Release notes for Uyuni Server

Version 2024.07
2024-07-19 13:13:38 +0200
Table of Contents

* Version Revision History
* Stay informed
* Support
* Release model
* Major changes since Uyuni Server 2021.06
+ Important Note
+ Features and changes
o Version 2024.07
# Salt 3006.0
# PostgreSQL 16
# New products enabled
# Changed behaviour of repo-sync
# Confidential Computing Attestation: UI
# Removed features
# Deprecated features
o Version 2024.05
# Uyuni Documentation API changes
# Removal of deprecated functionalities
# Localized uyuni-tools
# Native support for AppStream repositories
# Automatic migration from Salt 3000 to the Salt Bundle
# New update-salt recurring state
# Confidential Computing Attestation: Secure Boot module
# Monitoring: Grafana upgraded to 9.5.18
o Version 2024.03
# Confidential Computing Attestation: AMD Secure Nested Paging
guests support
# Enhanced CVE Audit
# Upgrade to Java 17 for the containerized Server
# Monitoring: Node exporter upgraded to 1.7.0
# Ansible
o Version 2024.02
# Security fixes
# Rotation of SSH keys in Uyuni used for Salt SSH
# Executing Remote commands
# Technology Preview: Uyuni server container image for aarch64
(ARM64)
# Technology Preview: Uyuni tools to help using Uyuni as
containers - add start, stop and restart commands to mgradm
# Disabling Automatic Reboot following Bootstrap
o Version 2024.01
# openEuler 22.03
# Reboot required indication for non-SUSE distributions
# Add one-shot action execution to recurring custom state create/
edit
# Executing Remote commands
# Add livenessProbe and readinessProbe to the server container
Helm chart
# Debian 10 End of Life
o Version 2023.12
# New products enabled
# CLM filter by package build date
# CVE fixes
o Version 2023.10
# Salt CVEs
# New products enabled
# Technology Preview: Uyuni server image
# Technology Preview: Uyuni tools to help using Uyuni as
containers
# Include in API response reboot_suggested and restart_suggested
booleans
# Add a config to specify the number of minutes to wait before
performing a system reboot
# Respect user e-mail preferences when sending 'user creation'
e-mails
# Monitoring: Grafana upgraded to 9.5.8
# Update 'saltkey' endpoints to accept GET instead of POST
requests.
o Version 2023.09
# Upgrade notes
# Base operating system upgrade
# New products enabled
# Salt 3006.0
# Important Salt Minion update
# The salt-minion is no longer disabled for Salt SSH managed
clients
# Ubuntu 18.04 End of Life
# Minimal requirement for memory
# Automated RHUI credential update
# Monitoring
# Ansible integration
# Installing PTFs from Uyuni
# Recurrent Custom States
# 'system-profile-refresh' Taskomatic job
# Show a notification when an update for Uyuni is available
o Version 2023.04
# Monitoring
# All tomcat logs are now rotated with logrotate
# Security enhancements to API logging
o Version 2023.03
# openSUSE Leap Micro 5.3 support as client
# New products enabled
# Monitoring: Grafana update to 8.5.15
# Syncing optional channels from from the WebUI
# Subscription warning notifications will now happen weekly
# Salt 3000 End of Life
# Debian 9 End of Life
# 'spacewalk-clone-by-date' has been deprecated
o Version 2023.01
# Release notes cleanup
# SUSE Linux Enterprise Micro support as client
# Content Lifecycle Management: Disabling modularity for
AppStream repositories
o Version 2022.12
# Indications for systems requiring reboot or with a scheduled
reboot
# Notification messages via e-mail
# Monitoring: Grafana update to 8.5.15
# Subscription warning notifications
# Limit changelogs at repositories metadata to the last 20
entries
# Drop legacy way to prevent disabling local repositories at
bootstrap scripts
o Version 2022.11
# System list refactor
# Instructions to disable custom channel automatic
synchronization
# Allow more tools for network management for the Uyuni Server
# Monitoring: Grafana update to 8.5.13
# Monitoring: Fix TLS configuration and enable client certificate
authentication for Blackbox exporter
# Traditional stack being removed
o Version 2022.10
# Update notes
# RHEL/Oracle Linux/AlmaLinux/Rocky Linux 9 as clients
# Monitoring for Ubuntu 22.04
# pip support for the Salt Bundle
# Apache exporter updated to version 0.11.0 for SUSE Linux
Enterprise and openSUSE
# Cobbler updated to version 3.3.3
o Version 2022.08
# Ubuntu 22.04 as client
# GPG key handling in Uyuni
# Disabling locally defined repositories
# Technology Preview: Helm chart to deploy containerized Uyuni
Proxy and Retail Branch Server
o Version 2022.06
# Upgrade notes
# Base operating system upgrade
# PostgreSQL 14
# Salt 3004
# New products enabled
o Version 2022.05
# Reporting Database documentation
# spacewalk-report now uses data from the reporting database
# Adding systems with failed actions to System Set Manager
# Technology Preview: JSON over HTTP API
o Version 2022.04
# Salt SSH now uses the Salt Bundle
# Technology Preview: Containerized Uyuni Proxy and Retail Branch
Server
# Reporting Database improvements
# Improved image management
# HSTS available
o Version 2022.03
# Fixes for Salt security issues
# Salt Upgrade
# New XML-RPC API version 26
# smdba: changed defaults for newer PostgreSQL versions
# Monitoring: Grafana 8.3.5
# Unsupported products
o Version 2022.02
# PostgreSQL default password encryption mechanism change
# Reporting Database
# Ubuntu errata installation
# Monitoring
# SUSE Linux Enterprise Server PAYG client support on cloud
# openscap for Debian 11 (Tech Preview)
o Version 2022.01
# Debian 11 as client
# Link to vendor security advisory in Patch details page
# Add support for custom SSH port for SSH minions
# Change proxy used for clients from the WebUI
o Version 2021.12
# Salt as a Bundle
# aarch64 support for openSUSE Leap 15.3, CentOS 7/8, clones and
related systems
# System reactivation
# Low Diskspace notification
# Package Locking for Salt Minions
# Monitoring
# Content Lifecycle Management improvement
# New XMLRPC API methods for SaltKey
# New product enabled
# CVE-2021-40348 remediation
# CentOS 8 End of Life
# Future deprecation of the traditional stack
* Known issues
+ Node Exporter port 9100 conflicts with Traefik
+ Transactional systems - Salt SSH execution
+ Onboarding issues in SUSE Linux Enterprise Micro and openSUSE Leap
Micro 5.5
+ Database restart
+ Automated RHUI credential update
+ AlmaLinux
+ Bootstrap with web UI using non-root user
+ CLM and custom repositories
+ Container build host and Salt bundle
+ Single Sign On, API and CLI tools
+ EPEL and Salt packages
+ Pay-as-you-go Connection requirement
+ RHEL native clients
+ Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to Uyuni as
Salt minions
+ Ubuntu/Debian: duplicate entries in sources.list
* Client Tools Notes
+ Supported clients
+ Untested clients
* Installation
+ Requirements
+ Installing the Server
+ Update from previous versions of Uyuni Server
+ Update from previous versions of Uyuni Proxy
* Other information
+ Red Hat Channels
+ SUSE Channels
* Providing feedback
* Legal Notices

Version Revision History

* 2024/07/19: 2024.07 release

* 2024/05/15: 2024.05 release

* 2024/04/16: 2024.03 release

* 2024/02/19: 2024.02 release

* 2024/01/31: 2024.01 release

* 2023/12/21: 2023.12 release

* 2023/11/14: 2023.10 release

* 2023/09/29: 2023.09 release

* 2023/04/21: 2023.04 release

* 2023/03/02: 2023.03 release

* 2023/01/30: 2023.01 release

* 2022/12/20: 2022.12 release

* 2022/11/21: 2022.11 release

* 2022/10/14: 2022.10 release

* 2022/08/10: 2022.08 release

* 2022/06/26: 2022.06 release

* 2022/05/10: 2022.05 release

* 2022/04/29: 2022.04 release

* 2022/03/31: 2022.03 release

* 2022/02/28: 2022.02 release

* 2022/01/28: 2022.01 release

* 2021/12/09: 2021.12 release

* Older versions up to 4.0.0

Stay informed

You can stay up-to-date regarding information about Uyuni:

Check the home site https://www.uyuni-project.org

Support

Uyuni is a community-supported project. The ways of contacting the community
are available at the home site.

Release model

Uyuni uses a rolling release model (meaning there will be no bugfixing for
given Uyuni version, but new frequent versions that will include bugfixes and
features)

Check the home site get in contact with the community.

Major changes since Uyuni Server 2021.06

Important Note

In Uyuni 2023.10 we introduced a containerized version of the Server, which was
marked as Technical Preview. With the 2024.05 release, we can now happily
announce that we are moving this feature out of Technology Preview umbrella. In
addition, we recommend to migrate your instances to use this version from now
on. Moreover, version 2024.09 will only be released as container images and the
(classic) RPM version will not be available any more. The original idea was to
drop the RPM version with 2024.07, but having heard the feedback from the
Community, we decided to maintain this version a bit longer. All in all, we
highly recommend that any new installation should only go for the containerized
version.

Together with the Uyuni Server, we are also moving the uyuni-tools out of
Technical Preview (since version 2024.05). As previously announced, the
collection of utilities called uyuni-tools, is meant to provide utilities for
managing the containerized version of Uyuni.

We provided some additional info about the uyuni-tools in the past Uyuni
releases too:

* New commands

* Rename of tools in uyuni-tools

* First announcement

In order to perform a migration from the RPM legacy version to the
containerized version of Uyuni, please refer to Migrating the Uyuni server to a
containerized environment workflow in the official documentation.

Features and changes

Version 2024.07

Salt 3006.0

Uyuni 2024.07 continues to use Salt 3006.0. It is considered by upstream to be
a long-term support (LTS) version. Our plan is to upgrade to the next LTS
version, which will be 3008.0 when available. Short-term support (STS) versions
of Salt are not supported for use with Uyuni.

Throughout this process, all critical bug fixes, including CVEs, L3 fixes, and
essential features needed for Uyuni, will be provided.

The Python version for the Salt bundle has been upgraded from 3.10 to 3.11.
This upgrade aligns with the Python version available in SLE and openSUSE
Leap, and also offers better performance.

PostgreSQL 16

The database engine has been updated from PostgreSQL 14 to PostgreSQL 16
(actually , which brings a number of performance and reliability improvements.
A detailed changelog is available upstream.

Please notice that this comment ONLY refers to the containerized version of
Uyuni (and actually the change has been in place since version 2024.03). The
legacy RPM-based version continues to use PostgreSQL 14.

New products enabled

Uyuni 2024.07 supports an even wider range of operating systems as clients. The
following additional OS releases will be supported in Uyuni 2024.07.

* SUSE Linux Enterprise Server 15 SP6 Family

* SUSE Linux Micro 6.0

* openSUSE Leap 15.6

For more information about the registration process, refer Registration section
, and for more information about supported features, consult Supported Features
.

Changed behaviour of repo-sync

Repositories are now kept strictly in sync with the upstream repository. For
example, when a package is removed from the upstream repo, it is also removed
from the channel directly connected to that repo. Cloned channels will remain
unchanged unless the admin syncs them with the original parent channel.

Users can disable this behavior for custom channels; however, it cannot be
changed for vendor channels.

Confidential Computing Attestation: UI

In the last milestone, we introduced capabilities in Uyuni to support
Confidential Computing Attestation via API components for attesting AMD SEV-SNP
clients.

With the completion of this milestone, a user-friendly UI has been incorporated
to simplify the utilization of this feature for users.

For more information, please refer to the Confidential Computing

Removed features

Bare metal discovery/provisioning

This feature was implemented using the traditional stack and will be dropped
with Uyuni 2024.07.

Deprecated features

Virtualization

Starting from the Uyuni 2024.07 release, the libvirt management feature will be
deprecated and subsequently removed in future versions. If you still rely on VM
management functionalities, we highly recommend considering alternatives like
Harvester.

ISSv1

Starting from the Uyuni 2024.07 release, ISSv1 will be deprecated and
eventually removed in future versions. We strongly advise transitioning to
ISSv2 or newer synchronization solutions. If you encounter any gaps or issues
during this transition, please contact us.

Version 2024.05

Uyuni Documentation API changes

Due to the changes introduced in this version, the Uyuni Documentation API has
been upgraded from version 26 to 27.

For further details about the API, please refer to the Uyuni API Documentation.

Remove of deprecated recurringaction API namespace

The deprecated recurringaction API namespace has been removed. To work with
recurring actions, please check out the newer recurring namespace.

