Release Notes

orcharhino 6.2 is here!

Highlights

  • Running orcharhino on EL8
    You can install orcharhino Server or orcharhino Proxies on AlmaLinux 8, Oracle Linux 8, Red Hat Enterprise Linux 8, and Rocky Linux 8.orcharhino contains Kickstart files to provision a system for orcharhino Server. For a complete list of Kickstart files, see Kickstart Requirements in Installing orcharhino Server.
    orcharhino is available as Open Virtual Appliance (OVA) image to run orcharhino Server on AlmaLinux 8.With orcharhino 6.2, users can either install orcharhino on EL7 or EL8; or upgrade orcharhino 6.1. to 6.2 without changing the EL version and distribution. With one of the upcoming orcharhino releases, we will provide a way to migrate from EL7 to EL8.
  • Deploy Kubernetes Clusters with orcharhino
    We now provide an Ansible playbook for the Application Centric Deployment (ACD) plug-in to deploy Kubernetes clusters. You can download the Ansible playbook from github.com/ATIX-AG/acd_playbook_for_kubernetes. For more information, see Application Centric Deployment.
  • Live-patch managed hosts using TuxCare’s KernelCare plug-in
    We now provide TuxCare’s KernelCare plug-in for orcharhino as a tech preview. The plug-in improves the usage of KernelCare on hosts managed by orcharhino. You can use it on managed hosts running AlmaLinux, CentOS, Oracle Linux, Red Hat Enterprise Linux, and Rocky Linux. Using KernelCare requires a subscription from tuxcare.com. You can find the documentation for the KernelCare plug-in in the orcharhino documentation under Live-Patching Hosts Using KernelCare.
  • Accessing OS-specfic documention from orcharhino management UI
    We have added an OS-independent landing page to orcharhino Documentation. When you click Documentation on any page in the orcharhino management UI, you can select your operating system and are forwarded to the OS-specific guide. This is especially useful for pages such as Hosts > Installation Media.

orcharhino on EL8

orcharhino on EL8

Deploying Kubernetes Cluster using ACD

Deploying Kubernetes Cluster using ACD

Changelog Features

  • Provisioned hosts running Ubuntu have “phased updates” disabled by default through their provisioning templates. For more information, see https://docs.orcharhino.com/or/docs/sources/guides/ubuntu/managing_content/managing_errata.html#Disabling_Phased_Updates
  • Automated setup of the Salt Reactor integration to upload reports.
  • Adjusted the Kickstart files to provision a host for orcharhino to leave sufficient free disk space for backups which rely on LVM snapshots. For more information on adjusting the LVM volume groups on existing systems, see https://atixservice.zendesk.com/hc/de/articles/6990912116252.
  • Added sync options ‘Download Policy’ and ‘Mirroring Policy’ for repositories created by the SCC Manager plug-in.
  • Added support for Quiesce Snapshots for VMware using the Snapshot Management plug-in.
  • Added support for NetIQ LDAP as Authentication Source.
  • Added support for Debian/Ubuntu and SLES to the new host registration approach.
  • Added several hooks to debian provisioning templates which can be used to add custom provisioning snippets.
  • Added new provisioning template for Windows deployment. You can use it to provision hosts running Windows using iPXE over HTTP instead of TFTP.
  • Added a host parameter to override the default GRUB kernel parameters on Ubuntu and Debian.
  • Added a console (rake) task to identify missing content in subscription management system.
  • Added Ansible module to list of all snapshots for a particular host.

SCC manager download policy

SCC manager download policy

Changelog Documentation

Deprecations

  • We no longer maintain the orcharhino Client for CentOS Linux 8 due to the CentOS project no longer providing any security updates. Please note that we still support other EL 8 distributions such as AlmaLinux 8, CentOS Stream 8, Oracle Linux 8, Red Hat Enterprise Linux 8, and Rocky Linux 8. If you have the orcharhino Client synchronized, you can continue using it.
  • We no longer maintain the orcharhino Client for Debian 9 due to the Debian project no longer providing any security updates. Please note that we offer orcharhino Clients for Debian 10 and Debian 11. If you have the orcharhino Client synchronized, you can continue using it.

Changelog Bugfixes

  • Fixed a bug that caused PostgreSQL to show error messages all the time indicating that you need to do a systemctl daemon-reload because of the postgresql service.
  • Fixed a bug that prevented the provisioning of EL8 using the minimal ISO image due to the missing dhclient package.
  • Fixed bug that modulemd-defaults metadata were not copied to filtered CVs
  • Fixed a bug which prevented creating snapshots using Foreman Ansible Modules if a snapshot with same name already existed.
  • Fixed occasional issue during host-registration which resulted in Host-Registration failing with ‘HTTP error (404 – Not Found): Consumer with id e6ec3369-9568-4851-888c-75d08edf1624 could not be found’
  • Fixed a bug that in rare circumstances a Debian Errata was available twice and therefore the unique constraint was violated.
  • Improved error message if reclaim disc-space option is used but no supported repository available (reclaim disc-space only works for ON_DEMAND repos)
  • Updated rubygem-rack to fix CVE-2022-30122
  • Fixed a bug causing missing architecture “all” packages when syncing multiple Debian 11 distributions into a single repository.
  • Fixed a bug preventing DEB repos from being visible to clients if they have multiple architectures set.
  • Updated rubygem-tzinfo to fix CVE-2022-31163
  • Assessed CVE-2022-42889 to be low impact for orcharhino (see https://atixservice.zendesk.com/hc/de/articles/6486350326812-CVE-2022-42889-Apache-Commons-Text-vulnerability)
  • Updated ruby-on-rails to fix CVE-2021-22942, CVE-2021-44528, CVE-2022-21831, CVE-2022-23633, CVE-2022-32224, CVE-2023-22794
  • Updated Django to fix CVE-2022-41323
  • Fixed a bug in the Salt plug-in which mistakenly uploaded the same report twice: through the recurring cron job and the Salt reactor.
  • Fixed a bug that only allowed certain characters for Content View labels.
  • Fixed a bug in ACD plug-in that Ansible variables cannot be saved in orcharhino management UI.
  • Fixed katello-tracer-upload not working after system reboot
  • Fixed a bug that there is no description mentioning the added errata and DEB packages if an incremental CV is created because of errata installation.
  • Fixed a bug that prevented to delete a host managed by a Microsoft Windows DNS server.
  • Fixed a bug that prevented overwriting the “use installation media” setting on the “Create Hosts” page when using “Synced Content”.
  • Fixed a bug Salt-plugin which could not handle Salt error report format
  • Fixed incorrect timestamp for Ansible reports.
  • Fixed a bug which prevented creating offline backups