This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires that SUSE makes available certain source code that corresponds to the GPL-licensed material. The source code is available for download.

For up to three years after SUSE’s distribution of the SUSE product, SUSE will mail a copy of the source code upon request. Requests should be sent by e-mail or as otherwise instructed here. SUSE may charge a fee to recover reasonable costs of distribution.

Version Revision History

  • March 12th 2020: 4.0.5 release

  • December 20th 2019: 4.0.4 release

  • November 7th 2019: 4.0.3 release

  • September 6th 2019: 4.0.2 release

  • July 9th 2019: 4.0.1 release

  • June 26th 2019: 4.0.0 release

About SUSE Manager Proxy 4

SUSE Manager Proxy provides mirroring proxy support for large and distributed environments.

Operation of the proxy is completely transparent. The SUSE Manager Proxy looks like a managed client to SUSE Manager Server, and like a Server to the managed clients. Managed clients talk to the Proxy only, and the Proxy in turn communicates to the SUSE Manager Server.

All software packages that pass the Proxy are cached and subsequent client requests for these packages are resolved from the cache.

System Requirements

SUSE Manager Proxy is available for the x86_64 architecture only. We recommend you have at least 2 GB main memory, and approximately 50 GB of disk space per distribution or channel.

Consider additional disk space required for storing images for retail terminals.

For more details on system requirements, see the Installation Guide on https://documentation.suse.com/suma/4.0/.

SUSE Manager Proxy Distribution

SUSE Manager Proxy 4 is provided through SUSE Customer Center and can be installed with the unified installer for SUSE Linux Enterprise 15 SP1. No separate SUSE Linux Enterprise subscription is required.

Installation and Setup

Installation of SUSE Manager Proxy 4.0 is done with the SUSE Manager Server 4 Web interface.

For more details on installing and configuring SUSE Manager Proxy 4.0, see the Installation Guide on https://documentation.suse.com/suma/4.0/.

Upgrade from Version 3.2

To upgrade an existing SUSE Manager Proxy 3.2 system to SUSE Manager Proxy 4.0, you can do an in-place upgrade, or you can set up a new system to replace the old one.

For more information about upgrading, see the Upgrade Guide on https://documentation.suse.com/suma/4.0/.

Upgrade from Version 3.1 or Older

In-place updates from SUSE Manager Proxy 3.1 or older are not supported. You will need to install a new system with SUSE Manager Proxy 4.0.

SUSE Manager Server Versions

SUSE Manager Proxy 4.0 works only with SUSE Manager 4.0 Server.

SUSE Manager Server 4.0 works with SUSE Manager Proxy 3.2 and later.

Major changes since SUSE Manager Proxy 4.0 GA

Features and changes

Version 4.0.5

Bugfix release.

New products enabled
  • SUSE Linux Enterprise Real Time 12 SP5

  • SUSE Linux Enterprise 15 SP2 family

  • MicroFocus Open Enterprise Server 2018 SP2 (product GA in Q2 2020)

Version 4.0.4

New products enabled
  • SLES12 SP5

  • RHEL 8 and SLES ES 8

  • CaaSP 4

RHEL 8 and SLES ES 8 support

Red Hat Enterprise Linux 8 and SUSE Linux Enterprise Server Expanded Support 8 are now supported clients as Salt minions. The traditional stack will not be supported on these operating systems.

With the new application streams concept introduced in these operating systems, you will need to import both the BaseOS and the AppStream directories from the ISO image for the bootstrap repository to be created correctly. If the AppStream directory is not imported, you will receive an error about missing Python 3 packages.

AppStream awareness in the UI and Content Lifecycle Management will be available in an upcoming version of SUSE Manager.

Monitoring

This version of SUSE Manager includes formulas to install Prometheus and Grafana, and makes the Apache exporter available for Ubuntu 18.04, RES6, RES7 and Proxy.

Package Hub

SUSE Package Hub is now supported on the Server, since the problems with the search that were caused by PackageHub-provided packages have been solved.

If you were using Package Hub as a source of packages for you clients, it is recommended that you re-generate all package metadata. The reason for this is in the Package Hub repositories there may exist multiple packages with the same NEVRA but different checksums. This might result in checksum errors when repositories are used on the clients as SUSE Manager randomly selected any of those packages. After this update, SUSE Manager will generate the checksum into the package path to ensure the right package is used. If you use also SUSE Manager Proxy / SUSE Manager Retail Branch Server please update all of them before you re-generate the metadata.

Formulas

The cpu-mitigations-formula is now installed by default.

The Retail branch network formula now works all SUSE and openSUSE based distros, using SuSEfirewall or firewalld as appropriate.

Version 4.0.3

Please check the SUSE Manager 4.0 Server Release Notes for all the changes happening in the product in the 4.0.3 release.

On the proxy, the most remarkable changes are the ones that enhance support for Debian and Ubuntu:

  • Support for all of the headers in .deb packages, including custom ones, when syncing Debian/Ubuntu repositories. You can use the new script mgr-update-pkg-extra-tags to update extra fields in DB without recreating all Debian/Ubuntu channels.

  • Support for .deb packages with hyphens in the package name or version. There remain a very small percentage (<0.1%) of packages for which our version comparison algorithm fails; we will fix this known issue in a coming release.

Version 4.0.2

Updated documentation

The SUSE Manager documentation has received improvements in all of the books, with small clarifications and enhancements all around: content lifecycle management filters, public cloud, JeOS, retail images and formulas, etc

Of particular interest for customers with large installations will be the new Large Scale Deployment and Salt Tuning sections in the Salt Guide. Given that modifying advanced parameters can cause catastrophic failure, we strongly recommend that you contact SUSE Consulting for assistance with tuning for your specific case.

Additionally, the search functionality in the documentation now works offline.

UEFI boot (Retail)

SUSE Manager for Retail can now create the required partitions and image machines with an EFI boot, using the Saltboot formula.

Version 4.0.1

Bugfix release

Patches

The SUSE Patch Finder is a simple online service to view released patches.

Version 4.0.5

mgr-osad:

patterns-suse-manager:

  • Add recommends for virtualization-host-formula to suma_server pattern

  • Add recommends for virtualization-host-formula to retail

spacecmd:

  • Bugfix: attempt to purge SSM when it is empty (bsc#1155372)

spacewalk-backend:

  • Fix mgrcfg-client python3 breakage (bsc#1164309)

  • Update doc link to point to new documentation server

  • Prevent timestamp format exception on mgr-inter-sync while processing comps (bsc#1157346)

  • When downloading repo metadata, don’t add "/" to the repo url if it already ends with one (bsc#1158899)

  • Use HTTP proxy settings when fetching the mirrorlist on spacewalk-repo-sync (bsc#1159076)

  • Enhance suseProducts via ISS to fix SP migration on slave server (bsc#1159184)

  • Prevent a traceback when reposyncing openSUSE 15.1 (bsc#1158672)

  • Close config files after reading them (bsc#1158283)

  • Associate VMs and systems with the same machine ID at bootstrap (bsc#1144176)

spacewalk-certs-tools:

  • Add 'start_event_grains' minion option to configfile when generated by bootstrap script

  • Forbid multiple activation keys for salt minions during bootstrap (bsc#1164452)

  • Add additional minion options to configfile when generated by bootstrap script (bsc#1159492)

  • Change the order to check the version correctly for RES (bsc#1152795)

spacewalk-client-tools:

  • Spell correctly "successful" and "successfully"

spacewalk-web:

supportutils-plugin-susemanager-client:

  • Rename rhncfg-actions to mgr-cfg-actions

supportutils-plugin-susemanager-proxy:

  • Rename rhncfg-actions to mgr-cfg-actions

Version 4.0.4

jabberd:

  • SQL scripts are now placed at /etc/jabberd/scripts to make jabberd compatible with JeOS (bsc#1148352)

  • Always require zlib-devel for building (fixes building for SLE15 SP2)

patterns-suse-manager:

  • Add prometheus-formula and grafana-formula to the server pattern

  • Add the apache exporter to the proxy pattern as "Recommends"

  • Install cpu-mitigations-formula by default

prometheus-exporters-formula:

  • Add support for provisioning the apache exporter

rhnlib:

  • Fix malformed XML response when data contains non-ASCII chars (bsc#1154968)

spacewalk-backend:

  • Fix specfile for systems that do not yet use systemd

  • Fix spacewalk-update-signatures for python3 (bsc#1156521)

  • Fix problems with Package Hub repos having multiple rpms with same NEVRA but different checksums (bsc#1146683)

  • Fix broken spacewalk-data-fsck utility (bsc#1131556)

spacewalk-certs-tools:

  • Fix certificate generation when the serial has leading zeroes to avoid "asn1 encoding routines:a2i_ASN1_INTEGER:odd number of chars" during setup

  • Make traditional bootstrap more robust for unknown hostname (bsc#1152298)

  • fix bootstrap script generator to work with Expanded Support 8 product (bsc#1158002)

spacewalk-client-tools:

  • Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160)

spacewalk-proxy:

  • Fix problems with Package Hub repos having multiple rpms with same NEVRA but different checksums (bsc#1146683)

spacewalk-setup-jabberd:

  • SQL scripts are now placed at /etc/jabberd/scripts to make jabberd compatible with JeOS (bsc#1148352)

spacewalk-web:

  • Add self monitoring to Admin Monitoring UI (bsc#1143638)

  • Layout changes in formula forms, validation, deprecate $visibleIf and add new attributes: $disabled, $visisble, $required, $match

  • Fix create VM dialog when there is no virtual storage pool or network

  • Show channels and filters in CLM history

  • SPA: do not early drop modals they can contain inputs (bsc#1155800)

  • Fix WebUI invalidation time by using the package build time instead of the WebUI version (bsc#1154868)

  • Filter by description on the Products page works recursively

  • Add check/message for project not found (bsc#1145755)

  • Remove/change text on edit filters for clp (bsc#1145608)

  • Fix sorting issues on content filter list page (bsc#1145591)

zypp-plugin-spacewalk:

  • Prevent possible encoding issues on Python 3 (bsc#1152722)

Version 4.0.3

mgr-cfg:

  • Obsolete all old python2-rhncfg* packages to avoid conflicts (bsc#1152290)

  • Fix data type issue to correctly decode if needed (bsc#1150320)

  • Require mgr-daemon (new name of spacewalksd) so we systems with spacewalksd get always the new package installed (bsc#1149353)

mgr-daemon:

  • Adjust current name of the package to mgr-daemon and not spacewalksd (bsc#1149353)

  • Enable spacewalk-update-service on package installation (bsc#1143789, bsc#1150216)

mgr-osad:

  • Obsolete all old python2-osa* packages to avoid conflicts (bsc#1152290)

patterns-suse-manager:

  • Add recommends for cpu-mitigations-formula

spacewalk-backend:

  • Fix re-registration with re-activation key (bsc#1154275)

  • Change the default value of taskomatic maxmemory to 4GB

  • Add basic support for importing modular repositories

  • Import additional fields for Deb packages

  • Add script to update additional fields in the DB for existing Deb packages

  • Use active values for diskchecker mails

  • Parse restart_suggested flag from patches and set it as keywords (bsc#1151467)

  • Improve error message when deleting channel that’s in a content lifecycle project (bsc#1145769)

  • Prevent "reposync" crash when handling metadata on RPM repos (bsc#1138358)

  • Do not show expected WARNING messages from "c_rehash"

  • Fix misspelling in spacewalk-repo-sync (bsc#1149633)

  • Remove credentials also from potential rhn.conf backup files in spacewalk-debug (bsc#1146419)

  • Do not crash 'rhn-satellite-exporter' with ModuleNotFound error (bsc#1146869)

  • Spacewalk-remove-channel check that channel doesn’t have cloned channels before deleting it (bsc#1138454)

  • Fix broken spacewalk-data-fsck utility

  • Add '--latest' support for reposync on DEB based repositories

  • Do not try to download RPMs from the unresolved mirrorlist URL

  • Fix encoding issues with DB bytes values (bsc#1144300)

  • Fix import of rhnAuthPAM to avoid issues when using rhnpush.

  • Avoid traceback on mgr-inter-sync when there are problems with cache of packages (bsc#1143016)

spacewalk-certs-tools:

  • Require mgr-daemon (new name of spacewalksd) so we systems with spacewalksd get always the new package installed (bsc#1149353)

spacewalk-client-tools:

  • Require mgr-daemon (new name of spacewalksd) so we systems with spacewalksd get always the new package installed (bsc#1149353)

  • Enable spacewalk-update-service on package installation (bsc#1143789)

  • Invalidate cache 5 minutes before actual expiration(bsc#1143562)

spacewalk-web:

  • Redirect to project when canceling creating a filter (bsc#1145750)

  • Better visualization of the filters attached to a CLM Project. Allow/deny are now split

  • Fix ui issues with content lifecycle project list page (bsc#1145587)

  • Implement "keyword" filter for Content Lifecycle Management

  • Enable Azure, Amazon EC2 and Google Compute Engine as available Virtual host Managers

  • Trim strings when creating/updating image stores/profiles (bsc#1133429)

  • Show loading spin while loading salt keys data (bsc#1150180)

  • CLM - Disable clones by default of the shown CLM Project sources

  • Change form order and change project creation message (bsc#1145744)

  • Add UI message when salt-formulas system folders are unreachable (bsc#1142309)

  • Implement "regular expression" Filter for Content Lifecycle Management matching package names, patch name, patch synopsis and package names in patches

  • New Single Page Application engine for the UI. It can be enabled with the config 'web.spa.enable' set to true

  • Add environment label when deleting environment (bsc#1145758)

  • Change color of disabled build button on clp page (bsc#1145626)

  • Fix the 'include recommended' button on channels selection in SSM (bsc#1145086)

  • Implement "patch contains package" Filter for Content Lifecycle Management

  • Implement Filter Patch "by type" Content Lifecycle Management

  • Implement filtering errata by synopsis in Content Lifecycle Management

  • Normalize date formats for actions, notifications and clm (bsc#1142774)

  • Implement ALLOW filters in Content Lifecycle Management

  • Implement "by date" Filter for Content Lifecycle Management

Version 4.0.2

mgr-cfg:

  • Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)

mgr-daemon:

  • Fix systemd timer configuration on SLE12 (bsc#1142038)

  • Rhnsd service was replaced by rhnsd timer (bsc#1138130)

mgr-osad:

  • Fix obsolete for old osad packages, to allow installing mgr-osad even by using osad at yum/zyppper install (bsc#1139453)

  • Ensure bytes type when using hashlib to avoid traceback (bsc#1138822)

rhnlib:

  • Add SNI support for clients

  • fix initialize ssl connection (bsc#1144155)

  • Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177)

spacewalk-backend:

  • Do not overwrite comps and module data with older versions

  • Fix issue with "dists" keyword in url hostname

  • Import packages from all collections of a patch not just first one

  • Ensure bytes type when using hashlib to avoid traceback on XMLRPC call to "registration.register_osad" (bsc#1138822)

  • For backend-libs subpackages, exclude files for the server (already part of spacewalk-backend) to avoid conflicts (bsc#1148125)

  • prevent duplicate key violates on repo-sync with long changelog entries (bsc#1144889)

  • Don’t skip Deb package tags on package import (bsc#1130040)

spacewalk-certs-tools:

  • Run bootstrap.sh completely unattended on Ubuntu (bsc#1137881)

spacewalk-client-tools:

  • The rhnsd service was replaced by rhnsd timer, so registration script and systemd presets are now adapted to this (bsc#1138130)

spacewalk-remote-utils:

  • Add RHEL8

spacewalk-web:

  • Redirect to first step of channel assignment after change channel submit (bsc#1137244)

  • Hide channels managed by Content Lifecycle projects from available sources (bsc#1137965)

  • Add unsupported browser warning when using Internet Explorer

  • Allow virtualization tab for foreign systems (bsc#1116869)

  • Allow forcing off or resetting VMs

  • Fix VM creation dialog with non-default pools and networks (bsc#1138268)

  • Add checks for empty required entries on formula forms (bsc#1109639)

Version 4.0.1

spacewalk-backend:

  • Do not duplicate "https://" protocol when using proxies with "deb" repositories (bsc#1138313)

  • Fix reposync when dealing with RedHat CDN (bsc#1138358)

  • Fix for CVE-2019-10136. An attacker with a valid, but expired, authenticated set of headers could move some digits around, artificially extending the session validity without modifying the checksum. (bsc#1136480)

spacewalk-proxy:

  • Fix for CVE-2019-10137. A path traversal flaw was found in the way the proxy processes cached client tokens. A remote, unauthenticated, attacker could use this flaw to test the existence of arbitrary files, or if they have access to the proxy’s filesystem, execute arbitrary code in the context of the proxy. (bsc#1136476)

spacewalk-web:

  • Change WebUI version 4.0.1

Major Changes Since SUSE Manager Proxy 3.2

Prometheus Monitoring

We now include packages for the latest version of Prometheus. The SUSE Manager Monitoring entitlement is required for all systems that have monitoring with Prometheus enabled.

Some exporters will be pre-installed on SUSE Manager Proxy as part of its self-monitoring features. They will provide hardware, operating system, and HTTP Proxy metrics.

Formulas Update for Retail Branch Server

Formulas used to operate a SUSE Manager for Retail Branch Server were updated to support a SUSE Linux Enterprise 15 SP1 environment.

Configuration of SUSE Manager Retail Branch Server with Multiple Network Interfaces

During installation of SUSE Manager Retail Branch Server the secondary network interface, intended to be used for the terminal network, may be configured and bound to a firewall zone. This zone binding can interfere with the configuration of Retail services, and could result in you being unable to apply the highstate.

To avoid this problem, ensure that:

  • the primary network interface is either bound to 'public' zone or not bound to any zone

  • the secondary network interface either bound to 'internal' zone or is not bound to any firewall zone.

Do this by running these commands before you apply the retail formulas:

firewall-cmd --permanent --zone=public --change-interface=eth0
firewall-cmd --permanent --zone=internal --change-interface=eth1
firewall-cmd --reload

This example assumes eth0 is the primary interface and eth1 the secondary terminal interface.

Salt 2019.2.0

Salt has been upgraded to the 2019.2.0 release.

We intend to regularly upgrade Salt to more recent versions.

For more information about changes in your manually-created Salt states, see the Salt upstream release notes 2019.2.0.

Base System Upgrade

The base system was upgraded to SUSE Linux Enterprise 15 SP1. As a result, all code was ported to run with Python 3.

Providing Feedback

If you encounter a bug in any SUSE product, we’d appreciate if you’d report it through your support contact.

Documentation and Other Information

Latest product documentation: https://documentation.suse.com/suma/4.0/.

Technical product information for SUSE Manager: https://www.suse.com/products/suse-manager/

These release notes are available online: https://www.suse.com/releasenotes

Further information about SUSE Manager is available on the Wiki: https://wiki.microfocus.com/index.php/SUSE_Manager

Visit https://www.suse.com for the latest Linux product news from SUSE.

Visit https://www.suse.com/download-linux/source-code.html for additional information on the source code of SUSE Linux Enterprise products.

SUSE LLC
Maxfeldstr. 5
D-90409 Nürnberg
Tel: +49 (0)911 740 53 - 0
Email: feedback@suse.com
Registrierung/Registration Number: HRB 21284 AG Nürnberg
Geschäftsführer/Managing Director: Felix Imendörffer, Mary Higgins, Sri Rasiah
Steuernummer/Sales Tax ID: DE 192 167 791
Erfüllungsort/Legal Venue: Nürnberg

SUSE makes no representations or warranties with regard to the contents or use of this documentation, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to revise this publication and to make changes to its content, at any time, without the obligation to notify any person or entity of such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any software, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, SUSE reserves the right to make changes to any and all parts of SUSE software, at any time, without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be subject to U.S. export controls and the trade laws of other countries. You agree to comply with all export control regulations and to obtain any required licenses or classifications to export, re-export, or import deliverables. You agree not to export or re-export to entities on the current U.S. export exclusion lists or to any embargoed or terrorist countries as specified in U.S. export laws. You agree to not use deliverables for prohibited nuclear, missile, or chemical/biological weaponry end uses. Please refer to the SUSE Legal information page for more information on exporting SUSE software. SUSE assumes no responsibility for your failure to obtain any necessary export approvals.

Copyright © 2012-2020 SUSE LLC.

This release notes document is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should have received a copy of the license along with this document. If not, see https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at https://www.suse.com/company/legal/ and one or more additional patents or pending patent applications in the U.S. and other countries.

For SUSE trademarks, see SUSE Trademark and Service Mark list (https://www.suse.com/company/legal/). All third-party trademarks are the property of their respective owners.

Colophon

Thank you for using SUSE Manager Proxy Server in your business.

Your SUSE Manager Team.