Version Revision History

  • 2022/05/10: 2022.05 release

  • 2022/04/29: 2022.04 release

  • 2022/03/31: 2022.03 release

  • 2022/02/28: 2022.02 release

  • 2022/01/28: 2022.01 release

  • 2021/12/09: 2021.12 release

  • 2021/09/23: 2021.09 release

  • 2021/08/16: 2021.08 release

  • 2021/06/24: 2021.06 release

  • 2021/05/18: 2021.05 release

  • 2021/04/21: 2021.04 release

  • 2021/03/01: 2021.02 release

  • 2021/02/05: 2021.01 release

  • 2020/11/26: 2020.11 release

  • 2020/09/22: 2020.09 release

  • 2020/07/24: 2020.07 release

  • 2020/06/15: 2020.06 release

  • 2020/05/21: 2020.05 release

  • 2020/04/16: 2020.04 release

  • 2020/03/19: 2020.03 release

  • 2020/01/31: 2020.01 release

  • 2019/08/02: 4.0.2 release

  • 2018/12/19: 4.0.1 release

  • 2018/10/26: 4.0.0 release

Stay informed

You can stay up-to-date regarding information about Uyuni:

Check the home site https://www.uyuni-project.org

Support

Uyuni is a community-supported project. The ways of contacting the community are available at the home site.

Release model

Uyuni uses a rolling release model (meaning there will be no bugfixing for given Uyuni version, but new frequent versions that will include bugfixes and features)

Check the home site get in contact with the community.

Major changes since Uyuni Server 4.0.0

Features and changes

Version 2022.05

Reporting Database documentation

The reporting database schema is now fully documented.

The documentation describes the schema in detail, showing all the tables and the views available and highlighting the relationships among them.

You can access it from the Uyuni Server WebUI, at Help > Report Database Schema, from the left navigation bar.

spacewalk-report now uses data from the reporting database

Starting with Uyuni 2022.05, spacewalk-report will use the data from the report database by default. This change affects both new and updated setups.

This means that the new generated reports will differ in the structure and the format of the data and might break existing integrations.

If this change causes trouble in your use case, the new option --legacy-report can be used to fallback to the old report engine.

For a comprehensive list of what is changed and what reports are affected, see the section "Generate Reports" at the Administration Guide.

Adding systems with failed actions to System Set Manager

It is now possible to select and add systems that failed or completed actions, with a new button Add Selected to SSM that shows for the actions at "Completed Systems" and "Failed Systems".

You can the find the actions at the Uyuni Server WebUI, at Schedule on the left navigation bar.

This can be useful to fix issues with systems that failed to complete actions, or to run more actions on those that completed them.

Technology Preview: JSON over HTTP API

With Uyuni 2022.05, in addition to the current XML-RPC API, a new JSON over HTTPI API will also be provided to make Uyuni API even easier to consume.

Uyuni is seeing more and more use in automated scenarios, where it is a part of a bigger system and driven via its APIs.

The XML-RPC protocol has served users well so far and will continue to do so, but HTTP APIs are more in demand and have better tooling support.

The API documentation has been updated to reflect the changes to support the HTTP API, and is available at the Uyuni Server WebUI under About > API, and at the website

Usage examples can be found in the "Sample scripts" section of the documentation.

With the addition of the JSON over HTTP API documentation:

  • Mandatory names to the input parameters for each method were added

  • Information about the HTTP request type (GET or POST) was added

  • Example scripts to consume the HTTP API via Curl were added

Version 2022.04

Salt SSH now uses the Salt Bundle

The Salt Bundle is now used to handle Salt SSH executions on the client side. The bootstrap of new Salt clients using webUI or API is now also using the Salt Bundle.

To ensure bootstrap works in the proper way, the bootstrap repositories for the clients must be regenerated before bootstrapping new clients.

The bootstrap repository regeneration happens for any given product when a resync for the product repositories happens:

  • For products provided by the SUSE Customer Center, added via de Setup Wizard or mgr-sync, this happens each night.

  • For products added via spacewalk-common-channels there is no automated resync by default, unless it was configured after adding the product. In this case, the regeneration needs to be trigger manually.

To manually trigger the regeneration, use the tool mgr-create-bootstrap-repo at the Uyuni Server.

Technology Preview: Containerized Uyuni Proxy and Retail Branch Server

Starting with Uyuni 2022.04, it will be possible to run the Uyuni proxy and Retail branch server also in containers. This could be very helpful in scenarios where adding new virtual machines is not feasible for some reason.

Additionally, the ability to run Uyuni Proxy and Retail branch servers in containers make it more flexible to run them anywhere without worrying about the underlying OS, while also making it possible to get the advantage of Kubernetes offerings like HA.

Reporting Database improvements

The following improvements have been made in the reporting database

  • Add UI for peripheral server with report database password regeneration

  • Added the server location information to the reporting database

  • detect MgrServer on bootstrap and store report database settings

  • Added Channel information

  • Added System packages information

  • Added OpenScap scans information

  • Added Groups information

  • Added System packages information

  • Added proxy information to the system table

  • Changed table SystemGroup to better reflect its content

  • Added location information to the system table

Improved image management

Uyuni 2022.04 comes with a lot of improvements for image management.

  • Kiwi images:

    • Uses name and version from Kiwi config file, revision is increased on each build

    • Built image files are referenced in the database and deleted with the image entry

    • Image pillars are stored in the database

    • The build log is visible in the User Interface

  • Docker images:

    • Use a new database entry for each revision

    • Old revision can be shown with the "Show obsolete" checkbox

  • Updated XML RPC API to manipulate with images, image files and pillars:

    • For more details about these end points, please refer to Uyuni API.

HSTS available

HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.

Uyuni 2022.04 allows enabling HSTS. Which means each request will need to be HTTPS while plain HTTP requests will be rejected.

To enable it for the Uyuni Server:

  1. Edit /etc/apache2/conf.d/zz-spacewalk-www.conf

  2. Uncomment the line # Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

  3. Restart Apache with systemctl restart apache2

To enable it for the Uyuni Proxy

  1. Edit /etc/apache2/conf.d/spacewalk-proxy.conf

  2. Uncomment the line # Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

  3. Restart Apache with systemctl restart apache2

IMPORTANT: If you enable HSTS while using the default SSL certificate generated by Uyuni, or a self-signed certificate, some browsers will refuse to connect using HTTPS unless the CA used to sign such certificates is trusted by the browser. If you are using the SSL certificate generated by Uyuni, you can trust it at the servers by using the file located at http://<UYUNI-SERVER-HOSTNAME>/pub/RHN-ORG-TRUSTED-SSL-CERT

Version 2022.03

Fixes for Salt security issues

Fixes for the following security issues have been released: CVE-2022-22934, CVE-2022-22935, CVE-2022-22936, CVE-2022-22941.

You should patch your Salt master at the Uyuni Server and minions as soon as possible. Please take the next section into account when upgrading the Salt.

Salt Upgrade

To properly upgrade Salt with the fixes for the latest CVEs, and avoid breaking the communication between for Salt master and minion, you need to upgrade your "salt-master" first and then continue upgrading your Salt minions.

In case that a Salt minion is upgraded with the CVE fixes but your Salt master is not, then the communication between the master and this minion will be broken, and you would see errors like the following in your minion logs:

2022-03-28 13:19:41,880 [salt.crypt       :743 ][ERROR   ][15942] Sign-in attempt failed: {'publish_port': 4505, 'pub_key': '-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\n''enc': 'pub','sig': ".."}
2022-03-28 13:19:41,885 [salt.minion      :1056][ERROR   ][15942] Error while bringing up minion for multi-master. Is master at salt-master-server.tf.local responding?

As soon as your Salt master is upgraded and restarted then the communication between master and minion will be restablished and the errors messages will not longer happen.

New XML-RPC API version 26

Uyuni 2022.03 updates the XML-RPC API version from 25 to 26, in preparation for SUSE Manager 4.3

There are no breaking changes to any methods.

If any of your scripts are checking for the version 25, you can change them to use version 26 without any further changes.

smdba: changed defaults for newer PostgreSQL versions

Starting with PostgreSQL 13, some defaults have changed.

To improve performance, smdba autotuning was adapted to use the new values.

Additionally an extra paramater --ssd was added to autotuning to tell smdba that the database is stored on ssd or fast network storage.

To change an existing configuration with the new defaults call

smdba system-check autotuning

Remember you can also adjust some other parameters, in case you need them:

smdba system-check autotuning [--max_connections=<number>] [--ssd]
Monitoring: Grafana 8.3.5

Uyuni 2022.03 updates Grafana from version 7.5.12 to 8.3.5.

This update fixes several security vulnerabilities:

  • XSS vulnerability in handling data sources (CVE-2022-21702)

  • Cross-origin request forgery vulnerability (CVE-2022-21703)

  • Insecure Direct Object Reference vulnerability in Teams API (CVE-2022-21713)

  • GetUserInfo: return an error if no user was found (CVE-2022-21673)

Updating Grafana is strongly recommended.

Relevant changes are:

  • New Alerting for Grafana 8

  • CloudWatch: Add support for AWS Metric Insights

  • CloudWatch: Add AWS RoboMaker metrics and dimension

  • CloudWatch: Add AWS Transfer metrics and dimension

  • CloudWatch: Add AWS LookoutMetrics

  • CloudWatch: Add Lambda@Edge Amazon CloudFront metrics

  • CloudMonitoring: Add support for preprocessing

  • CloudWatch: Add AWS/EFS StorageBytes metric

  • CloudWatch: Add Amplify Console metrics and dimensions

  • CloudWatch: Add metrics for managed RabbitMQ service

  • Elasticsearch: Add support for Elasticsearch 8.0

  • AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers

  • AzureMonitor: Add Azure Resource Graph

  • AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics

Check the upstream changelog for more details on what has changed.

There is one breaking change:

  • Grafana 8 Alerting enabled by default for installations that do not use legacy alerting.

Uyuni does not use Grafana alerting, so if you do not need it, you can disable it at the Grafana WebUI.

If you use legacy Grafana alerting in your environment, consider migrating to new Grafana 8 alerting.

Unsupported products
  • Red Hat Enterprise Linux 6

  • SUSE Linux Enterprise Server Expanded Support 6

  • Oracle Linux 6

  • CentOS 6

  • CentOS 8

  • Ubuntu 16.04

We highly encourage you to migrate your workload to a newer version of each distribution, or to an alternative distribution that is still supported, so you can continue managing your infrastructure with Uyuni.

Please note that we will not break things on purpose for these unsupported products, and there is a possibility that they could still continue to work. But if things break, there will not be any support provided, not even on a best-effort basis, unless someone from the community can step in.

Version 2022.02

PostgreSQL default password encryption mechanism change

PostgresSQL is changing its default password encryption mechanism from md5 to scram-sha-256.

With this update Uyuni will follow this change and will migrate the database user to this new encryption mechanism.

This should happen fully automated for the existing database user.

The following changes will happen:

  • At the /var/lib/pgsql/data/postgresql.conf file, password_encryption = scram-sha-256 will be set.

  • The password for the user specified in the file /etc/rhn/rhn.conf will be reset.

  • At the /var/lib/pgsql/data/ph_hba.conf file, all mechanisms which are set to md5 will be changed to scram-sha-256.

In case additional users where created, the passwords must be reseted.

This can be done with the following command on the Uyuni Server executed as "root" user, and exchanging`<DBUSER>` with the right username and <DBPASSWD> with the new password:

runuser - postgres -c "echo \"ALTER USER <DBUSER> WITH PASSWORD '<DBPASSWD>';\" | psql"
Reporting Database

The reporting database provides Uyuni data used for reports in a simplified schema, and is accessible by any reporting tool with support for SQL databases as content sources.

This new database is isolated from the one used for the Uyuni Server, and created automatically.

The tool uyuni-setup-reportdb-user can create new users which has read-only access to the data.

For more information on this topic, see Hub reporting.

Ubuntu errata installation

Uyuni now comes with Ubuntu errata support. It does this by downloading errata information from https://usn.ubuntu.com/usn-db/database.json and matching it after the syncing of Ubuntu channels.

It also adds support for installing errata on Ubuntu systems by mapping them to package installs.

For users, it will be a seamless experience and they will get exactly the same UX as it was for errata management for other distros.

Monitoring
Prometheus 2.32.1

Uyuni 2022.02 updates Prometheus from version 2.27.1 to 2.32.1.

The new version contains some breaking changes that need to be addressed after the Uyuni Server is updated.

Breaking changes:

  • Uyuni Service Discovery: The configuration and the returned set of meta labels have changed. Please check the upstream documentation for more details.

  • As a consequence all users with existing monitoring setup must reapply the highstate on the monitoring server(s).

Important changes:

  • Introduced generic HTTP-based service discovery.

  • New expression editor with advanced autocompletion, inline linting, and syntax highlighting.

  • Discovering Kubernetes API servers using a kubeconfig file.

  • Faster server restart times via snapshotting.

  • Controlling scrape intervals and timeouts via relabeling.

Check the upstream changelog for more details on what has changed.

Postgres exporter updated to version 0.10.0 for SUSE Linux Enterprise and openSUSE

Uyuni 2022.02 updates the Postgres exporter from version 0.4.7 to the version 0.10.0 for SUSE Linux Enterprise and openSUSE.

This version brings the rename of the package from golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter, as this package is now part of the Prometheus Community Projects. After the package is updated, you will need to reenable the prometheus-postgres_exporter service:

  • For the Uyuni Server WebUI, proceed to Admin > Manager Configuration > Monitoring. You will see PostgreSQL database is stopped. Click Enable and the service will get started.

  • For the SUSE Linux Enterprise and openSUSE, apply the highstate to all the clients where the PostgreSQL needs to be exported.

The new version also contains a patch that allows connecting to PostgreSQL servers using scram-sha-256, which is the new default for Uyuni installations starting with 2022.02.

Check the upstream changelog for more details, including new metrics.

Other operating systems such as for example CentOS7 or AlmaLinux 8 will get 0.10.0 with future Uyuni releases.

SLES PAYG client support on cloud

It is now possible to sync content from SUSE-operated Cloud RMT Server from the Uyuni. This makes it a lot easier for users with SLES PAYG instances because now they don’t need to go through a cumbersome process of getting zero-cost subscriptions.

