Version Revision History
2021/02/05: 2021.01 release
2020/11/26: 2020.11 release
2020/09/22: 2020.09 release
2020/07/24: 2020.07 release
2020/06/15: 2020.06 release
2020/05/21: 2020.05 release
2020/04/16: 2020.04 release
2020/03/19: 2020.03 release
2020/01/31: 2020.01 release
2019/08/02: 4.0.2 release
2018/12/19: 4.0.1 release
2018/10/26: 4.0.0 release
You can stay up-to-date regarding information about Uyuni:
Check the home site https://www.uyuni-project.org
Uyuni is a community-supported project. The ways or contacting the community are available at the home site.
Uyuni uses a rolling release model (meaning there will be no bugfixing for given Uyuni version, but new frequent versions that will include bugfixes and features)
Check the home site get in contact with the community.
Major changes since Uyuni Proxy 4.0.0
Features and changes
Recent Salt CVEs remediation
This release includes the fixes for CVE-2020-16846, CVE-2020-17490 and CVE-2020-25592 that we already released on November 16th for Uyuni 2020.09
You should patch all your Uyuni Server, Proxy, and Salt minions as soon as possible.
DNSSEC enabled by default by bind update
With the update of ISC bind to version 9.16.6 on openSUSE Leap 15.1 and openSUSE Leap 15.2, DNSSEC is now enabled by default, which may cause DNS resolution to fail unless there are fallback DNS servers.
The Retail Branch Server formula has been modified to disable DNSSEC, and will be updated to support DNSSEC in a future release of Uyuni. For existing Retail Branch Servers, you can disable DNSSEC to retain the same behaviour ISC bind showed until version 9.11.2. To do that, edit
/etc/bind and set:
dnssec-enable no; dnssec-validation no;
New products enabled
SUSE Linux Enterprise Real Time 15 SP2
|Check "Updating from version 2020.06" below for details, as this release updates the base OS from openSUSE Leap 15.1 to openSUSE Leap 15.2, and there are special steps required.|
Salt has been upgraded to upstream version 3000, plus a number of patches, backports and enhancements by SUSE, for the Uyuni Server, Proxy and Client Tools. In particular, CVE-2020-11651 and CVE-2020-11652 fixes are included in our release.
As part of this upgrade, cryptography is now managed by the Python-M2Crypto library (which is itself based on the well-known OpenSSL library).
We intend to regularly upgrade Salt to more recent versions.
For more details about changes in your manually-created Salt states, see the Salt upstream release notes 3000
Please note Salt 3000 is the last version of Salt which will support the old syntax of the
Base System Upgrade
The base system was upgraded to openSUSE Leap 15.2.
The Uyuni Proxy and Retail Branch Server can now be installed on top of openSUSE Leap 15.2 JeOS edition.
openSUSE Leap 15.1 JeOS Supported as a Base System
The Uyuni Proxy can now be installed on top of openSUSE Leap 15.1 JeOS
New products enabled
SUSE Linux Enterprise Real Time 12 SP5
SUSE Linux Enterprise 15 SP2 family
MicroFocus Open Enterprise Server 2018 SP2 (product GA in Q2 2020)
Content Lifecycle Filters for AppStreams
RHEL, SLES ES, CentOS and Oracle Linux 8 appstreams can now be mixed and converted to flat repositories using a new type of CLM filter.
EFI HTTP booting
The dhcp formula, branch network formula and pxe formula have been updated to support booting EFI terminals (systems) via HTTP in addition to TFTP.
Version format change
Uyuni is now changing from X.Y version format to YYYY.MM format, and the URLs for the repositories remove the X.Y part.
This will allow easier releases, no need to change URLs at all in the future, and less confussion regarding the relationship between Uyuni and SUSE Manager (Uyuni is always ahead).
CentOS8, RHEL 8 and SLES ES 8 support
CentOS 8, Red Hat Enterprise Linux 8 and SUSE Linux Enterprise Server Expanded Support 8 are now supported clients as Salt minions. The traditional stack will not be supported on these operating systems.
With the new application streams concept introduced in these operating systems, you will need to import both the BaseOS and the AppStream directories from the ISO image for the bootstrap repository to be created correctly. If the AppStream directory is not imported, you will receive an error about missing Python 3 packages.
AppStream awareness in the UI and Content Lifecycle Management will be available in an upcoming version of Uyuni.
This version of Uyuni includes formulas to install Prometheus and Grafana, and makes the Apache exporter available for Ubuntu 18.04, CentOS6, CentOS7 and Proxy.
SUSE Package Hub is now supported on the Server, since the problems with the search that were caused by PackageHub-provided packages have been solved.
If you were using Package Hub as a source of packages for you clients, it is recommended that you re-generate all package metadata. The reason for this is in the Package Hub repositories there may exist multiple packages with the same NEVRA but different checksums. This might result in checksum errors when repositories are used on the clients as Uyuni randomly selected any of those packages. After this update, Uyuni will generate the checksum into the package path to ensure the right package is used. If you use also Uyuni Proxy please update all of them before you re-generate the metadata.
The cpu-mitigations-formula is now installed by default.
The Retail branch network formula now works all SUSE and openSUSE based distros, using SuSEfirewall or firewalld as appropriate.
Enhanced support for Ubuntu and Debian clients
Support for all of the headers in .deb packages, including custom ones, when syncing Debian/Ubuntu repositories. You can use the new script
mgr-update-pkg-extra-tagsto update extra fields in DB without recreating all Debian/Ubuntu channels.
Support for .deb packages with hyphens in the package name or version. There remain a very small percentage (<0.1%) of packages for which our version comparison algorithm fails; we will fix this known issue in a coming release.
The Uyuni documentation has received improvements in all of the books, with small clarifications and enhancements all around: content lifecycle management filters, public cloud, JeOS, retail images and formulas, etc
Of particular interest for users with large installations will be the new Large Scale Deployment and Salt Tuning sections in the Salt Guide. Given that modifying advanced parameters can cause catastrophic failure, we recommend making a backup and being conservative doing changes.
Additionally, the search functionality in the documentation now works offline.
New products enabled (from SCC)
SLES12 SP3 LTSS
SUSE Linux Enterprise Real Time 12 SP4
RHEL 8 and SLES ES 8
openSUSE Leap 15.1
We now include packages for the latest version of Prometheus.
Some exporters will be pre-installed on Uyuni Manager Proxy as part of its self-monitoring features. They will provide hardware, operating system, and HTTP Proxy metrics.
Formulas Update for Retail Branch Server
Formulas used to operate a Uyuni for Retail Branch Server were updated to support a SUSE Linux Enterprise 15 SP1 environment.
Configuration of Uyuni Retail Branch Server with Multiple Network Interfaces
During installation of Uyuni Retail Branch Server the secondary network interface, intended to be used for the terminal network, may be configured and bound to a firewall zone. This zone binding can interfere with the configuration of Retail services, and could result in you being unable to apply the highstate.
To avoid this problem, ensure that:
the primary network interface is either bound to 'public' zone or not bound to any zone
the secondary network interface either bound to 'internal' zone or is not bound to any firewall zone.
Do this by running these commands before you apply the retail formulas:
firewall-cmd --permanent --zone=public --change-interface=eth0 firewall-cmd --permanent --zone=internal --change-interface=eth1 firewall-cmd --reload
This example assumes eth0 is the primary interface and eth1 the secondary terminal interface.
Salt has been upgraded to the 2019.2.0 release.
We intend to regularly upgrade Salt to more recent versions.
For more information about changes in your manually-created Salt states, see the Salt upstream release notes 2019.2.0.
Base System Upgrade
The base system was upgraded to openSUSE Leap 15.1. As a result, all code was ported to run with Python 3.
OS: openSUSE Leap 15.2 x86_64, fully updated
Main Memory: At least 2GB
Disk space: approx 50 GB per distribution or channel
See the Advanced Topics manual for more details on the system requirements.
Installing the Proxy
Installation of Uyuni Proxy is done via the Uyuni Server web interface.
See the Advanced Topics manual for step-by-step instructions for installing and configuring Uyuni Proxy.
The repository for the Proxy is https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/images/repo/Uyuni-Proxy-POOL-x86_64-Media1/
Update from previous versions of Uyuni Proxy
WARNING: Make sure you check the documentation this time as the base OS will change from openSUSE Leap 15.1 to openSUSE Leap 15.2 and this is considered a major upgrade. WARNING: This applies not only when updating from 2020.06, but also when updating from any version after 4.0.2 and 2020.01 (both included). Updating from 4.0.1 and 4.0.0 is not supported anymore.
When updating, always start with the server first and then continue with the proxies.
See the "Upgrade Guide" and then "Upgrade the Proxy" > "Major Upgrade" section for detailed upgrade instructions.
Do not use the '@' character in the Uyuni Proxy password, as it is not escaped correctly.
Single Sign On, API and CLI tools
Single Sign On can be used to authenticate in the Web UI but not with the API or CLI tools. This will be fixed in a future release of Uyuni.
In case of encountering a bug please report it at https://github.com/uyuni-project/uyuni/issues
Copyright © 2018 – 2020 The Uyuni Project and contributors. All rights reserved.
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/es/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.
For SUSE trademarks, see http://www.suse.com/company/legal/. All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its affiliates. Asterisks (*) denote third-party trademarks.
All information found in this document has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its affiliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof.