orcharhino 7.0 is here!
Tech Update Video
A short overview of the new features introduced in orcharhino 7.0
Highlights
Rebranding
orcharhino 7.0 is freshened up for the future, featuring a redesigned interface and updated branding, offering a fresh experience.
EL9 Support
orcharhino 7.0 now can be installed on Enterprise Linux 9. With orcharhino 7.0 new installations are now based on AlmaLinux 9, Rocky Linux 9, Oracle Linux 9, and Red Hat Enterprise Linux 9. Existing installations of orcharhino are still supported on Enterprise Linux 8 up to orcharhino 7.1. With orcharhino 7.1, an upgrade path will be offered to upgrade existing orcharhino installations on Enterprise Linux 8 to 9.
Rolling Content View
orcharhino 7.0 introduces the Rolling Content View, providing access to the most up-to-date packages, without the need to publish and promote new content view versions. It combines the benefits of the Default Organization View with full control over what repositories are exposed to your hosts. For more information: Managing content views
Rolling Content View
Salt 3006.9
orcharhino 7.0 now provides access to Salt 3006.9 release, replacing the end-of-life Salt 3005. As a Long-Term Support (LTS) release, Salt 3006.9 offers a reliable way to integrate a systems management stack with orcharhino.
Puppet 8
orcharhino 7.0 adds support for Puppet 8 while continuing to support Puppet 7. This update facilitates a smooth transition to the latest Puppet stack and provides flexibility to adjust setups before Puppet 7 reaches its end-of-life in 2025.
Full ARM64 client support
orcharhino 7.0 extends the client support for ARM64 to all supported Linux distributions. We now provide orcharhino Clients for AlmaLinux, Debian, Red Hat Enterprise Linux, Rocky Linux, SUSE Linux Enterprise Server, and Ubuntu on the ARM64 architecture.
AWS Graviton
orcharhino 7.0 now supports AWS Graviton, an ARM64-based architecture optimized for AWS. This enables seamless deployment and management of ARM64-based hosts on AWS.
Resource Quota
orcharhino 7.0 includes a tech preview of the new Resource Quota plugin.
This plugin enables organizations to limit the amount of the CPU cores, RAM, or disk space available to teams or specific users for host provisioning.
For more information see: Limiting host resources in Administering orcharhino
Disclaimer: Tech previews are not supported in production environment. For a list of tech previews see https://docs.orcharhino.com/or/docs/sources/introduction/technical_previews.html
Knowledge base article https://atixservice.zendesk.com/hc/de/articles/16772654610844-Technical-Previews
Resource Quota
Changelog Features
- Content Management (Python): Added an option to specify the amount of Python packages to keep: https://docs.orcharhino.com/or/docs/sources/guides/almalinux/managing_content/
managing_python_type_content.html#Synchronizing_Python_Repositories_content-management
- Content Management: Added download policy option for File Repositories, enabling customers to choose between ‚immediate‘ and ‚on_demand‘: https://docs.orcharhino.com/or/docs/sources/guides/ubuntu/managing_content/
managing_custom_file_type_content.html#Creating_a_Custom_File_Type_Repository_content-management
- Host Provisioning (Windows): Enabled remote desktop feature in user data template.
- Host Provisioning: Improved host provisioning for RHEL, AlmaLinux and Rocky Linux by skipping the setup of the client repository for these operating systems because the installation of the subscription-manager works without having this extra repository.
- Management UI: Added link to orcharhino API documentation to Administer > About.
- New Host Details Page: Added ‚Refresh Package Applicability‘ menu entry for Debian Packages.
- orcharhino installer: Added python-dmidecode dependency for subscription-manager package on Debian/Ubuntu to ensure dmidecode-based facts are transmitted to orcharhino.
- Security: Added support of multiple encrypted disks using Clevis/Tang.
- Security: Added the full GPG key URL on the repository details page so that you can copy/paste it. This help to access manually configured repositories which are provided by orcharhino using the GPG keys for them.