It works in all three major public clouds AWS, GCP, and Azure.

For more information and instructions on this topic, see the Connect Pay-as-you-go instance.

openscap for Debian 11 (Tech Preview)

Uyuni 2022.02 provides the openscap package binaries using the sources from Debian Sid. Debian11 itself does not provide openscap, as it was removed from Debian Testing during Debian 11 development.

This is a Tech Preview and therefore not supported, but we invite the community to provide feedback and will provide updates from the Debian upstream package if needed.

Version 2022.01

Debian 11 as client

Uyuni is now able to manage Debian 11 clients as salt or salt-ssh minions, as well as all other features that work for previous versions of Debian, with the exception of openscap as it is not available on Debian 11

The following architectures can be managed:

  • x86_64

  • aarch64

  • armv7l

  • i586

  • ppc64le

  • s390x

Check the Client Configuration Guide for information about how to configure Uyuni Server to work with Debian 11 clients.

The patch details page now contains a new section Vendor Advisory, which links to the original advisory provided by the vendor of the patch.

This information is auto-generated from data already existing in the database thus, when possible, it will be available for both new and existing patches.

With Uyuni 2022.01, the following providers are supported:

  • SUSE

  • Red Hat

  • Oracle

  • Amazon

  • AlmaLinux

  • RockyLinux

  • Alibaba

Add support for custom SSH port for SSH minions

Starting with Uyuni 2022.01, using TCP port 22 for SSH minions is not required anymore, and any TCP port can be used.

Change proxy used for clients from the WebUI

It is now possible to change the proxy used by an Uyuni client using the WebUI.

This can be done from the Connection tab at the Details tab for any Salt client, using the new link Change to change the connection type.

Using System Set Manager is supported as well, and can be done from the Misc tab, and then Proxy tab.

NOTE: Changing the connection for a Proxy to move it, is not supported at this moment. The Connectiontab will not show the Change link for proxies.

Version 2021.12

Salt as a Bundle

Salt Bundle is a single package called venv-salt-minion containing the Salt Minion, Python and all Python modules. It is exactly the same version and codebase for the current salt-minion RPM package.

The Salt Bundle can be used on systems that already run another Salt Minion, that do not meet Salt’s requirements or already provide a newer salt version that is used instead of the version provided by Uyuni.

Starting with Uyuni 2021.12, Uyuni is able to bootstrap systems with Salt Bundle for all the supported operating systems.

On bootstrapping new clients the Salt Bundle package will be used instead of salt-minion, if the package venv-salt-minion is present in the bootstrap repo.

Clients already registered will not be changed, but can be switched to Salt Bundle with applying the state util.mgr_switch_to_venv_minion to them. For more information see the Client Configuration Guide.

Uyuni 2021.12 adds support for the aarch64 (ARM64) architecture for the following operating systems:

  • openSUSE Leap 15.3

  • CentOS 7/8

  • Oracle Linux 7/8

  • Rocky Linux 8

  • AlmaLinux 8

  • Amazon Linux 2

System reactivation

It is now possible to re-activate a system using the UI/XMLRPC-API of Uyuni which was only possible using bootstrap script before. The bootstrapping page UI has been extended and the user can now enter the reactivation key of the system and the UI/XMLRPC-API of Uyuni will take care of the rest.

The same could be achieved from the XMLRPC API.

Low Diskspace notification

With Uyuni 2021.12, on the login page, a banner will be shown when available disk space on the server will be running low. This will help users avoid situations like the automatic shutdown of Uyuni when disk space is critically low, without even noticing it.

Package Locking for Salt Minions

Package locks are used to prevent unauthorized installation or upgrades of software packages. In the past the package lock feature was only available for traditional clients. Now it is also available for Salt clients (SUSE, RHEL and clones, and Debian/Ubuntu).

Check the Package Locking documentation for information about how to use this feature.

Monitoring
Prometheus Blackbox exporter

Uyuni 2021.12 comes with the Blackbox exporter, which allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP, and ICMP. It needs to be installed next to the Prometheus server and not on the clients. Prometheus formula has been extended to configure the Blackbox exporter.

The package prometheus-blackbox_exporter has been added as recommended for the Proxy.

Formulas

One of the limitations of the current formulas is that they are listed against every client, even if the supported packages are not available for that OS version or service pack.

While we are continuously focused on improving the formulas, for now, starting with the monitoring formulas it will be mentioned in documentation if applying those formulas would actually work in the case of a particular client.

In 2021.09, we made the Prometheus package available for Uyuni Proxy and Retail Branch Server but that is not the case with Grafana.

  • Prometheus is available for the client tools for SLE 12, SLE 15, and openSUSE 15 Uyuni Proxies or Retail Branch Servers

  • Grafana is available for the client tools for SLE 12, SLE 15, openSUSE15

Content Lifecycle Management improvement

From the Content Lifecycle Management project view, the new column Last build has been added. This information is useful when you need a general overview of all latest build times rather than retrieving the information project by project.

New XMLRPC API methods for SaltKey

Following new XMLRPC methods have been added in SaltKey namespace.

  • accept : API endpoint to accept minion keys

  • reject : API endpoint to reject minion keys

  • pendingList : API endpoint to list pending salt keys

  • acceptedList : API endpoint to list accepted salt keys

  • rejectedList : API endpoint to list rejected salt keys

These methods could further help in improving the automation workflows.

New product enabled
  • SUSE Linux Enterprise Server 15 SP2 LTSS

CVE-2021-40348 remediation

A security fix for CVE-2021-40348 is included as apart of Uyuni 2021.08, to fix a potential injection arbitrary code to a root-owned file that eventually will be executed by the system.

The fix for this problem was previously released on October 29th as a patch on top of Uyuni 2021.09, but if you did not apply such patch yet, we recommend appling the update to Uyuni 2021.12 as soon as possible.

CentOS 8 End of Life

CentOS 8 will be End of Life on December 31st, 2021. Uyuni support for this product will end as well.

Please refer to support section for more information.

Future deprecation of the traditional stack

This version of Uyuni is compatible with Salt and traditional clients. We will deprecate traditional clients and traditional proxies in the summer of 2022.

After summer of 2022, Uyuni will not support traditional clients, and the code to support it will be removed at some point after the summer.

We encourage all new deployments to use Salt clients and Salt proxies exclusively, and to migrate existing traditional clients to Salt.

Version 2021.09

AppStreams WebUI improvements

The content lifecycle project page in the WebUI has been further improved. This page now provides AppStreams with a default filter template. This template creates a module filter for each module in the repository, and specifies the default stream for each module.

Improve the date time handling on the UI

Uyuni 2021.09 fixes a number of inconsistencies in date time handling related to time zones by always using the IANA standard format.

A few pages at the Admin menu still show the old format, and will be adapted with the next Uyuni versions.

Support syncing patches with advisory status 'pending'

Uyuni 2021.09 now supports the new advisory status pending as used by the EPEL7 and 8 repositories.

Virtualization

Virtualization in Uyuni has received some enhancements:

  • UEFI support: UEFI support has been added for creating and editing VMs. Note that Auto discovery of the firmware binary and NVRAM depends on the version of libvirt installed on a minion.

  • virt-tuner templates: virt-tuner template has been added to create a VM. Now users can select a template from the those supported by the virt-tuner tool.

spacecmd: allow massive archive and delete actions

Added new commands to "spacecmd" to allow massive archive and delete actions:

  • schedule_archivecompleted: archive all completed actions older than a given date

  • schedule_deletearchived: delete all archived actions older than a given date

This allows bypassing the Web User Interface display limit.

Recent cobbler CVEs remediation

In addition to fixing Fixed Remote Code Execution in the XMLRPC API which additionally allowed arbitrary file read and write as root, this release includes the fixes for CVE-2021-40323, CVE-2021-40324, CVE-2021-40325.

Version 2021.08

Rocky Linux 8 as client

Uyuni is now able to manage Rocky Linux 8 clients as salt or salt-ssh minions, as well as all other features that work for CentOS 8 or AlmaLinux 8.

Rocky Linux OS intends to fill the gap that will exist after CentOS 8 Stable is End of Life by the end of 2021. According to the Rocky Enterprise Software Foundation "Rocky Linux is a community enterprise operating system designed to be 100% bug-for-bug compatible with America’s top enterprise Linux distribution now that its downstream partner has shifted direction."

Check the Client Configuration Guide for information about how to configure Uyuni Server to work with Rocky Linux clients.

For now the following architectures are supported: x86_64

Support for Rocky Linux 8 will continue to improve, including support for other architectures.

Ansible Playbooks test mode

Ansible Playbooks can now run in test mode.

Known issue: When running a playbook in test mode using an Ansible control node that is registered as SSH minion in Uyuni, then the action is always reported as failed, even if it succeeds.

Kiwi parameters for OS Image profiles

It is now possible to pass custom kiwi parameters in an OS Image profile.

This can be particularly helpful for selecting a specific profile when passing the option (--profile <profilename>) to Kiwi files containing multiple profiles.

Fixes for AArch64 hosts, including virtualization

Uyuni 2021.08 now collects more information about CPU for AArch64 systems. That, together with some more fixes, make virtualization features usable on AArch64 systems.

Virtual Machines and UEFI

Virtual machines can now be created with UEFI support from the web interface.

Pacemaker support for KVM and Xen virtual machines

Starting with Uyuni 2021.08, creating a virtual machine on a Pacemaker cluster node defines the resource on the cluster. The cluster-managed virtual machines can also be live migrated using the Uyuni web interface.

New CLM Filter Template

Content Lifecycle Management got a new filter template to setup Live Patching based on an existing system.

OpenSCAP Audit

The OpenSCAP XCCDF scan UI supports now more options and additional OVAL files can be defined. Supported options are:

  • --profile <name>

  • --rule <id>

  • --tailoring-file <path>

  • --tailoring-id <id>

  • --fetch-remote-resources

  • --remediate

You can provide additional OVAL files paths to prevent using --fetch-remote-resource when the file is locally available.

Logs for Salt SSH clients

Starting with Uyuni 2021.08, all Salt SSH clients will have a log at /var/log/salt-ssh.log, as well as log rotation configured for it.

Tech-preview: Inter-Server Synchronization version 2

Uyuni 2021.08, includes Inter-Server Synchronization version 2. This new version allows exporting software channels between servers without the previous notions of master and slave. Unlike the previous Inter-Server Synchronization, no mandatory direct connection between servers is needed since data are exported and imported in a disconnected mode.

Check the (new Inter-Server Syncronization 2 documentation for more information.

Monitoring
Grafana

Grafana was updated from version 7.4.2 to 7.5.7.

Check the upstream documentation for details on what has changed:

Prometheus

Prometheus was updated from version 2.26.0 to 2.27.1.

Important changes:

  • SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622)

Check the upstream documentation for more details on what has changed:

Version 2021.06

Upgrade notes

WARNING: This release updates the base OS from openSUSE Leap 15.2 to openSUSE Leap 15.3 and there are special steps required. You need at least Uyuni 2020.07 already installed to perform the upgrade, and you need to follow the (major upgrade procedure for the Server. More details are also available at the "Update from previous versions of Uyuni Server" section below.

Salt 3002

Salt has been upgraded to upstream version 3002, plus a number of patches, backports and enhancements by SUSE, for the Uyuni Server, Proxy and Client Tools (where the client operating system supports Python 3.5+; otherwise Salt 3000 or 2016.11 are used).

Salt 3002 only works with Python 3.5+, therefore:

  • Salt 3002 is only available on SLE 15, RHEL 8 (and clones: CentOS, Oracle Linux, SLES Expanded Support and AlmaLinux), Ubuntu 18.04 and 20.04, and Debian 10. Only a Python 3 version is provided.

  • Salt 3000 is still the version of Salt for SLE 12, RHEL 7 (and clones: CenOS, Oracle Linux, SLES Expanded Support, Amazon Linux and Alibaba Cloud Linux) and Debian 9. Only a Python 2 version is provided. SLE 12 additionally provides a Python 3 version.

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the Salt 3002 upstream release notes and Salt 3001 upstream release notes.

Base System Upgrade

The base system was upgraded to openSUSE Leap 15.3.

The Uyuni Proxy and Retail Branch Server can now be installed on top of openSUSE Leap 15.3 JeOS edition.

PostgreSQL 13

The database engine has been updated from PostgreSQL 12 to PostgreSQL 13, which brings a number of performance and reliability improvements. A detailed changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, Uyuni  2021.06 will refuse to start until the database migration from PostgreSQL 12 to PostgreSQL 13 has completed successfully.

Please note the database migration from PostgreSQL 12 will rebuild the database indices. This may take several hours if you have thousands of software channels.

Missing openSUSE Leap 15.3 channels added to spacewalk-common-channels

After openSUSE Leap 15.3 GA, two new repositories we added as part of Maintenance Updates, and are now part of spacewalk-common-channels as two new channels:

  • opensuse_leap15_3-sle-updates

  • opensuse_leap15_3-backports-updates

Both channels are available for x86_64 and aarch64 architectures.

You can add them to your Uyuni Server with spacewalk-common-channels, and then sync them.

After the sync is complete, consider adding them to all your openSUSE Leap 15.3 clients.

Integration of Ansible into an Uyuni automation environment to protect customer investment and ease migration (Technology Preview)

Configuration and automation platforms have become increasingly important to control an organization’s ever-growing IT landscape. There are a variety of popular tools in the market and companies may have already made investments in a particular tool, one of them being Ansible.

Adopting Uyuni, or migrating to it, does not mean that you should necessarily renounce your previous configuration management systems investment. Uyuni 2021.06 provides support for Ansible packages on SLE and connects to the Ansible control nodes on any supported client operating system to gather inventory, playbooks and manage clients with Uyuni.

Uyuni 2021.06 allows you to simply re-use and run your Ansible playbooks, saving time and resources by consolidating tools while keeping existing automation investments. This means you do not have to re-implement your Ansible automation solution, making migration to the SUSE and openSUSE landscape easier.

Combined with its strong Salt capabilities, it enhances Uyuni’s configuration and automation capabilities helping you to orchestrate even the largest environments – across cloud and on-premise.

Version 2021.05

New products enabled
  • SLE Micro 5.0

  • openSUSE MicroOS

SLE Micro 5.0 and openSUSE MicroOS as clients

Uyuni 2021.05 provides limited support for SLE Micro 5.0 and openSUSE MicroOS clients. The following features work:

  • Client registration

  • Salt remote commands

  • Formulas and Formulas with Forms

  • Installed software packages, updates, patches, etc are listed

  • Refreshing installed package list

  • Package installation, update, patching, removal

  • Content Lifecycle Management

  • State and configuration channels

  • Autoinstallation with AutoYaST and Yomi

Known issues:

  • transactional-update versions 3.2.2-1.1 or older contain a bug and will not work properly with Salt. A fix will be shipped (in SLE Micro 5.0) soon, which will enable it with Salt and Uyuni.

  • Package and patch installation, removal and update work but after installation, the WebUI will not show the actual patch state of the system, and it will not notify a reboot is required for those changes to be enabled. As a workaround, you can manually schedule a reboot.

  • Action chains will fail

  • Container management. Uyuni cannot manage podman containers at the moment but you can use Salt remote commands for that.

  • Maintenance windows in SLE Micro are currently independent from Uyuni’s

  • First releases of SLE Micro 5.0 contained a broken salt-minion package. Please make sure you use the latest version available in the SLE Micro Update channel. This does not affect openSUSE MicroOS.

SLE Micro and openSUSE MicroOS are only supported as a Salt minion. The traditional stack will not be supported.

The missing features will be added in upcoming releases of Uyuni.

Deprecated products
  • Red Hat Enterprise Linux 6

  • Oracle Linux 6

  • CentOS 6

  • Ubuntu 16.04 LTS

RHEL 6 (and clones: CentOS 6, Oracle Linux 6, SLES ES 6) ended upstream general support on November 30th, 2020. After a grace period of 7 months, we are now ending fixes for these operating systems.

Ubuntu 16.04 LTS ended upstream general support on April 30th, 2021. After a grace period of 3 months, we are now ending fixes for these operating systems.

Please note "ending fixes" means their client tools remain available and can still be added, mirrored and used. But in case they stop working at some point in time, fixes will only be provided as on a best-effort basis (which in general means if the issue can be reproduced with a supported operating system, it will be fixed; but if the issue is specific to the unsupported operating system, a fix should not be expected).

Prometheus TLS

Prometheus and the Prometheus formulas now support TLS and basic authentication for HTTP endpoints. This provides a way to securely transfer metrics data.

Migrate clients from openSUSE Leap to SUSE Linux Enterprise Server

The "Service Pack Migration" feature has been renamed "Product Migration".

In Uyuni 2021.05, the Product Migration feature allows two different use cases:

  • Migration from one service pack to another within the same major version of SUSE Linux Enterprise (e. g. from SLE 15 SP2 to SLE 15 SP3)

  • Migration from openSUSE Leap to the equivalent version of SLES (e. g. from Leap 15.3 to SLES 15 SP3). A registration key for openSUSE Leap is required, which can be obtained from SCC for free.

Migration between different SUSE Linux Enterprise codestreams (e. g. SLE 12 to SLE 15) is not possible using the Product Migration feature. Use autoinstallation profiles for that.

Migration between non-SUSE products (e. g. from CentOS to AlmaLinux) is not available at the moment.

Easier system group and configuration channel assignment

We have simplified the screens where system groups and configuration channels were assigned by removing the tabs and subtabs. All the information and actions are now in the same screen.

Enhanced CLM filter list

The Content Lifecycle Management filter list screen how allows filter selection, deletion and sorting and search by project.

Notify beacon for DEB-based clients

While the recommended way to manage clients is to install, remove, patch, etc from Uyuni, which triggers the correct actions, sometimes users run the package managers directly. When doing this on Debian and Ubuntu clients, the WebUI showed an outdated package list for some time.

Uyuni now hooks directly into the package manager database on the client to identify local package management and trigger a package refresh from the Server to make sure the list of packages is always up to date.

Allow setting primary FQDN for the systems

It is now possible possible to set/get the primary FQDN of a given system.

  • Via XMLRPC-API:

    • The existing system.getNetworkForSystems method will now return a new fqdn field with the primary FQDN

    • A new system.setPrimaryFqdn method has been added to set the primary FQDN of a given system

  • Via WebUI:

    • The primary FQDN of a given systems can ve visualized/set via System > Details > Hardware page.

    • This is specially useful because this data is used to configure target address for monitoring.

Virtualization

Virtualization in Uyuni has received a number of enhancements:

  • Fine-tuning: CPU pinning and special memory configurations, such as those required when running SAP under KVM, can now be configured with Uyuni.

  • Autostart: automatically start needed networks and storage pools when creating/starting a VM

  • Virtual console: the virtual console monitors virtual machine state changes and can be opened even when the virtual machine is powered off. This helps in debugging startup issues, and allows to manage the VM even when it is running on another virtualization host.

  • The virtpoller beacon is now removed a replaced by a refresh action.

Custom data as pillar

Traditional stack clients could receive some custom information via macros but this feature was missing on Salt clients.

In Uyuni 2021.05, we have implemented passing any custom information to Salt clients (both salt-minion and salt-ssh) via pillars:

salt \* pillar.get custom_info:key1
minion:
    val1
Retracted patches

When an operating system vendor releases a new patch, it might happen that the patch has undesirable side effects (security, stability, boot no longer working, etc) on some scenario that was not identified by testing. When that happens (very rarely), vendors typically release a new patch, which may take from hours to days, depending on the internal processes in place by that vendor.

SUSE has introduced a new mechanism called "retracted patches" to take back such patches in minutes by simply removing the bad patch from the repository metadata and resorting to the previously working patch. These patches receive the advisory status "retracted" (instead of the usual "final" or "stable").

Uyuni now supports retracted paches across all the lifecycle:

  • Retracted patches can be synchronized

  • When a patch is retracted, it will be noted as such with its own specific icon and status

  • Retracted patches can be cloned

Following the behavior defined in zypper:

  • Once a retracted patch is installed, it will not be uninstalled unless you uninstall it explicitly. Uyuni will never automatically uninstall anything from your systems on its own.

  • Once a patch has been retracted by the vendor, the retracted patch cannot be installed via normal patch, update and installations.

  • Retracted patches remain available in the software channels and can be forcefully-installed/updated-to by speficying the exact version you want to install (e. g. by using zypper directly or by using the exact version in a Salt state).

To protect our users, the behaviour when cloning retracted patches is slightly different than usual:

  • When a Content Lifecycle Management project uses a source channel which contains a now-retracted patch, a warning is displayed so that you are aware you should build and propagate the patch as soon as possible.

  • When a retracted patch is synchronized, it will not be cloned to the cloned channels by default. You will need to propagate it explicitly, like any other patch.

  • In contrast, once a retracted patch has been added one Content Lifecycle Management project and the project software channels built, the retracted patch will be automaticaly propagated all the other projects where that (now retracted) patch is available.

Client systems forwarded to SUSE Customer Center

This feature is only available when you enter your SCC mirroring credentials in Uyuni Server.

Until Uyuni 2021.05, the managed clients were not listed at SCC even if a SCC account was present at the Uyuni Server. This surprised users, who did not understand why clients connected via SUSEconnect, RMT or SMT would show in SCC, but clients connected with Uyuni would not.

Responding to this often-asked question and feature request for both Uyuni and SUSE Manager, we have now implemented client list forwarding to SCC in Uyuni 2021.05.

If you have a SCC account added at your Uyuni Servers, then the clients (even non-SUSE operating systems) managed by Uyuni Server (connected directly or via Proxy or Retail Branch Server) will be listed in SCC.

When a client is removed from Uyuni, it will also be removed from SCC.

The information transferred is limited to that which is already collected and transferred by SUSEconnect, RMT and SMT:

  • Client OS name and version

  • Hostname

  • Number of CPU sockets

  • Architecture

  • UUID of the system

  • Hypervisor and cloud provider information

  • Login: Uyuni instance id + client system id

  • Password: random string generated by Uyuni. Not used.

This information is used for statistical and product research purposes only.

In case you want to add your SCC account to Uyuni but completely disable client list submission to SCC, set this parameter in /etc/rhn/rhn.conf and restart Uyuni (spacewalk-service restart):

server.susemanager.forward_registration = 0

Display of the client operating system name and version in SCC is pending an upcoming update in SCC.

Configuration state summary

In Uyuni, configuration may come from many different places: Uyuni itself, configuration channels assigned to your organization, configuration channels assigned to the system groups your clients belong to, configuration channels assigned directly to a client system or formulas with forms.

When managing a large number of clients distributed across several organizations, with multiple system groups, channels, etc, knowing what is exactly the configuration that will be applied may become a daunting task.

In Uyuni 2021.05, we have added the configuration state summary to the Highstate page of the client. With this, you can see exactly where state is coming from.

Live patching made easy with filter templates

SUSE Linux Enterprise Live Patching helps customers to bring down reboot cycles to once a year which saves companies a time, resources and availability compared to not using live patching at all.

Setting up Live Patching requires installing specific kernel versions which are enabled for live patches, and installing the specific live patches.

Uyuni 2021.05 implements filter templates, which are a set of pre-defined filters for a specific use case. The first filter template we are including in Uyuni 2021.05 makes it easy to configure live patching for a specific SUSE product (e. g. SLE 15 SP2). New filter templates and additional information about the lifecycle of the live kernel will be added in upcoming versions of Uyuni.

HTML documentation for the API

The API documentation is now available in HTML format, in addition to the existing PDF document.

The new HTML API documentation includes a search engine too:
https://www.uyuni-project.org/uyuni-docs-api/uyuni/index.html

New API calls

New API calls have been added:

  • Enhanced config channel API with list assigned groups

  • Enhanced server group API with config channel and formula access methods

  • Added an API endpoint to allow/disallow scheduling irrelevant patches

  • Added APIs to manage retracted patches

  • Added APIs to set and get the primary FQDN of a given system (system.getNetworkForSystems/system.setPrimaryFqdn)

spacecmd improvements

The spacecmd commandset has been modified to match the current features of the product:

  • Add group_addconfigchannel and group_removeconfigchannel

  • Add group_listconfigchannels and configchannel_listgroups

  • Deprecated "Software Crashes" commands

Activation key dropped from system details

Activation keys can be used when registering new clients, or re-registering existing clients, to make sure the correct software entitlements, software channels, system groups, etc are applied when they come under Uyuni management.

After a client is registered to Uyuni, activation keys serve no purpose. Software channels, groups, etc can be changed independently from the activation key.

The fact the activation key remained in the System Details led users to think editing the activation key (e. g. changing the software channels assigned to that activation key) would change what was assigned to that client system. This is not true. To avoid that confusion, the Activation Key field has been removed from the System Details of registered clients.

Activation keys can still be used during client registration.

Software Crashes (ABRT) dropped

The Software Crashes feature, based on the ABRT library, has been dropped in Uyuni 2021.05. This was a very old feature which only worked on a limited set of clients and required careful configuration to actually submit crash reports to the Uyuni Server instead of upstream projects.

Warning about Ansible integration

Uyuni 2021.05 introduces some new changes related with the ongoing implementation of Ansible control node management:

  • New "Ansible Control Node" system type in "System → Properties".

  • New "Ansible" tab in the system page to operate your Ansible control node.

  • New XMLRPC endpoints for operating your Ansible control node.

This technology preview feature is NOT yet ready to work correctly in Uyuni 2021.05. You should not assign this new "system type" yet to your registered systems. The feature will be available with Uyuni 2021.06

Version 2021.04

Vendor change for some Java dependencies

We continue to increase the number of Java depencies we use directly from openSUSE.

Before starting the services, make sure you run this command to change the vendor of the xstream package:

zypper install --allow-downgrade --allow-vendor-change -f xstream-1.4.15-lp152.2.3.1

This will also install the packages xpp3 and xpp3-minimal

Fix for potential security issue with Java RMI

Uyuni 2021.04 fixes a potential security issue that could allow remote code execution via Java RMI.

This issue only existed on the Uyuni Server if the self-monitoring was enabled.

The access to Java RMI is now limited to localhost.

New products enabled
  • Amazon Linux 2

  • Alibaba Linux 2

  • AlmaLinux 8

  • MicroFocus Open Enterprise Server 2018 SP3

  • openSUSE Leap 15.3 (Beta)

Amazon Linux 2 and Alibaba Linux 2 clients

Uyuni is now able to manage Amazon Linux 2 and Alibaba Linux 2 clients as salt or salt-ssh minions, as well as all other features that work for CentOS 7.

Check the Client Configuration Guide for information about how to configure Uyuni Server to work with Debian clients.

For now the following architectures are supported: x86_64

Support for Amazon Linux2 and Alibaba Linux 2 will continue to improve, including support for aarch64 clients.

AlmaLinux 8

Uyuni is now able to manage AlmaLinux 8 clients as salt or salt-ssh minions, as well as all other features that work for CentOS 8.

AlmaLinux OS intends to fill the gap that will exist after CentOS 8 Stable is End of Life by the end of 2021. According to the AlmaLinux OS Foundation "AlmaLinux OS is a 1:1 binary compatible fork of RHEL® 8"

Check the Client Configuration Guide for information about how to configure Uyuni Server to work with AlmaLinux clients.

For now the following architectures are supported: x86_64

Support for AlmaLinux 8 will continue to improve, including support for other architectures as they are added to AlmaLinux.

Maintenance Windows UI

Scheduling Maintenance Windows is now easier:

  • An interactive calendar has replaced the display of the iCalendar file in the details view

  • An interactive web calendar replaces the listing of upcoming maintenance windows in the details of a maintenance schedule, and events associated with that schedule are displayed.

Removal of deprecated XMLRPC API methods

The following XMLRPC API methods have been deprecated for a long time and are removed as part of Uyuni 2021.04:

  • ActivationKeyHandler addPackageNames(User loggedInUser, String key, List packageNames)

  • ActivationKeyHandler removePackageNames(User loggedInUser, String key, List packageNames)

  • ChannelHandler listRedHatChannels(User loggedInUser)

  • ChannelSoftwareHandler listAllPackages(User loggedInUser, String channelLabel, String startDate, String endDate)

  • ChannelSoftwareHandler listAllPackages(User loggedInUser, String channelLabel, String startDate)

  • ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String channelLabel, String startDate, String endDate)

  • ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String channelLabel, String startDate)

  • ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String channelLabel)

  • ChannelSoftwareHandler setSystemChannels(User loggedInUser, Integer sid, List channelLabels)

  • ChannelSoftwareHandler listErrata(User loggedInUser, String channelLabel, String startDate)

  • ChannelSoftwareHandler listErrata(User loggedInUser, String channelLabel, String startDate, String endDate)

  • ChannelSoftwareHandler subscribeSystem(User loggedInUser, Integer sid, List labels)

  • ChannelSoftwareHandler unsubscribeChannels(User user, List sids, String baseChannel, List childLabels)

  • ErrataHandler listByDate(User loggedInUser, String channelLabel)

  • KickstartHandler listKickstartableTrees(User loggedInUser, String channelLabel)

  • ContentSyncHandler synchronizeProductChannels(User loggedInUser)

  • SystemHandler listBaseChannels(User loggedInUser, Integer sid)

  • SystemHandler listChildChannels(User loggedInUser, Integer sid)

  • SystemHandler applyErrata(User loggedInUser, Integer sid, List errataIds)

  • UserHandler getLoggedInTime(User loggedInUser, String login)

  • SystemHandler setChildChannels(User loggedInUser, Integer sid, List channelIdsOrLabels)

  • SystemHandler setBaseChannel(User loggedInUser, Integer sid, Integer cid)

  • SystemHandler setBaseChannel(User loggedInUser, Integer sid, String channelLabel)

Reactivation keys in bootstrap scripts

Bootstrap scripts can include an activation key to directly assign software channels, configuration channels, entitlements, etc to a system while registering.

Reactivation keys can be used to re-register a previously registered client and regain all Uyuni settings. For example, to move clients registered to the Uyuni Server to being registered through an Uyuni Proxy (or Retail Branch Server), when reinstalling, and in some other cases.

Uyuni now supports the combination of reactivation keys and bootstrap scripts. Specify a reactivation key in the bootstrap script to re-register systems. For example, if your Uyuni Server has too many clients directly attached and you want to bulk move them to a Uyuni Proxy (or Retail Branch Server).

Enable SAN SSL certificates

Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. This is commonly used to generate SSL certificates that protect multiple domains with a single certificate.

These kinds of certificate are becoming popular amongst users with their own Certificate Authority, so we have implemented support.

Universe Security, Multiverse, Restricted, and Backport channels for Ubuntu.

The Universe Security, Multiverse, Restricted, and Backport channels for Ubuntu 16.04, 18.04 and 20.04 are now part of spacewalk-common-channels. They can now be added to Uyuni Server for synchronization, and can be added to Ubuntu clients.

Oracle Linux UEK channel

The Oracle Unbreakable Enterprise Kernel channels are now available at spacewalk-common-channels for Oracle Linux 6, 7, and 8.

Performance improvements

The add packages to channel feature has been optimized, resulting in a faster experience in the WebUI when adding packages from another channel.

A number of database queries and error conditions have been optimized, particularly in pages related to software installation and patching. This has resulted in a faster experience in the WebUI.

Redfish power management

Redfish is a suite of specifications that deliver an industry standard protocol for the management of servers, storage, networking, and converged infrastructure.

Uyuni now supports power management using Redfish, in addition to the existing IPMI power management.

OpenSCAP from SSM

Mass-auditing Salt clients with OpenSCAP is now possible from the System Set Manager.

Virtual network creation UI

The virtual networks page allows creating libvirt virtual networks with most supported configuration values.

Logging

mgr-create-bootstrap-repo will now log under /var/log/rhn/mgr-create-bootstrap-repo and will rotate the log files daily, keeping an history of 30 days. Clean up any leftover log file in /var/log/rhn/mgr-create-bootstrap-repo.* by archiving or deleting them.

Monitoring
Prometheus Exporter Exporter for Debian

The reverse proxy for exporters, which simplifies setting up security and networking policies, is now also available on Debian 9 and Debian 10.

With this addition, the Exporter Exporter is now available for almost all operating systems Uyuni supports.

Node Exporter Updated to 1.1.2

All the changes can be found in the package changelog, or at https://github.com/prometheus/node_exporter/releases

This update applies to SLE 12 and 15, openSUSE Leap 15, CentOS 7 and 8, RHEL 7 and 8, and Oracle 7 and 8.

Updates for Ubuntu and Debian will be part of future Uyuni versions.

Version 2021.02

Recent Salt CVEs remediation

The fixes affect your Uyuni Server, Proxy, Retail Branch Server and Salt minions, so we recommend appling the fixes as soon as possible.

Prometheus exporters' reverse proxy formula Ubuntu support

The formula for Prometheus exporter’s formula can now be used with Ubuntu clients.

Version 2021.01

Vendor change for some Java dependencies

Besides the regular update, you will need to execute the following command to change the vendor for some Java dependencies:

zypper install --allow-downgrade --allow-vendor-change -f apache-commons-cli-1.4-lp152.1.3.noarch apache-commons-jexl-2.1.1-lp152.1.1.noarch apache-commons-el-1.0-lp152.2.3.1.noarch

If you do not do this, the WebUI will not start and you will get an HTTP 404 error.

Fix version comparison algorithm for deb packages (Ubuntu)

In some rare cases, Uyuni suggested that users upgrade Ubuntu packages with an older version than the one currently installed (for example, suggesting installation of libtre5-0.8.0-3+deb7u1ubuntu1 instead of libtre5-0.8.0-3ubuntu1).

Starting with Uyuni 2021.02, the algorithm used for comparing package versions has been separated for RPM and deb packages. Having two algorithms for comparing packages means that deb packages in Ubuntu are now correctly ordered, and work as successfully as the RPM package algorithm. This means that the rare case explained above no longer occurs, and any proposed update is correct and should be performed.

This update also fixes problems syncing Ubuntu and Debian channels and repositories.

IMPORTANT: You need to plan this update. The database changes require updating the EVR information (epoch, version, release) for all packages. Depending on the specifications of your Uyuni installation, the number of channels, and onboarded instances, the services will take between 30 minutes and several hours while the schema is migrated.

New products enabled
  • SUSE Linux Enterprise 15 SP3 family (beta)

  • SLE 15 SP1 LTSS

  • SUSE Linux Enterprise HPC 15 SP2 LTSS

  • SUSE Container as a Service Platform 4.5 (x86_64 and aarch64)

SAP content

SUSE Linux Enterprise Server for SAP applications is the best operating system to run your SAP workloads.

Tthis release of Uyuni includes content which provides added value to SLES for SAP users:

  • Documentation: New Quick Start: SAP

  • Formulas:

    • saphanabootstrap-formula: SAP HANA deployment Salt formula. This formula can install SAP HANA nodes, enable system replication and configure SLE-HA cluster with the SAPHanaSR resource agent, using standalone Salt or via Uyuni formulas with forms.

    • sapnwbootstrap-formula: SAP Netweaver deployment Salt formula. This formula can install SAP Netweaver instances (ASCS, ERS, PAS, AAS) and perform some basic actions to optimize their usage.

    • drbd-formula: DRBD deployment Salt formula (requires drbd-utils)

    • habootstrap-formula: HA cluster salt deployment formula. This formula can boostrap an HA cluster ((init, join, remove) using standalone Salt or via Uyuni formulas with forms.

  • Salt state modules:

    • salt-shaptools: Salt modules and states for SAP Applications and SLE-HA components management

  • Grafana dashboards:

    • grafana-sap-hana-dashboards: Grafana Dashboards displaying metrics about SAP HANA databases.

    • grafana-sap-netweaver-dashboards: Grafana Dashboards displaying metrics about a SAP NetWeaver landscape.

    • grafana-ha-cluster-dashboards: Grafana Dashboards displaying metrics about a Pacemaker/Corosync High Availability Cluster.

    • grafana-sap-providers: Automated configuration provisioners used by other packages to enable zero-config installation of Grafana dashboards.

The formulas and Salt state modules are included in the Uyuni Server channel. The Grafana dashboards are included in the Uyuni Client Tools for SLE 12 and SLE 15 channels.

CPU mitigations formula

Unsupported clients are now handled gracefully and mitigations have been added for the Xen hypervisor.

Vendor change on SP migration

Vendor change (changing the repository where a package comes from) can now optionally be enabled during service pack migration.

This feature is useful where the client system is using unofficial packages and you want to move back to official packages, or to switch from an official package to a third-party version of a package. Instead of performing the SP migration within the same vendor and then manually installing the package from the new vendor, you can now do everything in a single action.

This feature is available for SUSE Linux Enterprise 12 or newer, and can also be used to migrate from openSUSE Leap 15 to SUSE Linux Enterprise 15.

Autoinstallation of older operating systems

Autoinstallation provisioning is now compatible with GRUB and ELILO in addition to GRUB2 only, which is useful when provisioning SLES 11 SP4 and RHEL 6 (and clones) systems.

Oracle Linux ULN repositories

Oracle Unbreakable Linux Network repositories are now supported in Software > Manage > Repositories. Oracle Linux users with a subscription from Oracle can use this to manually add the repositories for KSplice and others.

CentOS 6 repositories

CentOS 6 reached end-of-life on November 30th, 2020, and the CentOS Project moved its repositories to the vault archive. URLs at spacewalk-common-channels for new Uyuni Servers. For existing Uyuni servers the database migration will take care of updating the URLs at the database.

Other operating systems in the same class also reached end-of-life but require no change, since they will continue to work as-is: Oracle Linux 6 (URLs not changed) and Red Hat Enterprise Linux 6 (URLs are provided by users).

New countries and timezones

The countries and timezones list have been refreshed, adapting to the latest timezone and geopolitical changes.

Cluster management: upgrade plan

When upgrading a cluster, the upgrade plan is now shown in the WebUI. This makes it easier to verify that an upgrade will be conducted as expected.

Yomi refresh

The formulas that make autoinstallation of SLES and openSUSE systems simpler have been upgraded to the latest version provided by the Yomi project. The updated formulas are more intuitive, harder to misuse, and allow you to specify additional advanced options.

Uyuni Server connections are always and only secure

The WebUI and the CLI commands no longer provide an option to disable SSL. The option was in fact already obsolete and not working.

Monitoring updates
Grafana 7.3.1

Grafana has been updated from version 7.1.5 to version 7.3.1 which brings a number of bugfixes and improvements.

Notable improvements:

  • Add monitoring mixing for Grafana.

  • New Cloudwatch metrics

  • Elasticsearch: Support multiple pipeline aggregations for a query.

  • Support request cancellation properly for PostgreSQL, Loki and Prometheus

  • Postgres: Support Unix socket for host

  • Loki: Re-introduce running of instant queries

  • Prometheus: Support request cancellation properly. Add $__rate_interval variable

  • API improvements

  • Variables: enables cancel for slow query variables queries

  • Table: Adds column filtering

Breaking changes:

  • CloudWatch: The AWS CloudWatch data source’s authentication scheme has changed. See the upgrade notes for details and how this may affect you.

  • Units: The date time units YYYY-MM-DD HH:mm:ss and MM/DD/YYYY h:mm:ss a have been renamed to Datetime ISO and Datetime US respectively.

A detailed changelog is available at upstream.

Prometheus 2.22.1

The core of our monitoring solution, Prometheus, has been updated from version 2.18.0 to version 2.22.1, which brings a number of bugfixes and improvement.

Notable improvements:

  • Web: Remove APIv2.

  • React UI: Implement missing TSDB head stats section.

  • UI: Add Collapse all button to targets page.

  • UI: Clarify alert state toggle via checkbox icon.

  • Gracefully handle unknown WAL record types.

  • Issue a warning for 64-bit systems running 32-bit binaries.

  • TSDB: Memory-map full chunks of Head (in-memory) block from disk. This reduces memory footprint and makes restarts faster.

  • TSDB: Reduced contention in isolation for high load.

  • Discovery: Added discovery support for Triton global zones.

  • Remote Read: Added prometheus_remote_storage_remote_read_queries_total counter to count the total number of remote read queries.

  • Added time range parameters for label names and label values API.

Prometheus Exporter Exporter for Ubuntu 18.04/20.04 and Debian 9/10

The Reverse-proxy Exporter Exporter, which allows you to expose a single port no matter how many exporters are running on the client, is now available for 18.04/20.04 and Debian 9/10.

Version 2020.11

Recent Salt CVEs remediation

This release includes the fixes for CVE-2020-16846, CVE-2020-17490 and CVE-2020-25592 that we already released on November 16th for Uyuni 2020.09.

If you did not apply the patch already, update your Uyuni Server, Proxy, Retail Branch Server and Salt minions as soon as possible.

CentOS 7/8 ppc64le support

Uyuni can now manage CentOS7 and CentOS8 ppc64le clients. Supported features are the same available for x86_64 clients.

Prometheus Exporter Exporter for CentOS, Oracle and RHEL 7 and 8

The reverse-proxy Exporter Exporter, which allows you to expose a single port no matter how many exporters are running on the client, is now available for CentOS, Oracle and RHEL 7 and 8 for both x86_64 and ppc64le.

Node Exporter updated to version 1.0.1 for most operating systems

The following operating systems will receive version 1.0.1:

  • openSUSE Leap 15.1 and 15.2

  • SLE12 (all service packs)

  • SLE15 (all service packs)

  • Ubuntu 20.04

  • CentOS/Oracle/RHEL 8

  • CentOS/Oracle/RHEL 7

Keep in mind this new version includes some breaking changes:

  • The netdev collector CLI argument --collector.netdev.ignored-devices was renamed to --collector.netdev.device-blacklist in order to conform with the systemd collector.

  • The label named state on node_systemd_service_restart_total metrics was changed to name to better describe the metric.

  • Refactoring of the mdadm collector changes several metrics:

  • node_md_disks_active is removed

  • node_md_disks now has a state label for "fail", "spare", "active" disks.

  • node_md_is_active is replaced by node_md_state with a state set of "active", "inactive", "recovering", "resync".