System getRelevantErrata API method

The system API endpoint has a new getRelevantErrata method. This method accepts
a list of servers and returns all errata relevant to those systems.

Removal of deprecated functionalities

In Uyuni 2024.05 we are continuing the process of cleaning our WebUI and CLI
from unused or deprecated features. For more details, please refer to the next
subsections.

Removal of visualization pages

The visualization pages within our WebUI are complex and resource-intensive,
yet they are not extensively used by our users. These pages demonstrate
suboptimal behavior, especially when dealing with a significant number of
clients and proxies.

Moreover, they present challenges during the upgrade of associated frameworks,
resulting in more complications than benefits. Therefore, these pages have been
removed.

Removal of traditional stack: spacewalk-backend and mgr-push changes

Uyuni 2022.11 already removed support for traditional stack. Going forward in
this direction, the following packages were dropped with this release:
spacewalk-backend-config-files-common, spacewalk-backend-config-files and
spacewalk-backend-config-files-tool

Moreover, some code from the package mgr-push regarding the traditional stack
was removed as well.

Localized uyuni-tools

The uyuni-tools utilities can be now localized. Further improvements are
expected in the upcoming versions, but translations can already be provided in
a standarized way, and we welcome contributions from the community.

If you want to contribute translating Uyuni in your language, feel free to
refer also to our wiki page.

For translating Uyuni, we are using this Weblate instance https://
l10n.opensuse.org/projects/uyuni/

Native support for AppStream repositories

Following the integration of modularity and modular repositories in Red Hat
Enterprise Linux and its derivatives, Uyuni initially implemented modularity
through Content Lifecycle Management (CLM) and the introduction of AppStream
filters. These filters effectively removed the modularity features from a
repository by flattening it, enabling consumption through the Uyuni UI.
However, this approach introduced complexity and limited functionality,
prompting the need for a more comprehensive solution.

In the 2024.05 release, we have eliminated the restriction on flattening the
AppStream repositories. This enhancement allows users to manage their clients,
both from Uyuni and directly from the client using DNF if necessary.

Additionally, a new UI page has been introduced under System > Software >
AppStreams. This page enables users to select the modules and their respective
streams they wish to enable/disable on the client.

Uyuni 2024.05 also introduces two new API namespaces: channel.appstreams and
system.appstreams. These namespaces provide different endpoints that can be
used to retrieve more information about available module streams and enable or
disable them on a specific system using API.

For further details about these endpoints, please refer to the Uyuni API
Documentation.

Automatic migration from Salt 3000 to the Salt Bundle

As of August 31, 2021, upstream Salt 3000 has reached its end of life.
Consequently, Uyuni will cease support for Salt 3000. To continue receiving
security updates and support, users must migrate their current Salt 3000
Minions to the Salt Bundle. To date, the migration process can be accomplished
by utilizing the pre-existing util.mgr_switch_to_venv_minion state from the
command-line interface (CLI).

Since Uyuni 2023.09, we have implemented enhancements to make the migration
process even smoother for users. Now, the migration will be automatically
performed during the first highstate applied, streamlining the overall
experience.

Note: We have had this automatic migration feature in place since version
2023.09, but unfortunately, it wasn't documented in the release notes.

New update-salt recurring state

In Uyuni 2024.05, we are introducing a new state to update Salt in recurring
states. Additionally, we enhance the detection of needed reboots and the
update-to-date state.

These improvements have led to the update of a common workflow for keeping the
system up to date with Uyuni.

For more information, please refer to Clients Update Using Recurring Actions
workflow in the official documentation.

Confidential Computing Attestation: Secure Boot module

Following the release of the Confidential Computing Attestation with Uyuni
2024.03, this release enhances the new feature with the inclusion of a new
Secure Boot module.

Monitoring: Grafana upgraded to 9.5.18

Grafana has been updated from version 9.5.16 to 9.5.18, signifying a minor
update that addresses several bugs.

This update also fixes the following security vulnerability:

* CVE-2024-1313 - bsc#1222155

For detailed information about the fixes and features, you can refer to the
following links:

* Grafana Release v9.5.17

* Grafana Release v9.5.18

Version 2024.03

Confidential Computing Attestation: AMD Secure Nested Paging guests support

Confidential computing is becoming increasingly crucial in our industry. While
there is significant ongoing work in the industry on this topic, Uyuni will
play a role in aiding confidential computing attestation. We will adopt a
phased approach, starting with a small-scale implementation and gradually
expanding. Initially, our offering will be exclusively on AMD-based hardware,
aligning with available tools.

Specifically, we've incorporated the API components for attesting AMD Secure
Encrypted Virtualization - Secure Nested Paging (SEV-SNP). This functionality
is compatible with hardware featuring either an AMD EPYC Milan CPU or an AMD
EPYC Genoa CPU and it's available only on x86_64 architecture.

Enhanced CVE Audit

Uyuni's CVE audit feature scans systems and images for known security
vulnerabilities (CVEs), providing administrators with visibility and enabling
prioritization and mitigation based on severity. Previously, it relied on
channel metadata to determine system vulnerability, leading to limitations in
distinguishing between unaffected systems and those lacking needed patches.

To expand this, we are enhancing the approach by integrating OVAL data provided
by the upstream. This helps us avoid false positives and allows for system
scanning without the need to synchronize channels. Channel information will
continue to be for patch application and remediation.

Upgrade to Java 17 for the containerized Server

In Uyuni 2024.03, we're upgrading to the next LTS version of Java, which is
Java 17. This update brings several new features, security enhancements,
including support for new TLS versions and improved certificate validation.

Please notice that this change only applies to the containerized version of
Uyuni. The rpm-based version is still running Java 11.

For more information on this topic, see https://www.oracle.com/java/
technologies/javase/17-relnote-issues.html

Monitoring: Node exporter upgraded to 1.7.0

With Uyuni 2024.03, golang-github-prometheus-node_exporter has been updated
from version 1.5.0 to 1.7.0

The update includes also several bugfixes and features but no breaking changes.

Please note that supervisord and ntp collectors have been deprecated in version
1.6.0 and they will be removed in future versions.

Check the upstream changelogs for more details:

* https://github.com/prometheus/node_exporter/releases/tag/v1.7.0

* https://github.com/prometheus/node_exporter/releases/tag/v1.6.1

* https://github.com/prometheus/node_exporter/releases/tag/v1.6.0

Ansible

This release of Uyuni fixes the following vulnerabilities for Ansible:

* CVE-2023-5764: Address issues where internal templating can cause unsafe
variables to lose their unsafe designation (bsc#1216854)

* CVE-2024-0690: Address issue where ANSIBLE_NO_LOG was ignored (bsc#1219002)

Please note that this update introduces the following breaking change: Assert -
Nested templating may result in an inability for the conditional to be
evaluated.

See the porting guide for more information.

Version 2024.02

Security fixes

Following CVEs have been fixed with this release:

* CVE-2023-31582: Insecure Password-Based Encryption Iteration Count (bsc#
1216609)

* CVE-2023-32189: Handling SSH key in SUSE Manager when bootstrapping new
clients (bsc#1170848)

* CVE-2024-22231: Directory traversal when creating syndic cache directory (
bsc#1219430)

* CVE-2024-22232: Directory traversal attacks in the master's serve_file
method (bsc#1219431)

Rotation of SSH keys in Uyuni used for Salt SSH

For clients that were set up using a SSH key, their key is temporarily kept in
the /srv/susemanager/salt/salt_ssh/ directory. In this directory, there is also
some more sensitive information. As /srv/susemanager/salt/ is part of the Salt
file system, there is a risk that any Minion could potentially access this
sensitive data, which they should not be able to do. What we are doing with
this release, is moving this sensitive information away from this directory so
that no Minion can request this data. This provides the fix for CVE-2023-32189.

To eliminate the possibility of any Minion accessing an unintended key, we
strongly advise users to rotate the keys and carry out the following steps.

Step 1. Become user salt

$> su -s /bin/bash - salt

Step 2. Create a new SSH key

$> ssh-keygen -N "" -t rsa -q -f /var/lib/salt/.ssh/new_mgr_ssh_id

Step 3. Copy the public key into the Salt file system to make it usable in a
Salt state

$> cp /var/lib/salt/.ssh/new_mgr_ssh_id.pub /srv/susemanager/salt/salt_ssh/

Step 4. Become root again

$> exit

Step 5. Rollout the new key to all systems that need it. We have a state which
does it and limits changes to Salt SSH managed systems and proxies.

$> salt '*' state.apply util.mgr_rotate_saltssh_key
$> mgr-salt-ssh '*' state.apply util.mgr_rotate_saltssh_key

For successful execution of this task, ensure all salt-ssh managed systems are
running and reachable. Failure to do so results in the new key not being added
to offline clients, leading to their disconnection from management.

Step 6. Move the old key away and make the new key the default one. Rename
mgr_ssh_id key to disabled_mgr_ssh_id and new_mgr_ssh_id key to mgr_ssh_id in
the SSH keystore of user salt as well as in the Salt filesystem for the public
keys.

$> su -s /bin/bash - salt
$> cd .ssh
$> mv mgr_ssh_id disabled_mgr_ssh_id
$> mv mgr_ssh_id.pub disabled_mgr_ssh_id.pub
$> mv new_mgr_ssh_id mgr_ssh_id
$> mv new_mgr_ssh_id.pub mgr_ssh_id.pub
$> cd /srv/susemanager/salt/salt_ssh/
$> mv mgr_ssh_id.pub disabled_mgr_ssh_id.pub
$> mv new_mgr_ssh_id.pub mgr_ssh_id.pub

When containerized proxies exists, re-create the configurations to get the new
SSH key into the proxy configuration. Restart the containers with the new
configuration. It is also possible to change the existing configuration on the
podman host (ssh.yaml). Change the value of server_ssh_key_pub with the
content of the current mgr_ssh_id.pub key.

Step 7. To remove the disabled keys from the authorized_keys files of the Salt
SSH managed systems and the proxies, apply the state a second time

$> salt '*' state.apply util.mgr_rotate_saltssh_key
$> mgr-salt-ssh '*' state.apply util.mgr_rotate_saltssh_key

Executing Remote commands

While Uyuni facilitates most system operations, there are instances where users
may need to execute arbitrary remote commands. Although executing remote
commands from Uyuni is a powerful feature, it comes with inherent risks. If
used without proper understanding, it can potentially lead to undwanted system
states. Remember, with great power comes great responsibility.

In this Uyuni release, a new configuration,
java.disable_remote_commands_from_ui=false, has been introduced. Users can
modify it by adding this property to rhn.conf with the desired value. This
empowers users to disable the feature for all users if deemed unnecessary or if
it poses a risk. It's important to note that this feature is enabled by
default, emphasizing the need for users to consider its implications and adjust
the settings accordingly.

This feature applies only to the Uyuni UI and API. It's important to highlight
that users can still use remote commands directly from the SALT CLI, and
administrators need to be aware of this capability.

Technology Preview: Uyuni server container image for aarch64 (ARM64)

With Uyuni 2023.10 we introduced the availability of the Uyuni Server as
container image and Helm Chart.

Unfortunately, the aarch64 version was not available at that point of time,
which has been fixed now with this new release.

For more information about the prerequisites, how to install and configure,
please consult the dedicated initial documentation.

Technology Preview: Uyuni tools to help using Uyuni as containers - add start,
stop and restart commands to mgradm

With Uyuni 2024.02, start, stop and restart commands were added to one the
Uyuni tools used to handle the containers: mgradm.

Disabling Automatic Reboot following Bootstrap

Previously, when bootstrapping a SUSE Linux Enterprise Server Micro client,
Uyuni would automatically schedule a reboot. We have now removed this feature.
Moving forward, please manually reboot the SUSE Linux Enterprise Server Micro
client after bootstrapping to complete the onboarding process.

Version 2024.01

openEuler 22.03

Uyuni now extends its support to an even broader range of operating system
releases. Starting with version 2024.01, openEuler 22.03 will be supported.

openEuler 22.03 is the first community LTS release of openEuler and it is now
supported as a client.

The supported architectures are x86_64 and aarch64. The Uyuni Client Tools
repositories to be used are the same as Enterprise Linux 8.

For general details on the registration process, please refer to the
Registration section. To learn more about supported features, consult the
Supported Features section in our documentation.

For specific details on the registration process, please consult the
Registration section in our documentation.

Reboot required indication for non-SUSE distributions

In the upcoming 2024.01 release, we are happy to announce that Uyuni will
accurately indicate the need for a reboot across all supported distributions.
This enhancement ensures that if a restart is necessary, be it due to a kernel
update or any other package modifications, Uyuni will clearly display this
requirement in the user interface (UI). Users will receive clear and timely
notifications about the need for a client restart, enhancing the overall system
management experience.

