Brand Claim Brand Claim

Linux

New Ubuntu image released

  • Standard_Ubuntu_20.04_latest
    • support for BMS is planned
    • default login user: ubuntu
    • supported OTC flavors: https://imagefactory.otc.t-systems.com/flavor-list

GPG key extension of Cloud:OTC repositories on 10th of August 2020

The CLOUD:OTC GPG key will be expire in the near future. Some Linux based distributions (except RHEL and SUSE) are affected which are currently using the following GPG key:

05a6c49c-5b1ecbbd gpg(Cloud:OTC OBS Project <Cloud:OTC@build.opensuse.org>)

pub  2048R/05A6C49C 2018-06-11 Cloud:OTC OBS Project <Cloud:OTC@build.opensuse.org>
      Key fingerprint = 3EA8 5041 32B7 F1E9 54A9  C0AD A4F6 B298 05A6 C49C

The above mentioned GPG key will be extended on the 10th of August 2020! Afterwards it could happen that just a notification information or in certain cases an error message is returning by running an update of packages which have been signed with this GPG key.

Please follow only instructions given down below in case of any error message returning to you!

In this case Image Factory Team has introduced a package called: cloud-oty-keyring
It contains CLOUD:OTC GPG key and enroll it to our customers automatically.

SUSE - SLES | openSUSE

The GPG key extension and eventually mirroring might take some time for some of the repos and during that time zypper will complain about expiring GPG key. Below is a workaround for SUSE case.

zypper --no-gpg-checks <rest of the arguments>

CentOS | EulerOS | OEL

It's necessary to configure two new repositories to being able to install cloud-otc-keyring package.

Configure repository URLs for CentOS-6 and OEL-6

To configure the repository on your system create the file /etc/yum.repos.d/otc-tools.repo with the following contents:

[otc-tools]
name=OTC-CLOUD-Tools-CentOS-6
baseurl=http://smt01-suse.otc-service.com/repo/RPMMD/otc_tools_centos6/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CLOUD-OTC

To configure the repository on your system create the file /etc/yum.repos.d/otc-drivers.repo with the following contents:

[otc-drivers]
name=OTC-CLOUD-Drivers-CentOS-6
baseurl=http://smt01-suse.otc-service.com/repo/RPMMD/otc_drivers_centos6/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CLOUD-OTC

Configure repository URLs for CentOS-7, OEL-7 and EulerOS-2.5

To configure the repository on your system create the file /etc/yum.repos.d/otc-tools.repo with the following contents:

[otc-tools]
name=OTC-CLOUD-Tools-CentOS-7
baseurl=http://smt01-suse.otc-service.com/repo/RPMMD/otc_tools_centos7/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CLOUD-OTC

To configure the repository on your system create the file /etc/yum.repos.d/otc-drivers.repo with the following contents:

[otc-drivers]
name=OTC-CLOUD-Drivers-CentOS-7
baseurl=http://smt01-suse.otc-service.com/repo/RPMMD/otc_drivers_centos7/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CLOUD-OTC

Configure repository URLs for CentOS-8 and OEL-8

To configure the repository on your system create the file /etc/yum.repos.d/otc-tools.repo with the following contents:

[otc-tools]
name=OTC-CLOUD-Tools-CentOS-8
baseurl=http://smt01-suse.otc-service.com/repo/RPMMD/otc_tools_centos8/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CLOUD-OTC

Configure repository URLs for Fedora

To configure the repository on your system create the file /etc/yum.repos.d/OTC-Fedora.repo with the following contents:

[OTC-build]
name=OTC-build
baseurl=http://smt01-suse.otc-service.com/repo/RPMMD/otc_fedora30/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CLOUD-OTC
enabled=1
skip_if_unavailable=True

Install and import new GPG key

If required for e.g. Fedora 30, yum command can also be replaced by dnf command!

$ yum clean all
$ yum repolist all
$ yum -y --nogpgcheck install cloud-otc-keyring

Any further updates or installations out of those two repositories will now work without any issues.

Debian | Ubuntu

Cleanup home garloff

Older ECS installations may still have the home garloff repository configured.
Since this repository is obsolete and replaced by Cloud OTC Tools, it is strongly recommended to remove any remains of this repository from /etc/apt/sources.list and /etc/apt/sources.list.d/.

Configure repository URL

Please have a look at http://download.opensuse.org/repositories/Cloud:/OTC:/Tools/ or our local mirror http://debmirror.otc-service.com/repositories/Cloud:/OTC:/Tools/ to find the correct URL for your distribution and version.
Hint: You can also use a command line browser like w3m to do this.

For example the repository URL for Debian 10 is http://debmirror.otc-service.com/repositories/Cloud:/OTC:/Tools/Debian_10/.

To configure the repository on your system create the file /etc/apt/sources.list.d/cloud-otc.list with the following contents (this example demonstrates Debian 10):

# otc-tools
deb [arch=amd64] http://debmirror.otc-service.com/repositories/Cloud:/OTC:/Tools/Debian_10/ /

Install the apt key

If you would run apt update now, you would get a error message like: "The repository 'http://debmirror.otc-service.com/repositories/Cloud:/OTC:/Tools/Debian_10 Release' is not signed."
To fix this the apt key for the Cloud OTC Tools repository needs to be installed.

For this the apt cache needs to be updated ignoring the missing key:

$ apt -o Acquire::AllowInsecureRepositories=true update

Remove locally added key:

$ apt-key --keyring /etc/apt/trusted.gpg del 3EA8504132B7F1E954A9C0ADA4F6B29805A6C49C

Then the cloud-otc-keyring package can be installed:

$ apt -o Acquire::AllowInsecureRepositories=true update
$ apt install --allow-unauthenticated cloud-otc-keyring

Now you run apt update, again. It should not show any errors anymore. The repository is now ready and can be used to install and upgrade packages.

If the the above steps fail, please run the following commands and rerun the steps above:

$ apt clean
$ rm /var/lib/apt/lists/*OTC*

Windows

updated Microsoft Windws Server Images with current Microsoft Windows Server Patches of July 2020 (15th)

  • Windows Server 2012 R2

    • 2020-07 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4565541)
    • 2020-07 Servicing Stack Update for Windows Server 2012 R2 for x64-based Systems (KB4566425)
    • 2020-07 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4566468)
    • 2020-07 Security Only Quality Update for Windows Server 2012 R2 for x64-based Systems (KB4565540)
    • 2020-07 Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 for x64-based systems (KB4565479)
  • Windows Server 2016

    • 2020-07 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4565511)
    • 2020-07 Servicing Stack Update for Windows Server 2016 for x64-based Systems (KB4565912)
  • Windows Server 2019

    • 2020-07 Servicing Stack Update for Windows Server 2019 for x64-based Systems (KB4558997)
    • 2020-07 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 for x64 (KB4566516)
    • 2020-07 Cumulative Update for Windows Server 2019 for x64-based Systems (KB4558998)
  • Driver and tools of all Windows Server types

    • Cloudbase-Init: 0.9.12.dev86
    • XEN GPL driver: 5.0.136.10
    • KVM UVP Vmtools: 2.5.0.156
    • Intel(R) Network Connections Software Version 25.0, January 2, 2020
    • NVIDIA vGPU driver: 370.41 (fixes CVE 2019 5698)
    • NVIDIA pGPU driver: 443.18 (solves CVE 2020 5962, CVE 2020 5963, CVE 2020 5964, CVE 2020 5965, CVE 2020 5966)
    • NVIDIA V100 / T4 driver: 426.72 (fixes CVE 2020 5973)