Version Revision History

  • 2022/04/29: 2022.04 release

  • 2022/03/31: 2022.03 release

  • 2022/02/28: 2022.02 release

  • 2022/01/28: 2022.01 release

  • 2021/12/09: 2021.12 release

  • 2021/09/23: 2021.09 release

  • 2021/08/16: 2021.08 release

  • 2021/06/24: 2021.06 release

  • 2021/05/18: 2021.05 release

  • 2021/04/21: 2021.04 release

  • 2021/03/01: 2021.02 release

  • 2021/02/05: 2021.01 release

  • 2020/11/26: 2020.11 release

  • 2020/09/22: 2020.09 release

  • 2020/07/24: 2020.07 release

  • 2020/06/15: 2020.06 release

  • 2020/05/21: 2020.05 release

  • 2020/04/16: 2020.04 release

  • 2020/03/19: 2020.03 release

  • 2020/01/31: 2020.01 release

  • 2019/08/02: 4.0.2 release

  • 2018/12/19: 4.0.1 release

  • 2018/10/26: 4.0.0 release

Stay informed

You can stay up-to-date regarding information about Uyuni:

Support

Uyuni is a community-supported project. The ways of contacting the community are available at the home site.

Release model

Uyuni uses a rolling release model (meaning there will be no bugfixing for given Uyuni version, but new frequent versions that will include bugfixes and features).

Check the home site get in contact with the community.

Major changes since Uyuni Proxy 4.0.0

Features and changes

Version 2022.04

HSTS available

HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.

Uyuni 2022.04 allows enabling HSTS. Which means each request will need to be HTTPS while plain HTTP requests will be rejected.

To enable it for the Uyuni Proxy:

  1. Edit /etc/apache2/conf.d/spacewalk-proxy.conf

  2. Uncomment the line # Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"

  3. Restart Apache with systemctl restart apache2

IMPORTANT: If you enable HSTS while using the default SSL certificate generated by Uyuni, or a self-signed certificate, some browsers will refuse to connect using HTTPS unless the CA used to sign such certificates is trusted by the browser. If you are using the SSL certificate generated by Uyuni, you can trust it at the servers by using the file located at `http://<UYUNI-PROXY-HOSTNAME>/pub/RHN-ORG-TRUSTED-SSL-CERT

Technology Preview: Containerized SUSE Manager Proxy and Retail Branch Server

Starting with Uyuni 2022.04, it will be possible to run the Uyuni proxy and Retail branch server also in containers. This could be very helpful in scenarios where adding new virtual machines is not feasible for some reason.

Additionally, the ability to run Uyuni Proxy and Retail branch servers in containers make it more flexible to run them anywhere without worrying about the underlying OS, while also making it possible to get the advantage of Kubernetes offerings like HA.

Version 2022.03

Unsupported products
  • Red Hat Enterprise Linux 6

  • SUSE Linux Enterprise Server Expanded Support 6

  • Oracle Linux 6

  • CentOS 6

  • CentOS 8

  • Ubuntu 16.04

We highly encourage you to migrate your workload to a newer version of each distribution, or to an alternative distribution that is still supported, so you can continue managing your infrastructure with Uyuni.

Please note that we will not break things on purpose for these unsupported products, and there is a possibility that they could still continue to work. But if things break, there will not be any support provided, not even on a best-effort basis, unless someone from the community can step in.

Version 2022.02

Prometheus 2.32.1

Uyuni 2022.02 updates Prometheus from version 2.27.1 to 2.32.1.

The new version contains some breaking changes that need to be addressed after the Uyuni Server is updated.

Breaking changes:

  • Uyuni Service Discovery: The configuration and the returned set of meta labels have changed. Please check the upstream documentation for more details.

  • As a consequence all users with existing monitoring setup must reapply the highstate on the monitoring server(s).

Important changes:

  • Introduced generic HTTP-based service discovery.

  • New expression editor with advanced autocompletion, inline linting, and syntax highlighting.

  • Discovering Kubernetes API servers using a kubeconfig file.

  • Faster server restart times via snapshotting.

  • Controlling scrape intervals and timeouts via relabeling.

Check the upstream changelog for more details on what has changed.

Version 2022.01

Change proxy used for clients from the WebUI

It is now possible to change the proxy used by an Uyuni client using the WebUI.

This can be done from the Connection tab at the Details tab for any Salt client, using the new link Change to change the connection type.

Using System Set Manager is supported as well, and can be done from the Misc tab, and then Proxy tab.

NOTE: Changing the connection for a Proxy to move it, is not supported at this moment. The Connectiontab will not show the Change link for proxies.

Version 2021.12

Salt as a Bundle

Salt Bundle is a single package called venv-salt-minion containing the Salt Minion, Python and all Python modules. It is exactly the same version and codebase for the current salt-minion RPM package.

The Salt Bundle can be used on systems that already run another Salt Minion, that do not meet Salt’s requirements or already provide a newer salt version that is used instead of the version provided by Uyuni.

Starting with Uyuni 2021.12, Uyuni is able to bootstrap systems with Salt Bundle for all the supported operating systems.

On bootstrapping new proxies the Salt Bundle package will be used instead of salt-minion, if the package venv-salt-minion is present in the bootstrap repo.

Proxies already registered will not be changed, but can be switched to Salt Bundle with applying the state util.mgr_switch_to_venv_minion to them.

Monitoring
Prometheus Blackbox exporter

Uyuni 2021.12 comes with the Blackbox exporter, which allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP, and ICMP. It needs to be installed next to the Prometheus server and not on the clients. Prometheus formula has been extended to configure the Blackbox exporter.

The package prometheus-blackbox_exporter has been added as recommended for the Proxy.

Formulas

One of the limitations of the current formulas is that they are listed against every client, even if the supported packages are not available for that OS version or service pack.

While we are continuously focused on improving the formulas, for now, starting with the monitoring formulas it will be mentioned in documentation if applying those formulas would actually work in the case of a particular client.

In 2021.09, we made the Prometheus package available for Uyuni Proxy and Retail Branch Server but that is not the case with Grafana.

  • Prometheus is available for the client tools for SLE 12, SLE 15, and openSUSE 15 Uyuni Proxies or Retail Branch Servers

  • Grafana is available for the client tools for SLE 12, SLE 15, openSUSE15

New product enabled
  • SUSE Linux Enterprise Server 15 SP2 LTSS

CentOS 8 End of Life

CentOS 8 will be End of Life on December 31st, 2021. Uyuni support for this product will end as well.

Please refer to support section for more information.

Future deprecation of the traditional stack

This version of Uyuni is compatible with Salt and traditional clients. We will deprecate traditional clients and traditional proxies in the summer of 2022.

After summer of 2022, Uyuni will not support traditional clients, and the code to support it will be removed at some point after the summer.

We encourage all new deployments to use Salt clients and Salt proxies exclusively, and to migrate existing traditional clients to Salt.

Version 2021.09

Prometheus available for Uyuni Proxy and Retail Branch Server

From this version, the Prometheus package will also be available for Uyuni Proxy and Retail Branch Server.

In case you plan to use the branch server or proxy as a monitoring server with Prometheus, be aware that Prometheus demands additional hardware resources.

Ansible available for Uyuni Proxy and Retail Branch Server

The Ansible package will also be available for Uyuni Proxy and Retail Branch Server, which makes it possible to use Uyuni Proxy and Retail Branch Server as Ansible control Node.

When making Uyuni Proxy or Retail Branch Server an Ansible control Node, the extra load can affect the performance of this critical component. Bad performance of the Branch Server can further affect attached clients.

Version 2021.08

Bugfix release

Version 2021.06

Upgrade notes

WARNING: This release updates the base OS from openSUSE Leap 15.2 to openSUSE Leap 15.3 and there are special steps required. You need at least Uyuni 2020.07 already installed to perform the upgrade, and you need to follow the (major upgrade procedure for the Proxy. More details are also available at the "Update from previous versions of Uyuni Proxy" section below.

Salt 3002

Salt has been upgraded to upstream version 3002, plus a number of patches, backports and enhancements by SUSE, for the Uyuni Server, Proxy and Client Tools (where the client operating system supports Python 3.5+; otherwise Salt 3000 or 2016.11 are used).

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the Salt 3002 upstream release notes and Salt 3001 upstream release notes.

Base System Upgrade

The base system was upgraded to openSUSE Leap 15.3.

The Uyuni Proxy and Retail Branch Server can now be installed on top of openSUSE Leap 15.3 JeOS edition.

Version 2021.05

Bugfix release

Version 2021.04

New products enabled
  • Amazon Linux 2

  • Alibaba Linux 2

  • AlmaLinux 8

  • MicroFocus Open Enterprise Server 2018 SP3

  • openSUSE Leap 15.3 (Beta)

Reactivation keys in bootstrap scripts

Bootstrap scripts can include an activation key to directly assign software channels, configuration channels, entitlements, etc to a system while registering.

Reactivation keys can be used to re-register a previously registered client and regain all Uyuni settings. For example, to move clients registered to the Uyuni Server to being registered through an Uyuni Proxy (or Retail Branch Server), when reinstalling, and in some other cases.

Uyuni now supports the combination of reactivation keys and bootstrap scripts. Specify a reactivation key in the bootstrap script to re-register systems. For example, if your Uyuni Server has too many clients directly attached and you want to bulk move them to a Uyuni Proxy (or Retail Branch Server).

Enable SAN SSL certificates

Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. This is commonly used to generate SSL certificates that protect multiple domains with a single certificate.

These kinds of certificates are becoming popular amongst users with their own Certificate Authority, so we have implemented support.

Version 2021.02

Recent Salt CVEs remediation

The fixes affect your Uyuni Server, Proxy, Retail Branch Server and Salt minions, so we recommend appling the fixes as soon as possible.

Version 2021.01

Bugfix release

Version 2020.11

Recent Salt CVEs remediation

This release includes the fixes for CVE-2020-16846, CVE-2020-17490 and CVE-2020-25592 that we already released on November 16th for Uyuni 2020.09

You should patch all your Uyuni Server, Proxy, and Salt minions as soon as possible.

DNSSEC enabled by default by bind update

With the update of ISC bind to version 9.16.6 on openSUSE Leap 15.1 and openSUSE Leap 15.2, DNSSEC is now enabled by default, which may cause DNS resolution to fail unless there are fallback DNS servers.

The Retail Branch Server formula has been modified to disable DNSSEC, and will be updated to support DNSSEC in a future release of Uyuni. For existing Retail Branch Servers, you can disable DNSSEC to retain the same behaviour ISC bind showed until version 9.11.2. To do that, edit /etc/bind and set:

dnssec-enable no; dnssec-validation no;

Version 2020.09

New products enabled
  • SUSE Linux Enterprise Real Time 15 SP2

Version 2020.07

Upgrade notes
Warning
Check "Update from previous versions of Uyuni Proxy" below for details, as this release updates the base OS from openSUSE Leap 15.1 to openSUSE Leap 15.2, and there are special steps required.
Salt 3000.0

Salt has been upgraded to upstream version 3000, plus a number of patches, backports and enhancements by SUSE, for the Uyuni Server, Proxy and Client Tools. In particular, CVE-2020-11651 and CVE-2020-11652 fixes are included in our release.

As part of this upgrade, cryptography is now managed by the Python-M2Crypto library (which is itself based on the well-known OpenSSL library).

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the Salt upstream release notes 3000

Please note Salt 3000 is the last version of Salt which will support the old syntax of the module.run module.

Base System Upgrade

The base system was upgraded to openSUSE Leap 15.2.

The Uyuni Proxy and Retail Branch Server can now be installed on top of openSUSE Leap 15.2 JeOS edition.

Version 2020.06

Bugfix release

Version 2020.05

Bugfix release

Version 2020.04

openSUSE Leap 15.1 JeOS Supported as a Base System

The Uyuni Proxy can now be installed on top of openSUSE Leap 15.1 JeOS

Version 2020.03

New products enabled
  • SUSE Linux Enterprise Real Time 12 SP5

  • SUSE Linux Enterprise 15 SP2 family

  • MicroFocus Open Enterprise Server 2018 SP2 (product GA in Q2 2020)

Content Lifecycle Filters for AppStreams

RHEL, SLES ES, CentOS and Oracle Linux 8 appstreams can now be mixed and converted to flat repositories using a new type of CLM filter.

EFI HTTP booting

The dhcp formula, branch network formula and pxe formula have been updated to support booting EFI terminals (systems) via HTTP in addition to TFTP.

Version 2020.01

Version format change

Uyuni is now changing from X.Y version format to YYYY.MM format, and the URLs for the repositories remove the X.Y part.

This will allow easier releases, no need to change URLs at all in the future, and less confussion regarding the relationship between Uyuni and SUSE Manager (Uyuni is always ahead).

CentOS8, RHEL 8 and SLES ES 8 support

CentOS 8, Red Hat Enterprise Linux 8 and SUSE Linux Enterprise Server Expanded Support 8 are now supported clients as Salt minions. The traditional stack will not be supported on these operating systems.

With the new application streams concept introduced in these operating systems, you will need to import both the BaseOS and the AppStream directories from the ISO image for the bootstrap repository to be created correctly. If the AppStream directory is not imported, you will receive an error about missing Python 3 packages.

AppStream awareness in the UI and Content Lifecycle Management will be available in an upcoming version of Uyuni.

Monitoring

This version of Uyuni includes formulas to install Prometheus and Grafana, and makes the Apache exporter available for Ubuntu 18.04, CentOS6, CentOS7 and Proxy.

Package Hub

SUSE Package Hub is now supported on the Server, since the problems with the search that were caused by PackageHub-provided packages have been solved.

If you were using Package Hub as a source of packages for you clients, it is recommended that you re-generate all package metadata. The reason for this is in the Package Hub repositories there may exist multiple packages with the same NEVRA but different checksums. This might result in checksum errors when repositories are used on the clients as Uyuni randomly selected any of those packages. After this update, Uyuni will generate the checksum into the package path to ensure the right package is used. If you use also Uyuni Proxy please update all of them before you re-generate the metadata.

Formulas

The cpu-mitigations-formula is now installed by default.

The Retail branch network formula now works all SUSE and openSUSE based distros, using SuSEfirewall or firewalld as appropriate.

Enhanced support for Ubuntu and Debian clients
  • Support for all of the headers in .deb packages, including custom ones, when syncing Debian/Ubuntu repositories. You can use the new script mgr-update-pkg-extra-tags to update extra fields in DB without recreating all Debian/Ubuntu channels.

  • Support for .deb packages with hyphens in the package name or version. There remain a very small percentage (<0.1%) of packages for which our version comparison algorithm fails; we will fix this known issue in a coming release.

Updated documentation

The Uyuni documentation has received improvements in all of the books, with small clarifications and enhancements all around: content lifecycle management filters, public cloud, JeOS, retail images and formulas, etc

Of particular interest for users with large installations will be the new Large Scale Deployment and Salt Tuning sections in the Salt Guide. Given that modifying advanced parameters can cause catastrophic failure, we recommend making a backup and being conservative doing changes.

Additionally, the search functionality in the documentation now works offline.

New products enabled (from SCC)
  • SLES12 SP3 LTSS

  • SUSE Linux Enterprise Real Time 12 SP4

  • SLES12 SP5

  • RHEL 8 and SLES ES 8

  • CaaSP 4

  • openSUSE Leap 15.1

Version 4.0.2

Prometheus Monitoring

We now include packages for the latest version of Prometheus.

Some exporters will be pre-installed on Uyuni Proxy as part of its self-monitoring features. They will provide hardware, operating system, and HTTP Proxy metrics.

Formulas Update for Retail Branch Server

Formulas used to operate a Uyuni for Retail Branch Server were updated to support a SUSE Linux Enterprise 15 SP1 environment.

Configuration of Uyuni Retail Branch Server with Multiple Network Interfaces

During installation of Uyuni Retail Branch Server the secondary network interface, intended to be used for the terminal network, may be configured and bound to a firewall zone. This zone binding can interfere with the configuration of Retail services, and could result in you being unable to apply the highstate.

To avoid this problem, ensure that:

  • the primary network interface is either bound to 'public' zone or not bound to any zone

  • the secondary network interface either bound to 'internal' zone or is not bound to any firewall zone.

Do this by running these commands before you apply the retail formulas:

firewall-cmd --permanent --zone=public --change-interface=eth0
firewall-cmd --permanent --zone=internal --change-interface=eth1
firewall-cmd --reload

This example assumes eth0 is the primary interface and eth1 the secondary terminal interface.

Salt 2019.2.0

Salt has been upgraded to the 2019.2.0 release.

We intend to regularly upgrade Salt to more recent versions.

For more information about changes in your manually-created Salt states, see the Salt upstream release notes 2019.2.0.

Base System Upgrade

The base system was upgraded to openSUSE Leap 15.1. As a result, all code was ported to run with Python 3.

Version 4.0.1

Bugfix update

Installation

System Requirements

  • OS: openSUSE Leap 15.3 x86_64, fully updated

  • Main Memory: At least 2GB

  • Disk space: approx 50 GB per distribution or channel

See the Advanced Topics manual for more details on the system requirements.

Installing the Proxy

Installation of Uyuni Proxy is done via the Uyuni Server web interface.

See the Advanced Topics manual for step-by-step instructions for installing and configuring Uyuni Proxy.

Update from previous versions of Uyuni Proxy

See the "Installation/Upgrade Guide" for detailed instructions on how to upgrade.

  • If you are updating from 2021.05 or earlier: You will need to follow the "Upgrade > Upgrade the Proxy" > "Proxy - Major Upgrade" section.

  • If you are updating from 2021.06 or newer: You will need to follow the "Upgrade > Upgrade the Proxy" > "Proxy - Minor Upgrade" section.

Known Issues

Proxy password

Do not use the '@' character in the Uyuni Proxy password, as it is not escaped correctly.

Single Sign On, API and CLI tools

Single Sign On can be used to authenticate in the Web UI but not with the API or CLI tools. This will be fixed in a future release of Uyuni.

Providing feedback

In case of encountering a bug please report it at https://github.com/uyuni-project/uyuni/issues

Copyright © 2018 – 2021 The Uyuni Project and contributors. All rights reserved.

This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/es/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.

For SUSE trademarks, see http://www.suse.com/company/legal/. All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its affiliates. Asterisks (*) denote third-party trademarks.

All information found in this document has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its affiliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof.