Tech Update Video
A short overview of the new features introduced in orcharhino 6.11
Highlights
Simple Content Access (SCA) only!
orcharhino 6.11 now uses Simple Content Access (SCA) as the standard method for simplifying content management across all hosts managed by orcharhino. SCA streamlines content distribution without the need for tracking lists or individual deployments, making management easier for all users. Combined with the Host Count Page, it simplifies both deployment and reporting.
SCA product host count.
Host Registration Template
orcharhino 6.11 provides the ‘Host Registration Template’, replacing the old ‘bootstrap.py’ script. The new UI allows users to prepare a script to install subscription-manager and perform the registration to orcharhino. This script is easy to download, avoiding the need for manual copying. It supports customized snippets for pre- and post-registration tasks and simplifies multi-repository registrations, such as for SUSE Linux Enterprise Server. For more information: Registering hosts by using global registration
Performance boost
orcharhino 6.11 introduces a new performance enhancement, accelerating content creation and initial synchronization for Debian/Ubuntu systems by up to 30%.
Full deb content export/import
orcharhino 6.11 added errata information to the import/export function of Debian/Ubuntu content. This change helps to keep disconnected systems up-to-date by providing the errata to them.
Orcharhino Offline ISO images for Oracle Linux 8.10
orcharhino 6.11 is now available as an ISO image for installation on Oracle Linux 8.10. This ISO allows you to set up an orcharhino Server on Oracle Linux 8.10 in a fully disconnected network environment, without requiring access to the orcharhino Customer Center (OCC). For more information: Installing orcharhino Server (Offline) – orcharhino documentation
Proxmox 8.2.4
orcharhino 6.11 supports proxmox 8.2.4 as a reliable option for a virtualization platform for host deployment. For more information: Provisioning virtual machines in Proxmox
Structured APT
orcharhino 6.11 enables customers to optional switch on ‘Structured APT’ for all Debian and Ubuntu repositories. With this change, the management of such repositories gets simplified, like pinning APT versions. For more information: https://atixservice.zendesk.com/hc/de/articles/16326419356572-Deb-content-Using-structured-APT
Repository Filter
Managing repositories is getting much easier with orcharhino 6.11. The new repository status filter allows admins to easily navigate through the enabled repositories. For more information: Managing activation keys – orcharhino documentation
Repository Filter.
Amazon Linux 2023
orcharhino 6.11 adds an orcharhino Client for Amazon Linux 2023. This allows customers to use the latest Amazon Linux AMI available and to switch to Amazon Linux 2023 before the End of Life of Amazon Linux 2 in June 2025.
Network installation Windows Host with UEFI
Adapted the Windows provisioning templates to be able to boot via UEFI. Make it much easier by providing an Ansible automation script to generate the necessary ipxe.efi for Windows. For more information: Microsoft Windows Host with UEFI
Network installation with UEFI.
Tech previews
All Host Page
New All Hosts Page with customizable columns, including installable updates, last seen, lifecycle environment, content data, registered at. To enable this please configure “Show New Host Overview Page” to ‚yes‘.
Customizable All Host Page.
Changelog Features
- orcharhino Maintenance: Optimized queries to find and remove orphaned tasks on orcharhino Server.
- API: New API endpoint to get permissions of the current user.
- orcharhino Management UI: Changing the content source of a host now shows the Default Organization View as first content view.
- RHEL: Users will get warnings in the orcharhino management UI if their Red Hat manifest expires within the next three months.
- Content Management: New Hammer CLI command to repair corrupted metadata and content in content view versions:
hammer content-view version verify-checksum --id _My_CV_ID_
. - Data integrity: Users cannot publish a content view if an included repository is synchronizing and vice versa.
- Security: Use SHA256 as a checksum for Yum content.
- Security: Use SHA512 as the default hash function for passwords when provisioning hosts.
- Documentation: New section on how to deploy custom SSL certificates to hosts: Using custom SSL certificate for hosts .
- Content Management (Debian): The detailed view of Debian packages was extended to show additional Debian package attributes like “Section”, “Maintainer”, “Installed Size” and “Dependencies”.
- Content Management: Added a filter to the “Activation Keys” page that enables filtering the repositories by status.
- Content Management: Added the ability to bulk-delete repositories from published content views.
- Core Components: orcharhino 6.11 is based on Foreman 3.11, Katello 4.13, and Pulp 3.49.
- Documentation: Adapted instructions on how to install “pulp-manifest” on orcharhino Server: https://docs.orcharhino.com/or/docs/sources/guides/almalinux/managing_content/managing_custom_file_type_content.html #Creating_a_Local_Source_for_a_Custom_File_Type_Repository_content-management
- Documentation: Added a guide section on how to perform automatic orphan cleanups on orcharhino Server: https://docs.orcharhino.com/or/docs/sources/guides/removing_orphaned_content.html
- Documentation: Added a section on how to deploy custom SSL certificates to hosts: https://docs.orcharhino.com/or/docs/sources/guides/almalinux/managing_hosts/registering_hosts.html#using-custom-ssl-certificate-for -hosts_managing-hosts
- Documentation: Removed section about orcharhino-maintain to perform snapshots for backups. For more information on how to backup orcharhino, see https://docs.orcharhino.com/or/docs/sources/guides/administering_orcharhino.html#backing-up-orcharhino-server-and-orcharhino-proxy_admin
- Host Registration Template (Debian/Ubuntu): Added a cleanup mechanism for Debian repositories. The host parameter “skip_unmanaged_repositories_cleanup” can be used to omit the cleanup: https://docs.orcharhino.com/or/docs/sources/guides/ubuntu/managing_hosts/registering_hosts.html#global-parameters-for-registration_managing-hosts
- orcharhino Clients (Oracle): Added orcharhino Client support for Oracle Linux 8.9 and 8.10.
- orcharhino OVA: Added the subscription-manager to the orcharhino OVA image which simplifies installation of orcharhino Server in disconnected scenarios.
- orcharhino Proxy: Renamed Ansible roles to create “Providing Content for orcharhino Proxy Server” from “Smart Proxy Atix” to “orcharhino Proxy” matching the orcharhino naming scheme. Please have a look at the “Version specific upgrade steps”.
- orcharhino Upgrade: Added a check to ensure that there is enough disk space for PostgreSQL upgrade.
- Pull Provider: Updated the orcharhino pull provider to version >= 0.2.2.
- Security Compliance: Extended “Managing Security Compliance” chapter: https://docs.orcharhino.com/or/docs/sources/guides/managing_security_compliance.html#remediating-compliance-failures_security-compliance
- Windows Deployment: Adapted the Windows provisioning templates to enable booting via UEFI. Additionally, provided an Ansible automation script to generate the necessary ipxe.efi for Windows.
Changelog CVE
- CVE-2024-7012: An authentication bypass vulnerability exists in Foreman.
- CVE-2024-7923: An authentication bypass vulnerability exists in Pulpcore.
- CVE-2024-9355 (orcharhino Clients): Golang FIPS zeroed buffer (for all clients except RHEL7 and Oracle7).
- CVE-2024-9355 (orcharhino): Golang FIPS zeroed buffer (yggdrasil-worker-forwarder).
Changelog Bugfixes
- Content Management: Re-synchronizing a repository always recovers from a failed publication from the last failed synchronization task.
- Job template „Host – Registered Content Hosts”: Report now includes the correct Kernel version after Kernel upgrades.
- Monitor Host Status: The list of host statuses now honors the selected organization and location context and user permissions.
- orcharhino Proxy Server: Ansible role now works with organizations that have a different name and label.
- Content Management (SUSE): Fixed a bug that prevented editing and deleting SCC accounts that have sync plans enabled.
- Content Management (Debian/Ubuntu): It is now possible to perform incremental content view updates by adding Debian packages.
- Content Management (Python): Python packages containing „.“ or „_“ in their name are no longer dropped during orcharhino Proxy sync.
- Content Management (Red Hat): Fixed a bug that prevented the Red Hat repository page to show the enabled repositories.
- Content Management: Implemented a more robust URL encoding mechanism ensuring that special characters in file names are processed without double encoding.
- Content Management: Implemented batching for artifact deletion to handle the reclaim space task for large repositories.
- Content Management: Resolved an issue where the „Hostgroup -> Operating System -> Synced Content Media“ toggle did not accurately reflect its current state.
- Content Management: The content source is no longer automatically changed when a host is edited.
- Host Deployment: It is now possible to copy the error message from the host „Review before build“ page.
- Host Registration Template (Debian/Ubuntu): Packages are now automatically listed on the host details page after a host is registered.
- Host Registration Template: Fixed issue that host registration process failed when providing multiple packages in the „Install packages“ field.
- orcharhino Clients: Updated SCAP clients to mitigate the „invalid byte sequence in UTF-8“ issue during a SCAP run.
- orcharhino Installation: Fixed YAML syntax for the orcharhino installer with the option „–skip-packages-update“.
- orcharhino UI: Search filter for „auth_source_type“ in „Administer -> Users“ index page results in error.
- Salt Configuration Management: Proxmox host deployment now works when Salt setup is included.
- Subscription Management (Red Hat): Fixed branding issues in a job template.
Deprecations
- orcharhino-maintain: Removed obsolete option to perform snapshot backups. For more information on how to backup orcharhino, see Backing up orcharhino Server and orcharhino Proxy Server .
- Entitlement Mode: Simple Content Access (SCA) is the new content access mode. When upgrading, all existing organizations that use entitlement mode will automatically migrate to SCA. This change is not reversible.
- System Purpose-Related Host Statuses: The obsolete status fields for subscription, system purpose, SLA, role, usage, and addon are deleted
- Hammer CLI: Remove LCE option from host-registration generate-command in Hammer/API similar to orcharhino management UI
- Docker-type content: Removed fields for authentication tokens. To synchronize Docker-type content from container registries, you can authenticate using a username and password.
- Webhooks plugin: Users can now use the Webhooks plugin to make API calls after certain events on orcharhino: Administering orcharhino – orcharhino documentation
- Host Registration: bootstrap.py will be deprecated in a later version of orcharhino. Please move to the Host Registration Template.
- orcharhino Client: Removed Ansible Playbook to switch upstream URLs of orcharhino Clients from ACC to OCC.or.