This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

For up to three years after SUSE’s distribution of the SUSE product, SUSE will mail a copy of the source code upon request. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover reasonable costs of distribution.

Version Revision History

  • June 20th 2022: 4.1.15 release

  • March 30th 2022: 4.1.14.1 release

  • March 10th 2022: 4.1.14 release

  • January 28th 2022: 4.1.13 release

  • November 5th 2021: 4.1.12 release

  • September 30th, 2021: 4.1.11 release

  • August 17th, 2021: 4.1.10 release

  • July 7th, 2021: 4.1.9 release

  • June 22nd, 2021: 4.1.8 release

  • April 15th, 2021: 4.1.7 release

  • March 19th, 2021: 4.1.6 release

  • February 25th, 2021: 4.1.5.1 release

  • January 27th, 2021: 4.1.5 release

  • December 10th, 2020: 4.1.4 release

  • November 5th, 2020: 4.1.3 release

  • October 1st, 2020: 4.1.2 release

  • August 28th, 2020: 4.1.1 release

  • July 21st, 2020: 4.1.0 release

About SUSE Manager 4.1

SUSE Manager 4.1, the latest release from SUSE based on SLES 15 SP2 and the Uyuni Project, delivers a best-in-class open source infrastructure management and automation solution that lowers costs, identifies risk, enhances availability and reduces complexity.

As a key component of a software-defined infrastructure, SUSE Manager 4.1 delivers the following new or enhanced capabilities to your Edge, Cloud & Datacenter environments.

Expanded Operating System support and Cluster integration and management

Simplify management and regain control with SUSE Manager 4.1

You can now get even better control of complex heterogeneous IT environments with extended target operating system support now including: Red Hat Enterprise Linux 8 (including modular repositories flattening), CentOS 6, 7 and 8, Oracle Linux 6, 7 and 8, openSUSE Leap 15.2 and Ubuntu 20.04 LTS.

Only SUSE Manager combines software content lifecycle management (CLM) with a centrally staged repository, class leading configuration management and automation, plus optional state of the art monitoring capabilities, for all major Linux distributions.

You can also significantly simplify your patch and configuration management stacks by standardizing on SUSE Manager across all Linux distributions and deployment modes (physical, virtual, and public cloud).

Simplify cluster operations with the first cluster-aware version of SUSE Manager

As you modernize your IT landscape and make use of Software Defined Infrastructure stacks based on technologies like Kubernetes and Ceph, your focus of managing the IT infrastructure has to move from managing individual Linux servers and VMs to managing infrastructure clusters. Multiple cluster types will be supported in coming releases, with SUSE Manager 4.1 initially providing support for managing SUSE CaaS Platform clusters.

Lower costs and streamline management with enhanced usability, virtual machine management and monitoring capabilities

Operations and DevOps staff can now streamline the setup, daily use and maintenance of SUSE Manager simplifying and automating routine tasks; such as the mass on boarding of rootless or password-less clients.

With enhanced virtual machine management capabilities the management of highly distributed virtualized server infrastructures becomes a lot easier. If you run virtual machine environments at the edge such as telco, manufacturing or retail, SUSE Manager now enables the efficient management of tens to thousands of VMs across an entire estate.

If you run SAP workloads virtualized on SLES, with SUSE Manager 4.1 you can eliminate complexity and simplify deployments by reducing the number of vendors in your software defined infrastructure management stack (OS, virtualization and virtualization management and monitoring all come from SUSE). SUSE Manager also significantly simplifies your environments where the frequent setup of virtualized test deployments of SAP workloads are required.

Need to virtualize Kubernetes to best leverage your powerful hardware? You can accelerate and maximize implementations by gaining higher scale from your container platform while simplifying deployments (no need for separate VMware layer, high automation from bare metal deployment to VMs to cluster). You can now also use virtualization to securely separate multiple clusters/tenants in a Kubernetes environment.

To keep your infrastructure safe and healthy SUSE Manager 4.1 expands the new Prometheus/Grafana-based monitoring stack introduced with version SUSE Manager 4 with enhanced support for large federated and non-routable network environments. Allowing your Linux systems and devices to be monitored wherever they reside and irrespective of how they are network connected.

Scale SUSE Manager 4.1 to tens of thousands of client devices without compromise

With ever growing Linux footprints you need your management tool be able to scale to tens of thousands of Linux devices and beyond. With the performance and scalability enhancements in 4.1, your SUSE Manager deployment can easily scale in your environment in any direction, while providing better performance than any previous version even in very large-scale environments.

This allows you the flexibility to grow your infrastructure as required by your business needs, with the peace of mind that SUSE Manager will be able to manage your large estate, and the cost implications of growing their footprint will not be exaggeratedly high.

With the "SUSE Manager Hub" multi-server architecture we are gradually introducing a framework that allows you to scale SUSE Manager deployments to hundreds of thousands of nodes using tiered management servers.

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE products:

Installation

Requirements

SUSE Manager Server 4.1 is provided through SUSE Customer Center and can be installed with the unified installer for SUSE Linux Enterprise 15 Service Pack 2. It is available for x86-64, POWER (ppc64le), or IBM Z (s390x). No separate SUSE Linux Enterprise subscription is required.

With the adoption of a unified installer in SUSE Linux Enterprise 15, system roles are used to customize the installation for each product. The unified installer provides an easier way to install the operating system and the SUSE Manager Server application together with specific pre-configured system settings. This addresses the need for enterprise deployments to standardize on the base operating system as well as on specific storage setups.

PostgreSQL is the only supported database. Using a remote PostgreSQL database is not supported.

Update from previous versions of SUSE Manager Server

In-place update from SUSE Manager Server 4.0 is supported.

For SUSE Manager 3.2 Server users, the supported upgrade method is to migrate the data from your SUSE Manager Server 3.2 installation to SUSE Manager Server 4.1 and perform a clean installation. If your SUSE Manager Server 3.2 uses an older version of PostgreSQL, you will need to upgrade to PostgreSQL 10 before performing the migration.

All connected clients will continue to run and remain unchanged.

For detailed upgrading instructions, see the Upgrade Guide on https://documentation.suse.com/suma/4.1/.

Migrating from Red Hat Satellite

Migrating from Red Hat Satellite 5.x or Spacewalk 2.x to SUSE Manager Server 4.1 is conditionally supported.

To perform this migration, we strongly recommend you get in contact with a SUSE sales engineer or consultant before starting the migration.

Scaling SUSE Manager

The default configuration of SUSE Manager will scale around one thousand clients, when deployed according to the instructions in the Installation Guide on https://documentation.suse.com/suma/4.1/. Scaling beyond that number needs special consideration.

For more information and instructions on large-scale deployments, see the Large Deployments Guide.

Before you begin, you should always get advice from a SUSE partner, sales engineer, or consultant.

High availability

SUSE Manager can be deployed in a highly-available setup but specific configuration and tuning for each use case is needed. Please get in touch with SUSE Consulting for the details.

Channels with a large number of packages

Some channels, like SUSE Linux Enterprise Server with Expanded Support or Red Hat Enterprise Linux, come with a very large number of packages that may cause taskomatic to run out of memory. If this occurs, we recommended that you increase the maximum amount of memory allowed for taskomatic by editing /etc/rhn/rhn.conf and adding this line:

taskomatic.java.maxmemory=8192

You will need to restart taskomatic after this change.

This grants taskomatic up to 8 GB of memory (up from the default of 4 GB). If taskomatic continues to run out of memory, you can increase the number further. However, keep in mind that this will affect the total memory required by SUSE Manager Server.

Major changes since SUSE Manager Server 4.1 GA

Features and changes

Version 4.1.15

Salt 3004

Salt has been upgraded to upstream version 3004, plus a number of patches, backports and enhancements by SUSE, for the SUSE Manager Server, Proxy, Retail Branch server and some Client Tools (where the client operating system supports Python 3.5+; otherwise Salt 3000 or 2016.11.10 is used).

Salt 3004 only works with Python 3.5+, therefore:

  • Salt 3004 is only available on SLE 15, RHEL 8 (and clones: CentOS, Oracle Linux, SLES Expanded Support and AlmaLinux), Ubuntu 18.04 and 20.04, Debian 10 and 11. There is no Python 2 version for Salt 3004.

  • Salt 3000 is still the version of Salt for SLE 12, RHEL 7 (and clones: CentOS, Oracle Linux, SLES Expanded Support, Amazon Linux and Alibaba Cloud Linux) and Debian 9. Only a Python 2 version is provided for Salt 3000.

  • Salt 2016.11.10 is still the version of Salt for SLE 11 SP4. Only a Python 2 version is provided.

We intend to regularly upgrade Salt to more recent versions, including those which are still on Salt 3000.

For more details, see the Salt 3004 upstream release notes.

Monitoring: Grafana 8.3.5

SUSE Manager 4.1.15 updates Grafana from version 7.5.12 to 8.3.5. This update is not available on SLE 12.

This update fixes several security vulnerabilities:

  • XSS vulnerability in handling data sources (CVE-2022-21702)

  • Cross-origin request forgery vulnerability (CVE-2022-21703)

  • Insecure Direct Object Reference vulnerability in Teams API (CVE-2022-21713)

  • GetUserInfo: return an error if no user was found (CVE-2022-21673)

Updating Grafana is strongly recommended.

Relevant changes are:

  • New Alerting for Grafana 8

  • CloudWatch: Add support for AWS Metric Insights

  • CloudWatch: Add AWS RoboMaker metrics and dimension

  • CloudWatch: Add AWS Transfer metrics and dimension

  • CloudWatch: Add AWS LookoutMetrics

  • CloudWatch: Add Lambda@Edge Amazon CloudFront metrics

  • CloudMonitoring: Add support for preprocessing

  • CloudWatch: Add AWS/EFS StorageBytes metric

  • CloudWatch: Add Amplify Console metrics and dimensions

  • CloudWatch: Add metrics for managed RabbitMQ service

  • Elasticsearch: Add support for Elasticsearch 8.0

  • AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers

  • AzureMonitor: Add Azure Resource Graph

  • AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics

Check the upstream changelog for more details on what has changed.

There is one breaking change:

  • Grafana 8 alerting enabled by default for installations that do not use legacy alerting.

Uyuni does not use Grafana alerting, so if you do not need it, you can disable it at the Grafana WebUI.

If you use legacy Grafana alerting in your environment, consider migrating to new Grafana 8 alerting.

Monitoring: Prometheus Postgres exporter updated to 0.10.0 for SUSE Linux Enterprise and openSUSE

SUSE Manager 4.1.15 updates the Postgres exporter from version 0.4.7 to version 0.10.0 for SUSE Linux Enterprise and openSUSE.

This version brings the rename of the package from golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter, as this package is now part of the Prometheus Community Projects. After the package is updated, you will need to reenable the prometheus-postgres_exporter service:

  • For the Uyuni Server WebUI, proceed to Admin > Manager Configuration > Monitoring. You will see PostgreSQL database is stopped. Click Enable and the service will get started.

  • For SUSE Linux Enterprise and openSUSE, apply the highstate to all the clients where PostgreSQL needs to be exported.

The new version also contains a patch that allows connecting to PostgreSQL servers using scram-sha-256, which is the new default for SUSE Manager installations.

Check the upstream changelog for more details, including new metrics.

Monitoring: Alertmanager 0.23.0

The Alertmanager handles alerts sent by client applications such as the Prometheus server.

SUSE Manager 4.1.15 updates Alertmanager golang-github-prometheus-alertmanager to 0.23.0.

Important changes:

  • Add AWS SNS receiver

  • amtool: add new template render command

Check the upstream changelog for more details.

Monitoring: Node exporter 1.3.0

SUSE Manager 4.1.15 updates the node exporter golang-github-prometheus-node_exporter to 1.3.0.

Important changes:

  • Add darwin powersupply collector

  • Add support for monitoring GPUs on Linux

  • Add Darwin thermal collector

  • Add os release collector

Check the upstream changelog for more details.

Version 4.1.14.1

Fixes for Salt security issues

Fixes for the following security issues have been released: CVE-2022-22934, CVE-2022-22935, CVE-2022-22936, CVE-2022-22941. You should patch your Salt master and minions as soon as possible. Please take the next section into account when upgrading the Salt.

Salt Upgrade

To properly upgrade Salt with the fixes for the latest CVEs, and avoid breaking the communication between for Salt master and minion, you need to upgrade your "salt-master" first and then continue upgrading your Salt minions.

In case that a Salt minion is upgraded with the CVE fixes but your Salt master is not, then the communication between the master and this minion will be broken, and you would see errors like the following in your minion logs:

2022-03-28 13:19:41,880 [salt.crypt       :743 ][ERROR   ][15942] Sign-in attempt failed: {'publish_port': 4505, 'pub_key': '-----BEGIN PUBLIC KEY-----\n...\n-----END PUBLIC KEY-----\n''enc': 'pub','sig': ".."}
2022-03-28 13:19:41,885 [salt.minion      :1056][ERROR   ][15942] Error while bringing up minion for multi-master. Is master at salt-master-server.tf.local responding?

As soon as your Salt master is upgraded and restarted then the communication between master and minion will be restablished and the errors messages will not longer happen.

Version 4.1.14

Better information to SUSE Customer center

SUSE Manager now sends the last seen information of the registered clients to the SCC. Now customers can always see up-to-date information in the SCC. This mainly helps us to avoid staled data problem.

Monitoring: Prometheus 2.32.1

Prometheus has been updated from version 2.27.1 to 2.32.1.

The new version contains some breaking changes that need to be addressed after the SUSE Manager is updated.

Breaking changes:

  • Uyuni Service Discovery: The configuration and the returned set of meta labels have changed. Please check the upstream documentation for more details.

  • As a consequence all users with existing monitoring setup must reapply the highstate on the monitoring server(s).

Important changes:

  • Introduced generic HTTP-based service discovery.

  • New expression editor with advanced autocompletion, inline linting, and syntax highlighting.

  • Discovering Kubernetes API servers using a kubeconfig file.

  • Faster server restart times via snapshotting.

  • Controlling scrape intervals and timeouts via relabeling.

Check the upstream changelog for more details on what has changed.

Version 4.1.13

Client systems forwarded to SUSE Customer Center

In earlier versions, the SUSE Manager Server was listed in SCC but the managed clients were not. This surprised users, who did not understand why clients connected via SUSEconnect, RMT or SMT would show in SCC, but clients connected with SUSE Manager would not.

Responding to this often-asked question and feature request, we have now implemented client list forwarding to SCC in SUSE Manager 4.1.

By default, all the clients (even non-SUSE operating systems) managed by SUSE Manager Server (connected directly or via Proxy or Retail Branch Server) will be listed in SCC. When a client is removed from SUSE Manager, it will also be removed from SCC.

The information transferred is limited to that which is already collected and transferred by SUSEconnect, RMT and SMT:

  • Client OS name and version

  • Hostname

  • Number of CPU sockets

  • Architecture

  • UUID of the system

  • Hypervisor and cloud provider information

  • Login: SUSE Manager insance id + client system id

  • Password: random string generated by SUSE Manager. Not used.

This information is used for statisical and product research purposes only.

In case you want to completely disable client list submission to SCC, set this parameter in /etc/rhn/rhn.conf and restart SUSE Manager (spacewalk-service restart):

server.susemanager.forward_registration = 0

Display of the client operating system name and version in SCC is pending an upcoming update in SCC.

Fix for Hibernate security issue

A security issue in the Hibernate framework, that SUSE Manager uses under the hood, has been fixed: CVE-2020-25638.

You should patch your SUSE Manager Server as soon as possible.

Version 4.1.12

Bugfix release.

Version 4.1.11

spacecmd
  • Users can now use the new schedule_archivecompleted function to massively archive completed actions older than a given date.

  • It is now possible to use schedule_deletearchived and schedule_archivecompleted function "non-interactively" by allowing -y|--yes argument.

Version 4.1.10

Product Wizard

Free accessible Open source Products are now always visible in the Product Wizard. The accessibility check, that existed to speed up the product refresh, is now removed.

If a firewall or a proxy are blocking access to to such products, the error can be seen at the reposync log files located at /var/log/rhn/reposync/

Additionally the User Notifications were enhanced to show the last lines of the log file in case the sync failed.

Version 4.1.9

Bugfix release.

Version 4.1.8

This is a bugfix release which also introduces several features, backported from SUSE Manager 4.2.

Salt 3002

Salt has been upgraded to upstream version 3002, plus a number of patches, backports and enhancements by SUSE, for the SUSE Manager Server, Proxy and Client Tools (where the client operating system supports Python 3.5+; otherwise Salt 3000 or 2016.11 are used).

Salt 3002 only works with Python 3.5+, therefore:

  • Salt 3002 is only available on SLE 15, RHEL 8 (and clones: CentOS, Oracle Linux and SLES Expanded Support), Ubuntu 18.04 and 20.04, and Debian 10. Only a Python 3 version is provided.

  • Salt 3000 is still the version of Salt for SLE 12, RHEL 7 (and clones: CenOS, Oracle Linux and SLES Expanded Support) and Debian 9. Only a Python 2 version is provided. SLE 12 additionally provides a Python 3 version.

  • Salt 2016.11 is still the version of Salt for SLE 11 SP4. Only a Python 2 version is provided.

We intend to regularly upgrade Salt to more recent versions, including those which are still on Salt 3000.

For more details about changes in your manually-created Salt states, see the Salt 3001 and Salt 3002 upstream release notes.

Calendar widget for maintenance windows

The raw iCal output that was displayed when creating maintenance windows has been replaced with a graphical control ("widget"), making scheduling maintenance windows easier:

  • An interactive calendar has replaced the display of the iCalendar file in the details view

  • An interactive web calendar replaces the list of upcoming maintenance windows in the details of a maintenance schedule, and events associated with that schedule are displayed.

Monitoring updates
Updated Grafana

Grafana has been updated from version 7.1.5 to version 7.4.2 in the Client Tools channels.

Check the upstream documentation for details on what has changed:

Updated Node Exporter

The Prometheus Node Exporter has been update from version 1.0.1 to version 1.1.2.

Check the upstream documentation for details on what has changed:

Updated Prometheus Exporters formula

The Prometheus Exporters formula can now be used to configure the Prometheus Exporter Exporter (reverse proxy) on Ubuntu clients.

Retracted patches

When an operating system vendor releases a new patch, it might happen that the patch has undesirable side effects (security, stability, boot no longer working, etc) on some scenario that was not identified by testing. When that happens (very rarely), vendors typically release a new patch, which may take from hours to days, depending on the internal processes in place by that vendor.

SUSE has introduced a new mechanism called "retracted patches" to take back such patches in minutes by simply removing the bad patch from the repository metadata and resorting to the previously working patch. These patches receive the advisory status "retracted" (instead of the usual "final" or "stable").

SUSE Manager now supports retracted paches across all the lifecycle:

  • Retracted patches can be synchronized

  • When a patch is retracted, it will be noted as such with its own specific icon and status

  • Retracted patches can be cloned

Following the behavior defined in zypper:

  • Once a retracted patch is installed, it will not be uninstalled unless you uninstall it explicitly. SUSE Manager will never automatically uninstall anything from your systems on its own.

  • Once a patch has been retracted by the vendor, the retracted patch cannot be installed via normal patch, update and installations.

  • Retracted patches remain available in the software channels and can be forcefully-installed/updated-to by speficying the exact version you want to install (e. g. by using zypper directly or by using the exact version in a Salt state).

To protect our users, the behaviour when cloning retracted patches is slightly different than usual:

  • When a Content Lifecycle Management project uses a source channel which contains a now-retracted patch, a warning is displayed so that you are aware you should build and propagate the patch as soon as possible.

  • When a retracted patch is synchronized, it will not be cloned to the cloned channels by default. You will need to propagate it explicitly, like any other patch.

  • In contrast, once a retracted patch has been added one Content Lifecycle Management project and the project software channels built, the retracted patch will be automaticaly propagated all the other projects where that (now retracted) patch is available.

Unsynchronized patches warning

When a Content Lifecycle Management project has source channels which contain patches, and channels are not synchronized, the project will now display a warning.

Version 4.1.7.1

This release fixes a regression that made CentOS disappear from the product tree (bsc#1184861). There are no other changes.

Version 4.1.7

New products enabled
  • MicroFocus Open Enterprise Server 2018 SP3

API deprecation warning

The following API functions have been deprecated for a long time and will be removed in SUSE Manager 4.2:

  • ActivationKeyHandler addPackageNames(User loggedInUser, String key, List packageNames)

  • ActivationKeyHandler removePackageNames(User loggedInUser, String key, List packageNames)

  • ChannelHandler listRedHatChannels(User loggedInUser)

  • ChannelSoftwareHandler listAllPackages(User loggedInUser, String channelLabel, String startDate, String endDate)

  • ChannelSoftwareHandler listAllPackages(User loggedInUser, String channelLabel, String startDate)

  • ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String channelLabel, String startDate, String endDate)

  • ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String channelLabel, String startDate)

  • ChannelSoftwareHandler listAllPackagesByDate(User loggedInUser, String channelLabel)

  • ChannelSoftwareHandler setSystemChannels(User loggedInUser, Integer sid, List<String> channelLabels)

  • ChannelSoftwareHandler listErrata(User loggedInUser, String channelLabel, String startDate)

  • ChannelSoftwareHandler listErrata(User loggedInUser, String channelLabel, String startDate, String endDate)

  • ChannelSoftwareHandler subscribeSystem(User loggedInUser, Integer sid, List<String> labels)

  • ChannelSoftwareHandler unsubscribeChannels(User user, List<Integer> sids, String baseChannel, List<String> childLabels)

  • ErrataHandler listByDate(User loggedInUser, String channelLabel)

  • KickstartHandler listKickstartableTrees(User loggedInUser, String channelLabel)

  • ContentSyncHandler synchronizeProductChannels(User loggedInUser)

  • SystemHandler listBaseChannels(User loggedInUser, Integer sid)

  • SystemHandler listChildChannels(User loggedInUser, Integer sid)

  • SystemHandler applyErrata(User loggedInUser, Integer sid, List<Integer> errataIds)

  • UserHandler getLoggedInTime(User loggedInUser, String login)

  • SystemHandler setChildChannels(User loggedInUser, Integer sid, List channelIdsOrLabels)

  • SystemHandler setBaseChannel(User loggedInUser, Integer sid, Integer cid)

  • SystemHandler setBaseChannel(User loggedInUser, Integer sid, String channelLabel)

Reactivation keys in bootstrap scripts

Bootstrap scripts can include an activation key to directly assign software channels, configuration channels, entitlements, etc to a system while registering.

Reactivation keys can be used to re-register a previously registered client and regain all SUSE Manager settings. This is useful for cases such as moving clients from directly registered to the SUSE Manager Server, to registered to a SUSE Manager Proxy (or Retail Branch Server), or when reinstalling, or in several other cases.

SUSE Manager now supports the combination of reactivation keys and bootstrap scripts: you can specify a reactivation key in the bootstrap script to re-register systems. For example, this helps if your SUSE Manager Server has too many clients directly attached and you want to bulk move them to a SUSE Manager Proxy (or Retail Branch Server).

Ubuntu Universe repository changes

Ubuntu 20.04 LTS provides the OpenSCAP scanner in the Universe repository, which made mirroring Universe a requirement for OpenSCAP analysis to work on Ubuntu 20.04 LTS clients. We are now providing the OpenSCAP scanner package in the SUSE Manager Client Tools for Ubuntu 20.04 LTS channel, therefore mirroring Ubuntu Universe is no longer required and has become an optional channel.

For users who still want to mirror Ubuntu Universe, we have added the universe-update and universe-security repositories to the Product Wizard, as optional.

Oracle Linux UEK repository

The Oracle Unbreakable Enterprise Kernel repository is now available from the Product Wizard as an optional channel for Oracle Linux 6, 7 and 8.

Performance improvements

Optimized add packages to channel feature, resulting in a faster experience in the WebUI when adding packages from another channel.

Version 4.1.6

Performance improvements

A number of database queries and error conditions have been optimized, resulting in a faster experience in the WebUI, especially in all pages related to software installation and patching.

Redfish power management

Redfish is a suite of specifications that deliver an industry standard protocol for the management of servers, storage, networking, and converged infrastructure.

SUSE Manager now supports power management using Redfish, in addition to the existing IPMI power management.

OpenSCAP from SSM

Mass-auditing Salt clients with OpenSCAP is now possible from the System Set Manager.

Enable SAN SSL certificates

Subject Alternative Name (SAN) is an extension to X.509 that allows various values to be associated with a security certificate using a subjectAltName field. This is commonly used to generate SSL certificates that protect multiple domains with a single certificate.

Since this kind of certificate is becoming popular amongst users with their own Certificate Authority, we have implemented support.

Prometheus Exporter Exporter for Debian

The reverse proxy exporter, which simplifies security and networking policies, is now also available on Debian 9 and Debian 10.

With this addition, the Exporter Exporter is available for almost all the operating systems SUSE Manager supports: SLES 12 and 15, RHEL 7 and 8 (and clones: CentOS 7 and 8, Oracle Linux 7 and 8, SLES ES 7 and 8) and Ubuntu 18.04 and 20.04.

Version 4.1.5.1

Fixes for Salt security issues

You should patch all your SUSE Manager Server, Proxy, Retail Branch Server, and Salt minions as soon as possible.

Version 4.1.5

New products enabled
  • SUSE Linux Enterprise Server 15 SP1 LTSS

  • SUSE Linux Enterprise 15 SP3 Beta

  • openSUSE Leap 15.3 Beta

  • Debian 9 and Debian 10

Debian

Starting with SUSE Manager 4.1.5, Debian 9 "Stretch" and Debian 10 "Buster" on the amd64 (also known as x86_64) architecture are supported as client operating systems. Debian clients are supported as a Salt clients (agentful with salt-minion or agentless with salt-ssh).

In addition to the Salt packages, the spacecmd tool is also provided, which makes it possible to remotely manage SUSE Manager from a Debian client.

SUSE-provided Prometheus exporters will be included in a future release of SUSE Manager. You may use the exporters provided by the operating system in the meanwhile.

The section in this release notes mentioning Debian was only L1-supported and only through Uyuni Client Tools has now been removed.

Ubuntu and Debian package version comparison

The package version comparison algorithm has been completely redone for Ubuntu and Debian clients, which fixes occasional problems with package updates on Debian and Ubuntu.

There is no need to re-mirror Ubuntu and Debian. The already-downloaded packages can be kept and their metadata will be updated in the database.

One-time database migration when Ubuntu and/or Debian are present

IMPORTANT: When updating to SUSE Manager 4.1.5, SUSE Manager deployments where Ubuntu and/or Debian channels were synchronized should expect the database migration time to take between 30 min and several hours, depending on how many Debian or Ubuntu operating system versions and how many clients were registered.

CPU mitigations formula

Unsupported clients are now handled gracefully and mitigations have been added for the Xen hypervisor.

Autoinstallation of older operating systems

Autoinstallation provisioning is now compatible with GRUB and ELILO in addition to GRUB2 only, which is useful when provisioning SLES 11 SP4 and RHEL 6 (and clones) systems.

CentOS 6 URLs

CentOS 6 reached end-of-life on November 30th, 2020, and the CentOS Project moved its repositories to the vault archive. URLs in the product wizard have been updated. If you were using CentOS 6, you must refresh your product list to receive the new URLs.

Other operating systems in the same class also reached end-of-life but require no change, since they will continue to work as-is: SUSE Linux Enterprise Server Expanded Support 6 (URLs not changed), Oracle Linux 6 (URLs not changed) and Red Hat Enterprise Linux 6 (URLs are provided by users).

New countries and timezones

The countries and timezones list have been refreshed, adapting to the latest timezone and geopolitical changes.

Monitoring updates
Prometheus 2.22.1

The core of our monitoring solution, Prometheus, has been updated from version 2.18.0 to version 2.22.1, which brings a number of bugfixes and improvement.

Notable improvements:

  • Web: Remove APIv2.

  • React UI: Implement missing TSDB head stats section.

  • UI: Add Collapse all button to targets page.

  • UI: Clarify alert state toggle via checkbox icon.

  • Gracefully handle unknown WAL record types.

  • Issue a warning for 64-bit systems running 32-bit binaries.

  • TSDB: Memory-map full chunks of Head (in-memory) block from disk. This reduces memory footprint and makes restarts faster.

  • TSDB: Reduced contention in isolation for high load.

  • Discovery: Added discovery support for Triton global zones.

  • Remote Read: Added prometheus_remote_storage_remote_read_queries_total counter to count the total number of remote read queries.

  • Added time range parameters for label names and label values API.

For details on what changed in each version between 2.18.0 and 2.22.1, see:

Grafana 7.3.1

Grafana Server has been updated to version 7.3.1 which brings a number of bugfixes and improvements.

Notable improvements:

  • Add monitoring mixing for Grafana.

  • New Cloudwatch metrics

  • Elasticsearch: Support multiple pipeline aggregations for a query.

  • Support request cancellation properly for PostgreSQL, Loki and Prometheus

  • Postgres: Support Unix socket for host

  • Loki: Re-introduce running of instant queries

  • Prometheus: Support request cancellation properly. Add $__rate_interval variable

  • API improvements

  • Variables: enables cancel for slow query variables queries

  • Table: Adds column filtering

Breaking changes:

  • CloudWatch: The AWS CloudWatch data source’s authentication scheme has changed. See the upgrade notes for details and how this may affect you.

  • Units: The date time units YYYY-MM-DD HH:mm:ss and MM/DD/YYYY h:mm:ss a have been renamed to Datetime ISO and Datetime US respectively.

A detailed changelog is available upstream.

Prometheus Exporter Exporter for Ubuntu 18.04 LTS

The reverse proxy exporter, which simplifies security and networking policies, is now also available on Ubuntu 18.04.

More operating systems will be added in future releases of SUSE Manager.

Resolved known issues

Enabling the Development Tools Module 15 SP2 on the SUSE Manager Server 4.1 system is now supported.

Version 4.1.4

New products enabled
  • SUSE Linux Enterprise 15 SP3 family (beta)

  • SUSE Linux Enterprise HPC 15 SP2 LTSS

  • SUSE Container as a Service Platform 4.5 (x86_64 and aarch64)

  • RHEL and CentOS 7 and 8 ppc64le clients (see RHEL on ppc64le)

SAP content

SUSE Manager is the best tool to manage your Linux workloads.

SUSE Linux Enterprise Server for SAP applications is the best operating system to run your SAP workloads.

In order to make SUSE Manager the best tool to manage your SUSE Linux Enterprise Server for SAP applications, this release of SUSE Manager includes content which provides added value to SLES for SAP users:

  • Documentation: SAP QuickStart Guide

  • Formulas:

    • saphanabootstrap-formula: SAP HANA deployment Salt formula. This formula can install SAP HANA nodes, enable system replication and configure SLE-HA cluster with the SAPHanaSR resource agent, using standalone Salt or via SUSE Manager formulas with forms.

    • sapnwbootstrap-formula: SAP Netweaver deployment Salt formula. This formula can install SAP Netweaver instances (ASCS, ERS, PAS, AAS) and perform some basic actions to optimize their usage.

    • drbd-formula: DRBD deployment Salt formula (requires drbd-utils)

    • habootstrap-formula: HA cluster salt deployment formula. This formula can boostrap an HA cluster (init, join, remove) using standalone Salt or via SUSE Manager formulas with forms.

  • Salt state modules:

    • salt-shaptools: Salt modules and states for SAP Applications and SLE-HA components management

  • Grafana dashboards:

    • grafana-sap-hana-dashboards: Grafana Dashboards displaying metrics about SAP HANA databases.

    • grafana-sap-netweaver-dashboards: Grafana Dashboards displaying metrics about a SAP NetWeaver landscape.

    • grafana-ha-cluster-dashboards: Grafana Dashboards displaying metrics about a Pacemaker/Corosync High Availability Cluster.

    • grafana-sap-providers: Automated configuration provisioners leveraged by other packages to enable a zero-config installation of Grafana dashboards.

The formulas and Salt state modules are included in the SUSE Manager Server channel. The Grafana dashboards are included in the SUSE Manager Client Tools for SLE 12 and SLE 15 channels.

Vendor change on SP migration

Vendor change (changing the repository where a package comes from) can now be optionally enabled during service pack migration.

This feature is useful where the client system is using unofficial packages and you want to move back to official packages, or to switch from an official package to a third-party version of a package. Instead of performing the SP migration within the same vendor and then manually installing the package from the new vendor, you can now do everything in a single action.

RHEL and CentOS ppc64le clients

RHEL 7 and 8, and CentOS 7 and 8 are now enabled as client operating systems using the ppc64le architecture. Use the client tools provided by the upstream Uyuni project, which comes with certain support limitations. See the specific section for more details.

Prometheus reverse proxy for RHEL-class clients

The Prometheus Exporter Exporter, which allows you to put all your exporters under one public port, is now available for RHEL, CentOS, SLES ES and Oracle Linux versions 7 and 8.

Oracle Linux ULN repositories

Oracle Unbreakable Linux Network repositories are now supported in Software > Manage > Repositories. Oracle Linux users with a subscription from Oracle can use this to manually add the repositories for KSplice and others.

Cluster management: upgrade plan

When upgrading a cluster, the upgrade plan is now shown in the WebUI. This makes it easier to verify that an upgrade will be conducted as expected.

Yomi refresh

The formulas that make autoinstallation of SLES and openSUSE systems simpler have been upgraded to the latest version provided by the Yomi project. The updated formulas are more intuitive, harder to misuse, and allow you to specify additional advanced options.

Version 4.1.3

Recent Salt CVEs remediation

This release fixes CVE-2020-16846, CVE-2020-17490, and CVE-2020-25592. You should patch all your SUSE Manager Server, Proxy, Retail Branch Server, and Salt minions as soon as possible.

Web UI themes

SUSE Manager now supports themes. Users can select what theme they want to use in the User Preferences page in the Web UI. Initially, we are providing three themes:

  • SUSE Manager light: default light, low-contrast theme

  • SUSE Manager dark: high-contrast theme based on the light theme

  • Uyuni: SUSE Manager 4.0 and Uyuni theme. Also high-contrast.

Administrators can globally disable themes in /etc/rhn/rhn.conf by listing which themes they want to allow:

# susemanager-light,susemanager-dark,uyuni
web.themes = susemanager-light,susemanager-dark,uyuni
web.theme_default = susemanager-light
Grafana 7.1.5

Grafana Server has been updated to version 7.1.5 in the Client Tools channels.

Main changes:

  • Flux and InfluxDB 2.x support in the Influx Datasource

  • Azure Monitor Datasource improvements

  • Deep linking for Google Cloud Monitoring (former Google Stackdriver)

  • Query history search

  • Unification of Explore modes

For more details see the upstream documentation.

Prometheus Exporter Exporter

The reverse-proxy Exporter Exporter, which allows you to expose a single port no matter how many exporters are running on the client, is now available for Ubuntu 20.04 LTS.

XML-RPC power management API

New APIs have been added to do IPMI power management. Redfish power management will be included in a future maintenance update.

Third-party errata information on vendor channels

It is now possible to add third-party errata information to CentOS and Ubuntu 20.04 LTS channels without cloning them, as described in the documentation. The known issue present in previous releases of SUSE Manager 4.1 has been fixed.

Japanese translation

The SUSE Manager Web UI and command-line tools are now available in Japanese thanks to the upstream Uyuni Community.

Since this is a community translation, it is not enabled by default. In order to allow users to select Japanese in their User Preferences in the Web UI, add the following line to /etc/rhn/rhn.conf:

java.supported_locales=en_US,ja

A restart of Tomcat is required.

Bootstrap repositories no longer flushed by default

In SUSE Manager 4.1 GA, we automated the generation of bootstrap repositories on channel sync. Bootstrap repositories were not only autogenerated but also autoflushed, which caused disappearing packages problems to some customers (e. g. in the case of multi-architecture bootstrap repositories).

Starting with SUSE Manager 4.1.3, bootstrap repositories are not flushed by default. If you want to save some disk space, you can manually flush them using mgr-create-bootstrap-repo --flush.

Version 4.1.2

SUSE Manager Hub
XML-RPC API is stable

Starting with SUSE Manager 4.1.2, the SUSE Manager Hub architecture is declared stable. This means we do not expect large changes in the feature, how it operates, or its API.

The Hub is the SUSE Manager multi-server architecture, which can be used in environments with a large number (more than a few tens of thousands) of clients per server, poorly-connected sites requiring full management, or multitenancy, among others. With SUSE Manager 4.1.2, multiple peripheral servers (other SUSE Manager Servers) can be managed from a single Hub Server, as a supported feature.

You will find all the documentation and details about the Hub architecture in the Large Deployments Guide.

Formula for peripheral server management (Technology Preview)

As the Hub XML-RPC API is declared stable, we are introducing Salt formulas to make management of peripheral SUSE Manager Servers easier. The formulas allow you to have consistent entities in each peripheral server, including:

  • Organizations, users and system groups

  • User access to system groups and software channels

To use the formula to manage peripheral servers, run zypper in uyuni-config-formula on the SUSE Manager Hub Server, and enable the formula in the WebUI.

Monitoring
Reverse proxy for SLE 12

The golang-github-QubitProducts-exporter_exporter reverse proxy exporter is now also available for SUSE Linux Enterprise 12. More operating systems will follow in a future release of SUSE Manager 4.1.

Node Exporter updated

The Prometheus Node Exporter has been updated to version 1.0.1 on SLE 12 and 15. Other operating systems will receive the update in a future release of SUSE Manager 4.1.

Version 4.1.1

Maintenance windows

The new maintenance windows feature allows you to schedule sensitive actions (like package installation or upgrade) to occur during a scheduled one-time or recurrent maintenance window period on selected systems. These actions cannot be executed outside of the specified period.

To define maintenance windows, iCalendar data is used, which can be exported from your favorite calendaring or ITSM tool: Microsoft Outlook, Google Calendar, ServiceNow, etc. If you need help integrating your ITSM tool with SUSE Manager, please contact SUSE Consulting.

For more information about maintenance windows, check the Administration Guide

Monitoring: multiple exporters with a single exposed port

Prometheus fetches metrics using a pull mechanism, so the Prometheus Server must be able to establish TCP connections to each exporter on the monitored clients, each on a different port on the client.

The new reverse proxy for monitoring feature simplifies your firewall configuration: by installing the reverse proxy (package golang-github-QubitProducts-exporter_exporter) on the clients, you can get all the metrics for all the exporters on a single TCP port.

Check the Monitoring Guide for information about how to setup.

This feature is initially available only for SUSE Linux Enterprise 15 and openSUSE Leap 15. Support for other operating system platforms will come in future releases of SUSE Manager 4.1.

Added new type of "Virtual Host Manager": Nutanix AHV

In SUSE Manager 4.1.1, we have added a new type of Virtual Host Manager in order to gather virtual machines from Nutanix AHV infrastructure.

Creating VHM to gather virtual instances from the Nutanix AHV will enable the subscription matcher to match 1-2 virtual machines subscriptions for those instances that are running on the same virtualization host.

For more information about how to setup this new type, see the new documentation

Please keep in mind that installation of the virtual-host-gatherer-Nutanix package is required.

Salt module.run compatibility state

A new mgrcompat.module_run custom compatibility state for Salt is available for registered systems.

In Salt 2019.2, a new syntax for module.run was introduced. Up until Salt 3000 (the version currently shipped by SUSE Manager), Salt has supported both the old syntax and the new syntax.

From Salt 3001 on, Salt will no longer support the old syntax. This means any custom SLS file or "Configuration State Channel" that is using a module.run state needs to be adapted to the new syntax. This turns even more problematic when you have minions with different Salt versions (e. g. SLES 11 with Salt 2016.11), because some minions would accept the new syntax but others would fail with it, so the SLS files would require extra logic to handle the different Salt versions and configurations.

SUSE Manager will ship Salt 3001 in a future release. In preparation for this syntax breakage, SUSE has developed the new mgrcompat.module_run compatibility state. This is a wrapper over module.run which accepts the old syntax and takes care of tailoring the parameters for the new module.run if necesasary according to the specific minion version and configuration.

To make your Salt states compatible with all versions of Salt, including Salt 3001 and newer, you only need to change module.run to mgrcompat.module_run in your SLS files and "Configuration State Channels".

As an example of this, a non-migrated state like this:

my_module_run_state:
  module.run:
    - name: mymodule.func
    - m_name: foobar
    - other: 1234

would look like this once adapted:

my_module_run_state:
  mgrcompat.module_run:
    - name: mymodule.func
    - m_name: foobar
    - other: 1234

All users are encouraged to migrate their Salt states. Once Salt 3001 comes to SUSE Manager, not migrated states will simply fail.

SLE15 and python3-M2Crypto

If you still have SLE15 but no LTSS subscription, you will see errors when generating the bootstrap repositories, as python3-M2Crypto is missing on SLE15 and is only part of SLE15 LTTSS.

However even with the error, the bootstrap repository itself will work and will provide Salt 2019.2.0 until an LTSS subscription is available.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 4.1.15

golang-github-QubitProducts-exporter_exporter:

  • Adapted to build on Enterprise Linux.

  • Fix build for RedHat 7

  • Require Go >= 1.14 also for CentOS

  • Add support for CentOS

  • Replace %{?systemd_requires} with %{?systemd_ordering}

golang-github-lusitaniae-apache_exporter:

  • Require building with Go 1.15

  • Add %license macro for LICENSE file

golang-github-prometheus-node_exporter:

  • Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239, jsc#SUMA-114)

  • Update to 1.3.0

    • [CHANGE] Add path label to rapl collector #2146

    • [CHANGE] Exclude filesystems under /run/credentials #2157

    • [CHANGE] Add TCPTimeouts to netstat default filter #2189

    • [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771

    • [FEATURE] Add darwin powersupply collector #1777

    • [FEATURE] Add support for monitoring GPUs on Linux #1998

    • [FEATURE] Add Darwin thermal collector #2032

    • [FEATURE] Add os release collector #2094

    • [FEATURE] Add netdev.address-info collector #2105

    • [FEATURE] Add clocksource metrics to time collector #2197

    • [ENHANCEMENT] Support glob textfile collector directories #1985

    • [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080

    • [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165

    • [ENHANCEMENT] Add flag to disable guest CPU metrics #2123

    • [ENHANCEMENT] Add DMI collector #2131

    • [ENHANCEMENT] Add threads metrics to processes collector #2164

    • [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169

    • [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189

    • [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208

    • [BUGFIX] ethtool: Sanitize metric names #2093

    • [BUGFIX] Fix ethtool collector for multiple interfaces #2126

    • [BUGFIX] Fix possible panic on macOS #2133

    • [BUGFIX] Collect flag_info and bug_info only for one core #2156

    • [BUGFIX] Prevent duplicate ethtool metric names #2187

  • Update to 1.2.2

    • Bug fixes Fix processes collector long int parsing #2112

  • Update to 1.2.1

    • Removed Remove obsolete capture permission denied error patch capture-permission-denied-error-energy_uj.patch: Already included upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092

  • Update to 1.2.0

    • Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203

    • Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062

    • Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067

  • Apply patch to capture permission denied error for "energy_uj" file (bsc#1190535)

patterns-suse-manager:

  • Golang-github-wrouesnel-postgres_exporter was renamed to prometheus-postgres_exporter

postgresql-jdbc:

  • Address unchecked class instantiation when loading plugins based on class names (bsc#1195561)(CVE-2022-21724)

  • Address arbitrary File Write Vulnerability (bsc#1197356)(CVE-2022-26520)

prometheus-exporters-formula:

  • Version 0.9.5

    • Postgres exporter package was renamed for RedHat

  • Version 0.9.4

    • Postgres exporter package was renamed for SLES/openSUSE

prometheus-formula:

  • Version 0.3.7

    • Allow prometheus-formula only for SUSE systems (bsc#1199149)

py27-compat-salt:

  • Remove redundant overrides causing confusing DEBUG logging (bsc#1189501)

spacecmd:

  • Version 4.1.18-1

spacewalk-backend:

  • Version 4.1.31-1

    • Fix traceback on calling spacewalk-repo-sync --show-packages (bsc#1193238)

    • Fix virt_notify SQL syntax error (bsc#1199528)

    • Do not raise error on file:// based DEB repo when looking for alternative Release files (bsc#1199142)

    • Improve parsing deb packages dependencies (bsc#1194594)

    • Fix reposync update notice formatting and date parsing (bsc#1194447)

    • implement more decompression algorithms for reposync (bsc#1196704)

spacewalk-java:

  • Version 4.1.45-1

    • During re-activation, recalculate grains if contact method has been changed (bsc#1199677)

    • Fix send login(s) and send password actions to avoid user enumeration (bsc#1199629)(CVE-2022-31248)

    • autoinstallation: missing whitespace after install URL (bsc#1199888)

    • Add rate-limiting to frontend logging (bsc#1199512) (CVE-2022-21952)

    • Change system details lock tab name to lock/unlock (bsc#1193032)

    • Set profile tag has no-mandatory in XCCDF result (bsc#1194262)

    • Added a notification to inform the administrators about the product end-of-life

    • provisioning thought proxy should use proxy for self_update (bsc#1199036)

    • Allow removing duplicated packages names in the same Salt action (bsc#1198686)

    • Fix ACL rules for config diff download for SLS files (bsc#1198914)

    • fix invalid link to action schedule

    • Redesign the auto errata task to schedule combined actions (bsc#1197429)

    • detect free products in Alpha and Beta stage and prevent checks on openSUSE products (bsc#1197488)

    • Optimize adding new products function (bsc#1193707)

    • change directory owner and permissions only when needed

    • Fixed broken help link for system overview

    • Finding empty profiles by mac address must be case insensitive (bsc#1196407)

    • generate the system ssh key when bootstrapping a salt-ssh client (bsc#1194909)

spacewalk-setup:

  • Version 4.1.11-1

    • spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default instead of /etc/httpd/conf.d (bsc#1198356)

spacewalk-utils:

  • Version 4.1.20-1

    • spacewalk-hostname-rename now correctly replaces the hostname for the mgr-sync configuration file (bsc#1198356)

    • spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag for spacewalk-setup-cobbler (bsc#1198356)

spacewalk-web:

  • Version 4.1.33-1

    • Added support for end of life notifications

subscription-matcher:

  • Version 0.28

    • Support both antlr3-java and antlr3-runtime as dependencies

    • Make it obvious that log4j12 is used

susemanager:

  • Version 4.1.35-1

    • mgr-sync: Raise a proper exception when duplicated lines exist in a config file (bsc#1182742)

    • fix SLE15 bootstrap repo definition (bsc#1197438)

    • Add SLES15SP4 and SUMA Proxy 4.3 to bootstrap repo definitions (bsc#1196702)

    • Add missing dependencies for Salt 3004 into bootstrap repository for SLE15 family (bsc#1198221)

    • Add python3-gnupg to bootstrap repo definition for Ubuntu 20.04 (bsc#1200212)

susemanager-schema:

  • Version 4.1.26-1

    • add schema update directory from 4.1.25 to 4.1.26

susemanager-sls:

  • Version 4.1.35-1

    • Add support to packages.pkgremove to deal with duplicated pkg names (bsc#1198686)

    • Fix bootstrap repository path resolution for Oracle Linux

    • Fix deprecated warning when getting pillar data (bsc#1192850)

    • fixing how the return code is returned in mgrutil runner (bsc#1194909)

Version 4.1.14

c3p0:

  • Update to version c3p0 0.9.5.5 and mchange-commons-java 0.2.19

    • Address CVE-2018-20433

    • Address CVE-2019-5427 - XML-config parsing related attacks (bsc#1133198)

    • Properly implement the JDBC 4.1 abort method Removed:

    • fix-CVE-2018-20433.patch included upstream

  • Build with log4j mapper

  • Enhanced for RHEL8

dhcpd-formula:

  • Update to version 0.1.1641480250.d5bd14c

    • make routers option optional

  • Add arm64 support

  • Update to version 0.1.1615805990.f15c8d9

hub-xmlrpc-api:

  • Updated to build on Enterprise Linux 8.

py26-compat-msgpack-python:

  • Adapted to build on OBS for Enterprise Linux.

py27-compat-salt:

  • Fix inspector module export function (bsc#1097531)

  • Fix possible traceback on ip6_interface grain (bsc#1193565)

  • Don’t check for cached pillar errors on state.apply (bsc#1190781)

  • Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution

  • Add "--no-return-event" option to salt-call to prevent sending return event back to master.

  • Make "state.highstate" to acts on concurrent flag.

  • Fix the regression with invalid syntax in test_parse_cpe_name_v23.

spacecmd:

  • Version 4.1.17-1

    • Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363)

spacewalk-java:

  • Version 4.1.44-1

    • allow SCC to display the last check-in time for registered systems

    • Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360)

    • Add store info to Equals and hash methods to fix CVE audit process (bsc#1195282)

    • fix ClassCastException during action processing (bsc#1195043)

    • Fix disappearing metadata key files after channel change (bsc#1192822)

    • Pass only selected servers to taskomatic for cancelation (bsc#1194044)

spacewalk-web:

  • Version 4.1.32-1

    • Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360)

susemanager:

  • Version 4.1.33-1

    • set default for registration batch size

susemanager-doc-indexes:

  • Added a warning about the origin of the salt-minion package in the Register on the Command Line (Salt) section of the Client Configuration Guide

  • In the Client Configuration Guide, explain how you find channel names to register older SUSE Linux Enterprise clients.

  • Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client

susemanager-docs_en:

  • Added a warning about the origin of the salt-minion package in the Register on the Command Line (Salt) section of the Client Configuration Guide

  • In the Client Configuration Guide, explain how you find channel names to register older SUSE Linux Enterprise clients.

  • Added grub.cfg for GRUB 2 in the Upgrade chapter of the Client Configuration Guide

susemanager-schema:

  • Version 4.1.25-1

    • Continue with index migration when the expected indexes do not exist (bsc#1192566)

susemanager-sls:

  • Version 4.1.33-1

    • Fix errors on calling sed -E …​ by force_restart_minion with action chains

    • Postgres exporter package was renamed

    • fix deprecation warnings

    • enforce correct minion configuration similar to bootstrapping (bsc#1192510)

    • Improve pkgset beacon with using salt.cache to notify about the changes made while the minion was stopped Align the code of pkgset beacon to prevent warnings (bsc#1194464)

Version 4.1.13

hibernate5:

  • Fix potential SQL injection CVE-2020-25638 (bsc#1193832)

mgr-libmod:

  • Version 4.1.10-1

    • require python macros for building

mgr-osad:

  • Version 4.1.6-1

    • require python macros for building

prometheus-formula:

  • Version 0.3.5

    • Add support for new Uyuni SD in Prometheus >= 2.31

py27-compat-salt:

  • Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103)

  • Remove wrong _parse_cpe_name from grains.core

  • Fix file.find tracebacks with non utf8 file names (bsc#1190114)

  • Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)

  • Added Python2 build possibility for RHEL8

  • Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446)

  • Fix traceback.*_exc() calls

  • Fix the regression of docker_container state module (bsc#1191285)

spacecmd:

  • Version 4.1.16-1

    • require python macros for building

spacewalk-admin:

  • Version 4.1.11-1

    • add service to update configfile and introduce a backup scc user

spacewalk-backend:

  • Version 4.1.30-1

    • Add headers to update proxy auth token in listChannels (bsc#1193585)

    • require python macros for building

    • Fix the IS_SUSE variable in spacewalk-debug

    • exchange zypp-plugin dependency to use the python3 version (bsc#1192514)

    • Minor spec update.

    • Added RHN config parameter httpd_config_dir.

spacewalk-certs-tools:

  • Version 4.1.20-1

    • Make bootstrap script to use bash when called with a different interpreter (bsc#1191656)

spacewalk-client-tools:

  • Version 4.1.11-1

    • require python macros for building

spacewalk-java:

  • Version 4.1.42-1

    • Avoid using RPM tags when filtering modular packages in CLM (bsc#1192487)

    • fix XML syntax in cobbler snippets (bsc#1193694)

    • Fix stripping module metadata when cloning channels in CLM (bsc#1193008)

    • Fix system information forwarding to SCC (bsc#1188900)

    • forward registration data to SUSE Customer Center

    • Run Prometheus JMX exporter as Java agent (bsc#1184617)

    • Fix calling wrong XMLRPC bootstrap method (bsc#1192736)

    • Fix package update action with shared channels (bsc#1191313)

    • fix issue with empty action chains getting deleted too early (bsc#1191377)

    • switch to best repo auth item for contentsources (bsc#1191442)

    • Set product name and version in the User-Agent header when connecting to SCC

    • update last boot time of SSH Minions after bootstrapping (bsc#1191899)

    • Mark SSH minion actions when they’re picked up (bsc#1188505)

    • Add compressed flag to image pillars when kiwi image is compressed (bsc#1191702)

    • mgr-sync refresh logs when a vendor channel is expired and shows how to remove it (bsc#1191222)

  • Readable error when "mgr-sync add channel" is called with a non-existing label (bsc#1173143)

spacewalk-reports:

  • Version 4.1.5-1

    • Fixes query for system-history report to prevent more than one row returned by a subquery with rhnxccdftestresult.identifier (bsc#1191192)

spacewalk-setup:

  • Version 4.1.10-1

    • Increase "max_event_size" value for the Salt master (bsc#1191340)

    • Leave Cobbler bootloader directory at the default (bsc#1187708)

    • Don’t delete cobbler.conf contents.

    • Fixed FileNotFoundError on cobbler setup.

    • cobbler20-setup was removed

    • spacewalk-setup-cobbler was reimplemented in Python

    • Config files for Cobbler don’t get edited in place anymore, thus the original ones are saved with a ".backup" suffix

spacewalk-utils:

  • Version 4.1.19-1

    • require python macros for building

suseRegisterInfo:

  • Version 4.1.4-1

    • require python macros for building

susemanager:

  • Version 4.1.32-1

    • add additional default config values for forwarding registrations to SCC

susemanager-doc-indexes:

  • In the Troubleshooting section of the Client Configuration Guide, SUSE Linux Enterprise Server 11 clients also require previous SSL versions installed on the server

susemanager-docs_en:

  • In the Troubleshooting section of the Client Configuration Guide, SUSE Linux Enterprise Server 11 clients also require previous SSL versions installed on the server

susemanager-schema:

  • Version 4.1.24-1

    • Fix rhnChannelNewestPackageView in case there are duplicates (bsc#1193612)

    • DB schema to support forwarding data to SCC

susemanager-sls:

  • Version 4.1.32-1

    • Run Prometheus JMX exporter as Java agent (bsc#1184617)

    • Fix problem installing/removing packages using action chains in transactional systems

    • Don’t create skeleton /srv/salt/top.sls

    • Add missing compressed_hash value from Kiwi inspect (bsc#1191702)

uyuni-common-libs:

  • Version 4.1.10-1

    • Read modularity data from DISTTAG tag as fallback (bsc#1192487)

    • require python macros for building

Version 4.1.12

grafana-formula:

  • Version 0.4.2

    • Migrate deprecated panels in clients dashboard

prometheus-formula:

  • Version 0.3.4

    • Fix opening Prometheus ports on proxy

  • Version 0.3.3

    • Add Prometheus targets configuration for minions SSH probing

    • Open Prometheus ports (bsc#1191144)

py26-compat-salt:

  • Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996)

py26-compat-tornado:

  • No relevant changes for users

py27-compat-salt:

  • Fix the regression of docker_container state module

  • Support querying for JSON data in external sql pillar

  • Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996)

  • Fix wrong relative paths resolution with Jinja renderer when importing subdirectories

spacecmd:

  • Version 4.1.15-1

    • configchannel_updatefile handles directory properly (bsc#1190512)

spacewalk-backend:

  • Version 4.1.29-1

    • Avoid GPG errors messages in reposync caused by rpm not understanding signatures (bsc#1191538)

    • handle download of metadata filesnames with checksums (bsc#1188315)

    • Sanitize cached filename for custom SSL certs used by reposync (bsc#1190751)

spacewalk-certs-tools:

  • Version 4.1.18-1

    • set key format to PEM when generating key for traditional clients push ssh (bsc#1189643)

    • add GPG keys using apt-key on debian machines (bsc#1187998)

spacewalk-java:

  • Version 4.1.41-1

    • Move pickedup actions to history as soon as they are pickedup (bsc#1191444)

    • On salt-ssh minions, enforce package list refresh after state apply

    • Fix internal server error on DuplicateSystemsCompare (bsc#1191643)

    • mgr-sync refresh logs when a vendor channel is expire and shows how to remove it (bsc#1191222)

    • Remove NullPointerException in rhn_web_ui.log when building an image (bsc#1185951)

    • Add checksums to repository metadata filenames (bsc#1188315)

    • Fix ISE in product migration if base product is missing (bsc#1190151)

    • use TLSv1.3 if it is a supported Protocol

    • Adapt auto errata update to respect maintenance windows

    • Adapt auto errata update to skip during CLM build (bsc#1189609)

    • Update kernel live patch version on minion startup (bsc#1190276)

spacewalk-reports:

  • Version 4.1.4-1

    • Improve performance of inventory report (bsc#1191495)

subscription-matcher:

  • Version 0.27

susemanager:

  • Version 4.1.30-1

    • Add python-mako, python-gnupg and gnupg1 to the Debian 9 bootstrap repository so bootstrapping without any enabled repositories is possible (bsc#1191898)

    • Add the gnupg package for ubuntu which is then needed by apt-key (bsc#1187998)

susemanager-doc-indexes:

  • Add SLS state for keeping clients updated in Client Configuration Guide

  • Fixed unpublished patches note in the server update chapter of the Upgrade Guide

  • Added DNS resolution for minions to the troubleshooting section in the Client Configuration Guide

  • Documented low disc space warnings in the managing disk space chapter of the Administration Guide

  • In the ports section of the Installation Guide, mention tftpsync explicitly for port 443 (bsc#1190665)

  • In server upgrade procedure of the Upgrade Guide, add zypper ref step to refresh repositories reliably

  • Update effective_cache_size section of the Salt Guide (bsc#1191274)

  • Documented new filter in the content lifecycle management chapter of the Administration Guide

  • Added aarch64 support for clients in the Installation Guide and Client Configuration Guide

  • Documented AWS Permissions for Virtual Host Manager in VHM and Amazon Web Services chapter of the Client Configuration Guide

  • Removed an outdated patches note in the server update chapter of the

  • Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the commands on the client (bsc#1190166)

  • Removed Portus and CaaSP references from the image management chapter

susemanager-docs_en:

  • Add SLS state for keeping clients updated in Client Configuration Guide

  • Fixed unpublished patches note in the server update chapter of the Upgrade Guide

  • Added DNS resolution for minions to the troubleshooting section in the Client Configuration Guide

  • Documented low disc space warnings in the managing disk space chapter of the Administration Guide

  • In the ports section of the Installation Guide, mention tftpsync explicitly for port 443 (bsc#1190665)

  • In server upgrade procedure of the Upgrade Guide, add zypper ref step to refresh repositories reliably

  • Update effective_cache_size section of the Salt Guide (bsc#1191274)

  • Documented new filter in the content lifecycle management chapter of the Administration Guide

  • Added aarch64 support for clients in the Installation Guide and Client Configuration Guide

  • Documented AWS Permissions for Virtual Host Manager in VHM and Amazon Web Services chapter of the Client Configuration Guide

  • Removed an outdated patches note in the server update chapter of the

  • Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the commands on the client (bsc#1190166)

  • Removed Portus and CaaSP references from the image management chapter

susemanager-sls:

  • Version 4.1.31-1

    • Fix mgrcompat state module to work with Salt 3003 and 3004

    • Update kernel live patch version on minion startup (bsc#1190276)

Version 4.1.11

hub-xmlrpc-api:

  • Use rpm systemd macro to restart service in replace of systemctl

openvpn-formula:

  • Changed package to noarch.

prometheus-exporters-formula:

  • Fix formula data migration with missing exporter configuration (bsc#1188136)

py26-compat-salt:

  • Fix error handling in OpenSCAP module (bsc#1188647)

  • Define license macro as doc in spec file if not existing

py27-compat-salt:

  • Add missing aarch64 to rpm package architectures

  • Consolidate some state requisites (bsc#1188641)

  • Fix failing unit test for systemd

  • Fix error handling in OpenSCAP module (bsc#1188647)

  • Better handling of bad public keys from minions (bsc#1189040)

  • Define license macro as doc in spec file if not existing

spacecmd:

  • Add schedule_archivecompleted to mass archive actions (bsc#1181223)

  • Use proper ordering when listing activationkey

  • Remove whoami from the list of unauthenticated commands (bsc#1188977)

  • Make schedule_deletearchived to get all actions without display limit

  • Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)

spacewalk-backend:

  • Fix typo "verfication" instead of "verification"

spacewalk-java:

  • Allow getting all completed actions via XMLRPC without display limit (bsc#1181223)

  • Add XMLRPC API to force refreshing pillar data (bsc#1190123)

  • Add missing string on XCCDF scan results (bsc#1190164)

  • Support syncing patches with advisory status 'pending' (bsc#1190455)

  • Ignore duplicates in 'pkg.installed' result when applying patches (bsc#1187572)

  • XMLRPC: Add call for listing application monitoring endpoints

  • Do not log XMLRPC fault exceptions as errors (bsc#1188853)

  • Allow getting all archived actions via XMLRPC without display limit (bsc#1181223)

  • Delete ActionChains when the last action is a Reboot and it completes (bsc#1188163)

  • Fix timezone offset shifted by JS Date Object (bsc#1187150)

spacewalk-setup:

  • Increase max size for uploaded files to Salt master

spacewalk-utils:

  • When renaming: don’t regenerate CA, allow using third-party certificate and trigger pillar refresh (bsc#1190123)

spacewalk-web:

  • Fix timezone offset shifted by JS Date Object (bsc#1187150)

supportutils-plugin-susemanager:

  • Detect broken symlinks in tomcat, taskomatic and search daemon

susemanager:

  • Abort migration if data_directory is defined at the PostgreSQL

susemanager-build-keys:

  • Add Debian 11 keys

susemanager-doc-indexes and susemanager-docs_en:

  • Update for hostname renaming documentation

  • Add information about pam service name limitations

  • Added warning about future deprecation of traditional clients

  • Updated Setup section in the Installation Guide on trouble shooting freely available products

  • Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656)

  • Correct package name for PAM authentication (bsc#1171483)

  • Added more information on Salt ssh user configuration in the Salt Guide (bsc#1187549)

  • Documented KIWI options and profile selection in Administration Guide.

  • Added note about autoinstallation kernel options and Azure clients

  • Removed conflict appearing on mangled pages (bsc#1172671)

susemanager-schema:

  • Support syncing patches with advisory status 'pending' (bsc#1190455)

  • Fix wrongly assigned entitlements due to system transfer (bsc#1188032)

susemanager-sync-data:

  • Set OES 2018 SP3 to released

Version 4.1.10

prometheus-exporters-formula:

  • Fix exporter exporter modules configuration

  • Fix null formula data dictionary values (bsc#1186025)

  • Move exporters configurations to dedicated group prometheus_exporters

  • This version changes the formula data schema and is not backwards compatible. Downgrading from this version will require reconfiguring the formula for all your minions.

prometheus-formula:

  • Add docs stings in file SD UI

py26-compat-salt:

  • Enhance OpenSCAP module: add "xccdf_eval" call

py27-compat-salt:

  • Do noop for services states when running systemd in offline mode (bsc#1187787)

  • Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170)

  • Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787)

  • Enhance OpenSCAP module: add "xccdf_eval" call

  • Virt: pass emulator when getting domain capabilities from libvirt

  • Implementation of held/unheld functions for state pkg (bsc#1187813)

spacecmd:

  • Add schedule_deletearchived to bulk delete archived actions (bsc#1181223)

spacewalk-backend:

  • Fix rpm handling of empty package group and devicefiles tag (bsc#1186650)

  • Show better error message when reposync failed

spacewalk-branding:

  • Change white space behavior on modal bodies

spacewalk-java:

  • Fix random NullPointerException when rendering page tabs (bsc#1182769)

  • Ensure XMLRPC returns 'issue_date' in ISO format when listing erratas (bsc#1188260)

  • Fix entitlements not being updated during system transfer (bsc#1188032)

  • Add Beijing timezone to selectable timezones (bsc#1188193)

  • Fix updating primary net interface on hardware refresh (bsc#1188400)

  • Fix issues when removing archived actions using XMLRPC api (bsc#1181223)

  • Readable error when "mgr-sync add channel" is called with a no-existing label (bsc#1173143)

  • SP migration: wait some seconds before scheduling "package refresh" action after migration is completed (bsc#1187963)

  • Manually disable repositories on redhat like systems

  • Show reposync errors in user notification details

  • Do not check accessibility of free product repositories (bsc#1182817)

  • Define a pillar for the https port when connection as ssh-push with tunnel (bsc#1187441)

  • Do not update Kickstart session when download after session is complete or failed (bsc#1187621)

spacewalk-web:

  • Update web UI version to 4.1.10

susemanager:

  • Fix a typo so mgr-create-bootstrap-script can exit gracefully when interrupted (bsc#1188073)

susemanager-doc-indexes:

  • Amended client configuration guide to exclude paragraphs that are uyuni specific for centos and oracle clients

  • Updated image management chapter in administration guide; python and python-xml are no longer required for container image inspection (bsc#1167586, bsc#1164192)

susemanager-docs_en:

  • Amended client configuration guide to exclude paragraphs that are uyuni specific for centos and oracle clients

  • Updated image management chapter in administration guide; python and python-xml are no longer required for container image inspection (bsc#1167586, bsc#1164192)

susemanager-schema:

  • Force a one-off VACUUM ANALYZE

  • Upgrade scripts idempotency fixes

  • Add Beijing timezone to selectable timezones (bsc#1188193)

susemanager-sls:

  • Skip 'update-ca-certificates' run if the certs are updated automatically

  • When bootstrapping with ssh-push with tunnel use the port number for fetching GPG keys from the server (bsc#1187441)

susemanager-sync-data:

uyuni-common-libs:

  • Handle broken RPM packages to prevent exceptions causing fails on repository synchronization (bsc#1186650)

Version 4.1.9

cobbler:

  • Avoid traceback when building tftp files for ppc arch system when boot_loader is not set (bsc#1185679)

mgr-libmod:

py27-compat-salt:

  • Fix exception in yumpkg.remove for not installed package

  • Fix save for iptables state module (bsc#1185131)

  • Virt: use /dev/kvm to detect KVM

  • Zypperpkg: improve logic for handling vendorchange flags

  • Add bundled provides for tornado to the spec file

  • Enhance logging when inotify beacon is missing pyinotify (bsc#1186310)

  • Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros

  • Detect Python version to use inside container (bsc#1167586) (bsc#1164192)

  • Handle volumes on stopped pools in virt.vm_info (bsc#1186287)

  • Grains.extra: support old non-intel kernels (bsc#1180650)

  • Fix missing minion returns in batch mode (bsc#1184659)

  • Parsing Epoch out of version provided during pkg remove (bsc#1173692)

spacecmd:

  • Enhance help for installation types when creating distributions (bsc#1186581)

spacewalk-backend:

  • Check if batch needs to be imported even after failure (bsc#1183151)

  • Fix downloading comps files by matching type in repomd.xml (bsc#1186653)

  • Added logging for dpkg repository detection

spacewalk-java:

  • Add missing task status strings (bsc#1186744)

  • Fix product migration when scheduled from the event page (bsc#1187066)

  • Fix permission problem with /srv/susemanager/salt/custom files (bsc#1186325)

  • Strip the modular metadata for newly created channels in CLM if modular filters present (bsc#1184118)

  • Fixing ISE when searching in docs for logged-in users (bsc#1186319)

  • Allow virtualization host entitlement on Xen Dom0 (bsc#1185522)

  • Fix start/end timestamps for xccdf scan details (bsc#1186016)

  • Fix report links for SCAP Scans (bsc#1186017)

  • Remove duplicate entries on AppStream filter channel browser

  • Fix problem reading product_tree.json from wrong location in offline setups (bsc#1184283)

  • XMLRPC: Endpoint for aligning channel metadata based on another channel (bsc#1182810)

  • Fix the problem with wrong icons for virtual systems (bsc#1185507)

  • Add group by clause to reduce the number of rows for groupAdvisoryTypes CTE to improve performance(bsc#1185015)

  • Fix file ownership and permissions in /srv/susemanager/pillar_data/ (bsc#1179954)

  • Fix disapearing Autoinstallation Menu for minions (bsc#1184813)

  • Catch not found repository and create a standard error page (bsc#1183992)

spacewalk-search:

  • Prevent writing error messages when just skipping the indexer run (bsc#1185628)

spacewalk-utils:

  • Align the modules.yaml of target channel after cloning errata (bsc#1182810)

  • Adapt hostname rename check to allow also short hostname in various hostname files on the filesystem (bsc#1176512)

  • Spacewalk-hostname-rename: change hostname in /root/.mgr-sync (bsc#1183994)

spacewalk-web:

  • Do not render the section toolbar if it is empty

susemanager:

  • Sort products in mgr-sync output

  • Fix creating deb bootstrap repos with packages having new checksums (bsc#1184330)

susemanager-doc-indexes:

  • Document update for openSUSE Leap 15.3

  • RHEL 6, Oracle Linux 6, CentOS 6, SUSE Linux Enterprise Expanded Support 6, and Ubuntu 16.04 are end-of-life upstream and no longer supported by SUSE as client operating systems.

susemanager-docs_en:

  • Document update for openSUSE Leap 15.3

  • RHEL 6, Oracle Linux 6, CentOS 6, SUSE Linux Enterprise Expanded Support 6, and Ubuntu 16.04 are end-of-life upstream and no longer supported by SUSE as client operating systems.

susemanager-sls:

Version 4.1.8

cobbler:

  • Prevent some race conditions when writting tftpboot files and the destination directory is not existing (bsc#1186124)

  • Fix trail stripping in case of using UTF symbols (bsc#1184561)

  • Make "fence_ipmitool" a wrapper for "fence_ipmilan" using always lanplus (bsc#1184361)

  • Remove unused template for fence_ipmitool.

golang-github-prometheus-node_exporter:

  • Update to 1.1.2

    • Bug fixes + Handle errors from disabled PSI subsystem + Sanitize strings from /sys/class/power_supply + Silence missing netclass errors + Fix ineffassign issue + Fix some noisy log lines + filesystem_freebsd: Fix label values + Fix various procfs parsing errors + Handle no data from powersupplyclass + udp_queues_linux.go: change upd to udp in two error strings + Fix node_scrape_collector_success behaviour + Fix NodeRAIDDegraded to not use a string rule expressions + Fix node_md_disks state label from fail to failed + Handle EPERM for syscall in timex collector + bcache: fix typo in a metric name + Fix XFS read/write stats

    • Changes + Improve filter flag names + Add btrfs and powersupplyclass to list of exporters enabled by default

    • Features + Add fibre channel collector + Expose cpu bugs and flags as info metrics + Add network_route collector + Add zoneinfo collector

    • Enhancements + Add more InfiniBand counters + Add flag to aggr ipvs metrics to avoid high cardinality metrics + Adding backlog/current queue length to qdisc collector + Include TCP OutRsts in netstat metrics + Add pool size to entropy collector + Remove CGO dependencies for OpenBSD amd64 + bcache: add writeback_rate_debug status + Add check state for mdadm arrays via node_md_state metric + Expose XFS inode statistics + Expose zfs zpool state + Added an ability to pass collector.supervisord.url via SUPERVISORD_URL environment variable

  • Do not include sources (bsc#1151558)

  • Remove rc symlink

grafana-formula:

  • Fix Grafana dashboards requiring single series (bsc#1184471)

patterns-suse-manager:

  • Add require for py27-compat-salt (Salt 3002 does not provide python2-salt anymore)

prometheus-exporter-formula:

pxe-yomi-image-sle15:

  • Remove PermitEmptyPasswords from SSH config (Fix bsc#1182744)

py26-compat-salt:

  • Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607)

spacewalk-admin:

  • Stop jabberd when osa-dispatcher is enabled (bsc#1185042)

spacewalk-backend:

  • Fail traditional errata and package actions when they act on retracted items

  • Add advisory_status to reposync and ISS

  • Add minrate/timeout configuration values for downloading DEB/RPM packages

  • switch to www group for satellite logs (bsc#1185097)

  • Fix binary blob corruptions in tradidional config file deployment (bsc#1183864)

  • Fix for GPG checking on synchonizing mirrored dpkg repo (bsc#1184351)

spacewalk-branding:

  • Add the CSS class for retracted errata/packages

spacewalk-certs-tools:

  • Fix typo: activaion -> activation

  • Add support of DISABLE_LOCAL_REPOS=0 for Salt minions (bsc#1185568)

  • Add missing environment variable SALT_RUNNING for pkg module to the minion configuration

spacewalk-java:

  • Speed up pages to compare or add packages to channels (bsc#1178767)

  • Bugfix: Remove the unneeded check that was stopping updating a virtual instance type (bsc#1180673)

  • Exclude minions from the list of locally-managed/sandbox systems when copying config files (bsc#1184940)

  • Lower case fqdn comparation when calculating minion connection path (bsc#1184849)

  • Bugfix: Retracted Patches: Filter minion correctly when executing package install (bsc#1184929)

  • Implement retracted patches

  • For a SUSE system get metadata and package from same source (bsc#1184475)

  • Check if the directory exists prior to modular data cleanup (bsc#1184311)

  • Assign right base product for res8 (bsc#1184005)

  • Fix docs link in my organization configuration (bsc#1184286)

  • Only update the kickstart path in cobbler if necessary (bsc#1175216)

  • Do not require advisory_status to be set in ErrataHandler.create (bsc#1185965)

  • Change Prometheus exporters formula data schema to make it more generic and extendable

spacewalk-utils:

  • Bugfix for ubuntu-18.04 repo urls: multiverse, restricted and backports

  • Add multiverse, restricted and backports to Ubuntu 16.04, 18.04 and 20.04

spacewalk-web:

  • Upgrade react-select to 4.3.0 and lodash to 4.17.21

  • Show the info about unsynced patches in the Content Lifecycle Management screens

susemanager:

  • Add bootstrap repo data for SUSE Manager 4.1 Proxy

  • Require gio-branding-SLE for SLE15 but not for openSUSE Leap 15

  • Add bootstrap repo data for OES2018-SP3-x86_64 (bsc#1183845)

  • Enable bootstrap repository creation for openSUSE Leap 15.3 for Uyuni

  • Add python3-distro to RES8, SLE15, Ubuntu20.04 and Debian 10 bootstrap repositories to fix bootstrapping issues (bsc#1184332)

  • add python3-pycryptodome to Ubuntu and Debian 10 bootstrap repos (bsc#1186346)

  • add gnupg and its dependencies to debian 10 bootstrap repo

susemanager-doc-indexes:

  • Adds additional dependencies for Debian client registration in Client Configuration Guide (bsc#1183649)

  • Remove some openSUSE Leap 15.1 references

  • Add reposync configuration settings to Troubleshooting chapter of the Administration Guide

  • Update the entry about module.run for SAP Guide

susemanager-docs_en:

  • Adds additional dependencies for Debian client registration in Client Configuration Guide (bsc#1183649)

  • Remove some openSUSE Leap 15.1 references

  • Add reposync configuration settings to Troubleshooting chapter of the Administration Guide

  • Update the entry about module.run for SAP Guide

susemanager-schema:

  • DB schema & migrations for retracted patches

susemanager-sls:

  • Fix insecure JMX configuration (bsc#1184617)

  • Avoid conflicts with running ioloop on mgr_events engine (bsc#1172711)

  • Keep salt-minion when it is installed to prevent update problems with dependend packages not available in the bootstrap repo (bsc#1183573)

  • Enable certificate deployment for Leap 15.3 clients which is needed for bootstrapping (bsc#1186765)

  • Do not install python2-salt on Salt 3002.2 Docker build hosts (bsc#1185506)

  • Add support for 'disable_local_repos' Salt minion config parameter (bsc#1185568)

  • fix installation of gnupg on Debian 10

  • exclude openSUSE Leap 15.3 from product installation (bsc#1186858)

susemanager-sync-data:

tika-core:

  • New upstream version 1.26. Fixes:

    • Infinite loop in the MP3Parser (bsc#1184892, CVE-2021-28657)

    • Out of memory error while loading a file in PDFBox before 2.0.23.

    • Infinite loop while loading a file in PDFBox before 2.0.23.

    • System.exit vulnerability in Tika’s OneNote Parser; out of memory errors and/or infinite loops in Tika’s ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser.

    • Excessive memory usage (DoS) vulnerability in Apache Tika’s PSDParser

    • Infinite Loop (DoS) vulnerability in Apache Tika’s PSDParser

uyuni-common-libs:

  • Maintainer field in debian packages are only recommended (bsc#1186508)

xstream:

Version 4.1.7.1

spacewalk-web:

  • Fix check for for mirrorlist URLs when refreshing products (bsc#1184861)

Version 4.1.7

golang-github-lusitaniae-apache_exporter:

  • Build with Go 1.15

mgr-libmod:

  • Support multiple stream versions for RHEL repos (bsc#1183038)

py26-compat-msgpack-python:

  • Added versioned Python2 for RHEL8

python-susemanager-retail:

  • Skip internal initialization of excluded formulas

rhnlib:

  • Require missing python-backports.ssl_match_hostname on SLE 11 (bsc#1183959)

spacecmd:

  • Handle SIGPIPE without a user-visible exception (bsc#1181124)

spacewalk-backend:

  • Deb_src repo plugin is not restoring config namespace on exception (bsc#1182197)

  • Fixing improper exception handling causing another exception in ThreadedDownloader

  • Avoid race condition due to multiple reposync import threads (bsc#1183151)

  • Fix for UnicodeDecodeError in satellite-sync: Opening RPM file in binary mode (bsc#1181274)

spacewalk-certs-tools:

  • Add reactivation key support to bootstrap script (bsc#1181580)

spacewalk-client-tools:

  • Fallback to sysfs when reading info from python-dmidecode fails (bsc#1182603)

  • Log an error when product detection failed (bsc#1182339)

spacewalk-java:

  • Eliminate duplicate entries when displaying results from mgr-libmod

  • Speed up the system groups page (bsc#1182132)

  • Raise length limit for kernel options (bsc#1182916)

  • Adapt logging for testing accessability of URLs (bsc#1182817)

  • Fix: populate docker-registries on inspection (bsc#1178179)

  • Log shell command output on failure when checking known_hosts file permissions

  • Speed up pages to compare or add packages to channels (bsc#1178767)

  • Improve fromdir with better mapping of URL to local files

spacewalk-setup:

  • Set AJP parameters differently to prevent AH00992, AH00877 and AH01030: ajp_ilink_receive() can’t receive header errors (bsc#1179271)

spacewalk-utils:

  • Add the Universe Security repositories for Ubuntu

spacewalk-web:

  • Fix flow-bin runtime issues that were breaking the tests

susemanager-doc-indexes:

  • Remove Universe requirement for Ubuntu 20.04

  • Adds missing Salt steps for Replacing Proxy procedure in Installation Guide (bsc#1181580)

susemanager-docs_en:

  • Remove Universe requirement for Ubuntu 20.04

  • Adds missing Salt steps for Replacing Proxy procedure in Installation Guide (bsc#1181580)

susemanager-schema:

  • Raise length limit for kernel options (bsc#1182916)

  • Fix: increase password length in the database (bsc#1182687)

susemanager-sls:

  • Prevent useless package list refresh actions on zypper minions (bsc#1183661)

  • Skip removed product classes with satellite-sync

  • Handle GPG keys when bootstrapping ssh minions (bsc#1181847)

  • Require new kiwi-systemdeps packages (bsc#1184271)

susemanager-sync-data:

  • Define missing ubuntu universe update channels (bsc#1182842)

  • Define UEK repositories for Oracle Linux

Version 4.1.6

cobbler:

  • Fix string replacement for @@xyz@@

  • Better performing string replacements

grafana-formula:

  • Set supported to false for unsupported systems (bsc#1182001)

  • Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions

mgr-libmod:

mgr-osad:

  • Adapt to new SSL implementation of rhnlib (bsc#1181807)

prometheus-exporters-formula:

  • Add Ubuntu support for Prometheus exporters' reverse proxy

prometheus-formula:

py26-compat-salt:

  • Do not crash when unexpected cmd output at listing patches (bsc#1181290)

rhnlib:

  • Change SSL implementation to Python SSL for better SAN and hostname matching support (bsc#1181807)

smdba:

  • Do not remove the database if there is no backup and deal with manifest

spacewalk-backend:

  • Open repomd files as binary (bsc#1173893)

  • Fix requesting Release file in debian repos (bsc#1182006)

  • Reposync: Fixed Kickstart functionality.

  • Reposync: Fixed URLGrabber error handling.

  • Reposync: Fix modular data handling for cloned channels (bsc#1177508)

spacewalk-client-tools:

  • Adapt to new SSL implementation of rhnlib (bsc#1181807)

spacewalk-config:

  • Increase Apache SSL logs to include response code and process time

spacewalk-java:

  • Homogenizes style in filter buttons, facilitating testability

  • Cleanup sessions via SQL query instead of SQL function (bsc#1180224)

  • Rebuild and improve rendering of error pages 404 and 500 pages (bsc#1181228)

  • Fix user creation with PAM authentication and no password (bsc#1179579)

  • Fix action chains for saltssh minions (bsc#1182200)

  • FIX: Slow response of 'Software > Install' in Ubuntu minions (bsc#1181165)

  • Do not call page decorator in HEAD requests (bsc#1181228)

  • Add 'mgr_origin_server' to Salt pillar data (bsc#1180439)

  • Ensure new files are synced just after writing them (bsc#1175660)

  • Enable OpenSCAP auditing for Salt systems in SSM (bsc#1157711)

  • Detect debian products (bsc#1181416)

  • Show packages from channels assigned to the targeted system (bsc#1181423)

  • Add an API endpoint to allow/disallow scheduling irrelevant patches (bsc#1180757)

  • Open raw output in new tab for ScriptRunAction (bsc#1180547)

  • Default to preferred items per page in content lifecycle lists (bsc#1180558)

  • Fix modular data handling for cloned channels (bsc#1177508)

  • Fix: login gets an ISE when SSO is enabled (bsc#1181048)

spacewalk-utils:

  • Fix modular data handling for cloned channels (bsc#1177508)

spacewalk-web:

  • Replace CRLF in ssh priv key when bootstrapping (bsc#1182685)

  • Upgrade immer to fix CVE-2020-28477

  • Default to preferred items per page in content lifecycle lists (bsc#1180558)

  • Fix sorting in content lifecycle projects and cluster tables (bsc#1180558)

subscription-matcher:

  • Update the xstream dependency to 1.4.15

susemanager:

  • Add SLE 15 SP3 bootstrap repository definitions (bsc#1182008)

  • Python3-dbus-python and dependencies not installed by default on JeOS SLE15 images, add them to the bootstrap repository list of packages for traditional (bsc#1182071)

susemanager-doc-indexes:

  • Updated Command Line Registration with Salt section in the Client Configuration Guide for clarity.

  • Adds openSUSE Leap SP migration to the SP migration section of the Client Configuration Guide

  • Adds note that bootstrap procedure for selecting a parent channel is optional in Client Configuration Guide (bsc#1181635)

  • Adds note about checking for valid UUIDs in fstab when backing up (bsc#1181814)

  • Updated command for running configure proxy script when replacing a proxy

  • Fixed bad SUSE Customer Center URL

susemanager-docs_en:

  • Updated Command Line Registration with Salt section in the Client Configuration Guide for clarity.

  • Adds openSUSE Leap SP migration to the SP migration section of the Client Configuration Guide

  • Adds note that bootstrap procedure for selecting a parent channel is optional in Client Configuration Guide (bsc#1181635)

  • Adds note about checking for valid UUIDs in fstab when backing up (bsc#1181814)

  • Updated command for running configure proxy script when replacing a proxy

  • Fixed bad SUSE Customer Center URL

susemanager-schema:

  • Drop "pxt_session_cleanup" function (bsc#1180224)

  • Enable OpenSCAP auditing for Salt systems in SSM (bsc#1157711)

susemanager-sls:

  • Ubuntu 18 has version of apt which does not correctly support auth.conf.d directory. Detect the working version and use this feature only when we have a higher version installed

xstream:

Version 4.1.5.1

salt:

  • VUL-0: salt: February 2021 release (bsc#1181550)

  • VUL-0: CVE-2020-28243: salt: possible privilege escalation on a minion when an unprivileged user is able to create files in any non-blacklisted directory (bsc#1181556)

  • VUL-0: CVE-2020-28972: salt: authentication to vCenter, vSphere, and ESXi servers does not always validate the SSL/TLS certificate (bsc#1181557)

  • VUL-0: CVE-2021-3148: salt: possible command injection when sending crafted web requests to the Salt API via SSH client (bsc#1181558)

  • VUL-0: CVE-2021-25281: salt: API does not honor eAuth credentials for the wheel_async client (bsc#1181559)

  • VUL-0: CVE-2021-25282: salt: salt.wheel.pillar_roots.write method is vulnerable to directory traversal (bsc#1181560)

  • VUL-0: CVE-2021-25283: salt: jinja render does not protect against server-side template injection attacks (bsc#1181561)

  • VUL-0: CVE-2021-3144: salt: eauth tokens can be used once after expiration (bsc#1181562)

  • VUL-0: CVE-2021-25284: salt: Salt.modules.cmdmod can log credential to the “error” log level (bsc#1181563)

  • VUL-0: CVE-2021-3197: salt: Salt-API’s SSH client is vulnerable to a shell injection by including ProxyCommand in an argument (bsc#1181564)

  • VUL-0: CVE-2020-35662: salt: certain modules do not always validated SSL certificates (bsc#1181565)

Version 4.1.5

cpu-mitigations-formula:

  • Handle unsupported target systems gracefully (bsc#1179273)

  • add mitigations for Xen hypervisor

ical4j:

  • Use error-prone 2.4.0 to prevent build errors on OBS

mgr-libmod:

  • Improve modular dependency resolution algorithm (bsc#1177267)

mgr-osad:

  • Change the log file permissions as expected by logrotate (bsc#1177884)

smdba:

  • Fix smdba throws error on mgr-setup/installation

  • Raise an exception on failed external process call

  • Fix TablePrint formatting

  • Rename configuration parameter wal_keep_segments to wal_keep_size (jsc#SLE-17030)

  • Revert modifying cpu_tuple_cost

spacecmd:

  • Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823)

  • Added '-r REVISION' option to the 'configchannel_updateinitsls' command (bsc#1179566)

  • Fix: internal: workaround for future tee of logs translation

spacewalk-backend:

  • Drop Transfer-Encoding header from proxy respone to fix error response messages (bsc#1176906)

  • Prevent tracebacks on missing mail configuration (bsc#1179990)

  • Fix pycurl.error handling in suseLib.py (bsc#1179990)

  • Harden extratag key import by execute_values to ignore conflicts

  • Fix Debian package version comparison

  • Use sanitized repo label to build reposync repo cache path (bsc#1179410)

  • Quote the proxy settings to be used by Zypper (bsc#1179087)

  • Add the VirtualPC as virtualization type (bsc#1178990)

  • Truncate author name in the changelog (bsc#1180285)

spacewalk-java:

  • Fix CVE audit results for affected and patched entries (bsc#1180893)

  • Replace custom version comparison method with the standard one which also takes debian packages into account

  • Fix incorrect password autocompletions (bsc#1148357)

  • Improves misleading UI message displayed on systems with modules activated (bsc#1179525)

  • Fix reboot action race condition (bsc#1177031)

  • Fix availability check for debian repositories (bsc#1180127)

  • Added 'contents' argument to the 'configchannel.create' XMLRPC API method (bsc#1179566)

  • Ignore duplicate NEVRAs in package profile update (bsc#1176018)

  • Prevent deletion of CLM environments if they’re used in an autoinstallation profile (bsc#1179552)

  • Fix Debian package version comparison

  • Added 'revision' argument to the 'configchannel.updateInitSls' XMLRPC API method (bsc#1179566)

  • Fix configuration file download links to actually download files instead of redirecting to the home page (bsc#1179324)

  • Register saltkey XMLRPC handler and fix behavior of delete Salt key (bsc#1179872)

  • Add validation for custom repository labels

  • Add lang attribute to html tags

  • Fix expanded support detection based on CentOS installations (bsc#1179589)

  • Generalize the reactivation key message (bsc#1178483)

  • Add translation strings for newly added countries and timezones (jsc#PM-2081)

  • Add the VirtualPC as virtualization type (bsc#1178990)

  • Fix the activation key handling from kickstart profile (bsc#1178647)

  • Improve modular dependency resolution algorithm (bsc#1177267)

  • fix query using old EVR_T constructor (bsc#1181422)

spacewalk-reports:

  • Fixes no file content in spacewalk-report config-files

  • Write <binary data> placeholder instead of dumping binary data

spacewalk-utils:

  • Remove Debian 9 and 10 channels for SUSE Manager, now provided by SCC data

spacewalk-web:

  • Fix Package States page display error (bsc#1180580)

  • Fix incorrect password autocompletions (bsc#1148357)

  • Migrate CommonJS based React components to ES6

  • Prevent deletion of CLM environments if they’re used in an autoinstallation profile (bsc#1179552)

  • Fix loading indicator for tables using SimpleDataProvider (bsc#1177756)

  • Fix question mark explanations for Recurring States (bsc#1179485)

  • Allow specifying both name and label of new Content Environment (bsc#1176411)

susemanager:

  • Use product IDs for Debian 9 and 10 SUSE Manager bootstrap repo data

susemanager-build-keys:

  • Add Debian 9 and Debian 10 keys

  • Add Debian 8 Archive Key - required to verify Debian 9 successfully (bsc#1181233)

susemanager-doc-indexes:

  • Fixed error in Create and Replace CA and Server Certificates of Administration Guide (bsc#1180001)

  • Fixed package name and command in Troubleshooting Renaming Server section of the Administration Guide (bsc#1179171)

  • Added documentation on replacing a proxy server in the Installation Guide (bsc#1179438)

  • Moves and updates advice about modular repositories on RHEL clones in Client Configuration Guide (bsc#1179277)

  • Adds Debian 9 and 10 on SUSE Manager to Client configuration

  • Adds troubleshooting info for ISS caching

  • Adds note about Appstream Packages in Channels section of Client configuration Guide (bsc#1179525)

  • Corrected name of unresolved include (bsc#1181129)

susemanager-docs_en:

  • Fixed error in Create and Replace CA and Server Certificates of Administration Guide (bsc#1180001)

  • Fixed package name and command in Troubleshooting Renaming Server section of the Administration Guide (bsc#1179171)

  • Added documentation on replacing a proxy server in the Installation Guide (bsc#1179438)

  • Moves and updates advice about modular repositories on RHEL clones in Client Configuration Guide (bsc#1179277)

  • Adds Debian 9 and 10 on SUSE Manager to Client configuration

  • Adds troubleshooting info for ISS caching

  • Adds note about Appstream Packages in Channels section of Client configuration Guide (bsc#1179525)

  • Corrected name of unresolved include (bsc#1181129)

susemanager-schema:

  • Changed to versioned Python3 to SPEC file.

  • Python3 port for blend tool

  • Add missing unique index on suse tables

  • Fix Debian package version comparison

  • Add new valid countries and timezones (jsc#PM-2081)

  • Add the VirtualPC type in rhnVirtualInstanceType table(bsc#1178990)

  • Improve cleanup time after fixing Debian package version comparison (bsc#1181116)

susemanager-sls:

  • Make autoinstallation provisoning compatible with GRUB and ELILO in addition to GRUB2 only (bsc#1164227)

  • fix apt login for similar channel labels (bsc#1180803)

susemanager-sync-data:

  • Add product definitions for Debain 9 AMD64 and Debian 10 AMD64

  • change centos 6 URLs to vault.centos.org

uyuni-common-libs:

  • Section in Debian packages in now treated as optional (bsc#1179555)

yomi-formula:

  • Add temporary and explicit dependency to libudev1

Version 4.1.4

image-sync-formula:

  • Send image_synced event to master

mgr-libmod:

  • Fix 'module not found' exception handling (bsc#1179257)

postgresql-jdbc:

pxe-yomi-image-sle15:

  • Update config.sh based on last JeOS template

  • Update JEOS_LOCALE to en_US.UTF-8

  • Support config{_url}{_name} for user provided configuration

python-susemanager-retail:

  • Handle organizations in retail_create_delta

saltboot-formula:

  • Support older SLE11 cryptsetup (bsc#1172287)

  • Use images with "synced" flag

spacecmd:

  • Fix: make spacecmd build on Debian

spacewalk-admin:

  • Use the license macro to mark the LICENSE in the package so that when installing without docs, it does install the LICENSE file

  • Prevent javax.net.ssl.SSLHandshakeException after upgrading from SUSE Manager 3.2 (bsc#1177435)

spacewalk-backend:

  • Fix missing 'LiteServer.add_suse_products' method (bsc#1178704)

  • Do not raise TypeError when processing SUSE products (bsc#1178704)

  • Fix spacewalk-repo-sync to successfully manage and sync ULN repositories

  • Fix errors in spacewalk-debug and align postgresql queries to new DB version

  • ISS: Differentiate packages with same nevra but different checksum in the same channel (bsc#1178195)

  • Re-enables possibility to use local repos with repo-sync (bsc#1175607)

  • Add 'allow_vendor_change' option to rhn clients for dist upgrades

spacewalk-certs-tools:

  • Improve check for correct CA trust store directory (bsc#1176417)

spacewalk-client-tools:

  • Update translations

spacewalk-java:

  • Update content sensitive help links

  • Update exception message in findSyncedMandatoryChannels

  • Report resolved module dependencies on CLM project details page

  • Allow creating custom ULN repositories with uln:// urls

  • Change message "Minion is down" to be more accurate

  • Localize documentation links

  • Temp: revert Sync state modules when starting action chain execution (bsc#1177336)

  • Fix check for available products on ISS Slaves (bsc#1177184)

  • XMLRPC: Report architecture label in the list of installed packages (bsc#1176898)

  • Get media.1/products for cloned channels (bsc#1178303)

  • Calculate size to truncate a history message based on the htmlified version (bsc#1178503)

  • Make image pillar visible only in buildhost organization

  • Maintain list of synced images in pillar

  • Enable validation of Content Lifecycle Management entities in the XMLRPC API (bsc#1177706)

  • Fix the order of the arguments in the XMLRPC API doc for contentmanagement.buildProject (bsc#1177704)

  • Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file (bsc#1175739)

  • Log token verify errors and check for expired tokens

  • Show only kernel options in advanced autoinstallation page when working with a Salt minion (bsc#1177767)

  • Show cluster upgrade plan in the upgrade UI

  • Take pool and volume from Salt virt.vm_info for files and blocks disks (bsc#1175987)

  • Add new allowVendorChange flag for dist upgrades

  • Sync state modules when starting action chain execution (bsc#1177336)

  • Enable redfish power management by default

spacewalk-search:

  • Add multi lang support to the document search

spacewalk-setup:

  • Add sock_pool_size setting by default for better performance

spacewalk-web:

  • Update content sensitive help links

  • Fix mandatory channels JS API to finish loading in case of error (bsc#1178839)

  • Fix the search panel in CLM filters page

  • Localize documentation links

  • Fix link to documentation in Admin -> Manager Configuration -> Monitoring (bsc#1176172)

  • Show cluster upgrade plan in the upgrade UI

  • Don’t allow selecting spice for Xen PV and PVH guests

supportutils-plugin-susemanager:

  • Remove checks for obsolete packages

  • Gather new configfiles

  • Add more important informations

susemanager:

  • Adapt Debian10 bootstrap repository definition for Salt on Python 3

  • Add --force to mgr-create-bootstrap-repo to enforce generation even when some products are not synchronized

susemanager-doc-indexes:

  • Added warning about local repositories in the Clients Configuration Guide

  • Removed duplicate contact method entry in Client Configuration Guide

  • Enabled upgrade section for SLE clients on Uyuni in Clients Configuration Guide

  • Added a section for working with bootstrap repositories and End of Life products in Client Configuration Guide

  • Added Salt Minion file contact method to Client Configuration Guide

  • Added Redfish to power management protocols section

  • Clarify that port 22 is required for the SUSE Manager server in the installation guide (bsc#1177975)

  • Added procedure for adding virtualization guests to the Client Configuration Guide

  • New guide added: Quickstart SAP Guide

  • Add multilang support

susemanager-docs_en:

  • Added warning about local repositories in the Clients Configuration Guide

  • Removed duplicate contact method entry in Client Configuration Guide

  • Enabled upgrade section for SLE clients on Uyuni in Clients Configuration Guide

  • Added a section for working with bootstrap repositories and End of Life products in Client Configuration Guide

  • Added Salt Minion file contact method to Client Configuration Guide

  • Added Redfish to power management protocols section

  • Clarify that port 22 is required for the SUSE Manager server in the installation guide (bsc#1177975)

  • Added procedure for adding virtualization guests to the Client Configuration Guide

  • New guide added: Quickstart SAP Guide

  • Add multilang support

susemanager-frontend-libs:

  • Update Bootstrap to 3.1.0

susemanager-schema:

  • Add 'preferred_docs_locale' to UserInfo table

  • Add new column to rhnactiondup table for allowVendorChange flag

  • Move dist upgrade SQL file to the correct directory so it gets picked up in schema upgrades (bsc#1179759)

susemanager-sls:

  • Fix: sync before start action chains (bsc#1177336)

  • Temp: revert Sync state modules when starting action chain execution (bsc#1177336)

  • Handle group- and org-specific image pillars

  • Use require in reboot trigger (bsc#1177767)

  • Add pillar option to get allowVendorChange option during dist upgrade

  • Sync state modules when starting action chain execution (bsc#1177336)

susemanager-sync-data:

  • Add new channel families for CAASP on ARM64 and HPC15 SP2 LTSS

  • Remove duplicate repo definition

uyuni-cluster-provider-caasp:

  • Show the cluster upgrade plan in the UI

yomi-formula:

  • Update to version 0.0.1+git.1604593202.a2c22bf:

    • storage: hide mountpoint if no filesystem

    • software: migrate repos as certs

    • software: add verify parameter

    • _grains: efi grains are in Salt now

    • software: transfer current repository

    • software: add repository options

    • lvm: fix indentation

    • partitioned: fix parted call and tests

  • Update to version 0.0.1+git.1601999695.6141130:

    • README: add user provided config

  • Update to version 0.0.1+git.1598948600.9a9eab0:

    • Replace fdisk with parted in partitioned

Version 4.1.3

bind-formula:

  • Temporarily disable dnssec-validation as hotfix for bsc#1177790

grafana-formula:

  • Use variable for product name

  • Add HA/SAP dashboards

  • Add support for system groups in Client Systems dashboard

image-sync-formula:

  • Do not use .gz suffix for default initrd symlink

  • Keep the old symlink "initrd.gz" for compatibility

prometheus-formula:

  • Disable Alertmanager clustering (bsc#1178145)

  • Use variable for product name

prometheus-exporters-formula:

  • Fix empty directory values initialization

  • Add systemd collector as default for node_exporters since otherwise some SAP/HA grafana dashboards will be empty

  • Disable reverse proxy on default

pxe-formula:

  • Change default to "initrd" without .gz suffix

py26-compat-salt:

  • Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361) (CVE-2020-25592, CVE-2020-17490, CVE-2020-16846)

python-susemanager-retail:

  • Use name "initrd" without .gz suffix

salt-netapi-client:

saltboot-formula:

  • Allow setting terminal kernel parameters in saltboot formula

spacecmd:

  • Python3 fixes for errata in spacecmd (bsc#1169664)

  • Added support for i18n of user-facing strings

  • Python3 fix for sorted usage (bsc#1167907)

spacewalk-admin:

  • Show info message when applying schema upgrade

spacewalk-backend:

  • Prevent IntegrityError during mgr-inter-sync execution (bsc#1177235)

spacewalk-branding:

  • Enable to switch to multiple webUI theme

spacewalk-client-tools:

  • Remove RH references in Python/Ruby localization and use the product name instead

spacewalk-java:

  • Remove expiration date from ics files (bsc#1177892)

  • Execute Salt SSH actions in parallel (bsc#1173199)

  • Enable to switch to multiple webUI theme

  • Fix action chain resuming when patches updating salt-minion don’t cause service to be restarted (bsc#1144447)

  • Renaming autoinstall distro didn’t change the name of the Cobbler distro (bsc#1175876)

  • Fix the links for downloading the binaries in the package details UI (bsc#1176603)

  • Allow nightly ISS sync to also cover custom channels

  • Fix: reinspecting a container image (bsc#1177092)

  • Add power management xmlrpc api

  • Remove hostname from /var/lib/salt/.ssh/known_hosts when deleting system (bsc#1176159)

  • Log exception trace on fatal Taskomatic startup error

  • Fix max password length check at user creation (bsc#1176765)

  • Notify about missing libvirt or hypervisor on virtual host

  • Redesign maintenance schedule systems table to use paginated data from server

  • Fix SP migration after dry run for cloned channels (bsc#1176307)

  • Filter not available optional channels out

  • Use correct eauth module and credentials for Salt SSH calls (bsc#1178319)

spacewalk-search:

  • Change default maximum memory to 512 MB, preventing OutOfMemoryError

spacewalk-web:

  • Enable to switch to multiple webUI theme

  • Only refresh the virtual storage list when pool events are received

  • Drop node-fetch to fix CVE-2020-15168

  • Notify about missing libvirt or hypervisor on virtual host

  • Redesign maintenance schedule systems table to use paginated data from server

susemanager:

  • Create bootstrap repo should not flush by default (bsc#1175843)

  • Improve detection of base channels for products (bsc#1177478)

  • Add LTSS PIDs for SLE12SP1, SLE12SP2, SLE12SP3 and SLE12SP4 to the bootstrap definitions as some packages from LTSS are required (bsc#1177524)

  • Fix logrotate config

  • Add missing packages to ubuntu20.04 bootstrap data (bsc#1176629)

susemanager-build-keys:

  • Replace "SuSE" user-facing references with "SUSE"

susemanager-doc-indexes:

  • Documented zypper autorefresh feature in Upgrade Guide

  • Update SP Migration chapter in Client Configuration Guide

  • In Client Configuration and Upgrade Guide, add link to valid autoyast upgrade settings

  • Move client upgrade related sections from Reference and Upgrade Guide to Client Configuration Guide

  • Updated Requirements chapter in Installation Guide.

  • Edits OpenSCAP section in Admin Guide (bsc#1176413)

  • Updated Terminology section in Salt Guide

  • Added on-demand images content to Install Guide

  • New book Quick Start - SAP

  • Adds webUI locale choice to Ref & Admin Guides

  • Adds new System Types section to Client Cfg

  • Updates supported client matrix in Install Guide

  • Add note about log file to Upgrade Guide

  • Removes outdated content from Activation Keys section (bsc#1177396)

  • Adds note about PAM Auth during migration (bsc#1177730)

  • Fixed broken table in admin guide

susemanager-docs_en:

  • Documented zypper autorefresh feature in Upgrade Guide

  • Update SP Migration chapter in Client Configuration Guide

  • In Client Configuration and Upgrade Guide, add link to valid autoyast upgrade settings

  • Move client upgrade related sections from Reference and Upgrade Guide to Client Configuration Guide

  • Updated Requirements chapter in Installation Guide.

  • Edits OpenSCAP section in Admin Guide (bsc#1176413)

  • Updated Terminology section in Salt Guide

  • Added on-demand images content to Install Guide

  • New book Quick Start - SAP

  • Adds webUI locale choice to Ref & Admin Guides

  • Adds new System Types section to Client Cfg

  • Updates supported client matrix in Install Guide

  • Add note about log file to Upgrade Guide

  • Removes outdated content from Activation Keys section (bsc#1177396)

  • Adds note about PAM Auth during migration (bsc#1177730)

  • Fixed broken table in admin guide

susemanager-schema:

  • Execute Salt SSH actions in parallel (bsc#1173199)

  • Show info message when applying schema upgrade

  • Add web_theme user preferences column (bsc#1178204)

susemanager-sls:

  • Fix action chain resuming when patches updating salt-minion don’t cause service to be restarted (bsc#1144447)

  • Make grub2 autoinstall kernel path relative to the boot partition root (bsc#1175876)

  • Move channel token information from sources.list to auth.conf on Debian 10 and Ubuntu 18 and newer

  • Add support for activation keys on server configuration Salt modules

  • Ensure the yum/dnf plugins are enabled

  • Remove hostname from /var/lib/salt/.ssh/known_hosts when deleting system (bsc#1176159)

Version 4.1.2

golang-github-QubitProducts-exporter_exporter:

  • Pin Golang version to 1.14

golang-github-prometheus-node_exporter:

  • Update to 1.0.1

    • Changes to build specification + Modify spec: update golang version to 1.14 + Remove update tarball script + Add _service file to allow for updates via osc service disabledrun

    • Bug fixes + [BUGFIX] filesystem_freebsd: Fix label values #1728 + [BUGFIX] Update prometheus/procfs to fix log noise #1735 + [BUGFIX] Fix build tags for collectors #1745 + [BUGFIX] Handle no data from powersupplyclass #1747, #1749

  • Update to 1.0.0

    • Bug fixes + [BUGFIX] Read /proc/net files with a single read syscall #1380 + [BUGFIX] Renamed label state to name on node_systemd_service_restart_total. #1393 + [BUGFIX] Fix netdev nil reference on Darwin #1414 + [BUGFIX] Strip path.rootfs from mountpoint labels #1421 + [BUGFIX] Fix seconds reported by schedstat #1426 + [BUGFIX] Fix empty string in path.rootfs #1464 + [BUGFIX] Fix typo in cpufreq metric names #1510 + [BUGFIX] Read /proc/stat in one syscall #1538 + [BUGFIX] Fix OpenBSD cache memory information #1542 + [BUGFIX] Refactor textfile collector to avoid looping defer #1549 + [BUGFIX] Fix network speed math #1580 + [BUGFIX] collector/systemd: use regexp to extract systemd version #1647 + [BUGFIX] Fix initialization in perf collector when using multiple CPUs #1665 + [BUGFIX] Fix accidentally empty lines in meminfo_linux #1671

    • Several enhancements + See https://github.com/prometheus/node_exporter/releases/tag/v1.0.0

  • Update to 1.0.0-rc.0

    • The netdev collector CLI argument --collector.netdev.ignored-devices was renamed to --collector.netdev.device-blacklist in order to conform with the systemd collector. #1279

    • The label named state on node_systemd_service_restart_total metrics was changed to name to better describe the metric. #1393

    • Refactoring of the mdadm collector changes several metrics node_md_disks_active is removed node_md_disks now has a state label for "fail", "spare", "active" disks. node_md_is_active is replaced by node_md_state with a state set of "active", "inactive", "recovering", "resync".

    • Additional label mountaddr added to NFS device metrics to distinguish mounts from the same URL, but different IP addresses. #1417

    • Metrics node_cpu_scaling_frequency_min_hrts and node_cpu_scaling_frequency_max_hrts of the cpufreq collector were renamed to node_cpu_scaling_frequency_min_hertz and node_cpu_scaling_frequency_max_hertz. #1510

    • Collectors that are enabled, but are unable to find data to collect, now return 0 for node_scrape_collector_success.

  • Add missing sysconfig file in rpm bsc#1151557

hibernate5:

hub-xmlrpc-api:

  • One configuration flag was renamed for clarity

  • Added USE_SSL flag to https insted of plain http

  • Updated docs

  • Bugfixes

  • Changed configuration to plain variables

  • Bugfixes

patterns-suse-manager:

  • Change PostgreSQL requirements to require at least PostgreSQL 12

prometheus-exporters-formula:

salt-netapi-client:

  • Fix text resource usage

spacecmd:

  • Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889)

spacewalk-backend:

  • Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME, etc)

  • Only regenerate bootstrap repositories when linking new packages (bsc#1174636)

  • Support installer_updates flag in ISS

  • Remove duplicate languages and update translation strings

spacewalk-branding:

  • Re-enable language picker for user creation

spacewalk-certs-tools:

  • Add option --nostricthostkeychecking to spacewalk-ssh-push-init

  • Fix the fallback to RES bootstrap repo for Centos (bsc#1174423)

spacewalk-client-tools:

  • Remove duplicated languages and update translation strings

spacewalk-java:

  • Force disable SPA for non-navigation links (bsc#1175512)

  • Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME, etc)

  • Pass the log level parameter to matcher

  • Add language picker to user preferences and user creation

  • Detect client organization from connected proxy (bsc#1175545)

  • Fix EntityExistsException on migration from traditional to Salt minion via proxy (bsc#1175556)

  • Fix: use quiet API method when using spacewalk-common-channels (bsc#1175529)

  • Add java.allow_adding_patches_via_api to allow adding errata to vendor channels

  • Fix alignment on icon on entitlement page

  • Support installer update channels during autoinstallation

  • Filter machines not in maintenance mode for remote commands

  • Reset the server path on minion registration (bsc#1174254)

  • Data null means the sync never ran yet (bsc#1174357)

spacewalk-utils:

  • Avoid exceptions on the logs when looking for channels that do not exist (bsc#1175529)

spacewalk-web:

  • Fix the jQuery selector in SP Migration page (bsc#1176500)

  • Fix JavaScript error caused by SPA navigation event with empty event field (bsc#1176503)

  • Force disable SPA for non-navigation links (bsc#1175512)

  • Add translation support for react t() function

  • Fix striping on react tables

  • Update translation strings

subscription-matcher:

  • Allow matching any guest products for Unlimited Virtualization subscriptions (bsc#1165287)

  • Only report confirmed matches in the output.json

  • Expose the log level setting to the command line

  • In the subscriptions CSV output, print the active subscriptions first

susemanager:

  • Fix strings (mentions of Satellite, replace SUSE Manager with PRODUCT_NAME, etc)

  • Support installer update channels during autoinstallation

  • Add missing packages to SLE12 >= SP1 bootstrap data to fix JeOS bootstrap problems (bsc#1176913)

susemanager-build-keys: - Trust PackageHub key (bsc#1175103)

susemanager-doc-indexes:

  • Remove old certs before renaming in Administration Guide (bsc#1171836)

  • Reference example scripts for SP Mass Migration in Upgrade Guide

  • Move PoS Terminal Requirements to the Requirements sections in the Retail Guide

  • Updated SP Mass Migration section in Upgrade Guide for clarity

  • Documented Proxy Y Upgrade (SP Migration) in Upgrade Guide

  • In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning.

  • Align SUSE Manager and Uyuni Proxy installation in the Installation Guide

  • New section Upgrade Uyuni Proxy in Upgrade Guide

  • New section Upgrade Uyuni Server in Upgrade Guide

  • Add GPG information about Oracle clients to SUMA (bsc#1173520)

  • Add hostname admonition to public cloud sections (bsc#1173621)

  • Add error wording to Taskomatic troubleshooting (bsc#1172263)

  • Add required URLs to Installation Guide

  • Replaces removed instructions for adding channels on older Ubuntu clients using the CLI in SUMA (bsc#1174025)

  • Added more concepts to Client Cfg

  • Documented maintenance windows feature in Admin Guide

  • Some reorganization of Client Cfg & Admin Guides

  • Updates storage device requirements in Install Guide

  • Adds new section for SUMA formulas in the Salt Guide

  • Updates storage device requirements in Install Guide

  • Added reverse proxy information to Monitoring in Admin Guide

  • Add note about accessibility to index

  • Add note about CentOS upstream repository (bsc#1173603)

  • Add firewall troubleshooting to Admin Guide

  • Fix Azure command in Install Guide (thanks Rahul-CTS)

  • Fix broken links in Auto-Install Proxy in Client Cfg (thanks shirocco88)

  • Adds Ubuntu 20.04 supported features for Uyuni in Client Cfg

  • Adds Uyuni Config Modules to the Salt Guide as tech preview

  • Fix contrast problem for visited links (bsc#1176862)

susemanager-docs_en:

  • Remove old certs before renaming in Administration Guide (bsc#1171836)

  • Reference example scripts for SP Mass Migration in Upgrade Guide

  • Move PoS Terminal Requirements to the Requirements sections in the Retail Guide

  • Updated SP Mass Migration section in Upgrade Guide for clarity

  • Documented Proxy Y Upgrade (SP Migration) in Upgrade Guide

  • In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning.

  • Align SUSE Manager and Uyuni Proxy installation in the Installation Guide

  • New section Upgrade Uyuni Proxy in Upgrade Guide

  • New section Upgrade Uyuni Server in Upgrade Guide

  • Add GPG information about Oracle clients to SUMA (bsc#1173520)

  • Add hostname admonition to public cloud sections (bsc#1173621)

  • Add error wording to Taskomatic troubleshooting (bsc#1172263)

  • Add required URLs to Installation Guide

  • Replaces removed instructions for adding channels on older Ubuntu clients using the CLI in SUMA (bsc#1174025)

  • Added more concepts to Client Cfg

  • Documented maintenance windows feature in Admin Guide

  • Some reorganization of Client Cfg & Admin Guides

  • Updates storage device requirements in Install Guide

  • Adds new section for SUMA formulas in the Salt Guide

  • Updates storage device requirements in Install Guide

  • Added reverse proxy information to Monitoring in Admin Guide

  • Add note about accessibility to index

  • Add note about CentOS upstream repository (bsc#1173603)

  • Add firewall troubleshooting to Admin Guide

  • Fix Azure command in Install Guide (thanks Rahul-CTS)

  • Fix broken links in Auto-Install Proxy in Client Cfg (thanks shirocco88)

  • Adds Ubuntu 20.04 supported features for Uyuni in Client Cfg

  • Adds Uyuni Config Modules to the Salt Guide as tech preview

  • Fix contrast problem for visited links (bsc#1176862)

susemanager-schema:

  • Support installer update channels during autoinstallation

  • Prevent a deadlock error involving delete_server and update_needed_cache (bsc#1173073)

susemanager-sls:

  • Add uyuni-config-modules subpackage with Salt modules to configure Servers

  • Fix reporting of missing products in product.all_installed (bsc#1165829)

Version 4.1.1

cobbler:

image-sync-formula:

  • Allow image-sync state on regular minion. Image sync state requires branch-network pillars to get the directory where to sync images. Use default /srv/saltboot if that pillar is missing so image-sync can be applied on non branch minions as well.

mgr-libmod:

  • Remove unnecessary array wrap in 'list_modules' response object

mgr-osad:

  • Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#1174405)

openvpn-formula:

  • Add hint that ssl certs must be on system (bsc#1172279)

patterns-suse-manager:

  • Add Recommends for golang-github-QubitProducts-exporter_exporter

prometheus-exporters-formula:

  • Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)

  • Add support for exporters proxy (exporter_exporter)

pxe-default-image-sle15:

  • Rollback the workaround for bsc#1172807, as dracut is now fixed

saltboot-formula:

spacecmd:

spacewalk-backend:

  • Take care of SCC auth tokens on DEB repos GPG checks (bsc#1175485)

  • Use spacewalk keyring for GPG checks on DEB repos (bsc#1175485)

  • Adds basic functionality for gpg check

  • Verify GPG signature of Ubuntu/Debian repository metadata (Release file)

spacewalk-branding:

  • Implement Maintenance Windows

  • Fix typo on spacewalk-branding license

spacewalk-certs-tools:

spacewalk-java:

  • use media.1/products from media when not specified different (bsc#1175558)

  • Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)

  • Fix error when rolling back a system to a snapshot (bsc#1173997)

  • Implement maintenance windows backend

  • Add check for maintainence window during executing recurring actions

  • Implement maintenance windows in struts

  • XMLRPC: Assign/retract maintenance schedule to/from systems

  • Fix softwarechannel update for vendor channels (bsc#1172709)

  • Avoid deadlock when syncing channels and registering minions at the same time (bsc#1173566)

  • Change system list header text to something better (bsc#1173982)

  • Set CPU and memory info for virtual instances (bsc#1170244)

  • Add virtual network Start, Stop and Delete actions

  • Add virtual network list page

  • Fix httpcomponents and gson jar symlinks (bsc#1174229)

  • Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)

  • Provide comps.xml and modules.yaml when using onlinerepo for kickstart

  • Refresh virtualization pages only on events

  • Fix up2date detection on RH8 when salt-minion is used for registration

  • Improve performance of the System Groups page with many clients (bsc#1172839)

  • Include number of non-patch package updates to non-critical update counts in system group pages (bsc#1170468)

  • Bump XMLRPC API version number to distinguish from Spacewalk 2.10

  • Cluster UI: return to overview page after scheduling actions

  • Fix NPE on auto installation when no kernel options are given (bsc#1173932)

  • Fix issue with disabling self_update for autoyast autoupgrade (bsc#1170654)

  • Adapt expectations for jobs return events after switching Salt states to use 'mgrcompat.module_run' state.

spacewalk-utils:

  • Add aarch64 for openSUSE Leap 15.1 and 15.2

spacewalk-web:

  • Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)

  • Fix JS linting errors/warnings

  • Enable Nutanix AHV virtual host gatherer.

  • Web UI: Implement managing maintenance schedules and calendars

  • Warn when a system is in multiple groups that configure the same formula in the system formula’s UI (bsc#1173554)

  • Add virtual network start, stop and delete actions

  • Add virtual network list page

  • Fix internal server error when creating module filters in CLM (bsc#1174325)

  • Fix VM creation page when there is no volume in the default storage pool

  • Refresh virtualization pages only on events

  • Product list in the Wizard doesn’t show SLE products first (bsc#1173522)

  • Cluster UI: return to overview page after scheduling actions

  • Changes in the logic to update the tick icon.

  • For the postgres localhost:5432 case, use the

  • Fix internal server errors by returning 0 instead of dying

  • Add missing dependency to spacewalk-base-minimal (bsc#678126)

  • Change kickstart to autoinstallation in navigation on pxt pages

  • Debranding

suseRegisterInfo:

  • Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)

susemanager:

  • Migrate all occurrences of kickstart to autoinstall in cobbler database (bsc#1169780)

  • Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)

  • Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is required to get python3-M2crypto (bsc#1174167)

susemanager-doc-indexes:

  • Ubuntu clients using the CLI in SUMA (bsc#1174025)

  • Left navigation structure cleaned up

  • Fixed several broken xrefs

  • Added hostname admonition for public cloud sections

  • Clarified Branch Proxy configuration instructions

  • Fixed index page pdf links, urls were 1 step to deep

  • SUSECOM 2020 branding update

  • PDF 2020 branding update

  • WEBUI 2020 branding update

  • Added maintenance window documentation

  • Added SLE client chapter

  • Added 508 compliance

  • Added reverse proxy information to Monitoring in Admin Guide

  • Add note about accessibility to index

  • In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning.

  • Added docs for nutanix VHM

susemanager-docs_en:

  • Ubuntu clients using the CLI in SUMA (bsc#1174025)

  • Left navigation structure cleaned up

  • Fixed several broken xrefs

  • Added hostname admonition for public cloud sections

  • Clarified Branch Proxy configuration instructions

  • Fixed index page pdf links, urls were 1 step to deep

  • SUSECOM 2020 branding update

  • PDF 2020 branding update

  • WEBUI 2020 branding update

  • Added maintenance window documentation

  • Added SLE client chapter

  • Added 508 compliance

  • Added reverse proxy information to Monitoring in Admin Guide

  • Add note about accessibility to index

  • In the Upgrade Guide, use Major, Minor, and Patch Level terminology for versioning.

  • Added docs for nutanix VHM

susemanager-frontend-libs:

  • Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)

susemanager-schema:

  • Add new states and types for virtual instances in order to support Nutanix AHV.

  • Implement Maintenance Windows

  • Add virtual network state change action

  • Internal fixes to avoid problems with the idempotency tests

susemanager-sls:

  • Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)

  • Fix: supply a dnf base when dealing w/repos (bsc#1172504)

  • Fix: autorefresh in repos is zypper-only

  • Add virtual network state change state to handle start, stop and delete

  • Add virtual network state change state to handle start and stop

  • Fetch oracle-release when looking for RedHat Product Info (bsc#1173584)

  • Force a refresh after deleting a virtual storage volume

  • Prevent stuck Hardware Refresh actions on Salt 2016.11.10 based SSH minions (bsc#1173169)

  • Require PyYAML version >= 5.1

  • Log out of Docker registries after image build (bsc#1165572)

  • Prevent "module.run" deprecation warnings by using custom mgrcompat module

susemanager-sync-data:

  • Remove version from centos and oracle linux identifier (bsc#1173584)

uyuni-common-libs:

  • Fix issues importing RPM packages with long RPM headers (bsc#1174965)

virtual-host-gatherer:

  • Add new gatherer module for Nutanix AHV.

virtualization-host-formula:

  • Ensure kernel-default and libvirt-python3 are installed

  • Set bridge network as default

  • Fix conditionals (bsc#1175791)

yomi-formula:

  • Update to version 0.0.1+git.1595952633.b300be2:

    • pillar: install always kernel-default

    • chroot: python3-base is now a capability

    • Move systemctl calls inside chroot

    • Network: initial work for network declaration

    • MicroOS: Remove tmp subvolume

    • Update format following the new standard

    • Fix __mount_device wrapper

Major changes since SUSE Manager Server 4.0

New SUSE branding

The SUSE Manager 4.1 WebUI and documentation have been refreshed with the new SUSE branding guidelines, as published in the SUSE Brand website and SUSE EOS Design System.

The new theme is lighter and gives a bit more of free space between elements for better readability.

New products enabled

  • SUSE Linux Enterprise Real Time 12 SP5

  • SUSE Linux Enterprise 15 SP2 family (including LTSS)

  • SUSE Linux Enterprise 15 SP3 family (beta)

  • SUSE Container as a Service Platform 4.5

  • SUSE Enterprise Storage 7

  • openSUSE Leap 15.2

  • MicroFocus Open Enterprise Server 2018 SP2

  • CentOS 6, 7, and 8

  • Oracle Linux 6, 7 and 8

  • Ubuntu 20.04 LTS *

CentOS

Starting with SUSE Manager 4.1, CentOS is supported as a client and shows in the product tree in the WebUI.

If you were using CentOS via spacewalk-common-channels, you will need to delete your existing channels, synchronize the channel information from SCC, and reassign the channels to the clients.

Oracle Linux

Starting with SUSE Manager 4.1, Oracle Linux is supported as a client and shows in the product tree in the WebUI.

Ubuntu 20.04 LTS

The Ubuntu 20.04 LTS product is now managed as a vendor channel and repository URLs (but not packages or metadata) come from SCC directly, so there is no need to use spacewalk-common-channels or manually add the repository URLs.

Ubuntu 18.04 LTS and 16.04 LTS still require manually adding the repository URLs via the WebUI or spacewalk-common-channels.

Cluster Management

As you modernize your IT landscape and make use of Software Defined Infrastructure stacks based on technologies like Kubernetes and Ceph, your focus of managing the IT infrastructure has to move from managing individual Linux servers and VMs to managing infrastructure clusters. Multiple cluster types will be supported in coming releases, with SUSE Manager 4.1 initially providing support for SUSE CaaSP.

Computing is increasingly being a more complex architecture: redundant servers, scale out, high-availability, etc where you deploy different kinds of clusters, such as SUSE CaaS Platform, SUSE Enterprise Storage or SAP. Managing those as a whole piece of infrastructure instead of as discrete nodes puts you in charge.

SUSE Manager 4.1 implements cluster management of SUSE CaaS Platform 4.x clusters. SUSE Manager works hand-in-hand with CaaS Platform to make sure that all cluster operations are issued properly.

The following actions are currently supported:

  • Register an existing cluster to SUSE Manager

  • Add or remove nodes to the cluster

  • Promote SLES system to managing node

  • Upgrade the cluster

Deployment of CaaS Platform clusters from scratch will be supported in an upcoming version of SUSE Manager.

Recurring highstate scheduling

You can schedule automated recurring highstate actions for Salt clients.

Recurring highstate actions apply the highstate to clients on a specified schedule. You can apply recurring action to individual clients, to all clients in a system group, or to an entire organization. The Recurring Actions section in the Administration Guide contains all the details for this feature.

More improvements in regards to automation will be coming in subsequent releases of SUSE Manager, including maintenance windows and patch automation.

Monitoring enhancements

Federation

The new version of the Prometheus formula allows configuring federation and pulling relevant metrics from Prometheus instances to provide a global monitoring view. This configuration is useful for a number of cases, such as:

  • Remote sites, each one with its own Prometheus server

  • Collecting monitoring data from multiple applications, each one of them providing its own Prometheus server (e. g. multiple SUSE products: SUSE Manager, CaaSP, SES, HA)

The combined data can then be visualized using Grafana.

Note that suitable recording rules have to be configured on the Prometheus instances (for example at CaaSP Prometheus instances). For more information about Prometheus federation, check the official documentation.

Pre-configured default alerting rules

A default set of alerting rules have been added to monitor the Prometheus instances themselves (meta-monitoring) and the availability of configured targets. These rules can be changed in the WebUI.

CaaSP dashboards

Specific Grafana dashboards for SUSE Container as a Service Platform have been integrated and can be deployed via the WebUI.

Updated Grafana and Prometheus

Grafana has been updated to version 7.0.3 and Prometheus to version 2.18.

Updated Node Exporter

The Prometheus Node Exporter has been updated to version 0.18.1.

All the changes can be found in the changelog for the package, or upstream (changelog for 0.18.0 and 0.18.1).

The new version includes some breaking changes:

  • Renamed interface label to device in netclass collector for consistency with other network metrics

  • The cpufreq metrics now separate the cpufreq and scaling data based on what the driver provides

  • The labels for the network_up metric have changed

  • Bonding collector now uses mii_status instead of operstatus

  • Several systemd metrics have been turned off by default to improve performance. These include unit_tasks_current, unit_tasks_max, service_restart_total, and unit_start_time_seconds

  • The systemd collector blacklist now includes automount, device, mount, and slice units by default

Virtual storage pool support

Virtual machine disks are stored in storage pools. Previously, SUSE Manager could only list storage pools.

With SUSE Manager 4.1, it is now possible to create, edit, start, stop, refresh, and delete storage pools. This is available from the WebUI, or through Salt states.

Performance improvements

Reposync

Repository syncing has been optimized to perform in less time with respect to past versions. The performance improvement could be up to 6 times faster, depending on the hardware setup (specifically CPUs and network bandwidth) and number of packages.

Content Lifecycle Magement

Content Lifecycle Management has been optimized, with basic operations (build, promotion) up to two orders of magnitude faster and a quicker UI loading in installations with many channels and organizations.

Prometheus Service Discovery

Thanks to a number of enhancements and optimizations, Prometheus Service Discovery is now 10 times faster, on average, than it was in SUSE Manager 4.0.

Usability

Automatic generation of bootstrap repositories

A bootstrap repository contains packages for installing Salt on clients, as well as the required packages for registering Salt or traditional clients during bootstrapping.

In SUSE Manager 4.0 and earlier, bootstrap repository creation was a manual step, using the mgr-create-bootstrap-repo tool.

In SUSE Manager 4.1, bootstrap repositories are automatically created and regenerated on the SUSE Manager Server after a product is synchronized (and all mandatory channels have been fully mirrored).

More details, including how to revert to manual invocation, are available from the Client Configuration Guide.

Automatic database schema migrations and fail-over mechanism

Database schema upgrades are now applied automatically during services startup, so there is no need to call spacewalk-schema-upgrade manually. To prevent SUSE Manager services from starting if the schema upgrade has not successfully completed, a fail-over security mechanism has been implemented.

In case the database migration has not finished, or if it finishes with an error:

  • The spacewalk-service start command fails, and information is provided about the error.

  • No services will start, including the Apache service. This means the WebUI will also be unavailable.

Third-party GPG keys now included

Enabling verification of non-SUSE product metadata used to require manual acceptance, and sometimes even manual installation, of the third-party keys for products available from the product tree. Alternatively, an option to not verify the GPG key signature was there.

In addition to SUSE’s, SUSE Manager 4.1 now includes the GPG keys used to sign packages and/or metadata by other vendors whose products are available in the product tree in the WebUI:

  • openSUSE

  • CentOS

  • Oracle Linux

  • Ubuntu

  • MicroFocus Open Enterprise Server

Manual acceptance of those keys is no longer required for GPG signature verification for those products to work.

Manual acceptance of GPG keys for any other product or repository is still required for security reasons.

Onboarding of clients with SSH keys

In SUSE Manager 4.0, password authentication was the only authentication type available to bootstrap clients from the Server.

SUSE Manager 4.1 introduces a new SSH private key authentication method, including use of a passphrase on the private key. This is specially useful on the public cloud, where images prefer to authenticate with SSH instead of user and password.

To protect your security, the private key is only stored on the SUSE Manager Server during the bootstrap procedure and removed immediately after bootstrapping is complete, therefore the private key must be provided for each bootstrap.

From the API, the new method bootstrapWithPrivateSshKey in the namespace system is documented in the API Documentation.

You can use this example by adjusting the client, keyfile, passphrase, MANAGER_URL, MANAGER_LOGIN and MANAGER_PASSWORD according to your environment:

#!/usr/bin/python
import xmlrpclib

client = '192.168.1.2'
keyfile = '/path/to/priv/key'
passphrase = '' # empty string = no passphrase

conn = xmlrpclib.Server(MANAGER_URL, verbose=0)
key = conn.auth.login(MANAGER_LOGIN, MANAGER_PASSWORD)

with open(keyfile, 'r') as file:
  data = file.read()
  conn.system.bootstrapWithPrivateSshKey(key, server, 22, 'root', data, passphrase, '', False);
conn.auth.logout(key)

Service Pack migration: remember settings

A common source of errors in Service Pack Migrations is the human factor: a complex migration is carefully crafted, dry-run to a success, only to mysteriously fail in production. More often than not, the reason for this is when re-creating the migration for production, some step was forgotten.

In SUSE Manager 4.1, the Service Pack Migration feature has gained memory: you can now re-run successful dry-runs. This is especially useful when you have configured a complex migration, tested it successfully, and would like to make sure it runs in production with exactly the same settings it was designed to run with. To do this, go to the System Event History of the Dry-run action. There is a button "Run migration" which lets you execute the Service Package Migration.

Subscription warning

SUSE Manager requires an active subscription to connect to the SUSE Customer Center and download content and data.

We have now added a check in the Products page that will show a warning when the subscription is not available for one of these reasons:

  • Subscription was not added

  • Subscription was disabled

  • Subscription expired

Proxy visibility in Systems Overview

SUSE Manager Proxy nodes are now included in the Systems Overview page, with system type "Proxy".

Improved sync status visibility

In the product page, a new sync status icon has been added to convey the right information.

When a channel contains root and child products, separate feedback is provided for each product, to make sure a synchornization failure in either the root product, or a child product, will be immediately noticed.

Single Page Application UI (SPA)

In an effort to provide our WebUI users with a smoother navigation, we have implemented large parts of the user interface as a single page application.

This enhancement was started in SUSE Manager 4.0 as an opt-in feature and now becomes the default in SUSE Manager 4.1.

RHEL 8 enhancements

Content Lifecycle Management filters for AppStreams

RHEL, SLES ES, CentOS, and Oracle Linux 8 appstreams can now be mixed and converted to flat repositories using a new type of CLM filter.

In order to make this feature easier to use, in SUSE Manager 4.1:

  • SUSE Manager will show an error and prevent the user from proceeding when there are module conflicts, a module is unavailable or modular filters are in use but no modular sources have been added (and viceversa)

  • Module names can be picked via a UI widget instead of typing this manually, thus avoiding errors

Prometheus exporters

Exporters for RHEL, SLES ES, CentOS, and Oracle Linux 8 are now available:

  • Node exporter: hardware and operating system metrics

  • Apache exporter: Apache HTTP server metrics

  • PostgreSQL exporter: PostgreSQL database metrics

SUSE Manager for Retail

SLEPOS 15 SP2 clients

Pre-defined templates for SLEPOS 15 SP2 are now provided. SLEPOS 15 SP2 is supported for 7.5 years since the release date.

Small stores

Where a dedicated SUSE Manager Server or SUSE Manager Retail Branch Server is not feasible, it is now possible to use a Retail Branch Server running in a remote datacenter or public cloud.

EFI HTTP booting

The DHCP, branch network, and PXE formulas have been updated to support booting EFI terminals (systems) using HTTP in addition to TFTP.

Custom headers for reposync

Reposync can now send additional custom HTTP headers configured in the /etc/rhn/spacewalk-repo-sync/extra_headers.conf file.

This new feature serves a number of special use cases, such as feeding special data to network proxies, bypassing MFA or informing traffic inspection devices your data is secure to avoid wasting resources inspecting e. g. large RPMs or containers.

Details are available in the Reference Guide.

New documentation

Two new books have been added to the SUSE Manager 4.1 documentation:

  • Large Deployments Guide. Everything related to architecture and configuration for large (thousands of clients) deployments is contained in this guide. It contains all the documentation for the SUSE Manager Hub component. Some parts of the Salt guide that dealt with parameter tuning for large deployments have now been moved here too.

  • Public Cloud QuickStart Guide. This new guide shows you the fastest way to get SUSE Manager up and running in a public cloud. It includes instructions for Amazon Web Services, Microsoft Azure, and Google Cloud Engine.

Also:

OpenVPN formula

As part of SUSE’s Home Office Workplace initiative in response to the crisis caused by the COVID-19, the SUSE Manager team has created a formula with forms to provision an OpenVPN Server node and manage client certificates from SUSE Manager.

For more details, see the SUSE Home Office Workplace blog, documentation and webinar.

spacewalk-utils

In SUSE Manager 4.0 and earlier, the spacewalk-utils package contained a mix of L3 and L1 supported tools.

In SUSE Manager 4.1, we have split spacewalk-utils in two packages, with clear support levels for each:

  • spacewalk-utils contains only fully-supported (i. e. L3) tools:

    • spacewalk-common-channels: add channels not provided by SCC

    • spacewalk-hostname-rename: change SUSE Manager Server hostname

    • spacewalk-clone-by-date: clone channels by a specific date

    • spacewalk-sync-setup: set up ISS master/slave organization mappings

    • spacewalk-manage-channel-lifecycle: manage channels lifecycle

  • spacewalk-utils-extras contains the tools for which SUSE only provides limited (i. e. L1) support:

    • apply_errata: apply errata to systems

    • delete-old-systems-interactive: remove idle systems

    • migrate-system-profile: migrate systems between organizations

    • spacewalk-api: alternative to spacecmd api

    • spacewalk-export: export Spacewalk 2.x and Red Hat Satellite 5 data

    • spacewalk-export-channels: export Spacewalk 2.x and Red Hat Satellite 5 channels

    • spacewalk-final-archive: archive information from a running Spacewalk 2.x and Red Hat Satellite 5 server prior to a final shutdown

    • spacewalk-manage-snapshots: report on and purge snapshot entries by age

    • sw-ldap-user-sync: creates new SUSE Manager accounts for users in a specific LDAP group and removes SUSE Manager accounts after deleting users from a specific LDAP group

    • sw-system-snapshot: list or delete system snapshots from the management server

    • taskotop: displays a summary of Taskomatic activities in progress

Tools in spacewalk-utils-extras are valuable but they are so specific, or require additional customization for each customer, that it is not possible for SUSE to fully support them. If you were using these scripts in spacewalk-utils in SUSE Manager 4.0 or earlier, you will need to install spacewalk-utils-extras in SUSE Manager 4.1.

L1 support is limited to problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering and basic troubleshooting using available documentation. Should you need more advanced help or customization with a tool from spacewalk-utils-extras, please contact SUSE Consulting.

Single Sign-On (SSO)

SUSE Manager supports Single Sign-On authentication to the WebUI by implementing the Security Assertion Markup Language (SAML) 2 protocol. This feature, introduced in 4.0 as a Technology Preview, is now declared stable and fully supported.

SUSE Manager must be reconfigured to use the IdP as the source of authentication and post-login mapped users must be already created before enabling SSO.

Technology previews

SUSE Manager Hub XML-RPC API

The SUSE Manager Hub is a new multi-server architecture we are introducing as a technology preview in SUSE Manager 4.1.

Multiple SUSE Manager Servers can be managed from a single Hub node. The Hub is a Salt master itself and the managed SUSE Manager Server servers are both a minion (to the hub) and a master (to their own minions).

SUSE Manager Hub Architecture

The Hub covers a number of use cases, such as:

  • Scalability: when a single SUSE Manager Server will no longer be enough

  • Intermittently connected and bandwidth-limited sites, which can now be managed with their own schedule thanks to the Hub

  • Multi-tenancy with individual SUSE Manager Servers. While SUSE Manager is multi-organization itself, in some scenarios, an even stronger separation is required. The Hub provides a way to manage and aggregate back information for all those SUSE Manager Server servers.

The Hub comprises a number of components that we will be releasing and enhancing during the SUSE Manager 4.1 lifecycle. The first component of the Hub we are now introducing as a Technology Preview is the Hub XML-RPC API, which provides an extended version of the SUSE Manager Server XML-RPC API, targeted for the multi-server case.

Everything related to the Hub is documented in the new Large Deployments Guide.

  • The Hub XML-RPC API reached maturity in SUSE Manager 4.1.2, so it is no longer a technology preview.

Yomi

Yomi (yet one more installer) is a Salt-based installer for SUSE and openSUSE operating systems.

In SUSE Manager 4.1, Yomi can be used as part of provisioning new clients, as an alternative to AutoYaST. Yomi consists of two components:

  • The Yomi formula, which contains the Salt states and modules required to perform the installation.

  • The operating system image, which includes the pre-configured salt-minion service.

Detailed information on how to use Yomi is available from the Salt Guide.

Yomi is work in progress and more operating systems and features will be added in coming releases.

Salt 3000

Salt has been upgraded to upstream version 3000, plus a number of patches, backports and enhancements by SUSE, for the SUSE Manager Server, Proxy and Client Tools. In particular, CVE-2020-11651 and CVE-2020-11652 fixes are included in our release.

As part of this upgrade, cryptography is now managed by the Python-M2Crypto library (which is itself based on the well-known OpenSSL library).

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the Salt 3000 upstream release notes.

Please note Salt 3000 is the last version of Salt which will support the old syntax of the module.run module.

PostgreSQL 12

The database engine has been updated from PostgreSQL 10 to PostgreSQL 12, which brings a number of performance and reliability improvements. A detailed changelog is available upstream.

To prevent inconsistent configurations and data on upgrade or update, SUSE Manager 4.1 will refuse to start until the database migration from PostgreSQL 10 to PostgreSQL 12 has completed successfully.

Base system upgrade

The base system was upgraded to SUSE Linux Enterprise 15 SP2.

Dropped features

Unpublished patches

The Unpublished Patches feature has been dropped in SUSE Manager 4.1.0.

This was a very old feature which originated more than 15 years ago when Spacewalk was used internally by vendors to manage patches before making them available to their customers. This functionality has been superseded a long (more than 10 years) time ago by other features in Uyuni for sysadmins, and by tools such as the Open Build Service for operating system vendors.

After a consultation period with users both in the upstream Uyuni community and the SUSE Manager community, we received no feedback against the removal and executed on it.

This will help us realize even further performance improvements in several areas, including the commonly-used Content Lifecycle Management build and promotion operations.

If you still have any unpublished patches, make sure you publish them with SUSE Manager 4.0 before migrating to SUSE Manager 4.1.

API breakage

With the removal of the unpublished patches feature, some APIs have changed and are therefore incompatible with SUSE Manager 4.0 and earlier:

  • Method errata.listUnpublishedErrata was removed

  • Method errata.create has one less parameter (the publish boolean, now always true) and it is now mandatory to specify at least one channel label in the last parameter (channelLabels). Previously specifying at least one channel label was mandatory only if publish was set to true.

Unsupported products

  • Red Hat Enterprise Linux 6

  • SUSE Linux Enterprise Server Expanded Support 6

  • Oracle Linux 6

  • CentOS 6

  • CentOS 8

  • Ubuntu 16.04

  • SUSE Linux Enterprise Server 11

We highly encourage you to migrate your workload to a newer version of each distribution, or to an alternative distribution that is still supported, so you can continue managing your infrastructure with SUSE Manager.

Please note that we will not break things on purpose for these unsupported products, and there is a possibility that they could still continue to work. But if things break, there will not be any support provided, not even on a best-effort basis.

Deprecated products

  • Debian 9 (after EOL 2022-06-30)

The support policy of SUSE Manager clients can be summarized as: "if the operating system is under general support by its vendor, then SUSE Manager supports it as a client".

After the EOL of a product, for a grace period of 3 months, a product will be considered as deprecated before moving to unsupported.

For deprecated products, support will only be provided on a best-effort basis.

Upgrade

Upgrading with SUSE Manager Proxy

SUSE Manager Server 4.1 works with SUSE Manager Proxy 4.0 and SUSE Manager Retail Branch Server 4.0. When upgrading, upgrade the SUSE Manager Server first, followed by the SUSE Manager Proxy and Retail Branch Servers.

For instructions on upgrading when SUSE Manager Proxy or SUSE Manager Retail Branch Servers are in use, see the Upgrade Guide on https://documentation.suse.com/suma/4.1/.

Upgrading with inter-server synchronization

When upgrading, upgrade the ISS master first, followed by the ISS slaves.

Support

Supportconfig confidentiality disclaimer

When handling Service Requests, supporters and engineers may ask for the output of the supportconfig tool from SUSE Manager Server or clients.

This disclaimer applies:

Detailed system information and logs are collected and organized in a
manner that helps reduce service request resolution times.
Private system information can be disclosed when using this tool.

If this is a concern, please prune private data from the log files.

Several startup options are available to exclude more sensitive
information. Supportconfig data is used only for diagnostic purposes
and is considered confidential information.

When you run supportconfig on the SUSE Manager Server, the output will contain information about your clients as well as about the Server. In particular, debug data for the subscription matching feature contains a list of registered clients, their installed products, and some minimal hardware information (such as the CPU socket count). It also contains a copy of the subscription data available from the SUSE Customer Center.

If this is a concern, please prune data in the subscription-matcher directory in the spacewalk-debug tarball before sending it to SUSE.

Future deprecation of the traditional stack

This version of SUSE Manager is compatible with Salt and traditional clients. SUSE will deprecate traditional clients and traditional proxies in the next SUSE Manager 4.3 release. The release that follows SUSE Manager 4.3 will not support traditional clients and traditional proxies, and is planned for 2023. We encourage all new deployments to use Salt clients and Salt proxies exclusively, and to migrate existing traditional clients and proxies to Salt.

Supportability of embedded software components

All software components embedded into SUSE Manager, like Cobbler for PXE booting, are only supported in the context of SUSE Manager. Stand-alone usage (e. g. Cobbler command-line) is not supported.

Support for older products

The SUSE Manager engineering team provides 'best effort' support for products past their end-of-life date. For more information about product support, see Product Support Lifecycle.

Support for products that are considered past their end-of-life is limited to assisting you to bring production systems to a supported state. This could be either by migrating to a supported service pack or by upgrading to a supported product version.

Support for RHEL, CentOS and Oracle Linux Clients

SUSE Manager supports only the latest RHEL 7 and 8 minor release clients. Older minor releases might still work but will only be supported on a limited and reasonable-effort basis.

The same rule applies to CentOS and Oracle Linux.

Support for Ubuntu Clients

SUSE Manager supports Ubuntu 18.04 LTS and 20.04 LTS clients using Salt. Traditional clients are not supported.

Support for Ubuntu is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide.

Support for Debian Clients

SUSE Manager supports Debian 9 "Stretch" and Debian 10 "Buster" clients using Salt. Traditional clients are not supported.

Support for Debian is limited to a growing list of specific features. For a detailed list of supported features, check the Client Configuration Guide.

L1 support for RHEL and CentOS ppc64le clients

For RHEL and CentOS clients on the ppc64le architecture, SUSE Manager offers the same functionality that is supported for the x86_64 architecture. Client tools are not available yet from SCC but the CentOS 7 and CentSOS 8 client tools from Uyuni can be enabled using spacewalk-common-channels.

RHEL and CentOS ppc64le are only supported at L1 level support. L1 support is limited to problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering, and basic troubleshooting using available documentation. At the time of writing, any problems or bugs specific to RHEL and CentOS on ppc64le will only be fixed on a best-effort basis.

Please contact your Sales Engineer or SUSE Consulting if you need additional support or features for these operating systems.

Browser support

Microsoft Internet Explorer fails to render some parts of the SUSE Manager Web UI and is therefore not a supported browser, in any version.

Please refer to the General Requirements for a list of supported browsers.

SUSE Manager installation

The SUSE Unified Installer, and installing SUSE Manager on top of SLE JeOS, are the only supported mechanisms to install SUSE Manager.

Installing SUSE Manager 4.1 on top of an existing SUSE Linux Enterprise Server 15 SP2 is known to generate an incomplete installation. If you require such a setup, please contact SUSE Consulting.

Known issues

Blackbox Exporter

In Prometheus formula, there is section about the Blackbox Exporter’s configuration as well, enabling the Blackbox Exporter will not work in 4.1.12 because package is not available yet.

Single Sign On, API and CLI tools

Single Sign On can be used to authenticate in the Web UI but not with the API or CLI tools. This will be fixed in a future release of SUSE Manager.

EPEL and Salt packages

Using the Extra Packages for Enterprise Linux directly on RHEL clients (or compatible: SLES ES, CentOS, Oracle Linux, etc) will install the Salt packages from EPEL, which miss some features available in the SUSE Manager-provided Salt packages. This is especially important since it will result in the bootstrap repository containing the non-SUSE Salt packages. Therefore, this is an unsupported scenario.

If you need to enable the EPEL repository, make sure you filter out the Salt packages from EPEL in advance (for example, by removing the Salt packages in Software > Manage > Channels > EPEL > Packages).

RHEL native clients

When autogenerating bootstrap repositories for native RHEL clients, some errors may be logged from the moment the official Red Hat channels are added until the moment those channels are fully synchronized for the first time.

This does not affect SLES Expanded Support, CentOS or Oracle Linux.

RHEL 6, CentOS 6 and Oracle Linux 6 minimal installations

In the case of RHEL 6, CentOS 6 and Oracle Linux 6, the "Minimal" installation set is missing some packages required for the onboarding to work. It is recommented to install at least a "Basic Server".

Alternatively, if using a minimal installation, you must install the perl and openssh-clients packages before onboarding.

Registering Spacewalk 2.x/Red Hat Satellite 5.x clients to SUSE Manager as Salt minions

If a client machine is running the Red Hat Satellite 5.x agent, registering it to SUSE Manager as a Salt minion will fail due to package conflicts.

Registering a RH Satellite 5.x client as a SUSE Manager traditional client works fine.

Registering a SUSE Manager traditional client as a SUSE Manager Salt minion will also work.

Works Fails

RH Satellite 5.x ⇒ SUSE Manager traditional

RH Satellite 5.x ⇒ SUSE Manager Salt minion

SUSE Manager traditional ⇒ SUSE Manager Salt minion

In order to register Red Hat Satellite 5.x clients to SUSE Manager as Salt minions, you will need to modify the bootstrap script to remove the Satellite agent packages first.

Spacewalk 2.x and Oracle Spacewalk 2.x clients will show the same behavior as Red Hat Satellite 5.x clients

Providing feedback

If you encounter a bug in any SUSE product, please report it through your support contact or in the SUSE Forums:

Resources

Latest product documentation: https://documentation.suse.com/suma/4.1/.

Technical product information for SUSE Manager: https://www.suse.com/products/suse-manager/

These release notes are available online: https://www.suse.com/releasenotes/

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.

SUSE LLC
Maxfeldstr. 5
D-90409 Nürnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com
Registrierung/Registration Number: HRB 36809 AG Nürnberg
Geschäftsführer/Managing Director: Felix Imendörffer
Steuernummer/Sales Tax ID: DE 192 167 791
Erfüllungsort/Legal Venue: Nürnberg

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2020 SUSE LLC.

This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.

Colophon

Thank you for using SUSE Manager Server in your business.

Your SUSE Manager Server Team.