Version Revision History
-
2022/11/21: 2022.11 release
-
2022/10/14: 2022.10 release
-
2022/08/10: 2022.08 release
-
2022/06/26: 2022.06 release
-
2022/05/10: 2022.05 release
-
2022/04/29: 2022.04 release
-
2022/03/31: 2022.03 release
-
2022/02/28: 2022.02 release
-
2022/01/28: 2022.01 release
-
2021/12/09: 2021.12 release
-
2021/09/23: 2021.09 release
-
2021/08/16: 2021.08 release
-
2021/06/24: 2021.06 release
-
2021/05/18: 2021.05 release
-
2021/04/21: 2021.04 release
-
2021/03/01: 2021.02 release
-
2021/02/05: 2021.01 release
-
2020/11/26: 2020.11 release
-
2020/09/22: 2020.09 release
-
2020/07/24: 2020.07 release
-
2020/06/15: 2020.06 release
-
2020/05/21: 2020.05 release
-
2020/04/16: 2020.04 release
-
2020/03/19: 2020.03 release
-
2020/01/31: 2020.01 release
-
2019/08/02: 4.0.2 release
-
2018/12/19: 4.0.1 release
-
2018/10/26: 4.0.0 release
Stay informed
You can stay up-to-date regarding information about Uyuni:
Check the home site https://www.uyuni-project.org
Support
Uyuni is a community-supported project. The ways of contacting the community are available at the home site.
Release model
Uyuni uses a rolling release model (meaning there will be no bugfixing for given Uyuni version, but new frequent versions that will include bugfixes and features).
Check the home site get in contact with the community.
Major changes since Uyuni Proxy 4.0.0
Features and changes
Version 2022.11
Bugfix release.
Version 2022.10
Bugfix release.
Version 2022.08
Proxy deployment with Helm Charts
Technology Preview: Helm chart to deploy containerized Uyuni Proxy and Retail Branch Server
Deploying Proxy and Retail Branch Servers as containers is now also possible using a Helm chart.
For more information check this README file. The information will be part of the Uyuni official documentation in a future release.
WARNING: The container images configuration has a new format and it is now packaged as tar.gz file. All previously deployed container Proxies and Retail Branch Servers will need to get their configuration regenerated and deployed again before pulling these images.
Version 2022.06
Upgrade notes
WARNING: This release updates the base OS from openSUSE Leap 15.3 to openSUSE Leap 15.4 and there are special steps required. You need at least Uyuni 2021.06 already installed to perform the upgrade, and you need to follow the (major upgrade procedure for the Proxy. More details are also available at the "Update from previous versions of Uyuni Proxy" section below.
WARNING: This release updates the Salt version for master and minions to a next major release. Make sure you update the Uyuni Server before updating the proxies, as backward compatiblity of minions against an older master is not guaranteed
WARNING: With Uyuni 2021.12, we announced the future deprecation of the Traditional client tools. Uyuni 2022.06 is the last release that supports them. Starting with Uyuni 2022.08, the traditional client tools will be deprecated as we will start removing the code at some point after the summer. Do not use the traditional stack for any new deployments of clients or proxies, and start migrating your traditional clients to Salt.
Base system upgrade
The base system has been upgraded to openSUSE Leap 15.4.
Salt 3004
Salt has been upgraded to upstream version 3004, plus a number of patches, backports and enhancements by SUSE, for the Uyuni Manager Server, Proxy, and Client Tools.
We intend to regularly upgrade Salt to more recent versions.
For more details about changes in your manually-created Salt states, see the Salt 3004 upstream release notes.
Salt Bundle 3004 will be available for all supported clients.
The non-bundle version of Salt requires Python3 instaled by default, so it will not be available for:
-
SUSE Linux Enteprise 12
-
CentOS 7
-
Oracle Linux 7
-
Red Hat Enteprise Linux 7
Version 2022.05
Bugfix release
Version 2022.04
HSTS available
HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking.
Uyuni 2022.04 allows enabling HSTS. Which means each request will need to be HTTPS while plain HTTP requests will be rejected.
To enable it for the Uyuni Proxy:
-
Edit
/etc/apache2/conf.d/spacewalk-proxy.conf
-
Uncomment the line
# Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
-
Restart Apache with
systemctl restart apache2
IMPORTANT: If you enable HSTS while using the default SSL certificate generated by Uyuni, or a self-signed certificate, some browsers will refuse to connect using HTTPS unless the CA used to sign such certificates is trusted by the browser. If you are using the SSL certificate generated by Uyuni, you can trust it at the servers by using the file located at `http://<UYUNI-PROXY-HOSTNAME>/pub/RHN-ORG-TRUSTED-SSL-CERT
Technology Preview: Containerized SUSE Manager Proxy and Retail Branch Server
Starting with Uyuni 2022.04, it will be possible to run the Uyuni proxy and Retail branch server also in containers. This could be very helpful in scenarios where adding new virtual machines is not feasible for some reason.
Additionally, the ability to run Uyuni Proxy and Retail branch servers in containers make it more flexible to run them anywhere without worrying about the underlying OS, while also making it possible to get the advantage of Kubernetes offerings like HA.
Version 2022.03
Unsupported products
-
Red Hat Enterprise Linux 6
-
SUSE Linux Enterprise Server Expanded Support 6
-
Oracle Linux 6
-
CentOS 6
-
CentOS 8
-
Ubuntu 16.04
We highly encourage you to migrate your workload to a newer version of each distribution, or to an alternative distribution that is still supported, so you can continue managing your infrastructure with Uyuni.
Please note that we will not break things on purpose for these unsupported products, and there is a possibility that they could still continue to work. But if things break, there will not be any support provided, not even on a best-effort basis, unless someone from the community can step in.
Version 2022.02
Prometheus 2.32.1
Uyuni 2022.02 updates Prometheus from version 2.27.1 to 2.32.1.
The new version contains some breaking changes that need to be addressed after the Uyuni Server is updated.
Breaking changes:
-
Uyuni Service Discovery: The configuration and the returned set of meta labels have changed. Please check the upstream documentation for more details.
-
As a consequence all users with existing monitoring setup must reapply the highstate on the monitoring server(s).
Important changes:
-
Introduced generic HTTP-based service discovery.
-
New expression editor with advanced autocompletion, inline linting, and syntax highlighting.
-
Discovering Kubernetes API servers using a kubeconfig file.
-
Faster server restart times via snapshotting.
-
Controlling scrape intervals and timeouts via relabeling.
Check the upstream changelog for more details on what has changed.
Version 2022.01
Change proxy used for clients from the WebUI
It is now possible to change the proxy used by an Uyuni client using the WebUI.
This can be done from the Connection
tab at the Details
tab for any Salt client, using the new link Change
to change the connection type.
Using System Set Manager is supported as well, and can be done from the Misc
tab, and then Proxy
tab.
NOTE: Changing the connection for a Proxy to move it, is not supported at this moment. The Connectiontab will not show the Change
link for proxies.
Version 2021.12
Salt as a Bundle
Salt Bundle is a single package called venv-salt-minion
containing the Salt Minion, Python and all Python modules. It is exactly the same version and codebase for the current salt-minion
RPM package.
The Salt Bundle can be used on systems that already run another Salt Minion, that do not meet Salt’s requirements or already provide a newer salt version that is used instead of the version provided by Uyuni.
Starting with Uyuni 2021.12, Uyuni is able to bootstrap systems with Salt Bundle for all the supported operating systems.
On bootstrapping new proxies the Salt Bundle package will be used instead of salt-minion, if the package venv-salt-minion
is present in the bootstrap repo.
Proxies already registered will not be changed, but can be switched to Salt Bundle with applying the state util.mgr_switch_to_venv_minion
to them.
Monitoring
Prometheus Blackbox exporter
Uyuni 2021.12 comes with the Blackbox exporter, which allows blackbox probing of endpoints over HTTP, HTTPS, DNS, TCP, and ICMP. It needs to be installed next to the Prometheus server and not on the clients. Prometheus formula has been extended to configure the Blackbox exporter.
The package prometheus-blackbox_exporter has been added as recommended for the Proxy.
Formulas
One of the limitations of the current formulas is that they are listed against every client, even if the supported packages are not available for that OS version or service pack.
While we are continuously focused on improving the formulas, for now, starting with the monitoring formulas it will be mentioned in documentation if applying those formulas would actually work in the case of a particular client.
In 2021.09, we made the Prometheus package available for Uyuni Proxy and Retail Branch Server but that is not the case with Grafana.
-
Prometheus is available for the client tools for SLE 12, SLE 15, and openSUSE 15 Uyuni Proxies or Retail Branch Servers
-
Grafana is available for the client tools for SLE 12, SLE 15, openSUSE15
New product enabled
-
SUSE Linux Enterprise Server 15 SP2 LTSS
CentOS 8 End of Life
CentOS 8 will be End of Life on December 31st, 2021. Uyuni support for this product will end as well.
Please refer to support section for more information.
Future deprecation of the traditional stack
With Uyuni 2021.12, we announced the future deprecation of the Traditional client tools.
Uyuni 2022.06 is the last release that supportes them.
Starting with Uyuni 2022.08, the traditional client tools will be deprecated as we will start removing the code to support them at some point after the summer.
Do not use traditional for any new deployments of clients or proxies, and start migrating your traditional clients to Salt.
Version 2021.09
Prometheus available for Uyuni Proxy and Retail Branch Server
From this version, the Prometheus package will also be available for Uyuni Proxy and Retail Branch Server.
In case you plan to use the branch server or proxy as a monitoring server with Prometheus, be aware that Prometheus demands additional hardware resources.
Ansible available for Uyuni Proxy and Retail Branch Server
The Ansible package will also be available for Uyuni Proxy and Retail Branch Server, which makes it possible to use Uyuni Proxy and Retail Branch Server as Ansible control Node
.
When making Uyuni Proxy or Retail Branch Server an Ansible control Node
, the extra load can affect the performance of this critical component. Bad performance of the Branch Server can further affect attached clients.
Version 2021.08
Bugfix release
Version 2021.06
Upgrade notes
WARNING: This release updates the base OS from openSUSE Leap 15.2 to openSUSE Leap 15.3 and there are special steps required. You need at least Uyuni 2020.07 already installed to perform the upgrade, and you need to follow the (major upgrade procedure for the Proxy. More details are also available at the "Update from previous versions of Uyuni Proxy" section below.
Salt 3002
Salt has been upgraded to upstream version 3002, plus a number of patches, backports and enhancements by SUSE, for the Uyuni Server, Proxy and Client Tools (where the client operating system supports Python 3.5+; otherwise Salt 3000 or 2016.11 are used).
We intend to regularly upgrade Salt to more recent versions.
For more details about changes in your manually-created Salt states, see the Salt 3002 upstream release notes and Salt 3001 upstream release notes.
Base System Upgrade
The base system was upgraded to openSUSE Leap 15.3.
The Uyuni Proxy and Retail Branch Server can now be installed on top of openSUSE Leap 15.3 JeOS edition.
Version 2021.05
Bugfix release
Version 2021.04
New products enabled
-
Amazon Linux 2
-
Alibaba Linux 2
-
AlmaLinux 8
-
MicroFocus Open Enterprise Server 2018 SP3
-
openSUSE Leap 15.3 (Beta)
Reactivation keys in bootstrap scripts
Bootstrap scripts can include an activation key to directly assign software channels, configuration channels, entitlements, etc to a system while registering.
Reactivation keys can be used to re-register a previously registered client and regain all Uyuni settings. For example, to move clients registered to the Uyuni Server to being registered through an Uyuni Proxy (or Retail Branch Server), when reinstalling, and in some other cases.
Uyuni now supports the combination of reactivation keys and bootstrap scripts. Specify a reactivation key in the bootstrap script to re-register systems. For example, if your Uyuni Server has too many clients directly attached and you want to bulk move them to a Uyuni Proxy (or Retail Branch Server).
Enable SAN SSL certificates
Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. This is commonly used to generate SSL certificates that protect multiple domains with a single certificate.
These kinds of certificates are becoming popular amongst users with their own Certificate Authority, so we have implemented support.
Version 2021.02
Recent Salt CVEs remediation
This release includes the fixes for CVE-2020-28243, CVE-2020-28972, CVE-2021-3148, CVE-2021-25281, CVE-2021-25282, CVE-2021-25283, CVE-2021-3144, CVE-2021-25284, CVE-2021-3197 and CVE-2020-35662
The fixes affect your Uyuni Server, Proxy, Retail Branch Server and Salt minions, so we recommend appling the fixes as soon as possible.
Version 2021.01
Bugfix release
Version 2020.11
Recent Salt CVEs remediation
This release includes the fixes for CVE-2020-16846, CVE-2020-17490 and CVE-2020-25592 that we already released on November 16th for Uyuni 2020.09
You should patch all your Uyuni Server, Proxy, and Salt minions as soon as possible.
DNSSEC enabled by default by bind update
With the update of ISC bind to version 9.16.6 on openSUSE Leap 15.1 and openSUSE Leap 15.2, DNSSEC is now enabled by default, which may cause DNS resolution to fail unless there are fallback DNS servers.
The Retail Branch Server formula has been modified to disable DNSSEC, and will be updated to support DNSSEC in a future release of Uyuni. For existing Retail Branch Servers, you can disable DNSSEC to retain the same behaviour ISC bind showed until version 9.11.2. To do that, edit /etc/bind
and set:
dnssec-enable no; dnssec-validation no;
Version 2020.09
New products enabled
-
SUSE Linux Enterprise Real Time 15 SP2
Version 2020.07
Upgrade notes
Check "Update from previous versions of Uyuni Proxy" below for details, as this release updates the base OS from openSUSE Leap 15.1 to openSUSE Leap 15.2, and there are special steps required. |
Salt 3000.0
Salt has been upgraded to upstream version 3000, plus a number of patches, backports and enhancements by SUSE, for the Uyuni Server, Proxy and Client Tools. In particular, CVE-2020-11651 and CVE-2020-11652 fixes are included in our release.
As part of this upgrade, cryptography is now managed by the Python-M2Crypto library (which is itself based on the well-known OpenSSL library).
We intend to regularly upgrade Salt to more recent versions.
For more details about changes in your manually-created Salt states, see the Salt upstream release notes 3000
Please note Salt 3000 is the last version of Salt which will support the old syntax of the module.run
module.
Base System Upgrade
The base system was upgraded to openSUSE Leap 15.2.
The Uyuni Proxy and Retail Branch Server can now be installed on top of openSUSE Leap 15.2 JeOS edition.
Version 2020.06
Bugfix release
Version 2020.05
Bugfix release
Version 2020.04
openSUSE Leap 15.1 JeOS Supported as a Base System
The Uyuni Proxy can now be installed on top of openSUSE Leap 15.1 JeOS
Version 2020.03
New products enabled
-
SUSE Linux Enterprise Real Time 12 SP5
-
SUSE Linux Enterprise 15 SP2 family
-
MicroFocus Open Enterprise Server 2018 SP2 (product GA in Q2 2020)
Content Lifecycle Filters for AppStreams
RHEL, SLES ES, CentOS and Oracle Linux 8 appstreams can now be mixed and converted to flat repositories using a new type of CLM filter.
EFI HTTP booting
The dhcp formula, branch network formula and pxe formula have been updated to support booting EFI terminals (systems) via HTTP in addition to TFTP.
Version 2020.01
Version format change
Uyuni is now changing from X.Y version format to YYYY.MM format, and the URLs for the repositories remove the X.Y part.
This will allow easier releases, no need to change URLs at all in the future, and less confussion regarding the relationship between Uyuni and SUSE Manager (Uyuni is always ahead).
CentOS8, RHEL 8 and SLES ES 8 support
CentOS 8, Red Hat Enterprise Linux 8 and SUSE Linux Enterprise Server Expanded Support 8 are now supported clients as Salt minions. The traditional stack will not be supported on these operating systems.
With the new application streams concept introduced in these operating systems, you will need to import both the BaseOS and the AppStream directories from the ISO image for the bootstrap repository to be created correctly. If the AppStream directory is not imported, you will receive an error about missing Python 3 packages.
AppStream awareness in the UI and Content Lifecycle Management will be available in an upcoming version of Uyuni.
Monitoring
This version of Uyuni includes formulas to install Prometheus and Grafana, and makes the Apache exporter available for Ubuntu 18.04, CentOS6, CentOS7 and Proxy.
Package Hub
SUSE Package Hub is now supported on the Server, since the problems with the search that were caused by PackageHub-provided packages have been solved.
If you were using Package Hub as a source of packages for you clients, it is recommended that you re-generate all package metadata. The reason for this is in the Package Hub repositories there may exist multiple packages with the same NEVRA but different checksums. This might result in checksum errors when repositories are used on the clients as Uyuni randomly selected any of those packages. After this update, Uyuni will generate the checksum into the package path to ensure the right package is used. If you use also Uyuni Proxy please update all of them before you re-generate the metadata.
Formulas
The cpu-mitigations-formula is now installed by default.
The Retail branch network formula now works all SUSE and openSUSE based distros, using SuSEfirewall or firewalld as appropriate.
Enhanced support for Ubuntu and Debian clients
-
Support for all of the headers in .deb packages, including custom ones, when syncing Debian/Ubuntu repositories. You can use the new script
mgr-update-pkg-extra-tags
to update extra fields in DB without recreating all Debian/Ubuntu channels. -
Support for .deb packages with hyphens in the package name or version. There remain a very small percentage (<0.1%) of packages for which our version comparison algorithm fails; we will fix this known issue in a coming release.
Updated documentation
The Uyuni documentation has received improvements in all of the books, with small clarifications and enhancements all around: content lifecycle management filters, public cloud, JeOS, retail images and formulas, etc
Of particular interest for users with large installations will be the new Large Scale Deployment and Salt Tuning sections in the Salt Guide. Given that modifying advanced parameters can cause catastrophic failure, we recommend making a backup and being conservative doing changes.
Additionally, the search functionality in the documentation now works offline.
New products enabled (from SCC)
-
SLES12 SP3 LTSS
-
SUSE Linux Enterprise Real Time 12 SP4
-
SLES12 SP5
-
RHEL 8 and SLES ES 8
-
CaaSP 4
-
openSUSE Leap 15.1
Version 4.0.2
Prometheus Monitoring
We now include packages for the latest version of Prometheus.
Some exporters will be pre-installed on Uyuni Proxy as part of its self-monitoring features. They will provide hardware, operating system, and HTTP Proxy metrics.
Formulas Update for Retail Branch Server
Formulas used to operate a Uyuni for Retail Branch Server were updated to support a SUSE Linux Enterprise 15 SP1 environment.
Configuration of Uyuni Retail Branch Server with Multiple Network Interfaces
During installation of Uyuni Retail Branch Server the secondary network interface, intended to be used for the terminal network, may be configured and bound to a firewall zone. This zone binding can interfere with the configuration of Retail services, and could result in you being unable to apply the highstate.
To avoid this problem, ensure that:
-
the primary network interface is either bound to 'public' zone or not bound to any zone
-
the secondary network interface either bound to 'internal' zone or is not bound to any firewall zone.
Do this by running these commands before you apply the retail formulas:
firewall-cmd --permanent --zone=public --change-interface=eth0
firewall-cmd --permanent --zone=internal --change-interface=eth1
firewall-cmd --reload
This example assumes eth0 is the primary interface and eth1 the secondary terminal interface.
Salt 2019.2.0
Salt has been upgraded to the 2019.2.0 release.
We intend to regularly upgrade Salt to more recent versions.
For more information about changes in your manually-created Salt states, see the Salt upstream release notes 2019.2.0.
Base System Upgrade
The base system was upgraded to openSUSE Leap 15.1. As a result, all code was ported to run with Python 3.
Version 4.0.1
Bugfix update
Installation
System Requirements
-
OS: openSUSE Leap 15.4 x86_64, fully updated
-
Main Memory: At least 2GB
-
Disk space: approx 50 GB per distribution or channel
See the documentation for more details on the system requirements.
Installing the Proxy
Installation of Uyuni Proxy is done via the Uyuni Server web interface.
See the Installation/Upgrade guide for step-by-step instructions on how to install and configure the Uyuni Proxy.
The repository for the Proxy is https://download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable/images/repo/Uyuni-Proxy-POOL-x86_64-Media1/
Update from previous versions of Uyuni Proxy
When updating, always start with the server first and then continue with the proxies.
See the Installation/Upgrade guide for detailed instructions on how to upgrade.
-
If you are upgrading from 2022.05 or earlier (at least 2021.06): You will need to follow the "Installation/Upgrade Guide > Upgrade > Upgrade the Proxy" > "Proxy - Major Upgrade" section.
-
If you are updating from 2022.06 or newer: You will need to follow the "Installation/Upgrade Guide > Upgrade > Upgrade the Proxy" > "Proxy - Minor Upgrade" section.
-
Migrating from versions older than 2022.06 is possible only with a proxy replacement, as described at the documentation.
Known Issues
Proxy password
Do not use the '@' character in the Uyuni Proxy password, as it is not escaped correctly.
Single Sign On, API and CLI tools
Single Sign On can be used to authenticate in the Web UI but not with the API or CLI tools. This will be fixed in a future release of Uyuni.
Providing feedback
In case of encountering a bug please report it at https://github.com/uyuni-project/uyuni/issues
Legal Notices
Copyright © 2018 – 2022 The Uyuni Project and contributors. All rights reserved.
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/es/ or send a letter to Creative Commons, PO Box 1866, Mountain View, CA 94042, USA.
For SUSE trademarks, see http://www.suse.com/company/legal/. All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its affiliates. Asterisks (*) denote third-party trademarks.
All information found in this document has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its affiliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof.