This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

For up to three years after SUSE’s distribution of the SUSE product, SUSE will mail a copy of the source code upon request. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover reasonable costs of distribution.

Version revision history

  • November 2024: 5.0.2 release

  • September 17th 2024: 5.0.1 release

  • 16th July, 2024: 5.0 GA

About SUSE Manager Proxy 5.0

SUSE Manager Proxy offers mirroring proxy support tailored for large and distributed environments.

The Proxy operates transparently, appearing as a managed client to the SUSE Manager Server and as a server to the managed clients.

Managed clients communicate exclusively with the Proxy, which then relays requests to the SUSE Manager Server.

All software packages that pass through the SUSE Manager Proxy are cached, allowing subsequent client requests for these packages to be resolved directly from the cache.

Containerization

SUSE Manager 5.0 represents a significant evolution with its delivery in containers, offering enhanced modularity and efficiency. In version 4.3, the SUSE Manager Proxy and Retail Branch Server were containerized. However, with this release, the SUSE Manager Server is now delivered in containers.

This shift allows for improved portability, simplifying deployment and management in modern container-centric environments. By containerizing the Server, flexibility is increased and it becomes easier to adapt to various infrastructure setups. This is the first step toward further modularization, preparing SUSE Manager Server for resilience and scalability. Future versions of SUSE Manager are expected to continue this journey.

Containerization streamlines deployment and management processes, resulting in better resilience and improved infrastructure availability. These changes reflect a commitment to delivering a more adaptable and efficient solution for managing different environments.

These enhancements are expected to greatly benefit users, providing them with a more flexible and efficient SUSE Manager.

System requirements

The SUSE Manager Proxy was previously available for x86_64 architecture only, but now it supports AArch64 architecture as well.

It is advisable to have a minimum of 8 GB of RAM and approximately 50 GB of disk space per distribution or channel. Additional disk space should be considered for storing images for retail terminals.

For more details on system requirements, see the Installation Guide on https://documentation.suse.com/suma/5.0/.

SUSE Manager Proxy distribution

SUSE Manager Server, Proxy, and Retail Branch Server will be packaged in containers, accessible through the SUSE Registry.

The SUSE Manager Retail Branch Server and SUSE Manager Proxy extensions are both built on top of SLE Micro, equipped with the necessary tools to manage Retail Branch Server and Proxy, respectively.

Installation and setup

To install SUSE Manager Proxy 5.0 , you should use the mgrpxy tool provided as part of the SUSE Manager Proxy extension on top of SLE Micro 5.5.

For more details on installing and configuring SUSE Manager Proxy 5.0, see the Installation Guide on https://documentation.suse.com/suma/5.0/en/suse-manager/installation-and-upgrade/container-deployment/suma/proxy-deployment-suma.html

Important

Only the containerized versions of SUSE Manager Proxy and Retail Branch server will be available for SUSE Manager 5.0.

Virtual Machine images for SUSE Manager Proxy 5.0

SUSE Manager 5.0 will come with virtual machine images tailored for KVM and VMware. These Proxy images will support x86_64 and now also ARM64 (AArch64) architectures.

These virtual machine images provide pre-configured environments that can be quickly deployed in KVM and VMware environments, saving time and effort in setting up virtual machines from scratch.

Using these images is the recommended and supported method for deploying new instances of SUSE Manager Server on these platforms.

For detailed instructions, see the Deploy as a Virtual Machine section in the official documentation.

Upgrade from previous version

In version 4.3, we provide support for both containerized and regular proxies. However, there’s no direct in-place migration path from SUSE Manager Proxy 4.3 to SUSE Manager 5.0 Proxy . In this case, you’ll need to set up a new Proxy and transition your clients to the new Proxy.

For detailed guidance on upgrading, please refer to the Upgrade Guide available at https://documentation.suse.com/suma/5.0/en/suse-manager/installation-and-upgrade/proxy-intro.html

Important

Currently, it is not straightforward to re-use the old Proxy’s FQDN. Users must create a new Proxy and then move the Minions to the new Proxy through the SUSE Manager UI or using the API.

SUSE Manager Server versions

SUSE Manager Proxy 5.0 is compatible only with SUSE Manager 5.0 Server.

However, SUSE Manager Proxy 4.3 is backward compatible and can still function with SUSE Manager 5.0 Server. So, there’s no immediate need to migrate all proxies if it’s not feasible.

The product is designed for optimal performance when used in a scenario where all components — SUSE Manager Server, SUSE Manager Proxy, and Retail Branch Server — are of the same version. It’s generally advised to avoid using mixed versions long-term in production environments.

Major changes since SUSE Manager Proxy 5.0 GA

Features and changes

Version 5.0.2

Bugfix release

Version 5.0.1

SUSE Manager Proxy BYOS image

With this update, we are excited to announce the availability of Bring-your-own-subscription (BYOS) images on Amazon Cloud and Microsoft Azure. This new option complement our existing on-premises deployment model, giving you more flexibility in how you use SUSE Manager Proxy.

mgrpxy support config

With this update, the mgrpxy tool has been enhanced to include a support config command that collects all relevant logs.

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 5.0.2

python-susemanager-retail:

  • Update to version 1.0.1722253762.9f01ce8

    • Fix delta creation on containerized server (bsc#1226369)

saltboot-formula:

  • Update to version 0.1.1723628891.ffb1da5

    • Rework request stop function to avoid unnecessary warnings (bsc#1212985)

spacecmd:

  • Version 5.0.10-0

    • Speed up softwarechannel_removepackages (bsc#1227606)

    • Fix error in 'kickstart_delete' when using wildcards(bsc#1227578)

    • Spacecmd bootstrap now works with specified port (bsc#1229437)

    • Fix sls backup creation as directory with spacecmd (bsc#1230745)

spacewalk-backend:

  • Version 5.0.10-0

    • Ignore 'buildorder' parsing errors when parsing entries in module metadata (bsc#1230274)

    • Provide http_headers also to Debian repository syncer

    • Make spacewalk-data-fsck aware of orphaned RPMs (bsc#1227882)

    • reposync: import GPG keys to RPM DB individually (bsc#1217003)

    • Add log string to the journal when services are stopped because of insufficient disk space

spacewalk-certs-tools:

  • Version 5.0.8-0

    • Fix parsing Authority Key Identifier when keyid is not prefixed (bsc#1229079)

spacewalk-proxy:

  • Version 5.0.4-0

    • Set proxy authtoken FQDN based on config file (bsc#1230255)

    • Allow execute of ssh-keygen command on the Proxy to cleanup SSH known_hosts (bsc#1228345)

spacewalk-setup:

  • Version 5.0.6-0

    • Collect spacewalk-setup-cobbler return code (bsc#1226847)

spacewalk-utils:

  • Version 5.0.5-0

    • Add repositories for Ubuntu 24.04 LTS

    • Drop unsupported tool spacewalk-final-archive as it is broken and may disclose sensitive information (bsc#1228945)

    • Move taskotop tool to spacewalk-utils package

spacewalk-web:

  • Version 5.0.13-0

    • Fix Find Targets button behavior for the feature Salt > Remote Commands page

    • Fix the missing background color for the pending status badge and show/hide the response badge component.

    • Fix stretched button issue in Audit Search and Subscription Matching pages

    • Fix alert layout in formula catalog

    • Fix sticky header infinite scroll

    • Fix layout mismatch in patches management

    • Fix column alignment on repository and system pages

    • Integrate UI debugging stories

    • Fix Extra Packages column in systems list (bsc#1228980)

    • Update the WebUI version

uyuni-tools: - version 0.1.24-0 * CVE-2024-22037: Use podman secret to store the database credentials (bsc#1231497) * Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568)

  • Version 0.1.23-0

    • Ensure namespace is defined in all kubernetes commands

    • Use SCC credentials to authenticate against registry.suse.com for kubernetes (bsc#1231157)

    • Fix namespace usage on mgrctl cp command

  • Version 0.1.22-0

    • Set projectId also for test packages/images

    • mgradm migration should not pull Confidential Computing and Hub image is replicas == 0 (bsc#1229432, bsc#1230136)

    • Do not allow SUSE Manager downgrade

    • Prevent completion issue when /var/log/uyuni-tools.log is missing

    • Fix proxy shared volume flag

    • During migration, exclude mgr-sync configuration file (bsc#1228685)

    • Migrate from PostgreSQL 14 to PostgreSQL 16 pg_hba.conf and postgresql.conf files (bsc#1231206)

    • During migration, handle empty autoinstallation path (bsc#1230285)

    • During migration, handle symlinks (bsc#1230288)

    • During migration, trust the remote sender’s file list (bsc#1228424)

    • Use SCC flags during podman pull

    • Restore SELinux permission after migration (bsc#1229501)

    • Share volumes between containers (bsc#1223142)

    • Save supportconfig in current directory (bsc#1226759)

    • Fix error code handling on reinstallation (bsc#1230139)

    • Fix creating first user and organization

    • Add missing variable quotes for install vars (bsc#1229108)

    • Add API login and logout calls to allow persistent login

proxy-httpd-image:

  • Version 5.0.8

    • Store Proxy FQDN in rhn.conf for auth token use (bsc#1230255)

proxy-salt-broker-image:

  • Version 5.0.8

    • Update for next release

proxy-squid-image:

  • Version 5.0.8

    • Update for next release

proxy-ssh-image:

  • Version 5.0.8

    • Update for next release

proxy-tftpd-image:

  • Version 5.0.8

    • Update for next release

Version 5.0.1

spacecmd:

  • Version 5.0.9-0

    • Update translation strings

spacewalk-backend:

  • Version 5.0.9-0

    • Support more NEVRA types when importing module metadata

    • yum_src: use proper name variable name for subprocess.TimeoutExpired

    • Check and populate PTF attributes at the time of importing packages (bsc#1225619)

    • reposync: introduce timeout when syncing DEB channels (bsc#1225960)

    • Refresh channel newest packages after importing Appstreams metadata

spacewalk-certs-tools:

  • Version 5.0.7-0

    • Support multiple certificates for root-ca-file and server-cert-file

spacewalk-client-tools:

  • Version 5.0.7-0

    • Update translation strings

spacewalk-web:

  • Version 5.0.12-0

    • Update the WebUI version

  • Version 5.0.11-0

    • Fix btn-info style in new theme

    • Fix missing margin in CVE audit list on cve page

    • Fix broken layout of system formulas configuration page

    • Fix table filters for description, first character dropdown and toggle button.

    • Fix channel selection using SSM (bsc#1226917)

    • Fix broken layout in monitoring page

    • Fix missing margin between inline radio buttons

    • Fix OpenSCAP search page layout

    • Remove Bare metal systems tab from General Configuration page

    • Update setup wizard UI

    • Remove reboot from uptodate state, introduce reboot and rebootifneeded states

    • Fix space between radio button and label in forms

    • Fix layout of SSM subpages in updated theme

    • Fix broken layout of build image page

    • Fix layout of advanced package search page

    • Fix badege color in salt key table

    • Fix hidden section issue in Monitoring and General Configuration pages

    • Fix double padding in recurring actions table

    • Fix missing top border in table footer

    • Fix broken layout of system highstate page

    • Fix input alignment and style issues on schedule creation page

    • Fix datetime selection when using maintenance windows (bsc#1228036)

    • Configure AppStreams via Activation Keys

susemanager-build-keys:

  • Vesion 15.5.1

    • extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339)

      • gpg-pubkey-39db7c82-66c5d91a.asc

uyuni-storage-setup:

  • Version 5.0.1-0

    • Provide uyuni-storage-setup-proxy

uyuni-tools:

  • Version 0.1.21-0

    • mgrpxy: Fix typo on Systemd template

  • Version 0.1.20-0

    • Update the push tag to 5.0.1

    • mgrpxy: expose port on IPv6 network (bsc#1227951)

  • Version 0.1.19-0

    • Skip updating Tomcat remote debug if conf file is not present

  • Version 0.1.18-0

    • Setup Confidential Computing container during migration (bsc#1227588)

    • Add the /etc/uyuni/uyuni-tools.yaml path to the config help

    • Split systemd config files to not loose configuration at upgrade (bsc#1227718)

    • Use the same logic for image computation in mgradm and mgrpxy (bsc#1228026)

    • Allow building with different Helm and container default registry paths (bsc#1226191)

    • Fix recursion in mgradm upgrade podman list --help

    • Setup hub xmlrpc API service in migration to Podman (bsc#1227588)

    • Setup disabled hub xmlrpc API service in all cases (bsc#1227584)

    • Clean the inspection code to make it faster

    • Properly detect IPv6 enabled on Podman network (bsc#1224349)

    • Fix the log file path generation

    • Write scripts output to uyuni-tools.log file

    • Add uyuni-hubxml-rpc to the list of values in mgradm scale --help

    • Use path in mgradm support sql file input (bsc#1227505)

    • On Ubuntu build with go1.21 instead of go1.20

    • Enforce Cobbler setup (bsc#1226847)

    • Expose port on IPv6 network (bsc#1227951)

    • show output of podman image search --list-tags command

    • Implement mgrpxy support config command

    • During migration, ignore /etc/sysconfig/tomcat and /etc/tomcat/tomcat.conf (bsc#1228183)

    • During migration, remove java.annotation,com.sun.xml.bind and UseConcMarkSweepGC settings

    • Disable node exporter port for Kubernetes

    • Fix start, stop and restart in Kubernetes

    • Increase start timeout in Kubernetes

    • Fix traefik query

    • Fix password entry usability (bsc#1226437)

    • Add --prepare option to migrate command

    • Fix random error during installation of CA certificate (bsc#1227245)

    • Clarify and fix distro name guessing when not provided (bsc#1226284)

    • Replace not working Fatal error by plain error return (bsc#1220136)

    • Allow server installation with preexisting storage volumes

    • Do not report error when purging mounted volume (bsc#1225349)

    • Preserve PAGER settings from the host for interactive sql usage (bsc#1226914)

    • Add mgrpxy command to clear the Squid cache

    • Use local images for Confidential Computing and Hub containers (bsc#1227586)

init-image:

  • Version 5.0.8

    • Update for next release

proxy-helm:

  • Version 5.0.8

    • Update for next release

proxy-httpd-image:

  • Version 5.0.7

    • Update for next release

proxy-salt-broker-image:

  • Version 5.0.7

    • Update for next release

proxy-squid-image:

  • Version 5.0.7

    • Update for next release

proxy-ssh-image:

  • Version 5.0.7

    • Update for next release

proxy-tftpd-image:

  • Version 5.0.7

    • Update for next release

Major Changes Since SUSE Manager Proxy 4.3

Base system changed

SUSE Manager 4.3 was built on SUSE Linux Enterprise 15 SP4, but for SUSE Manager 5.0, we’ve shifted to SUSE Linux Enterprise Micro 5.5 as the base system. This change was made because SLE Micro is better suited for container workloads and has a longer lifecycle. Additionally, the SLE Micro subscription for the Proxy will now be included in the SUSE Manager subscription, eliminating the need for customers to purchase the underlying OS subscription separately.

Salt 3006.0

For SUSE Manager 5.0, we’re sticking with version 3006.0. The reason behind this decision is that it’s a long-term support (LTS) version. Our plan is to upgrade to the next LTS version, which will be 3008.0 when it will be available. We won’t be transitioning to short-term support (STS) versions.

Throughout this process, we’ll ensure that all critical bug fixes, including CVEs, L3 fixes, and essential features needed for SUSE Manager, are provided and addressed.

mgr-bootstrap tool removed from the Proxy

The mgr-bootstrap tool has been taken out from the Proxy and will be removed from the Server as well in future. Overall, several tools on both the Server and Proxy will be phased out in favor of the API or integrated into mgrpxy/mgradm.

If users wish to create a bootstrap script to register against the Proxy, they can do so using the following command from the Server container:

mgr-boostrap --hostname $proxyfqdn

Dropped features

Traditional Stack has been removed

Starting with the SUSE Manager 4.3 release, the traditional stack was marked as deprecated. Now, with the release of SUSE Manager 5.0, we are completely removing support for the traditional stack. This means that we will not support traditional clients and proxies based on traditional stack anymore.

For additional details on migrating traditional clients to Salt clients, please refer to Migrate traditional clients to Salt clients.

Deprecated features

None

Known issues

None

Keep Informed

You can stay up-to-date regarding information about SUSE Manager and SUSE products:

Providing feedback

If you encounter a bug in any SUSE product, please report it through your SUSE Customer Service or Sales representatives

Resources

Latest product documentation: https://documentation.suse.com/suma/5.0/.

Technical product information for SUSE Manager: https://www.suse.com/products/suse-manager/

These release notes are available online: https://www.suse.com/releasenotes/

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/source-code/ for additional information on the source code of SUSE Linux Enterprise products.

Legal Notices

SUSE Software Solutions Germany GmbH
Frankenstraße 146
D-90461 Nürnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2024 SUSE LLC.

This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.

Colophon

Thank you for using SUSE Manager Proxy and/or SUSE Manager Retail Branch Server in your business.

Your SUSE Manager Team.