle Linux 9 (x86_64, aarch64): https://download.opensuse.org/
    repositories/systemsmanagement:/Uyuni:/Stable:/EL9-Uyuni-Client-Tools/EL_9/

  * AlmaLinux 8 (x86_64, aarch64): https://download.opensuse.org/repositories/
    systemsmanagement:/Uyuni:/Stable:/EL8-Uyuni-Client-Tools/EL_8/

  * AlmaLinux 8 (x86_64, aarch64, ppc64le, s390x): https://
    download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/
    EL9-Uyuni-Client-Tools/EL_9/

  * Rocky Linux 8 (x86_64, aarch64): https://download.opensuse.org/repositories
    /systemsmanagement:/Uyuni:/Stable:/ELS8-Uyuni-Client-Tools/EL_8/

  * Rocky Linux 9 (x86_64, aarch64, ppc64le, s390x): https://
    download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/
    EL9-Uyuni-Client-Tools/EL_9/

  * Amazon Linux 2 (x86_64, aarch64): https://download.opensuse.org/
    repositories/systemsmanagement:/Uyuni:/Stable:/CentOS7-Uyuni-Client-Tools/
    CentOS_7/

  * Alibaba Linux 2 (x86_64, aarch64): https://download.opensuse.org/
    repositories/systemsmanagement:/Uyuni:/Stable:/CentOS7-Uyuni-Client-Tools/
    CentOS_7/

  * AlmaLinux 8 (x86_64, aarch64): https://download.opensuse.org/repositories/
    systemsmanagement:/Uyuni:/Stable:/EL8-Uyuni-Client-Tools/EL_8/

  * Rocky Linux 8 (x86_64, aarch64): https://download.opensuse.org/repositories
    /systemsmanagement:/Uyuni:/Stable:/EL8-Uyuni-Client-Tools/EL_8/

  * Ubuntu 18.04 (x86_64): https://download.opensuse.org/repositories/
    systemsmanagement:/Uyuni:/Stable:/Ubuntu1804-Uyuni-Client-Tools/
    xUbuntu_18.04/

  * Ubuntu 20.04 (x86_64): https://download.opensuse.org/repositories/
    systemsmanagement:/Uyuni:/Stable:/Ubuntu2004-Uyuni-Client-Tools/
    xUbuntu_20.04/

  * Ubuntu 22.04 (x86_64): https://download.opensuse.org/repositories/
    systemsmanagement:/Uyuni:/Stable:/Ubuntu2204-Uyuni-Client-Tools/
    xUbuntu_22.04/

  * Debian 9 (x86_64, aarch64, armv7l, i586): https://download.opensuse.org/
    repositories/systemsmanagement:/Uyuni:/Stable:/Debian9-Uyuni-Client-Tools/
    Debian_9/

  * Debian 10 (x86_64, aarch64, armv7l, i586): https://download.opensuse.org/
    repositories/systemsmanagement:/Uyuni:/Stable:/Debian10-Uyuni-Client-Tools/
    Debian_10/

  * Debian 11 (x86_64, aarch64, armv7l, i586, ppc64le, s390x): https://
    download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/
    Debian11-Uyuni-Client-Tools/Debian_11/

Keep in mind you should manage the client tools using the command
spacewalk-common-channels on the server, that will also allow you to add the
required channels for all those operating systems that are freely available.

Supported clients

At the moment the status is the following:

Distribution Salt bootstrap    Salt SSH bootstrap  Salt bootstrap    Traditional
             from server       from server         from client

openSUSE
Leap 15                                                              

SLE12                                                                

SLE15                                                                

CentOS7                                                              

Oracle Linux
7                                                                    

Oracle Linux
8                                                                    

Oracle Linux
9                                                                    

Amazon Linux
2                                                                    

Alibaba
Linux 2                                                              

AlmaLinux 8                                                          

AlmaLinux 9                                                          

Rocky Linux
8                                                                    

Rocky Linux
9                                                                    

Ubuntu18.04                                                          

Ubuntu20.04                                                          

Ubuntu22.04                                                          

Debian9                                                              

Debian10                                                             

Debian11                                                             

= Working, = Not working, = Untested

With the exception of RHEL/CentOS and Oracle Linux, all maintained SPs and
subversions are supported.

Untested clients

Distribution Salt bootstrap    Salt SSH bootstrap  Salt bootstrap    Traditional
             from server       from server         from client

RHEL7                                                                

RHEL8                                                                

RHEL9                                                                

RHEL7 is expected to work in the same way as CentOS7, using the CentOS7 client
tools. RHEL8 and 9 are expected to work in the same way as Rocky Linux or
AlmaLinux 8 or 9, using the AlmaLinux/Rocky Linux/Oracle 8 or 9 client tools

CentOS8 (and therefore RHEL8) does not have support for the traditional client
tools, only salt.

Known limitations

"spacewalk/minion_script" Autoinstallation snippet does not work with Salt
bundle

The Autoinstallation snippet named spacewalk/minion_script does not support the
Salt Bundle (venv-salt-minion) at this moment. Using this snippet is not
mandatory.

If the snippet is used, the autoinstallation will not fail, but the package
salt-minion will get installed and during the registration the Salt Bundle will
not get installed.

As temporary workaround, you can either:

  * Create your own custom snippet based on spacewalk/minion_script but
    adjusting the paths and name to use venv-salt-minion instead.

  * Use the original snippet, register the client, and then perform the
    migration to the Python Bundle, as described at the documentation

Uyuni Client Tools GPG not trusted by the clients

The GPG key for Uyuni Client Tools is not trusted by default by the respective
package management tools for each OS.

The systems will bootstrap without the GPG key being trusted, but will not be
able to install new client tool packages or updated them.

This can be fixed by adding the key uyuni-gpg-pubkey-0d20833e.key to all the
bootscrap scripts at variable ORG_GPG_KEY=. If you already have other keys
there, you can keep them.

For systems bootstrapped from WebUI, a salt state should be created to trust
the key, then the state can be assigned to the organization, and finally it can
be used using an Activation Key and the Configuration Channels to deploy the
change to the clients.

Documentation

It is usable but you can still find some issues, such references to SUSE
Manager that are scheduled to be fixed on subsequent versions.

Installation

Requirements

  * OS: openSUSE Leap 15.4 x86_64, fully updated

  * Main memory: Minimum 16 GB for base installation

  * Disk space: Minimum 100 GB for root partition, Minimum 50 GB for /var/lib/
    pgsql, Minimum 50 GB per SUSE product + 100 GB per RHEL product (/var/
    spacewalk)

See the documentation for more details on the system requirements.

Installing the Server

Add the Stable repository:

    zypper ar https://download.opensuse.org/repositories/systemsmanagement:/
    Uyuni:/Stable/images/repo/Uyuni-Server-POOL-x86_64-Media1/ uyuni-server

Install the pattern:

    zypper in patterns-uyuni_server

Run Yast2 and go to Network Services > Uyuni Setup

Follow the setup assistant.

See the Installation/Upgrade guide for detailed instructions on how to install.

Update from previous versions of Uyuni Server

See the Installation/Upgrade guide for detailed instructions on how to upgrade.

  * If you are upgrading from 2022.05 or earlier (at least 2021.06): You will
    need to follow the "Installation/Upgrade Guide > Upgrade > Upgrade the
    Server" > "Server - Major Upgrade" section.

  * If you are updating from 2022.06 or newer: You will need to follow the
    "Installation/Upgrade Guide > Upgrade > Upgrade the Server" > "Server -
    Minor Upgrade" section.

  * Migrating from versions older than 2021.06 is not possible

All connected clients will continue to run and are manageable unchanged.

Update from previous versions of Uyuni Proxy

When updating, always start with the server first and then continue with the
proxies.

See the release notes for the proxy and the Installation/Upgrade guide for
detailed upgrade instructions.

Other information

Red Hat Channels

Managing RHEL clients requires availability of appropriate Red Hat packages.

SUSE Channels

Managing SUSE Linux clients requires availability of appropriate SUSE channels.

Your licensed SUSE products can be used with Uyuni by following the setup
Wizard.

Check the manuals for more information.

Providing feedback

In case of encountering a bug please report it at https://github.com/
uyuni-project/uyuni/issues

Legal Notices

Copyright ? 2018 ? 2022 The Uyuni Project

This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
License. To view a copy of this license, visit http://creativecommons.org/
licenses/by-sa/3.0/es/ or send a letter to Creative Commons, PO Box 1866,
Mountain View, CA 94042, USA.

For SUSE trademarks, see http://www.suse.com/company/legal/. All other
third-party trademarks are the property of their respective owners. Trademark
symbols (?, ? etc.) denote trademarks of SUSE and its affiliates. Asterisks (*)
denote third-party trademarks.

All information found in this document has been compiled with utmost attention
to detail. However, this does not guarantee complete accuracy. Neither SUSE
LLC, its affiliates, the authors nor the translators shall be held liable for
possible errors or the consequences thereof.

Last updated 2022-11-23 16:55:19 +0100
