[[system=locking]] = System Locking

System locks are used to prevent actions from occurring on a client. For example, a system lock will prevent a client from being updated or restarted. This is useful for clients running production software, or to prevent accidental changes. You can disable the system lock when you are ready to perform actions.

System locks are implemented differently on traditional and Salt clients.

System Locks on Traditional Clients

When a traditional client is locked, no actions can be scheduled using the Web UI, and a padlock icon is displayed next to the name of the client in the System  System List.

Procedure: System Locking a Traditional Client
  1. In the Uyuni Web UI, navigate to the System Details page for the client you want to lock.

  2. Under Lock Status, click Lock this system. The client will remain locked until you click Unlock this system.

Some actions can still be completed on locked traditional clients, including remote commands, and automated patch updates. To stop automated patch updates, navigate to the System Details page for the client, and on the Properties tab, uncheck Auto Patch Update.

System Locks on Salt Clients

When a Salt client is locked, or put into blackout mode, no actions can be scheduled, Salt execution commands are disabled, and a yellow banner is displayed on the System Details page. In this mode, actions can be scheduled for the locked client using the Web UI or the API, but the actions will fail.

The locking mechanism is not available for Salt SSH clients.

Procedure: System Locking a Salt Client
  1. In the Uyuni Web UI, navigate to the System Details page for the client you want to lock.

  2. Navigate to the Formulas tab, check the system lock formula, and click Save.

  3. Navigate to the Formulas  System Lock tab, check Lock system, and click Save. On this page, you can also enable specific Salt modules while the client is locked.

  4. When you have made your changes, you might need to apply the highstate. In this case, a banner in the Web UI will notify you. The client will remain locked until you remove the system lock formula.

The system lock formula is enabled by default if SUSE CaaS Platform is detected on the node.

For more information about blackout mode in Salt, see https://docs.saltstack.com/en/latest/topics/blackout/index.html.