  • Additional label mountaddr added to NFS device metrics to distinguish mounts from the same URL, but different IP addresses.

  • Metrics node_cpu_scaling_frequency_min_hrts and node_cpu_scaling_frequency_max_hrts of the cpufreq collector were renamed to node_cpu_scaling_frequency_min_hertz and node_cpu_scaling_frequency_max_hertz.

  • Collectors that are enabled, but are unable to find data to collect, now return 0 for node_scrape_collector_success.

Web UI themes

Uyuni now supports themes. Users can select what theme they want to use in the User Preferences page in the Web UI. Initially, we are providing three themes:

  • SUSE Manager light: default light, low-contrast theme

  • SUSE Manager dark: high-contrast theme based on the light theme

  • Uyuni: SUSE Manager 4.0 and Uyuni theme. Also high-contrast.

Administrators can globally disable themes in /etc/rhn/rhn.conf by listing which themes they want to allow:

# susemanager-light,susemanager-dark,uyuni
web.themes = susemanager-light,susemanager-dark,uyuni
web.theme_default = susemanager-light
Prometheus Exporter Exporter

The reverse-proxy Exporter Exporter, which allows you to expose a single port no matter how many exporters are running on the client, is now available for Ubuntu 20.04 LTS.

XML-RPC power management API

New APIs have been added to do IPMI power management. Redfish power management will be included in a future maintenance update.

Third-party errata information on vendor channels

It is now possible to add third-party errata information to CentOS and Ubuntu 20.04 LTS channels without cloning them, as described at the CentOS Clients section of the Client Configuration Guide.

The known issue present in previous releases of Uyuni has been fixed.

Bootstrap repositories no longer flushed by default

In Uyuni 2020.03, we automated the generation of bootstrap repositories on channel sync. Bootstrap repositories were not only autogenerated but also autoflushed, which caused disappearing packages problems to some users (e. g., in the case of multi-architecture bootstrap repositories).

Starting with Uyuni 2020.11, bootstrap repositories are not flushed by default. If you want to save some disk space, you can manually flush them using mgr-create-bootstrap-repo --flush.

DNSSEC enabled by default by bind update

With the update of ISC bind to version 9.16.6 on openSUSE Leap 15.1 and openSUSE Leap 15.2, DNSSEC is now enabled by default, which may cause DNS resolution to fail unless there are fallback DNS servers.

The Retail Branch Server formula has been modified to disable DNSSEC, and will be updated to support DNSSEC in a future release of Uyuni. For existing Retail Branch Servers, you can disable DNSSEC to retain the same behaviour ISC bind showed until version 9.11.2. To do that, edit /etc/bind and set:

dnssec-enable no; dnssec-validation no;
Virtualization: Creation of virtual machines with Yomi, KickStart or AutoYaST profiles

Creating a virtual machine using the Web UI and the Salt virt states can now use a defined Autoinstallation profile, any defined cobbler profile like the Yomi one. The virtual machine can also be created using PXE or by adding a CDROM device with an attached ISO image.

Japanese translation

The Uyuni Web UI and command-line tools are now available in Japanese thanks to the upstream Uyuni Community.

Since this is a community translation, it is not enabled by default. In order to allow users to select Japanese in their User Preferences in the Web UI, add the following line to /etc/rhn/rhn.conf:

java.supported_locales=en_US,ja

A restart of Tomcat is required.

Version 2020.09

Uyuni Hub XML-RPC API is now supported

Starting with Uyuni 2020.09, the Uyuni Hub XML-RPC API is no longer considered a tech preview, but a fully supported feature.

This means that multiple peripheral servers (other Uyuni Servers) can be managed from a single Hub node, as a supported feature.

Formula for peripheral server management (Technology Preview)

This version of Uyuni includes formulas that can be installed on a Hub node to manage the following on peripheral servers:

  • Organizations

  • System groups in organizations

  • Users in organizations

  • Access to system groups

  • Access to software channels

To use the formula, run zypper in uyuni-config-formula on the Hub node, and then enable the formula for the peripheral servers, and use it to manage them.

This feature will be documented at the Large Deployments Guide in a future Uyuni release.

Maintenance windows

The new maintenance windows feature allows you to schedule sensitive actions (like package installation or upgrade) to occur during a scheduled one-time or recurrent maintenance window period on selected systems. These actions are forbidden to be executed outside of the specified period.

Maintenance windows are defined using iCalendar data, which can be exported from your favorite calendaring tool (Microsoft Outlook, KDE Organizer, Google Calendar…​).

For more information about Maintenance windows check the Administration Guide

Monitoring reverse proxies

Prometheus fetches metrics using a pull mechanism, so the server must be able to establish TCP connections to each exporter on the monitored clients.

The new monitoring reverse proxies feature allows you to simplify your firewall configuration. By installing the reverse proxy on the clients you can get all the metrics for all the exporters on a single TCP port.

Check the Monitoring section of the Administration Guide for information about how to set up.

Monitoring reverse proxies are only available for SLE12, SLE15, and openSUSE Leap 15 families of products, and not yet available for other operating system platforms, including Red Hat Enterprise Linux and Ubuntu. Support for other operating system platforms will come in future releases of Uyuni

Added new type of "Virtual Host Manager": Nutanix AHV

In Uyuni 2020.09, we have added a new type of Virtual Host Manager in order to gather virtual machines from Nutanix AHV infrastructure.

Creating a VHM to gather virtual instances from the Nutanix AHV enables the subscription matcher to match 1-2 virtual machines subscriptions for those instances that are running on the same virtualization host.

For more information about how to setup this new type, see the Client Configuration Guide

Note that this feature requires the virtual-host-gatherer-Nutanix package.

Grafana 7.1.5

Grafana has been updated from version 7.0.3 to 7.1.5 which brings a number of bugfixes and improvements.

Notable improvements:

  • Stats: Stop counting the same user multiple times.

  • Field overrides: Filter by field name using regex.

  • AzureMonitor: map more units.

  • Explore: Don’t run queries on datasource change.

  • Graph: Support setting field unit & override data source (automatic) unit.

  • Explore: Unification of logs/metrics/traces user interface

  • Table: JSON Cell should try to convert strings to JSON

  • Variables: enables cancel for slow query variables queries.

  • TimeZone: unify the time zone pickers to one that can rule them all.

  • Search: support URL query params.

  • Grafana-UI: Add FileUpload.

  • TablePanel: Sort numbers correctly.

A detailed changelog is available upstream.

New products enabled
  • SUSE Linux Enterprise Real Time 15 SP2

Version 2020.07

Upgrade notes

WARNING: Check "Update from previous versions of Uyuni Server" section below for details, as this release updates the base OS from openSUSE Leap 15.1 to openSUSE Leap 15.2, and there are special steps required.

The migration will be performed allowing vendor changes, so this upgrade will fix the issues with python3-psycopg2 mentioned at Uyuni Server 2020.05 release notes. Therefore you will not need to perform the manual steps mentioned there.

Salt 3000.0

Salt has been upgraded to upstream version 3000, plus a number of patches, backports and enhancements by SUSE, for the Uyuni Server, Proxy and Client Tools. In particular, CVE-2020-11651 and CVE-2020-11652 fixes are included in our release.

As part of this upgrade, cryptography is now managed by the Python-M2Crypto library (which is itself based on the well-known OpenSSL library).

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the Salt 3000 upstream release notes.

Please note Salt 3000 is the last version of Salt which will support the old syntax of the module.run module.

New "mgrcompat.module_run" custom compatibility state for Salt is available for registered systems.

WARNING - POSSIBLE ACTION REQUIRED: The syntax for Salt module.run state has changed starting in next Salt 3001 (Sodium) release. This means, any custom SLS file or "Configuration State Channel" that is using module.run state needs to be adapted to fit into the new syntax. This turns even more problematic when you have minions with different Salt versions, because some minions would accept the new syntax but others would fail with it, so the SLS files would require extra logic to handle the different Salt versions & configurations.

To make this process much easier, we have introduced this new mgrcompat.module_run compatibility state, which is essentially a wrapper of module.run which accept the deprecated syntax and takes care of tailoring the parameters for the actual module.run if necesasary according to the particular minion version and configuration. The only thing to do would be to change module.run to `mgrcompat.module_run in your SLS files and "Configuration State Channels".

As an example of this, a non-migrated state like this:

my_module_run_state:
  module.run:
    - name: mymodule.func
    - m_name: foobar
    - other: 1234

would be adapted to:

my_module_run_state:
  mgrcompat.module_run:
    - name: mymodule.func
    - m_name: foobar
    - other: 1234

We really encourage users and customer to start migrating their Salt States to use mgrcompat.module_run now before Salt 3001 (Sodium) release. Once Salt 3001 comes, those states will simply fail.

PostgreSQL 12

The database engine has been updated from PostgreSQL 10 to PostgreSQL 12, which brings a number of performance and reliability improvements. A detailed changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, Uyuni 2020.06 will refuse to start until the database migration from PostgreSQL 10 to PostgreSQL 12 has completed successfully.

Base System Upgrade

The base system was upgraded to openSUSE Leap 15.2.

New products enabled
  • Ubuntu 20.04 LTS

Ubuntu 20.04 LTS

Starting with Uyuni  2020.07, Ubuntu 2020.04 LTS is supported as a client.

hwdata vendor change for openSUSE Leap 15.1 clients

package hwdata now comes from from openSUSE Leap 15.1 and not from the client tools.

In oder to get updated versions, the following command must be executed on the clients:

zypper in --allow-vendor-change hwdata

It is recommended to execute this as a remote command.

This change is mandatory if you intend to use the openSUSE Leap 15.1 as a KVM virtualization host.

This does not affect openSUSE Leap 15.2 as it will always have hwdata from the distribution.

Version 2020.06

Oracle Linux

Oracle Linux 6, 7 and 8 can now be managed with salt and it will support the same features CentOS 6, 7 and 8 support.

The channels can be managed using spacewalk-common-channels.

Third-party GPG keys now included

Enabling verification of non-SUSE product metadata used to require manual acceptance, and sometimes even manual installation, of the third-party keys for products available from the product tree. Alternatively, an option to not verify the GPG key signature was there.

Uyuni 2020.06 now includes the GPG keys used to sign packages and/or metadata by other the following vendors:

  • CentOS

  • Oracle Linux

  • Ubuntu

  • MicroFocus Open Enterprise Server

Manual acceptance of those keys is no longer required for GPG signature verification for those products to work.

Manual acceptance of GPG keys for any other product or repository is still required for security reasons.

Cluster Management

As you modernize your IT landscape and make use of Software Defined Infrastructure stacks based on technologies like Kubernetes and Ceph, your focus of managing the IT infrastructure has to move from managing individual Linux servers and VMs to managing infrastructure clusters. Multiple cluster types will be supported in coming releases, with Uyuni 2020.06 initially providing support for SUSE CaaSP.

Computing is increasingly being a more complex architecure: redundant servers, scale out, high-availability, etc where you deploy different kinds of clusters, such as SUSE CaaS Platform, SUSE Enterprise Storage or SAP. Managing those as a whole piece of infrastructure instead of as discrete nodes puts you in charge.

Uyuni 2020.06 implements cluster management of SUSE CaaS Platform clusters. Uyuni works hand-in-hand with CaaS Platform to make sure that all cluster operations are issued properly.

The following actions are currently supported:

  • Register an existing cluster to Uyuni

  • Add or remove nodes to the cluster

  • Promote SLES system to managing node

  • Upgrade the cluster

Deployment of CaaS Platform clusters from scratch will be supported in an upcoming version of Uyuni.

Dropped feature: Unpublished patches

The Unpublished Patches feature has been dropped in Uyuni 2020.05.

This was a very old feature which originated more than 15 years ago when Spacewalk was used internally by vendors to manage patches before making them available to their customers. This functionality has been superseded a long (more than 10 years) time ago by other features in Uyuni for sysadmins, and by tools such as the Open Build Service for operating system vendors.

After a consultation period with users both in the upstream Uyuni community and the SUSE Manager community, we received no feedback against the removal and executed on it.

This will help us realize even further performance improvements in several areas, including the commonly-used Content Lifecycle Management build and promotion operations.

If you still have any unpublished patches, make sure you publish them with Uyuni 2020.05 before migrating to Uyuni 2020.06.

API breakage

With the removal of the unpublished patches feature, the API specification changed as follows:

  • Method errata.listUnpublishedErrata was removed

  • Method errata.create has one less parameter (the publish boolean, now always true) and it is now mandatory to specify at least one channel label in the last parameter (channelLabels). Previously specifying at least one channel label was mandatory only if publish was set to true.

Therefore some API calls that worked in Uyuni 2020.05 and earlier may need changes for Uyuni 2020.06 and later.

Version 2020.05

Repository syncing performance improvements

Repository synchronization has been optimized to perform faster than in previous versions. This applies to if the synchronization is triggered in the WebUI, or from the command prompt using the spacewalk-repo-sync command. It also applies whether the synchronization is invoked manually, or automatically as part of product or custom channel synchronizations. The performance improvement is up six times faster than previous versions, but the improvement depends mostly on your hardware setup, especially the number of CPUs, and how many packages are being synchronized.

IMPORTANT: This requires a vendor change for the package python3-psycopg2-2.8.4-2.1.uyuni.x86_64.

After running zypper update you will need force the vendor change with

zypper in python3-psycopg2-2.8.4-2.1.uyuni.x86_64

Then update again again, so the spacewalk-backend subpackages are updated:

zypper update

As soon as python3-psycopg2-2.8.4 is part of openSUSE Leap 15.1 we will provide instructions use the openSUSE version again.

Image profiles key-value pairs supported as arguments for Docker build

Custom info key-value pairs defined in image profiles are now passed to the Docker build command as build arguments. They can be accessed in Dockerfiles using the ARG command.

Service pack migrations: run a real migration after a successful dry-run

After a Service Pack migration dry-run, if the result is a success you will get a "Run migration" button in the event history to retrieve the "dry-run" settings and confirm the migration with these settings.

Version 2020.04

Recurring actions

Scheduling recurring actions allows you to manage schedules for automated recurring highstate execution on client, group, and organization level depending on the frequency you choose.

This is useful, for example, to apply highstates on a regular schedule and ensure configurations are enforced.

