Release notes for Uyuni Server Version 2020.03 2020-03-19 16:17:01 +0100 Table of Contents * Version Revision History * Stay informed * Support * Release model * Major changes since Uyuni Server 4.0.0 + Features and changes o Version 2020.03 # Debian client tools # SUSE Container as a Service Platform v4 nodes: action filtering # Subscription matching in public cloud: BYOS vs PAYG # Automatic generation of bootstrap repositories # Salt clients: provisioning API # Recurring highstate scheduling # Content Lifecycle Filters for AppStreams # New products enabled # Ubuntu enhancements # Yomi (Technology Preview) # Uyuni Hub XML-RPC API (Technology Preview) # spacewalk-utils # EFI HTTP booting # Subscription matching enhancements # Single Sign-On (SSO) is now stable # Single Page Application UI (SPA) is now stable # Red Hat Enterprise Linux 8 onboarding simplified o Version 2020.01 # Version format change # Adjust your repository at the Server system # Remove current Uyuni Proxy 4.0 channel and repository from the Server and add the new ones # Remove current Uyuni Server 4.0 channel and repository from the Server and add the new ones # CentOS8, RHEL 8 and SLES ES 8 support # Monitoring # Package Hub # Formulas # New Content Lifecycle Management filters # Enhanced support for Debian and Ubuntu # New Prometheus exporters and formulas # Subscription matching in Public Cloud # Preventive shutdown of Server when running out of disk space # Single Page Application UI # Grafana # Prometheus service autodiscovery # CPU mitigation formula # Updated documentation # Enhanced support for Ubuntu and Debian clients # New products enabled (from SCC) # SUSE Container as a Service Platform v4 support # Other changes o Version 4.0.2 # Migrating the Server from 4.0.1 to 4.0.2 # Salt 2019.2.0 # Base system upgrade # Prometheus Monitoring # Content lifecycle management # Virtualization management for Salt minions # Updated Documentation Structure # Improved logging for Salt Remote Command Page # Support for more Distributions as Clients # EoL for openSUSE Leap 42.3 clients # Salt Rate Limiting (Batching) # Product Information Loaded from SCC # Image build host with SLES 12 SP4 # Updated backend for communicating with SCC # XMLRPC API changes # Support for Ubuntu Clients # Change behavior on token refresh # New option to force regeneration of channel metadata # New products supported # Package download endpoint override # Technical preview: Single Sign-On (SSO) o Version 4.0.1 # Support for PostgreSQL 10 # Migrating from PostgreSQL 9.6 to PostgreSQL 10 # spacecmd: Support state channels # New API calls # spacewalk-common-channels: Support for Uyuni, Fedora 29 and cleanup # Support for more Distributions as Clients # New products added to SCC syncing * Known issues + CentOS * Retail terminal deployment * Client Tools Notes + Supported clients + Untested clients + Known limitations * Documentation * Installation + Requirements + Installing the Server + Update from previous versions of Uyuni Server + Update from previous versions of Uyuni Proxy * Other information + Red Hat Channels + SUSE Channels * Providing feedback * Legal Notices Version Revision History * 2020/03/19: 2020.03 release * 2020/01/31: 2020.01 release * 2019/08/02: 4.0.2 release * 2018/12/19: 4.0.1 release * 2018/10/26: 4.0.0 release Stay informed You can stay up-to-date regarding information about Uyuni: Check the home site https://www.uyuni-project.org Support Uyuni is a community-supported project. The ways or contacting the community are available at the home site. Release model Uyuni uses a rolling release model (meaning there will be no bugfixing for given Uyuni version, but new frequent versions that will include bugfixes and features) Check the home site get in contact with the community. Major changes since Uyuni Server 4.0.0 Features and changes Version 2020.03 Debian client tools We now offer Debian client tools that allow for easy onboarding of Debian as salt minions, as well as running spacecmd from them. Check the Client Configuration Guide for information about how to configure Uyuni Server to work with Debian clients. For now the following architectures are supported: x86_64, aarch64, armv7l, i586 We plan to continue improving Debian support in the future, including support for ppc64le and s390x Debian 10 clients. SUSE Container as a Service Platform v4 nodes: action filtering Nodes in a SUSE Container as a Service Platforms should be patched, rebooted, etc following CaaSP recommendations to avoid breaking cluster availability and software compability. In Uyuni 2020.03, we have introduced node locking and action filtering to prevent uninteded operations. * When CaaSP nodes are added to Uyuni, the registered systems will be locked automatically: * When a system is locked, the web UI shows a warning and you can schedule actions using the web UI or the API, but the action will fail. You can enable or disable the system lock using the System Lock formula. When the system lock is disabled, all operations are permitted. Subscription matching in public cloud: BYOS vs PAYG In Uyuni 4.0.1, we introduced virtual host gatherers for Amazon Web Services, Microsoft Azure and Google Cloud Engine. With these gatherers, our subscription matcher gained the ability to also include virtual machines running on the cloud in its calculations. We have now enhanced the subscription matcher to exclude pay-as-you-go (PAYG) instances. Those do not require a subscription, as the agreement between the Cloud Service Provider and the Customer covers them. Automatic generation of bootstrap repositories A bootstrap repository contains packages for installing Salt on clients, as well as the required packages for registering Salt or traditional clients during bootstrapping. In Uyuni 2020.01 