opsi 4.3 released
After the testing release on 2023/10/09, we are officially releasing opsi 4.3 as a stable version today. If a pre-release version of opsi 4.3 is already installed on your opsi server, please switch to the stable repositories now.
MySQL and UEFI support for all, new look and stable communication thanks to message bus.
The new opsi release is here: For more than two years we have been working on modernizing opsi, making it more secure and reliable than ever. Now the time has finally come: We are very proud of the result, which we would like to officially present today.
We have removed the old file backend and are completely freeing the previously paid MySQL backend with this release. At the same time, we have fundamentally reworked the MySQL backend: It now offers more security and also gets a performance boost of up to 50%.
And what happens when upgrading to opsi 4.3? Don’t worry, because old file backends will be converted fully automatic!
The previously paid UEFI support is now also freely available.. This means that the benefits of UEFI technology are now available in all opsi environments free of license costs. opsi does, however, continue to support the management of clients with legacy BIOS.
With the new release all opsi components shine in a new modern design, with fresh colors and a new logo.
We officially release the opsi-WebGUI as a stable version with opsi 4.3. Now most opsi features can be easily managed in the browser. Thereby the opsi-WebGUI offers full support for mobile devices. This means that you can manage most opsi features comfortably from your smartphone or tablet in the browser. No matter where you are, you have control of your opsi environment right in the palm of your hand.
We’ve also given the opsi-configed management interface a major overhaul. With support for a light and a dark mode, you can customize the user interface to suit your preferences.
The performance improvements in the new opsi-configed version are really impressive with up to 100%. Faster loading times and more responsive user interface means you can get your tasks done in no time.
opsi message bus
The newly introduced opsi message bus ensures reliable communication between servers and clients. Clients are now always reachable across proxies, NAT and network boundaries.
The message bus is so performant that even fluent remote terminal sessions are possible via the new technology. These sessions are started via opsi-WebGUI, opsi-configed, the admin interface or the command line tool ‘opsi-cli’ in the terminal.
Via the message bus state changes in opsi-WebGUI and opsi-configed are detected immediately. For example, the graphical user interfaces update the installation progress without delays. You can now see at a glance which clients are online and which are offline.
Also the communication of the opsi config server with the opsi depot servers is now done via the message bus.
Two-Factor Authentication (2FA)
The login of opsi administrators can now be secured by a two-factor authentication based on Time-based One-Time Passwords (TOTP). This means that in addition to the traditional password a time-based one-time password is required to access the opsi system.
The new backup procedure secures configuration files, MySQL and Redis data - if desired also AES encrypted. This way your backup copies are even better protected.
When it comes to restoring, we offer even more flexibility. Not only can you restore your data, but you can also rename the server during the restore. This is especially handy if you want to reorganize your infrastructure or transfer data from a production environment to a test environment.
Backup and restore are available via the admin interface, the opsi WebGUI, the JSON API and as command line call (
opsiconfd backup and
The new Health-Check allows you to check the state of your opsi infrastructure for potential problems at any time.
Of particular note is the upgrade check, which helps you identify potential problems before you perform a version upgrade. This check allows you to ensure that your upgrade goes smoothly.
You can run the health check through both graphical interfaces (opsi-configed and opsi-WebGUI), the JSON API, and on the command line with the
opsiconfd health-check command.
We have also backported parts of the health check to opsi 4.2, so you can already benefit from the advantages of the upgrade check.
Both systems with UEFI and systems with legacy BIOS now use the Grub boot loader. opsi can now identify clients not only by MAC addresses, but also supports identifying clients by SMBIOS UUID. We have also revised the directory structure in the TFTP section.
Our official Docker image is now available as a stable version. You can use it to set up a config server or a depot server.
New server distributions
With this release opsi 4.3 also supports new Linux distributions for the opsi server. Among the major new features are installation packages for Oracle Linux 8 and 9. Furthermore you can install opsi 4.3 now also under Debian GNU/Linux 12, openSUSE 15-5 and SLES15-5.
Other new features
- Direct database access only via opsiconfd; all other components use the API.
- Upgrade and cleanup of the database are fully automatic.
- opsiconfd now offers a maintenance mode.
- IPv6 support now works for all components.
- Product dependencies now definable for each action.
/etc/opsi/opsi.confnow in TOML format. Fully automatic creation and migration of
opsi.conf. Once the file exists, opsi no longer uses the FQDN of the machine.
- The previous extender methods are now hardcoded in opsiconfd;
/etc/opsi/backendManager/extend.dis therefore now shipped empty and moved during upgrade. However, the extender mechanism can still be used.
- Server certificate checking is enabled by default for all components, but there is no automatic activation on upgrade.
- Transfer slots: Per depot configurable maximum number of clients that can fill the packet cache in parallel in WAN/VPN mode.
- opsiconfd now acts as a reverse proxy for Grafana by default.
- New metrics: Worker connections, Messagebus messages sent, Messagebus mssages received.
- repository meta files (
packages.json) to be used by `opsi-package-updater
- opsi packages are created in
tar.zstdformat by default.
- Clients inherit the settings of the associated repository.
- The default directory for temporary files is now
- opsi-configed can copy clients.
- Ability to execute only part of several set product actions on_demand.
- algorithm for dynamic selection of depots now selectable via depot- or client-specific configuration.
hostControl_methods are preferentially executed via opsi measurement bus (configuration via
- Change to Python 3.11
- Fixed directories for workbench, depot and repository below
/var/lib/opsi. Depot configurations
workbenchLocalUrlwithout function. If the directories are located elsewhere, they must be moved manually or symlinks must be created.
- The boot loaders in the opsi-Linux boot image are now located under
<TFTP-ROOT>/opsi/opsi-linux-bootimage/loader. The bootloader names are now
opsi-netboot.bios(legacy BIOS) and
shimx64.efi.signed(UEFI BIOS & SecureBoot). When using Netboot/PXE, the DHCP server configuration may have to be adjusted manually (option 67/ BootFile Name).
- There is only one (new) sort algorithm for product actions, no distinction between
algorithm2. The new algorithm produces largely the same results as the old
- The RPC method
backend_setOptionsis now functionless;
productPropertyState_getValuesserve as replacements for
- Many JSON API methods are marked as deprecated and will be removed in the next major release. Whether such deprecated methods are used can be checked with the health check.
opsi-setuphas been replaced by
opsi-backuphas been replaced by
Upgrade from opsi 4.2 to 4.3
- We support the same distributions on the server side as for opsi 4.2.
- Install current opsi 4.2 packages on opsi configserver or opsi depotserver.
opsi-scriptto the latest opsi 4.2 version and roll it out to the clients.
opsiconfd health-check --upgrade-checkand fix any problems displayed.
- Backup the opsi config server (best is to backup the complete server, at least
- First upgrade the opsi config server, afterwards the depots.
- If you use Docker, update to the opsi-4.3 image
- For manual installs/VM, enter the opsi 4.3 repository and update packages
- For UCS, switch to the opsi-4.3 app
- Optional: set the
opsiclientd.config_service.permanent_connection = trueconfiguration to enable client and server communication via the opsi measurement bus.
- Optional: set the
opsiclientd.global.verify_server_cert = trueconfiguration to enable server certificate verification of clients.
Discontinuation opsi 4.2
opsi 4.2 will be provided with security related updates until June 30, 2024. As part of our Support contracts we support our customers in being able to operate opsi 4.2 environments securely beyond this time.