For more information, see the Administration Guide.

Bootstrapping Salt Clients with a Private SSH key (from API)

Before this release, only password authentication was available for bootstrapping Salt clients from the Server.

Now SSH private key authentication is available, including use of a passphrase on the private key. For Uyuni 2020.04 this is only available from the API. It will be made available from the WebUI in a future release.

For security reasons, the private key is stored at the Uyuni Server only for the bootstrap procedure, and removed after bootstrapping is complete. The private key must be provided for each bootstrap.

The new method bootstrapWithPrivateSshKey in the namespace system is documented in the API Documentation.

You can use this example by adjusting the client, keyfile, passphrase, MANAGER_URL, MANAGER_LOGIN and MANAGER_PASSWORD according to your environment:

#!/usr/bin/python
import xmlrpclib

client = '192.168.1.2'
keyfile = '/path/to/priv/key'
passphrase = '' # empty string = no passphrase

conn = xmlrpclib.Server(MANAGER_URL, verbose=0)
key = conn.auth.login(MANAGER_LOGIN, MANAGER_PASSWORD)

with open(keyfile, 'r') as file:
  data = file.read()
  conn.system.bootstrapWithPrivateSshKey(key, server, 22, 'root', data, passphrase, '', False);
conn.auth.logout(key)
CentOS8 Content Lifecycle Management: Better Feedback with Appstreams

The content lifecycle project page in the WebUI now has improved feedback messages about module filters, including missing or conflicting modules, and dependency resolution problems. The messages are in the form of errors that require the user to fix configurations, or warnings about potential problems.

Automated Schema Database Upgrades and Failure Security Mechanism

Database schema upgrades are now applied automatically during services startup, so there is no need to call spacewalk-schema-upgrade manually. A security mechanism has been implemented that prevents Uyuni Services from starting if the schema upgrade has failed.

When this occurs:

  1. When you run spacewalk-service start, it will fail and show an output with information about the error.

  2. All services, including the Apache service, will not start. This will also cause the WebUI to be unavailable.

Large Deployments Guide (draft)

Uyuni is designed by default to work on small and medium scale installations.

For installations with more than 1000 clients per Uyuni Server, adequate hardware sizing and parameter tuning must be performed, and the new guide provides information about how to do it.

Keep in mind there is no hard maximum number of supported systems. Many factors can affect how many clients can reliably be used in a particular installation. Factors can include which features are used, and how the hardware and systems are configured.

Uyuni Hub documentation

The Uyuni Hub announced for 2020.03 has now documentation available as part of the Large Deployments Guide (section Multiple Servers with Hub).

This is a draft release, so please provide feedback using the Resources menu in the online documentation

Public Cloud QuickStart Guide (draft)

This new draft guide shows you the fastest way to get Uyuni up and running in a public cloud. It includes instructions for Amazon Web Services, Microsoft Azure, and Google Cloud Engine.

This is a draft release, so please provide feedback using the Resources menu in the online documentation

CaaSP Grafana Dashboads

CaaSP specific Grafana dashboards have been integrated and can be deployed via the UI.

Prometheus Federation Support in Formulas with Forms

The new version of the Prometheus formula allows configuring federation and pulling relevant metrics from Prometheus instances to provide a global monitoring view.

Note that suitable recording rules have to be configured on the Prometheus instances (for example at CaaSP Prometheus instances).

For more information about Prometheus federation, check the official documentation.

Pre-configured default alerting rules

A default set of alerting rules have been added to monitor the Prometheus instances themselves (meta-monitoring) and the availability of configured targets. The rules can be disabled in the WebUI.

Prometheus Exporters for CentOS8 x86_64

We now provide these Prometheus exporters as packages for CentOS8 x86_64 (compatible also with similar systems such as RHEL8):

Node Exporter Updated to 0.18.1

Keep in mind this new version includes some breaking changes:

  • Renamed interface label to device in netclass collector for consistency with other network metrics

  • The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides

  • The labels for the network_up metric have changed

  • Bonding collector now uses mii_status instead of operstatus

  • Several systemd metrics have been turned off by default to improve performance. These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds

  • The systemd collector blacklist now includes automount, device, mount, and slice units by default

Virtualization: Management of storage pools

Until now users could list the storage pools, which is where the virtual machines disks are stored. Storage pools are where virtual machine disks are stored. In previous versions, you could only list the pools. With this update, you can create, edit, start, stop, refresh, and delete storage pools. This is available from the WebUI, or through Salt states.

Version 2020.03

Debian client tools

We now offer Debian client tools that allow for easy onboarding of Debian as salt minions, as well as running spacecmd from them.

Check the Client Configuration Guide for information about how to configure Uyuni Server to work with Debian clients.

For now the following architectures are supported: x86_64, aarch64, armv7l, i586

We plan to continue improving Debian support in the future, including support for ppc64le and s390x Debian 10 clients.

SUSE Container as a Service Platform v4 nodes: action filtering

Nodes in a SUSE Container as a Service Platforms should be patched, rebooted, etc following CaaSP recommendations to avoid breaking cluster availability and software compability.

In Uyuni 2020.03, we have introduced node locking and action filtering to prevent uninteded operations.

  • When CaaSP nodes are added to Uyuni, the registered systems will be locked automatically:

  • When a system is locked, the web UI shows a warning and you can schedule actions using the web UI or the API, but the action will fail.

You can enable or disable the system lock using the System Lock formula. When the system lock is disabled, all operations are permitted.

Subscription matching in public cloud: BYOS vs PAYG

In Uyuni 4.0.1, we introduced virtual host gatherers for Amazon Web Services, Microsoft Azure and Google Cloud Engine. With these gatherers, our subscription matcher gained the ability to also include virtual machines running on the cloud in its calculations.

We have now enhanced the subscription matcher to exclude pay-as-you-go (PAYG) instances. Those do not require a subscription, as the agreement between the Cloud Service Provider and the Customer covers them.

Automatic generation of bootstrap repositories

A bootstrap repository contains packages for installing Salt on clients, as well as the required packages for registering Salt or traditional clients during bootstrapping.

In Uyuni 2020.01 and earlier, bootstrap repository creation was a manual step, by using the mgr-create-bootstrap-repo tool.

In Uyuni 2020.03, bootstrap repositories are automatically created and regenerated on the Uyuni Server after a product is synchronized (i. e. all mandatory channels are fully mirrored).

More details, including how to revert to manual invokation, are available from the Client Configuration Guide.

Salt clients: provisioning API

Enable provisioning API with Salt and bootstrap entitled systems. Previously, this only worked for traditional clients.

Recurring highstate scheduling

You can schedule automated recurring highstate actions for Salt clients.

Recurring highstate actions apply the highstate to clients on a specified schedule. You can apply recurring action to individual clients, to all clients in a system group, or to an entire organization. The Recurring Actions section in the Administration Guide contains all the details for this feature.

More improvements in regards to automation will be coming in subsequent releases of Uyuni: maintenance windows and patch automation.

Content Lifecycle Filters for AppStreams

RHEL, SLES ES, CentOS and Oracle Linux 8 appstreams can now be mixed and converted to flat repositories using a new type of CLM filter.

New products enabled
  • SUSE Linux Enterprise Real Time 12 SP5

  • SUSE Linux Enterprise 15 SP2 family

  • MicroFocus Open Enterprise Server 2018 SP2 (product GA in Q2 2020)

  • Oracle Linux 8 (using spacewalk-common-channels)

Ubuntu enhancements

Each Uyuni release and maintenance update brings better Ubuntu support. In Uyuni 2020.03, we have include two small but valuable improvements:

  • Support package pre-downloading, to ensure all content (.deb packages) is downloaded before patching. This should be very useful for large Ubuntu deployments managed by Uyuni.

  • Display additional information in the UI for .deb packages (dependencies and more headers)

Yomi (Technology Preview)

Yomi (yet one more installer) is a Salt-based installer for SUSE and openSUSE operating systems.

In Uyuni, Yomi can be used as part of provisioning new clients, as an alternative to AutoYaST. Yomi consists of two components:

  • The Yomi formula, which contains the Salt states and modules required to perform the installation.

  • The operating system image, which includes the pre-configured salt-minion service.

Detailed information on how to use Yomi is available from the Salt Guide.

Yomi is work in progress and more operating systems and features will be added in coming releases.

Uyuni Hub XML-RPC API (Technology Preview)

The Uyuni Hub is a new multi-server architecture we are introducing as a technology preview in Uyuni 2020.03.

Multiple Uyuni Servers can be managed from a single Hub node. The Hub is a Salt master itself and the managed Uyuni Server servers are both a minion (to the hub) and a master (to their own minions).

Uyuni Hub Architecture

The Hub covers a number of use cases, such as:

  • Scalability: when a single Uyuni Server will no longer be enough

  • Intermittently connected and bandwidth-limited sites, which can now be managed with their own schedule thanks to the Hub

  • Multi-tenancy with individual Uyuni Servers. While Uyuni is multi-organization itself, in some scenarios, an even stronger separation is required. The Hub provides a way to manage and aggregate back information for all those Uyuni Server servers.

The Hub comprises a number of components that we will be releasing and enhancing in the future. The first component of the Hub we are now introducing as a Technology Preview is the Hub XML-RPC API, which provides an extended version of the Uyuni Server XML-RPC API, targeted for the multi-server case.

Installation and usage

Install Uyuni Server and then install the hub-xmlrpc-api package. That Uyuni Server is now the Hub Server.

Configuration of hub-xmlrpc-api is specified in a JSON file like the following:

{
   "type": "json",
    "hub": {
       "manager_api_url": "http://localhost/rpc/api"
   },
    "connect_timeout": 10,
    "read_write_timeout": 10,
   }

Set the HUB_CONFIG_FILE environment variable to point to the configuration file. hub-xmlrpc-api is a daemon, currently to be launched from the command line.

Once running, you can connect to the hub-xmlrpc-api at port 8888 via any XMLRPC compliant client libraries (see examples below).

API endpoints, namespaces and examples

Details about usage with Python script examples are available at the Uyuni project site: https://github.com/uyuni-project/hub-xmlrpc-api

spacewalk-utils

In Uyuni 2020.01 and earlier, the spacewalk-utils package contained a mix tested and untested tools.

In Uyuni 2020.03, we have split spacewalk-utils in two packages:

  • spacewalk-utils contains only fully-tested tools:

    • spacewalk-common-channels

    • spacewalk-hostname-rename

    • spacewalk-clone-by-date

    • spacewalk-sync-setup

    • spacewalk-manage-channel-lifecycle

  • spacewalk-utils-extras contains the tools that untested or not completely tested:

    • apply_errata

    • delete-old-systems-interactive

    • migrate-system-profile

    • spacewalk-api

    • spacewalk-export

    • spacewalk-export-channels

    • spacewalk-final-archive

    • spacewalk-manage-snapshots

    • sw-ldap-user-sync

    • sw-system-snapshot

    • taskotop

    • spacewalk-manage-channel-lifecycle

Tools in spacewalk-utils-extras are valuable but they are so specific, or require additional customization for each user, that it is not possible for us to test for every use case. If you were using these scripts in spacewalk-utils in Uyuni 2020.01 or earlier, you will need to install spacewalk-utils-extras in Uyuni 2020.03.

EFI HTTP booting

The dhcp formula, branch network formula and pxe formula have been updated to support booting EFI terminals (systems) via HTTP in addition to TFTP.

Subscription matching enhancements

On public cloud providers, the subscription matcher will identify pay-as-you-go instances, whose subscription is provided by the Cloud Service Provider, and will not ask for additional subscriptions.

Also, stackable subscriptions with the same parameters will be aggregated.

Single Sign-On (SSO) is now stable

Uyuni supports Single Sign-On authentication by implementing the Security Assertion Markup Language (SAML) 2 protocol. This feature, introduced in 4.0.2 as a Technology Preview, is now declared stable

Uyuni must be reconfigured to use the IdP as the source of authentication and post-login mapped users must be already created before enabling SSO.

For more on configuring SSO, see the Authentication Methods chapter in the Administration guide.

Single Page Application UI (SPA) is now stable

In an effort to provide our web UI users with a smoother navigation, we have implemented large parts of the user interface as a single page application.

This enhancement was started in Uyuni 2020.01 as an opt-in feature and now becomes the default in Uyuni 2020.03

Red Hat Enterprise Linux 8 onboarding simplified

It is no longer necessary to have Python 3 on RHEL8 systems for the onboarding to work. With this enhancement, even plain-text RHEL machines can be onboarded directly.

Version 2020.01

Version format change

Uyuni is now changing from X.Y version format to YYYY.MM format, and the URLs for the repositories remove the X.Y part.

This will allow easier releases, no need to change URLs at all in the future, and less confussion regarding the relationship between Uyuni and SUSE Manager (Uyuni is always ahead).

Adjust your repository at the Server system

Because of the version format change, you need to adapt your zypper repository at the server before updating.

If you followed the instructions for installation, this command will do it for you:

sed -i -e 's/Uyuni-Server-4.0-POOL-x86_64-Media1/Uyuni-Server-POOL-x86_64-Media1/' /etc/zypp/repos.d/uyuni-server-stable.repo

Otherwise, find the Uyuni Server Stable repository and replace:

baseurl=https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/images/repo/Uyuni-Server-4.0-POOL-x86_64-Media1/

with:

baseurl=https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/images/repo/Uyuni-Server-POOL-x86_64-Media1/

Remove current Uyuni Proxy 4.0 channel and repository from the Server and add the new ones

If you are currently syncing Uyuni Proxy 4.0 (usually because you have proxies), you need to:

  1. Add the new channel with spacewalk-common-channel uyuni-proxy-stable-leap-151

  2. Sync the new channel (and configure autosync if required)

  3. See what instances are using the channel Uyuni Proxy 4.0 for openSUSE Leap 15.1

  4. Adjust the channels assigned instances from previous step (tip: You can use "System Set Manager") to remove the old one and add the new one.