and earlier, bootstrap repository creation was a manual step, by using the mgr-create-bootstrap-repo tool. In Uyuni 2020.03, bootstrap repositories are automatically created and regenerated on the Uyuni Server after a product is synchronized (i. e. all mandatory channels are fully mirrored). More details, including how to revert to manual invokation, are available from the Client Configuration Guide. Salt clients: provisioning API Enable provisioning API with Salt and bootstrap entitled systems. Previously, this only worked for traditional clients. Recurring highstate scheduling You can schedule automated recurring highstate actions for Salt clients. Recurring highstate actions apply the highstate to clients on a specified schedule. You can apply recurring action to individual clients, to all clients in a system group, or to an entire organization. The Recurring Actions section in the Administration Guide contains all the details for this feature. More improvements in regards to automation will be coming in subsequent releases of Uyuni: maintenance windows and patch automation. Content Lifecycle Filters for AppStreams RHEL, SLES ES, CentOS and Oracle Linux 8 appstreams can now be mixed and converted to flat repositories using a new type of CLM filter. New products enabled * SUSE Linux Enterprise Real Time 12 SP5 * SUSE Linux Enterprise 15 SP2 family * MicroFocus Open Enterprise Server 2018 SP2 (product GA in Q2 2020) * Oracle Linux 8 (using spacewalk-common-channels) Ubuntu enhancements Each Uyuni release and maintenance update brings better Ubuntu support. In Uyuni 2020.03, we have include two small but valuable improvements: * Support package pre-downloading, to ensure all content (.deb packages) is downloaded before patching. This should be very useful for large Ubuntu deployments managed by Uyuni. * Display additional information in the UI for .deb packages (dependencies and more headers) Yomi (Technology Preview) Yomi (yet one more installer) is a Salt-based installer for SUSE and openSUSE operating systems. In Uyuni, Yomi can be used as part of provisioning new clients, as an alternative to AutoYaST. Yomi consists of two components: * The Yomi formula, which contains the Salt states and modules required to perform the installation. * The operating system image, which includes the pre-configured salt-minion service. Detailed information on how to use Yomi is available from the Salt Guide. Yomi is work in progress and more operating systems and features will be added in coming releases. Uyuni Hub XML-RPC API (Technology Preview) The Uyuni Hub is a new multi-server architecture we are introducing as a technology preview in Uyuni 2020.03. Multiple Uyuni Servers can be managed from a single Hub node. The Hub is a Salt master itself and the managed Uyuni Server servers are both a minion (to the hub) and a master (to their own minions). Uyuni Hub Architecture The Hub covers a number of use cases, such as: * Scalability: when a single Uyuni Server will no longer be enough * Intermittently connected and bandwidth-limited sites, which can now be managed with their own schedule thanks to the Hub * Multi-tenancy with individual Uyuni Servers. While Uyuni is multi-organization itself, in some scenarios, an even stronger separation is required. The Hub provides a way to manage and aggregate back information for all those Uyuni Server servers. The Hub comprises a number of components that we will be releasing and enhancing in the future. The first component of the Hub we are now introducing as a Technology Preview is the Hub XML-RPC API, which provides an extended version of the Uyuni Server XML-RPC API, targeted for the multi-server case. Installation and usage Install Uyuni Server and then install the hub-xmlrpc-api package. That Uyuni Server is now the Hub Server. Configuration of hub-xmlrpc-api is specified in a JSON file like the following: { "type": "json", "hub": { "manager_api_url": "http://localhost/rpc/api" }, "connect_timeout": 10, "read_write_timeout": 10, } Set the HUB_CONFIG_FILE environment variable to point to the configuration file. hub-xmlrpc-api is a daemon, currently to be launched from the command line. Once running, you can connect to the hub-xmlrpc-api at port 8888 via any XMLRPC compliant client libraries (see examples below). API endpoints, namespaces and examples Details about usage with Python script examples are available at the Uyuni project site: https://github.com/uyuni-project/hub-xmlrpc-api spacewalk-utils In Uyuni 2020.01 and earlier, the spacewalk-utils package contained a mix tested and untested tools. In Uyuni 2020.03, we have split spacewalk-utils in two packages: * spacewalk-utils contains only fully-tested tools: + spacewalk-common-channels + spacewalk-hostname-rename + spacewalk-clone-by-date + spacewalk-sync-setup + spacewalk-manage-channel-lifecycle * spacewalk-utils-extras contains the tools that untested or not completely tested: + apply_errata + delete-old-systems-interactive + migrate-system-profile + spacewalk-api + spacewalk-export + spacewalk-export-channels + spacewalk-final-archive + spacewalk-manage-snapshots + sw-ldap-user-sync + sw-system-snapshot + taskotop + spacewalk-manage-channel-lifecycle Tools in spacewalk-utils-extras are valuable but they are so specific, or require additional customization for each user, that it is not possible for us to test for every use case. If you were using these scripts in spacewalk-utils in Uyuni 2020.01 or earlier, you will need to install spacewalk-utils-extras in Uyuni 2020.03. EFI HTTP booting The dhcp formula, branch network formula and pxe formula have been updated to support booting EFI terminals (systems) via HTTP in addition to TFTP. Subscription matching enhancements On public cloud providers, the subscription matcher will identify pay-as-you-go instances, whose subscription is provided by the Cloud Service Provider, and will not ask for additional subscriptions. Also, stackable subscriptions with the same parameters will be aggregated. Single Sign-On (SSO) is now stable Uyuni supports Single Sign-On authentication by implementing the Security Assertion Markup Language (SAML) 2 protocol. This feature, introduced in 4.0.2 as a Technology Preview, is now declared stable Uyuni must be reconfigured to use the IdP as the source of authentication and post-login mapped users must be already created before enabling SSO. For more on configuring SSO, see the Authentication Methods chapter in the Administration guide. Single Page Application UI (SPA) is now stable In an effort to provide our web UI users with a smoother navigation, we have implemented large parts of the user interface as a single page application. This enhancement was started in Uyuni 2020.01 as an opt-in feature and now becomes the default in Uyuni 2020.03 Red Hat Enterprise Linux 8 onboarding simplified It is no longer necessary to have Python 3 on RHEL8 systems for the onboarding to work. With this enhancement, even plain-text RHEL machines can be onboarded directly. Version 2020.01 Version format change Uyuni is now changing from X.Y version format to YYYY.MM format, and the URLs for the repositories remove the X.Y part. This will allow easier releases, no need to change URLs at all in the future, and less confussion regarding the relationship between Uyuni and SUSE Manager (Uyuni is always ahead). Adjust your repository at the Server system Because of the version format change, you need to adapt your zypper repository at the server before updating. If you followed the instructions for installation, this command will do it for you: sed -i -e 's/Uyuni-Server-4.0-POOL-x86_64-Media1/ Uyuni-Server-POOL-x86_64-Media1/' /etc/zypp/repos.d/uyuni-server-stable.repo Otherwise, find the Uyuni Server Stable repository and replace: baseurl=https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/ Stable/images/repo/Uyuni-Server-4.0-POOL-x86_64-Media1/ with: baseurl=https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/ Stable/images/repo/Uyuni-Server-POOL-x86_64-Media1/ Remove current Uyuni Proxy 4.0 channel and repository from the Server and add the new ones If you are currently syncing Uyuni Proxy 4.0 (usually because you have proxies), you need to: 1. Add the new channel with spacewalk-common-channel uyuni-proxy-stable-leap-151 2. Sync the new channel (and configure autosync if required) 3. See what instances are using the channel Uyuni Proxy 4.0 for openSUSE Leap 15.1 4. Adjust the channels assigned instances from previous step (tip: You can use "System Set Manager") to remove the old one and add the new one. 5. See what activations key are using the channel Uyuni Proxy 4.0 for openSUSE Leap 15.1 6. Adjust the activation keys from previous set to remove the old channel and add the new one. 7. Remove the channel Uyuni Proxy 4.0 for openSUSE Leap 15.1 8. Remove the repository External - Uyuni Proxy 4.0 for openSUSE Leap 15.1 (x86_64) Remove current Uyuni Server 4.0 channel and repository from the Server and add the new ones Most users will not require this unless, but if you have the Uyuni Server 4.0 channel at your server: 1. Add the new channel with spacewalk-common-channel uyuni-server-stable-leap-151 2. Sync the new channel (and configure autosync if required) 3. See what instances are using the channel Uyuni Server 4.0 for openSUSE Leap 15.1 4. Adjust the channels assigned instances from previous step (tip: You can use "System Set Manager" at the WebUI) to remove the old one and add the new one. 5. See what activations key are using the channel Uyuni Server 4.0 for openSUSE Leap 15.1 6. Adjust the activation keys from previous set to remove the old channel and add the new one. 7. Remove the channel Uyuni Server 4.0 for openSUSE Leap 15.1 8. Remove the repository External - Uyuni Server 4.0 for openSUSE Leap 15.1 (x86_64) CentOS8, RHEL 8 and SLES ES 8 support CentOS 8, Red Hat Enterprise Linux 8 and SUSE Linux Enterprise Server Expanded Support 8 are now supported clients as Salt minions. The traditional stack will not be supported on these operating systems. With the new application streams concept introduced in these operating systems, you will need to import both the BaseOS and the AppStream directories from the ISO image for the bootstrap repository to be created correctly. If the AppStream directory is not imported, you will receive an error about missing Python 3 packages. AppStream awareness in the UI and Content Lifecycle Management will be available in an upcoming version of Uyuni. Monitoring This version of Uyuni includes formulas to install Prometheus and Grafana, and makes the Apache exporter available for Ubuntu 18.04, CentOS6, CentOS7 and Proxy. Additionally, self-monitoring capabilities have been implemented in the Admin Monitoring UI. Package Hub SUSE Package Hub is now supported on the Server, since the problems with the search that were caused by PackageHub-provided packages have been solved. If you were using Package Hub as a source of packages for you clients, it is recommended that you re-generate all package metadata. The reason for this is in the Package Hub repositories there may exist multiple packages with the same NEVRA but different checksums. This might result in checksum errors when repositories are used on the clients as Uyuni randomly selected any of those packages. After this update, Uyuni will generate the checksum into the package path to ensure the right package is used. If you use also Uyuni Proxy please update all of them before you re-generate the metadata. Formulas The Formulas with Forms screen has an enhanced layout