Add one-shot action execution to recurring custom state create/edit

Starting with Uyuni 2024.01, during the creation (or editing) of a recurring
state, if multiple systems are part of the entity, a list that allows for
selection of individual systems will be displayed.

Executing Remote commands

This feature applies only to the Uyuni UI and API. It's important to highlight
that users can still use remote commands directly from the Salt CLI, and
administrators need to be aware of this capability.

Add livenessProbe and readinessProbe to the server container Helm chart

As an improvement for the containerized Uyuni Server, the livenessProbe and the
readinessProbe provide a more accurate status of the pod to Kubernetes.

Debian 10 End of Life

The official security support for Debian 10 ended on September 10th, 2022.

After a grace period of more than a year, Uyuni 2024.01 is stopping support for
this operating system.

While existing client tools repositories will not be removed, they will not get
updates.

As for the code, it will not be broken on purpose, but it will not get tested
for Debian 10 anymore, so even if Uyuni 2024.01 can still manage Debian 10,
this can break at any further release.

All remaining users with Debian 10 systems are encouraged to migrate to Debian
11 or Debian 12 as soon as possible.

Version 2023.12

New products enabled

Uyuni now extends its support to an even broader range of operating system
releases. Starting with version 2023.12, the following additional operating
system releases will be supported:

* SUSE Linux Enterprise Micro 5.5

* openSUSE Leap Micro 5.5

* Raspberry Pi OS 12

* Amazon Linux 2023

For details on the registration process, please refer to the Registration
section. To learn more about supported features, consult the Supported Features
section in our documentation.

Raspberry Pi OS 12

With the support of Raspberry Pi OS 12, a brand new whole operating system
family has been added into Uyuni. The supported architectures are arm64 and
armhf. The Uyuni Client Tools repositories to be used are the same as Debian
12.

For additional details on the registration process, please consult the
Registration section in our documentation.

Amazon Linux 2023

The support of Amazon Linux 2023 continues the effort started with other
flavors of the same family, such as Amazon Linux 2. The Uyuni Client Tools
repositories to be used are the same as Enterprise Linux 9.

For additional details on the registration process, please consult the
Registration section in our documentation.

CLM filter by package build date

Starting with Uyuni 2023.12, we introduce a new filter in Content Lifecycle
Management (CLM) that enables users to filter packages according to their build
time. With this addition, users can conveniently filter packages based on the
timing of their build, enhancing the efficiency and precision of package
management within CLM.

CVE fixes

CVE-2023-22644 has been addressed. The resolution for CVE-2023-22644 addresses
three interconnected issues as follows:

* Implements token sanitization before logging (bsc#1210928)

* Corrects permissions for logfiles (bsc#1210928)

* Restricts the logging of potentially sensitive information to debug mode
only (bsc#1210928)

Technology Preview: Uyuni tools to help using Uyuni as containers

* The uyuniadm and uyunictl tools are renamed to mgradm and mgrctl.

* Shell completion packages are now provided.

Version 2023.10

Salt CVEs

This update fixes the following CVE for Salt:

* CVE-2023-34049 - arbitrary code execution via symlink attack (bsc#1215157)

New products enabled

* Debian 12

* SUSE Linux Enterprise 15 SP4 Long Term Service Pack Support (LTSS)

* Extended Service Pack Overlay Support (ESPOS) for High Performance
Computing 15 SP5

* Long Term Service Pack Support (LTSS) for High Performance Computing 15 SP5

* Open Enterprise Server 2023.4

Debian 12

Uyuni 2023.10 broadens its support to a wider range of operating system
releases. With this update, you can manage Debian 12 clients directly from
Uyuni, ensuring that you can efficiently keep your instances updated and
secure. A special thanks to the community contributors that helped us
implementing the support for Debian 12!

For additional details on the registration process, please consult the
Registration section in our documentation.

Technology Preview: Uyuni server image

With Uyuni 2023.10 we are delighted to announce the availability of the Uyuni
Server as container image and Helm Chart.

This new way to run the Uyuni Server is the continuation of the work initially
done for the Uyuni proxy and Retail Branch Server, made available with Uyuni
2022.04.

For more information about the prerequisites, how to install and configure,
please consult the dedicated initial documentation.

Technology Preview: Uyuni tools to help using Uyuni as containers

With the release of the Uyuni Server as image, we are also providing the so
called uyuni-tools, intended for helping users administer and manage the new
Uyuni Servers.

Please note that the tools could be renamed in the future, even if the features
available will be kept.

As per today, we provide:

* uyuniadm used to help user administer Uyuni servers on K8s and Podman

* uyunictl used to help user manage Uyuni servers mainly through its API

For more information about the available features, please consult the README
file.

Include in API response reboot_suggested and restart_suggested booleans

The API response of errata.getDetails now returns two extra booleans.

reboot_suggested boolean flag signals whether a system reboot is advisable
following the application of the errata. A typical example is upon kernel
update.

In the same way, restart_suggested boolean flag signals whether reboot of the
package manager is advisable following the application of the errata. This is
commonly used to address update stack issues before proceeding with other
updates.

Add a config to specify the number of minutes to wait before performing a
system reboot

The config file rhn_java.conf provides the option java.reboot_delay defining
the number of minutes to wait before performing a system reboot. The used value
should be >= 1 because a value of 0 would cause a direct shutdown which makes
it impossible for Salt to return the result back, resulting in a failed action.
Its default value is java.reboot_delay = 3

Respect user e-mail preferences when sending 'user creation' e-mails

The action Create user uses a different logic than all the other events to send
e-mails and it doesn't respect users' e-mail preferences. This enahancement
removes users that have e-mail notifications off from the recipient list when
sending user creation e-mails.

Monitoring: Grafana upgraded to 9.5.8

Grafana has been updated from version 9.5.5 to 9.5.8, signifying a minor update
that addresses several bugs.

For detailed information about the fixes and features, you can refer to the
following links:

* Grafana Release v9.5.6

* Grafana Release v9.5.7

* Grafana Release v9.5.8

Update 'saltkey' endpoints to accept GET instead of POST requests.

The saltkeys namespace now accepts GET requests instead of POST for the
following endpoints:

* acceptedList

* pendingList

* rejectedList

* deniedList

Version 2023.09

Upgrade notes

WARNING: This release updates the base OS from openSUSE Leap 15.4 to openSUSE
Leap 15.5 and there are special steps required. You need at least Uyuni 2023.04
already installed to perform the upgrade, and you need to follow the major
upgrade procedure for the Server. More details are also available at the
"Update from previous versions of Uyuni Server" section below.

WARNING: This release updates the Salt version for Master and Minions to a next
major release. Make sure you update the Uyuni Server before updating the
clients, as backward compatibility of Minions against an older Master is not
guaranteed

Base operating system upgrade

The base operating system has been upgraded to openSUSE Leap 15.5.

New products enabled

* openSUSE Leap Micro 5.4

* SUSE Linux Enterprise Micro 5.4

* openSUSE Leap 15.5

* SUSE Linux Enterprise Server 15 SP5

Please notice that openSUSE Leap 15.5 and SUSE Linux Enterprise Server 15 SP5
have been previously enabled as beta, and now their stable version is
supported.

openSUSE Leap Micro 5.4 support as client

openSUSE Leap Micro is an ultra-reliable, lightweight operating system built
for containerized and virtualized workloads.

Based on SUSE Linux Enterprise Micro, it leverages the enterprise hardened
security and compliance components of SUSE Linux Enterprise. This merging of
technologies provides for a modern, immutable and developer-friendly OS
platform.

Check the Client Configuration Guide for information about the supported
features.

SUSE Linux Enterprise Micro 5.4 support as client

SUSE Linux Enterprise Server Micro is an ultra-reliable, lightweight operating
system purpose built for containerized and virtualized workloads. It leverages
the enterprise hardened security and compliance components of SUSE Linux
Enterprise and merges them with a modern, immutable, developer-friendly OS
platform.

Support for SUSE Linux Enterprise Server Micro in Uyuni was added as a tech
preview. In the meanwhile, we have made some significant improvements around it
to make sure that users get the seamless usability experience in case of an
immutable OS such as SUSE Linux Enterprise Server Micro.

Check the Client Configuration Guide for information about the supported
features.

Salt 3006.0

Salt has been upgraded to upstream version 3006.0, plus a number of patches,
backports and enhancements by SUSE, for the Uyuni Server, Proxy, and Client
Tools.

Salt 3006.0 is the first LTS release of Salt based on the newly defined release
strategy. The purpose of the LTS release is to provide users with a stable
version of Salt for a longer period.

Following CVEs have been fixed for Salt with this Maintenance Update. -
CVE-2023-20897 - bsc#1214796 bsc#1213441 - CVE-2023-20898 - bsc#1214797 bsc#
1193948

For more details about this release, see the Salt 3006.0 upstream release notes
.

WARNING: This release updates the Salt version for master and minions. Make
sure you update the Uyuni Server before updating the clients, as stated here
https://docs.saltproject.io/salt/install-guide/en/latest/topics/upgrade.html

Salt Bundle 3006.0 will be available for all supported clients.

The non-bundle version of Salt requires Python 3 installed by default, and it
will not be available for:

* SUSE Linux Enterprise 12

* CentOS 7

* Oracle Linux 7

* Red Hat Enterprise Linux 7

When a highstate is performed, all the unsupported Salt 3000 clients will be
automatically migrated to the Salt bundle in its latest release.

Important Salt Minion update

Salt version 3006.0 introduced a significant regression that led to
communication issues between Salt Minions and the Salt Master. These
communication problems manifest in two distinct ways:

* In some instances, Minions send duplicate job results to the Master.

* In specific scenarios, particularly when using Salt to install or update a
Salt Minion, the job result is lost. This loss of a job response keeps
Uyuni actions in "pending" state, effectively tying up system resources.

Both Salt Minion (classic) and Salt Bundle are impacted by these issues.

This update provides the necessary fix to address the communication problems.
However, there is a minor caveat to consider. Installing this update on Salt
Minions carries a high probability of causing the previously mentioned job
result loss. Consequently, the Uyuni action responsible for updating the Salt
Minion may remain in a permanent "pending" state until manually canceled. To be
clear, we expect this to be a one-time issue happening when this update is
installed. Subsequent interactions with Salt Minions are expected to function
without any problems.

IMPORTANT: We strongly advise upgrading the Salt Minion (classic or Salt
bundle) on all Minions, ideally as a separate action. Please note that this
action may remain in a pending state as expected. After some time has passed,
you can execute a package refresh to verify the successful completion of the
update and confirm that the Salt Minion package has been upgraded.

The salt-minion is no longer disabled for Salt SSH managed clients

When deleting a Salt SSH managed system, the cleanup state tries to disable and
stop the salt-minion process. This can result in a state.apply error which
requires a force delete when neither salt-minion nor venv-salt-minion is
installed. In case a customer uses salt-minion against an own salt-master, this
would disable and remove a working minion.

Ubuntu 18.04 End of Life

Ubuntu 18.04 was End of Life on May 31st, 2023.

After a grace period of more than a quarter of a year, Uyuni 2023.09 is
stopping support for this operating system.

While existing client tools repositories will not be removed, they will not get
updates.

As for the code, it will not be broken on purpose, but it will not get tested
for Ubuntu 18.04 anymore, so even if Uyuni 2023.09 can still manage Ubuntu
18.04, this can break at any further release.

All remaining users with Ubuntu 18.04 systems are encouraged to migrate to
Ubuntu 20.04 or Ubuntu 22.04 as soon as possible.

Minimal requirement for memory

In order to achieve optimal performance, we are updating the minimal memory
requirement for the server from 8GB to 16GB. To ensure smooth operations, we
suggest updating your system accordingly.

Automated RHUI credential update

In the past, there was a requirement to manually import certificates and
entitlement data into the Uyuni Server.

Now, we have streamlined this procedure by integrating the same mechanism
employed for SUSE PAYG instances. The PAYG connection regularly communicates
with the client to retrieve the most current authentication data. It's crucial
to ensure that the client remains operational and undergoes regular updates.

For more detailed information on this, please refer to the Red Hat Clients -
RHUI section in the Uyuni 2023.09 documentation.

Please consult the Known issues section for some issues around this.

Monitoring

Prometheus upgraded to 2.45.0

Prometheus golang-github-prometheus-prometheus has been upgraded from 2.37.6 to
2.45.0. Prometheus 2.45.x is the new LTS release that will receive security,
documentation and bugfix patches for at least 12 months. The update includes
number of enhancements and bug fixes. There was a breaking change around
changed WAL record format for the experimental native histograms coming from
2.42.0.

This upgrade also includes the fix for the following CVE:

* CVE-2022-41723

Check the upstream changelogs for more details:

* https://github.com/prometheus/prometheus/releases/tag/v2.45.0

* https://github.com/prometheus/prometheus/releases/tag/v2.44.0

* https://github.com/prometheus/prometheus/releases/tag/v2.43.1

* https://github.com/prometheus/prometheus/releases/tag/v2.43.0

* https://github.com/prometheus/prometheus/releases/tag/v2.42.0

* https://github.com/prometheus/prometheus/releases/tag/v2.41.0

* https://github.com/prometheus/prometheus/releases/tag/v2.40.7

* https://github.com/prometheus/prometheus/releases/tag/v2.40.6

* https://github.com/prometheus/prometheus/releases/tag/v2.40.5

* https://github.com/prometheus/prometheus/releases/tag/v2.40.4

* https://github.com/prometheus/prometheus/releases/tag/v2.40.3

* https://github.com/prometheus/prometheus/releases/tag/v2.40.2

* https://github.com/prometheus/prometheus/releases/tag/v2.40.1

* https://github.com/prometheus/prometheus/releases/tag/v2.40.0

* https://github.com/prometheus/prometheus/releases/tag/v2.39.2

* https://github.com/prometheus/prometheus/releases/tag/v2.39.1

* https://github.com/prometheus/prometheus/releases/tag/v2.39.0

* https://github.com/prometheus/prometheus/releases/tag/v2.38.0

* https://github.com/prometheus/prometheus/releases/tag/v2.37.9

* https://github.com/prometheus/prometheus/releases/tag/v2.37.8

* https://github.com/prometheus/prometheus/releases/tag/v2.37.7

Apache exporter updated to version 1.0.0

Prometheus exporter for Apache golang-github-lusitaniae-apache_exporter has
been upgraded from version 0.11.0 to the version 1.0.0. This upgrade includes
the fix for the following CVEs:

* CVE-2022-32149

* CVE-2022-41723

* CVE-2022-46146

Check the upstream release notes for more details, including new metrics.

Grafana upgraded to 9.5.5

Grafana has been upgraded from 8.5.20 to 9.5.5.

This upgrade includes several breaking changes, new features and some important
fixes for several security vulnerabilities.

This update fixes the following security vulnerabilities:

* CVE-2023-3128 - bsc#1212641

* CVE-2023-2183 - bsc#1212100

* CVE-2023-2801 - bsc#1212099

Check the What?s new in Grafana v9.5 page and the upstream changelogs for all
the provided details:

https://github.com/grafana/grafana/blob/main/CHANGELOG.md#955-2023-06-22 https:
//github.com/grafana/grafana/blob/main/CHANGELOG.md#953-2023-06-06 https://
github.com/grafana/grafana/blob/main/CHANGELOG.md#952-2023-05-03 https://
github.com/grafana/grafana/blob/main/CHANGELOG.md#951-2023-04-26 https://
github.com/grafana/grafana/blob/main/CHANGELOG.md#950-2023-04-04 https://
github.com/grafana/grafana/blob/main/CHANGELOG.md#9415-2023-09-18 https://
github.com/grafana/grafana/blob/main/CHANGELOG.md#9413-2023-06-22 https://
github.com/grafana/grafana/blob/main/CHANGELOG.md#9316-2023-06-22 https://
github.com/grafana/grafana/blob/main/CHANGELOG.md#9220-2023-06-22 https://
github.com/grafana/grafana/blob/main/CHANGELOG.md#8527-2023-06-22

Prometheus alert manager

Prometheus golang-github-prometheus-alertmanager has been patched to include
the fix for the following CVE:

* CVE-2022-46146

Postgres exporter upgraded to 0.10.1

prometheus-postgres_exporter has been updated from version 0.10.0 to version
0.10.1, with the update fixing the following security vulnerability:

* CVE-2022-46146

This update does not include any breaking changes or features.

Check the upstream release notes for all the details.

Blackbox exporter

Prometheus prometheus-blackbox_exporter has been patched to include the fix for
the following CVE.

* CVE-2022-46146

Node exporter upgraded to 1.5.0

With Uyuni 2023.09, golang-github-prometheus-node_exporter has been updated
from version 1.3.0 to 1.5.0

The new version changes the Go runtime GOMAXPROCS to 1. This is done to limit
the concurrency of the exporter to 1 CPU thread at a time in order to avoid a
race condition problem in the Linux kernel and parallel IO issues on nodes with
high numbers of CPUs/CPU threads.

This update fixes the following security vulnerabilities:

* CVE-2022-27191

* CVE-2022-27664

* CVE-2022-46146

The update includes also several bugfixes and features but no breaking changes.

Check the upstream changelogs for more details:

* https://github.com/prometheus/node_exporter/releases/tag/v1.5.0

* https://github.com/prometheus/node_exporter/releases/tag/v1.4.1

* https://github.com/prometheus/node_exporter/releases/tag/v1.4.0

* https://github.com/prometheus/node_exporter/releases/tag/v1.3.1

Ansible integration

Given the widespread usage and advocacy of Ansible by various vendors and
tools, it was a logical step to incorporate Ansible integration into Uyuni.

Initially introduced as a Technology Preview in Uyuni 2021.06, we are delighted
to announce that starting with Uyuni 2023.09, Ansible integration will be
officially supported.

You can now effortlessly utilize and execute your existing Ansible playbooks.
This feature not only saves time and resources but also consolidates tools,
preserving your prior automation investments. The integration eliminates the
need to re-implement your Ansible automation solution, simplifying the
migration process.

Furthermore, when combined with Uyuni's powerful Salt capabilities, it enhances
the configuration and automation functionalities of the platform. This
comprehensive solution empowers you to efficiently orchestrate even the most
complex environments, spanning across both cloud and on-premise infrastructure.

For more detailed information on this integration, please refer to the Ansible
Integration section in the Uyuni documentation.

Installing PTFs from Uyuni

SUSE provides temporary fixes for all currently supported solutions delivered
directly to its customers. These PTFs (Program Temporary Fixes) are now
available as repositories, which can be synced in Uyuni. This enables users to
conveniently install the PTFs on clients wherever necessary, directly from
Uyuni.

For more information about this feature, see the dedicated section about Using
PTFs in Uyuni.

Note: PTF packages are currently only supported for SUSE Linux Enterprise
Server 12 and SUSE Linux Enterprise Server 15 based systems. Other versions or
operating systems do not have this feature yet and the related pages are not
visible for them.

Recurrent Custom States

Our recent focus has been on enhancing automation capabilities, particularly
through the recurrent highstate feature. While that capability received
positive feedback, it was deemed somewhat restricted. To address this, we have
extended the initiative by enabling users to schedule custom states on a
recurrent basis. With this new feature, users can now automate their workflows
more effectively and efficiently. Users can schedule automated recurring
actions for Salt clients both from the WebUI and the API. One can apply
recurring action to individual clients, to all clients in a system group, or to
an entire organization.

For more information about this feature, see the Recurring Actions section in
the administration guide.

Note: We would like to inform our users that the recurringaction namespace in
the API has been deprecated. In its place, we have introduced three new
namespaces: recurring, recurring.custom, and recurring.highstate. These new
namespaces are now available for use and we recommend updating your code to
reflect these changes.

Note: As part of this feature, we have also exposed some internal states and a
new state called uptodate that helps users to keep clients up to date. Users
can combine all these states in any order, but states with a reboot should be
scheduled last. Note that the execution order may differ from what it seems if
a state includes any ordering or condition using order or requires.

'system-profile-refresh' Taskomatic job

To ensure a consistent view in SCC for clients registered through SUSEconnect,
RMT, SMT, and SUSE Manager, a new taskomatic job called system-profile-refresh
was introduced specifically for SUSE Manager. This job is necessary to send
accurate subscription information to SCC, as up-to-date hardware data is
required for that purpose. The task runs once every month on the 15th at 5:00
AM, which may impose some load on the systems. However, no significant
performance issues are anticipated during that time.

Show a notification when an update for Uyuni is available

Uyuni will check in the background for updates or critical security patches
available from the official Uyuni channels on a daily basis (via the daily
summary taskomatic job). Users are then notified in the UI with a reference to
the latest release notes accordingly. The notification shown is currently
rather generic and the patch relies on the repository names in order to work,
in regards to this first implementation.

Version 2023.04

Monitoring

Grafana updated to version 8.5.22

This update fixes several security vulnerabilities:

* CVE-2023-1410

* CVE-2023-0507

* CVE-2023-0594

* CVE-2022-46146

This update does not include any breaking changes or features.

Check the upstream changelog for all the details.

Prometheus updated to 2.37.6

With Uyuni 2023.04, golang-github-prometheus-prometheus has been updated from
version 2.32.1 to 2.37.6

This version contains two noticeable changes related to TLS:

* TLS 1.0 and 1.1 disabled by default client-side. Prometheus users can
override this with the min_version parameter of tls_config.

* Certificates signed with the SHA-1 hash function are rejected. This doesn't
apply to self-signed root certificates.

This update fixes several security vulnerabilities:

* CVE-2022-46146

* CVE-2022-41715

Note: Uyuni 2023.04 is not affected by CVE-2022-24921.

The update includes also several bugfixes and features but no breaking changes.

Check the upstream changelogs for all the details:

* https://github.com/prometheus/prometheus/releases/tag/v2.37.6

* https://github.com/prometheus/prometheus/releases/tag/v2.37.2

* https://github.com/prometheus/prometheus/releases/tag/v2.37.1

* https://github.com/prometheus/prometheus/releases/tag/v2.37.0

* https://github.com/prometheus/prometheus/releases/tag/v2.36.2

* https://github.com/prometheus/prometheus/releases/tag/v2.36.1

* https://github.com/prometheus/prometheus/releases/tag/v2.36.0

* https://github.com/prometheus/prometheus/releases/tag/v2.35.0

* https://github.com/prometheus/prometheus/releases/tag/v2.34.0

* https://github.com/prometheus/prometheus/releases/tag/v2.33.5

* https://github.com/prometheus/prometheus/releases/tag/v2.33.4

* https://github.com/prometheus/prometheus/releases/tag/v2.33.3

* https://github.com/prometheus/prometheus/releases/tag/v2.33.2

* https://github.com/prometheus/prometheus/releases/tag/v2.33.1

* https://github.com/prometheus/prometheus/releases/tag/v2.33.0

Prometheus PostgreSQL Server updated to 0.10.1

prometheus-postgres_exporter has been updated from version 0.10.0 to version
0.10.1, with the update fixing the following security vulnerability:

* CVE-2022-46146

This update does not include any breaking changes or features.

Check the upstream release notes for all the details.

Prometheus Node Exporter updated to 1.5.0

With Uyuni 2003.04, golang-github-prometheus-node_exporter has been updated
from version 1.3.0 to 1.5.0

This new version changes the Go runtime GOMAXPROCS to 1. This is done to limit
the concurrency of the exporter to 1 CPU thread at a time in order to avoid a
race condition problem in the Linux kernel and parallel IO issues on nodes with
high numbers of CPUs/CPU threads.

This update fixes several security vulnerabilities:

* CVE-2022-27191

* CVE-2022-27664

* CVE-2022-46146

The update includes also several bugfixes and features but no breaking changes.

Check the upstream changelogs for all the details:

* https://github.com/prometheus/node_exporter/releases/tag/v1.5.0

* https://github.com/prometheus/node_exporter/releases/tag/v1.4.1

* https://github.com/prometheus/node_exporter/releases/tag/v1.4.0

* https://github.com/prometheus/node_exporter/releases/tag/v1.3.1

All tomcat logs are now rotated with logrotate

Until Uyuni 2023.03, localhost.log, manager.log, host-manager.log,
localhost_access_log.txt and catalina.out were rotated with Valve.

Valve does not support archiving, so now the Tomcat logs are configured to
rotate with logrotate and support archiving.

The configuration is the same as for the other tomcat logs: weekly rotation,
one year of retention and compression enabled.

Security enhancements to API logging

Together with the password, this Uyuni release also removes the arguments key
and content from the API logging, because they could still include sensitive
data and should not be exposed in the logs.

Version 2023.03

openSUSE Leap Micro 5.3 support as client

openSUSE Leap Micro is an ultra-reliable, lightweight operating system built
for containerized and virtualized workloads.

Check the Client Configuration Guide for information about the supported
features.

New products enabled

* openSUSE Leap 15.5 (Beta)

* SUSE Linux Enterprise 15 SP5 family (Beta)

Both products are still beta, and both products will work only using the Salt
Bundle (default since Uyuni 2022.12) as otherwise they ship Salt 3005 which is
incompatible with the salt master version being used on Uyuni server (the Salt
master on Uyuni still uses Salt 3004 as provided by openSUSE Leap 15.4).

Monitoring: Grafana update to 8.5.15

This update fixes several security vulnerabilities:

* CVE-2022-39306

* CVE-2022-39307

* CVE-2022-39201

* CVE-2022-31130

* CVE-2022-31123

* CVE-2022-39229

No other bugfixes, features or changelogs are part of this update.

Check the upstream changelog for all the details.

Syncing optional channels from from the WebUI

Until Uyuni 2023.01, syncing optional channels was only possible with the CLI
tool mgr-sync, but not from the WebUI Setup Wizard.

Starting with Uyuni 2023.03, doing this from WebUI is now possible.

Each product at the Setup Wizard will now allow syncing optional channels,
provided that the mandatory channels for the product are already synced.

To enable the optional channels:

1. Go to Admin ? Setup Wizard ? Products

2. Look for the product you want to sync optional channel for,

3. Use the Show the product's channels button (next to the sync status)

4. A popup will show, allowing you to use checkboxes to enable optional
channels. Mark as many as needed.

5. Use the Confirm button to schedule the sync

Subscription warning notifications will now happen weekly

This change is only relevant for users using SUSE subscriptions.

Previous versions of Uyuni created a notification each day when a SUSE Customer
Center (SCC) subscription was about to expire, starting 90 days before the
subscription expiration and 30 days after expiration.

With Uyuni 2023.03 we are addressing the feedback we got about the frequency,
and we are changing it to happen weekly, on Mondays.

The warning box at the Dashboard (Home > Overview) will still show up any time
there is a subscription expiring in the next 90 days, or expired in the last 30
days.

Salt 3000 End of Life

Upstream Salt 3000 went End of life on August 31, 2021. However, because it was
part of the Advanced Systems Management Module of SUSE Linux Enterprise 12 and
there was no bundle available for SUSE Manager 4.1, it was still supported.

Salt 3000 will no longer be supported in the context of Uyuni now that both
SUSE Manager 4.1 and the Advanced Systems Management Module of SUSE Linux
Enterprise 12 are End of Life.

Users are required to migrate existing Salt 3000 minions for SUSE Linux
Enterprise Server 12, Red Hat Enterprise Linux 7, CentOS 7, Oracle Linux 7, and
Amazon Linux 2 to the Salt Bundle before creating any bug reports.

For more information about performing Salt 3000 to Salt Bundle migrations,
please consult the Salt Bundle section in the Client Configuration Guide.

Debian 9 End of Life

Debian 9 LTS support ended in June 30th, 2022.

After a grace period of more than half a year, Uyuni 2023.03 is stopping
support for this operating system.

While existing client tools repositories will not be removed, they will not get
updates.

As for the code, it will not be broken on purpose, but it will not get tested
for Debian 9 anymore, so even if Uyuni 2023.03 can still manage Debian 9, this
can break at any further release.

All remaining users with Debian 9 systems are encouraged to migrate to Debian
10 or Debian 11 as soon as possible.

'spacewalk-clone-by-date' has been deprecated

With Uyuni 2023.03, spacewalk-clone-by-date tool has been deprecated. With CLM
(Content Lifecycle Management), we believe users have a better alternative to
spacewalk-clone-by-date, which is much more flexible and powerful.

CLM provides a comprehensive API to cover all the important features that
spacewalk-clone-by-date tool offers.

Version 2023.01

Release notes cleanup

With Uyuni 2023.01, we are removing versions older than 2021.12 from the
release notes, to make the document smaller and easier to review.

Release notes for older versions, up to 4.0.0 can still be found at the website
.

SUSE Linux Enterprise Micro support as client

Check the Client Configuration Guide for information about the supported
features.

The documentation still mentions SUSE Linux Enterprise Micro as "Technology
Preview". This documentation bug will be fixed for Uyuni 2023.03

Please consult the Known issues section for an issue around SUSE Linux
Enterprise Micro support.

Content Lifecycle Management: Disabling modularity for AppStream repositories

Starting with Uyuni 2023.01, AppStream modularity can be disabled by removing
the module metadata from the target repositories without having to enable any
modules. This can be achieved by using the new none matcher with the AppStream
filters.

This new feature is especially useful for AlmaLinux 9, Rocky Linux 9, Oracle
Linux 9 or RHEL 9, as default versions of most applications are now served as
regular packages.

Check the Administration Guide for more information.

Version 2022.12

Indications for systems requiring reboot or with a scheduled reboot

Uyuni 2022.12 brings several improvements to the reboot of the Uyuni clients:

* The System List page now provides a new icon at the Updates column when a
reboot is required. This new icon allows scheduling the reboot.

* The System Overview page for the clients will show the text System reboot
scheduled when a reboot is scheduled.

Notification messages via e-mail

Uyuni shows notification messages on the WebUI, but they are not very useful
for those users that do not login very often.

With Uyuni 2022.12, each user can enable such notifications to be delivered via
e-mail using the user preferences (checkbox Receive email notifications).

Monitoring: Grafana update to 8.5.15

This update fixes several security vulnerabilities:

* CVE-2022-39306

* CVE-2022-39307

* CVE-2022-39201

* CVE-2022-31130

* CVE-2022-31123

* CVE-2022-39229

No other bugfixes, features or changelogs are part of this update.

Check the upstream changelog for all the details-

Subscription warning notifications

Uyuni 2022.12 will show notifications at the Overview page now, when SUSE
subscriptions are about to expire or have already expired.

This will not affect users not using SUSE subscriptions.

Limit changelogs at repositories metadata to the last 20 entries

Until 2022.11, Uyuni added all the changelog entries for all packages to the
generated metadata for each repository generated at the Uyuni Server. This
caused the file others.xml.gz to be very big in some situations, and therefore
increasing the time it takes to synchronize the metadata on the Uyuni clients.

Starting with Uyuni 2022.12, this is now limited to 20 entries for each package
by default for new packages. Already synced packages will keep the whole
changelog.

This change is only about the repository metadata and will not affect the
packages themselves, which will keep the complete changelogs.

If you want to go back to keeping all the changelog entries, increase the
number of entries, or apply the new default for all existing packages. For that
check the Administration Guide.

Drop legacy way to prevent disabling local repositories at bootstrap scripts

In the past, using DISABLE_LOCAL_REPOS=0 with the bootstrap script allowed
users to keep local repositories enabled after registration.

This feature can be accomplished with Salt, for any kind of onboarding (WebUI,
API, Bootstrap script, etc.), as explained at the Client Configuration Guide.

Version 2022.11

System list refactor

The System list page has been refactored to be more optimized and can handle
thousands of systems with a breeze.

For this we had to add a new database table to store the cached system data.

This table is updated every hour by the update-system-overview-default task and
within a minute after data for any of the systems is changed.

As a side effect, the System list will be empty after the server upgrade until
the refresh is triggered.

To force a refresh before the top of the hour, run the
update-system-overview-default task manually in Admin > Task Schedules page.
Keep in mind that processing this task can take some time depending on how many
systems are present in the database.

We intend to automate the initial refresh during during the Uyuni Server update
in a future release, for people that are still upgrading from versions older
than 2022.11

The new page has also introduced a more advanced filtering of the data. Though
quite powerful, the user interface for the value selection is still rough and
requires knowing what to query. While this has been temporarily been worked
around by keeping the old links in the Systems List menu, we expect
improvements for the interface in a future release.

Instructions to disable custom channel automatic synchronization

Since Uyuni 2022.10, the custom channels are now synced automatically.

By default, a synchronization will start automatically after adding a new
repository to a custom channel. Moreover, they will all update daily as a part
of the mgr-sync-refresh-default scheduled task.

To disable this new feature and revert back to the old behavior, you can set in
/etc/rhn/rhn.conf:

java.unify_custom_channel_management = 0

Custom Channels section of the Administration guide for information about the
custom channel synchronization.

Allow more tools for network management for the Uyuni Server

Until now, the Uyuni Server only supported Wicked for network management,
because of a problem at the uyuni-check-database service.

With Uyuni 2022.11, this problem is fixed and now any other tool such as
NetworkManager can be used.

Monitoring: Grafana update to 8.5.13

Uyuni 2022.03 updates Grafana from version 8.3.5 to 8.5.13.

This update fixes several security vulnerabilities:

* CVE-2022-36062

* CVE-2022-35957

* CVE-2022-31107

* CVE-2022-31097

* CVE-2022-29170

Check the upstream changelog for all the details on what has changed.

There is one breaking change: - For a data source query made via /api/ds/query,
if the DatasourceQueryMultiStatus feature is enabled and the data source
response has an error set as part of the DataResponse, the resulting HTTP
status code is now 207 Multi Status instead of 400 Bad gateway.

Updating Grafana is strongly recommended.

Monitoring: Fix TLS configuration and enable client certificate authentication
for Blackbox exporter

Uyuni 2022.10 and previous versions were using basic authentication for the
Blackbox exporter scrapping, even though using TLS client certificates was
enabled at the prometheus-formula

With Uyuni 2022.11, the Prometheus formula adds a section for the Blackbox
exporter with TLS certificate and key for client certificate authentication.

Traditional stack being removed

Uyuni 2022.06 was the last version where traditional client tools were tested
to work, and it was announced that with Uyuni 2022.08 the traditional client
tools will be deprecated and removed at some point after the summer.

Uyuni 2022.11 is already removing code for the traditional clients, so this
version will not support traditional clients in any way. New deployments will
not work and existing deployments will not work either. If you still have
traditional clients and they still work normally, you need to migrate them to
Salt before updating to Uyuni 2022.11.

Version 2022.10

Update notes

WARNING: This release requires vendor changes for some Uyuni dependencies at
the server, so pay attention to the following instructions!

Because of bug at zypper, it could be that --allow-vendor-change is broken on
your system. This can apply even if you are still on Uyuni 2022.05 or earlier
(based on openSUSE Leap 15.3)

Make sure you manually update zypper first at the Uyuni Server with zypper ref
&& zypper in zypper, and then verify that the installed zypper version is
1.14.57 or newer (use zypper info zypper).

Then:

* If you are on Uyuni 2022.06 or newer, while doing the minor upgrade
procedure for the Server, make sure you allow such vendor changes by
calling zypper up --allow-vendor-change instead of zypper up.

* If you are on Uyuni 2022.05 or older, follow the major upgrade procedure
for the Server without any special steps.

RHEL/Oracle Linux/AlmaLinux/Rocky Linux 9 as clients

Uyuni is now able to manage RHEL/Oracle Linux/AlmaLinux/Rocky Linux 9 as Salt
or Salt SSH minions. All other features that worked for previous versions of
RHEL/Oracle Linux/AlmaLinux/Rocky will work now too, with the exception of the
Prometheus Exporters.

The following architectures can be managed:

* x86_64

* aarch64

* s390x (RHEL/AlmaLinux/Rocky Linux only)

* ppc64le (RHEL/AlmaLinux/Rocky Linux only)

Check the Client Configuration Guide for information about how to configure the
Uyuni Server to work with RHEL/Oracle Linux/AlmaLinux/Rocky Linux 8 clients.

Monitoring for Ubuntu 22.04

The Client Tools for Ubuntu 22.04 now contain four exporters:

* prometheus-apache-exporter

* prometheus-exporter-exporter

* prometheus-node-exporter

* prometheus-postgres-exporter

With these tools all of the features available for previous Ubuntu versions are
available at 22.04

pip support for the Salt Bundle

The Salt Bundle now includes support for pip, allowing users to extend the
functionality of the bundled Salt Minion with extra Python packages.

Check the official SaltStack documentation on how to do it as a module and a
state.

Keep in mind that not all of the functions are available with the state, but
the missing functionality can still be accessed with module.run.

Apache exporter updated to version 0.11.0 for SUSE Linux Enterprise and
openSUSE

Uyuni 2022.10 updates the Prometheus exporter for Apache from version 0.7 to
version 0.10.0 for SUSE Linux Enterprise and openSUSE, including the Uyuni
Server, the Uyuni Proxy and the Uyuni Retail Branch Server.

Check the upstream release notes for more details, including new metrics.

Cobbler updated to version 3.3.3

Cobbler was updated from version 3.1.2 to version 3.3.3.

* "cobbler buildiso" now supports building ISOs with UEFI support

* Cobbler has a new command "cobbler mkloaders" that can be called optionally
after GRUB or Syslinux was updated on the Uyuni Server

For the complete list of changes, see the upstream release notes:

* https://github.com/cobbler/cobbler/releases/tag/v3.3.3

* https://github.com/cobbler/cobbler/releases/tag/v3.3.2

* https://github.com/cobbler/cobbler/releases/tag/v3.3.1

* https://github.com/cobbler/cobbler/releases/tag/v3.3.0

* https://github.com/cobbler/cobbler/releases/tag/v3.2.2

* https://github.com/cobbler/cobbler/releases/tag/v3.2.1

* https://github.com/cobbler/cobbler/releases/tag/v3.2.0

The migration of stored Cobbler collections and settings from previous Cobbler
version to 3.3.3 will run automatically during this upgrade.

A backup of old Cobbler settings file will be created at /etc/cobbler/
settings.before-migration-backup and old collections backup under /var/lib/
cobbler/.

Version 2022.08

Ubuntu 22.04 as client

Uyuni is now able to manage Ubuntu 22.04 clients as Salt or Salt SSH minions.
All other features that worked for previous versions of Ubuntu will work now
too, with the exception of the Prometheus Exporters and package vendor
identification, which will be part of a future Uyuni release (for now,
Prometheus Exporters are available in the Universe repositories).

The following architectures can be managed:

* x86_64

Check the Client Configuration Guide for information about how to configure
Uyuni Server to work with Ubuntu 22.04 clients.

GPG key handling in Uyuni

Uyuni is now taking care of trusting the required GPG keys on the clients, in
order to install packages from assigned channels

The GPG key URL can be defined for Software Channels which will be used to find
the key needed for that channel.

When the channel is assigned to the client the key will be trusted on
repository refresh or when installing a package out of the channels.

For more information, check the documentation.

Disabling locally defined repositories

To prevent problems with local defined repositories providing wrong or unwanted
packages, we disable now all these repositories as the first step in
bootstraping.

Additionally we try to keep local repositories disabled and perform this in the
channel state which is also used during highstate.

For more information, check the documentation.

Technology Preview: Helm chart to deploy containerized Uyuni Proxy and Retail
Branch Server

Deploying Proxy and Retail Branch Servers as containers is now also possible
using a Helm chart.

For more information check this README file. The information will be part of
the Uyuni official documentation in a future release.

WARNING: The container images configuration has a new format and it is now
packaged as tar.gz file. All previously deployed container Proxies and Retail
Branch Servers will need to get their configuration regenerated and deployed
again before pulling these images.

Version 2022.06

Upgrade notes

WARNING: This release updates the base OS from openSUSE Leap 15.3 to openSUSE
Leap 15.4 and there are special steps required. You need at least Uyuni 2021.06
already installed to perform the upgrade, and you need to follow the major
upgrade procedure for the Server. More details are also available at the
"Update from previous versions of Uyuni Server" section below.

WARNING: This release updates the Salt version for Master and Minions to a next
major release. Make sure you update the Uyuni Server before updating the
clients, as backward compatiblity of minions agains an older master is not
guaranteed

WARNING: With Uyuni 2021.12, we announced the future deprecation of the
Traditional client tools. Uyuni 2022.06 is the last release that supports them.
Starting with Uyuni 2022.08, the traditional client tools will be deprecated as
we will start removing the code at some point after the summer. Do not use
traditional for any new deployments of clients or proxies, and start migrating
your traditional clients to Salt.

Base operating system upgrade

The base operating system has been upgraded to openSUSE Leap 15.4.

PostgreSQL 14

The database engine has been updated from PostgreSQL 13 to PostgreSQL 14, which
brings a number of performance and reliability improvements. A detailed
changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, Uyuni
2022.06 refuse to start until the database migration from PostgreSQL 13 to
PostgreSQL 14 has been completed successfully.

Salt 3004

Salt has been upgraded to upstream version 3004, plus a number of patches,
backports and enhancements by SUSE, for the Uyuni Manager Server, Proxy, and
Client Tools.

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the
Salt 3004 upstream release notes.

Salt Bundle 3004 will be available for all supported clients.

The non-bundle version of Salt requires Python 3 installed by default, and it
will not be available for:

* SUSE Linux Enterprise 12

* CentOS 7

* Oracle Linux 7

* Red Hat Enterprise Linux 7

New products enabled

* openSUSE Leap 15.4

* SUSE Linux Enterprise 15 SP4 family

* SUSE Linux Enterprise Micro 5.2

Version 2022.05

Reporting Database documentation

The reporting database schema is now fully documented.

The documentation describes the schema in detail, showing all the tables and
the views available and highlighting the relationships among them.

You can access it from the Uyuni Server WebUI, at Help > Report Database
Schema, from the left navigation bar.

spacewalk-report now uses data from the reporting database

Starting with Uyuni 2022.05, spacewalk-report will use the data from the report
database by default. This change affects both new and updated setups.

This means that the new generated reports will differ in the structure and the
format of the data and might break existing integrations.

If this change causes trouble in your use case, the new option --legacy-report
can be used to fallback to the old report engine.

For a comprehensive list of what is changed and what reports are affected, see
the section "Generate Reports" at the Administration Guide.

Adding systems with failed actions to System Set Manager

It is now possible to select and add systems that failed or completed actions,
with a new button Add Selected to SSM that shows for the actions at "Completed
Systems" and "Failed Systems".

You can the find the actions at the Uyuni Server WebUI, at Schedule on the left
navigation bar.

This can be useful to fix issues with systems that failed to complete actions,
or to run more actions on those that completed them.

Technology Preview: JSON over HTTP API

With Uyuni 2022.05, in addition to the current XML-RPC API, a new JSON over
HTTPI API will also be provided to make Uyuni API even easier to consume.

Uyuni is seeing more and more use in automated scenarios, where it is a part of
a bigger system and driven via its APIs.

The XML-RPC protocol has served users well so far and will continue to do so,
but HTTP APIs are more in demand and have better tooling support.

The API documentation has been updated to reflect the changes to support the
HTTP API, and is available at the Uyuni Server WebUI under About > API, and at
the website

Usage examples can be found in the "Sample scripts" section of the
documentation.

With the addition of the JSON over HTTP API documentation:

* Mandatory names to the input parameters for each method were added

* Information about the HTTP request type (GET or POST) was added

* Example scripts to consume the HTTP API via Curl were added

Version 2022.04

Salt SSH now uses the Salt Bundle

The Salt Bundle is now used to handle Salt SSH executions on the client side.
The bootstrap of new Salt clients using WebUI or API is now also using the Salt
Bundle.

To ensure bootstrap works in the proper way, the bootstrap repositories for the
clients must be regenerated before bootstrapping new clients.

The bootstrap repository regeneration happens for any given product when a
resync for the product repositories happens:

* For products provided by the SUSE Customer Center, added via de Setup
Wizard or mgr-sync, this happens each night.

* For products added via spacewalk-common-channels there is no automated
resync by default, unless it was configured after adding the product. In
this case, the regeneration needs to be trigger manually.

To manually trigger the regeneration, use the tool mgr-create-bootstrap-repo at
the Uyuni Server.

Technology Preview: Containerized Uyuni Proxy and Retail Branch Server

Starting with Uyuni 2022.04, it will be possible to run the Uyuni proxy and
Retail branch server also in containers. This could be very helpful in
scenarios where adding new virtual machines is not feasible for some reason.

Additionally, the ability to run Uyuni Proxy and Retail branch servers in
containers make it more flexible to run them anywhere without worrying about
the underlying OS, while also making it possible to get the advantage of
Kubernetes offerings like HA.

Reporting Database improvements

The following improvements have been made in the reporting database

* Add UI for peripheral server with report database password regeneration

* Added the server location information to the reporting database

* detect MgrServer on bootstrap and store report database settings

* Added Channel information

* Added System packages information

* Added OpenScap scans information

* Added Groups information

* Added System packages information

* Added proxy information to the system table

* Changed table SystemGroup to better reflect its content

* Added location information to the system table

Improved image management

Uyuni 2022.04 comes with a lot of improvements for image management.

* Kiwi images:

+ Uses name and version from Kiwi config file, revision is increased on
each build

+ Built image files are referenced in the database and deleted with the
image entry

+ Image pillars are stored in the database

+ The build log is visible in the User Interface

* Docker images:

+ Use a new database entry for each revision

+ Old revision can be shown with the "Show obsolete" checkbox

* Updated XML RPC API to manipulate with images, image files and pillars:

+ For more details about these end points, please refer to Uyuni API.

HSTS available

HTTP Strict Transport Security (HSTS) is a policy mechanism that helps to
protect websites against man-in-the-middle attacks such as protocol downgrade
attacks and cookie hijacking.

Uyuni 2022.04 allows enabling HSTS. Which means each request will need to be
HTTPS while plain HTTP requests will be rejected.

To enable it for the Uyuni Server:

1. Edit /etc/apache2/conf.d/zz-spacewalk-www.conf

2. Uncomment the line # Header always set Strict-Transport-Security "max-age=
63072000; includeSubDomains"

3. Restart Apache with systemctl restart apache2

To enable it for the Uyuni Proxy

1. Edit /etc/apache2/conf.d/spacewalk-proxy.conf

2. Uncomment the line # Header always set Strict-Transport-Security "max-age=
63072000; includeSubDomains"

3. Restart Apache with systemctl restart apache2

IMPORTANT: If you enable HSTS while using the default SSL certificate generated
by Uyuni, or a self-signed certificate, some browsers will refuse to connect
using HTTPS unless the CA used to sign such certificates is trusted by the
browser. If you are using the SSL certificate generated by Uyuni, you can trust
it at the servers by using the file located at http://<UYUNI-SERVER-HOSTNAME>/
pub/RHN-ORG-TRUSTED-SSL-CERT

Version 2022.03

Fixes for Salt security issues

Fixes for the following security issues have been released: CVE-2022-22934,
CVE-2022-22935, CVE-2022-22936, CVE-2022-22941.

You should patch your Salt master at the Uyuni Server and minions as soon as
possible. Please take the next section into account when upgrading the Salt.

Salt Upgrade

To properly upgrade Salt with the fixes for the latest CVEs, and avoid breaking
the communication between for Salt master and minion, you need to upgrade your
"salt-master" first and then continue upgrading your Salt minions.

In case that a Salt minion is upgraded with the CVE fixes but your Salt master
is not, then the communication between the master and this minion will be
broken, and you would see errors like the following in your minion logs:

2022-03-28 13:19:41,880 [salt.crypt :743 ][ERROR ][15942] Sign-in attempt failed: {'publish_port': 4505, 'pub_key': '-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\n''enc': 'pub','sig': ".."}
2022-03-28 13:19:41,885 [salt.minion :1056][ERROR ][15942] Error while bringing up minion for multi-master. Is master at salt-master-server.tf.local responding?

As soon as your Salt master is upgraded and restarted then the communication
between master and minion will be restablished and the errors messages will not
longer happen.

New XML-RPC API version 26

Uyuni 2022.03 updates the XML-RPC API version from 25 to 26, in preparation for
SUSE Manager 4.3

There are no breaking changes to any methods.

If any of your scripts are checking for the version 25, you can change them to
use version 26 without any further changes.

smdba: changed defaults for newer PostgreSQL versions

Starting with PostgreSQL 13, some defaults have changed.

To improve performance, smdba autotuning was adapted to use the new values.

Additionally an extra paramater --ssd was added to autotuning to tell smdba
that the database is stored on ssd or fast network storage.

To change an existing configuration with the new defaults call

smdba system-check autotuning

Remember you can also adjust some other parameters, in case you need them:

smdba system-check autotuning [--max_connections=<number>] [--ssd]

Monitoring: Grafana 8.3.5

Uyuni 2022.03 updates Grafana from version 7.5.12 to 8.3.5.

This update fixes several security vulnerabilities:

* XSS vulnerability in handling data sources (CVE-2022-21702)

* Cross-origin request forgery vulnerability (CVE-2022-21703)

* Insecure Direct Object Reference vulnerability in Teams API
(CVE-2022-21713)

* GetUserInfo: return an error if no user was found (CVE-2022-21673)

Updating Grafana is strongly recommended.

Relevant changes are:

* New Alerting for Grafana 8

* CloudWatch: Add support for AWS Metric Insights

* CloudWatch: Add AWS RoboMaker metrics and dimension

* CloudWatch: Add AWS Transfer metrics and dimension

* CloudWatch: Add AWS LookoutMetrics

* CloudWatch: Add Lambda@Edge Amazon CloudFront metrics

* CloudMonitoring: Add support for preprocessing

* CloudWatch: Add AWS/EFS StorageBytes metric

* CloudWatch: Add Amplify Console metrics and dimensions

* CloudWatch: Add metrics for managed RabbitMQ service

* Elasticsearch: Add support for Elasticsearch 8.0

* AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers

* AzureMonitor: Add Azure Resource Graph

* AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics

Check the upstream changelog for more details on what has changed.

There is one breaking change:

* Grafana 8 Alerting enabled by default for installations that do not use
legacy alerting.

Uyuni does not use Grafana alerting, so if you do not need it, you can disable
it at the Grafana WebUI.

If you use legacy Grafana alerting in your environment, consider migrating to
new Grafana 8 alerting.

Unsupported products

* Red Hat Enterprise Linux 6

* Oracle Linux 6

* CentOS 6

* CentOS 8

* Ubuntu 16.04

We highly encourage you to migrate your workload to a newer version of each
distribution, or to an alternative distribution that is still supported, so you
can continue managing your infrastructure with Uyuni.

Please note that we will not break things on purpose for these unsupported
products, and there is a possibility that they could still continue to work.
But if things break, there will not be any support provided, not even on a
best-effort basis, unless someone from the community can step in.

Version 2022.02

PostgreSQL default password encryption mechanism change

PostgresSQL is changing its default password encryption mechanism from md5 to
scram-sha-256.

With this update Uyuni will follow this change and will migrate the database
user to this new encryption mechanism.

This should happen fully automated for the existing database user.

The following changes will happen:

* At the /var/lib/pgsql/data/postgresql.conf file, password_encryption =
scram-sha-256 will be set.

* The password for the user specified in the file /etc/rhn/rhn.conf will be
reset.

* At the /var/lib/pgsql/data/ph_hba.conf file, all mechanisms which are set
to md5 will be changed to scram-sha-256.

In case additional users where created, the passwords must be reseted.

This can be done with the following command on the Uyuni Server executed as
"root" user, and exchanging`<DBUSER>` with the right username and <DBPASSWD>
with the new password:

runuser - postgres -c "echo \"ALTER USER <DBUSER> WITH PASSWORD '<DBPASSWD>';\" | psql"

Reporting Database

The reporting database provides Uyuni data used for reports in a simplified
schema, and is accessible by any reporting tool with support for SQL databases
as content sources.

This new database is isolated from the one used for the Uyuni Server, and
created automatically.

The tool uyuni-setup-reportdb-user can create new users which has read-only
access to the data.

For more information on this topic, see Hub reporting.

Ubuntu errata installation

Uyuni now comes with Ubuntu errata support. It does this by downloading errata
information from https://usn.ubuntu.com/usn-db/database.json and matching it
after the syncing of Ubuntu channels.

It also adds support for installing errata on Ubuntu systems by mapping them to
package installs.

For users, it will be a seamless experience and they will get exactly the same
UX as it was for errata management for other distros.

Monitoring

Prometheus 2.32.1

Uyuni 2022.02 updates Prometheus from version 2.27.1 to 2.32.1.

The new version contains some breaking changes that need to be addressed after
the Uyuni Server is updated.

Breaking changes:

* Uyuni Service Discovery: The configuration and the returned set of meta
labels have changed. Please check the upstream documentation for more
details.

* As a consequence all users with existing monitoring setup must reapply the
highstate on the monitoring server(s).

Important changes:

* Introduced generic HTTP-based service discovery.

* New expression editor with advanced autocompletion, inline linting, and
syntax highlighting.

* Discovering Kubernetes API servers using a kubeconfig file.

* Faster server restart times via snapshotting.

* Controlling scrape intervals and timeouts via relabeling.

Check the upstream changelog for more details on what has changed.

Postgres exporter updated to version 0.10.0 for SUSE Linux Enterprise and
openSUSE

Uyuni 2022.02 updates the Postgres exporter from version 0.4.7 to the version
0.10.0 for SUSE Linux Enterprise and openSUSE.

This version brings the rename of the package from
golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter, as
this package is now part of the Prometheus Community Projects. After the
package is updated, you will need to reenable the prometheus-postgres_exporter
service:

* For the Uyuni Server WebUI, proceed to Admin > Manager Configuration >
Monitoring. You will see PostgreSQL database is stopped. Click Enable and
the service will get started.

* For the SUSE Linux Enterprise and openSUSE, apply the highstate to all the
clients where the PostgreSQL needs to be exported.

The new version also contains a patch that allows connecting to PostgreSQL
servers using scram-sha-256, which is the new default for Uyuni installations
starting with 2022.02.

Check the upstream changelog for more details, including new metrics.

Other operating systems such as for example CentOS7 or AlmaLinux 8 will get
0.10.0 with future Uyuni releases.

SUSE Linux Enterprise Server PAYG client support on cloud

It is now possible to sync content from SUSE-operated Cloud RMT Server from
Uyuni. This makes it a lot easier for users with SUSE Linux Enterprise Server
PAYG instances because now they don't need to go through a cumbersome process
of getting zero-cost subscriptions.

It works in all three major public clouds AWS, GCP, and Azure.

For more information and instructions on this topic, see the Connect
Pay-as-you-go instance.

openscap for Debian 11 (Tech Preview)

Uyuni 2022.02 provides the openscap package binaries using the sources from
Debian Sid. Debian11 itself does not provide openscap, as it was removed from
Debian Testing during Debian 11 development.

This is a Tech Preview and therefore not supported, but we invite the community
to provide feedback and will provide updates from the Debian upstream package
if needed.

Version 2022.01

Debian 11 as client

Uyuni is now able to manage Debian 11 clients as salt or salt-ssh minions, as
well as all other features that work for previous versions of Debian, with the
exception of openscap as it is not available on Debian 11

The following architectures can be managed:

* x86_64

* aarch64

* armv7l

* i586

* ppc64le

* s390x

Check the Client Configuration Guide for information about how to configure
Uyuni Server to work with Debian 11 clients.

Link to vendor security advisory in Patch details page

The patch details page now contains a new section Vendor Advisory, which links
to the original advisory provided by the vendor of the patch.

This information is auto-generated from data already existing in the database
thus, when possible, it will be available for both new and existing patches.

With Uyuni 2022.01, the following providers are supported:

* SUSE

* Red Hat

* Oracle

* Amazon

* AlmaLinux

* RockyLinux

* Alibaba

Add support for custom SSH port for SSH minions

Starting with Uyuni 2022.01, using TCP port 22 for SSH minions is not required
anymore, and any TCP port can be used.

Change proxy used for clients from the WebUI

It is now possible to change the proxy used by an Uyuni client using the WebUI.

This can be done from the Connection tab at the Details tab for any Salt
client, using the new link Change to change the connection type.

Using System Set Manager is supported as well, and can be done from the Misc
tab, and then Proxy tab.

NOTE: Changing the connection for a Proxy to move it, is not supported at this
moment. The Connectiontab will not show the Change link for proxies.

Version 2021.12

Salt as a Bundle

Salt Bundle is a single package called venv-salt-minion containing the Salt
Minion, Python and all Python modules. It is exactly the same version and
codebase for the current salt-minion RPM package.

The Salt Bundle can be used on systems that already run another Salt Minion,
that do not meet Salt's requirements or already provide a newer salt version
that is used instead of the version provided by Uyuni.

Starting with Uyuni 2021.12, Uyuni is able to bootstrap systems with Salt
Bundle for all the supported operating systems.

On bootstrapping new clients the Salt Bundle package will be used instead of
salt-minion, if the package venv-salt-minion is present in the bootstrap repo.

Clients already registered will not be changed, but can be switched to Salt
Bundle with applying the state util.mgr_switch_to_venv_minion to them. For more
information see the Client Configuration Guide.

aarch64 support for openSUSE Leap 15.3, CentOS 7/8, clones and related systems

Uyuni 2021.12 adds support for the aarch64 (ARM64) architecture for the
following operating systems:

* openSUSE Leap 15.3

* CentOS 7/8

* Oracle Linux 7/8

* Rocky Linux 8

* AlmaLinux 8

* Amazon Linux 2

System reactivation

It is now possible to re-activate a system using the UI/XMLRPC-API of Uyuni
which was only possible using bootstrap script before. The bootstrapping page
UI has been extended and the user can now enter the reactivation key of the
system and the UI/XMLRPC-API of Uyuni will take care of the rest.

The same could be achieved from the XMLRPC API.

Low Diskspace notification

With Uyuni 2021.12, on the login page, a banner will be shown when available
disk space on the server will be running low. This will help users avoid
situations like the automatic shutdown of Uyuni when disk space is critically
low, without even noticing it.

Package Locking for Salt Minions

Package locks are used to prevent unauthorized installation or upgrades of
software packages. In the past the package lock feature was only available for
traditional clients. Now it is also available for Salt clients (SUSE, RHEL and
clones, and Debian/Ubuntu).

Check the Package Locking documentation for information about how to use this
feature.

Monitoring

Prometheus Blackbox exporter

Uyuni 2021.12 comes with the Blackbox exporter, which allows blackbox probing
of endpoints over HTTP, HTTPS, DNS, TCP, and ICMP. It needs to be installed
next to the Prometheus server and not on the clients. Prometheus formula has
been extended to configure the Blackbox exporter.

The package prometheus-blackbox_exporter has been added as recommended for the
Proxy.

Formulas

One of the limitations of the current formulas is that they are listed against
every client, even if the supported packages are not available for that OS
version or service pack.

While we are continuously focused on improving the formulas, for now, starting
with the monitoring formulas it will be mentioned in documentation if applying
those formulas would actually work in the case of a particular client.

In 2021.09, we made the Prometheus package available for Uyuni Proxy and Retail
Branch Server but that is not the case with Grafana.

* Prometheus is available for the client tools for SUSE Linux Enterprise 12,
SUSE Linux Enterprise 15, and openSUSE 15 Uyuni Proxies or Retail Branch
Servers

* Grafana is available for the client tools for SUSE Linux Enterprise 12,
SUSE Linux Enterprise 15, openSUSE 15

Content Lifecycle Management improvement

From the Content Lifecycle Management project view, the new column Last build
has been added. This information is useful when you need a general overview of
all latest build times rather than retrieving the information project by
project.

New XMLRPC API methods for SaltKey

Following new XMLRPC methods have been added in SaltKey namespace.

* accept : API endpoint to accept minion keys

* reject : API endpoint to reject minion keys

* pendingList : API endpoint to list pending salt keys

* acceptedList : API endpoint to list accepted salt keys

* rejectedList : API endpoint to list rejected salt keys

These methods could further help in improving the automation workflows.

New product enabled

* SUSE Linux Enterprise Server 15 SP2 LTSS

CVE-2021-40348 remediation

A security fix for CVE-2021-40348 is included as apart of Uyuni 2021.08, to fix
a potential injection arbitrary code to a root-owned file that eventually will
be executed by the system.

The fix for this problem was previously released on October 29th as a patch on
top of Uyuni 2021.09, but if you did not apply such patch yet, we recommend
appling the update to Uyuni 2021.12 as soon as possible.

CentOS 8 End of Life

CentOS 8 will be End of Life on December 31st, 2021. Uyuni support for this
product will end as well.

Please refer to support section for more information.

Future deprecation of the traditional stack

With Uyuni 2021.12, we announced the future deprecation of the Traditional
client tools.

Uyuni 2022.06 is the last release that supports them.

Starting with Uyuni 2022.08, the traditional client tools will be deprecated as
we will start removing the code at some point after the summer.

Do not use traditional for any new deployments of clients or proxies, and start
migrating your traditional clients to Salt.

Known issues

Node Exporter port 9100 conflicts with Traefik

Uyuni container uses port 9100 for Node Exporter. The same port is used by
Traefik default configuration to exports its own metrics, so there is a
conflict and Traefik fails to start:

2024/07/13 09:02:29 traefik.go:80: command traefik error: error while building entryPoint node-exporter: error preparing server: error opening listener: listen tcp :9100: bind: address already in use

The failure can be hidden because Kubernetes keeps running the Traefik with the
old configuration.

A fix to this issue will be available in the next Uyuni release.

Transactional systems - Salt SSH execution

The Salt SSH execution utilized during the onboarding process may face
inconsistencies if a Salt Minion or the Salt Bundle is already present on the
Minion, which could potentially result in onboarding failure.

Workaround: If the salt-minion or venv-salt-minion packages are already
installed, remove them, and then proceed to onboard the SUSE Linux Enterprise
Micro or openSUSE Leap Micro system.

Onboarding issues in SUSE Linux Enterprise Micro and openSUSE Leap Micro 5.5

There is a very specific case in which onboarding of the mentioned systems will
not work. This only happens when the package venv-salt-minion was already
installed on the target system. The issue is being investigated in order to
provide a fix. For the time being, our recommendation is to remove the affected
package first, and let the onboarding process reinstall it.

Database restart

If the Uyuni services are already running, they may not handle a PostgreSQL
database restart seamlessly. Restarting these services is necessary in such
cases. We are actively working on enhancing the resilience of these services to
recover gracefully in the event of a database restart.

If you encounter issues with Uyuni after a PostgreSQL restart, we recommend
restarting the Uyuni services using the command spacewalk-service restart.

Automated RHUI credential update

Red Hat Enterprise Linux 9 clients may encounter SSH connectivity issues with
the standard configuration. To resolve this, they must be configured with the
crypto policy set to "LEGACY" in order to establish a connection.

Before attempting to set up the SSH connection, please use the following
command:

sudo update-crypto-policies --set LEGACY

While for Red Hat Enterprise Linux 7 clients, ensure that you update the
instance first before proceeding with any further steps.

AlmaLinux

Because of an upstream bug, the original package shipped with AlmaLinux 8.5 is
providing a broken repository file (containing duplicated identificators). We
have already reported this issue to AlmaLinux.

Workaround: Update the package almalinux-release before registering the
instance to Uyuni so at least the version 8.5-3 is installed.

Bootstrap with web UI using non-root user

Onboarding of clients with the non-root user from the Uyuni UI fails the
following error:

ERROR com.suse.manager.webui.controllers.utils.AbstractMinionBootstrapper - Error during bootstrap: SaltSSHError(13, stderr: "", stdout: "ERROR: Failure deploying ext_mods:"

The root cause of this problem is a wrong ownership of the Salt thin directory
when using the Salt bundle.

Workaround: Once bootstrap fails, the user can run chown -R $USER:$GROUP /var/
tmp/.*_salt once and try onboarding again, it shouldn't fail this time.

CLM and custom repositories

When building a CLM project that includes custom channels with custom
repositories, the custom repositories might not be selected in the new cloned
custom channels. As a workaround, one can go to the new cloned custom channels,
select the custom repositories and synchronize them.

Container build host and Salt bundle

The container build host will not work with the Salt bundle. We are working on
a fix. Meanwhile, don't use the Salt bundle on the Container build host but
rather a normal Salt.

Single Sign On, API and CLI tools

Single Sign On can be used to authenticate in the Web UI but not with the API
or CLI tools. This will be fixed in a future release of Uyuni.

EPEL and Salt packages

Using the Extra Packages for Enterprise Linux directly on RHEL clients (or
compatible: CentOS, Oracle Linux, etc) will install the Salt packages from
EPEL, which miss some features in the Uyuni-provided Salt packages. This is an
unsupported scenario.

If you need to enable the EPEL repository, make sure you are using the Salt
Bundle (it is used by default with new clients but not for clients onboarded
before Uyuni 2022.04)

Pay-as-you-go Connection requirement

For a fully operational PAYG Connection for SUSE Linux Enterprise Server or
SUSE Linux Enterprise Server for SAP Applications clients, it's crucial to have
the instance-flavor-check tool installed, which is bundled within the
python-instance-billing-flavor-check package. While this package is
automatically installed on all newly created instances, for older running
instances, manual installation is necessary to prevent potential errors. If
you're working with older Cloud instances, you can install this package
manually from the Public Cloud Module. For SUSE Linux Enterprise Micro 5.3 and
5.4, the instance-flavor-check is directly available and there's no need to
enable extra modules.

RHEL native clients

When autogenerating bootstrap repositories for native RHEL clients, some errors
may be logged from the moment the official Red Hat channels are added until the
moment those channels are fully synchronized for the first time.

This does not affect CentOS, Rocky Linux, AlmaLinux or Oracle Linux.

Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to Uyuni as Salt
minions

If a client machine is running the Red Hat Satellite 5.x agent, registering it
to Uyuni as a Salt minion will fail due to package conflicts.

Registering a RH Satellite 5.x client as a Uyuni traditional client works fine.

Registering a Uyuni traditional client as a Uyuni Salt minion will also work.

Works Fails
RH Satellite 5.x ? Uyuni traditional RH Satellite 5.x ? Uyuni Salt minion

Uyuni traditional ? Uyuni Salt minion

In order to register Red Hat Satellite 5.x clients to Uyuni as Salt minions,
you will need to modify the bootstrap script to remove the Satellite agent
packages first.

Spacewalk 2.x and Oracle Spacewalk 2.x clients will show the same behavior as
Red Hat Satellite 5.x clients

Ubuntu/Debian: duplicate entries in sources.list

Due to a (bug) in the python3-apt package, a conflict arises with the signed-by
repository option. This issue stems from the interaction between the Salt
aptpkg module, which relies on the aptsources module provided by the python-apt
package.

Presently, the code only recognizes arch and trust options, while any other
valid options cause "aptsources" to classify the repository as invalid. This
can lead to duplicated entries in the /etc/apt/sources.list file on each
highstate run, potentially inflating its size significantly.

Although the patch has been submitted upstream, we are still awaiting its
official release.

In the meanwhile, please vist the SUSE Knowledgebase for more information about
the issue and possible workarounds that also apply to Uyuni.

Client Tools Notes

URLs of the Client Tools are:

* openSUSE Leap 15.* (x86_64, aarch64): https://download.opensuse.org/
repositories/systemsmanagement:/Uyuni:/Stable:/
openSUSE_Leap_15-Uyuni-Client-Tools/openSUSE_Leap_15.0/

* openSUSE Leap Micro 5.* (x86_64, aarch64): https://download.opensuse.org/
repositories/systemsmanagement:/Uyuni:/Stable:/
openSUSE_Leap_15-Uyuni-Client-Tools/openSUSE_Leap_15.0/

* SUSE Linux Enterprise 12 (x86_64, pcc64le, s390x, aarch64): https://
download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/
SLE12-Uyuni-Client-Tools/SLE_12/

* SUSE Linux Enterprise 15 (x86_64, pcc64le, s390x, aarch64): https://
download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/
SLE15-Uyuni-Client-Tools/SLE_15/

* CentOS7 (x86_64, aarch64, ppc64le): https://download.opensuse.org/
repositories/systemsmanagement:/Uyuni:/Stable:/CentOS7-Uyuni-Client-Tools/
CentOS_7/

* Oracle Linux 7 (x86_64): https://download.opensuse.org/repositories/
systemsmanagement:/Uyuni:/Stable:/CentOS7-Uyuni-Client-Tools/CentOS_7/

* Oracle Linux 8 (x86_64, aarch64): https://download.opensuse.org/
repositories/systemsmanagement:/Uyuni:/Stable:/EL8-Uyuni-Client-Tools/EL_8/

* Oracle Linux 9 (x86_64, aarch64): https://download.opensuse.org/
repositories/systemsmanagement:/Uyuni:/Stable:/EL9-Uyuni-Client-Tools/EL_9/

* AlmaLinux 8 (x86_64, aarch64): https://download.opensuse.org/repositories/
systemsmanagement:/Uyuni:/Stable:/EL8-Uyuni-Client-Tools/EL_8/

* AlmaLinux 8 (x86_64, aarch64, ppc64le, s390x): https://
download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/
EL9-Uyuni-Client-Tools/EL_9/

* Rocky Linux 8 (x86_64, aarch64): https://download.opensuse.org/repositories
/systemsmanagement:/Uyuni:/Stable:/ELS8-Uyuni-Client-Tools/EL_8/

* Rocky Linux 9 (x86_64, aarch64, ppc64le, s390x): https://
download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/
EL9-Uyuni-Client-Tools/EL_9/

* Amazon Linux 2 (x86_64, aarch64): https://download.opensuse.org/
repositories/systemsmanagement:/Uyuni:/Stable:/CentOS7-Uyuni-Client-Tools/
CentOS_7/

* Amazon Linux 2023 (x86_64, aarch64): https://download.opensuse.org/
repositories/systemsmanagement:/Uyuni:/Stable:/EL9-Uyuni-Client-Tools/EL_9/

* Alibaba Linux 2 (x86_64, aarch64): https://download.opensuse.org/
repositories/systemsmanagement:/Uyuni:/Stable:/CentOS7-Uyuni-Client-Tools/
CentOS_7/

* AlmaLinux 8 (x86_64, aarch64): https://download.opensuse.org/repositories/
systemsmanagement:/Uyuni:/Stable:/EL8-Uyuni-Client-Tools/EL_8/

* Rocky Linux 8 (x86_64, aarch64): https://download.opensuse.org/repositories
/systemsmanagement:/Uyuni:/Stable:/EL8-Uyuni-Client-Tools/EL_8/

* openEuler 22.03 (x86_64, aarch64): https://download.opensuse.org/
repositories/systemsmanagement:/Uyuni:/Stable:/EL8-Uyuni-Client-Tools/EL_8/

* Ubuntu 20.04 (x86_64): https://download.opensuse.org/repositories/
systemsmanagement:/Uyuni:/Stable:/Ubuntu2004-Uyuni-Client-Tools/
xUbuntu_20.04/

* Ubuntu 22.04 (x86_64): https://download.opensuse.org/repositories/
systemsmanagement:/Uyuni:/Stable:/Ubuntu2204-Uyuni-Client-Tools/
xUbuntu_22.04/

* Debian 11 (x86_64, aarch64, armv7l, i586, ppc64le, s390x): https://
download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/
Debian11-Uyuni-Client-Tools/Debian_11/

* Debian 12 (x86_64, aarch64, armv7l, i586, ppc64le, s390x): https://
download.opensuse.org/repositories/systemsmanagement:/Uyuni:/Stable:/
Debian12-Uyuni-Client-Tools/Debian_12/

* Raspberry Pi OS 12 (arm64, armhf): https://download.opensuse.org/
repositories/systemsmanagement:/Uyuni:/Stable:/Debian12-Uyuni-Client-Tools/
Debian_12/

Keep in mind you should manage the client tools using the command
spacewalk-common-channels on the server, that will also allow you to add the
required channels for all those operating systems that are freely available.

Supported clients

At the moment the status is the following:

Distribution Salt bootstrap from Salt SSH bootstrap Salt bootstrap from
server from server client

openSUSE Leap
15.X

openSUSE Leap
Micro 5.X

SUSE Linux
Enterprise 12

SUSE Linux
Enterprise 15

CentOS7

Oracle Linux 7

Oracle Linux 8

Oracle Linux 9

Amazon Linux 2

Amazon Linux 2023

Alibaba Linux 2

AlmaLinux 8

AlmaLinux 9

Rocky Linux 8

Rocky Linux 9

openEuler 22.03

Ubuntu20.04

Ubuntu22.04

Debian11

Debian12

Raspberry Pi OS
12

= Working, = Not working, = Untested

With the exception of RHEL/CentOS and Oracle Linux, all maintained SPs and
subversions are supported.

Untested clients

Distribution Salt bootstrap Salt SSH bootstrap Salt bootstrap Traditional
from server from server from client

RHEL7

RHEL8

RHEL9

RHEL7 is expected to work in the same way as CentOS7, using the CentOS7 client
tools. RHEL8 and 9 are expected to work in the same way as Rocky Linux or
AlmaLinux 8 or 9, using the AlmaLinux/Rocky Linux/Oracle 8 or 9 client tools

CentOS8 (and therefore RHEL8) does not have support for the traditional client
tools, only salt.

Installation

Requirements

See the documentation for more details on the system requirements.

Installing the Server

See the Installation/Upgrade guide for detailed instructions on how to install.

Update from previous versions of Uyuni Server

See the Installation/Upgrade guide for detailed instructions on how to upgrade.

* As Uyuni 2023.09 is changing the base operating system, you will need to
follow the "Installation/Upgrade Guide > Upgrade > Upgrade the Server" >
"Server - Major Upgrade" section.

* Migrating from versions older than 2022.06 is not possible

All connected clients will continue to run and are manageable unchanged.

Update from previous versions of Uyuni Proxy

When updating, always start with the server first and then continue with the
proxies.

See the release notes for the proxy and the Installation/Upgrade guide for
detailed upgrade instructions.

Other information

Red Hat Channels

Managing RHEL clients requires availability of appropriate Red Hat packages.

SUSE Channels

Managing SUSE Linux clients requires availability of appropriate SUSE channels.

Your licensed SUSE products can be used with Uyuni by following the setup
Wizard.

Check the manuals for more information.

Providing feedback

In case of encountering a bug please report it at https://github.com/
uyuni-project/uyuni/issues

Legal Notices

This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
License. To view a copy of this license, visit http://creativecommons.org/
licenses/by-sa/3.0/es/ or send a letter to Creative Commons, PO Box 1866,
Mountain View, CA 94042, USA.

For SUSE trademarks, see http://www.suse.com/company/legal/. All other
third-party trademarks are the property of their respective owners. Trademark
symbols (?, ? etc.) denote trademarks of SUSE and its affiliates. Asterisks (*)
denote third-party trademarks.

All information found in this document has been compiled with utmost attention
to detail. However, this does not guarantee complete accuracy. Neither SUSE
LLC, its affiliates, the authors nor the translators shall be held liable for
possible errors or the consequences thereof.

Last updated 2024-07-19 13:13:38 +0200