orcharhino 6.6

---

orcharhino 6.6 comes with an improved management UI

• The modernized host details page uses a modern UI with cards for each feature, for example, provisioning information, Ansible, and Puppet. All core details of managed hosts are curated in the overview section.
• The new host details page no longer contains a dedicated section for subscription management of managed hosts. Instead, you can go to „Hosts > All Hosts“, select a host, and click on „Legacy content host UI“ from the menu in the top right corner. On the old host details page for content hosts, select the „Subscriptions“ tab. For more information, see Using the new „Host Details“ page.
• The new remote execution job wizard guides you through the process of invocating jobs.
• You can customize the displayed columns on the „All Hosts“ page.
• You can create a host based on a host group directly from the „Host Groups“ page.
• To speed up the management UI, orcharhino Server uses HTTP/2 by default.

Improved content management

• orcharhino now supports import and export of content views with DEB content. Note that the export and import only contain „.deb“ packages but no errata.
• You can compare two content view versions on the „Compare“ tab on the „Content View“ page.
• Yum repositories support syncable format imports to synchronize content from an URL instead of a file path. For more information, see Exporting a Content View Version Incrementally.
• API calls to determine if host repositories are enabled return simplified results.

Additional features

• orcharhino 6.6 is based on Foreman 3.5, Katello 4.7, and Pulp 3.21.
• We now offer an ISO image containing all packages needed to install orcharhino Server. For more information on how to install orcharhino Server in disconnected environments using ISO images, see https://docs.orcharhino.com/or/docs/sources/installation_and_maintenance/installing_orcharhino_server_offline.html#
  Installing_orcharhino_Server_using_ISO_Images
• orcharhino now supports image-based deployment on Proxmox compute resource using cloud-init.

Technical preview features

• orcharhino contains the new Ansible role „or_proxy_installation“ to install and configure orcharhino Proxy on EL8. For more information, see Installing the orcharhino Proxy Packages.
• orcharhino provides the new pull client to run remote execution jobs which replaces katello-agent. For more information, see Configuring Remote Execution for Pull Client. You can view a list of orcharhino Clients with Pull Provider in the ATIX Service Portal: orcharhino Clients with Pull Provider.
• orcharhino now supports the kernel_care plug-in for hosts running Debian and Ubuntu.
• orcharhino now supports Alternate Content Sources (ACS) to synchronize packages from a closer mirror or orcharhino Proxy instead of from your orcharhino Server. For more information, see Managing Alternate Content Sources.

Changelog Features

• Ensure that orcharhino can still be used with Puppet 6, even though the Puppet 6 version is officially no longer available.
• Added a script to improve the installation experience of orcharino Server running on Red Hat Enterprise Linux when registering to OCC.
• The Ansible roles to provide content for orcharhino Proxies and to add new operating systems can now be started with shell scripts instead of orcharhino remote execution jobs. This makes setting up the required permissions to run REX jobs against orcharhino Server obsolete and therefore simplifies this process.
• Improved the UI for Proxmox compute resource advanced options.
• Unset the OS minor version for all operating systems that are configured when installing orcharhino Server. For Ubuntu 22.04, we have set the minor OS version to provision hosts using Ubuntu AutoInstall. For more information, see https://atixservice.zendesk.com/hc/de/articles/10773470786844
• Extended provisioning template to deploy bare metal hosts with multiple network interfaces.
• Added „no_proxy“ field into orcharhino Installer GUI.
• Updated the base OS of the orcharhino OVA image to AlmaLinux 8.8.
• Reworded interactive questions in „install_orcharhino.sh“.
• Applying Debian Errata to content view versions now also adds all other Debian Errata that are fixed by the installed packages.
• Added a new host parameter that allows provisioning through orcharhino Proxies without having to override the „or_client_repo_url“ parameter. For more information, see https://docs.orcharhino.com/or/docs/sources/guides/debian/provisioning_hosts/configuring_provisioning_resources.html

Changelog Bugfixes

• Fixed an issue that re-importing manifests throws an error with message: Subscription can’t be blank, A Pool and its Subscription cannot belong to different organizations.
• Fixed CVE-2022-3874: OS command injection via ct_command and fcct_command.
• Fixed CVE-2023-0118: Arbitrary code execution through templates.
• Fixed CVE-2023-0462: Arbitrary code execution through yaml global parameters.
• Fixed sporadic issue where remote execution jobs are displayed as failed in the management UI, even though the commands on the managed hosts succeeded.
• Fixed CVE-2022-4130: Blind SSRF via Referer header.
• Fixed an issue that in some rare cases no new publication was created when that data is copied to the library.
• Updated python39-django to fix CVE-2023-36053 and CVE-2023-41164.
• Fixed DNS issue when deploying a host with Proxmox compute resource.
• Fixed an issue that the answer file of the orcharhino web installer was malformed because of missing values for or_sec_int_net.
• Timeout-values from „Settings > Content“ are now also used for content synchronization to orcharhino Proxies.
• Fixed an issue where orcharhino-debug did not contain the log files of the orcharhino installer.
• Added the OpenSCAP client to orcharhino Client for CentOS 7.
• Fixed orcharhino job template ‚orcharhino Configuration – Operating Systems‘ did not configure client repository.
• Fixed an issue that a host which was deployed with PXE Loader ‚Grub2 UEFI‘ was not able to boot afterwards.
• Fixed an issue that enabled a sync plan which was previously disabled failed with ‚Cannot update a cancelled Recurring Logic‘.
• Fixed a bug that prevented the creation of file repositories, containing filenames with „,“ characters in them.
• Fixed a bug where Debian Errata were added to a repository although the synchronized packages could not resolve the Erratum.
• Fixed a bug that prevented the installation of katello-host-tools-tracer on orcharhino Proxies.
• Fixed a race-condition during promotion of incremental update of multiple versions of the same content view by removing concurrency.
• Improved the performance when creating incremental content view versions containing DEB content.
• Optimize mode for deb content can now take effect when switching from mirrored to not mirrored mode between synchronizations.
• Fixed a bug that prevented Ansible content to be exported.
• Fixed an issue in the orcharhino Installer GUI that starting the installation was possible even without providing a password.

Changelog Documentation

• Updated the tuning recommendations for Apache httpd on orcharhino Server. For more information, see https://docs.orcharhino.com/or/docs/sources/guides/tuning_orcharhino.html#tuning_apache_httpd_child_processes_performance-tuning
• Added documentation on how to export and import DEB content for Debian and Ubuntu. For more information, see https://docs.orcharhino.com/or/docs/sources/guides/debian/managing_content/inter_server_synchronization.html
• Limited the scope of the search bar on docs.orcharhino.com to the latest version to speed up the search functionality.
• Improved the guide to install orcharhino Server in a disconnected environment. For more information, see https://docs.orcharhino.com/or/docs/sources/installation_and_maintenance/installing_orcharhino_server_offline.html
• Documented the list of required SUSE products to register hosts running SUSE Linux Enterprise Server 15 SP4 and SP5. For more information, see https://docs.orcharhino.com/or/docs/sources/guides/suse_linux_enterprise_server/managing_hosts/registering_hosts.html#
  Registering_Hosts_Using_the_Bootstrap_Script.
• Added instructions on how to use orcharhino Proxies with multiple DNS names towards orcharhino Server and managed hosts. For more information, see https://docs.orcharhino.com/or/docs/sources/installation_and_maintenance/installing_orcharhino_proxy.html#
  System_and_Network_Requirements
• Added documentation on how to manage python type content with orcharhino. You can synchronize python packages from public repositories such as pypi.org or internal repositories to orcharhino and distribute them to managed hosts. For more information, see https://docs.orcharhino.com/or/docs/sources/guides/debian/managing_content/managing_python_type_content.html
• Documented monitoring managed hosts running Red Hat Enterprise Linux using Red Hat Insights. For more information, see https://docs.orcharhino.com/or/docs/sources/guides/red_hat_enterprise_linux/managing_hosts/red_hat_insights.html
• Renamed the AWX downstream product from Red Hat to „Ansible Automation Platform“.
• Added a hint about OpenSCAP on managed hosts: all orcharhino Clients contain the SCAP client to perform compliance scans on managed hosts through orcharhino Server or orcharhino Proxies.
• Documented the Hammer CLI procedures to manage SUSE content in orcharhino. For more information, see https://docs.orcharhino.com/or/docs/sources/guides/suse_linux_enterprise_server/managing_content/managing_suse_content.html

Deprecations

• We no longer maintain the orcharhino Client for SLES 12 SP4 due to SUSE no longer providing any security updates. If you have the orcharhino Client synchronized, you can continue using it. If you plan to upgrade your managed hosts, have a look at our „SLES Service Pack Upgrade“ job template to automate this process.
• We will remove Puppet 6 with orcharhino 6.8. If you use Puppet to configure managed hosts, ensure that all your Puppet modules work with Puppet 7 before upgrading to orcharhino 6.8.