that folds vertically instead of nesting deep inside, making if cleaner. Besides this, validators are now possible in formulas using the JEXL expression language. The cpu-mitigations-formula is now installed by default. The Retail branch network formula now works all SUSE and openSUSE based distros, using SuSEfirewall or firewalld as appropriate. New Content Lifecycle Management filters In Uyuni 4.0.2 we introduced Content Lifecycle Management with a filter to exclude packages and patches based on their name. Feedback for this feature was very positive and many proposals for enhancement were received. In this release, we are introducing a lot of new possibilities for Content Lifecycle Management: * New filters: by date, by keyword (e. g. "reboot needed" or "package manager restart required"), by type (security, recommended or optional), by synopsis and "patch contains package". * New ALLOW mode, which in addition to the existing DENY mode, makes possible to filter out packages, and then include them again into the resulting set. * New matchers: in addition to the existing greater than, lesser than, equals, etc, we have now added a regular expression matcher for package names, patch names, patch synopsis and package names in patches. * Better visualization of the filters attached to a CLM project, with ALLOW and DENY now shown on each side of the screen. We have documented two typical use cases: a monthly patch cycle and live patching. More enhancements to Content Lifecycle Management will come in future releases of Uyuni. Enhanced support for Debian and Ubuntu With each release of Uyuni, we continue to enhance our Debian and Ubuntu support. Uyuni 2020.01 greatly improves our compatibility thanks to: * Support for all of the headers in .deb packages, including custom ones, when syncing Debian/Ubuntu repositories. You can use the new script mgr-update-pkg-extra-tags to update extra fields in DB without recreating all Debian/Ubuntu channels. * Support for .deb packages with hyphens in the package name or version. There remain a very small percentage (<0.1%) of packages for which our version comparison algorithm fails; we will fix this known issue in a coming release. New Prometheus exporters and formulas A new set of client tool packages now includes Prometheus exporters for more clients: CentOS 6, CentOS 7, RHEL 6, RHEL 7, SLES ES 6, SLES ES 7 and Ubuntu 18.04. Both the Prometheus node exporter and the PostgreSQL exporter are provided for those operating systems. The prometheus-exporters-formula formula makes easy to deploy them. Subscription matching in Public Cloud We?ve added new types of Virtual Host Managers in order to gather virtual instances from Public Cloud providers. Azure, AWS and Google Cloud are now supported, in addition to the existing VMware and generic (file-based, manually-maintained, useful for any cloud provider) gatherer modules. Creating VHM to gather virtual instances from the Public Cloud will enable the subscription matcher to match "1-2 virtual machines" subscriptions for those instances that are running on the same Public Cloud zone. Please take into account the following considerations in this version. They will be addressed in upcoming versions of Uyuni: * This functionality will only work with Salt clients. * Manual installation of the virtual-host-gatherer-libcloud package is required. * The public cloud gatherers will report and try to match all instances, no matter if they are BYOS or PAYG, leading to an incorrect calculation of the required subscriptions if you combine BYOS and PAYG. Preventive shutdown of Server when running out of disk space Some users have hit in the past a database corruption problem when PostgreSQL ran out of space. In order to prevent that from happening in the future, we have added a diskchecker to Uyuni Server. This feature will send a warning mail when the most common and important Uyuni directories are below 10% of free disk space, and will shut down the Uyuni Server when those directories are below 5% of free disk space. This new feature is only enabled by defult in new installations. For existing installations, the administrator can enable the tool manually after updating to the latest maintenance update by running: systemctl --quiet enable spacewalk-diskcheck.timer systemctl start spacewalk-diskcheck.timer Full details on the parameterization of this new feature are available in the Managing disk space documentation page. Single Page Application UI In an effort to provide our web UI users with a smoother navigation, we have implemented large parts of the user interface as a single page application. This feature is optional for this release and is disabled by default. To enable it, users can now add web.spa.enable = true to /etc/rhn/rhn.conf, and then restart Tomcat. Grafana Grafana is a tool for data visualization, monitoring, and analysis. It is used to create dashboards with panels representing specific metrics over a set period of time. Grafana is commonly used together with Prometheus, but also supports other data sources such as ElasticSearch, MySQL, PostgreSQL, and Influx DB. This version of Uyuni includes Grafana in the client tools repositories. An Uyuni Grafana dashboard is provided as an example. Monitoring section of the Administration Guide contains full detail on how to configure Grafana together with Uyuni. Prometheus service autodiscovery Prometheus is a monitoring tool used to record real-time metrics in a time-series database. Metrics are collected using HTTP pulls, allowing for higher performance and scalability. We have updated the Prometheus package with a new version that include a built-in service discovery mechanism that will allow users to more easily configure monitoring on their Uyuni systems. Previously, after configuring the exporters on managed clients, users had to manually configure their Prometheus servers to start scrapping metrics from those systems. With this update, it will be possible to use a "service discovery" mechanism that will automate this part of the configuration. The configuration options are simple: it is only required to provide a Uyuni Server URL and valid API credentials. Under the hood, what this mechanism does is letting Prometheus poll the Uyuni API, asking for a list of systems that have monitoring enabled, and automatically configuring Prometheus to collect metrics from those systems. In this version, the autodiscovery functionality is provided as a Technology Preview. More information about configuring Prometheus can be found in the Monitoring section of the Administration Guide. CPU mitigation formula CPU mitigations have been introduced to improve security on CPUs affected by vulnerabilities such as Meltdown and Spectre. The mitigations are available in SUSE Linux Enterprise 12 SP3 and later in the cpu-mitigations-formula package, which is not installed by default. The new CPU Mitigation formula allows you to control which mitigations are enabled. Updated documentation The Uyuni documentation has received improvements in all of the books, with small clarifications and enhancements all around: content lifecycle management filters, public cloud, JeOS, formulas, etc Of particular interest for users with large installations will be the new Large Scale Deployment and Salt Tuning sections in the Salt Guide. Given that modifying advanced parameters can cause catastrophic failure, we recommend making a backup and being conservative doing changes. Additionally, the search functionality in the documentation now works offline. Enhanced support for Ubuntu and Debian clients The Multi-Arch and Pre-depends headers are now supported for .deb repositories, hence avoiding installation problems that could arise in some cases when deploying packages from the UI. Also, Ubuntu and Debian channels now come preconfigured in spacewalk-common-channels. The Debian CDN is used to provide the best mirror at each moment. For Ubuntu, you may want to replace the default mirror with a closer geo-mirror. Keep in mind SUSE does not provide support for the spacewalk-common-channels tool form the spacewalk-utils package. New products enabled (from SCC) * SLES12 SP3 LTSS * SUSE Linux Enterprise Real Time 12 SP4 * SLES12 SP5 * RHEL 8 and SLES ES 8 * CaaSP 4 * openSUSE Leap 15.1 SUSE Container as a Service Platform v4 support The Virtual Host Manager functionality has been extended to support SUSE Container as a Service Platform v4. You can register each CaaSP node to Uyuni using the same method as you would a Salt client. After doing this, you will be able to see the patch level status of each node, perform configuration management on the nodes and assign channels o clusters. We strongly recommend to check the documentation on the scope and extent of the CaaSPv4 integration in Uyuni: https://www.uyuni-project.org/uyuni-docs/ suse-manager/client-configuration/vhm-caasp.html Upcoming versions of Uyuni will enhance CaaSP integration. Other changes * Since this version, as part of a bugfix, it is no longer allowed to delete a channel when there are cloned channels based on it. * Taskomatic now takes a maximum of 4 GB of RAM (it used to be 2 GB), which better matches the current average use case. * Salt clients can now be re-provisioned from Uyuni. This allows major version OS updates for SLES and Uyuni Proxy. * Normalize date formats for actions, notifications and CLM Version 4.0.2 Migrating the Server from 4.0.1 to 4.0.2 If you are using DHCP addresses and you do not use DHCP reservations, migrating from openSUSE Leap 42.3 to Leap 15.0 can change the IP address of your NICs. If using DHCP, make sure your instances have reserved IP addresses. Before starting, make sure you have a backup of your server, as it will be hard to recover from failures during the migration. 4.0.2 is now based on openSUSE Leap 15.1, so a base OS system is required. To help administrators with the migration, a new script is provided by the susemanager package at /usr/lib/susemanager/bin/server-migrator.sh Then, update susemanager package only: zypper ref zypper in susemanager And finally run the script: /usr/lib/susemanager/bin/server-migrator.sh After the migration is complete, you will be requested to reboot your server Uyuni Server 4.0.2 works with SUSE Uyuni Proxy 4.0.1. When upgrading, upgrade the Server first, followed by the Proxies. Salt 2019.2.0 Salt has been upgraded to the 2019.2.0 release. We intend to regularly upgrade Salt to more recent versions. For more detail about changes in your manually-created Salt states, see the Salt upstream release notes 2019.2.0. Base system upgrade The base system was upgraded to openSUSE 15.1. As a result, all code was ported to run with Python 3 and OpenJDK 11. Prometheus Monitoring We now include packages for the latest version of Prometheus, as well as self-monitoring capabilities for Uyuni. Prometheus is a monitoring tool that is used to record real-time metrics in a time-series database. For more information about Prometheus, see the Administration Guide Exporters Exporters convert existing metrics into the format Prometheus requires. We are now providing the following Prometheus Exporters as packages, for SLE12 and SLE15 as well as openSUSE Leap 15.1: * Node exporter - Hardware and operating system metrics * PostgreSQL exporter - PostgreSQL database metrics * Squid exporter - Squid Proxy metrics * Apache exporter - Apache HTTP server metrics In addition we provide JMX exporter on Uyuni Server. Monitoring is not yet available for other operating system platforms like Red Hat Enterprise Linux or Ubuntu. Self-monitoring features in Uyuni Uyuni provides metrics about its health to Prometheus. Both Server and Proxy can expose metrics. Self-monitoring can be enabled via the Web UI. For that purpose, some Prometheus exporters are pre-installed on Uyuni Server and Proxy. A new formula is also included, to install and manage Node and PostgreSQL exporters on clients managed by Salt. This formula can be configured in the Uyuni Web UI. Content lifecycle management The content lifecycle management feature allows you to clone software channels through a lifecycle of several environments. You are able to create content projects, select a custom set of software channels as sources, and promote software channels through a pre-defined lifecycle of environments. You can define filters to exclude specific packages and patches. More filters will be added in a later release. Once you have selected your sources you can build the selected set which will populate the first environment. After the first environment is built, you can promote it through the environment lifecycle to the next environment in the loop. You can see the status of the build at any time throughout the process. The result of the build, and the content of every environment, is a channel tree made of cloned software channels of the selected sources, to which systems can be assigned. Virtualization management for Salt minions The existing virtualization features have been enhanced for Salt-based systems. This is a technology preview and will require an additional Virtualization Management entitlement. Pricing will be announced soon. Salt-based virtualization host systems can also create virtual machines using a pre-built disk image. These features have been added: * Deleting virtual machines. * Editing virtual machines to add or remove network interfaces or disk, change CPU and memory allocation or the display type. * Quick update of the list and state of virtual machines. * Displaying virtual machines graphical display in a new tab. Updated Documentation Structure In this release, we have reorganized our documentation and updated our tooling to make it clearer where information is, and make it easier for you to find the content you need, when you need it. Old Naming Format * Getting Started * Best Practices * Reference * Advanced Topics New Naming Format * Installation Guide (Requirements, supported platforms, installation methods, etc) * Client Configuration Guide (Configuring and connecting clients to Uyuni) * Upgrade Guide (Migrate and update clients and Uyuni) * Reference Guide (Comprehensive guide to the Web UI) * Administration Guide (Maintenance and administration tasks in Uyuni) * Salt Guide (A comprehensive guide to Salt for system administrators) * Retail Guide (A guide to using Uyuni for Retail) Improved logging for Salt Remote Command Page The Salt Remote Command Page log now every command executed in a separate logfile (/var/log/rhn/rhn_salt_remote_commands.log). In addition to this, an entry in the System History is generated for every minion where the command was executed. Support for more Distributions as Clients openSUSE Leap 15.1 and SLE15 SP1 can now be managed. EoL for openSUSE Leap 42.3 clients openSUSE Leap 42.3 is now End of Life since July 1st, as announced at the openSUSE Mailing lists While the repositories for Leap 42.3 are still available, no support is provided aymore. Salt Rate Limiting (Batching) Any action scheduled on multiple Salt minions has now an upper limit on the number of systems that will process it simultaneously. This is referred to as batch size in Salt jargon, and defaults to 100 minions. Please check the documentation for performance considerations in large installations (more than 1000 minions). Product Information Loaded from SCC In the past information about product channels were shipped via maintenance updates. Now these information will be downloaded from SUSE Customer Center (SCC) like the other product and repository information. In case of using the fromdir configuration with SMT or RMT, please check if they support already downloading this file. You can get the file with the following command: curl -O https://scc.suse.com/suma/product_tree.json Image build host with SLES 12 SP4 Using SLES 12 SP4 as the base OS for an image build host is now supported. Also building SLES 12 SP4 OS Images is supported. Updated backend for communicating with SCC This update contains a new backend to communicate with the SUSE Customer Center (SCC). This requires to run a mgr-sync refresh at the end of the update procedure. The whole update procedure: $> spacewalk-service stop $> zypper patch $> spacewalk-schema-upgrade $> spacewalk-service start $> mgr-sync refresh In case of Inter Server Sync (ISS) the master needs to be updated first, then the slave. This change show products like they are setup in the SUSE Customer Center. As a consequence of this some older products show no architecture anymore and mirror all available architectures when such a product is selected for mirroring. With this change also some invalid product combinations were removed. Please check /var/log/rhn/rhn_web_ui.log for error messages. Invalid channels can be removed using spacewalk-remove-channel command. XMLRPC API changes Due to the changes in the backend for communicating with SCC corresponding XMLRPC API has changed: Deprecated calls: synchronizeChannels() synchronizeProductChannels() New call: synchronizeRepositories() For a refresh the XMLRPC API should be called in the following order: synchronizeChannelFamilies synchronizeProducts synchronizeRepositories synchronizeSubscriptions Support for Ubuntu Clients Management of Ubuntu clients is now supported. We provide a repository with salt packages that can easily be added with spacewalk-common-channels or manually. The following new features were added: * Bootstrapping and performing initial state runs such as setting repositories and performing profile updates * Assigning .deb channels to minions * Information displayed in System details pages * Package install, update, and remove * Package install using Package States * Configuration and state channels * Support Ubuntu products and Debian architectures in mgr-sync * Support creating bootstrap repositories for Ubuntu 18.04 and 16.04 * Add support for Ubuntu in the bootstrap script * Generate InRelease file for Debian/Ubuntu repos when metadata signing is enabled * Trust SUSE GPG key for client tools channels on Ubuntu systems However, the root user on Ubuntu is disabled by default, so in order to use bootstrapping, you will require an existing user with sudo privileges for Python. Change behavior on token refresh Channel authentication tokens are valid by default for about 1 year. The renew of tokens happens automatically some time before they expire but they are not deployed automatically to the clients. As the renew happens mostly without noticing by the administrator that behavior has changed to autodeploy renewed tokens to the clients automatically. This old behavior can be preserved by setting token_refresh_auto_deploy = false in /etc/rhn/rhn.conf and restarting the services. In case of a token renew without autodeployment enabled a log message will inform the administrator about it. New option to force regeneration of channel metadata A new option --force was added to spacecmd softwarechannel_regenerateyumcache to force a regeneration of the metadata files. New products supported * openSUSE Leap 15.1 * SLES11 SP4 LTSS * SLES12 SP3 LTSS * SLES 15 SP1 product family * CaaSP 4 Toolchain Package download endpoint override It is now possible to set a custom protocol, host and path for minions to download packages at installation time. This will override the default setting of the Uyuni Server or Uyuni Proxy used at registration time. Technical preview: Single Sign-On (SSO) Uyuni supports Single Sign-On authentication by implementing the Security Assertion Markup Language (SAML) 2 protocol. Mandatory requirement: an already existing and configured SAML Identity Service Provider (IdP). Uyuni must be reconfigured to use the IdP as the source of authentication and post-login mapped users must be already created before enabling SSO. For more on configuring SSO, see the Administration Guide Version 4.0.1 Support for PostgreSQL 10 A new version of the PostgreSQL database is available in openSUSE Leap 42.3 and can be used for Uyuni Server. New installations of Uyuni Server based on openSUSE Leap 42.3 will automatically pick up this version. PostgreSQL 10 needs a new version of smdba to initiate backups. This version is part of Uyuni Server 4.0.1. Migrating from PostgreSQL 9.6 to PostgreSQL 10 You should have an up-to-date database backup before attempting the migration. Existing installations of Uyuni Server will need to run /usr/lib/susemanager/bin/pg-migrate-96-to-10.sh to migrate from PostgreSQL 9.6 to PostgreSQL 10 Your Uyuni Server installation will not be accessible during the migration. Note The migration will create a copy of the database under /var/lib/pgsql and thus needs sufficient disk space to hold two copies (9.6 and 10) of the database. Since it does a full copy of the database, it also needs considerable time depending on the size of the database and the IO speed of the storage. If your system is scarce on disk space you can do an fast, in-place migration by running /usr/lib/susemanager/bin/pg-migrate-96-to-10.sh fast The fast migration usually only takes minutes and no additional disk space. However, in case of failure you need to restore the database from a backup. This wiki page contains additional information about the database migration. spacecmd: Support state channels spacecmd, the command line access to the Uyuni API, has been adapted to support state channels (aka Salt Minion config channels) with the following changes: * system_scheduleapplyconfigchannels + new call to schedule application of the assigned config channels to the system (minion only) * configchannel_updateinitsls + new call to update the init.sls file * configchannel_create + adapted call, now has a -t option to specify the channel type (normal or state) * configchannel_import + adapted call, honors channel type Please use the help functionality of spacecmd for detailed option descriptions for each mentioned call. New API calls Functions softwarechannel_mergepackages and softwarechannel_errata_merge to merge packages and errata through spacecmd were added. spacewalk-common-channels: Support for Uyuni, Fedora 29 and cleanup Added: * Uyuni Server, Uyuni Proxy, Uyuni Client Tools, both stable and development version. * Fedora 29 Removed: * Fedora 26 * Spacewalk 2.6 Server and Client Tools * Spacewalk 2.7 Server and Client Tools * Spacewalk 2.8 Server * Spacewalk nightly * OpenSUSE 13.2 and openSUSE 13.2 Client Tools Support for more Distributions as Clients openSUSE Leap 15.0, openSUSE Leap 42.3, SLE12, SLE15, CentOS6 and CentOS7 are now verified to bootstrap as both salt minions and traditional clients. New products added to SCC syncing * SUSE OpenStack Cloud 9 Known issues CentOS When mirroring CentOS AppStreams, only the most up-to-date packages can be synchronized. If a package was previously synchronized it will remain available but old versions cannot be synchronized if they never were earlier. This will be fixed in the next Uyuni release. Retail terminal deployment Downloading updated images on already deployed retail terminals may fail due to a pipe writing conflict. As a workaround, predownloading images on the terminal can be used (see documentation the retail guide for more information) This will be fixed inthe next Uyuni release Client Tools Notes All Client Tools are still considered "Beta" and there could still be dependencies problems, notably for SLE12 and CentOS6 and CentOS7. URLs of the Client Tools are: * openSUSE Leap 15.* (x86_64): https://download.opensuse.org/repositories/ systemsmanagement:/Uyuni:/Stable:/openSUSE_Leap_15-Uyuni-Client-Tools/ openSUSE_Leap_15.0/ * SLE12 (x86_64, pcc64le. s390x, aarch64): https://download.opensuse.org/ repositories/systemsmanagement:/Uyuni:/Stable:/SLE12-Uyuni-Client-Tools/ SLE_12/ * SLE15 (x86_64, pcc64le. s390x, aarch64): https://download.opensuse.org/ repositories/systemsmanagement:/Uyuni:/Stable:/SLE15-Uyuni-Client-Tools/ SLE_15/ * CentOS6 (i686, x86_64): https://download.opensuse.org/repositories/ systemsmanagement:/Uyuni:/Stable:/CentOS6-Uyuni-Client-Tools/CentOS_6/ * CentOS7 (x86_64): https://download.opensuse.org/repositories/ systemsmanagement:/Uyuni:/Stable:/CentOS7-Uyuni-Client-Tools/CentOS_7/ * CentOS8 (x86_64): https://download.opensuse.org/repositories/ systemsmanagement:/Uyuni:/Stable:/CentOS8-Uyuni-Client-Tools/CentOS_8/ * Ubuntu 16.04 (x86_64): https://download.opensuse.org/repositories/ systemsmanagement:/Uyuni:/Stable:/Ubuntu1604-Uyuni-Client-Tools/ xUbuntu_16.04/ * Ubuntu 18.04 (x86_64): https://download.opensuse.org/repositories/ systemsmanagement:/Uyuni:/Stable:/Ubuntu1804-Uyuni-Client-Tools/ xUbuntu_18.04/ * Debian 9 (x86_64, aarch64, armv7l, i586): https://download.opensuse.org/ repositories/systemsmanagement:/Uyuni:/Stable:/Debian9-Uyuni-Client-Tools/ Debian_9/ * Debian 10 (x86_64, aarch64, armv7l, i586): https://download.opensuse.org/ repositories/systemsmanagement:/Uyuni:/Stable:/Debian10-Uyuni-Client-Tools/ Debian_10/ Supported clients At the moment the status is the following: Distribution Salt bootstrap Salt SSH bootstrap Salt bootstrap Traditional from server from server from client openSUSE Leap 15 SLE12 SLE15 CentOS6 CentOS7 CentOS8 Ubuntu16.04 Ubuntu18.04 Debian9 Debian10 = Working, = Not working, = Untested In all cases, all maintained SPs and subversions are supported. Untested clients Distribution Salt bootstrap Salt SSH bootstrap Salt bootstrap Traditional from server from server from client RHEL6 RHEL7 RHEL8 OracleLinux6 OracleLinux7 OracleLinux8 RHEL6/OracleLinux6, RHEL7/OracleLinux7 and RHEL8/OracleLinux8 are expected to work in the same way CentOS6, CentOS7 and CentOS8 respectively. Client Tools repositories for a CentOS version should work at the respective RHEL version. CentOS8 (and therefore RHEL8/OracleLinux8) does not have support for the traditional client tools, only salt. Known limitations The GPG key for Uyuni Client Tools is not trusted by default by the respective package management tools for each OS. The systems will bootstrap without the GPG key being trusted, but will not be able to install new client tool packages or updated them. This can be fixed by adding the key uyuni-gpg-pubkey-0d20833e.key to all the bootscrap scripts at variable ORG_GPG_KEY=. If you already have other keys there, you can keep them. For systems bootstrapped from WebUI, a salt state should be created to trust the key, then the state can be assigned to the organization, and finally it can be used using an Activation Key and the Configuration Channels to deploy the change to the clients. Documentation It is usable but you can still find some issues, such references to SUSE Manager that are scheduled to be fixed on subsequent versions. Installation Requirements * OS: openSUSE Leap 15.1 x86_64, fully updated * Main memory: Minimum 16 GB for base installation * Disk space: Minimum 100 GB for root partition, Minimum 50 GB for /var/lib/ pgsql, Minimum 50 GB per SUSE product + 100 GB per RHEL product (/var/ spacewalk) See the Getting Started manual for more details on the system requirements. Installing the Server Add the Stable repository: zypper ar https://download.opensuse.org/repositories/systemsmanagement:/ Uyuni:/Stable/images/repo/Uyuni-Server-POOL-x86_64-Media1/ uyuni-server Install the pattern: zypper in patterns-uyuni_server Run Yast2 and go to Network Services > Uyuni Setup Follow the setup assistant. Update from previous versions of Uyuni Server You can update from previous Uyuni Server Stable versions. See the best practices manual for detailed instructions on how to upgrade. All connected clients will continue to run and are manageable unchanged. Update from previous versions of Uyuni Proxy When updating, always start with the server first and then continue with the proxies. See the advanced topics manual for detailed upgrade instructions. Other information Red Hat Channels Managing RHEL clients requires availability of appropriate Red Hat packages. SUSE Channels Managing SUSE Linux clients requires availability of appropriate SUSE channels. Your licensed SUSE products can be used with Uyuni by following the setup Wizard. Check the manuals for more information. Providing feedback In case of encountering a bug please report it at https://github.com/ uyuni-project/uyuni/issues Legal Notices Copyright ? 2018 ? 2020 The Uyuni Project This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License. To view a copy of this license, visit http://creativecommons.org/ licenses/by-sa/3.0/es/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA. For SUSE trademarks, see http://www.suse.com/company/legal/. All other third-party trademarks are the property of their respective owners. Trademark symbols (?, ? etc.) denote trademarks of SUSE and its affiliates. Asterisks (*) denote third-party trademarks. All information found in this document has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its affiliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Last updated 2020-03-19 16:17:01 +0100