  5. See what activations key are using the channel Uyuni Proxy 4.0 for openSUSE Leap 15.1

  6. Adjust the activation keys from previous set to remove the old channel and add the new one.

  7. Remove the channel Uyuni Proxy 4.0 for openSUSE Leap 15.1

  8. Remove the repository External - Uyuni Proxy 4.0 for openSUSE Leap 15.1 (x86_64)

Remove current Uyuni Server 4.0 channel and repository from the Server and add the new ones

Most users will not require this unless, but if you have the Uyuni Server 4.0 channel at your server:

  1. Add the new channel with spacewalk-common-channel uyuni-server-stable-leap-151

  2. Sync the new channel (and configure autosync if required)

  3. See what instances are using the channel Uyuni Server 4.0 for openSUSE Leap 15.1

  4. Adjust the channels assigned instances from previous step (tip: You can use "System Set Manager" at the WebUI) to remove the old one and add the new one.

  5. See what activations key are using the channel Uyuni Server 4.0 for openSUSE Leap 15.1

  6. Adjust the activation keys from previous set to remove the old channel and add the new one.

  7. Remove the channel Uyuni Server 4.0 for openSUSE Leap 15.1

  8. Remove the repository External - Uyuni Server 4.0 for openSUSE Leap 15.1 (x86_64)

CentOS8, RHEL 8 and SLES ES 8 support

CentOS 8, Red Hat Enterprise Linux 8 and SUSE Linux Enterprise Server Expanded Support 8 are now supported clients as Salt minions. The traditional stack will not be supported on these operating systems.

With the new application streams concept introduced in these operating systems, you will need to import both the BaseOS and the AppStream directories from the ISO image for the bootstrap repository to be created correctly. If the AppStream directory is not imported, you will receive an error about missing Python 3 packages.

AppStream awareness in the UI and Content Lifecycle Management will be available in an upcoming version of Uyuni.

Monitoring

This version of Uyuni includes formulas to install Prometheus and Grafana, and makes the Apache exporter available for Ubuntu 18.04, CentOS6, CentOS7 and Proxy.

Additionally, self-monitoring capabilities have been implemented in the Admin Monitoring UI.

Package Hub

SUSE Package Hub is now supported on the Server, since the problems with the search that were caused by PackageHub-provided packages have been solved.

If you were using Package Hub as a source of packages for you clients, it is recommended that you re-generate all package metadata. The reason for this is in the Package Hub repositories there may exist multiple packages with the same NEVRA but different checksums. This might result in checksum errors when repositories are used on the clients as Uyuni randomly selected any of those packages. After this update, Uyuni will generate the checksum into the package path to ensure the right package is used. If you use also Uyuni Proxy please update all of them before you re-generate the metadata.

Formulas

The Formulas with Forms screen has an enhanced layout that folds vertically instead of nesting deep inside, making if cleaner. Besides this, validators are now possible in formulas using the JEXL expression language.

The cpu-mitigations-formula is now installed by default.

The Retail branch network formula now works all SUSE and openSUSE based distros, using SuSEfirewall or firewalld as appropriate.

New Content Lifecycle Management filters

In Uyuni 4.0.2 we introduced Content Lifecycle Management with a filter to exclude packages and patches based on their name. Feedback for this feature was very positive and many proposals for enhancement were received.

In this release, we are introducing a lot of new possibilities for Content Lifecycle Management:

  • New filters: by date, by keyword (e. g. "reboot needed" or "package manager restart required"), by type (security, recommended or optional), by synopsis and "patch contains package".

  • New ALLOW mode, which in addition to the existing DENY mode, makes possible to filter out packages, and then include them again into the resulting set.

  • New matchers: in addition to the existing greater than, lesser than, equals, etc, we have now added a regular expression matcher for package names, patch names, patch synopsis and package names in patches.

  • Better visualization of the filters attached to a CLM project, with ALLOW and DENY now shown on each side of the screen.

We have documented two typical use cases: a monthly patch cycle and live patching.

More enhancements to Content Lifecycle Management will come in future releases of Uyuni.

Enhanced support for Debian and Ubuntu

With each release of Uyuni, we continue to enhance our Debian and Ubuntu support.

Uyuni 2020.01 greatly improves our compatibility thanks to:

  • Support for all of the headers in .deb packages, including custom ones, when syncing Debian/Ubuntu repositories. You can use the new script mgr-update-pkg-extra-tags to update extra fields in DB without recreating all Debian/Ubuntu channels.

  • Support for .deb packages with hyphens in the package name or version. There remain a very small percentage (<0.1%) of packages for which our version comparison algorithm fails; we will fix this known issue in a coming release.

New Prometheus exporters and formulas

A new set of client tool packages now includes Prometheus exporters for more clients: CentOS 6, CentOS 7, RHEL 6, RHEL 7, SLES ES 6, SLES ES 7 and Ubuntu 18.04. Both the Prometheus node exporter and the PostgreSQL exporter are provided for those operating systems. The prometheus-exporters-formula formula makes easy to deploy them.

Subscription matching in Public Cloud

We’ve added new types of Virtual Host Managers in order to gather virtual instances from Public Cloud providers. Azure, AWS and Google Cloud are now supported, in addition to the existing VMware and generic (file-based, manually-maintained, useful for any cloud provider) gatherer modules.

Creating VHM to gather virtual instances from the Public Cloud will enable the subscription matcher to match "1-2 virtual machines" subscriptions for those instances that are running on the same Public Cloud zone.

Please take into account the following considerations in this version. They will be addressed in upcoming versions of Uyuni:

  • This functionality will only work with Salt clients.

  • Manual installation of the virtual-host-gatherer-libcloud package is required.

  • The public cloud gatherers will report and try to match all instances, no matter if they are BYOS or PAYG, leading to an incorrect calculation of the required subscriptions if you combine BYOS and PAYG.

Preventive shutdown of Server when running out of disk space

Some users have hit in the past a database corruption problem when PostgreSQL ran out of space.

In order to prevent that from happening in the future, we have added a diskchecker to Uyuni Server. This feature will send a warning mail when the most common and important Uyuni directories are below 10% of free disk space, and will shut down the Uyuni Server when those directories are below 5% of free disk space.

This new feature is only enabled by defult in new installations. For existing installations, the administrator can enable the tool manually after updating to the latest maintenance update by running:

systemctl --quiet enable spacewalk-diskcheck.timer

systemctl start spacewalk-diskcheck.timer

Full details on the parameterization of this new feature are available in the Managing disk space documentation page.

Single Page Application UI

In an effort to provide our web UI users with a smoother navigation, we have implemented large parts of the user interface as a single page application.

This feature is optional for this release and is disabled by default. To enable it, users can now add web.spa.enable = true to /etc/rhn/rhn.conf, and then restart Tomcat.

Grafana

Grafana is a tool for data visualization, monitoring, and analysis. It is used to create dashboards with panels representing specific metrics over a set period of time. Grafana is commonly used together with Prometheus, but also supports other data sources such as ElasticSearch, MySQL, PostgreSQL, and Influx DB.

This version of Uyuni includes Grafana in the client tools repositories. An Uyuni Grafana dashboard is provided as an example.

Monitoring section of the Administration Guide contains full detail on how to configure Grafana together with Uyuni.

Prometheus service autodiscovery

Prometheus is a monitoring tool used to record real-time metrics in a time-series database. Metrics are collected using HTTP pulls, allowing for higher performance and scalability.

We have updated the Prometheus package with a new version that include a built-in service discovery mechanism that will allow users to more easily configure monitoring on their Uyuni systems.

Previously, after configuring the exporters on managed clients, users had to manually configure their Prometheus servers to start scrapping metrics from those systems. With this update, it will be possible to use a "service discovery" mechanism that will automate this part of the configuration. The configuration options are simple: it is only required to provide a Uyuni Server URL and valid API credentials.

Under the hood, what this mechanism does is letting Prometheus poll the Uyuni API, asking for a list of systems that have monitoring enabled, and automatically configuring Prometheus to collect metrics from those systems.

In this version, the autodiscovery functionality is provided as a Technology Preview.

More information about configuring Prometheus can be found in the Monitoring section of the Administration Guide.

CPU mitigation formula

CPU mitigations have been introduced to improve security on CPUs affected by vulnerabilities such as Meltdown and Spectre. The mitigations are available in SUSE Linux Enterprise 12 SP3 and later in the cpu-mitigations-formula package, which is not installed by default.

The new CPU Mitigation formula allows you to control which mitigations are enabled.

Updated documentation

The Uyuni documentation has received improvements in all of the books, with small clarifications and enhancements all around: content lifecycle management filters, public cloud, JeOS, formulas, etc

Of particular interest for users with large installations will be the new Large Scale Deployment and Salt Tuning sections in the Salt Guide. Given that modifying advanced parameters can cause catastrophic failure, we recommend making a backup and being conservative doing changes.

Additionally, the search functionality in the documentation now works offline.

Enhanced support for Ubuntu and Debian clients

The Multi-Arch and Pre-depends headers are now supported for .deb repositories, hence avoiding installation problems that could arise in some cases when deploying packages from the UI.

Also, Ubuntu and Debian channels now come preconfigured in spacewalk-common-channels. The Debian CDN is used to provide the best mirror at each moment. For Ubuntu, you may want to replace the default mirror with a closer geo-mirror.

Keep in mind SUSE does not provide support for the spacewalk-common-channels tool form the spacewalk-utils package.

New products enabled (from SCC)
  • SLES12 SP3 LTSS

  • SUSE Linux Enterprise Real Time 12 SP4

  • SLES12 SP5

  • RHEL 8 and SLES ES 8

  • CaaSP 4

  • openSUSE Leap 15.1

SUSE Container as a Service Platform v4 support

The Virtual Host Manager functionality has been extended to support SUSE Container as a Service Platform v4.

You can register each CaaSP node to Uyuni using the same method as you would a Salt client. After doing this, you will be able to see the patch level status of each node, perform configuration management on the nodes and assign channels o clusters.

We strongly recommend to check the documentation on the scope and extent of the CaaSPv4 integration in Uyuni: https://www.uyuni-project.org/uyuni-docs/en/uyuni/client-configuration/vhm-caasp.html

Upcoming versions of Uyuni will enhance CaaSP integration.

Other changes
  • Since this version, as part of a bugfix, it is no longer allowed to delete a channel when there are cloned channels based on it.

  • Taskomatic now takes a maximum of 4 GB of RAM (it used to be 2 GB), which better matches the current average use case.

  • Salt clients can now be re-provisioned from Uyuni. This allows major version OS updates for SLES and Uyuni Proxy.

  • Normalize date formats for actions, notifications and CLM

Version 4.0.2

Migrating the Server from 4.0.1 to 4.0.2
If you are using DHCP addresses and you do not use DHCP reservations, migrating from openSUSE Leap 42.3 to Leap 15.0 can change the IP address of your NICs. If using DHCP, make sure your instances have reserved IP addresses.
Before starting, make sure you have a backup of your server, as it will be hard to recover from failures during the migration.

4.0.2 is now based on openSUSE Leap 15.1, so a base OS system is required.

To help administrators with the migration, a new script is provided by the susemanager package at /usr/lib/susemanager/bin/server-migrator.sh

Then, update susemanager package only:

zypper ref
zypper in susemanager

And finally run the script:

/usr/lib/susemanager/bin/server-migrator.sh

After the migration is complete, you will be requested to reboot your server

Uyuni Server 4.0.2 works with SUSE Uyuni Proxy 4.0.1.

When upgrading, upgrade the Server first, followed by the Proxies.

Salt 2019.2.0

Salt has been upgraded to the 2019.2.0 release.

We intend to regularly upgrade Salt to more recent versions.

For more detail about changes in your manually-created Salt states, see the Salt upstream release notes 2019.2.0.

Base system upgrade

The base system was upgraded to openSUSE 15.1.

As a result, all code was ported to run with Python 3 and OpenJDK 11.

Prometheus Monitoring

We now include packages for the latest version of Prometheus, as well as self-monitoring capabilities for Uyuni.

Prometheus is a monitoring tool that is used to record real-time metrics in a time-series database.

For more information about Prometheus, see the Administration Guide

Exporters

Exporters convert existing metrics into the format Prometheus requires. We are now providing the following Prometheus Exporters as packages, for SLE12 and SLE15 as well as openSUSE Leap 15.1:

In addition we provide JMX exporter on Uyuni Server.

Monitoring is not yet available for other operating system platforms like Red Hat Enterprise Linux or Ubuntu.

Self-monitoring features in Uyuni

Uyuni provides metrics about its health to Prometheus. Both Server and Proxy can expose metrics. Self-monitoring can be enabled via the Web UI. For that purpose, some Prometheus exporters are pre-installed on Uyuni Server and Proxy.

A new formula is also included, to install and manage Node and PostgreSQL exporters on clients managed by Salt. This formula can be configured in the Uyuni Web UI.

Content lifecycle management

The content lifecycle management feature allows you to clone software channels through a lifecycle of several environments. You are able to create content projects, select a custom set of software channels as sources, and promote software channels through a pre-defined lifecycle of environments.

You can define filters to exclude specific packages and patches. More filters will be added in a later release.

Once you have selected your sources you can build the selected set which will populate the first environment. After the first environment is built, you can promote it through the environment lifecycle to the next environment in the loop. You can see the status of the build at any time throughout the process.

The result of the build, and the content of every environment, is a channel tree made of cloned software channels of the selected sources, to which systems can be assigned.

Virtualization management for Salt minions

The existing virtualization features have been enhanced for Salt-based systems. This is a technology preview and will require an additional Virtualization Management entitlement. Pricing will be announced soon.

Salt-based virtualization host systems can also create virtual machines using a pre-built disk image.

These features have been added:

  • Deleting virtual machines.

  • Editing virtual machines to add or remove network interfaces or disk, change CPU and memory allocation or the display type.

  • Quick update of the list and state of virtual machines.

  • Displaying virtual machines graphical display in a new tab.

Updated Documentation Structure

In this release, we have reorganized our documentation and updated our tooling to make it clearer where information is, and make it easier for you to find the content you need, when you need it.