- Security: Added the full GPG key URL on the repository details page so that you can copy/paste it. This help to access manually configured repositories which are provided by orcharhino using the GPG keys for them.
- Tech Preview: Developed the new Resource Quota plugin, enabling administrators to limit host resources among users and user groups: https://docs.orcharhino.com/or/docs/sources/guides/administering_orcharhino.html#limiting-host-resources
Changelog CVE
- CVE-2024-8376: Memory leak in Mosquitto by sending specific sequences of packets affects Pull Provider.
- CVE 2024-8553: Read-only access to entire db from templates.
- CVE-2024-37891: Proxy-Authorization request header isn’t stripped during cross-origin redirects in urllib3.
- CVE-2024-47887: Action Controller has possible ReDoS vulnerability in HTTP Token authentication.
- CVE-2024-47889: Action Mailer has possible ReDoS vulnerability in block_format.
- CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-11003: Updated Debian/Ubuntu clients to security issues in needrestart.
Changelog Bugfixes
- Compute Profiles: Network interface setting is not shown for VMware.
- Configuration Management (Ansible): Ansible variables tab on the host details page displays error code 500.
- Content Management (Debian): Changing repository override on the new host details page results in an empty error toast.
- Content Management (Debian): Debian content upload via hammer or REST-API results in a corrupt Debian package.
- Content Management (Debian/Ubuntu): Debian content-hosts subscribed to Default Content View do not display deb repositories in Content > Repository Sets tab on the host details page.
- Content Management (Debian/Ubuntu): If repository set overrides are set on a host by ‚Select all‘ and specific repositories deselected, the content override is still set on the deselected repositories.
- Content Management (Debian/Ubuntu): Using deb filters when structured APT is enabled leads to broken content view publications.
- Debian Errata Parser: Linux-Kernel related Errata for Ubuntu-ESM versions do not include all relevant packages.
- Errata report: The „Applied Errata Report“ does not render.
- Host Creation (oVirt): The storage section on the ‚Virtual Machine‘ tab is now always being displayed.
- Host Management: Restart services job does not fail when one single restart service fails.
- orcharhino Client (Debian/Ubuntu): SCAP client reports an issue that „rpm“ cannot be executed.
- orcharhino Client (Ubuntu): orcharhino client repository for Ubuntu 24.04 misses libopendbx1 for the ruby-foreman-scap-client installation.
- orcharhino Clients (Debian/Ubuntu): To make sure that package lists and tracer information are available after host provisioning and host registration, install katello-host-tools and katello-host-tools-tracer by default. This global parameter can be changed by the customer on different parameter levels if needed.
- orcharhino Clients (SLES): Job template results in an error if zypper is updated during the process.
- orcharhino Installer: No verification of valid hostnames / FQDN.
- orcharhino Installer: The web installer tooltip for the ‚No Proxy‘ address setting has no example.
- orcharhino Platform: The ‚Subscriptions‘ page cannot be loaded due to an error in candlepin.
- orcharhino Update: Job templates are not assigned automatically during upgrade if sub-locations are used.
- Pulp (Debian/Ubuntu): Tasks in pulp_deb do not clean up temporary directories and files after they are completed.
- Remote Execution: A custom non-root remote execution user runs into an error during provisioning because sudo is not installed by default on Debian.
Deprecations
- orcharhino Client (SLES): With orcharhino 7.1, we will stop maintaining orcharhino Clients for SUSE Linux Enterprise Server 15 SP2 due to EOL by the operating system vendor.
- orcharhino platform: orcharhino 7.2 will finally switch to Enterprise Linux 9 as sole platform, replacing Enterprise Linux 8. Users of Enterprise Linux 8 will be able to perform a Leapp upgrade to Enterprise Linux 9 with orcharhino 7.1 prior to upgrade to orcharhino 7.2.