Old Naming Format
  • Getting Started

  • Best Practices

  • Reference

  • Advanced Topics

New Naming Format
  • Installation Guide (Requirements, supported platforms, installation methods, etc)

  • Client Configuration Guide (Configuring and connecting clients to Uyuni)

  • Upgrade Guide (Migrate and update clients and Uyuni)

  • Reference Guide (Comprehensive guide to the Web UI)

  • Administration Guide (Maintenance and administration tasks in Uyuni)

  • Salt Guide (A comprehensive guide to Salt for system administrators)

  • Retail Guide (A guide to using Uyuni for Retail)

Improved logging for Salt Remote Command Page

The Salt Remote Command Page log now every command executed in a separate logfile (/var/log/rhn/rhn_salt_remote_commands.log). In addition to this, an entry in the System History is generated for every minion where the command was executed.

Support for more Distributions as Clients

openSUSE Leap 15.1 and SLE15 SP1 can now be managed.

EoL for openSUSE Leap 42.3 clients

openSUSE Leap 42.3 is now End of Life since July 1st, as announced at the openSUSE Mailing lists

While the repositories for Leap 42.3 are still available, no support is provided aymore.

Salt Rate Limiting (Batching)

Any action scheduled on multiple Salt minions has now an upper limit on the number of systems that will process it simultaneously. This is referred to as batch size in Salt jargon, and defaults to 100 minions.

Please check the documentation for performance considerations in large installations (more than 1000 minions).

Product Information Loaded from SCC

In the past information about product channels were shipped via maintenance updates. Now these information will be downloaded from SUSE Customer Center (SCC) like the other product and repository information.

In case of using the fromdir configuration with SMT or RMT, please check if they support already downloading this file. You can get the file with the following command:

curl -O https://scc.suse.com/suma/product_tree.json
Image build host with SLES 12 SP4

Using SLES 12 SP4 as the base OS for an image build host is now supported.

Also building SLES 12 SP4 OS Images is supported.

Updated backend for communicating with SCC

This update contains a new backend to communicate with the SUSE Customer Center (SCC). This requires to run a mgr-sync refresh at the end of the update procedure.

The whole update procedure:

$> spacewalk-service stop
$> zypper patch
$> spacewalk-schema-upgrade
$> spacewalk-service start
$> mgr-sync refresh

In case of Inter Server Sync (ISS) the master needs to be updated first, then the slave.

This change show products like they are setup in the SUSE Customer Center. As a consequence of this some older products show no architecture anymore and mirror all available architectures when such a product is selected for mirroring.

With this change also some invalid product combinations were removed. Please check /var/log/rhn/rhn_web_ui.log for error messages. Invalid channels can be removed using spacewalk-remove-channel command.

XMLRPC API changes

Due to the changes in the backend for communicating with SCC corresponding XMLRPC API has changed:

Deprecated calls:

synchronizeChannels()
synchronizeProductChannels()

New call:

synchronizeRepositories()

For a refresh the XMLRPC API should be called in the following order:

synchronizeChannelFamilies
synchronizeProducts
synchronizeRepositories
synchronizeSubscriptions
Support for Ubuntu Clients

Management of Ubuntu clients is now supported. We provide a repository with salt packages that can easily be added with spacewalk-common-channels or manually.

The following new features were added:

  • Bootstrapping and performing initial state runs such as setting repositories and performing profile updates

  • Assigning .deb channels to minions

  • Information displayed in System details pages

  • Package install, update, and remove

  • Package install using Package States

  • Configuration and state channels

  • Support Ubuntu products and Debian architectures in mgr-sync

  • Support creating bootstrap repositories for Ubuntu 18.04 and 16.04

  • Add support for Ubuntu in the bootstrap script

  • Generate InRelease file for Debian/Ubuntu repos when metadata signing is enabled

  • Trust SUSE GPG key for client tools channels on Ubuntu systems

However, the root user on Ubuntu is disabled by default, so in order to use bootstrapping, you will require an existing user with sudo privileges for Python.

Change behavior on token refresh

Channel authentication tokens are valid by default for about 1 year. The renew of tokens happens automatically some time before they expire but they are not deployed automatically to the clients.

As the renew happens mostly without noticing by the administrator that behavior has changed to autodeploy renewed tokens to the clients automatically.

This old behavior can be preserved by setting

token_refresh_auto_deploy = false

in /etc/rhn/rhn.conf and restarting the services.

In case of a token renew without autodeployment enabled a log message will inform the administrator about it.

New option to force regeneration of channel metadata

A new option --force was added to spacecmd softwarechannel_regenerateyumcache to force a regeneration of the metadata files.

New products supported
  • openSUSE Leap 15.1

  • SLES11 SP4 LTSS

  • SLES12 SP3 LTSS

  • SLES 15 SP1 product family

  • CaaSP 4 Toolchain

Package download endpoint override

It is now possible to set a custom protocol, host and path for minions to download packages at installation time. This will override the default setting of the Uyuni Server or Uyuni Proxy used at registration time.

Technical preview: Single Sign-On (SSO)

Uyuni supports Single Sign-On authentication by implementing the Security Assertion Markup Language (SAML) 2 protocol. Mandatory requirement: an already existing and configured SAML Identity Service Provider (IdP). Uyuni must be reconfigured to use the IdP as the source of authentication and post-login mapped users must be already created before enabling SSO.

For more on configuring SSO, see the Administration Guide

Version 4.0.1

Support for PostgreSQL 10

A new version of the PostgreSQL database is available in openSUSE Leap 42.3 and can be used for Uyuni Server.

New installations of Uyuni Server based on openSUSE Leap 42.3 will automatically pick up this version.

PostgreSQL 10 needs a new version of smdba to initiate backups. This version is part of Uyuni Server 4.0.1.

Migrating from PostgreSQL 9.6 to PostgreSQL 10

You should have an up-to-date database backup before attempting the migration.

Existing installations of Uyuni Server will need to run

/usr/lib/susemanager/bin/pg-migrate-96-to-10.sh

to migrate from PostgreSQL 9.6 to PostgreSQL 10

Your Uyuni Server installation will not be accessible during the migration.

Note The migration will create a copy of the database under /var/lib/pgsql and thus needs sufficient disk space to hold two copies (9.6 and 10) of the database.

Since it does a full copy of the database, it also needs considerable time depending on the size of the database and the IO speed of the storage.

If your system is scarce on disk space you can do an fast, in-place migration by running

/usr/lib/susemanager/bin/pg-migrate-96-to-10.sh fast

The fast migration usually only takes minutes and no additional disk space. However, in case of failure you need to restore the database from a backup.

This wiki page contains additional information about the database migration.

spacecmd: Support state channels

spacecmd, the command line access to the Uyuni API, has been adapted to support state channels (aka Salt Minion config channels) with the following changes:

  • system_scheduleapplyconfigchannels

    • new call to schedule application of the assigned config channels to the system (minion only)

  • configchannel_updateinitsls

    • new call to update the init.sls file

  • configchannel_create

    • adapted call, now has a -t option to specify the channel type (normal or state)

  • configchannel_import

    • adapted call, honors channel type

Please use the help functionality of spacecmd for detailed option descriptions for each mentioned call.

New API calls

Functions softwarechannel_mergepackages and softwarechannel_errata_merge to merge packages and errata through spacecmd were added.

spacewalk-common-channels: Support for Uyuni, Fedora 29 and cleanup

Added:

  • Uyuni Server, Uyuni Proxy, Uyuni Client Tools, both stable and development version.

  • Fedora 29

Removed:

  • Fedora 26

  • Spacewalk 2.6 Server and Client Tools

  • Spacewalk 2.7 Server and Client Tools

  • Spacewalk 2.8 Server

  • Spacewalk nightly

  • OpenSUSE 13.2 and openSUSE 13.2 Client Tools

Support for more Distributions as Clients

openSUSE Leap 15.0, openSUSE Leap 42.3, SLE12, SLE15, CentOS6 and CentOS7 are now verified to bootstrap as both salt minions and traditional clients.

New products added to SCC syncing
  • SUSE OpenStack Cloud 9

Known issues

Single Sign On, API and CLI tools

Single Sign On can be used to authenticate in the Web UI but not with the API or CLI tools. This will be fixed in a future release of Uyuni.

EPEL and Salt packages

Using the Extra Packages for Enterprise Linux directly on RHEL clients (or compatible: SLES ES, CentOS, Oracle Linux, etc) will install the Salt packages from EPEL, which miss some features in the Uyuni-provided Salt packages. This is an unsupported scenario.

If you need to enable the EPEL repository, make sure you filter out the Salt packages from EPEL (for instance, by creating a new channel using Content Lifecycle Management).

RHEL 6, CentOS 6 and Oracle Linux 6 minimal installations

In the case of RHEL 6, CentOS 6 and Oracle Linux 6, the "Minimal" installation set is missing some packages required for the onboarding to work. It is recommented to install at least a "Basic Server".

Alternatively, if using a minimal installation, you must install the perl and openssh-clients packages before onboarding.

RHEL native clients

When autogenerating bootstrap repositories for native RHEL clients, some errors may be logged from the moment the official Red Hat channels are added until the moment those channels are fully synchronized for the first time.

This does not affect SLES Expanded Support, CentOS or Oracle Linux.

Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to Uyuni as Salt minions

If a client machine is running the Red Hat Satellite 5.x agent, registering it to Uyuni as a Salt minion will fail due to package conflicts.

Registering a RH Satellite 5.x client as a Uyuni traditional client works fine.

Registering a Uyuni traditional client as a Uyuni Salt minion will also work.

Works Fails

RH Satellite 5.x ⇒ Uyuni traditional

RH Satellite 5.x ⇒ Uyuni Salt minion

Uyuni traditional ⇒ Uyuni Salt minion

In order to register Red Hat Satellite 5.x clients to Uyuni as Salt minions, you will need to modify the bootstrap script to remove the Satellite agent packages first.

Spacewalk 2.x and Oracle Spacewalk 2.x clients will show the same behavior as Red Hat Satellite 5.x clients

CentOS

When mirroring CentOS AppStreams, only the most up-to-date packages can be synchronized. If a package was previously synchronized it will remain available but old versions cannot be synchronized if they never were earlier.

This will be fixed in the next Uyuni release.

Client Tools Notes

URLs of the Client Tools are:

Keep in mind you should manage the client tools using the command spacewalk-common-channels on the server, that will also allow you to add the required channels for all those operating systems that are freely available.

Supported clients

At the moment the status is the following:

Distribution

Salt bootstrap from server

Salt SSH bootstrap from server

Salt bootstrap from client

Traditional

openSUSE Leap 15

SLE12

SLE15

CentOS7

Oracle Linux 7

Oracle Linux 8

Amazon Linux 2

Alibaba Linux 2

AlmaLinux 8

Rocky Linux 8

Ubuntu18.04

Ubuntu20.04

Debian9

Debian10

= Working, = Not working, = Untested

With the exception of RHEL/CentOS and Oracle Linux, all maintained SPs and subversions are supported.

Untested clients

Distribution

Salt bootstrap from server

Salt SSH bootstrap from server

Salt bootstrap from client

Traditional

RHEL7

RHEL8

RHEL7 and RHEL8 are expected to work in the same way CentOS7 and CentOS8 respectively. Client Tools repositories for a CentOS version should work at the respective RHEL version.

CentOS8 (and therefore RHEL8) does not have support for the traditional client tools, only salt.

Known limitations

"spacewalk/minion_script" Autoinstallation snippet does not work with Salt bundle

The Autoinstallation snippet named spacewalk/minion_script does not support the Salt Bundle (venv-salt-minion) at this moment. Using this snippet is not mandatory.

If the snippet is used, the autoinstallation will not fail, but the package salt-minion will get installed and during the registration the Salt Bundle will not get installed.

As temporary workaround, you can either:

  • Create your own custom snippet based on spacewalk/minion_script but adjusting the paths and name to use venv-salt-minion instead.

  • Use the original snippet, register the client, and then perform the migration to the Python Bundle, as described at the documentation

Uyuni Client Tools GPG not trusted by the clients

The GPG key for Uyuni Client Tools is not trusted by default by the respective package management tools for each OS.

The systems will bootstrap without the GPG key being trusted, but will not be able to install new client tool packages or updated them.

This can be fixed by adding the key uyuni-gpg-pubkey-0d20833e.key to all the bootscrap scripts at variable ORG_GPG_KEY=. If you already have other keys there, you can keep them.

For systems bootstrapped from WebUI, a salt state should be created to trust the key, then the state can be assigned to the organization, and finally it can be used using an Activation Key and the Configuration Channels to deploy the change to the clients.

Documentation

It is usable but you can still find some issues, such references to SUSE Manager that are scheduled to be fixed on subsequent versions.

Installation

Requirements

  • OS: openSUSE Leap 15.3 x86_64, fully updated

  • Main memory: Minimum 16 GB for base installation

  • Disk space: Minimum 100 GB for root partition, Minimum 50 GB for /var/lib/pgsql, Minimum 50 GB per SUSE product + 100 GB per RHEL product (/var/spacewalk)

See the Getting Started manual for more details on the system requirements.

Installing the Server

Add the Stable repository:

Install the pattern:

zypper in patterns-uyuni_server

Run Yast2 and go to Network Services > Uyuni Setup

Follow the setup assistant.

Update from previous versions of Uyuni Server

See the "Installation/Upgrade Guide" for detailed instructions on how to upgrade.

  • If you are updating from 2021.05 or earlier: You will need to follow the "Upgrade > Upgrade the Server" > "Server - Major Upgrade" section.

  • If you are updating from 2021.06 or newer: You will need to follow the "Upgrade > Upgrade the Server" > "Server - Minor Upgrade" section.

All connected clients will continue to run and are manageable unchanged.

Update from previous versions of Uyuni Proxy

When updating, always start with the server first and then continue with the proxies.

See the release notes for the proxy and the "Upgrade Guide" for detailed upgrade instructions.

Other information

Red Hat Channels

Managing RHEL clients requires availability of appropriate Red Hat packages.

SUSE Channels

Managing SUSE Linux clients requires availability of appropriate SUSE channels.

Your licensed SUSE products can be used with Uyuni by following the setup Wizard.

Check the manuals for more information.

Providing feedback

In case of encountering a bug please report it at https://github.com/uyuni-project/uyuni/issues

Copyright © 2018 – 2021 The Uyuni Project

This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/es/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.

For SUSE trademarks, see http://www.suse.com/company/legal/. All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its affiliates. Asterisks (*) denote third-party trademarks.

All information found in this document has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its affiliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof.